January, 2022
January 31, 2022 – Business
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack Full Text
Abstract
The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also “hack every website you’ve ever visited.”Threatpost
January 31, 2022 – Privacy
NSO Group Pegasus Spyware Aims at Finnish Diplomats Full Text
Abstract
Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.Threatpost
January 31, 2022 – Government
FBI warns of 2022 Beijing Olympics cyberattack, privacy risks Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. However, evidence of such attacks being planned is yet to be uncovered.BleepingComputer
January 31, 2022 – Botnet
TrickBot Operators Strengthen Obfuscation Game with Layered Security Full Text
Abstract
The TrickBot gang has advanced its techniques to slip past security controls by adding multiple layers of defense. This enables it to launch Man-in-the-Browser attacks against banking users to steal their credentials and browser cookies. It is critical for organizations and researchers to cont ... Read MoreCyware Alerts - Hacker News
January 31, 2022 – General
Hillicon Valley — Presented by Cisco — App bill gains steam Full Text
Abstract
Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 31, 2022 – General
Your Graphics Card Fingerprint Can Be Used to Track Your Activities Across the Web Full Text
Abstract
Researchers have demonstrated a new type of fingerprinting technique that exploits a machine's graphics processing unit (GPU) as a means to track users across the web persistently. Dubbed DrawnApart , the method "identifies a device from the unique properties of its GPU stack," researchers from Australia, France, and Israel said in a new paper," adding " variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript." A device fingerprint or machine fingerprint is information that is collected about the hardware, installed software, as well as the web browser and its associated add-ons from a remote computing device for the purpose of unique identification. Fingerprints can be a double-edged sword. On the one hand, a fingerprint algorithm may allow a service provider (e.g., bank) to detect and prevent identity theft and credit card frauThe Hacker News
January 31, 2022 – Vulnerabilities
Samba fixed CVE-2021-44142 remote code execution flaw Full Text
Abstract
Samba fixes a critical flaw, tracked as CVE-2021-44142, that can allow remote attackers to execute code with root privileges. Samba has addressed a critical vulnerability, tracked as CVE-2021-44142, that can be exploited by remote attackers...Security Affairs
January 31, 2022 – Vulnerabilities
Public Exploit Released for Windows 10 Bug Full Text
Abstract
The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update.Threatpost
January 31, 2022 – Vulnerabilities
Samba bug can let remote attackers execute code as root Full Text
Abstract
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software.BleepingComputer
January 31, 2022 – Ransomware
LockBit Ransomware Gets a Linux Version Full Text
Abstract
The new version uses a combination of AES and ECC algorithms for encryption. It includes commands for encrypting VM images on ESXi servers. However, the ransom note is similar to the ones associated with LockBit.Cyware Alerts - Hacker News
January 31, 2022 – Policy and Law
German Court Rules Websites Embedding Google Fonts Violates GDPR Full Text
Abstract
A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data — i.e., IP address — to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the "persons behind the IP address." The violation amounts to the "plaintiff's loss of control over a personal data to Google," the ruling read . Google Fonts is a font embedding service library from Google, allowing developers to add fonts to their Android apps and websites simply by referencing a stylesheet. As of January 2022, Google Fonts is a repository for 1,358 font families. Under the European Union's GeThe Hacker News
January 31, 2022 – Government
CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
The US CISA added eight more flaws to its Known Exploited Vulnerabilities Catalog that are known to be used in attacks in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to the Known Exploited...Security Affairs
January 31, 2022 – Vulnerabilities
600K WordPress sites impacted by critical plugin RCE vulnerability Full Text
Abstract
Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older.BleepingComputer
January 31, 2022 – Vulnerabilities
No smoke without fire? ‘Critical’ Loguru security flaw turns out to be non-issue Full Text
Abstract
GitHub has promised to stop sending out security advisories about a vulnerability reported in Loguru, a popular Python logging package, which later turned out to be invalid.The Daily Swig
January 31, 2022 – Attack
Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP Full Text
Abstract
A hacking campaign, tracked as Eternal Silence, is abusing UPnP to compromise routers and use them to carry out malicious activities. Researchers from Akamai have spotted a malicious campaign, tracked as 'Eternal Silence,' that is abusing Universal...Security Affairs
January 31, 2022 – Ransomware
QNAP: DeadBolt ransomware exploits a bug patched in December Full Text
Abstract
Taiwan-based network-attached storage (NAS) maker QNAP urges customers to enable firmware auto-updating on their devices to defend against active attacks.BleepingComputer
January 31, 2022 – Privacy
DazzleSpy Backdoor Spies on Hong Kong Politicians Full Text
Abstract
A new malware dubbed DazzleSpy surfaced during the investigation of a watering hole attack targeting Windows and Android users. ESET researchers found that the attack also targeted macOS users and visitors of a pro-democracy radio station website in Hong Kong. To stay protected, deploy the right an ... Read MoreCyware Alerts - Hacker News
January 31, 2022 – Criminals
Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform Full Text
Abstract
Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract code used in an Ethereum bridge. The DeFi platform Qubit Finance was victim of a cyber heist, threat actors stole around $80 million...Security Affairs
January 31, 2022 – Government
CISA adds 8 vulnerabilities to list of actively exploited bugs Full Text
Abstract
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new.BleepingComputer
January 31, 2022 – Malware
Cobalt Strike and Prometheus Traffic Direction System - New Tools of the Cyber Threat Trade Full Text
Abstract
BlackBerry researchers have discovered the relationship between the Prometheus Traffic Direction System and a leaked Cobalt Strike SSL key pair, as well as with various malware families. In the last two years, multiple threat actors and ransomware groups such as FIN7, FickerStealer, Qakbot, DarkCry ... Read MoreCyware Alerts - Hacker News
January 31, 2022 – Policy and Law
DeepDotWeb admin sentenced to 97 months in prison for money laundering scheme Full Text
Abstract
The administrator of the DeepDotWeb (DDW) has received a sentence of 97 months in prison for money laundering. Tal Prihar (37), an Israeli national who operated DeepDotWeb (DDW), was sentenced to 97 months in prison and was ordered to forfeit $8,414,173....Security Affairs
January 31, 2022 – Solution
Microsoft Office 365 to add better protection for priority accounts Full Text
Abstract
Microsoft is working on updating Microsoft Defender for Office 365 with differentiated protection for enterprise accounts tagged as critical for an organization (i.e., accounts of high-profile employees including executive-level managers, the ones most often targeted by attackers).BleepingComputer
January 31, 2022 – Vulnerabilities
Memory corruption and use-after-free vulnerabilities discovered in Foxit PDF Reader Full Text
Abstract
These vulnerabilities could be triggered if an attacker tricks a user into opening a specially crafted, malicious PDF file, or open the file in a browser that has a PDF reader plugin installed.Cisco Talos
January 31, 2022 – Hacker
Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone Full Text
Abstract
Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone and camera. Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser...Security Affairs
January 31, 2022 – Attack
Russian ‘Gamaredon’ hackers use 8 new malware payloads in attacks Full Text
Abstract
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities.BleepingComputer
January 31, 2022 – Breach
Unsecured AWS Server Exposed 3TB of Airport Employee Records from Colombia and Peru Full Text
Abstract
The server contained 3TB ata dating back to 2018, including airport employee records. While the team was not able to examine every record in the database, four airports were named in exposed files:ZDNet
January 31, 2022 – General
Americans lost $770 million from social media fraud in 2021, FTC reports Full Text
Abstract
A report from the US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds The US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds. These...Security Affairs
January 31, 2022 – Vulnerabilities
277,000 routers exposed to Eternal Silence attacks via UPnP Full Text
Abstract
A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors.BleepingComputer
January 31, 2022 – Breach
Vulnerability in PostBus public transport platform exposed customer data Full Text
Abstract
ZTF researchers say the penetration test revealed the compromise of confidential, centrally stored data through “an obvious deficiency”, an insecure direct object reference (IDOR) vulnerability.The Daily Swig
January 30, 2022 – Solution
Researchers Use Natural Silk Fibers to Generate Secure Keys for Strong Authentication Full Text
Abstract
A group of academics at South Korea's Gwangju Institute of Science and Technology (GIST) have utilized natural silk fibers from domesticated silkworms to build an environmentally friendly digital security system that they say is "practically unbreachable." "The first natural physical unclonable function (PUF) […] takes advantage of the diffraction of light through natural microholes in native silk to create a secure and unique digital key for future security solutions," the researchers said . Physical unclonable functions or PUFs refer to devices that leverage inherent randomness and microscopic differences in electronics introduced during manufacturing to generate a unique identifier (e.g., cryptographic keys) for a given set of inputs and conditions. In other words, PUFs are non-algorithmic one-way functions derived from uncopiable elements to create unbreakable identifiers for strong authentication. Over the years, PUFs have been widely used in smartcaThe Hacker News
January 30, 2022 – Vulnerabilities
Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam Full Text
Abstract
Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. By exploiting a chain of security issues with iCloud Sharing and Safari 15, it enables the attacker to hijack the multimedia permission and gain "full access to every website ever visited by the victim" in Safari, including Gmail, iCloud, Facebook, and PayPal accounts. The issues specifically concern ShareBear, an iCloud file-sharing mechanism that prompts users upon attempting to open a shared document for the first time. Taking advantage of the fact that users are never displayed the prompt again once they accept to open the file, Pickren found that it's possible to alter the file's content toThe Hacker News
January 30, 2022 – Criminals
DeepDotWeb News Site Operator Sentenced to 8 Years for Money Laundering Full Text
Abstract
An Israeli national was sentenced to 97 months in prison in connection with operating the DeepDotWeb ( DDW ) clearnet website, nearly a year after the individual pleaded guilty to the charges. Tal Prihar, 37, an Israeli citizen residing in Brazil, is said to have played the role of an administrator of DDW since the website became functional in October 2013. He pleaded guilty to money laundering charges in March 2021 and agreed to forfeit the illegally amassed profits. DDW, until its seizure in May 2019, ostensibly served as a "news" website that connected internet users with underground marketplaces on the dark web that operate via darknets such as Tor, enabling the purchase of illegal firearms, malware and hacking tools, stolen financial data, heroin, fentanyl, and other illicit materials. Prihar, acting in cohorts with co-defendant Michael Phan, 34, of Israel, provided direct links to illegal marketplaces and in return for advertising these links, reaped substantiaThe Hacker News
January 30, 2022 – Hacker
Researchers use GPU fingerprinting to track users online Full Text
Abstract
A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking.BleepingComputer
January 30, 2022 – Phishing
Multi-Stage Phishing Campaign Leverages BYOD Concept to Target Organizations Full Text
Abstract
According to Microsoft 365 Defender Threat Intelligence Team, the campaign took advantage of the devices that did not implement MultiFactor Authentication (MFA).Cyware Alerts - Hacker News
January 30, 2022 – Attack
Hybrid cloud campaign OiVaVoii targets company executives Full Text
Abstract
A new hacking campaign, tracked as ‘OiVaVoii’, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered a new campaign named ‘OiVaVoii’ that is targeting company executives, former board members,...Security Affairs
January 30, 2022 – General
FTC: Americans lost $770 million from social media fraud surge Full Text
Abstract
Americans are increasingly targeted by scammers on social media, according to tens of thousands of reports received by the US Federal Trade Commission (FTC) in 2021.BleepingComputer
January 30, 2022 – Vulnerabilities
Expert releases PoC for CVE-2022-21882 Windows local privilege elevation issue Full Text
Abstract
A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The security researchers RyeLv has publicly released an exploit for a Windows local privilege...Security Affairs
January 30, 2022 – General
Security Affairs newsletter Round 351 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
January 30, 2022 – Phishing
Novel device registration trick enhances multi-stage phishing attacks Full Text
Abstract
Microsoft has disclosed details of a large-scale phishing campaign using a novel device registration technique to target other enterprises. Microsoft has shared details of a large-scale phishing campaign that leverages stolen credentials to register...Security Affairs
January 29, 2022 – Disinformation
US targets Russian disinformation in bid to defend Ukraine Full Text
Abstract
The Biden administration has increasingly focused on calling out Russian disinformation and propaganda, making it a central pillar of its strategy to confront Moscow and help defend Ukraine in the face of Russia's war tactics.The Hill
January 29, 2022 – Criminals
Jupyter: A Cyberspace Invader Stealing SLTT Data Full Text
Abstract
Jupyter deploys a multi-stage process, leveraging PowerShell and legitimate tools, such as Slim PDF Reader, to drop secondary payloads to fingerprint victim information, including computer name, OS version, architecture, and user identifier.CIS
January 29, 2022 – Vulnerabilities
Windows vulnerability with new public exploits lets you become admin Full Text
Abstract
A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10.BleepingComputer
January 29, 2022 – Denial Of Service
Microsoft Azure customer hit by 3.47 Tbps DDoS attack Full Text
Abstract
A Microsoft Azure cloud computing customer in Asia was a victim of a massive 3.47 Tbps DDoS attack (distributed denial of service attack) in November 2021, the software and technology giant Microsoft revealed.Hackread
January 29, 2022 – Vulnerabilities
Over 20,000 data center management systems exposed to hackers Full Text
Abstract
Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks.BleepingComputer
January 29, 2022 – Vulnerabilities
QNAP force-installs update against the recent wave of DeadBolt ransomware infections Full Text
Abstract
QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against...Security Affairs
January 29, 2022 – Government
US FCC bans China Unicom Americas telecom over national security risks Full Text
Abstract
The Federal Communications Commission (FCC) revoked the license for the China Unicom Americas over serious national security concerns. The Federal Communications Commission (FCC) has revoked the license for China Unicom Americas over "serious national...Security Affairs
January 28, 2022 – Attack
Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing Full Text
Abstract
Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim's network to further propagate spam emails and widen the infection pool. The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication (MFA), thereby making it possible for the adversary to take advantage of the target's bring-your-own-device (BYOD) policy and introduce their own rogue devices using the pilfered credentials. The attacks took place in two stages. "The first campaign phase involved stealing credentials in target organizations located predominantly in Australia, Singapore, Indonesia, and Thailand," Microsoft 365 Defender Threat Intelligence Team said in a technical report published this week. "Stolen credentials were then leveraged in the second phase, in which attackers used compromised accounts to expand their foothold within the organization via laThe Hacker News
January 28, 2022 – APT
Lazarus APT Uses Windows Update to Spew Malware Full Text
Abstract
The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.Threatpost
January 28, 2022 – Solution
How Wazuh Can Improve Digital Security for Businesses Full Text
Abstract
2021 was a year peppered by cyberattacks, with numerous data breaches happening. Not only that, but ransomware has also become a prominent player in the hackers' world. Now, more than ever, it's important for enterprises to step up cybersecurity measures. They can do this through several pieces of technology, such as an open-source security platform like Wazuh . Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities, which not only enables companies to detect sophisticated threats, but can also help immensely in preventing data breaches and leaks from happening. As a result, it can save businesses from costly fixes that can ultimately end in their closure. It is also possible to integrate Wazuh with a number of external services and tools. Some of them are VirusTotal, YARA, Amazon Macie, Slack, and Fortigate Firewall. Consequently, companies can improve their security against hackers from penetrating their networks. What's great abouThe Hacker News
January 28, 2022 – Malware
Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help Full Text
Abstract
MacOS malware Shlayer and Bundlore may have variations, but the behavior of their attacks have not changed – attacking older macOS versions and poorly-protected websites.Threatpost
January 28, 2022 – Hacker
North Korean Hackers Using Windows Update Service to Infect PCs with Malware Full Text
Abstract
The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38 , Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North Korea-based nation-state hacking group that's been active since at least 2009. Last year, the threat actor was linked to an elaborate social engineering campaign targeting security researchers. The latest spear-phishing attacks, which Malwarebytes detected on January 18, originate from weaponized documents with job-themed lures impersonating the American global security and aerospace company Lockheed Martin. Opening the decoy Microsoft Word file triggers the execution of a malicious macro embedded within the document that, in turn, executes a Base64-decoded shellcode to inject a nuThe Hacker News
January 28, 2022 – Government
FBI Warns of Hacker Attacks Conducted by Iranian Cyber Firm Full Text
Abstract
The FBI this week issued a private industry notification to warn organizations about the malicious activities conducted by an Iranian cyber company named Emennet Pasargad.Security Week
January 28, 2022 – Hacker
North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware Full Text
Abstract
A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said . "Their efforts are aimed at breaking the typical flow recorded by sandboxes and making detection harder, especially via regular signatures as critical parts of the executable are now encrypted." Most recent intrusions staged by the group, believed to be operating under the Kimsuky umbrella, involved targeting the Russian Federation's Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware. The infections, as with other attacks of this kind, starts with a malicious Microsoft Office document that, when opened, initiates a mult-stage process that involves several moving parts that help the attackers elevate privileges, evaThe Hacker News
January 28, 2022 – Ransomware
The Week in Ransomware - January 28th 2022 - Get NAS devices off the Internet Full Text
Abstract
It's been a busy week with ransomware attacks tied to political protests, new attacks on NAS devices, amazing research released about tactics, REvil's history, and more.BleepingComputer
January 28, 2022 – Government
White House, EPA release 100-day cybersecurity plan for water utility operators Full Text
Abstract
The White House, EPA, and CISA are rolling out a 100-day plan to improve the cybersecurity of the country's water systems, which faced a variety of attacks over the last year.ZDNet
January 28, 2022 – Government
US bans major Chinese telecom over national security risks Full Text
Abstract
The Federal Communications Commission (FCC) has revoked China Unicom Americas' license, one of the world's largest mobile service providers, over "serious national security concerns."BleepingComputer
January 28, 2022 – Vulnerabilities
CISA Mentions 17 Critical Bugs That Need Immediate Patching Full Text
Abstract
The CISA has added 17 new flaws in the Known Exploited Vulnerabilities catalog, nine of which have a remediation date of February 1, and four of them have a remediation date of July 18. The newly added flaws exist in multiple products, including Struts 1, Serv-U, Airflow, and Nagios XI. An exp ... Read MoreCyware Alerts - Hacker News
January 28, 2022 – Government
NCSC alerts UK orgs to brace for destructive Russian cyberattacks Full Text
Abstract
The UK's National Cyber Security Centre (NCSC) is urging organizations to bolster security and prepare for a potential wave of destructive cyberattacks after recent breaches of Ukrainian entities.BleepingComputer
January 28, 2022 – Government
NCSC warns UK entities of potential destructive cyberattacks from Russia Full Text
Abstract
The UK’s National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks from Russia-linked APT groups. The UK’s National Cyber Security Centre (NCSC) is urging organizations...Security Affairs
January 28, 2022 – Government
EU to create pan-European cyber incident coordination framework Full Text
Abstract
The European Systemic Risk Board (ESRB) proposed a new systemic cyber incident coordination framework that would allow EU relevant authorities to better coordinate when having to respond to major cross-border cyber incidents impacting the Union's financial sector.BleepingComputer
January 28, 2022 – Breach
Finnish diplomats’ devices infected with Pegasus spyware Full Text
Abstract
Finland Ministry for Foreign Affairs revealed that devices of Finnish diplomats have been infected with NSO Group's Pegasus spyware. Finland's Ministry for Foreign Affairs revealed that the devices of some Finnish diplomats have been compromised with...Security Affairs
January 28, 2022 – Hacker
Hackers are taking over CEO accounts with rogue OAuth apps Full Text
Abstract
Threat analysts have observed a new campaign named 'OiVaVoii', targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts.BleepingComputer
January 28, 2022 – Vulnerabilities
Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits Full Text
Abstract
Zero-day exploit broker Zerodium announced it will pay $400,000 for zero-day RCE in Microsoft Outlook email client. The zero-day exploit broker Zerodium has announced it will pay $400,000 for zero-day remote code execution (RCE) vulnerabilities in the Microsoft...Security Affairs
January 28, 2022 – Privacy
Finnish diplomats’ phones infected with NSO Group Pegasus spyware Full Text
Abstract
Finland's Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign.BleepingComputer
January 28, 2022 – Attack
Delta Electronics, a tech giants’ contractor, hit by Conti ransomware Full Text
Abstract
Delta Electronics, a Taiwanese contractor for multiple tech giants such as Apple, Dell, HP and Tesla, was hit by Conti ransomware Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week....Security Affairs
January 28, 2022 – Phishing
Finland warns of Facebook accounts hijacked via Messenger phishing Full Text
Abstract
Finland's National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats.BleepingComputer
January 28, 2022 – Criminals
Microsoft Outlook RCE zero-day exploits now selling for $400,000 Full Text
Abstract
Exploit broker Zerodium has announced a pay jump to 400,000 for zero-day vulnerabilities that allow remote code execution (RCE) in Microsoft Outlook email client.BleepingComputer
January 28, 2022 – Attack
QNAP force-installs update after DeadBolt ransomware hits 3,600 devices Full Text
Abstract
QNAP force-updated customer's Network Attached Storage (NAS) devices with firmware containing the latest security updates to protect against the DeadBolt ransomware, which has already encrypted over 3,600 devices.BleepingComputer
January 27, 2022 – Botnet
BotenaGo Botnet Code Leaked to GitHub, Impacting Millions of Devices Full Text
Abstract
The malware had already put millions of routers and IoT devices at risk, and now any noob can have at it.Threatpost
January 27, 2022 – Denial Of Service
Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers Full Text
Abstract
Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps). One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. It hit a peak throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps), making it the largest attack ever reported in history. "This was a distributed attack originating from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan," Alethea Toh, product manager of Azure Networking, said . DDoS attacks occur when several compromised devices are employed as a conduit to overwhelm a targeted server, service, or network with a flood of internet traffic with the goal of overloading the systems and dThe Hacker News
January 27, 2022 – Ransomware
QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices Full Text
Abstract
Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt . "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said . "QNAP urges all QNAP NAS users to […] immediately update QTS to the latest available version." A query on IoT search engine Censys shows that at least 3,687 devices have been encrypted by the DeadBolt ransomware so far, with most NAS devices located in the U.S., Taiwan, France, Italy, the U.K., Hong Kong, Germany, the Netherlands, Poland, and South Korea. In addition, QNAP is also urging users to check if their NAS devices are public-facing, and if so, take steps to turn off the port forwarding function of the router and disable the Universal Plug and Play ( UPnP ) function of the QNAP NAS. The advisory comes as Bleeping Computer revealed tThe Hacker News
January 27, 2022 – Business
Microsoft mitigates largest DDoS attack ‘ever reported in history’ Full Text
Abstract
Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second (Tbps) distributed denial of service (DDoS) attack targeting an Azure customer from Asia in November.BleepingComputer
January 27, 2022 – Policy and Law
DeepDotWeb admin imprisoned for advertising illegal dark web markets Full Text
Abstract
An Israeli citizen who operated DeepDotWeb (DDW), a news site and review site for dark web sites, has received a sentence of 97 months in prison for money laundering and was ordered to forfeit $8,414,173.BleepingComputer
January 27, 2022 – Phishing
New phishing attack uses an unusual trick to spread further Full Text
Abstract
A new multi-phase phishing campaign first enrolls an attacker's BYOD device on a corporate network and then begins sending thousands of convincing phishing emails to further targets.ZDNet
January 27, 2022 – Vulnerabilities
Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? Full Text
Abstract
There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You'd think that this issue no longer affects a significant number of organizations because by now, companies would have migrated away from CentOS 8 to an OS that is actively supported by vendors. After all, vendor support is critical for security and compliance. But as it always is with these things, you can count on the fact that a big chunk of CentOS 8 users are soldiering on with an unsupported OS, despite being aware of the risks. With that risk now crystallizing we're using this article to examine CVE-2021-4122 , the newly discovered vulnerability in LUKS encryption, and to discuss your options for mitigating it. Wait, whaThe Hacker News
January 27, 2022 – Government
White House Releases Memo on Cybersecurity at Federal Agencies Full Text
Abstract
The White House Office of Management and Budget released a memo that announces new measures to strengthen cybersecurity within federal agencies.Lawfare
January 27, 2022 – Attack
Puerto Rico was hit by a major cyberattack Full Text
Abstract
Puerto Rico’s Senate announced that is was it by a cyberattack that shut down its internet provider, phone system and official online page. The Senate of Puerto Rico announced this week that it was hit by a major cyberattack that disabled its internet...Security Affairs
January 27, 2022 – Education
How to Secure Your SaaS Stack with a SaaS Security Posture Management Solution Full Text
Abstract
SaaS Security Posture Management (SSPM) named a must have solution by Gartner. Adaptive Shields SSPM solution allows security teams full visibility and control.Threatpost
January 27, 2022 – Attack
Taiwanese Apple and Tesla contractor hit by Conti ransomware Full Text
Abstract
Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell, disclosed that it was the victim of a cyberattack discovered on Friday morning.BleepingComputer
January 27, 2022 – Vulnerabilities
VMware Warns of Log4j Attacks Targeting Horizon Servers Full Text
Abstract
Tracked as CVE-2021-44228, the flaw was identified in December 2021 in the Apache Log4j logging utility, and has since been exploited in attacks by both cybercriminals and state-sponsored actors.Security Week
January 27, 2022 – Malware
Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions Full Text
Abstract
A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that's engineered to harvest sensitive consumer information, including login credentials, credit card numbers, and other financial information. "Chaes is characterized by the multiple-stage delivery that utilizes scripting frameworks such as JScript, Python, and NodeJS, binaries written in Delphi, and malicious Google Chrome extensions," Avast researchers Anh Ho and Igor Morgenstern said . "The ultimate goal of Chaes is to steal credentials stored in Chrome and intercept logins of popular banking websites in Brazil." The attack sequence is triggered when users visit one of the infected websitesThe Hacker News
January 27, 2022 – APT
North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks Full Text
Abstract
North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. North Korea-linked Lazarus APT started using Windows Update to execute the malicious payload and GitHub as a command and control server in recent...Security Affairs
January 27, 2022 – Hacker
Lazarus hackers use Windows Update to deploy malware Full Text
Abstract
North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems.BleepingComputer
January 27, 2022 – Government
New Strategy Funds UK Public Services’ Cyber Resilience Full Text
Abstract
U.K. local authorities are to receive more than $50 million from the government to boost cyber resilience in essential public services and data in sectors such as housing benefits,Gov Info Security
January 27, 2022 – Botnet
Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices Full Text
Abstract
Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. "Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click," the Romanian cybersecurity firm detailed in a report published Wednesday. "Additionally, attackers are rapidly changing the countries they are targeting in this campaign." The new wave of attacks is said to have been most active in Australia, Germany, Poland, Spain, Austria, and Italy, among others, with attacks spreading to newer countries like Romania, the Netherlands, and Thailand starting mid-January. FluBot (aka Cabassous) campaigns use smishing as the primary delivery method to target potential victims, wherein users receive an SMS message with the question "Is this you in this video?" and are tricked into clicking a link that instThe Hacker News
January 27, 2022 – Vulnerabilities
Popular apps left biometric data, IDs of millions of users in danger Full Text
Abstract
Personal data belonging to millions of customers of large businesses have been exposed due to a flaw in Onfido IDV. Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their...Security Affairs
January 27, 2022 – Phishing
Microsoft warns of multi-stage phishing campaign leveraging Azure AD Full Text
Abstract
Microsoft's threat analysts have uncovered a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices onto the target's network and use them to distribute phishing emails.BleepingComputer
January 27, 2022 – Criminals
REvil Ransomware Operations Apparently Unaffected by Recent Arrests Full Text
Abstract
The REvil ransomware cooperative’s activity has not slowed down following Russia’s recent move to arrest several alleged members of the group, according to threat intelligence company ReversingLabs.Security Week
January 27, 2022 – Denial Of Service
Microsoft mitigated a 3.47 Tbps DDoS attack, the largest one to date Full Text
Abstract
Microsoft announced to have mitigated a record 3.47 Tbps distributed denial of service (DDoS) attack targeting an Azure customer. Microsoft announced that its Azure DDoS protection platform has mitigated a record 3.47 Tbps attack...Security Affairs
January 27, 2022 – APT
Russian APT29 hackers’ stealthy malware undetected for years Full Text
Abstract
Hackers associated with the Russian Federation Foreign Intelligence Service (SVR) continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats.BleepingComputer
January 27, 2022 – Breach
Puerto Rico’s Senate, Internet Provider, Phone System, and Website Impacted by Cyberattack Full Text
Abstract
Puerto Rico’s Senate announced that it was the target of a cyberattack that disabled its internet provider, phone system, and online page, the latest in a string of similar incidents in recent years.Security Week
January 27, 2022 – Criminals
Lockbit ransomware gang claims to have hacked Ministry of Justice of France Full Text
Abstract
A few hours ago Lockbit ransomware operators announced to have stolen data from Ministry of Justice of France. The Ministry of Justice of France is a body of the French government, which is responsible for: supervision of the judiciary, its maintenance...Security Affairs
January 27, 2022 – Denial Of Service
Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users Full Text
Abstract
Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second (Tbps) distributed denial of service (DDoS) attack targeting an Azure customer from Asia in November.BleepingComputer
January 27, 2022 – Business
Worklyn Partners acquires Quadrant Information Security to expand security services Full Text
Abstract
On the heels of the first close of its maiden fund at over $35 million, Worklyn’s investment will enable Quadrant to scale its proprietary technology platform and accelerate faster growth.Help Net Security
January 27, 2022 – Malware
A new highly evasive technique used to deliver the AsyncRAT Malware Full Text
Abstract
Experts spotted a sophisticated malware campaign delivering the AsyncRAT trojan since September 2021. Researchers from Morphisec spotted a sophisticated phishing campaign delivering the AsyncRAT trojan since September 2021. The phishing messages...Security Affairs
January 27, 2022 – Attack
105 million Android users targeted by subscription fraud campaign Full Text
Abstract
A premium services subscription scam for Android has been operating for close to two years. Called 'Dark Herring', the operation used 470 Google Play Store apps and affected over 100 million users worldwide, potentially causing hundreds of millions of USD in total losses.BleepingComputer
January 27, 2022 – Ransomware
Experts analyze first LockBit ransomware for Linux and VMware ESXi Full Text
Abstract
LockBit expands its operations by implementing a Linux version of LockBit ransomware that targets VMware ESXi servers. LockBit is the latest ransomware operation to add the support for Linux systems, experts spotted a new version that targets VMware...Security Affairs
January 26, 2022 – Vulnerabilities
Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild Full Text
Abstract
iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.Threatpost
January 26, 2022 – Malware
‘Dark Herring’ Billing Malware Swims onto 105M Android Devices Full Text
Abstract
The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.Threatpost
January 26, 2022 – Hacker
Hackers Using New Evasive Technique to Deliver AsyncRAT Malware Full Text
Abstract
A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted connection," Michael Dereviashkin, security researcher at enterprise breach prevention firm Morphisec, said in a report. The intrusions commence with an email message containing an HTML attachment that's disguised as an order confirmation receipt (e.g., Receipt-[digits].html). Opening the decoy file redirects the message recipient to a web page prompting the user to save an ISO file. But unlike other attacks that route the victim to a phishing domain set up explicitly for downloading the next-stage malware, the latest RAT campaign cleverly uses JavaScript to locally creaThe Hacker News
January 26, 2022 – Education
New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense Full Text
Abstract
Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.Threatpost
January 26, 2022 – Vulnerabilities
Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability Full Text
Abstract
Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587 , the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to execute arbitrary code with kernel privileges. The iPhone maker said it's "aware of a report that this issue may have been actively exploited," adding it addressed the issue with improved input validation. It did not reveal the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them. An anonymous researcher along with Meysam Firouzi and Siddharth Aeri have been credited with discovering and reporting the flaw. CVE-2022-22587 is the third zero-day vulnerability discovered in IOMobileFrameBuffer in a span of six months after CVE-2The Hacker News
January 26, 2022 – Ransomware
Linux version of LockBit ransomware targets VMware ESXi servers Full Text
Abstract
LockBit is the latest ransomware gang whose Linux encryptor has been discovered to be focusing on the encryption of VMware ESXi virtual machines.BleepingComputer
January 26, 2022 – Criminals
Telegram Becomes Viable Alternative to the Dark Web, Here’s How Attackers are Exploiting It Full Text
Abstract
In a report from Cybersixgill, researchers revealed that compromised cards from most popular financial institutions are a lucrative commodity on Telegram-based illicit marketplaces.Cyware Alerts - Hacker News
January 26, 2022 – Government
White House moves to boost cybersecurity at federal agencies Full Text
Abstract
The White House announced on Wednesday new measures to boost cybersecurity within federal agencies following increased cyberattacks on private and public U.S. infrastructure.The Hill
January 26, 2022 – Attack
Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers Full Text
Abstract
An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a second-stage payload onto the victimized systems. The payloads observed include cryptocurrency miners, Cobalt Strike Beacons, and web shells, corroborating a previous advisory from the U.K. National Health Service (NHS) that sounded the alarm on active exploitation of the vulnerabilities in VMware Horizon servers to drop malicious web shells and establish persistence on affected networks for follow-on attacks. Log4Shell is a moniker used to refer to an exploit affecting the popular Apache Log4j library that results in remote code execution by logging a specially crafted string. Since publicThe Hacker News
January 26, 2022 – Vulnerabilities
Apple fixed the first two zero-day vulnerabilities of 2022 Full Text
Abstract
Apple released security updates to fix two zero-day flaws, one of them actively exploited to hack iPhones and Macs. Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild...Security Affairs
January 26, 2022 – Botnet
TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade Full Text
Abstract
The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis.Threatpost
January 26, 2022 – Vulnerabilities
Apple fixes new zero-day exploited to hack macOS, iOS devices Full Text
Abstract
Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs.BleepingComputer
January 26, 2022 – Hacker
New Threat Group Exploits Zoho Flaws in U.S Orgs Full Text
Abstract
Palo Alto Networks discovered that Emissary Panda, a hacking group with ties to China, is exploiting Zoho software flaws in the networks of at least nine organizations in the defense, energy, technology, healthcare, and education sectors. The attackers were using malicious tools for credentials ha ... Read MoreCyware Alerts - Hacker News
January 26, 2022 – Education
Webinar: How to See More, But Respond Less with Enhanced Threat Visibility Full Text
Abstract
The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with limited security budgets and lean IT security teams. An upcoming webinar ( register here ) tries to help lean security teams understand how to tackle this intractable problem. While adding security solutions to cover blind spots seems logical, the webinar will argue that this just leads to more alarms and more noise. While this approach might be workable for large security teams, smaller teams simply don't have the bandwidth to handle an increase in alerts. Instead, organizations need broad threat visibility to cover the current blind spots, but then needs the ability to combine, rank and filter alarms by importancThe Hacker News
January 26, 2022 – APT
German intelligence agency warns of China-linked APT27 targeting commercial organizations Full Text
Abstract
The BfV German domestic intelligence services warn of ongoing attacks carried out by the China-linked APT27 cyberespionage group. The Bundesamt für Verfassungsschutz (BfV) federal domestic intelligence agency warns of ongoing attacks coordinated...Security Affairs
January 26, 2022 – Education
Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox Full Text
Abstract
Threat actors use bogus ‘shipping delays’ to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.Threatpost
January 26, 2022 – Malware
Chaes banking trojan hijacks Chrome with malicious extensions Full Text
Abstract
A large-scale campaign involving over 800 compromised WordPress websites is spreading banking trojans that target the credentials of Brazilian e-banking users.BleepingComputer
January 26, 2022 – Government
Threat Actors Use Malicious QR Codes, Warns FBI Full Text
Abstract
Cybercriminals are meddling with QR codes to redirect users to malicious websites that steal their information, deflect their payments to attacker-controlled accounts, and install malware on their devices.Cyware Alerts - Hacker News
January 26, 2022 – Ransomware
New DeadBolt ransomware targets QNAP NAS devices Full Text
Abstract
New malware is targeting targets QNAP NAS devices, it is the DeadBolt ransomware and ask 50 BTC for master key DeadBolt ransomware is targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them...Security Affairs
January 26, 2022 – Botnet
Threat Actors Blanket Androids with Flubot, Teabot Campaigns Full Text
Abstract
Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.Threatpost
January 26, 2022 – Government
White House wants US govt to use a Zero Trust security model Full Text
Abstract
A newly released Federal strategy wants the US government to adopt a "zero trust" security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies.BleepingComputer
January 26, 2022 – Malware
BHUNT - New Password Stealer Aiming for Crypto Wallets Full Text
Abstract
BHUNT is a new crypto stealer family and was spotted by Bitdefender. It is written in .NET and is capable of pilfering wallet content from Electrum, Bitcoin, Ethereum, Exodus, and Atomic, among others.Cyware Alerts - Hacker News
January 26, 2022 – Vulnerabilities
VMware urges customers to patch VMware Horizon servers against Log4j attacks Full Text
Abstract
VMware released security patches to address critical Log4j security vulnerabilities in VMware Horizon servers targeted in ongoing attacks. VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon...Security Affairs
January 26, 2022 – Botnet
New FluBot and TeaBot campaigns target Android devices worldwide Full Text
Abstract
New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania.BleepingComputer
January 26, 2022 – Solution
GitHub enables two-factor authentication mechanism through iOS, Android app Full Text
Abstract
The new security feature introduced by GitHub is another way users can enable two-factor authentication alongside security keys and WebAuthn, one-time passcodes, and SMS.ZDNet
January 26, 2022 – Vulnerabilities
PwnKit: Local Privilege Escalation bug affects major Linux distros Full Text
Abstract
A flaw in Polkit's pkexec component, tracked as CVE-2021-4034 (PwnKit) can be exploited to gain full root privileges on major Linux distros. An attacker can exploit a vulnerability in Polkit's pkexec component, tracked as CVE-2021-4034, that affects...Security Affairs
January 26, 2022 – APT
German govt warns of APT27 hackers backdooring business networks Full Text
Abstract
The BfV German domestic intelligence services (short for Bundesamt für Verfassungsschutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group.BleepingComputer
January 26, 2022 – Vulnerabilities
Android security tool APKLeaks patches critical vulnerability Full Text
Abstract
The vulnerability, caused due to improper neutralization of argument delimiters, is tracked as CVE-2021-21386 and has a CVSS severity score of 9.3, an escalation from an original CVSS score of 7.3.The Daily Swig
January 26, 2022 – Vulnerabilities
PrinterLogic fixes high severity flaws in Printer Management Suite Full Text
Abstract
PrinterLogic has addressed nine vulnerabilities in Web Stack and Virtual Appliance, including three high severity flaws. PrinterLogic has released security updates to address nine vulnerabilities in Web Stack and Virtual Appliance, the most severe...Security Affairs
January 26, 2022 – General
Let’s Encrypt is revoking lots of SSL certificates in two days Full Text
Abstract
Let's Encrypt will begin revoking certain SSL/TLS certificates issued within the last 90 days starting January 28, 2022. The move could impact millions of active Let's Encrypt certificates.BleepingComputer
January 26, 2022 – Business
Slim.AI Raises $31 Million to Secure Cloud-Native Applications Full Text
Abstract
Slim.AI’s latest funding round was led by Insight Partners and StepStone Group and also received participation from Knollwood, boldstart Ventures, Decibel Partners, FXP, and TechAviv Founder Partners.Security Week
January 26, 2022 – Denial Of Service
Nobel Foundation site hit by DDoS attack on award day Full Text
Abstract
The Nobel Foundation and the Norwegian Nobel Institute have disclosed a cyber-attack that unfolded during the award ceremony on December 10, 2021.BleepingComputer
January 26, 2022 – Ransomware
QNAP warns of new DeadBolt ransomware encrypting NAS devices Full Text
Abstract
QNAP is warning customers again to secure their Internet-exposed Network Attached Storage (NAS) devices to defend against ongoing and widespread attacks targeting their data with the new DeadBolt ransomware strain.BleepingComputer
January 25, 2022 – Privacy
Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads Full Text
Abstract
Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics , which categorizes users' browsing habits into approximately 350 topics. The new mechanism , which takes the place of FLoC (short for Federated Learning of Cohorts), slots users' browsing history for a given week into a handful of top pre-designated interests (i.e., topics), which are retained only on the device for a revolving period of three weeks. Subsequently, when a user visits a participating site, the Topics API selects three of the interests — one topic from each of the past three weeks — to share with the site and its advertising partners. To give more control over the framework, users can not only see the topics but also remove topics or disable it altogether. By labeling each website with a recognizable, high-level topic and sharing the most frequent topics associated with the browsing history,The Hacker News
January 25, 2022 – Vulnerabilities
12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access Full Text
Abstract
A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's installed by default on every major Linux distribution such as Ubunti, Debian, Fedora, and CentOS. Polkit (formerly called PolicyKit ) is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes. "This vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration," Bharat Jogi, director of vulnerability and threat research at Qualys, said , adding it "hasThe Hacker News
January 25, 2022 – Cryptocurrency
Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin Full Text
Abstract
A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.Threatpost
January 25, 2022 – Ransomware
New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key Full Text
Abstract
A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.BleepingComputer
January 25, 2022 – Government
Security Agencies Continue to Raise Red Flags Against Log4Shell Full Text
Abstract
The Log4Shell vulnerability has become a menace and poses a huge challenge to the security community. As more Log4Shell victims continue to surface, more security agencies release alerts about cybercriminals who continue to exploit the Log4j vulnerability in their attacks. Patch it if you haven't ... Read MoreCyware Alerts - Hacker News
January 25, 2022 – Attack
Canada’s foreign ministry targeted in cyberattack Full Text
Abstract
The Canadian foreign ministry has been impacted by a "cyber incident" that has interrupted some of its "internet-based services," the Canadian government said Monday, according to CNN.The Hill
January 25, 2022 – Privacy
Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets Full Text
Abstract
Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a command-and-control (C2) server and is split into as many as six stages to stay as hidden as possible, Trellix — a new company created following the merger of security firms McAfee Enterprise and FireEye — said in a report shared with The Hacker News. "This type of communication allows the malware to go unnoticed in the victims' systems since it will only connect to legitimate Microsoft domains and won't show any suspicious network traffic," Trellix explained. First signs of activity associated with the covert operation are said to have commenced as early as June 18, 2021, with two victims reported on September 21 and 29, followed by 17 more in a short span of three days between OctoThe Hacker News
January 25, 2022 – Breach
Segway e-store compromised in a Magecart attack to steal credit cards Full Text
Abstract
Segway e-store suffered a Magecart attack that potentially allowed threat actors to steal credit cards and customer info. The online store of Segway was compromised as a result of a Magecart attack, threat actors planted a malicious script to steal...Security Affairs
January 25, 2022 – Outage
Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet Full Text
Abstract
Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country’s only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.Threatpost
January 25, 2022 – Vulnerabilities
VMware: Patch Horizon servers against ongoing Log4j attacks! Full Text
Abstract
VMware is urging customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks.BleepingComputer
January 25, 2022 – Malware
MoonBounce: Third UEFI Bootkit in Town Full Text
Abstract
Kaspersky unearthed MoonBounce, a custom UEFI firmware implant, that can hide in the system across disk formatting or replacement. It appears to be the brainwork of the Chinese Winnti group. The infection chain does not leave any evidence and works entirely in memory. Researchers advise enabling Se ... Read MoreCyware Alerts - Hacker News
January 25, 2022 – Attack
Belarus hackers say they’ve targeted railway to impede Russian troop movements Full Text
Abstract
A group of Belarusian hackers on Monday said they have targeted a national railway company in an effort to hinder the movement of Russian troops, as tensions rise between Moscow and Kyiv amid reports of a Russian incursion into Ukraine.The Hill
January 25, 2022 – Attack
Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks Full Text
Abstract
A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an actor with "strong technical capabilities," calling out the campaign's overlaps to that of a similar digital offensive disclosed by Google Threat Analysis Group (TAG) in November 2021. The attack chain involved compromising a legitimate website belonging to D100 Radio, a pro-democracy internet radio station in Hong Kong, to inject malicious inline frames (aka iframes ) between September 30 and November 4, 2021. In the next phase, the tampered code acted as a conduit to load a Mach-O file by leveraging a remote code execution bug in WebKit that was fixed by Apple in February 2021 ( CVE-2021-1789 ). "The exploit used to gain code execution in the browser is quiteThe Hacker News
January 25, 2022 – Solution
UK NCSC is going to release Nmap scripts to find unpatched vulnerabilities Full Text
Abstract
The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find unpatched vulnerabilities. The United Kingdom's National Cyber Security Centre (NCSC) announced the release of NMAP Scripting Engine...Security Affairs
January 25, 2022 – Attack
Segway Hit by Magecart Attack Hiding in a Favicon Full Text
Abstract
Visitors who shopped on the company’s eCommerce website in January will likely find their payment-card data heisted, researchers warned.Threatpost
January 25, 2022 – Vulnerabilities
Linux system service bug gives root on all major distros, exploit released Full Text
Abstract
A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today.BleepingComputer
January 25, 2022 – APT
Molerats APT Group Targets the Middle East Full Text
Abstract
ThreatLabz exposed cyberespionage group Molerats that has been leveraging cloud services, such as Google Drive and Dropbox, to host payloads to target the Middle East. The targets picked by the attackers included important members of the banking sector in Palestine, human rights activists/journali ... Read MoreCyware Alerts - Hacker News
January 25, 2022 – Malware
TrickBot Malware Using New Techniques to Evade Web Injection Attacks Full Text
Abstract
The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls," IBM Trusteer said in a report. "In most cases, these extra protections have been applied to injections used in the process of online banking fraud — TrickBot's main activity since its inception after the Dyre Trojan 's demise." TrickBot , which started out as a banking trojan, has evolved into a multi-purpose crimeware-as-a-service (CaaS) that's employed by a variety of actors to deliver additional payloads such as ransomware. Over 100 variations of TrickBot have been identified to date, one of which is a " Trickboot " module that can modify the UEFI firmware of a compromised device. In the fall of 2The Hacker News
January 25, 2022 – Attack
Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks Full Text
Abstract
Experts found an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong. Researchers from ESET have spotted an undocumented macOS backdoor, dubbed DazzleSpy,...Security Affairs
January 25, 2022 – Botnet
TrickBot now crashes researchers’ browsers to block malware analysis Full Text
Abstract
The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts.BleepingComputer
January 25, 2022 – Business
XDR Firm Hunters Raises $68 Million in Series C Funding Round Full Text
Abstract
The Series C round was led by Stripes, with participation from DTCP, Cisco Investments, Databricks, YL Ventures, Bessemer Venture Partners, Microsoft’s M12, U.S. Venture Partners, and others.Security Week
January 25, 2022 – Attack
Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access Full Text
Abstract
Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall's Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038, in SonicWall's Secure...Security Affairs
January 25, 2022 – Government
UK govt releasing Nmap scripts to find unpatched vulnerabilities Full Text
Abstract
The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads UK's cyber security mission, is releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks.BleepingComputer
January 25, 2022 – Breach
California public office admits COVID-19 healthcare data breach Full Text
Abstract
The County of Kings, in mid-California, announced that the security flaw in its public web server made limited information on Covid-19 cases available to anyone on the internet.The Daily Swig
January 25, 2022 – Malware
Latest version of Android RAT BRATA wipes devices after stealing data Full Text
Abstract
A new version of the BRATA malware implements a functionality to perform a factory reset of the device to wipe all data. The new version of the BRATA Android malware supports new features, including GPS tracking and a functionality to perform a factory...Security Affairs
January 25, 2022 – Malware
New DazzleSpy malware targets macOS users in watering hole attack Full Text
Abstract
A new watering hole attack has been discovered targeting macOS users and visitors of a pro-democracy radio station website in Hong Kong and infecting them with the DazzleSpy malwareBleepingComputer
January 25, 2022 – Botnet
TrickBot Operators Bolster Layered Defenses to Prevent Injection Research Full Text
Abstract
The operators behind the notorious TrickBot malware have once again updated their evasion techniques by adding multiple layers of defense to slip past antimalware products.Security Intelligence
January 25, 2022 – Vulnerabilities
Linux kernel bug can let hackers escape Kubernetes containers Full Text
Abstract
A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape Kubernetes containers, giving access to resources on the host system.BleepingComputer
January 25, 2022 – Skimming
Segway store compromised with Magecart skimmer Full Text
Abstract
Malwarebytes web protection team identified a web skimmer on Segway’s online store. The researchers tied it to a previous campaign that is attributed to Magecart Group 12.Malwarebytes Labs
January 25, 2022 – Phishing
Google Drive now warns you of suspicious phishing, malware docs Full Text
Abstract
Google is rolling out new warning banners in Google Drive to alert users of potentially suspicious files that threat actors could use for malware delivery and in phishing attacks.BleepingComputer
January 25, 2022 – Criminals
High anxiety spreads among Russian criminal groups in wake of REvil raid Full Text
Abstract
The crackdown on members of the REvil gang by agents of Russian security forces this month is sending a wave of distress and dread through the Russian hacker underground, according to Trustwave.CSO Online
January 25, 2022 – Breach
Segway store hacked to steal customers’ credit cards Full Text
Abstract
Segway's online store was compromised to include a malicious Magecart script that potentially allowed threat actors to steal credit cards and customer information during checkout.BleepingComputer
January 25, 2022 – Criminals
Russia arrests leader of “Infraud Organization” hacker group Full Text
Abstract
The Russian Federal Security Service (FSB) and law enforcement have arrested Andrey Sergeevich Novak, the alleged leader of the Infraud Organization, a hacker group that caused losses of more than $560 million in seven years of activity.BleepingComputer
January 25, 2022 – Vulnerabilities
Google Drive flags nearly empty files for ‘copyright infringement’ Full Text
Abstract
Users were left startled as Google Drive's automated detection systems flagged a nearly empty file for copyright infringement. The file, according to one Drive user, contained nothing other than just the digit "1" within.BleepingComputer
January 25, 2022 – Outage
Canada’s foreign affairs ministry hacked, some services down Full Text
Abstract
The Canadian government department for foreign and consular relations, Global Affairs Canada was hit by a cyberattack last week. While critical services remain accessible, access to some online services is currently not available, as government systems continue to recover from the attack.BleepingComputer
January 24, 2022 – Vulnerabilities
Linux Servers at Risk of RCE Due to Critical CWP Bugs Full Text
Abstract
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.Threatpost
January 24, 2022 – Malware
Mobile Banking Trojan BRATA Gains New, Dangerous Capabilities Full Text
Abstract
The Android malware tracked as BRATA has been updated with new features that grants it the ability to track device locations and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be distributed through a downloader to avoid being detected by security software, Italian cybersecurity firm Cleafy said in a technical write-up . Targets include banks and financial institutions in the U.K., Poland, Italy, and Latin America. "What makes Android RAT so interesting for attackers is its capability to operate directly on the victim devices instead of using a new device," Cleafy researchers noted in December 2021. "By doing so, Threat Actors (TAs) can drastically reduce the possibility of being flagged "as suspicious", since the device's fingerprinting is already known to the bank." First seen in the wild at the end of 2018 and short for "Brazilian Remote AcThe Hacker News
January 24, 2022 – APT
MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists Full Text
Abstract
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.Threatpost
January 24, 2022 – Malware
Hackers Using New Malware Packer DTPacker to Avoid Analysis, Detection Full Text
Abstract
A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans (RATs) and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook to plunder information and facilitate follow-on attacks. "The malware uses multiple obfuscation techniques to evade antivirus, sandboxing, and analysis," enterprise security company Proofpoint said in an analysis published Monday. "It is likely distributed on underground forums." The .NET-based commodity malware has been associated with dozens of campaigns and multiple threat groups, both advanced persistent threat (APT) and cybercrime actors, since 2020, with the intrusions aimed at hundreds of customers across many sectors. Attack chains involving the packer rely on phishing emails as an initial infection vector. The messages contain a malicious document or a compressed executable attachment, which, when opened, deploys the packer to launch the malware.The Hacker News
January 24, 2022 – Attack
Attackers now actively targeting critical SonicWall RCE bug Full Text
Abstract
A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts.BleepingComputer
January 24, 2022 – Denial Of Service
New DDoS IRC Bot Spreads Through Korean WebHard Full Text
Abstract
Researchers have uncovered details about a new malicious IRC bot, programmed in Golang, that is being used to launch DDoS attacks against Korean users. Attackers are distributing the malware via file-sharing websites such as Korean WebHards. It is recommended to stay alert when downloading files fr ... Read MoreCyware Alerts - Hacker News
January 24, 2022 – Government
DHS warns Russia could launch cyberattack on US Full Text
Abstract
The Department of Homeland Security (DHS) is warning that Russia may pursue a cyberattack against the U.S. as tensions escalate over Moscow's buildup of forces near the border with Ukraine.The Hill
January 24, 2022 – Solution
ZTNAs Address Requirements VPNs Cannot. Here’s Why. Full Text
Abstract
I recently hopped on the Lookout podcast to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless, I was inspired to put some additional thoughts about VPN on paper. When most organizations were forced to shift to remote work last year, they needed a quick-fix solution that would enable their remote employees to access work resources securely. For many, this solution came in the form of VPNs. However, VPNs were not designed for the bring your own device (BYOD) and cloud app use cases. While VPNs are able to provide remote access, it may come as a surprise that they fall short when it comes to security. This is because VPNs were built for when only a small portion of your workforce wThe Hacker News
January 24, 2022 – Vulnerabilities
A flaw in Rust Programming language could allow to delete files and directories Full Text
Abstract
The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...Security Affairs
January 24, 2022 – Phishing
Surge in Malicious QR Codes Sparks FBI Alert Full Text
Abstract
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.Threatpost
January 24, 2022 – Policy and Law
Tor Project appeals Russian court’s decision to block access to Tor Full Text
Abstract
US-based Tor Project and Russian digital-rights protection org RosKomSvoboda are appealing a Russian court's decision to block access to public Tor nodes and the project's website.BleepingComputer
January 24, 2022 – Malware
Researchers break down WhisperGate wiper malware used in Ukraine website defacement Full Text
Abstract
The malware used to strike Ukrainian government websites has similarities to the NotPetya wiper but has more capabilities "designed to inflict additional damage," researchers say.ZDNet
January 24, 2022 – Hacker
Hackers Creating Fraudulent Crypto Tokens as Part of ‘Rug Pull’ Scams Full Text
Abstract
Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Check Point said in a report shared with The Hacker News. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement. They allow trusted transactions and agreements to be carried out between anonymous parties without the need for a central authority. By examining the Solidity source code used for implementing smart contracts, the Israeli cybersecurity company found instances of hidden and hardcoded fees that can't be changed, while allowing malicious actors to exert control over "who is allowed to sell." In another instance, a legitimate contract calledThe Hacker News
January 24, 2022 – Attack
Tens of AccessPress WordPress themes compromised as part of a supply chain attack Full Text
Abstract
Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a classic supply chain attack, threat actors planted a backdoor in dozens of WordPress plugins and themes hosted on a developer's...Security Affairs
January 24, 2022 – Vulnerabilities
CWP bugs allow code execution as root on Linux servers, patch now Full Text
Abstract
Two security vulnerabilities that impact the Control Web Panel (CWP) software can be chained by unauthenticated attackers to gain remote code execution (RCE) as root on vulnerable Linux servers.BleepingComputer
January 24, 2022 – Solution
Microsoft switches off Excel 4.0 macros by default to protect users against security threats Full Text
Abstract
That setting, released as an optional configuration in the Excel Trust Center setting in July, is now the default when opening Excel 4.0 macros (XLM), Microsoft said in a blog post.ZDNet
January 24, 2022 – Criminals
Russian authorities arrested the kingpin of cybercrime Infraud Organization Full Text
Abstract
Russian authorities arrested four alleged members of the international cyber theft ring tracked as 'Infraud Organization.' In February 2008, the US authorities dismantled the global cybercrime organization tracked as Infraud Organization, which was involved...Security Affairs
January 24, 2022 – Malware
Android malware BRATA wipes your device after stealing data Full Text
Abstract
The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity.BleepingComputer
January 24, 2022 – Attack
Earth Karkaddan Delivers CapraRAT, CrimsonRAT, and ObliqueRAT via Spear-Phishing Campaigns Full Text
Abstract
Typically, the Earth Karkaddan hacker group's arrival methods include the use of spear-phishing emails and a USB worm that would then drop and execute a remote access trojan (RAT).Trend Micro
January 24, 2022 – Phishing
Emotet spam uses unconventional IP address formats to evade detection Full Text
Abstract
Experts warn Emotet malware campaign using "unconventional" IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using "unconventional" IP address formats to evade detection....Security Affairs
January 24, 2022 – Breach
Hackers say they encrypted Belarusian Railway servers in protest Full Text
Abstract
A group of hackers (known as Belarusian Cyber-Partisans) claim they breached and encrypted servers belonging to the Belarusian Railway, Belarus's national state-owned railway company.BleepingComputer
January 24, 2022 – Attack
China accused of hijacking Australia Prime Minister Scott Morrison’s WeChat account Full Text
Abstract
An Australian member of parliament has accused the Chinese government of foreign interference after Prime Minister Scott Morrison's account on WeChat was hijacked recently.ZDNet
January 24, 2022 – Government
Crooks tampering with QR Codes to steal victim money and info, FBI warns Full Text
Abstract
The FBI warns that cybercriminals are using malicious QR codes to steal their credentials and financial info. The Federal Bureau of Investigation (FBI) published a public service announcement (PSA) to warn that cybercriminals are using QR codes to steal...Security Affairs
January 24, 2022 – Criminals
Ransomware gangs increase efforts to enlist insiders for attacks Full Text
Abstract
A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.BleepingComputer
January 24, 2022 – Vulnerabilities
F5 fixes 25 flaws in BIG-IP, BIG-IQ, and NGINX products Full Text
Abstract
Cybersecurity provider F5 released security patches to address 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Cybersecurity firm F5 announced security patches for 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products....Security Affairs
January 24, 2022 – Malware
Malicious PowerPoint files used to push remote access trojans Full Text
Abstract
Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans.BleepingComputer
January 24, 2022 – Outage
Dark Souls servers taken down to prevent hacks using critical bug Full Text
Abstract
Bandai Namco has deactivated the online PvP mode for the Dark Souls role-playing game, taking its servers offline to investigate reports about a severe security issue that may pose a risk to players.BleepingComputer
January 23, 2022 – Botnet
Emotet Now Using Unconventional IP Address Formats to Evade Detection Full Text
Abstract
Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted decimal quad representation to initiate the request from the remote servers," Trend Micro's Threat Analyst, Ian Kenefick, said in a report Friday. The infection chains, as with previous Emotet-related attacks, aim to trick users into enabling document macros and automate malware execution. The document uses Excel 4.0 Macros, a feature that has been repeatedly abused by malicious actors to deliver malware. Once enabled, the macro invokes a URL that's obfuscated with carets, with the host incorporating a hexadecimal representation of the IP address — "hThe Hacker News
January 23, 2022 – Vulnerabilities
High-Severity Rust Programming Bug Could Lead to File, Directory Deletion Full Text
Abstract
The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete," the Rust Security Response working group (WG) said in an advisory published on January 20, 2021. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability. The flaw, which is tracked as CVE-2022-21658 (CVSS score: 7.3), has been credited to security researcher Hans Kratz, with the team pushing out a fix in Rust version 1.58.1 shipped last week. Specifically, the issue stems from an improperly implemented check to prevent recursive deletion of symbolic links (aka symlinks ) in a standard library function named "std::fs::remove_dir_all." This resultsThe Hacker News
January 23, 2022 – Government
FBI warns of malicious QR codes used to steal your money Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned Americans this week that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.BleepingComputer
January 23, 2022 – Breach
OpenSubtitles data breach impacted 7 million subscribers Full Text
Abstract
OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular subtitles websites, it suffered a data breach that affected 6,783,158 subscribers. Exposed data include...Security Affairs
January 23, 2022 – Government
US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
US CISA added seventeen new actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog'. The 'Known Exploited Vulnerabilities Catalog' is a list of known vulnerabilities that threat actors have abused in attacks and that are required...Security Affairs
January 23, 2022 – Hacker
Molerats cyberespionage group uses public cloud services as attack infrastructure Full Text
Abstract
Cyberespionage group Molerats has been observed abusing legitimate cloud services, like Google Drive and Dropbox as attack infrastructure. Zscaler ThreatLabz analyzed an active espionage campaign carried out by Molerats cyberespionage group (aka TA402,...Security Affairs
January 23, 2022 – General
Security Affairs newsletter Round 350 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
January 22, 2022 – Attack
Researchers find similarities between NotPetya, attacks on Ukrainian government websites Full Text
Abstract
The malware that wiped dozens of government computer systems in Ukraine starting on Jan. 13 shares some strategic similarities to the NotPetya wiper that was used to attack Ukraine in 2017.Cyberscoop
January 22, 2022 – Attack
Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine Full Text
Abstract
Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate , was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and information technology entities in the nation, attributing the intrusions to an emerging threat cluster codenamed "DEV-0586." "While WhisperGate has some strategic similarities to the notorious NotPetya wiper that attacked Ukranian entities in 2017, including masquerading as ransomware and targeting and destroying the master boot record (MBR) instead of encrypting it, it notably has more components designed to inflict additional damage," Cisco Talos said in a report detailing its response efforts. Stating that stolen credentials were likely used iThe Hacker News
January 22, 2022 – Government
CISA adds 17 vulnerabilities to list of bugs exploited in attacks Full Text
Abstract
This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the 'Known Exploited Vulnerabilities Catalog.BleepingComputer
January 22, 2022 – Vulnerabilities
A bug in McAfee Agent allows running code with Windows SYSTEM privileges Full Text
Abstract
McAfee has addressed a high-severity vulnerability, tracked as CVE-2022-0166, that resides in McAfee Agent software for Windows. An attacker can exploit this flaw to escalate privileges and execute arbitrary code with SYSTEM privileges.Security Affairs
January 22, 2022 – Hacker
Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure Full Text
Abstract
An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information security company Zscaler, continuing previous efforts by the hacking group to conduct reconnaissance on the target hosts and plunder sensitive information. Molerats , also tracked as TA402, Gaza Hackers Team, and Extreme Jackal, is an advanced persistent threat (APT) group that's largely focused on entities operating in the Middle East. Attack activity associated with the actor has leveraged geopolitical and military themes to entice users to open Microsoft Office attachments and click on malicious links. The latest campaign detailed by Zscaler is no different in that it makes use of decoThe Hacker News
January 22, 2022 – General
School District reports a 334% hike in cybersecurity insurance costs Full Text
Abstract
Bloomington School District 87 in Illinois has published its cyber-insurance renewal details, and the cost has jumped from $6,661 in 2021 to $22,229 this year.BleepingComputer
January 22, 2022 – Attack
Disruptive Attacks in Ukraine Likely Linked to Escalating Tensions Full Text
Abstract
The threat actors attempted to misdirect attribution using inauthentic metadata and used publicly available crimeware services and code to minimize the amount of custom code involved in the attack.Secure Works
January 22, 2022 – Vulnerabilities
Dutch cybersecurity agency warns of lingering Log4j risks Full Text
Abstract
In a warning issued on Thursday, the Dutch National Cybersecurity Centre (NCSC) says organizations should still be aware of risks connected to Log4j attacks and remain vigilant for ongoing threats.BleepingComputer
January 22, 2022 – Government
Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns Full Text
Abstract
The Dutch National Cybersecurity Centre (NCSC) warns organizations of risks associated with cyberattacks exploiting the Log4J vulnerability. The Dutch National Cybersecurity Centre (NCSC) warns organizations to remain vigilant on possible attacks...Security Affairs
January 22, 2022 – Vulnerabilities
Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack Full Text
Abstract
Two critical security vulnerabilities in Control Web Panel potentially expose Linux servers to remote code execution attacks Researchers from Octagon Networks disclosed details of two critical security flaws in Control Web Panel that potentially...Security Affairs
January 22, 2022 – Policy and Law
US Treasury Department sanctions 4 Ukrainian officials for working with Russian intelligence Full Text
Abstract
The U.S. Treasury Department announced sanctions against four current and former Ukrainian government officials for collaborating with Russia. The U.S. Treasury Department this week announced sanctions against four current and former Ukrainian government...Security Affairs
January 22, 2022 – APT
Stealthy firmware bootkit leveraged by APT in targeted attacks Full Text
Abstract
Kaspersky researchers have uncovered the third known case of a firmware bootkit in the wild. Dubbed MoonBounce, this malicious implant is hidden within Unified Extensible Firmware Interface (UEFI) firmware.Help Net Security
January 21, 2022 – Ransomware
The Week in Ransomware - January 21st 2022 - Arrests, Wipers, and More Full Text
Abstract
It has been quite a busy week with ransomware, with law enforcement making arrests, data-wiping attacks, and the return of the Qlocker ransomware.BleepingComputer
January 21, 2022 – Hacker
Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks Full Text
Abstract
A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group ( APT41 ). Kaspersky, which codenamed the rootkit MoonBounce , characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the implant is to facilitate the deployment of user-mode malware that stages execution of further payloads downloaded from the internet." Firmware-based rootkits, once a rarity in the threat landscape, are fast becoming lucrative tools among sophisticated actors to help achieve long standing foothold in a manner that's not only hard to detect, but also difficult to remove. The first firmware-level rootkit — dubbed LoJax — was discovered in the wild in 2018. Since then, three different instances of UEFI malware have been unearthed so far, including MosaicRegressoThe Hacker News
January 21, 2022 – Attack
Contextualizing Last Week’s Malicious Cyber Activities Against Ukrainian Government Websites and Systems Full Text
Abstract
The events reflect the complexity of how cyber operations can function diversely across and even within specific conflicts.Lawfare
January 21, 2022 – Vulnerabilities
A bug in McAfee Agent allows running code with Windows SYSTEM privileges Full Text
Abstract
McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee (now Trellix) has addressed a high-severity vulnerability, tracked as CVE-2022-0166, that resides in McAfee...Security Affairs
January 21, 2022 – General
The Internet’s Most Tempting Targets Full Text
Abstract
What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.Threatpost
January 21, 2022 – Phishing
Phishing impersonates shipping giant Maersk to push STRRAT malware Full Text
Abstract
A new phishing campaign using fake shipping delivery lures installs the STRRAT remote access trojan on unsuspecting victim's devices.BleepingComputer
January 21, 2022 – General
Exposed records exceeded 40 billion in 2021 Full Text
Abstract
According to research by Tenable, at least 40 billion records were exposed in 2021, calculated by the analysis of 1,825 breach incidents publicly disclosed between November 2020 and October 2021.Help Net Security
January 21, 2022 – Policy and Law
U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine Full Text
Abstract
The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted influence campaign to destabilize the nation, while also accusing Russia's national security authority, the Federal Security Service (FSB), of recruiting Ukrainians in key positions to create instability. Two of the officials, Taras Kozak and Oleh Voloshyn, are alleged to have worked to amplify false narratives and undermine confidence in the Ukrainian government, while Vladimir Sivkovich, former Deputy Secretary of the Ukrainian National Security and Defense Council, attempted to build support for Ukraine to officially cede Crimea to Russia. "Russia has directed its intelligence services toThe Hacker News
January 21, 2022 – Privacy
Experts warn of anomalous spyware campaigns targeting industrial firms Full Text
Abstract
Researchers spotted several spyware campaigns targeting industrial enterprises to steal credentials and conduct financial fraud. Researchers from Kaspersky Lab have uncovered multiple spyware campaigns that target industrial firms to steal email...Security Affairs
January 21, 2022 – Malware
Spyware Blitzes Compromise, Cannibalize ICS Networks Full Text
Abstract
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.Threatpost
January 21, 2022 – General
Microsoft disables Excel 4.0 macros by default to block malware Full Text
Abstract
Microsoft has announced that Excel 4.0 (XLM) macros will now be disabled by default to protect customers from malicious documents.BleepingComputer
January 21, 2022 – APT
BlueNoroff APT Group Eyeing Crypto Startups Full Text
Abstract
A North Korea-linked APT group has been spotted targeting cryptocurrency startups worldwide with fake MetaMask browser extensions to steal cryptocurrency from users' wallets. The attackers work around a complex infrastructure, including various exploits and malware implants to target victims. Organ ... Read MoreCyware Alerts - Hacker News
January 21, 2022 – Vulnerabilities
Google Project Zero discloses details of two Zoom zero-day flaws Full Text
Abstract
Google Project Zero experts disclosed details of two zero-day flaws impacting Zoom clients and Multimedia Router (MMR) servers. Google Project Zero researchers Natalie Silvanovich disclosed details of two zero-day vulnerabilities in Zoom clients...Security Affairs
January 21, 2022 – Vulnerabilities
Over 90 WordPress themes, plugins backdoored in supply chain attack Full Text
Abstract
A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites.BleepingComputer
January 21, 2022 – Criminals
North Korean Hackers Stole Crypto Worth $400 Million in 2021 Full Text
Abstract
A new report suggests that North Korean hackers mooched off at least $400 million in cryptocurrencies through cyberattacks in 2021, which is a whopping 40% increase as compared to the last year. Hackers use a systematic money laundering process that involves multiple software tools to collect ... Read MoreCyware Alerts - Hacker News
January 21, 2022 – APT
MoonBounce UEFI implant spotted in a targeted APT41 attack Full Text
Abstract
Researchers have spotted China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. Kaspersky researchers spotted the China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce,...Security Affairs
January 21, 2022 – Vulnerabilities
McAfee Agent bug lets hackers run code with Windows SYSTEM privileges Full Text
Abstract
McAfee Enterprise (now rebranded as Trellix) has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.BleepingComputer
January 21, 2022 – Business
Software Supply Chain Security Specialist Codenotary Raises $12.5 Million in Series B Round Full Text
Abstract
Codenotary, the immutability specialist that can instantly identify untrusted components in software, announced that it has raised $12.5 million in series B funding by new and existing investors.Yahoo! Finance
January 21, 2022 – APT
Molerats APT Targets Users in the Middle East in New Attacks Using .NET Backdoor Full Text
Abstract
ThreatLabz researchers observed several similarities in the C2 communication and .NET payload between this campaign and the previous campaigns attributed to the Molerats APT group.Zscaler
January 21, 2022 – Cryptocurrency
Amazon fake crypto token investment scam steals Bitcoin from victims Full Text
Abstract
Cybersecurity researchers from Akamai Technologies outlined a new, fraudulent campaign that leverages Amazon's name to promote a fraudulent "Amazon to create its own digital token" scheme.ZDNet
January 21, 2022 – Malware
Diavol Ransomware has Connections with TrickBot Full Text
Abstract
The FBI first learned of Diavol ransomware in October 2021. The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.Heimdal Security
January 21, 2022 – Malware
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware Full Text
Abstract
New Emotet spam campaigns were found using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines try to trick users into enabling macros.Trend Micro
January 21, 2022 – Criminals
Conti ransomware gang started leaking files stolen from Bank Indonesia Full Text
Abstract
The central bank of the Republic of Indonesia, Bank Indonesia, confirmed the ransomware attack that hit it in December. Bank Indonesia confirmed that it was the victim of a ransomware attack that took place last month. The Conti ransomware gang claimed...Security Affairs
January 20, 2022 – Vulnerabilities
Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software Full Text
Abstract
Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled for specific services. "An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled," Cisco said in an advisory. "A successful exploit could allow the attacker to execute arbitrary commands as the root user." The network equipment maker, however, noted that the adversary would need to perform detailed reconnaissance to allow for unauthenticated access to vulnerable devices. Stating that the vulnerability was discovered during internal security testing, Cisco added it found no evidence of active exploitatThe Hacker News
January 20, 2022 – Privacy
‘Anomalous’ spyware stealing credentials in industrial firms Full Text
Abstract
Researchers have uncovered several spyware campaigns that target industrial enterprises, aiming to steal email account credentials and conduct financial fraud or resell them to other actors.BleepingComputer
January 20, 2022 – Attack
New Log4j attacks target SolarWinds, ZyXEL devices Full Text
Abstract
Cybercriminals looking to capitalize on the Log4Shell vulnerability are attacking devices from SolarWinds and ZyXEL that are known to have used the Log4j library inside their software.The Record
January 20, 2022 – Vulnerabilities
Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers Full Text
Abstract
An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impacted both Zoom clients and Multimedia Router (MMR) servers, which transmit audio and video content between clients in on-premise deployments . The weaknesses have since been addressed by Zoom as part of updates shipped on November 24, 2021. The goal of a zero-click attack is to stealthily gain control over the victim's device without requiring any kind of interaction from the user, such as clicking on a link. While the specifics of the exploit will vary depending on the nature of vulnerability being exploited, a key trait of zero-click hacks is their ability not to leave behindThe Hacker News
January 20, 2022 – Criminals
FBI links the Diavol ransomware to the TrickBot gang Full Text
Abstract
The Federal Bureau of Investigation (FBI) officially linked the Diavol ransomware operation to the infamous TrickBot gang. The FBI officially linked the Diavol ransomware operation to the infamous TrickBot gang, the group that is behind the TrickBot...Security Affairs
January 20, 2022 – Vulnerabilities
Critical Cisco StarOS Bug Grants Root Access via Debug Mode Full Text
Abstract
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.Threatpost
January 20, 2022 – Government
FBI links Diavol ransomware to the TrickBot cybercrime group Full Text
Abstract
The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan.BleepingComputer
January 20, 2022 – Hacker
Attackers Exploit Corporate Infrastructure for Credentials on ICS Networks Full Text
Abstract
While the ever-evolving technological landscape has connected the IT and OT sides of the business, it has also left ICS networks exposed to threats impacting IT systems.Cyware Alerts - Hacker News
January 20, 2022 – Criminals
Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang Full Text
Abstract
A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with participation from the Nigeria Police Force's Cybercrime Police Unit in December 2021. Cybersecurity firms Group-IB and Palo Alto Networks' Unit 42 , both of which shared information on the threat actors and their infrastructure, said six of the 11 suspects are believed to be a part of a prolific group of Nigerian cyber actors known as SilverTerrier (aka TMT). BEC attacks, which began to gain dominance in 2013, are sophisticated scams that target legitimate business email accounts through social engineering schemes to infiltrate corporate networks and subsequently leverage their acceThe Hacker News
January 20, 2022 – Vulnerabilities
Cisco StarOS flaws could allow remote code execution and information disclosure Full Text
Abstract
Cisco addressed a critical RCE flaw in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. Cisco has addressed a critical remote code execution vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration...Security Affairs
January 20, 2022 – Business
SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack Full Text
Abstract
R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation.Threatpost
January 20, 2022 – Government
US sanctions former Ukrainian official for helping Russian cyberspies Full Text
Abstract
The U.S. Treasury Department announced today sanctions against Volodymyr Oliynyk, a former Ukrainian official, for collecting and sharing info on critical Ukrainian infrastructure with Russia's Federal Security Service (FSB).BleepingComputer
January 20, 2022 – General
Malware Targeting Linux Systems Grows by 35% in 2021 Full Text
Abstract
A report shared by Crowdstrike recently highlights the rising threats on Linux-based operating systems. Researchers noted that there has been a 35% rise in Linux-based malware in 2021 as compared to 2020.Cyware Alerts - Hacker News
January 20, 2022 – Breach
Crypto.com hack impacted 483 accounts and resulted in a $34 million theft Full Text
Abstract
Crypto.com confirmed that a cyber attack compromised around 400 of its customer accounts leading in the theft of $33 million. Crypto.com is a cryptocurrency exchange app based in Singapore, the app currently has 10 million users and 3,000...Security Affairs
January 20, 2022 – Solution
ProtonMail introduces a new email tracker blocking system Full Text
Abstract
ProtonMail has introduced an enhanced email tracking protection system for its web-based email solution that prevents senders from being tracked by recipients who open their messages.BleepingComputer
January 20, 2022 – Business
Datto Acquires Cybersecurity Company Infocyte Full Text
Abstract
Datto acquired threat detection and response company Infocyte, extending its security capabilities that protect, detect, and respond to cyber threats found within endpoints and cloud environments.Yahoo! Finance
January 20, 2022 – Attack
Red Cross hit by a sophisticated cyberattack Full Text
Abstract
A cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people A cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people...Security Affairs
January 20, 2022 – Vulnerabilities
WordPress plugin flaw puts users of 20,000 sites at phishing risk Full Text
Abstract
The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.BleepingComputer
January 20, 2022 – Vulnerabilities
Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update Full Text
Abstract
A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues.Security Week
January 20, 2022 – Cryptocurrency
New BHUNT Stealer targets cryptocurrency wallets Full Text
Abstract
Researchers spotted a new evasive cryptocurrency stealer named BHUNT that targets a list of wallets and implements multiple data-stealing capabilities. Bitdefender discovered a new evasive cryptocurrency stealer stealer dubbed BHUNT that is able...Security Affairs
January 20, 2022 – Breach
Indonesia’s central bank confirms ransomware attack, Conti leaks data Full Text
Abstract
Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month.BleepingComputer
January 20, 2022 – Vulnerabilities
Flaw in Crypto Protocol Leads to Theft of Over $3 Million from Users Full Text
Abstract
Earlier this week, Multichain, a platform that allows users to swap tokens between blockchains publicly announced that there was a flaw that made accounts vulnerable to hackers.Vice
January 20, 2022 – Vulnerabilities
SolarWinds Serv-U bug exploited by threat actors in the wild, Microsoft warns Full Text
Abstract
SolarWinds has fixed a Serv-U vulnerability that threat actors actively exploited in attacks in the wild. SolarWinds has addressed a vulnerability in Serv-U products that threat actors are actively exploited in the wild. The vulnerability, tracked...Security Affairs
January 20, 2022 – Government
Biden signs memo to boost US national security systems’ defenses Full Text
Abstract
President Joe Biden signed a national security memorandum (NSM) on Wednesday to increase the security of national security systems part of critical US government networks used in military and intelligence activities when storing or transferring classified info.BleepingComputer
January 20, 2022 – Breach
Biden warns of US ‘cyber’ response after Ukraine says computers wiped during attack Full Text
Abstract
Biden's comments come after Ukrainian officials told journalist Kim Zetter that dozens of systems within at least two government agencies were wiped during a cyberattack last week.ZDNet
January 20, 2022 – Vulnerabilities
Cisco bug gives remote attackers root privileges via debug mode Full Text
Abstract
Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software during internal security testing.BleepingComputer
January 20, 2022 – Cryptocurrency
Cheap malware is behind a rise in attacks on cryptocurrency wallets Full Text
Abstract
Cryptocurrency has long been a popular target for organized cybercriminals, whether stealing it outright from cryptocurrency exchanges, or demanding it as an extortion payment in ransomware attacks.ZDNet
January 20, 2022 – APT
New MoonBounce UEFI malware used by APT41 in targeted attacks Full Text
Abstract
Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found so far in the wild, to the Chinese-speaking APT41 hacker group (also known as Winnti).BleepingComputer
January 20, 2022 – Breach
Crypto.com confirms 483 accounts hacked, $34 million withdrawn Full Text
Abstract
Crypto.com has confirmed that a multi-million dollar cyberattack led to the compromise of 483 of its customer accounts. Although, the company's CEO stresses that customer funds are not at risk. Crypto.com is reportedly the world's third-largest cryptocurrency trading platform.BleepingComputer
January 19, 2022 – Hacker
DoNot Hacking Team Targeting Government and Military Entities in South Asia Full Text
Abstract
A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a hacking group known as Donot Team . "Donot Team has been consistently targeting the same entities with waves of spear-phishing emails with malicious attachments every two to four months," researchers Facundo Muñoz and Matías Porolli said . Operating since at least 2016, Donot Team (also known as APT-C-35 and SectorE02) has been linked to a string of intrusions primarily targeting embassies, governments, and military entities in Bangladesh, Sri Lanka, Pakistan, and Nepal with Windows and Android malware. In October 2021, Amnesty International unearthed evidence tying the group'The Hacker News
January 19, 2022 – Vulnerabilities
Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks Full Text
Abstract
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.Threatpost
January 19, 2022 – Criminals
A Trip to the Dark Site — Leak Sites Analyzed Full Text
Abstract
Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can observe and analyze some of the criminal action via 'victim shaming' leak sites. Since January 2020, we have applied ourselves to identifying as many of these sites as possible to record and document the victims who feature on them. Adding our own research, analyzing, and enriching data scraped from the various Cy-X operators and market sites, we can provide direct insights into the victimology from this specific perspective. We must be clear that what we are analyzing is a limited perspective on the crime. Nevertheless, the data gleaned from an analysis of the leak-threats proves to be exThe Hacker News
January 19, 2022 – Malware
New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets Full Text
Abstract
A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer , and WeSteal . "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the browser, and passphrases captured from the clipboard," Bitdefender researcher said in a technical report on Wednesday. The campaign, distributed globally across Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the U.S., is suspected to be delivered to compromised systems via cracked software installers. The modus operandi of using cracks as an infection source for initial access mirrors similar cybercrime campaigns that have leveraged tools such as KMSPico as a conduit for deploying malware. "Most infected users alsoThe Hacker News
January 19, 2022 – Hacker
Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks Full Text
Abstract
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation," Microsoft Threat Intelligence Center (MSTIC) said . The flaw, which was discovered by security researcher Jonathan Bar Or, affects Serv-U versions 15.2.5 and prior, and has been addressed in Serv-U version 15.3. "The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized," SolarWinds said in an advisory, adding it "updated the input mechanism to perform additional validation and sanitization." The IT management software maker also pointed out that "no downstreThe Hacker News
January 19, 2022 – Breach
Red Cross cyberattack exposes data of 515,000 people seeking missing family Full Text
Abstract
A cyberattack on a Red Cross contactor has led to the theft of personal data for more than 515,000 people in 'Restoring Family Links,' a program that helps reunite families separated by war, disaster, and migration.BleepingComputer
January 19, 2022 – Breach
New Zealand: Kings Plant Barn the latest retailer hit by FlexBooker click-and-collect data breach Full Text
Abstract
Kings Plant Barn has contacted customers about a security breach to FlexBooker, the internet-based system it uses to organize bookings. Names, email addresses, and collection times were exposed.NZ Herald
January 19, 2022 – Government
Hillicon Valley — Presented by Connected Commerce Council — Biden sets cyber standards Full Text
Abstract
Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 19, 2022 – Hacker
Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware Full Text
Abstract
Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus , as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of malicious software distribution campaigns undertaken by cybercriminal groups to distribute Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish in Belgium and the U.S. Costing $250 a month, it's marketed on Russian underground forums as a traffic direction system (TDS) to enable phishing redirection on a mass scale to rogue landing pages that are designed to deploy malware payloads on the targeted systems. "Prometheus can be considered a full-bodied service/platform that allows threat groups to purvey their malware or phishing operations with ease," BlackBerry ResearThe Hacker News
January 19, 2022 – Government
Biden Signs Memo on Cybersecurity Full Text
Abstract
President Biden signed a national security memorandum on Jan. 19 to bolster the cybersecurity of the National Security, Department of Defense and Intelligence Community systems.Lawfare
January 19, 2022 – Denial Of Service
New DDoS IRC Bot distributed through Korean webHard platforms Full Text
Abstract
Researchers spotted an IRC bot written in GoLang that is being used to carry out DDoS attacks targeting users in Korea. Researchers from AhnLab's Security Emergency-response Center (ASEC) spotted an IRC bot written in GoLang that is being used...Security Affairs
January 19, 2022 – Malware
Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say Full Text
Abstract
Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts.Threatpost
January 19, 2022 – Vulnerabilities
Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks Full Text
Abstract
SolarWinds has patched a Serv-U vulnerability discovered by Microsoft that threat actors actively used to propagate Log4j attacks to internal devices on a network.BleepingComputer
January 19, 2022 – Criminals
Cybercriminals Using QR Codes to Steal Money and Credentials from Victims Full Text
Abstract
The bureau’s Internet Crime Complaint Center (IC3), issued a general alert Tuesday about “malicious” QR codes that reroute unsuspecting consumers to the world of cybercrime.Cyberscoop
January 19, 2022 – Government
Biden moves to boost security of sensitive national security systems Full Text
Abstract
President Biden signed a national security memorandum on Wednesday that sets new cybersecurity requirements for sensitive national security systems run by the Pentagon, intelligence community and other federal agencies.The Hill
January 19, 2022 – Education
Cyber Threat Protection — It All Starts with Visibility Full Text
Abstract
Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This, however, can be a double-edged sword. Too many signals with too little advanced signal processing just leads to a lot of noise. The right, diverse set of signals with highly evolved signal processing leads to survival. It therefore makes sense that broad threat visibility across the IT environment is fundamental for detecting cyberattacks. Cybersecurity company Cynet puts this in perspective in a new eBook, The Guide for Threat Visibility for Lean IT Security Teams – link to this . The Ongoing Problem of Limited Threat Visibility The complexity of today's IT environments has made it exceedingly difficult to protect. The defensive perimeter has expanded with an expanded remote workforce, incrThe Hacker News
January 19, 2022 – Government
UK NCSC shares guidance for organizations to secure their communications with customers Full Text
Abstract
UK NCSC has published new guidance for organizations to secure their communications with customers via SMS or phone calls. UK’s National Cyber Security Center (NCSC) has published new guidance for organizations for combatting telephone and SMS fraud....Security Affairs
January 19, 2022 – Vulnerabilities
Box 2FA Bypass Opens User Accounts to Attack Full Text
Abstract
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.Threatpost
January 19, 2022 – Breach
Marketing giant RRD confirms data theft in Conti ransomware attack Full Text
Abstract
RR Donnelly has confirmed that threat actors stole data in a December cyberattack, confirmed by BleepingComputer to be a Conti ransomware attack.BleepingComputer
January 19, 2022 – Government
NATO, Ukraine Sign Deal to ‘Deepen’ Cyber Cooperation Full Text
Abstract
NATO on Monday inked a deal to bolster its cyber support for Ukraine, after a sweeping hacking attack against Kyiv heightened tensions amid fears that Russia could be plotting an invasion.Security Week
January 19, 2022 – Hacker
FIN8 Hackers Spotted Using New ‘White Rabbit’ Ransomware in Recent Attacks Full Text
Abstract
The financially motivated FIN8 actor , in all likelihood, has resurfaced with a never-before-seen ransomware strain called " White Rabbit " that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware's overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February 2021. "One of the most notable aspects of White Rabbit's attack is how its payload binary requires a specific command-line password to decrypt its internal configuration and proceed with its ransomware routine," the researchers noted . "This method of hiding malicious activity is a trick that the ransomware family Egregor uses to hide malware techniques from analysis." Egregor, which commenced operations in September 2020 until its operations took a huge hit, is widely believed to be a reincarnation of Maze , which shut down its criminal enterpThe Hacker News
January 19, 2022 – Government
CISA warns of potential critical threats following attacks against Ukraine Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations about “potential critical threats” following the recent cyberattacks that hit Ukraine. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published...Security Affairs
January 19, 2022 – Government
CISA urges US orgs to prepare for data-wiping cyberattacks Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses.BleepingComputer
January 19, 2022 – Vulnerabilities
Zoom vulnerabilities impact clients, MMR servers Full Text
Abstract
Project Zero found two flaws, a buffer overflow issue that impacted both Zoom clients and Zoom Multimedia Routers (MMRs), and the other was an information leak security flaw central to MMR servers.ZDNet
January 19, 2022 – Vulnerabilities
Box flaw allowed to bypass MFA and takeover accounts Full Text
Abstract
A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts...Security Affairs
January 19, 2022 – Government
UK’s Cyber Security Center publishes new guidance to fight smishing Full Text
Abstract
UK's National Cyber Security Center (NCSC) has published new guidance for organizations to follow when communicating with customers via SMS or phone calls.BleepingComputer
January 19, 2022 – Business
1Password Raises Mammoth $620 Million Funding Round Full Text
Abstract
The new financing round, which was led by ICONIQ Growth, raised the valuation of 1Password to about $6.8 billion, setting a new record for venture-backed Canadian companies.Security Week
January 19, 2022 – Ransomware
Is White Rabbit ransomware linked to FIN8 financially motivated group? Full Text
Abstract
A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called 'White Rabbit' launched its operations and according to the experts, it is likely linked...Security Affairs
January 19, 2022 – Malware
New BHUNT malware targets your crypto wallets and passwords Full Text
Abstract
A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases.BleepingComputer
January 19, 2022 – Criminals
Nigerian police, Interpol arrest members of SilverTerrier BEC gang Full Text
Abstract
Interpol said that, based on a forensic analysis of the data extracted from phones and computers seized during house searches, the 11 suspects were linked to attacks on more than 50,000 targets.The Record
January 19, 2022 – Criminals
Interpol arrests 11 BEC gang members linked to 50,000 targets Full Text
Abstract
Interpol, in coordination with the Nigerian Police Force, have arrested eleven individuals who are suspects of participating in an international BEC (business email compromise) ring.BleepingComputer
January 19, 2022 – Phishing
Phishing Attacks Impersonates Department of Labor to Steal Vendors’ Account Credentials Full Text
Abstract
Researchers from Inky detailed a series of phishing attacks in which the sender address on most of the emails appeared to come from [email protected], the real domain for the Department of Labor.Tech Republic
January 19, 2022 – Phishing
Office 365 phishing attack impersonates the US Department of Labor Full Text
Abstract
A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials.BleepingComputer
January 19, 2022 – Vulnerabilities
Security vulnerabilities in Umbraco CMS could lead to account takeover Full Text
Abstract
Researchers from AppCheck announced they had found two separate vulnerabilities, an application URL overwrite (CVE-2022-22690) and a persistent password reset bug (CVE-2022-22691).The Daily Swig
January 19, 2022 – Vulnerabilities
VirusTotal Hacking: Finding stolen credentials hosted on VirusTotal Full Text
Abstract
VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found.Help Net Security
January 19, 2022 – Breach
Accellion Reaches $8.1 Million Settlement Over FTA Data Breach Full Text
Abstract
The cyberattack was attributed to the financially-motivated advanced persistent threat (APT) actor FIN11. Operating out of Russia, FIN11 is believed to be a TA505 spin-off.Security Week
January 18, 2022 – Ransomware
‘White Rabbit’ Ransomware May Be FIN8’s Latest Tool Full Text
Abstract
It’s a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art.Threatpost
January 18, 2022 – Denial Of Service
DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms Full Text
Abstract
An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader and UDP RAT was used." The attack works by uploading the malware-laced games to webhards, which refers to a web hard drive or a remote file hosting service, in the form of compressed ZIP archives that, when opened, includes an executable ("Game_Open.exe") that's orchestrated to run a malware payload aside from launching the actual game. This payload, a GoLang-based downloader, establishes connections with a remote command-and-control (C&C) server to retrieve additional malware, including an IRC bot that can perform DDoS attacks. "It is aThe Hacker News
January 18, 2022 – Vulnerabilities
Critical ManageEngine Desktop Server Bug Opens Orgs to Malware Full Text
Abstract
Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.Threatpost
January 18, 2022 – Attack
Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure Full Text
Abstract
The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the recently disclosed Log4j vulnerabilities to gain access to some of the compromised systems. "The attack used vulnerabilities in the site's content management systems (October CMS) and Log4j, as well as compromised accounts of employees of the development company," the SSU said , corroborating prior disclosure from the Ukraine CERT team . The disclosure comes days after Microsoft warned of a malware operation aimed at government, non-profit, and information technology entities in Ukraine, attributing the attacks to a threat cluster codenamed "DEV-0586." "The Hacker News
January 18, 2022 – General
Will 2022 Be the Year of the Software Bill of Materials? Full Text
Abstract
Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.Threatpost
January 18, 2022 – Criminals
Telegram is a hotspot for the sale of stolen financial accounts Full Text
Abstract
Telegram is increasingly abused by cybercriminals to set up underground channels to sell stolen financial details to pseudonymous users.BleepingComputer
January 18, 2022 – Phishing
New RedLine Variant Uses Omicron Lure to Trap Victims Full Text
Abstract
Fortinet discovered a new RedLine info-stealer campaign impersonating the COVID-19 Omicron stat counter app as a lure to steal data. The victims of the attack campaign are reportedly distributed across 12 countries. Security teams are advised to deploy a reliable anti-malware solution, encrypt impo ... Read MoreCyware Alerts - Hacker News
January 18, 2022 – Vulnerabilities
Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts Full Text
Abstract
Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said in a report shared with The Hacker News. The cybersecurity company said it reported the issue to the cloud service provider on November 2, 2021, post which fixes were issued by Box. MFA is an authentication method that relies on a combination of factors such as a password (something only the user knows) and a temporary one-time password aka TOTP (something only the user has) to provide users a second layer of defense against credential stuffing and other account takeover attacks. This two-step authentication can either involve sending the code as an SMS or alternatThe Hacker News
January 18, 2022 – General
Home for the Holidays? The Global Implications of a State-Level Cyberattack Full Text
Abstract
The MDH hack exposes how vulnerabilities in public data supply chains have the potential to impact the information available to decision-makers in times of national and international crises and normal operations.Lawfare
January 18, 2022 – Criminals
AlphV/BlackCat ransomware gang published data stolen from fashion giant Moncler Full Text
Abstract
Luxury fashion giant Moncler confirmed a data breach after a ransomware attack carried out by the AlphV/BlackCat. Moncler confirmed a data breach after an attack that took place in December. The luxury fashion giant was hit by AlphV/BlackCat...Security Affairs
January 18, 2022 – General
The Log4j Vulnerability Puts Pressure on the Security World Full Text
Abstract
It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.Threatpost
January 18, 2022 – Breach
Fashion giant Moncler confirms data breach after ransomware attack Full Text
Abstract
Italian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web.BleepingComputer
January 18, 2022 – Ransomware
TellYouThePass Uses Golang to Expand its Attack Surface Full Text
Abstract
A relatively inactive TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier for threat actors to target a wide range of operating systems, including macOS and Linux. Hackers demand 0.05 Bitcoin, presently converting to around $2,150, for the decryption tool. Tell ... Read MoreCyware Alerts - Hacker News
January 18, 2022 – Criminals
Europol Shuts Down VPNLab, Cybercriminals’ Favourite VPN Service Full Text
Abstract
VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the U.S., and the U.K. A second outcome of the seizure is that at least 100 businesses that have been identified as at risk of impending cyber attacks are being notified. Europol didn't disclose the names of the companies. Established in 2008, the tool provided an advanced level of anonymity by offering double VPN connections to its clients — wherein the internet traffic is routed through two VPN servers located in different countries instead of one — for as cheap as $60 a year. "This made VPNLab.net a popularThe Hacker News
January 18, 2022 – Hacker
Financially motivated Earth Lusca threat actors targets organizations worldwide Full Text
Abstract
A sophisticated threat actor, tracked as Earth Lusca, is targeting government and private organizations worldwide as for financial purposes. Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide...Security Affairs
January 18, 2022 – Criminals
Cybercriminals Actively Target VMware vSphere with Cryptominers Full Text
Abstract
VMware’s container-based application development environment has become attractive to cyberattackers.Threatpost
January 18, 2022 – Ransomware
New White Rabbit ransomware linked to FIN8 hacking group Full Text
Abstract
A new ransomware family called 'White Rabbit' appeared in the wild recently, and according to recent research findings, could be a side-operation of the FIN8 hacking group.BleepingComputer
January 18, 2022 – Attack
Destructive MBR Wiper Targets Ukrainian Organizations Full Text
Abstract
The attacks started on January 13 - around the same time when more than 70 government websites were defaced by gangs reportedly linked to Russian secret services.Cyware Alerts - Hacker News
January 18, 2022 – Vulnerabilities
Don’t Use Public Wi-Fi Without DNS Filtering Full Text
Abstract
Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. I like the fact that I do not have to worry about accessing the Internet while I am away, or spending a lot of money on an international connection, or just staying offline while I am away. With public Wi-Fi, modern life has become a constant connection to the Internet, whether we are on the bus, on the way to school or work, waiting for our flight in the airport or during the flight itself, or doing our homework or working on our projects in a café. We do business and communicate online in a variety of ways. We check our work emails, chat with our friends, and even take business calls online through the service. According to recent statistics, there are about 410,000 public Wi-Fi hotspots in the United States alone, in public places such as parks, libraries, public transportation, and train stations. Cons of using public Wi-Fi Despite the many benefits tThe Hacker News
January 18, 2022 – Policy and Law
Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs Full Text
Abstract
Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that...Security Affairs
January 18, 2022 – Privacy
Beijing 2022 Winter Olympics app bursting with privacy risks Full Text
Abstract
The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users.BleepingComputer
January 18, 2022 – Hacker
USCYBERCOM Links MuddyWater to Iranian Intelligence Agency Full Text
Abstract
MuddyWater, aka Seedworm, is an Iranian cyberespionage threat actor that primarily targets the UAE, Saudi Arabia, Israel, Iraq, and other Middle Eastern nations, as well as some European and North American countries.Cyware Alerts - Hacker News
January 18, 2022 – Hacker
Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors Full Text
Abstract
An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, COVID-19 research organizations, and the media, amongst others," Trend Micro researchers said in a new report. "However, the threat actor also seems to be financially motivated, as it also took aim at gambling and cryptocurrency companies. The cybersecurity firm attributed the group as part of the larger China-based Winnti cluster , which refers to a number of linked groups rather than a single discrete entity that are focused on intelligence gathering and intellectual property theft. Earth Lusca's intrusion routes are facilitated by spear-phishing and watering hole attacksThe Hacker News
January 18, 2022 – Vulnerabilities
Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues Full Text
Abstract
Microsoft released Windows emergency out-of-band (OOB) updates to fix multiple issues caused by January 2021 Patch Tuesday updates. Microsoft has released emergency out-of-band (OOB) updates for Windows to address multiple issues caused by security...Security Affairs
January 18, 2022 – Ransomware
Europol shuts down VPN service used by ransomware groups Full Text
Abstract
Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors.BleepingComputer
January 18, 2022 – Breach
Aditya Birla Fashion confirms data breach, but says no sensitive info was compromised Full Text
Abstract
The company addressed the data breach on its portal and sought to assure its customers that no sensitive information was compromised. On Monday, it was reported that the company's database was hacked.CNBC TV18
January 18, 2022 – Cryptocurrency
A small number of Crypto.com users reported suspicious activity on their wallet Full Text
Abstract
Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) from their wallets. Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their...Security Affairs
January 18, 2022 – Malware
New FluBot Malware Variant Imitates Flash Player to Trick Users Full Text
Abstract
Researchers at F5 Networks observed a new smishing campaign by the FluBot malware operators, camouflaged as Flash Player, to target Android users. The FluBot version 5.2 comes with important improvements including the implementation of a new command to change the domain generation algorithms seed r ... Read MoreCyware Alerts - Hacker News
January 18, 2022 – Vulnerabilities
Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors Full Text
Abstract
The products affected by the vulnerability include MorphoWave Compact MD/MDPI/MDPI-M, VisionPass MD/MDPI/MDPI-M, all variants of SIGMA Lite/Lite+/Wide, SIGMA Extreme, and MA VP MD.Security Week
January 18, 2022 – Vulnerabilities
Oracle to Release Nearly 500 New Security Patches Full Text
Abstract
According to its pre-release announcement, the company has lined up 483 new patches for the first Critical Patch Update (CPU) of 2022, which is scheduled for Tuesday, January 18.Security Week
January 18, 2022 – Ransomware
White Rabbit Ransomware Borrows Technique Used by Egregor to Hide from Malware Analysis Full Text
Abstract
One of the most notable aspects of White Rabbit is how its payload binary requires a specific command-line password to decrypt its internal configuration and proceed with its ransomware routine.Trend Micro
January 17, 2022 – Vulnerabilities
Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central Full Text
Abstract
Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757 , the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip file on the server," the company noted in an advisory. Osword from SGLAB of Legendsec at Qi'anxin Group has been credited with discovering and reporting the vulnerability. The Indian firm said it remediated the issue in build version 10.1.2137.9. With the latest fix, Zoho has addressed a total of four vulnerabilities over the past five months — CVE-2021-40539 (CVSS score: 9.8) – Authentication bypass vulnerability affecting Zoho ManageEngine ADSelfService Plus CVE-2021-44077 (CVSS score: 9.8) – Unauthenticated remote code execution vulnerability affecting Zoho ManageEnThe Hacker News
January 17, 2022 – Vulnerabilities
Microsoft: Edge will mitigate ‘unforeseen active’ zero day bugs Full Text
Abstract
Microsoft Edge has added a new feature to the Beta channel that will be able to mitigate future in-the-wild exploitation of unknown zero-day vulnerabilities.BleepingComputer
January 17, 2022 – Criminals
Mespinoza/Pysa Ransomware Keeps Targeting Healthcare Sector Full Text
Abstract
According to the HHS, PYSA ransomware operators are aggressively eying the healthcare sector in the U.S. to pull off double extortion attacks. As of November 2021, Pysa had already targeted 190 victims, of which six were from the healthcare sector. The sector should evaluate its defense-i ... Read MoreCyware Alerts - Hacker News
January 17, 2022 – 5G
Hillicon Valley — Airlines issue warning about 5G service Full Text
Abstract
Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 17, 2022 – Solution
Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons Full Text
Abstract
Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called private network access ( PNA ). "Chrome will start sending a CORS preflight request ahead of any private network request for a subresource, which asks for explicit permission from the target server," Titouan Rigoudy and Eiji Kitamura said . "This preflight request will carry a new header, Access-Control-Request-Private-Network: true, and the response to it must carry a corresponding header, Access-Control-Allow-Private-Network: true." What this means is that starting with Chrome version 101, any website accessible via the internet will be made to seek explicit permiThe Hacker News
January 17, 2022 – Vulnerabilities
Oracle Critical Patch Update for January 2022 will fix 483 new flaws Full Text
Abstract
The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address...Security Affairs
January 17, 2022 – Business
Firefox Relay gets added to disposable email blocklist, angers users Full Text
Abstract
The maintainers of a "disposable email service" blocklist have decided to add Firefox Relay to the list, leaving many users of the service upset. Firefox Relay is a privacy-centric email service that enables users to protect their real email addresses and hence limit spam.BleepingComputer
January 17, 2022 – Ransomware
New Night Sky Ransomware Enters Corporate Ransom Attack Scene Full Text
Abstract
A newly launched Night Sky ransomware has started exploiting one of the critical flaws in the Log4j logging library to circumvent VMware Horizon servers. Its Tor leak site shows one victim from Bangladesh and another from Japan. Ransomware operators continue to grow as multiple new ransomwa ... Read MoreCyware Alerts - Hacker News
January 17, 2022 – Criminals
Dark Web’s Largest Marketplace for Stolen Credit Cards is Shutting Down Full Text
Abstract
UniCC, the biggest dark web marketplace for stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to blockchain analytics firm Elliptic. "It is [a] weighted decision, we are not young and our health do[es] not allow [us] to work like this any longer." The UniCC team also gave its users 10 days to spend their balances, while also warning customers to "not follow any fakes tied to our comeback." Platforms such as UniCC function as an underground marketplace wherein credit card details stolen from online retailers, banks, and payments companies by injecting malicious skimmers are trafficked in exchange for cryptocurrency. The cards are then used by crimThe Hacker News
January 17, 2022 – Vulnerabilities
Zoho fixes a critical vulnerability (CVE-2021-44757) in Desktop Central solutions Full Text
Abstract
Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop...Security Affairs
January 17, 2022 – Vulnerabilities
Zoho plugs another critical security hole in Desktop Central Full Text
Abstract
Zoho has addressed a new critical severity vulnerability found to affect the company's Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions.BleepingComputer
January 17, 2022 – Government
European Union simulated a cyber attack on a fictitious Finnish power company Full Text
Abstract
Cyber drills are essential to test the resilience of our infrastructure, the European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities.Security Affairs
January 17, 2022 – Vulnerabilities
High-Severity flaw in 3 WordPress plugins impacts 84,000 websites Full Text
Abstract
Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites. Researchers from WordPress security company Wordfence discovered a high-severity vulnerability that affects three different...Security Affairs
January 17, 2022 – Phishing
DHL dethrones Microsoft as most imitated brand in phishing attacks Full Text
Abstract
DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.BleepingComputer
January 17, 2022 – Attack
UK Umbrella Company Parasol Group Confirms Disruptive Cyberattack Full Text
Abstract
As reported on Friday, the umbrella company's MyParasol portal, where timesheets are submitted, was not accessible due to an outage starting on January 12, impacting the processing of payroll.The Register
January 17, 2022 – Attack
Experts warn of attacks using a new Linux variant of SFile ransomware Full Text
Abstract
The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Some variants...Security Affairs
January 17, 2022 – Phishing
Nintendo warns of spoofed sites pushing fake Switch discounts Full Text
Abstract
Nintendo has warned customers of multiple sites impersonating the Japanese video game company's official website and pretending to sell Nintendo Switch consoles at significant discounts.BleepingComputer
January 17, 2022 – Malware
Linux malware is on the rise. Here are three top threats right now Full Text
Abstract
Linux-based systems are everywhere and are a core part of the internet infrastructure but it's low-powered IoT devices that have become the main target for Linux malware.ZDNet
January 17, 2022 – APT
Kyiv blames Belarus-linked APT UNC1151 for recent cyberattack Full Text
Abstract
Ukrainian government attributes the recent attacks against tens of Ukrainian government websites to Belarusian APT group UNC1151. The government of Kyiv attributes the defacement of tens of Ukrainian government websites to Belarusian APT group UNC1151,...Security Affairs
January 17, 2022 – Attack
Cyber espionage campaign targets renewable energy companies Full Text
Abstract
A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide.BleepingComputer
January 17, 2022 – Hacker
Earth Lusca Employs Doraemon, ShadowPad and Winnti Malware to Target Organizations in Hong Kong Full Text
Abstract
The group’s primary motivation seems to be cyberespionage: the list of its victims includes high value targets in Hong Kong, COVID-19 research organizations, and the media, among others.Trend Micro
January 17, 2022 – Vulnerabilities
Safari bug leaks your Google account info, browsing history Full Text
Abstract
There's a problem with the implementation of the IndexedDB API in Safari's WebKit engine, which could result in leaking browsing histories and even user identities to anyone exploiting the flaw.BleepingComputer
January 17, 2022 – Business
DigiCert acquires Mocana to accelerate its presence in the IoT market Full Text
Abstract
The combination of DigiCert and Mocana technologies provides IoT manufacturers and operators with a comprehensive platform for managing security across the full IoT device lifecycle.Help Net Security
January 17, 2022 – Vulnerabilities
Critical SAP Vulnerability Allows Supply Chain Attacks Full Text
Abstract
A critical vulnerability addressed recently in SAP NetWeaver AS ABAP and ABAP Platform could be abused to set up supply chain attacks, SAP security solutions provider SecurityBridge warns.Security Week
January 16, 2022 – Vulnerabilities
High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites Full Text
Abstract
Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a link," WordPress security company Wordfence said in a report published last week. Tracked as CVE-2022-0215, the cross-site request forgery ( CSRF ) flaw is rated 8.8 on the CVSS scale and impacts three plugins maintained by Xootix — Login/Signup Popup (Inline Form + Woocommerce), Side Cart Woocommerce (Ajax), and Waitlist Woocommerce (Back in stock notifier) Cross-site request forgery, also known as one-click attack or session riding, occurs when an authenticated end-user is tricked by an attacker into submitting a specially crafted web request. "If the victim iThe Hacker News
January 16, 2022 – Government
Ukrainian Government Officially Accuses Russia of Recent Cyberattacks Full Text
Abstract
The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. "All the evidence points to the fact that Russia is behind the cyber attack," the Ministry of Digital Transformation said in a statement. "Moscow continues to wage a hybrid war and is actively building forces in the information and cyberspace." The purpose of the attack, said the ministry, "is not only to intimidate society," but to also "destabilize the situation in Ukraine by stopping the work of the public sector and undermining the confidence in the government on the part of Ukrainians." Russia, however, has denied it was behind the intrusion. "We have nothing to do with it, and Russia has nothing to do with these cyberattacks," Dmitry Peskov, press secretary for President Vladimir Putin, told CNN, adding "We are nearly accustomed to the fact thatThe Hacker News
January 16, 2022 – Outage
eNom data center migration mistakenly knocks sites offline Full Text
Abstract
A data center migration from eNom web hosting provider caused unexpected domain resolution problems that are expected to last for a few hours.BleepingComputer
January 16, 2022 – Breach
Ukraine government agencies’ computer systems infected with malware, Microsoft says Full Text
Abstract
Microsoft announced on Saturday that dozens of computer systems linked to the Ukrainian government, agencies and organizations had been infected with malware.The Hill
January 16, 2022 – Vulnerabilities
New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking Full Text
Abstract
A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks , was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November 28, 2021. IndexedDB is a low-level JavaScript application programming interface (API) provided by web browsers for managing a NoSQL database of structured data objects such as files and blobs. "Like most web storage solutions, IndexedDB follows a same-origin policy," Mozilla notes in its documentation of the API. "So while you can access stored data within a domain, you cannot access data across different domains." Same-origin is a fundamental security mechanism that ensures that resources retrieved from distinct origins — i.e., a combination of the scheme (protocol),The Hacker News
January 16, 2022 – Government
European Union simulated a cyber attack on a fictitious Finnish power company Full Text
Abstract
The European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities. Cyber drills are essential to test the resilience of our infrastructure, the European Union simulated a cyber attack on a fictitious...Security Affairs
January 16, 2022 – Attack
Microsoft: Fake ransomware targets Ukraine in data-wiping attacks Full Text
Abstract
Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine.BleepingComputer
January 16, 2022 – Malware
A New Destructive Malware Targeting Ukrainian Government and Business Entities Full Text
Abstract
Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable," Tom Burt, corporate vice president of customer security and trust at Microsoft, said , adding the intrusions were aimed at government agencies that provide critical executive branch or emergency response functions. Also targeted is an IT firm that "manages websites for public and private sector clients, including government agencies whose websites were recently defaced ," Burt noted. The computing giant, which first detected the malware on January 13, attributed the attacks to an emerging threat cluster codenamed " DEV-0586 ," with no observed overlaps in tactThe Hacker News
January 16, 2022 – Attack
Microsoft spotted a destructive malware campaign targeting Ukraine Full Text
Abstract
Microsoft spotted a new destructive malware operation targeting government, non-profit, and IT entities in Ukraine. Microsoft spotted a destructive attack that targeted government, non-profit, and IT entities in Ukraine with a wiper disguised as ransomware....Security Affairs
January 16, 2022 – Attack
A new wave of Qlocker ransomware attacks targets QNAP NAS devices Full Text
Abstract
QNAP NAS devices are under attack, experts warn of a new Qlocker ransomware campaign that hit devices worldwide. A new wave of Qlocker ransomware it targeting QNAP NAS devices worldwide, the new campaign started on January 6 and it drops ransom notes...Security Affairs
January 16, 2022 – General
Security Affairs newsletter Round 349 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
January 16, 2022 – Criminals
Threat actors stole $18.7M from the Lympo NTF platform Full Text
Abstract
Threat actors hacked the hot wallet of the NFT platform Lympo and managed to steal 165.2 Million LMT (worth $18.7 million). NFT and DeFi platforms are privileged targets for cybercriminals, and the NFT platform Lympo was the last platform in order...Security Affairs
January 15, 2022 – Vulnerabilities
npm dependency is breaking some React apps today — here’s the fix Full Text
Abstract
Tons of users are reporting their Facebook Create React App builds are failing since yesterday. The cause has been traced down to a dependency used by create-react-app, the latest version of which is breaking developers' apps.BleepingComputer
January 15, 2022 – Education
Get Lifetime Access to Cybersecurity Certification Prep Courses Full Text
Abstract
You can't go far in professional IT without being asked for some key certifications. In particular, most large companies today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many opportunities — including six-figure roles. There is just a small matter of some exams to pass. To help you fly through the tests, we have teamed up with iCollege to bring you The 2022 Ultimate Advanced CyberSec Professional Certification Bundle . This collection of five courses helps you work towards top certifications, with over 147 hours of content from expert instructors. The training would normally set you back a total of $1,475. But thanks to a special deal for readers of The Hacker News, you can get the bundle today for only $69. What's Included: NIST Cybersecurity & Risk Management Frameworks (ISC) CISSP - 2021 ISACA Certified Information Security Manager (CISM) CoThe Hacker News
January 15, 2022 – Policy and Law
Russia charges 8 suspected REvil ransomware gang members Full Text
Abstract
Eight members of the REvil ransomware operation that have been detained by Russian officers are currently facing criminal charges for their illegal activity.BleepingComputer
January 15, 2022 – Ransomware
Qlocker ransomware returns to target QNAP NAS devices worldwide Full Text
Abstract
Threat actors behind the Qlocker ransomware are once again targeting Internet-exposed QNAP Network Attached Storage (NAS) devices worldwide.BleepingComputer
January 15, 2022 – General
Linux malware sees 35% growth during 2021 Full Text
Abstract
The number of malware infections on Linux-based IoT (internet of things) devices rose by 35% in 2021 compared to the previous year's numbers. The principal goal was recruiting devices to be part of DDoS (distributed denial of service) attacks.BleepingComputer
January 15, 2022 – Business
Prominent Carding Marketplace UniCC announced it’s shutting down Full Text
Abstract
One of the biggest underground carding marketplaces, UniCC, announced it’s shutting down its operations. UniCC, one of the biggest underground carding marketplaces announced it is shutting down. The site was launched in 2013 and according to the Elliptic...Security Affairs
January 15, 2022 – Criminals
One of the REvil members arrested by FSB was behind Colonial Pipeline attack Full Text
Abstract
A senior Biden administration official said that the one of the Russian hacker arrested by FSB was behind the Colonial Pipeline attack. Yesterday, the Russian Federal Security Service (FSB) announced to have dismantled the REvil ransomware operation...Security Affairs
January 15, 2022 – Criminals
At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates Full Text
Abstract
The Russian government has arrested 14 people accused of working for “REvil,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations.Krebs on Security
January 15, 2022 – Criminals
Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks Full Text
Abstract
In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise operation, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organized cybercrime syndicate. "In order to implement the criminal plan, these persons developed malicious software, organized the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet," the FSB said in a statement. In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto walletsThe Hacker News
January 15, 2022 – Criminals
Lorenz ransomware gang stole files from defense contractor Hensoldt Full Text
Abstract
The Lorenz ransomware cybercrime gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims.Security Affairs
January 14, 2022 – Ransomware
The Week in Ransomware - January 14th 2022 - Russia finally takes action Full Text
Abstract
Today, the Russian government announced that they arrested fourteen members of the REvil ransomware gang on behalf of US authorities.BleepingComputer
January 14, 2022 – Government
Hillicon Valley — States probe the tech giants Full Text
Abstract
Today is Friday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 14, 2022 – Business
Insurers Stake Out Their Ground for Covering State Cyber Attacks Full Text
Abstract
The heart of the challenge facing insurers is not necessarily the quantum of loss that might arise from cyber events, but rather the uncertainty that attaches to it.Lawfare
January 14, 2022 – Breach
Threat actors defaced Ukrainian government websites Full Text
Abstract
Threat actors defaced multiple Ukrainian government websites after talks between Ukrainian, US, and Russian officials hit a dead this week. Threat actors have defaced multiple websites of the Ukrainian government on the night between January 13 and January...Security Affairs
January 14, 2022 – Criminals
Top Illicit Carding Marketplace UniCC Abruptly Shuts Down Full Text
Abstract
UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next.Threatpost
January 14, 2022 – Breach
Goodwill discloses data breach on its ShopGoodwill platform Full Text
Abstract
American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform.BleepingComputer
January 14, 2022 – Government
Biden administration says Russia arrested Colonial Pipeline hacker Full Text
Abstract
A senior Biden administration official said Friday that one of the hackers recently arrested in Russia was responsible for the massive Colonial Pipeline cyberattack last year.The Hill
January 14, 2022 – Outage
Massive Cyber Attack Knocks Down Ukrainian Government Websites Full Text
Abstract
No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," Oleg Nikolenko, MFA spokesperson, tweeted . The Security Service of Ukraine, the country's law-enforcement authority, alluded to a possible Russian involvement, pointing fingers at the hacker groups associated with the Russian secret services while branding the intrusions as a supply chain attack that involved hacking the "infrastructure of a commercial company that had access to the rights to administer the web resources affected by the attack." Prior to the update from the SSU, the Ukrainian CERT claimed that the attacks may have exploited a security vulnerability in Laravel-based October CMS ( CVE-2021-32648 ), which couThe Hacker News
January 14, 2022 – Criminals
Lorenz ransomware gang stolen files from defense contractor Hensoldt Full Text
Abstract
German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware. Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary's systems were infected with Lorenz ransomware....Security Affairs
January 14, 2022 – Phishing
Real Big Phish: Mobile Phishing & Managing User Fallibility Full Text
Abstract
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.Threatpost
January 14, 2022 – Criminals
Former DHS official charged with stealing govt employees’ PII Full Text
Abstract
A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees' personal identifying information (PII).BleepingComputer
January 14, 2022 – Cryptocurrency
Be Warned of this Evolving Cryptomining Malware Full Text
Abstract
An ongoing cryptomining campaign, dubbed Autom, has come to light that boasts of new defense evasion tactics. In 2020, cybercriminals were evading defense by bypassing security features, but started using an obfuscating script in 2021. It has claimed over 125 victims so far.Cyware Alerts - Hacker News
January 14, 2022 – Outage
Albuquerque schools remain closed for second day following cyber attack Full Text
Abstract
Albuquerque Public Schools in New Mexico were closed for a second day on Friday after a cyberattack hit district networks, including student data.The Hill
January 14, 2022 – Breach
North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide Full Text
Abstract
Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking the intrusions under the name " SnatchCrypto ," noted that the campaign has been running since at 2017, adding the attacks are aimed at startups in the FinTech sector located in China, Hong Kong, India, Poland, Russia, Singapore, Slovenia, the Czech Republic, the U.A.E., the U.S., Ukraine, and Vietnam. "The attackers have been subtly abusing the trust of the employees working at targeted companies by sending them a full-featured Windows backdoor with surveillance functions, disguised as a contract or another business file," the researchers said . "In order to eventually empty the vThe Hacker News
January 14, 2022 – Government
Russian government claims to have dismantled REvil ransomware gang Full Text
Abstract
Russia's FSB announced to have dismantled the REvil ransomware gang, the infamous group behind Kaseya and JBS USA. The Russian Federal Security Service (FSB) announced to have shut down the REvil ransomware gang, the group that is behind a long string...Security Affairs
January 14, 2022 – Government
White House reminds tech giants open source is a national security issue Full Text
Abstract
The White House wants government and private sector organizations to rally their efforts and resources to secure open-source software and its supply chain after the Log4J vulnerabilities exposed critical infrastructure to threat actors' attacks.BleepingComputer
January 14, 2022 – Botnet
Researchers Reveal Abcbot’s Connection With Xanthe Malware Full Text
Abstract
Cado Security confirmed a link between the Abcbot botnet and cryptomining attacks by the Xanthe malware group after analyzing similarities within the code and feature-sets of both the malware families. Experts added that cybercriminals could be slowly doing away with cryptomining attacks to adopt ... Read MoreCyware Alerts - Hacker News
January 14, 2022 – Attack
Ukrainian websites hit by cyberattack amid tensions with Russia Full Text
Abstract
Several Ukrainian government websites were hit by what officials called a "massive cyberattack" on Friday as hackers took control and posted messages warning Ukraine to "be afraid and expect worse."The Hill
January 14, 2022 – Policy and Law
U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images Full Text
Abstract
A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is said to have purchased an arsenal of cyber crime tools in 2019, including crypters and remote administration tools (RATs), which can be used as a backdoor to steal personal information and conduct surveillance through microphones and cameras, catching the attention of the U.K. National Crime Agency (NCA). The cyber voyeur's modus operandi involved catfishing potential targets by using fake profiles on different messaging apps such as Skype, leveraging the online encounters to send rogue links hosting the malware through the chats. "Davies was infecting his victims' phones or computers with malicious software by disguising it with the crypters so their antivirus protection would not detect it,&quThe Hacker News
January 14, 2022 – APT
North Korea-linked APT BlueNoroff focuses on crypto theft Full Text
Abstract
The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask browser extensions. The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask...Security Affairs
January 14, 2022 – Solution
Researchers develop CAPTCHA solver to aid dark web research Full Text
Abstract
A team of researchers at the Universities of Arizona, Georgia, and South Florida, have developed a machine-learning-based CAPTCHA solver that they claim can overcome 94.4% of real challenges on dark websites.BleepingComputer
January 14, 2022 – Hacker
FIN7 Targeting U.S. Businesses with BadUSB Devices Full Text
Abstract
The FBI is alerting U.S. organizations about the rise in BadUSB attacks, by the Fin7 threat actor group, that deliver ransomware to unsuspecting organizations. Plugging the USB drives into computers registers the drive as a keyboard and sends a series of automated pre-configured keystrokes. T ... Read MoreCyware Alerts - Hacker News
January 14, 2022 – Criminals
Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies Full Text
Abstract
Ukrainian police authorities have nabbed five members of a gang that's believed to have helped orchestrate attacks against more than 50 companies across Europe and the U.S and caused losses to the tune of more than $1 million. The special operation , which was carried out in assistance with law enforcement officials from the U.K. and U.S., saw the arrest of an unnamed 36-year-old individual from the capital city of Kyiv, along with his wife and three other accomplices. A total of nine searches across the suspects' homes were carried out, resulting in the seizure of computer equipment, mobile phones, bank cards, flash drives, three cars, and other items with evidence of illegal activity. The Cyber Police of the National Police of Ukraine said the group offered a "hacker service" that enabled financially motivated crime syndicates to send phishing emails containing file-encrypted malware to lock confidential data pertaining to its victims, demanding that the targetThe Hacker News
January 14, 2022 – Criminals
Ukrainian police arrested Ransomware gang behind attacks on 50 companies Full Text
Abstract
Ukrainian police arrested members of a ransomware gang that targeted at least 50 companies in the U.S. and Europe. Ukrainian police arrested members of a ransomware affiliate group that is responsible for attacking at least 50 companies in the U.S....Security Affairs
January 14, 2022 – Attack
Defense contractor Hensoldt confirms Lorenz ransomware attack Full Text
Abstract
Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary's systems were compromised in a ransomware attack.BleepingComputer
January 14, 2022 – Criminals
FSB arrests REvil ransomware gang members Full Text
Abstract
Raids were conducted by the Russian Federal Security Service (FSB) at 25 residents owned by 14 members suspected to be part of the REvil team across Moscow, St. Petersburg, Leningrad, and the Lipetsk regions.The Record
January 14, 2022 – Vulnerabilities
Threat actors can bypass malware detection due to Microsoft Defender weakness Full Text
Abstract
A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft...Security Affairs
January 14, 2022 – Business
New Intel chips won’t play Blu-ray disks due to SGX deprecation Full Text
Abstract
Intel has removed support for SGX (software guard extension) in 12th Generation Intel Core 11000 and 12000 processors, rendering modern PCs unable to playback Blu-ray disks in 4K resolution.BleepingComputer
January 14, 2022 – Vulnerabilities
Amazon fixes security flaw in AWS Glue service Full Text
Abstract
Amazon Web Services has fixed two flaws affecting AWS Glue and AWS CloudFormation. The bug in AWS Glue could allow an attacker using the service to create resources and access data of other AWS Glue customers, according to Orca Security.ZDNet
January 14, 2022 – Attack
Multiple Ukrainian government websites hacked and defaced Full Text
Abstract
At least 15 websites belonging to various Ukrainian public institutions were compromised, defaced, and subsequently taken offline.BleepingComputer
January 14, 2022 – Outage
Ransomware cyberattack forces New Mexico jail to lock down Full Text
Abstract
This attack forced the facility to suspend all prison visits, including from family members and lawyers, which the facility claimed was for the safety of everyone involved.Malwarebytes Labs
January 14, 2022 – Criminals
Russia arrests REvil ransomware gang members, seize $6.6 million Full Text
Abstract
The Federal Security Service (FSB) of the Russian Federation has announced today that they shut down the REvil ransomware gang after U.S. authorities reported on the leader.BleepingComputer
January 14, 2022 – Vulnerabilities
Threat actors can bypass malware detection due to Microsoft Defender weakness Full Text
Abstract
Threat actors can leverage a weakness in Microsoft Defender to determine in which folders to plant malware. The knowledge of the list of scanning exceptions allows attackers to know where to store their malicious code to avoid detection.Security Affairs
January 14, 2022 – Cryptocurrency
BlueNoroff Threat Group Targets Cryptocurrency Startups Full Text
Abstract
BlueNoroff, an advanced persistent threat (APT) group that's part of the larger Lazarus Group associated with North Korea, is behind a series of attacks against small and medium-sized companies that have led to serious cryptocurrency losses.Dark Reading
January 13, 2022 – Business
Microsoft Yanks Buggy Windows Server Updates Full Text
Abstract
Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.Threatpost
January 13, 2022 – APT
North Korean APTs Stole ~$400M in Crypto in 2021 Full Text
Abstract
Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens.Threatpost
January 13, 2022 – APT
US Military Ties Prolific MuddyWater Cyberespionage APT to Iran Full Text
Abstract
US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.Threatpost
January 13, 2022 – Vulnerabilities
Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM Full Text
Abstract
Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system. Tracked as CVE-2022-20658 , the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request. "With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP," Cisco noted in an advisory published this week. " To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials." Unified CCMP and Unified CCDM proThe Hacker News
January 13, 2022 – Vulnerabilities
AWS fixes security flaws allowing access to AWS customer data Full Text
Abstract
Amazon Web Services (AWS) has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts.BleepingComputer
January 13, 2022 – Solution
Android users can now disable 2G to block Stingray attacks Full Text
Abstract
Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators.BleepingComputer
January 13, 2022 – Outage
Cyberattack forces Albuquerque Public Schools to cancel classes Full Text
Abstract
APS Superintendent Scott Elder said the attack was discovered Wednesday morning “when teachers tried to log onto our student information system and were unable to gain access to the site.”Albuquerque Journal
January 13, 2022 – Criminals
North Korean hackers stole almost $400M in cryptocurrency, report says Full Text
Abstract
North Korean hackers in 2021 stole nearly $400 million in cryptocurrency, according to a report released on Thursday, making it one of the most prolific years to date for cybercriminals in the isolated nation.The Hill
January 13, 2022 – Hacker
GootLoader Hackers Targeting Employees of Law and Accounting Firms Full Text
Abstract
Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is a stealthy initial access malware, which after getting a foothold into the victim's computer system, infects the system with ransomware or other lethal malware," researchers from eSentire said in a report shared with The Hacker News. The cybersecurity services provider said it intercepted and dismantled intrusions aimed at three law firms and an accounting enterprise. The names of the victims were not disclosed. Malware can be delivered on targets' systems via many methods, including poisoned search results, fake updates, and trojanized applications downloaded from sites linking to pirated software. GootLoader resorts to the first technique. In March 2021, details emThe Hacker News
January 13, 2022 – Government
Securing Taiwan Requires Immediate Unprecedented Cyber Action Full Text
Abstract
The prospect of a Chinese invasion of Taiwan echoes some of the most disastrous 20th century instances of great power expansion—reminiscent, perhaps, of Nazi Germany’s Anschluss or even its subsequent invasion of Poland. Given that the latter ignited World War II, America’s strategic community has been rightly fixated on the vast military and political contingencies of a Chinese invasion that would remake Asia.Lawfare
January 13, 2022 – Vulnerabilities
Cisco fixes a critical flaw in Unified CCMP and Unified CCDM Full Text
Abstract
Cisco fixed a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified CCMP and Unified CCDM. Cisco released security patches to address a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified...Security Affairs
January 13, 2022 – Attack
New GootLoader Campaign Targets Accounting, Law Firms Full Text
Abstract
GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.Threatpost
January 13, 2022 – Government
FCC wants new data breach reporting rules for telecom carriers Full Text
Abstract
The Federal Communications Commission (FCC) has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry.BleepingComputer
January 13, 2022 – Vulnerabilities
Cisco Patches Critical Vulnerability in Contact Center Products Full Text
Abstract
Tracked as CVE-2022-20658 (CVSS score of 9.6), the issue exists due to a lack of server-side validation of user permissions, which allows an attacker to submit a crafted HTTP request to exploit the bug.Security Week
January 13, 2022 – Business
Apple, Amazon executives to meet with White House to discuss software security Full Text
Abstract
Executives from Apple, Amazon and other top tech firms are meeting at the White House Thursday to discuss software security with the administration after major cyberattacks last year.The Hill
January 13, 2022 – Hacker
Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys Full Text
Abstract
Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry . Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and acquired new functionality to deliver post-compromise attack platforms such as Cobalt Strike Beacon, with the final objective of loading ransomware on infected machines. "It has been continually developed, with new capabilities introduced such as lateral movement, the ability to exfiltrate email and browser data, and to install additional malware," Trustwave researchers Lloyd Macrohon and Rodel Mendrez said in a report shared with The Hacker News. In recent months, phishing campaigns have culminated in the distribution of a new loader called SQUIRRELWAFFLE , which acts as a channel to retrieveThe Hacker News
January 13, 2022 – Attack
Threat actors abuse public cloud services to spread multiple RATs Full Text
Abstract
Threat actors are actively abusing cloud services from Amazon and Microsoft to deliver RATs such as Nanocore, Netwire, and AsyncRAT. Threat actors are actively exploiting public cloud services from Amazon and Microsoft to spread RATs such as Nanocore, Netwire,...Security Affairs
January 13, 2022 – Criminals
BlueNoroff hackers steal crypto using fake MetaMask extension Full Text
Abstract
The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions.BleepingComputer
January 13, 2022 – Ransomware
Ransomware Attack at Maryland Health Agency Leads to Service Outages Full Text
Abstract
Maryland officials confirmed on Wednesday that state's Department of Health is dealing with a devastating ransomware attack, which has left hospitals struggling amid a surge of COVID-19 cases.Security Week
January 13, 2022 – Government
US ties Iranian intelligence to hacking group Full Text
Abstract
U.S. Cyber Command on Wednesday said a hacking group known as MuddyWater is part of an Iranian intelligence agency responsible for widespread online attacks across the world.The Hill
January 13, 2022 – Hacker
Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor Full Text
Abstract
An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed " CharmPower " for follow-on post-exploitation. "The actor's attack setup was obviously rushed, as they used the basic open-source tool for the exploitation and based their operations on previous infrastructure, which made the attack easier to detect and attribute," researchers from Check Point said in a report published this week. The Israeli cybersecurity company linked the attack to a group known as APT35 , which is also tracked using the codenames Charming Kitten, Phosphorus, and TA453, citing overlaps with toolsets previously identified as infrastructure used by the threat actor. Log4Shell aka CVE-2021-44228 (CVSS score: 10.0) concerns a critical security vulnerability in the popular Log4j logging library that, if successfully exploiteThe Hacker News
January 13, 2022 – Vulnerabilities
Mozilla addresses High-Risk Firefox, Thunderbird vulnerabilities Full Text
Abstract
Mozilla addressed18 security vulnerabilities affecting the popular Firefox web browser and the Thunderbird mail program. Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program. Nine...Security Affairs
January 13, 2022 – Vulnerabilities
AWS fixes security flaws that exposed AWS customer data Full Text
Abstract
Amazon Web Services (AWS) has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts.BleepingComputer
January 13, 2022 – General
The public sector is more concerned about external than internal threats Full Text
Abstract
As per a new SolarWinds report, the hacking community (56%) is the largest source of security threats at public sector entities, followed closely by insiders (52%) and foreign governments (47%).Help Net Security
January 13, 2022 – Solution
Meeting Patching-Related Compliance Requirements with TuxCare Full Text
Abstract
Cybersecurity teams have many demands competing for limited resources. Restricted budgets are a problem, and restricted staff resources are also a bottleneck. There is also the need to maintain business continuity at all times. It's a frustrating mix of challenges – with resources behind tasks such as patching rarely sufficient to meet security prerogatives or compliance deadlines. The multitude of different security-related standards have ever stringent deadlines, and it is often the case that business needs don't necessarily align with those requirements. At the core of what TuxCare does is automated live patching – a way to consistently keep critical services safe from security threats, without the need to expend significant resources in doing so, or the need to live with business disruption. In this article, we'll outline how TuxCare helps organizations such as yours deal better with security challenges including patching, and the support of end-of-life operating sThe Hacker News
January 13, 2022 – APT
USCYBERCOM: MuddyWater APT is linked to Iran’s MOIS intelligence Full Text
Abstract
US Cyber Command (USCYBERCOM) has officially linked the Iran-linked MuddyWater APT group to Iran's Ministry of Intelligence and Security (MOIS). USCYBERCOM has officially linked the Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros)...Security Affairs
January 13, 2022 – Vulnerabilities
Microsoft Defender weakness lets hackers bypass malware detection Full Text
Abstract
Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there.BleepingComputer
January 13, 2022 – Business
Dataprise acquires Global Data Vault to expand DRaaS and data protection offerings Full Text
Abstract
Dataprise announced the acquisition of Global Data Vault, a provider of Disaster-Recovery-as-a-Service (DRaaS), Backup-as-a-Service (BaaS) and modern data protection solutions.Help Net Security
January 13, 2022 – Malware
SysJoker, a previously undetected cross-platform backdoor made the headlines Full Text
Abstract
Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group. Security experts from Intezer discovered a new backdoor, dubbed SysJoker, that is able to infect Windows, macOS, and Linux...Security Affairs
January 13, 2022 – Vulnerabilities
Windows ‘RemotePotato0’ zero-day gets an unofficial patch Full Text
Abstract
A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "won't fix."BleepingComputer
January 13, 2022 – Outage
Update: Ransomware locks down prison, knocks systems offline Full Text
Abstract
Inmates were made to stay in their cells as the ransomware outbreak reportedly not only knocked out the internet but also locked staff out of data management servers and security camera networks.ZDNet
January 13, 2022 – General
Carding site UniCC retires after generating $358 million in sales Full Text
Abstract
UniCC, the largest carding site operating on the dark web at the moment, has announced its retirement, claiming reasons of tiredness.BleepingComputer
January 13, 2022 – Criminals
Ukranian police arrests ransomware gang that hit over 50 firms Full Text
Abstract
Ukrainian police officers have arrested a ransomware affiliate group responsible for attacking at least 50 companies in the U.S. and Europe.BleepingComputer
January 13, 2022 – Vulnerabilities
KCodes NetUSB flaw impacts millions of SOHO routers Full Text
Abstract
Cybersecurity experts discovered a flaw in the KCodes NetUSB component that impacts millions of end-user routers from different vendors Cybersecurity researchers from SentinelOne have discovered a critical vulnerability (CVE-2021-45608) in KCodes...Security Affairs
January 12, 2022 – Vulnerabilities
Apple fixes doorLock bug that can disable iPhones and iPads Full Text
Abstract
Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.BleepingComputer
January 12, 2022 – Criminals
Purple Fox Develops Complex Attack Chain for Persistence Full Text
Abstract
Researchers uncovered cybercriminals using a malicious Telegram installer to drop Purple Fox Rootkit. It is believed to be spreading using email or probably via phishing websites. Phase-based operations and dependency on different files for each phase make this attacker go unnoticed from security s ... Read MoreCyware Alerts - Hacker News
January 12, 2022 – Government
Federal agencies warn of Russian hackers targeting critical infrastructure Full Text
Abstract
Federal agencies are warning about Russian hackers potentially targeting critical infrastructure in the United States.The Hill
January 12, 2022 – Hacker
Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware Full Text
Abstract
Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore , Netwire , and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, and Singapore, researchers from Cisco Talos said in a report shared with The Hacker News. Using existing infrastructure to facilitate intrusions is increasingly becoming part of an attacker's playbook as it obviates the need to host their own servers, not to mention using it as a cloaking mechanism to evade detection by security solutions. In recent months, collaboration and communication tools like Discord, Slack, and Telegram have found a place in many an infection chain to commandeer and exfiltrate data from the victim machines. Viewed in that light, the abuse of cloud plaThe Hacker News
January 12, 2022 – Government
New York AG Warns 17 Firms of Credential Attacks Full Text
Abstract
Sponsored: Password security is highlighted in attorney general warning to New York state businesses.Threatpost
January 12, 2022 – Hacker
US links MuddyWater hacking group to Iranian intelligence agency Full Text
Abstract
US Cyber Command (USCYBERCOM) has officially linked the Iranian-backed MuddyWatter hacking group to Iran's Ministry of Intelligence and Security (MOIS).BleepingComputer
January 12, 2022 – Ransomware
TellYouThePass Ransomware Analysis Reveals Modern Reinterpretation Using Golang Full Text
Abstract
TellYouThePass ransomware, discovered in 2019, recently re-emerged compiled using Golang. The popularity of Golang among malware developers makes cross-platform development more accessible.Crowdstrike
January 12, 2022 – Malware
New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users Full Text
Abstract
A new cross-platform backdoor called " SysJoker " has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021. "SysJoker masquerades as a system update and generates its [command-and-control server] by decoding a string retrieved from a text file hosted on Google Drive," Intezer researchers Avigayil Mechtinger, Ryan Robinson, and Nicole Fishbein noted in a technical write-up publicizing their findings. "Based on victimology and malware's behavior, we assess that SysJoker is after specific targets." The Israeli cybersecurity company, attributing the work to an advanced threat actor, said it first discovered evidence of the implant in December 2021 during an active attack against a Linux-based web server belonging to an unnamed educational institution. A C++-based malware, SysJoker is delivered via a drThe Hacker News
January 12, 2022 – Hacker
Russia-linked threat actors targets critical infrastructure, US authorities warn Full Text
Abstract
US authorities warn critical infrastructure operators of the threat of cyberattacks orchestrated by Russia-linked threat actors. US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National...Security Affairs
January 12, 2022 – Policy and Law
UK jails man for spying on teenagers, stealing photos using RATs Full Text
Abstract
A Nottingham man was imprisoned this week for more than two years after hacking the computers and phones of dozens of victims, some of them underage, and spying on them using remote access trojans (RATs).BleepingComputer
January 12, 2022 – Business
Proofpoint Buys AI-Powered Data Protection Startup Dathena Full Text
Abstract
Proofpoint has purchased Dathena to help organizations better understand information risk and eliminate data loss through artificial intelligence-based data classification.CRN
January 12, 2022 – General
XDR: Redefining the game for MSSPs serving SMBs and SMEs Full Text
Abstract
SMBs and SMEs are increasingly turning to MSSPs to secure their businesses because they simply do not have the resources to manage an effective security technology stack. However, it's also challenging for MSSPs to piece together an effective but manageable security technology stack to protect their clients, especially at an affordable price point. This is where Extended Detection and Response (XDR) comes in and can help MSSPs boost their profitability from SMB and SME and improve their protections. XDR is heating up within the MSSP market as these security service providers stand to gain tremendous financial and operational benefits from this nascent technology. XDR promises far better security outcomes at a lower cost than the current security stack approaches most MSSPs currently have in place. One sticky point that keeps arising in the XDR discussion has to do with the different technology approaches XDR providers rely upon to deliver platform capabilities. Most of us have heardThe Hacker News
January 12, 2022 – Malware
New RedLine malware version distributed as fake Omicron stat counter Full Text
Abstract
Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. Fortinet researchers have spotted a new version of the RedLine info-stealer that is spreading via emails using...Security Affairs
January 12, 2022 – Ransomware
Magniber ransomware using signed APPX files to infect systems Full Text
Abstract
The Magniber ransomware has been spotted using Windows application package files (.APPX) signed with valid certificates to drop malware pretending to be Chrome and Edge web browser updates.BleepingComputer
January 12, 2022 – Criminals
SMEs still an easy target for cybercriminals Full Text
Abstract
As per a new survey, 88% of businesses had at least one form of cybersecurity control in place, with 70% feeling fairly confident or extremely confident in their cybersecurity arrangements.Help Net Security
January 12, 2022 – Government
FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure Full Text
Abstract
Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan , American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) have laid bare the tactics, techniques, and procedures (TTPs) adopted by the adversaries, including spear-phishing, brute-force, and exploiting known vulnerabilities to gain initial access to target networks. The list of flaws exploited by Russian hacking groups to gain an initial foothold, which the agencies said are "common but effective," are below — CVE-2018-13379 (FortiGate VPNs) CVE-2019-1653 (Cisco router) CVE-2019-2725 (Oracle WebLogic Server) CVE-2019-7609 (Kibana) CVE-2019-9670 (Zimbra software) CVE-2019-10149 (Exim Simple Mail TransfThe Hacker News
January 12, 2022 – APT
Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor Full Text
Abstract
Iran-linked APT35 group has been observed leveraging the Log4Shell flaw to drop a new PowerShell backdoor. Iran-linked APT35 cyberespionege group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging the Log4Shell flaw to drop a new PowerShell...Security Affairs
January 12, 2022 – Ransomware
TellYouThePass ransomware returns as a cross-platform Golang threat Full Text
Abstract
TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target major platforms beyond Windows, like macOS and Linux.BleepingComputer
January 12, 2022 – Government
CISA adds 15 exploited vulnerabilities from Google, IBM, Microsoft, Oracle and more to catalog Full Text
Abstract
The most urgent additions to the CISA list include a vulnerability in VMware vCenter Server, flaws in Hikvision products, and a FatPipe WARP, IPVPN, and MPVPN vulnerability.ZDNet
January 12, 2022 – Vulnerabilities
Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup Full Text
Abstract
Adobe released security updates to address multiple vulnerabilities affecting several products, including Acrobat and Reader. Adobe patches for January address 41 vulnerabilities in Windows and macOS versions of Acrobat and Reader products, Illustrator,...Security Affairs
January 12, 2022 – Hacker
OceanLotus hackers turn to web archive files to deploy backdoors Full Text
Abstract
The OceanLotus group of state-sponsored hackers are now using the web archive file format (.MHT and .MHTML) to deploy backdoors to compromised systems.BleepingComputer
January 12, 2022 – Malware
Cloud Apps Replace Web as Source for Most Malware Downloads Full Text
Abstract
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.Dark Reading
January 12, 2022 – Phishing
EA: 50 high-profile FIFA 22 accounts taken over by phishing actors Full Text
Abstract
Electronic Arts (EA) has published an official response to numerous reports about hacked player accounts, confirming the problem and attributing it to phishing actors.BleepingComputer
January 12, 2022 – Business
Kiteworks Acquires Email Encryption Leader totemo Full Text
Abstract
Kiteworks announced its acquisition of totemo, the leading email encryption gateway provider used by hundreds of the largest multinational enterprises in the German, Austrian, and Swiss markets.Dark Reading
January 12, 2022 – Breach
Hackers take over diplomat’s email, target Russian deputy minister Full Text
Abstract
Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia's Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country's diplomats in other regions.BleepingComputer
January 11, 2022 – Vulnerabilities
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days Full Text
Abstract
The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score.Threatpost
January 11, 2022 – Vulnerabilities
MacOS Bug Could Let Creeps Snoop On You Full Text
Abstract
The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots.Threatpost
January 11, 2022 – Vulnerabilities
WordPress Bugs Exploded in 2021, Most Exploitable Full Text
Abstract
Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.Threatpost
January 11, 2022 – Vulnerabilities
First Patch Tuesday of 2022 Brings Fix for a Critical ‘Wormable’ Windows Vulnerability Full Text
Abstract
Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "wormable" vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in addition to 29 issues patched in Microsoft Edge on January 6, 2022. None of the disclosed bugs are listed as under attack. The patches cover a swath of the computing giant's portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP). Chief among them is CVE-2022-21907 (CVSS score: 9.8), a remote code execution vulnerability rooted in the HTTP Protocol Stack. "InThe Hacker News
January 11, 2022 – Hacker
State hackers use new PowerShell backdoor in Log4j attacks Full Text
Abstract
Hackers believed to be part of the Iranian APT35 state-backed group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor.BleepingComputer
January 11, 2022 – Education
A New Approach to Detect Stealthy Malware on IoT Devices Full Text
Abstract
Security experts developed a three-phased approach that leverages electromagnetic field emanations to detect evasive malware on IoT devices including the unseen variants. The electromagnetic emanation calculated from the device is nearly undetectable by the malware. Thus, malware evasion tacti ... Read MoreCyware Alerts - Hacker News
January 11, 2022 – General
How Can You Leave Log4J in 2021? Full Text
Abstract
With the last month of 2021 dominated by the log4J vulnerabilities discovery, publication, and patches popping up in rapid succession, odds are you have patched your system against Log4J exploitation attempts. At least some systems, if not all. You might even have installed the latest patch – at the time of writing, that is 2.17.1, but, if the last rapid patching cycle persists, it might have changed by the time this is published. In the meantime, defenders might have been working overtime to plug Log4J born security gaps, but so did cyber-attackers. Log4J's well-deserved fame also alerted cyber-attackers to a potential entry pathway into their target. And, while log4J will hopefully vanish from the headlines, cyber-attackers are likely to continue trying to exploit it in the hope of finding unpatched or incompletely patched targets. As human error still accounts for 95% of all security breaches , cyber-attackers actively rely on these human errors to exploit them and take advantThe Hacker News
January 11, 2022 – Vulnerabilities
Microsoft Patch Tuesday fixes critical Office RCE Full Text
Abstract
Microsoft Patch Tuesday security updates fix a critical Office flaw that can allow remote attackers to execute malicious code on vulnerable systems. Microsoft Patch Tuesday security updates for January 2022 patch 96 vulnerabilities in Microsoft Windows...Security Affairs
January 11, 2022 – Education
Here’s REALLY How to Do Zero-Trust Security Full Text
Abstract
It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey.Threatpost
January 11, 2022 – Vulnerabilities
Microsoft: New critical Windows HTTP vulnerability is wormable Full Text
Abstract
Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022.BleepingComputer
January 11, 2022 – Vulnerabilities
IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks Full Text
Abstract
An IP spoofing vulnerability in Django REST allowed attackers to circumvent the framework’s throttling feature, which is supposed to protect applications against mass requests.The Daily Swig
January 11, 2022 – Vulnerabilities
New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors Full Text
Abstract
Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that's integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others. KCodes NetUSB is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, and flash drives plugged into a Linux-based embedded system (e.g., a router) are made available via the network using the driver. CVE-2021-45608 (CVSS score: 9.8), as the security flaw is tracked as, relates to a buffer overflow vulnerability that, if successfully exploited, can allow attackers to execute code remotely in the kernel and perform malicious activities of their choice, according to a report shared by SentinelOne with The Hacker News. This is the latest in a string of NetUSB vulnerabilities that has been patched in recent years. In May 2015, researchers from SEC Consult disclosed anotherThe Hacker News
January 11, 2022 – Ransomware
Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers Full Text
Abstract
Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j...Security Affairs
January 11, 2022 – Attack
FIN7 Mails Malicious USB Sticks to Drop Ransomware Full Text
Abstract
The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense.Threatpost
January 11, 2022 – Solution
Firefox Focus now blocks cross-site tracking on Android devices Full Text
Abstract
Mozilla's Firefox Focus web browser can now protect Android users against cross-site tracking while browsing the Internet by preventing cookies from being used for advertising and monitoring your activity.BleepingComputer
January 11, 2022 – Attack
Cosmetics company Clarins hit by data security incident, ‘may involve’ Singapore customers’ personal information Full Text
Abstract
The data accessed may have included customers’ personal information such as name, address, email, phone number, and Clarins loyalty program status, the cosmetics company added.Channel News Asia
January 11, 2022 – Business
Signal CEO Resigns, WhatsApp Co-Founder Takes Over as Interim CEO Full Text
Abstract
Moxie Marlinspike, the founder of the popular encrypted instant messaging service Signal, has announced that he is stepping down as the chief executive of the non-profit in a move that has been underway over the last few months. "In other words, after a decade or more, it's difficult to overstate how important Signal is to me, but I now feel very comfortable replacing myself as CEO based on the team we have, and also believe that it is an important step for expanding on Signal's success," Marlinspike said in a blog post on Monday. Executive chairman and WhatsApp co-founder Brian Acton will serve as the interim CEO while the search for a replacement is on. Founded in July 2014, Signal has more than 40 million monthly users, in part driven by a surge of new users in January 2021 when Meta-owned WhatsApp enacted a controversial policy change that sparked a privacy backlash over the nature of personal information shared with its parent company. But the communiThe Hacker News
January 11, 2022 – Ransomware
AvosLocker ransomware now targets Linux systems, including ESXi servers Full Text
Abstract
AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers,...Security Affairs
January 11, 2022 – Malware
‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS Full Text
Abstract
The malware establishes initial access on targeted machines, then waits for additional code to execute.Threatpost
January 11, 2022 – Government
CISA alerts federal agencies of ancient bugs still being exploited Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of known exploited vulnerabilities with 15 new security issues that serve as a frequent attack vector against federal enterprises.BleepingComputer
January 11, 2022 – Breach
Medical Review Institute of America Discloses Data Breach Affecting 134,000 People Full Text
Abstract
The incident was discovered on November 9, 2021. A couple of days later, MRIoA discovered that personal information was compromised in the attack and, by November 16, it had managed to retrieve it.Security Week
January 11, 2022 – General
2022 Cybersecurity Predictions from Lookout: Work From Anywhere Ends On-Premises Security Full Text
Abstract
Lookout , an endpoint-to-cloud cyber security company, have put together their cyber security predictions for 2022. 1 — Cloud connectivity and cloud-to-cloud connectivity will amplify supply-chain breaches One area organizations need to continue to monitor in 2022 is the software supply chain. We tend to think of cloud apps as disparate islands used as destinations by endpoints and end-users to collect and process data. The reality is that these apps constantly communicate with different entities and systems like software-update infrastructure and with each other — interactions that are often not monitored. In late 2020, the cybersecurity community uncovered one of the worst breaches in recent memory when the SolarWinds software-publishing infrastructure was infiltrated. More than 100 organizations, including nine U.S. federal agencies, were compromised by trojanized updates that opened backdoors to their infrastructure. This is a prime example of how a weak supply chain can bThe Hacker News
January 11, 2022 – Vulnerabilities
WordPress 5.8.3 Security Release fixes four vulnerabilities Full Text
Abstract
WordPress maintainers have released WordPress 5.8.3 that addresses four vulnerabilities and recommend admins to update their sites immediately The WordPress 5.8.3 security release addresses four vulnerabilities affecting versions between 3.7 and 5.8,...Security Affairs
January 11, 2022 – Vulnerabilities
Critical SonicWall NAC Vulnerability Stems from Apache Mods Full Text
Abstract
Researchers offer more detail on the bug, which can allow attackers to completely take over targets.Threatpost
January 11, 2022 – Vulnerabilities
Microsoft fixes critical Office bug, delays macOS security updates Full Text
Abstract
During this year's first Patch Tuesday, Microsoft has addressed a critical severity Office vulnerability that can let attackers execute malicious code remotely on vulnerable systems.BleepingComputer
January 11, 2022 – Business
Israeli security startup Pentera raises $150 mln in funding round, eyes IPO Full Text
Abstract
The funding round led by K1 Investment Management could be the last capital raise before an IPO, which will "probably" take place in 2024, Pentera Chief Executive Amitai Ratzon told Reuters.Reuters
January 11, 2022 – Vulnerabilities
Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws Full Text
Abstract
Today is Microsoft's January 2022 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 97 flaws.BleepingComputer
January 11, 2022 – Business
Walmart warned over cybersecurity ‘violations’ in China Full Text
Abstract
"It is reported that the public security organs discovered 19 exploitable network security vulnerabilities in Walmart's network system on November 25, 2021..." said China Quality News.The Register
January 11, 2022 – Malware
New RedLine malware version spread as fake Omicron stat counter Full Text
Abstract
A new variant of the RedLine info-stealer is distributed via emails using a fake COVID-19 Omicron stat counter app as a lure.BleepingComputer
January 11, 2022 – Breach
Philippines: Comelec servers hacked; Downloaded data may include information that could affect 2022 elections Full Text
Abstract
Sensitive voter details may have been compromised after a group of hackers was allegedly able to breach the servers of Comelec, stealing over 60GB of data possibly affecting the May 2022 elections.Manila Bulletin News
January 11, 2022 – Government
US govt warns of Russian hackers targeting critical infrastructure Full Text
Abstract
The FBI, CISA, and the NSA have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors orchestrated by Russian-backed hacking groups.BleepingComputer
January 11, 2022 – Malware
New SysJoker backdoor targets Windows, macOS, and Linux Full Text
Abstract
A new multi-platform backdoor malware named 'SysJoker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems.BleepingComputer
January 11, 2022 – Vulnerabilities
KCodes NetUSB bug exposes millions of routers to RCE attacks Full Text
Abstract
A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors.BleepingComputer
January 11, 2022 – Ransomware
Night Sky ransomware uses Log4j bug to hack VMware Horizon servers Full Text
Abstract
The Night Sky ransomware gang has started to exploit the critical CVE-2021-4422 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems.BleepingComputer
January 10, 2022 – Vulnerabilities
Microsoft Details macOS Bug That Could Let Attackers Gain Access to User Data Full Text
Abstract
Microsoft on Monday disclosed details of a recently patched security vulnerability in Apple's macOS operating system that could be weaponized by a threat actor to expose users' personal information. Tracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control (TCC) security framework, which enables users to configure the privacy settings of their apps and provide access to protected files and app data. The Security & Privacy pane in the macOS System Preferences app serves as the front end of TCC. Microsoft 365 Defender Research Team, which reported the vulnerability to Apple on July 15, 2021, dubbed the flaw " powerdir ." Apple addressed the issue as part of macOS 11.6 and 12.1 updates released in December 2021 with improved state management. While Apple does enforce a policy that limits access to TCC to only apps with full disk access, it's possible to orchestrate an attack wherein a malicious application couldThe Hacker News
January 10, 2022 – Vulnerabilities
URL Parsing Bugs Allow DoS, RCE, Spoofing & More Full Text
Abstract
Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.Threatpost
January 10, 2022 – Government
Europol Ordered to Delete Data of Individuals With No Proven Links to Crimes Full Text
Abstract
The European Union's data protection watchdog on Monday ordered Europol to delete a vast trove of personal data it obtained pertaining to individuals with no proven links to criminal activity. "Datasets older than six months that have not undergone this Data Subject Categorisation must be erased," the European Data Protection Supervisor ( EDPS ) said in a press statement. "This means that Europol will no longer be permitted to retain data about people who have not been linked to a crime or a criminal activity for long periods with no set deadline." EDPS' investigation into Europol's handling of sensitive data commenced in April 2019, with the authority noting that the storage of large volumes of data with no Data Subject Categorisation poses a risk to individuals' fundamental rights and amounts to mass surveillance. The cache is said to contain at least four petabytes, according to The Guardian. In addition, the ruling also imposed a six-monThe Hacker News
January 10, 2022 – Outage
FinalSite: No school data stolen in ransomware attack behind site outages Full Text
Abstract
FinalSite announced today the findings of a six-day investigation into last week's ransomware attack, stating it found no evidence schools' data accessed or stolen by hackers.BleepingComputer
January 10, 2022 – Attack
Zloader Campaign Abuses Microsoft’s Security Checks Full Text
Abstract
The Malsmoke hacking group attacked over 2,100 victims worldwide in a new Zloader campaign by abusing a bug in Microsoft’s e-signature verification tool. Though it couldn't be confirmed, experts believe the group uses spear-phishing emails or pirated software resources to infect victims. Such ... Read MoreCyware Alerts - Hacker News
January 10, 2022 – Government
Hillicon Valley — Dems press privacy groups over kids’ safety Full Text
Abstract
Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 10, 2022 – Vulnerabilities
Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries Full Text
Abstract
A study of 16 different Uniform Resource Locator ( URL ) parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors. In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Synk, eight security vulnerabilities were identified in as many third-party libraries written in C, JavaScript, PHP, Python, and Ruby languages and used by several web applications. "The confusion in URL parsing can cause unexpected behavior in the software (e.g., web application), and could be exploited by threat actors to cause denial-of-service conditions, information leaks, or possibly conduct remote code execution attacks," the researchers said in a report shared with The Hacker News. With URLs being a fundamental mechanism by which resources — located either locally or on the web — can be requested and retrieved, differences in how the parsing libraries interpret a URL requThe Hacker News
January 10, 2022 – Breach
Several EA Sports FIFA 22 players have been hacked Full Text
Abstract
Several EA Sports FIFA 22 players claim to have been hacked, they say to have lost access to their personal EA and email accounts. A growing number of EA Sports FIFA 22 players reported that their EA accounts were hacked, including famous streamers...Security Affairs
January 10, 2022 – Denial Of Service
Extortion DDoS attacks grow stronger and more common Full Text
Abstract
The end of 2021 saw a rise in the number of distributed denial-of-service incidents that came with a ransom demand from the attackers to stop the assault.BleepingComputer
January 10, 2022 – Breach
City of Grass Valley Suffers Data Breach Impacting Employee and Citizen Information Full Text
Abstract
More details concerning an extensive data breach at the City of Grass Valley, California, revealed that the data of employees, citizens, and others was copied and transferred to another network.The Daily Swig
January 10, 2022 – Botnet
Abcbot Botnet Linked to Operators of Xanthe Cryptomining malware Full Text
Abstract
New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020. Attacks involving Abcbot, first disclosed by Qihoo 360's Netlab security team in November 2021, are triggered via a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet, but not before terminating processes from competing threat actors and establishing persistence. The shell script in question is itself an iteration of an earlier version originally discovered by Trend Micro in October 2021 hitting vulnerable ECS instances inside Huawei Cloud. But in an interesting twist, continued analysis of the botnet by mapping all known Indicators of Compromise (IoCs), including IP addresses, URLs, and samples, has revealed Abcbot's code and feature-leveThe Hacker News
January 10, 2022 – Botnet
Abcbot and Xanthe botnets have the same origin, experts discovered Full Text
Abstract
Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining...Security Affairs
January 10, 2022 – Ransomware
Linux version of AvosLocker ransomware targets VMware ESXi servers Full Text
Abstract
AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.BleepingComputer
January 10, 2022 – Vulnerabilities
Buffer overflow vulnerability spotted in AnyCubic Chitubox plugin Full Text
Abstract
Cisco Talos recently discovered a heap-based buffer overflow flaw in the Chitubox AnyCubic plugin, which is an 3-D printing software for users to download, process, and send models to a 3-D printer.Cisco Talos
January 10, 2022 – APT
Indian-linked Patchwork APT infected its own system revealing its ops Full Text
Abstract
The India-linked threat actor Patchwork infected one of their own computers with its RAT revealing its operations to researchers. An India-linked threat actor, tracked as Patchwork (aka Dropping Elephant), employed a new variant of the BADNEWS backdoor,...Security Affairs
January 10, 2022 – Hacker
Oops: Cyberspies infect themselves with their own malware Full Text
Abstract
After infecting themselves with their own custom remote access trojan (RAT), an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers.BleepingComputer
January 10, 2022 – Breach
Patient Data from Bangkok’s Siriraj Hospital Sold on Online Forum Full Text
Abstract
About 39 million patient records from Siriraj Hospital have been offered for sale on an internet database-sharing forum in what appears to be the latest hack of Thailand's public health sector.Bangkok Post
January 10, 2022 – Attack
New ZLoader malware campaign hit more than 2000 victims across 111 countries Full Text
Abstract
A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. The malware...Security Affairs
January 10, 2022 – Vulnerabilities
Microsoft: powerdir bug gives access to protected macOS user data Full Text
Abstract
Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users' protected data.BleepingComputer
January 10, 2022 – Education
US Cyber Command partners with universities to prepare graduates for military cyber roles Full Text
Abstract
US Cyber Command plans to work with these academic institutions in the next nine months in order to prepare an adequate curriculum for the next educational year this fall.The Record
January 10, 2022 – Government
Europol ordered to erase data on those not linked to crime Full Text
Abstract
The European Data Protection Supervisor (EDPS), an EU privacy and data protection independent supervisory authority, has ordered Europol to erase personal data on individuals that haven't been linked to criminal activity.BleepingComputer
January 10, 2022 – Business
iProov raises $70 million to fuel businesss growth Full Text
Abstract
Headquartered in Silicon Valley, Sumeru invests in technology firms with the potential to change the world, with a particular emphasis on helping companies expand in North America.Help Net Security
January 10, 2022 – Vulnerabilities
WordPress 5.8.3 security update fixes SQL injection, XSS flaws Full Text
Abstract
The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance.BleepingComputer
January 10, 2022 – Phishing
Phishing Kit Victim Workflow and Data Exflitration Full Text
Abstract
Phishing designed to obtain credentials for retail brands or markets can contain very different stages compared to phishing designed to obtain online banking or credit card information from victims.ZeroFox
January 09, 2022 – APT
BADNEWS! Patchwork APT Hackers Score Own Goal in Recent Malware Attacks Full Text
Abstract
Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government entities and individuals with a research focus on molecular medicine and biological science. "Ironically, all the information we gathered was possible thanks to the threat actor infecting themselves with their own [remote access trojan], resulting in captured keystrokes and screenshots of their own computer and virtual machines," Malwarebytes Threat Intelligence Team said in a report published on Friday. Prominent victims that were successfully infiltrated include Pakistan's Ministry of Defense, National Defence University of Islamabad, Faculty of Bio-Sciences at UVAS Lahore, International Center for Chemical and Biological Sciences (ICCBS), H.E.J. Research Institute of Chemistry, and the Salim Habib University (SBU). Believed to have bThe Hacker News
January 09, 2022 – Breach
Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps Full Text
Abstract
Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM libraries had been compromised, but it turns out there's more to the story.BleepingComputer
January 9, 2022 – Hacker
Microsoft and the FTC Say Attackers Still Not Done with Log4Shell Full Text
Abstract
Public and private organizations alike, including Microsoft and the U.S. Federal Trade Commission (FTC), are alerting organizations against continuous attacks exploiting Log4Shell since December 2021.Cyware Alerts - Hacker News
January 9, 2022 – General
Cyber Defense Magazine – January 2022 has arrived. Enjoy it! Full Text
Abstract
Cyber Defense Magazine January 2022 Edition has arrived. We hope you enjoy this month’s edition…packed with 155 pages of excellent content. CDMG is fully owned and operated by team Miliefsky in our 10th anniversary. We believe the letter Q stands...Security Affairs
January 9, 2022 – Malware
New Ways to Hide Malware Inside SSD Firmware Discovered Full Text
Abstract
The attacks target drives with flex capacity features and hidden areas on the device called over-provisioning areas used by SSD makers for performance optimization on storage systems based on NAND flash.Cyware Alerts - Hacker News
January 9, 2022 – Government
US NCSC and DoS share best practices against surveillance tools Full Text
Abstract
The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance...Security Affairs
January 9, 2022 – APT
APT Groups Registering C2 Domains Way Before Attacks Full Text
Abstract
Recent research claims that 22.3% of aged domain owners may return dangerous outcomes, as these dormant domains are increasingly being misused by attackers.Cyware Alerts - Hacker News
January 9, 2022 – Government
Swiss army asks its personnel to use the Threema instant-messaging app Full Text
Abstract
The Swiss army has banned all instant messaging apps, including Signal, Telegram, and WhatsApp, recommending the use of the Threema app. The Swiss army has banned foreign instant messaging apps such as Signal, Telegram, and WhatsApp and only allows...Security Affairs
January 9, 2022 – Government
Russian submarines threatening undersea cables, UK defence chief warns Full Text
Abstract
Russian submarines threatening undersea network of undersea cables, says UK defence chief Sir Tony Radakin UK defence chief Sir Tony Radakin warns of Russian submarines threatening the undersea network of internet cables, which are critical infrastructure...Security Affairs
January 9, 2022 – General
Security Affairs newsletter Round 348 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
January 08, 2022 – Malware
Trojanized dnSpy app drops malware cocktail on researchers, devs Full Text
Abstract
Hackers targeted cybersecurity researchers and developers this week in a sophisticated malware campaign distributing a malicious version of the dnSpy .NET application to install cryptocurrency stealers, remote access trojans, and miners.BleepingComputer
January 08, 2022 – Denial Of Service
Rapid window title changes cause ‘white screen of death’ Full Text
Abstract
Experimentation with ANSI escape characters on terminal emulators has led to the discovery of multiple high-severity DoS (denial of service) vulnerabilities on Windows terminals and Chrome-based web browsers.BleepingComputer
January 8, 2022 – Government
FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware Full Text
Abstract
The FBI has said that FIN7, an infamous cybercrime group, has sent malicious USB devices to US companies over the past few months in the hopes of infecting their systems with malware and carrying out future attacks.The Record
January 8, 2022 – Vulnerabilities
Unauthenticated RCE in H2 Database Console is similar to Log4Shell Full Text
Abstract
Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability. Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J...Security Affairs
January 8, 2022 – Malware
FluBot malware continues to evolve. What’s new in Version 5.0 and beyond? Full Text
Abstract
Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player....Security Affairs
January 8, 2022 – Vulnerabilities
Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug Full Text
Abstract
SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. According...Security Affairs
January 07, 2022 – General
Hillicon Valley — Domestic extremists adapt online strategies Full Text
Abstract
Today is Friday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 07, 2022 – Privacy
Facebook Launches ‘Privacy Center’ to Educate Users on Data Collection and Privacy Options Full Text
Abstract
Meta Platforms, the company formerly known as Facebook, on Friday announced the launch of a centralized Privacy Center that aims to "educate people" about its approach with regards to how it collects and processes personal information across its family of social media apps. "Privacy Center provides helpful information about five common privacy topics: sharing, security, data collection, data use and ads," the social technology firm said in a press release. The first module, Security, will offer easy access to common tools such as account security settings and two-factor authentication. Sharing will provide specifics about post visibility and settings to archive or trash old posts. Collection and Use will give users a quick glance into the type of data Meta harvests and learn how and why it's used, respectively. Lastly, the Ads section will furnish information regarding a user's ad preferences. The learning hub is expected to be initially limited to a sThe Hacker News
January 7, 2022 – Breach
3.7M FlexBooker Records Dumped on Hacker Forum Full Text
Abstract
Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum.Threatpost
January 07, 2022 – Government
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon Full Text
Abstract
The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory InterfaceTM (JNDI) via Log4Shell payloads to call back to malicious infrastructure," the non-departmental public body said in an alert. "Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service." The web shell, once deployed, can serve as a conduit to carry out a multitude of post-exploitation activities such as deploying additional malicious software, data exfiltration, or deployment of rThe Hacker News
January 07, 2022 – Vulnerabilities
Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console Full Text
Abstract
Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392 , is the " first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the Log4Shell vulnerability, namely JNDI remote class loading," JFrog researchers Andrey Polkovnychenko and Shachar Menashe said . H2 is an open-source relational database management system written in Java that can be embedded within applications or run in a client-server mode. According to the Maven Repository , the H2 database engine is used by 6,807 artifacts. JNDI, short for Java Naming and Directory Interface, refers to an API that provides naming and directory functionality for Java applications, which can use the API in conjunction with LDAP to locate a specific resource that it mighThe Hacker News
January 07, 2022 – Ransomware
The Week in Ransomware - January 7th 2022 - Watch out for USB drives Full Text
Abstract
With the holidays these past two weeks, there have been only a few known ransomware attacks and little research released. Here is what we know.BleepingComputer
January 07, 2022 – Vulnerabilities
SonicWall: Y2K22 bug hits Email Security, firewall products Full Text
Abstract
SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1, 2022.BleepingComputer
January 7, 2022 – Government
New York Attorney General Alerts Companies About Credential Stuffing Attacks Full Text
Abstract
Attorney General Letitia James highlighted that there are more than 15 billion stolen credentials being circulated across the internet which makes credential stuffing one of the top attack vectors online.Cyware Alerts - Hacker News
January 07, 2022 – Government
FBI: Hackers use BadUSB to target defense firms with ransomware Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminal group targeted the US defense industry with packages containing malicious USB devices to deploy ransomware.BleepingComputer
January 7, 2022 – Criminals
AvosLocker Actors Seek Apology by Releasing Free Decryptor Full Text
Abstract
The AvosLocker ransomware group has coughed up a free decryptor after learning that one of their victims was a U.S. police department. Hacker revealed that the taxpayer money is generally hard to get and hence, they usually avoid targeting government entities. Earlier this week, it was spotted with ... Read MoreCyware Alerts - Hacker News
January 07, 2022 – Malware
FluBot malware now targets Europe posing as Flash Player app Full Text
Abstract
The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features.BleepingComputer
January 7, 2022 – Breach
Singapore: Personal details of OG department store customers leaked in data breach Full Text
Abstract
In a statement to OG members, the department store said it was notified on Tuesday about the data breach, which affected members who are in either the basic or gold tiers.Straits Times
January 07, 2022 – Privacy
US counterintelligence shares tips to block spyware attacks Full Text
Abstract
The US National Counterintelligence and Security Center (NCSC) and the Department of State have jointly published guidance on defending against attacks using commercial surveillance tools.BleepingComputer
January 7, 2022 – Hacker
Aquatic Panda Targets Academic Institutions via Log4Shell Full Text
Abstract
CrowdStrike researchers have found Aquatic Panda threat actors who are abusing Log4Shell exploit tools on a vulnerable VMware installation at large academic institutions. The threat group is known for using tools for maintaining persistence to obtain access to intellectual property and other trade ... Read MoreCyware Alerts - Hacker News
January 07, 2022 – Government
NHS warns of hackers exploiting Log4Shell in VMware Horizon Full Text
Abstract
UK's National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits.BleepingComputer
January 7, 2022 – Hacker
FIN7 group continues to target US companies with BadUSB devices Full Text
Abstract
The Federal Bureau of Investigation (FBI) warns US companies that the FIN7 cybercriminals group is targeting the US defense industry with BadUSB devices. The US Federal Bureau of Investigation issued a flash alert to warn that the financially motivated...Security Affairs
January 07, 2022 – Ransomware
QNAP warns of ransomware targeting Internet-exposed NAS devices Full Text
Abstract
QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks.BleepingComputer
January 7, 2022 – Solution
How to secure QNAP NAS devices? The vendor’s instructions Full Text
Abstract
QNAP is warning customers of ransomware attacks targeting network-attached storage (NAS) devices exposed online. Taiwanese vendor QNAP has warned customers to secure network-attached storage (NAS) exposed online from ransomware and brute-force attacks....Security Affairs
January 06, 2022 – General
Hillicon Valley: DHS issues new warning on Jan. 6 Full Text
Abstract
Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 6, 2022 – Vulnerabilities
Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover Full Text
Abstract
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.Threatpost
January 6, 2022 – Malware
Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying Full Text
Abstract
The ‘NoReboot’ technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.Threatpost
January 06, 2022 – Privacy
France Fines Google, Facebook €210 Million Over Privacy Violating Tracking Cookies Full Text
Abstract
The Commission nationale de l'informatique et des libertés (CNIL), France's data protection watchdog, has slapped Facebook (now Meta Platforms) and Google with fines of €150 million ($170 million) and €60 million ($68 million) for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. "The websites facebook.com, google.fr and youtube.com offer a button allowing the user to immediately accept cookies," the authority said . "However, they do not provide an equivalent solution (button or other) enabling the Internet user to easily refuse the deposit of these cookies." Facebook told TechCrunch that it was reviewing the ruling, while Google said it's working to change its practices in response to the CNIL fines. HTTP cookies are small pieces of data created while a user is browsing a website and placed on the user's computer or other device by the user's web browser to track onlineThe Hacker News
January 6, 2022 – Policy and Law
Activision Files Unusual Lawsuit over Call of Duty Cheat Codes Full Text
Abstract
Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages.Threatpost
January 06, 2022 – Outage
FinalSite ransomware attack shuts down thousands of school websites Full Text
Abstract
FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide.BleepingComputer
January 06, 2022 – Ransomware
Night Sky is the latest ransomware targeting corporate networks Full Text
Abstract
It's a new year, and with it comes a new ransomware to keep an eye on called 'Night Sky' that targets corporate networks and steals data in double-extortion attacks.BleepingComputer
January 6, 2022 – Skimming
New Web Skimmer Campaign Attacks via Cloud Video Distribution Supply Chain Full Text
Abstract
Sotheby’s Brightcove account was breached by hackers who deployed a skimmer to pilfer payment card details from more than 100 of its luxury real estate websites.Cyware Alerts - Hacker News
January 06, 2022 – Attack
North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry Full Text
Abstract
A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware. "This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks," researchers from Lumen Technologies' Black Lotus Labs said in an analysis shared with The Hacker News. The Konni group's tactics, techniques, and procedures (TTPs) are known to overlap with threat actors belonging to the broader Kimsuky umbrella, which is also tracked by the cybersecurity community under the monikers Velvet Chollima, ITG16, Black Banshee, and Thallium. The most recent attacks involved the actor gaining access to the target networks through stolen credentials, exploiting the foothold to load malware for intelligence gathering purposes, with early signs of tThe Hacker News
January 6, 2022 – APT
North Korea-linked Konni APT targets Russian diplomatic bodies Full Text
Abstract
North Korea-linked APT group Konni targets Russian Federation's Ministry of Foreign Affairs (MID) new versions of malware implants. Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group...Security Affairs
January 6, 2022 – Phishing
Google Voice Authentication Scam Leaves Victims on the Hook Full Text
Abstract
The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week.Threatpost
January 06, 2022 – Breach
FlexBooker discloses data breach, over 3.7 million accounts impacted Full Text
Abstract
Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums.BleepingComputer
January 6, 2022 – Phishing
The Use of Phishing Toolkits to ByPass 2FA is on the Rise Full Text
Abstract
Cybersecurity researchers claimed to have found over a thousand phishing toolkits that are able to hack two-factor authentication, allowing hackers to conduct sophisticated attacks on a target system. It is bizarre to admit that most of these MitM phishing toolkits in use by attackers are based on ... Read MoreCyware Alerts - Hacker News
January 06, 2022 – Government
NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance Full Text
Abstract
When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology (NIST). From the latest password requirements (NIST 800-63) to IoT security for manufacturers (NISTIR 8259), NIST is always the starting point. NIST plays a key role as a US standard-setter, due to the organization's professionalism and the external experts who help to create NIST documents. The NIST Cybersecurity Framework (CSF) was initially released in 2014 and last updated in 2018. The framework enables organizations to improve the security and resilience of critical infrastructure with a well-planned and easy-to-use framework. The continuing growth in SaaS, and the major changes to the work environment due to COVID-19 bring new security challenges. Although the CSF was written and updated while SaaS was on the rise, it is still geared towards the classic legacy critical infrastructure security challenges. However, organizations can betThe Hacker News
January 6, 2022 – Criminals
Threat actors stole 1.1 million customer accounts from 17 well-known companies Full Text
Abstract
NY OAG warned 17 companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks. The New York State Office of the Attorney General (NY OAG) has warned 17 companies that roughly 1.1 million...Security Affairs
January 06, 2022 – Phishing
US arrests suspect who stole unpublished books in phishing attacks Full Text
Abstract
An Italian man allegedly involved in a multi-year scheme to fraudulently obtain hundreds of prepublication manuscripts was arrested on Wednesday at the John F. Kennedy International Airport, in New York.BleepingComputer
January 6, 2022 – Vulnerabilities
Java RMI services often vulnerable to SSRF attacks Full Text
Abstract
Java RMI services can be attacked through server-side request forgery (SSRF) attacks, according to a detailed analysis of the problem by security researcher Tobias Neitzel.The Daily Swig
January 06, 2022 – Malware
New Trick Could Let Malware Fake iPhone Shutdown to Spy on Users Secretly Full Text
Abstract
Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise. The discovery — dubbed " NoReboot " — comes courtesy of mobile security firm ZecOps, which found that it's possible to block and then simulate an iOS rebooting operation, deceiving the user into believing that the phone has been powered off when, in reality, it's still running. The San Francisco-headquartered company called it the "ultimate persistence bug […] that cannot be patched because it's not exploiting any persistence bugs at all — only playing tricks with the human mind." NoReboot works by interfering with the routines used in iOS to shutdown and restart the device, effectively preventing them from ever happening in the first place and allowing a trojan to achieve persistence without persistence as the device is neverThe Hacker News
January 6, 2022 – Phishing
Google Docs comment feature abused in phishing campaign Full Text
Abstract
Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that appear from a legitimate source. Researchers from security firm Avanan in December uncovered a phishing campaign targeting mainly Outlook...Security Affairs
January 06, 2022 – Breach
US online pharmacy Ravkoo links data breach to AWS portal incident Full Text
Abstract
Ravkoo, a US Internet-based pharmacy service, has disclosed a data breach after the company's AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed.BleepingComputer
January 6, 2022 – Breach
Chemicals Company Element Solutions Discloses Cybersecurity Incident Full Text
Abstract
The company said it had detected an intrusion on some of its IT systems and it “promptly took action to contain it and implement business continuity and data recovery protocols.”Security Week
January 6, 2022 – Policy and Law
France hits Google, Facebook with fines over ‘Cookies’ management Full Text
Abstract
The French data privacy and protection authority hit Google and Facebook with 210 million euros ($237 million) in fines. France’s National Commission on Informatics and Liberty (CNIL), the French data privacy and protection authority, hit Facebook...Security Affairs
January 06, 2022 – Government
Swiss army bans all chat apps but locally-developed Threema Full Text
Abstract
The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead.BleepingComputer
January 6, 2022 – Outage
Government Offices Across Albuquerque, Los Ranchos, and Tijeras Shut Down to Disruptive Cyberattack Full Text
Abstract
The IT systems and public offices in the county are expected to remain closed throughout Thursday and the rest of the week as well, as officials deal with the cyberattack’s aftermath.The Record
January 6, 2022 – Malware
NoReboot persistence technique fakes iPhone shutdown Full Text
Abstract
Researchers devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs. Researchers from Zecops devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs while spies...Security Affairs
January 06, 2022 – Phishing
Google Docs commenting feature exploited for spear-phishing Full Text
Abstract
A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy.BleepingComputer
January 6, 2022 – Cryptocurrency
North Korean Attackers’ Peculiar Interest in Cryptocurrency Full Text
Abstract
Experts claimed that state-backed North Korean hackers have stolen nearly $1.7 billion worth of cryptocurrency from various exchanges in the past five years. Federal prosecutors from the U.S. believe that the Government of North Korea regards cryptocurrency as a long-term investment. Crypto exchang ... Read MoreCyware Alerts - Hacker News
January 6, 2022 – Vulnerabilities
VMware fixed CVE-2021-22045 heap-overflow in Workstation, Fusion and ESXi Full Text
Abstract
VMware addressed a heap-overflow issue (CVE-2021-22045) in Workstation, Fusion and CVE-2021-22045 products that can lead to code execution on the hypervisor. VMware released security updates to address a heap-overflow vulnerability, tracked as CVE-2021-22045,...Security Affairs
January 06, 2022 – Phishing
FBI warns about ongoing Google Voice authentication scams Full Text
Abstract
The Federal Bureau of Investigation (FBI) says Americans who share their phone number online are being targeted by Google Voice authentication scams.BleepingComputer
January 5, 2022 – Criminals
‘Elephant Beetle’ Lurks for Months in Networks Full Text
Abstract
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.Threatpost
January 5, 2022 – Breach
Broward Breach Highlights Healthcare Supply-Chain Problems Full Text
Abstract
More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October.Threatpost
January 05, 2022 – Vulnerabilities
VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products Full Text
Abstract
VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an "important" security vulnerability that could be weaponized by a threat actor to take control of affected systems. The issue relates to a heap-overflow vulnerability — tracked as CVE-2021-22045 (CVSS score: 7.7) — that, if successfully exploited, results in the execution of arbitrary code. The company credited Jaanus Kääp, a security researcher with Clarified Security, for reporting the flaw. "A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine," VMware said in an advisory published on January 4. The error affects ESXi versions 6.5, 6.7, and 7.0; Workstation versions 16.x; and Fusion versions 12.x, with the company yet to release a patch for ESXi 7.0. In the interim, the company is recommending users to disable allThe Hacker News
January 5, 2022 – Vulnerabilities
Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails Full Text
Abstract
A simple-to-exploit bug that allows bad actors to send emails from Uber’s official system – skating past email security – went unaddressed despite flagging by multiple researchers.Threatpost
January 05, 2022 – Vulnerabilities
Google Releases New Chrome Update to Patch Dozens of New Browser Vulnerabilities Full Text
Abstract
Google has rolled out the first round of updates to its Chrome web browser for 2022 to fix 37 security issues, one of which is rated Critical in severity and could be exploited to pass arbitrary code and gain control over a victim's system. Tracked as CVE-2022-0096 , the flaw relates to a use-after-free bug in the Storage component, which could have devastating effects ranging from corruption of valid data to the execution of malicious code on a compromised machine. Security researcher Yangkang ( @dnpushme ) of Qihoo 360 ATA, who has previously disclosed zero-day vulnerabilities in Apple's WebKit, has been credited with discovering and reporting the flaw on November 30, 2021. It's also worth pointing out that 24 of the 37 uncovered flaws came from external researchers, including its Google Project Zero initiative, while the others were flagged as part of its ongoing internal security work. Of the 24 bugs, 10 are rated High, another 10 are rated Medium, and threeThe Hacker News
January 05, 2022 – Criminals
Broker-dealers impersonators stole $50 million using spoofed sites Full Text
Abstract
A California man confirmed his role in a large-scale and long-running Internet-based fraud scheme that allowed him and other fraudsters to siphon roughly $50 million from dozens of investors over eight years, between 2012 to October 2020.BleepingComputer
January 05, 2022 – Criminals
70 investors lose $50 million to fraudsters posing as broker-dealers Full Text
Abstract
A California man confirmed his role in a large-scale and long-running Internet-based fraud scheme that allowed him and other fraudsters to siphon roughly $50 million from dozens of investors over eight years, between 2012 to October 2020.BleepingComputer
January 05, 2022 – Government
Hillicon Valley — Progressives put pressure on Google Full Text
Abstract
Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 05, 2022 – Hacker
Researchers Uncover Hacker Group Behind Organized Financial-Theft Operation Full Text
Abstract
Cybersecurity researchers have taken the wraps of an organized financial-theft operation undertaken by a discreet actor to target transaction processing systems and siphon funds from entities primarily located in Latin America for at least four years. The malicious hacking group has been codenamed Elephant Beetle by Israeli incident response firm Sygnia, with the intrusions aimed at banks and retail companies by injecting fraudulent transactions among benign activity to slip under the radar after an extensive study of the targets' financial structures. "The attack is relentless in its ingenious simplicity serving as an ideal tactic to hide in plain sight, without any need to develop exploits," the researchers said in a report shared with The Hacker News, calling out the group's overlaps with another tracked by Mandiant as FIN13 , an "industrious" threat actor linked to data theft and ransomware attacks in Mexico stretching back as early as 2016. EleThe Hacker News
January 5, 2022 – General
Do the Legal Rules Governing the Confidentiality of Cyber Incident Response Undermine Cybersecurity? Full Text
Abstract
It’s not entirely clear to what extent law firms’ emphasis on protecting attorney-client privilege and work product immunity alters the course of data privacy investigations.Lawfare
January 5, 2022 – Government
FTC warns legal action against businesses who fail to mitigate Log4J attacks Full Text
Abstract
The US Federal Trade Commission (FTC) has warned legal action against companies who fail to secure their infrastructure against Log4Shell attacks. The US Federal Trade Commission (FTC) warns legal action against companies who protect their systems...Security Affairs
January 5, 2022 – Breach
1.1M Compromised Accounts Found at 17 Major Companies Full Text
Abstract
The accounts fell victim to credential-stuffing attacks, according to the New York State AG.Threatpost
January 05, 2022 – Solution
Microsoft Defender for Endpoint adds zero-touch iOS onboarding Full Text
Abstract
Microsoft says zero-touch onboarding for Microsoft Defender for Endpoint (MDE) on iOS is now available in public preview, allowing enterprise admins to silently install Defender for Endpoint automatically on enrolled devices.BleepingComputer
January 05, 2022 – Malware
New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification Full Text
Abstract
An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft's digital signature verification to siphon user credentials and sensitive information. Israeli cybersecurity company Check Point Research, which has been tracking the sophisticated infection chain since November 2021, attributed it to a cybercriminal group dubbed Malsmoke , citing similarities with previous attacks. "The techniques incorporated in the infection chain include the use of legitimate remote management software (RMM) to gain initial access to the target machine," Check Point's Golan Cohen said in a report shared with The Hacker News. "The malware then exploits Microsoft's digital signature verification method to inject its payload into a signed system DLL to further evade the system's defenses." The campaign is said to have claimed 2,170 victims across 111 countries as of January 2, 2022, with moThe Hacker News
January 5, 2022 – Hacker
Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns Full Text
Abstract
Threat actors continue to attempt to exploit Apache Log4J vulnerabilities in their campaigns to deploy malware on target systems, Microsoft warns. Microsoft is warning of continuing attempts by nation-state actors and cybercriminals to exploit recently...Security Affairs
January 5, 2022 – Malware
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification Full Text
Abstract
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.Threatpost
January 05, 2022 – Criminals
NY OAG: Hackers stole 1.1 million customer accounts from 17 companies Full Text
Abstract
The New York State Office of the Attorney General (NY OAG) has warned 17 well-known companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks.BleepingComputer
January 5, 2022 – IOT
Researchers used electromagnetic signals to classify malware infecting IoT devices Full Text
Abstract
Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. A team of academics (Duy-Phuc Pham, Damien Marion, Matthieu Mastio and Annelie Heuser) from the Research Institute of Computer...Security Affairs
January 05, 2022 – Cryptocurrency
Crypto platform ARBIX flagged as a rugpull, transfers $10 million Full Text
Abstract
Arbix Finance, an audited and supposedly trustworthy yield farming platform, has been flagged as a 'rugpull,' deleting its site, Twitter, and Telegram channel and transferring $10 million worth of deposited cryptocurrency.BleepingComputer
January 05, 2022 – Malware
iOS malware can fake iPhone shut downs to snoop on camera, microphone Full Text
Abstract
Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection.BleepingComputer
January 05, 2022 – Criminals
‘Elephant Beetle’ spends months in victim networks to divert transactions Full Text
Abstract
A financially-motivated actor dubbed 'Elephant Beetle' is stealing millions of dollars from organizations worldwide using an arsenal of over 80 unique tools and scripts.BleepingComputer
January 05, 2022 – Attack
Microsoft code-sign check bypassed to drop Zloader malware Full Text
Abstract
A new Zloader campaign exploits Microsoft's e-signature code verification to steal user credentials from over two thousand victims in 111 countries.BleepingComputer
January 04, 2022 – Skimming
Hackers Target Real Estate Websites with Skimmer in Latest Supply Chain Attack Full Text
Abstract
Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites operated by Sotheby's Realty that involved injecting malicious skimmers to steal sensitive personal information. "The attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well," Palo Alto Networks' Unit 42 researchers said in a report published this week. The skimmer attacks, also called formjacking, relates to a type of cyber attack wherein bad actors insert malicious JavaScript code into the target website, most often to checkout or payment pages on shopping and e-commerce portals, to harvest valuable information such as credit card details entered by users. In the latest incarnation of the Magecart attacks, the operators behind the campaign breached the Brightcove account of Sotheby's and deployed malicious code into the player of theThe Hacker News
January 04, 2022 – Attack
Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities Full Text
Abstract
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "Exploitation attempts and testing have remained high during the last weeks of December," Microsoft Threat Intelligence Center (MSTIC) said in revised guidance published earlier this week. "We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks." Publicly disclosed by the Apache Software Foundation on December 10, 2021, the remote code execution (RCE) vulnerability in Apache Log4j 2, aka Log4Shell , has emerged as a new attack vector for widespread exploitation by a variety of threat actors. In the subsequent weeks, four more weaknesses in the utility have come to light — CVE-2021-45046 , CVE-2021-45105 ,The Hacker News
January 4, 2022 – Skimming
Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites Full Text
Abstract
The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.Threatpost
January 04, 2022 – Government
FTC warns companies to secure consumer data from Log4J attacks Full Text
Abstract
The US Federal Trade Commission (FTC) has warned today that it will go after any US company that fails to protect its customers' data against ongoing Log4J attacks.BleepingComputer
January 4, 2022 – Malware
Remote Access Malware Rises, Ransomware Operators Rebrand, and More Attacks on Individuals: Report Full Text
Abstract
According to a Positive Technologies report, the number of attacks in Q3 2021 decreased by 4.8% as compared to Q2 2021. This was mainly caused by some major ransomware players leaving the market.Cyware Alerts - Hacker News
January 04, 2022 – Attack
Hillicon Valley — Twitter’s Greene ban boosts GOP attacks Full Text
Abstract
Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 04, 2022 – Vulnerabilities
SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts Full Text
Abstract
A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met based on the encoded terms of the agreement. They allow trusted transactions and agreements to be carried out between anonymous parties without the need for a central authority. In other words, the code itself is meant to be the final arbiter of "the deal" it represents, with the program controlling all aspects of the execution, and providing an immutable evidentiary audit trail of transactions that are both trackable and irreversible. This also means that vulnerabilities in the code could result in hefty losses, as evidenced by hacks aimed at the DAO and more recently,The Hacker News
January 4, 2022 – Breach
UScellular discloses the second data breach in a year Full Text
Abstract
UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021. UScellular has disclosed a data breach after the attack that compromised the company's billing system in December 2021....Security Affairs
January 4, 2022 – Attack
Microsoft Sees Rampant Log4j Exploit Attempts, Testing Full Text
Abstract
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.Threatpost
January 04, 2022 – Solution
First Microsoft Pluton-powered Windows 11 PCs unveiled at CES Full Text
Abstract
Lenovo unveiled today at CES 2022 the first Microsoft Pluton-powered Windows 11 PCs, the ThinkPad Z13 and Z16, with AMD Ryzen 6000 Series processors.BleepingComputer
January 4, 2022 – Ransomware
Newly Discovered Lapsus$ Ransomware Targets Several Organizations in a Month Full Text
Abstract
Ransomware operators are back in business with the advent of 2022. Hardly one week of the year had passed, when researchers raised an alarm about a newly discovered Lapsus$ ransomware.Cyware Alerts - Hacker News
January 04, 2022 – Vulnerabilities
Researchers Detail New HomeKit ‘doorLock’ Bug Affecting Apple iOS Full Text
Abstract
A persistent denial-of-service (DoS) vulnerability has been discovered in Apple's iOS mobile operating system that's capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance. The behavior, dubbed "doorLock," is trivial in that it can be triggered by simply changing the name of a HomeKit device to a string larger than 500,000 characters. This causes an iPhone or iPad that attempts to connect to the device to become unresponsive and enter an indefinite cycle of system failure and restart that can only be mitigated by restoring the affected device from Recovery or DFU (Device Firmware Update) Mode. HomeKit is Apple's software framework that allows iOS and iPadOS users to configure, communicate with, and control connected accessories and smart-home appliances using Apple devices. "Any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting,"The Hacker News
January 4, 2022 – Skimming
Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites Full Text
Abstract
Threat actors compromised more than 100 real estate websites belonging to the same parent company by implanting an e-skimmer. Threat actors used an unnamed cloud video platform to install an e-skimmer on more than 100 real estate websites belonging...Security Affairs
January 4, 2022 – Insider Threat
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More Full Text
Abstract
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.Threatpost
January 04, 2022 – Hacker
Hackers use video player to steal credit cards from over 100 sites Full Text
Abstract
Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms.BleepingComputer
January 4, 2022 – Breach
Saltzer Health Informs Patients of Personal Information Exposure Full Text
Abstract
Medical data affected by the breach includes diagnosis, medical history, treatment details, prescription medication information, and physician information, along with health insurance information.Security Week
January 4, 2022 – Malware
Purple Fox backdoor spreads through fake Telegram App installer Full Text
Abstract
Threat actors are spreading the Purple Fox backdoor using tainted installers of the Telegram messaging application. Threat actors are using weaponized installers of the Telegram messaging application to deliver the Purple Fox backdoor on Windows systems. Researchers...Security Affairs
January 04, 2022 – Breach
UScellular discloses data breach after billing system hack Full Text
Abstract
UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021.BleepingComputer
January 4, 2022 – Vulnerabilities
Log4j flaw attack levels remain high, Microsoft warns Full Text
Abstract
Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December.ZDNet
January 4, 2022 – Breach
Hospitality Chain McMenamins discloses data breach after ransomware attack Full Text
Abstract
Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12. McMenamins is a family-owned chain of brewpubs, breweries, music...Security Affairs
January 04, 2022 – Breach
Have I Been Pwned warns of DatPiff data breach impacting millions Full Text
Abstract
The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service.BleepingComputer
January 4, 2022 – Hacker
North Korean Konni Hacker Group Targets Russian Diplomats Using New Year Greetings Full Text
Abstract
The attacks have been linked to a threat actor known as Konni, and have been taking place since at least December 20, cybersecurity firm Cluster25 said in a report published on Monday.The Record
January 4, 2022 – Vulnerabilities
Researcher discovers 70 web cache poisoning vulnerabilities, nets $40k in bug bounty rewards Full Text
Abstract
In extensive research of many websites, including some high-traffic online services, security researcher Youstin ladunca recently discovered 70 cache poisoning vulnerabilities with various impacts.The Daily Swig
January 4, 2022 – Breach
Broward Health suffered a data breach that impacted +1.3 million people Full Text
Abstract
The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 million individuals. The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. Broward Health,...Security Affairs
January 03, 2022 – Malware
Purple Fox malware distributed via malicious Telegram installers Full Text
Abstract
A laced Telegram for desktop installer was spotted distributing the Purple Fox malware while disabling the UAC on the infected systems.BleepingComputer
January 3, 2022 – Malware
RedLine Malware Pilfer Passwords Saved in Multiple Browsers Full Text
Abstract
RedLine information stealer was found targeting popular web browsers such as Edge, Opera, Whale, and Chrome and extracting passwords saved in these. The stealer is a commodity malware that can be purchased at an affordable price of just $200 on cybercrime forums. U sers are recommended to use a th ... Read MoreCyware Alerts - Hacker News
January 03, 2022 – IOT
Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations Full Text
Abstract
Cybersecurity researchers have proposed a novel approach that leverages electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis. With the rapid adoption of IoT appliances presenting an attractive attack surface for threat actors, in part due to them being equipped with higher processing power and capable of running fully functional operating systems, the latest research aims to improve malware analysis to mitigate potential security risks. The findings were presented by a group of academics from the Research Institute of Computer Science and Random Systems (IRISA) at the Annual Computer Security Applications Conference ( ACSAC ) held last month. "[Electromagnetic] emanation that is measured from the device is practically undetectable by the malware," the resThe Hacker News
January 3, 2022 – Denial Of Service
‘doorLock’ – A persistent denial of service flaw affecting iOS 15.2 – iOS 14.7 Full Text
Abstract
Expert found a new persistent DoS vulnerability, dubbed 'doorLock,' affecting the Apple HomeKit in iOS 14.7 through 15.2. Security researchers Trevor Spiniolas discovered a new persistent DoS vulnerability, dubbed 'doorLock,' affecting the Apple...Security Affairs
January 03, 2022 – Business
Microsoft Skype makes you solve a complex captcha 10 times to sign up Full Text
Abstract
New Skype users report frustration after being presented with a captcha that requires them to solve a complex puzzle ten times before signing up for the service.BleepingComputer
January 3, 2022 – Attack
MSBuild Abused for Execution of Cobalt Strike Beacon Full Text
Abstract
Researchers uncovered two malicious campaigns that abuse MSBuild to drop Cobalt Strike on targeted machines. The attackers first gain access to the target environment with an RDP account. As per experts, the Windows Defender Application Control (WDAC) policy can prevent these kinds of attacks.Cyware Alerts - Hacker News
January 03, 2022 – General
Are Medical Devices at Risk of Ransomware Attacks? Full Text
Abstract
In May 2017, the first documented ransomware assault on networked medical equipment happened. The worldwide ransomware assault WannaCry compromised radiological and other instruments in several hospitals during its height, after a software failure caused by a cyberattack on its third-party vendor's oncology cloud service, cancer patients having radiation therapy at four healthcare institutions had to reschedule appointments. These examples show how cyberattacks and data breaches may have a significant impact on the healthcare industry, heavily reliant on connected medical equipment. PHI (patient health information) captured and stored in these connected medical devices must be secured. Because PHI is transferred over the cloud via server-based systems, making it very susceptible to hackers. Ransomware attacks on health care professionals have become more common, sophisticated, and severe in recent years. Individual bad actors have been supplanted as the main perpetrators by orgaThe Hacker News
January 3, 2022 – Attack
Israeli Media Outlets hacked on the anniversary of Soleimani killing Full Text
Abstract
Threat actors hacked the website of Jerusalem Post and the Twitter account of Maariv outlet on Soleimani killing anniversary. Threat actors have taken over the website of the English-language Jerusalem Post and the Twitter account of Maariv daily...Security Affairs
January 03, 2022 – Breach
Broward Health discloses data breach affecting 1.3 million people Full Text
Abstract
Florida's Broward Health healthcare system has disclosed a large-scale data breach incident impacting 1,357,879 individuals.BleepingComputer
January 3, 2022 – APT
BlackTech APT Pulls Out New Flagpro Malware To Target Japan and Others Full Text
Abstract
NTT Security exposed the China-linked BlackTech espionage group using new Flagpro malware in recent attacks against Japanese companies in the media, defense, and communications industries. The attack begins with a spear-phishing email, which is customized for the targeted organizations. Firms are a ... Read MoreCyware Alerts - Hacker News
January 3, 2022 – Breach
SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack Full Text
Abstract
SEGA Europe inadvertently left users' personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. SEGA Europe inadvertently left users' personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. At...Security Affairs
January 03, 2022 – Vulnerabilities
Apple iOS vulnerable to HomeKit ‘doorLock’ denial of service bug Full Text
Abstract
A novel persistent denial of service vulnerability named 'doorLock' was discovered in Apple HomeKit, affecting iOS 14.7 through 15.2.BleepingComputer
January 3, 2022 – Insider Threat
SEGA Europe Inadvertently Exposed Internal Data and Infrastructure to Attack Full Text
Abstract
The unsecured S3 bucket could potentially also grant access to user data, including information on hundreds of thousands of users of the Football Manager forums at community.sigames.com.Security Affairs
January 3, 2022 – General
The worst cyber attacks of 2021 Full Text
Abstract
Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? CNA Financial (March 2021) - CNA Financial, one of the largest insurance companies in the US, reportedly...Security Affairs
January 03, 2022 – General
Don’t copy-paste commands from webpages — you can get hacked Full Text
Abstract
Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal risk having their system compromised. Wizer's Gabriel Friedlander demonstrates an obvious, simple yet stunning trick that'll make you think twice before copying-pasting text from web pages.BleepingComputer
January 3, 2022 – Vulnerabilities
HCL Technologies patches serious vulnerabilities in HCL DX Full Text
Abstract
HCL Digital Experience (DX), a platform for building and managing web portals, contained multiple vulnerabilities that could potentially lead to remote code execution (RCE), researchers claim.The Daily Swig
January 3, 2022 – Vulnerabilities
Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers Full Text
Abstract
Microsoft released an emergency patch to fix the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers. Microsoft has rolled out an emergency fix that addresses the Y2k22 bug that is breaking email delivery on on-premise...Security Affairs
January 3, 2022 – Vulnerabilities
Multiple Vulnerabilities Impact Netgear Nighthawk R6700 Routers Full Text
Abstract
Netgear Nighthawk R6700v3 routers running latest firmware are affected by multiple vulnerabilities. Details of the flaws were disclosed last week by Tenable after the vendor failed to release patches.Security Week
January 3, 2022 – Breach
Israeli Media Outlets Hacked on Soleimani Killing Anniversary Full Text
Abstract
The website of the Jerusalem Post and Twitter account of Maariv were taken over with a picture of a fist firing a shell out of a ring with a red stone on a finger toward an exploded dome.Security Week
January 3, 2022 – Criminals
Lapsus$ Ransomware Gang Targets Impresa Media Group, Owner of SIC and Expresso Full Text
Abstract
The Lapsus$ ransomware gang is extorting Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV channel and weekly newspaper, respectively.The Record
January 02, 2022 – Vulnerabilities
Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service Full Text
Abstract
Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. "The problem relates to a date check failure with the change of the new year and it [is] not a failure of the [antivirus] engine itself," the company said in a blog post. "This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues." The Windows maker said the issue impacted on-premises versions of Exchange Server 2016 and Exchange Server 2019 but didn't specify how widespread the impact was. The issue began to gain attention as the year 2022 kicked in, causing the servers to no longer deliver email messages while throwing the following erroThe Hacker News
January 02, 2022 – General
BleepingComputer’s most popular cybersecurity and tech stories of 2021 Full Text
Abstract
2021 is over, and we can look forward to a hopefully healthier, safer, and more normal 2022. However, it was a big year for technology and cybersecurity with massive cyberattacks and data breaches, innovative phishing attacks, privacy concerns, and of course, zero-day vulnerabilities.BleepingComputer
January 2, 2022 – Attack
Exclusive: NASA Director Twitter account hacked by Powerful Greek Army Full Text
Abstract
The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar (@nasapk) was hacked by the Powerful...Security Affairs
January 02, 2022 – Vulnerabilities
Uber ignores vulnerability that lets you send any email from Uber.com Full Text
Abstract
A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber. Uber is aware of the flaw but has decided not to fix it for now.BleepingComputer
January 2, 2022 – Criminals
Lapsus$ ransomware gang hits Impresa, Portugal’s largest media conglomerate Full Text
Abstract
The Lapsus$ ransomware hit Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso. The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal. Impresa owns...Security Affairs
January 2, 2022 – Criminals
North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges Full Text
Abstract
North Korea-linked threat actors are behind some of the largest cyberattacks against cryptocurrency exchanges. North Korea-linked APT groups are suspected to be behind some of the largest cyberattacks against cryptocurrency exchanges. According to South...Security Affairs
January 2, 2022 – Cryptocurrency
Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021 Full Text
Abstract
According to a report published by Invezz, the number of crypto security breaches increased by up 850% in the last decade. The cyberattacks against the cryptocurrency industry are a profitable business for threat actors, according to the experts,...Security Affairs
January 2, 2022 – General
Security Affairs newsletter Round 347 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
January 1, 2022 – Vulnerabilities
Y2k22 bug in Microsoft Exchange causes failure in email delivery Full Text
Abstract
Y2k22 bug is causing Microsoft Exchange on-premise servers to fail in delivering email starting on January 1st, 2022. Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware...Security Affairs
January 1, 2022 – General
Security Affairs most-read cyber stories of 2021 Full Text
Abstract
Which are the most-read cyber stories of 2021? This post includes Top Posts for the last 365 days. Why Edward Snowden is urging users to stop using ExpressVPN? The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service...Security Affairs
January 01, 2022 – Breach
Popular Q&A app Curious Cat loses domain, posts bizarre tweets Full Text
Abstract
Popular social networking and anonymous Q&A app, Curious Cat has lost control of its domain. Soon after the platform announced losing control of their domain, a series of bizarre events and support responses have confused the app users who are now unable to trust Curious Cat.BleepingComputer
January 1, 2022 – Breach
PulseTV discloses potential credit card breach Full Text
Abstract
U.S. online store PulseTV disclosed a potential credit card data breach, more than 200,000 customers have been impacted. U.S. online store PulseTV has disclosed a credit card data breach that has impacted more than 200,000 customers. According...Security Affairs