Link Search Menu Expand Document
BSafes Library

March, 2022

March 31, 2022 – Vulnerabilities

Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices Full Text

Abstract Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company  said  in an advisory published this week. "The flaw could allow an attacker to bypass the authentication and obtain administrative access to the device." The flaw has been assigned the identifier  CVE-2022-0342  and is rated 9.8 out of 10 for severity. Credited with reporting the bug are Alessandro Sgreccia from Tecnical Service Srl and Roberto Garcia H and Victor Garcia R from Innotec Security. The following Zyxel products are impacted – USG/ZyWALL running firmware versions ZLD V4.20 through ZLD V4.70 (fixed in ZLD V4.71) USG FLEX running firmware versions ZLD V4.50 through ZLD V5.20

The Hacker News

March 31, 2022 – Vulnerabilities

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices Full Text

Abstract Apple on Thursday rolled out emergency patches to address two zero-day flaws in its  mobile  and  desktop operating systems  that it said may have been exploited in the wild. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously. Tracked as  CVE-2022-22675 , the issue has been described as an  out-of-bounds write  vulnerability in an audio and video decoding component called AppleAVD that could allow an application to execute arbitrary code with kernel privileges. Apple said the defect was resolved with improved bounds checking, adding it's aware that "this issue may have been actively exploited." The latest version of macOS Monterey, besides fixing CVE-2022-22675, also includes remediation for  CVE-2022-22674 , an  out-of-bounds read  issue in the Intel Graphics Driver module that could enable a malicious actor to read kern

The Hacker News

March 31, 2022 – Vulnerabilities

CISA orders agencies to patch actively exploited Sophos firewall bug Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks.

BleepingComputer

March 31, 2022 – General

Ransomware Payments Hit New Records Full Text

Abstract According to a report by Unit 42, the average ransom demand rose 144% to $2.2 million in 2021. The average ransom payment rose 78% to $541,010. Thirty-five new ransomware gangs popped up in 2021.

Cyware Alerts - Hacker News

March 31, 2022 – Vulnerabilities

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework Full Text

Abstract The maintainers of Spring Framework have released an emergency patch to address a newly disclosed  remote code execution flaw  that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as  CVE-2022-22965 , the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users are recommended to upgrade to versions 5.3.18 or later and 5.2.20 or later. The Spring Framework is a Java framework that offers infrastructure support to develop web applications. "The vulnerability impacts Spring  MVC  [model–view–controller] and Spring WebFlux applications running on [Java Development Kit] 9+," Rossen Stoyanchev of Spring.io  said  in an advisory published Thursday. "The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e., the default, it is not vulnerabl

The Hacker News

March 31, 2022 – Vulnerabilities

Apple issues emergency patches to fix actively exploited zero-days Full Text

Abstract Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs. Apple has released emergency security patches to address two zero-day vulnerabilities actively exploited to hack iPhones,...

Security Affairs

March 31, 2022 – Cryptocurrency

A Blockchain Primer and a Bored Ape Headscratcher – Podcast Full Text

Abstract Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.

Threatpost

March 31, 2022 – Malware

New BlackGuard password-stealing malware sold on hacker forums Full Text

Abstract A new information-stealing malware named BlackGuard is winning the attention of the cybercrime community, now sold on numerous darknet markets and forums for a lifetime price of $700 or a subscription of $200 per month.

BleepingComputer

March 31, 2022 – Ransomware

SunCrypt Ransomware Now Comes With Upgraded Features Full Text

Abstract SunCrypt—a RaaS that came to prominence in mid-2020—was one of the first threat actors to implement triple extortion in its campaigns. It is a small RaaS, operating with a close circle of affiliates.

Cyware Alerts - Hacker News

March 31, 2022 – Vulnerabilities

Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds Full Text

Abstract Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery. The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug stemming from a stack-based buffer overflow (CVE-2019-12266), and a case of unauthenticated access to the contents of the SD card (no CVE). Successful exploitation of the bypass vulnerability could allow an outside attacker to fully control the device, including disabling recording to the SD card and turning on/off the camera, not to mention chaining it with CVE-2019-12266 to view the live audio and video feeds. Romanian cybersecurity firm Bitdefender, which  discovered the shortcomings , said it reached out to the vendor way back in May 2019, following which Wyze released patches to fix CVE

The Hacker News

March 31, 2022 – Attack

Google TAG details cyber activity with regard to the invasion of Ukraine Full Text

Abstract The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts...

Security Affairs

March 31, 2022 – Vulnerabilities

Zyxel patches critical bug affecting firewall and VPN devices Full Text

Abstract Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices.

BleepingComputer

March 31, 2022 – Phishing

Google warns of multiple hacking groups using the war in Ukraine as a lure in phishing attempts Full Text

Abstract Hostile hacking groups are exploiting Russia's invasion of Ukraine to carry out cyberattacks designed to steal login credentials, sensitive information, money, and more from victims around the world.

ZDNet

March 31, 2022 – Ransomware

New Python-based Ransomware Targeting JupyterLab Web Notebooks Full Text

Abstract Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser. "The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack," Assaf Morag, a data analyst at Aqua Security,  said  in a report. The new ransomware sample, which the cloud security firm detected after it was trapped in one of its honeypot servers, is said to have been executed after the unnamed adversary gained access to the server and downloaded the necessary tools required to carry out the encryption process by opening a terminal. Aqua Security characterized the attack as "simple and straightforward," unlike other traditional ransomware-as-a-service (RaaS) schemes, add

The Hacker News

March 31, 2022 – Attack

Anonymous hacked Russian Thozis Corp, but denies attacks on Rosaviatsia Full Text

Abstract The Anonymous collective hacked the Russian investment firm Thozis Corp, but it's a mystery the attack against the Russian Civil Aviation Authority Rosaviatsia. Anonymous continues to target Russian organizations and private foreign businesses the are still...

Security Affairs

March 31, 2022 – Vulnerabilities

Apple emergency update fixes zero-days used to hack iPhones, Macs Full Text

Abstract Apple has released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs.

BleepingComputer

March 31, 2022 – Breach

Lazarus Trojanized DeFi app for delivering malware Full Text

Abstract The malware operator exclusively used compromised web servers located in South Korea for this attack. The threat actor configured this infrastructure with servers set up as multiple stages.

Securelist

March 31, 2022 – Attack

Hackers Increasingly Using ‘Browser-in-the-Browser’ Technique in Ukraine Related Attacks Full Text

Abstract A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which  masquerades  as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns. "Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites," Google's Threat Analysis Group (TAG)  said  in a new report, using it to siphon credentials entered by unsuspected victims to a remote server. Among other groups  using the war as a lure  in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include  Mustang Panda  and  Scarab  as well as nation-state actors from Iran, North Korea, and Russia

The Hacker News

March 31, 2022 – Vulnerabilities

Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring Full Text

Abstract An unauthenticated zero-day RCE vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed. Researchers disclosed a zero-day vulnerability, dubbed Spring4Shell, in the Spring Core Java framework called 'Spring4Shell.'...

Security Affairs

March 31, 2022 – Breach

Viasat confirms satellite modems were wiped with AcidRain malware Full Text

Abstract A newly discovered data wiper malware that wipes routers and modems has been deployed in the cyberattack that targeted the KA-SAT satellite broadband service to wipe SATCOM modems on February 24, affecting thousands in Ukraine and tens of thousands more across Europe.

BleepingComputer

March 31, 2022 – Government

Russia warns of ‘grave consequences’ after U.S. reaffirms threat of sanctions over Ukraine Full Text

Abstract President Biden reaffirmed the U.S. threat of new sanctions against Russia in case of an escalation or invasion, to which Putin responded with a warning of his own that such a U.S. move could lead to a complete rupture of ties.

CBC

March 31, 2022 – Hacker

Chinese hacking group uses new ‘Fire Chili’ Windows rootkit Full Text

Abstract The Chinese APT group known as Deep Panda has been spotted in a recent campaign targeting VMware Horizon servers with the Log4Shell exploit to deploy a novel rootkit named 'Fire Chili'.

BleepingComputer

March 31, 2022 – Attack

Remote ‘Brokenwire’ Hack Prevents Charging of Electric Vehicles at DC Fast Chargers Full Text

Abstract The attack targets the Combined Charging System (CCS) — a widely used DC rapid charging technology — and it interrupts the communication between the charger and the vehicle.

Security Week

March 31, 2022 – Vulnerabilities

Spring patches leaked Spring4Shell zero-day RCE vulnerability Full Text

Abstract Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released.

BleepingComputer

March 31, 2022 – Phishing

Phishers Schedule Victims on Calendar App Full Text

Abstract Toward the end of February, INKY detected a credential harvesting operation that abused Calendly, a freemium calendaring hub, by inserting malicious links on calendly.com event invitations.

INKY

March 31, 2022 – Education

Thinking of a new career? Consider Cybersecurity with these free courses Full Text

Abstract Curiosity and a love of learning are definite advantages in the cybersecurity field, and reading and learning more about the subject is just a few clicks away. The world needs more people out there fighting cybercrime. Perhaps one of them could be you.

BleepingComputer

March 31, 2022 – Attack

Anonymous hacked Russian Thozis Corp, but denies attacks on Rosaviatsia Full Text

Abstract Anonymous continues to target Russian organizations and foreign businesses that are still operating in the country. Now, it claims to have hacked the Russian investment firm Thozis Corp, which is owned by the oligarch Zakhar Smushkin.

Security Affairs

March 31, 2022 – General

LockBit victim estimates cost of ransomware attack to be $42 million Full Text

Abstract Atento has published its 2021 financial performance results, which have a massive $42.1 million dent from a ransomware attack the firm suffered in October 2021.

BleepingComputer

March 31, 2022 – Breach

Palo Alto Networks error exposed customer support cases, attachments Full Text

Abstract EXCLUSIVE: A bug in the support dashboard of Palo Alto Networks (PAN) exposed thousands of customer support tickets to an unauthorized individual, BleepingComputer has learned. The exposed information included, customer names, contact information, conversations between staff and customers, firewall logs and configuration dumps.

BleepingComputer

March 31, 2022 – Cryptocurrency

DPRK hackers go after crypto assets using trojanized DeFi Wallet app Full Text

Abstract Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors.

BleepingComputer

March 31, 2022 – Attack

Calendly actively abused in Microsoft credentials phishing Full Text

Abstract Phishing actors are actively abusing Calendly to kick off a clever sequence to trick targets into entering their email account credentials on the phishing page.

BleepingComputer

March 31, 2022 – Vulnerabilities

Chrome Browser Gets Major Security Update Full Text

Abstract Google this week released a security-themed Chrome 100.0.4896.60 browser makeover with patches for 28 documented vulnerabilities, some serious enough to lead to code execution attacks.

Security Week

March 31, 2022 – Business

Cloaked Snags $25M Funding to Tackle Data-Sharing Privacy Full Text

Abstract The startup, called Cloaked, said the Series A investment was co-led by Lux Capital and Human Capital and will be used to exit beta and drive growth in a competitive marketplace.

Security Week

March 31, 2022 – Vulnerabilities

SQL injection protections in ImpressCMS could be bypassed to achieve RCE Full Text

Abstract Vulnerabilities in ImpressCMS could allow an unauthenticated attacker to bypass the software’s SQL injection protections to achieve remote code execution (RCE), a security researcher has warned.

The Daily Swig

March 31, 2022 – Malware

Bad OPSEC allowed researchers to uncover Mars stealer operation Full Text

Abstract The Morphisec Labs researchers analyzed a new malware, tracked as Mars stealer, which is based on the older Oski Stealer.  Morphisec Labs recently discovered the Mars stealer that was spreading masqueraded as malicious software cracks and keygens. The...

Security Affairs

March 30, 2022 – Vulnerabilities

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security Full Text

Abstract A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher  briefly leaked  a  proof-of-concept  (PoC)  exploit  on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit ( JDK ) versions 9 and later and is a bypass for another vulnerability tracked as  CVE-2010-1622 , enabling an unauthenticated attacker to execute arbitrary code on the target system. Spring is a  software framework  for building Java applications, including web apps on top of the Java EE (Enterprise Edition) platform. "In certain configurations, exploitation of this issue is straightforward, as it only requires an attacker to send a crafted HTTP request to a vulnerable system," researchers Anthony Weems and Dallas Kaman  said . "However, exploitation of different configurations will require the attacker to do additional research t

The Hacker News

March 30, 2022 – Vulnerabilities

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices Full Text

Abstract Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company  said  in an advisory published on March 29, 2022. "If exploited, the vulnerability allows attackers to conduct denial-of-service attacks." Tracked as  CVE-2022-0778  (CVSS score: 7.5), the issue relates to a bug that arises when parsing security certificates to trigger a denial-of-service condition and remotely crash unpatched devices. QNAP, which is currently investigating its line-up, said it affects the following operating system versions – QTS 5.0.x and later QTS 4.5.4 and later QTS 4.3.6 and later QTS 4.3.4 and later QTS 4.3.3 and later QTS 4.2.6 and later QuTS hero h5.0.x and later QuTS hero h4.5.4 and later, and QuTScloud c5.0.x To date, t

The Hacker News

March 30, 2022 – Government

US national emergency extended due to elevated malicious cyber activity Full Text

Abstract US President Joe Biden today has extended the state of national emergency declared to deal with increasingly prevalent and severe malicious cyber threats to the United States national security, foreign policy, and economy.

BleepingComputer

March 30, 2022 – Criminals

Conti Continues To Attack Even After Recent Code Leaks Full Text

Abstract Researchers have spotted an updated version of Conti ransomware as part of the global ransomware tracking efforts that allow it to reboot and encrypt the targeted system in Safe Mode. To avoid detection, Conti uses the Murmur3 hashing algorithm, which produces different hash values for all API func ... Read More

Cyware Alerts - Hacker News

March 30, 2022 – Breach

Apple, Meta turned over user data to hackers using forged requests: report Full Text

Abstract Apple and Facebook parent company Meta turned over user data last year to hackers pretending to be law enforcement officials, Bloomberg reported, citing three people familiar with the matter.

The Hill

March 30, 2022 – Attack

Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread Full Text

Abstract A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov  said  in a report published Tuesday. Based on the  Oski Stealer  and first discovered in June 2021,  Mars Stealer  is said to be constantly under development and available for sale on over 47 underground forums, darknet sites, and Telegram channels, costing only $160 for a lifetime subscription. Information stealers allow adversaries to vacuum personal information from compromised systems, including stored credentials and browser cookies, which are then sold on criminal marketplaces or used as a springboard for launching further attacks. The release of Mars Stealer last year has also been accompanied by

The Hacker News

March 30, 2022 – Vulnerabilities

A critical RCE vulnerability affects SonicWall Firewall appliances Full Text

Abstract SonicWall released security updates to address a remote code execution vulnerability that affects multiple firewall appliances. SonicWall has released security updates to address a critical vulnerability (CVE-2022-22274) that impacts multiple firewall...

Security Affairs

March 30, 2022 – Attack

MSHTML Flaw Exploited to Attack Russian Dissidents Full Text

Abstract A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.

Threatpost

March 30, 2022 – Vulnerabilities

New Spring Java framework zero-day allows remote code execution Full Text

Abstract A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications.

BleepingComputer

March 30, 2022 – Botnet

Muhstik Botnet Gang Targets Redis Exploit Within One Day of Public POC Release Full Text

Abstract Muhstik botnet operators were found exploiting a recently disclosed bug in some Redis Debian packages to infiltrate servers and then use it for DDOS attacks. The attackers target the vulnerability CVE-2022-0543 in Redis Debian packages. To protect against this particular attack, users are recommend ... Read More

Cyware Alerts - Hacker News

March 30, 2022 – Government

House sends bipartisan cyber crime bill to Biden Full Text

Abstract The House passed bipartisan cybersecurity legislation on Tuesday that would improve the way the federal government tracks, measures and analyzes cyber crime.

The Hill

March 30, 2022 – Government

CISA and DoE warns of attacks targeting UPS devices Full Text

Abstract The US CISA and the Department of Energy issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy published joint guidance...

Security Affairs

March 30, 2022 – Breach

Globant confirms hack after Lapsus$ leaks 70GB of stolen data Full Text

Abstract IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors.

BleepingComputer

March 30, 2022 – Malware

Crypto Stealing Malware Spreads via Fake Wallet Apps Full Text

Abstract Researchers found dozens of trojanized cryptocurrency wallet apps attempting to steal cryptocurrency funds, especially from Chinese users. ESET researchers have revealed over 40 copycat websites of popular cryptocurrency wallets. Smartphone users are suggested to stay vigilant and use genuine ... Read More

Cyware Alerts - Hacker News

March 30, 2022 – Breach

More than $600M in cryptocurrency stolen in video game hack Full Text

Abstract Hackers exploited a cryptocurrency exchange network in a virtual game called Axie Infinity to steal more than $600 million from the system.

The Hill

March 30, 2022 – Criminals

Lapsus$ extortion gang claims to have hacked IT Giant Globant Full Text

Abstract The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked tens of gigabytes of stolen data. The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked roughly 70 Gb of stolen data. The gang claims that the company...

Security Affairs

March 30, 2022 – Attack

Google: Russian phishing attacks target NATO, European military Full Text

Abstract The Google Threat Analysis Group (TAG) says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks.

BleepingComputer

March 30, 2022 – Breach

French National Health Insurance Fund Suffers Massive Data Leak Full Text

Abstract Data stolen from affected members of the French health insurance body included names, surnames, date of birth, social security numbers, GP details, and levels of reimbursement.

Connexion France

March 30, 2022 – Policy and Law

New law in reporting cyber breaches seen as overdue first step Full Text

Abstract A new law requiring critical sectors to report cyber breaches is “a good first step” but long overdue, experts said, as it is the first federal-wide mandate of its kind. 

The Hill

March 30, 2022 – Vulnerabilities

QNAP warns severe OpenSSL bug affects most of its NAS devices Full Text

Abstract Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago.

BleepingComputer

March 30, 2022 – Government

Singapore, US to establish dialogue to strengthen cooperation in cybersecurity Full Text

Abstract The United States-Singapore Cyber Dialogue, as it is called, will bring together senior government officials from the cyber operational, technical, and policy units of various agencies on both sides.

Channel News Asia

March 30, 2022 – Criminals

FBI disrupts BEC cybercrime gangs targeting victims worldwide Full Text

Abstract A coordinated operation conducted by the FBI and its international law enforcement partners has resulted in disrupting business email compromise (BEC) schemes in several countries.

BleepingComputer

March 30, 2022 – Ransomware

Hive ransomware uses new ‘IPfuscation’ trick to hide payload Full Text

Abstract Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, involving IPv4 addresses and a series of conversions that eventually lead to downloading Cobalt Strike beacons.

BleepingComputer

March 30, 2022 – Vulnerabilities

Mazda Infotainment Crash Shows How Fragile Car Security Really Is Full Text

Abstract Automated product security helps teams address automotive security vulnerabilities and bugs before - not after - they land companies in the headlines.

BleepingComputer

March 30, 2022 – Attack

Viasat shares details on KA-SAT satellite service cyberattack Full Text

Abstract US satellite communications provider Viasat has shared an incident report regarding the cyberattack that affected its KA-SAT consumer-oriented satellite broadband service on February 24, the day Russia invaded Ukraine.

BleepingComputer

March 30, 2022 – Attack

Phishing campaign targets Russian govt dissidents with Cobalt Strike Full Text

Abstract A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine.

BleepingComputer

March 30, 2022 – General

Cyber extortion surges 78% as ‘ransomware as a service’ spreads Full Text

Abstract Ransomware criminals last year targeted companies in the Americas in 60% of their attacks and demanded on average $2.2 million from their victims, a 144% increase compared with 2020, Palo Alto Networks said.

Cybersecurity Dive

March 30, 2022 – Vulnerabilities

Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles Full Text

Abstract A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system ( CVE-2022-27254 ) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020. Credited with discovering the issue are Ayyappan Rajesh, a student at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart). "A hacker can gain complete and unlimited access to locking, unlocking, controlling the windows, opening the trunk, and starting the engine of the target vehicle where the only way to prevent the attack is to either never use your fob or, after being compromised (which would be difficult to realize), resetting your fob at a dealership," Berry  explained  in a GitHub post. The underlying issue is that the remote key fob on the a

The Hacker News

March 30, 2022 – Attack

Threat actors actively exploit recently fixed Sophos firewall bug Full Text

Abstract Cybersecurity firm Sophos warned that the recently addressed CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks. Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides...

Security Affairs

March 30, 2022 – General

Not enough businesses have a formal ransomware plan in place Full Text

Abstract Throughout 2021, security incidents remained high, with 29% of businesses experiencing a breach in the past 12 months, according to Thales. Additionally, 43% of IT Leaders admitted to having failed a compliance audit.

Help Net Security

March 30, 2022 – Education

Improve Your Hacking Skills with 9 Python Courses for Just $39 Full Text

Abstract For anyone with interest in  cybersecurity , learning Python is a must. The language is used extensively in white hat hacking, and professionals use  Python  scripts to automate tests. It also has a use in the "soft" side of cybersecurity — like scraping the web for compromised data and detecting bugs.  Featuring nine full-length video courses,  The Complete 2022 Python Programmer Bundle  helps you come to grips with this powerful programming language. The included training is worth $1,791 altogether. But thanks to a special price drop, readers of The Hacker News can  get the bundle today for just $39 . Special Offer — This library of Python video training includes 46 hours of content, and you can get lifetime access today  for just $39 ! When each new year of computer science talent arrives at MIT and Stanford, one of the first languages they learn is Python.  Why? Well, it's relatively easy to read. But just as importantly, it's super versatile and plenty powerful. If you have

The Hacker News

March 30, 2022 – Breach

Data Breach at Japanese Candy Maker Morinaga Affects Customers on its Online Store Full Text

Abstract Japanese confectionary manufacturer Morinaga has warned that a suspected data breach of its online store may have exposed the personal information of more than 1.6 million customers.

The Daily Swig

March 30, 2022 – Breach

LAPSUS$ Claims to Have Breached IT Firm Globant; Leaks 70GB of Data Full Text

Abstract The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as of writing – posting images of extracted data and credentials belonging to the company's DevOps infrastructure. The screenshots depict a folder listing for what appears to be different companies from across the world, including Arcserve, Banco Galicia, BNP Paribas Cardif, Citibanamex, DHL, Facebook, Stifel, among others. Also shared is a torrent file purported to contain around 70GB of Globant's source code as well as administrator passwords associated with the firm's Atlassian suite, including Confluence and Jira, and the Crucible code review tool. As malware research group  VX-Underground  points out, the passwords are not only easily guessable, but the

The Hacker News

March 30, 2022 – Attack

Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA Full Text

Abstract One group using this technique, according to security firm Mandiant, is Cozy Bear, a band of elite hackers working for Russia’s Foreign Intelligence Service. The group also goes under the names Nobelium, APT29, and the Dukes

ARS Technica

March 30, 2022 – General

2021 COVID bounce: Malware has returned with a vengeance Full Text

Abstract According to Malwarebytes , there was a 77% increase in malware detections over 2020. Business-focused cyberthreats jumped 143%, while consumer-specific threats rose by 65% to more than 152 million in 2021.

Help Net Security

March 30, 2022 – Breach

Anonymous Hacks 2 Russian Industrial Firms, Leaks 112GB of Data for Ukraine Full Text

Abstract The online hacktivist group Anonymous has claimed responsibility for targeting two Russian companies, MashOil and FID Group, stealing a trove of their data and leaking it online for the public to download.

Hackread

March 29, 2022 – Government

CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DoE) are jointly warning of attacks against internet-connected uninterruptible power supply (UPS) devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet," the agencies  said  in a bulletin published Tuesday. UPS devices, in addition to offering power backups in mission-critical environments, are also equipped with an internet of things (IoT) capability, enabling the administrators to carry out power monitoring and routine maintenance. But as is often the case, such features can also open the door to malicious attacks. To mitigate against such threats, CISA and DoE are advising organizations to enumerate and disconnect all UPS systems from the internet and gate them behind a

The Hacker News

March 29, 2022 – Vulnerabilities

Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances Full Text

Abstract SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as  CVE-2022-22274  (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that could be triggered by sending a specially crafted HTTP request, leading to remote code execution or DoS. The flaw impacts 31 different SonicWall Firewall devices running versions 7.0.1-5050 and earlier, 7.0.1-R579 and earlier, and 6.5.4.4-44v-21-1452 and earlier. ZiTong Wang of Hatlab has been credited with reporting the issue. The network security company  said  it's not aware of any instance of active exploitation in the wild leveraging the weakness, and that no proof-of-concept (PoC) or malicious use of the vulnerability has been publicly reported to date. That said, users of the a

The Hacker News

March 29, 2022 – Malware

Mars Stealer malware pushed via OpenOffice ads on Google Full Text

Abstract A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it.

BleepingComputer

March 29, 2022 – Attack

An Ongoing Reply-Chain Hijacking Campaign Drops IcedID Full Text

Abstract Researchers have detected a new conversation hijacking campaign that exploits unpatched Exchange servers to deliver IcedID trojan within the energy, healthcare, pharmaceutical, and legal sectors. It’s been almost a year since the disclosure of ProxyShell vulnerabilities in Exchange servers but not ... Read More

Cyware Alerts - Hacker News

March 29, 2022 – Attack

Ukrainian military internet provider suffers cyberattack Full Text

Abstract Ukraine's state-owned telecommunications company, Ukrtelecom, which is used by the country's military, experienced a massive cyberattack on Monday.

The Hill

March 29, 2022 – Attack

New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials Full Text

Abstract A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Transparent Tribe has been a highly active APT group in the Indian subcontinent," Cisco Talos researchers  said  in an analysis shared with The Hacker News. "Their primary targets have been government and military personnel in Afghanistan and India. This campaign furthers this targeting and their central goal of establishing long term access for espionage." Last month, the advanced persistent threat expanded its malware toolset to compromise Android devices with a backdoor named  CapraRAT  that exhibits a high "degree of crossover" with CrimsonRAT. The latest set of attacks detailed by Cisco Talos involves making use of fake domains that mimic legitimate government and related organizations to deliver the malicious payloads, including a Pytho

The Hacker News

March 29, 2022 – Cryptocurrency

$625M stolen from Axie Infinity ‘s Ronin bridge, the largest ever crypto hack Full Text

Abstract Threat actors have stolen approximately $625 million worth of Ethereum and USDC tokens from Axie Infinity 's Ronin network bridge. Threat actors have stolen almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie...

Security Affairs

March 29, 2022 – Breach

$620 million in crypto stolen from Axie Infinity’s Ronin bridge Full Text

Abstract A hacker has stolen almost $620 million in Ethereum and USDC tokens from Axie Infinity's Ronin network bridge, making it possibly the largest crypto hack in history.

BleepingComputer

March 29, 2022 – Malware

New JSSLoader Variant Uses XLL Files to Evade Detection Full Text

Abstract A new wave of JSSLoader infections, operated by the FIN7 threat group, was observed using XLL files to deliver the malware via malicious Microsoft Excel add-ins. The latest variant comes with some new layers of obfuscation to keep itself hidden from security analysts. Organizations need to have int ... Read More

Cyware Alerts - Hacker News

March 29, 2022 – Government

Russia accuses US of leading massive cyber campaign Full Text

Abstract Russia's Ministry of Foreign Affairs on Tuesday accused the U.S. of attacking the country's critical infrastructure and network systems in a massive cyberattack, claims the U.S. government has called false and part of Russia's disinformation campaign.

The Hill

March 29, 2022 – Privacy

Privid: A Privacy-Preserving Surveillance Video Analytics System Full Text

Abstract A group of academics has designed a new system known as " Privid " that enables video analytics in a privacy-preserving manner to combat concerns with invasive tracking. "We're at a stage right now where cameras are practically ubiquitous. If there's a camera on every street corner, every place you go, and if someone could actually process all of those videos in aggregate, you can imagine that entity building a very precise timeline of when and where a person has gone," Frank Cangialosi, the lead author of the study and a researcher at the MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL),  said  in a statement. "People are already worried about location privacy with GPS — video data in aggregate could capture not only your location history, but also moods, behaviors, and more at each location," Cangialosi added. Privid is built on the foundation of  differential privacy , a  statistical technique  that makes it possibl

The Hacker News

March 29, 2022 – Denial Of Service

Compromised WordPress sites launch DDoS on Ukrainian websites Full Text

Abstract Threat actors compromised WordPress sites to deploy a script that was used to launch DDoS attacks, when they are visited, on Ukrainian websites. MalwareHunterTeam researchers discovered the malicious script on a compromised WordPress site, when the users...

Security Affairs

March 29, 2022 – Breach

Shutterfly discloses data breach after Conti ransomware attack Full Text

Abstract Online retail and photography manufacturing platform Shutterfly has disclosed a data breach that exposed employee information after threat actors stole data during a Conti ransomware attack.

BleepingComputer

March 29, 2022 – Ransomware

Lockbit Beats Conti and Ryuk in Encryption Speed Test Full Text

Abstract A new study by Splunk has found that modern-day ransomware, such as LockBit, is capable of encrypting around 25,000 files in just one minute. The time window is so small that before an organization realizes the effect, the ransomware would have done its job.

Cyware Alerts - Hacker News

March 29, 2022 – Vulnerabilities

Critical Sophos Firewall RCE Vulnerability Under Active Exploitation Full Text

Abstract Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as  CVE-2022-1040 , is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal and Webadmin interface that, if successfully weaponized, allows a remote attacker to execute arbitrary code. "Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region," the company  noted  in a revised advisory published Monday. "We have informed each of these organizations directly." The flaw has been addressed in a hotfix that's automatically installed for customers who have the " Allow automatic installation of hotfixes " setting enabled. As a workaround, Sophos is recommending

The Hacker News

March 29, 2022 – Government

CISA adds Chrome, Redis bugs to the Known Exploited Vulnerabilities Catalog Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Chrome and Redis flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chome zero-day (CVE-2022-1096)...

Security Affairs

March 29, 2022 – Government

FBI warns election officials of credential phishing attacks Full Text

Abstract The Federal Bureau of Investigation (FBI) warned US election officials on Tuesday of an ongoing and widespread phishing campaign trying to steal their credentials since at least October 2021.

BleepingComputer

March 29, 2022 – Attack

Multiple E-commerce Stores Found Being Targeted Since 2020 Full Text

Abstract Active since 2020, the campaign is a work of cybercriminal gangs from China. According to Seguranca Informatica, the campaign has targeted around 617 online stores located in Portugal, France, Spain, Italy, Chile, Mexico, Columbia, among others.

Cyware Alerts - Hacker News

March 29, 2022 – Malware

New Malware Loader ‘Verblecon’ Infects Hacked PCs with Cryptocurrency Miners Full Text

Abstract An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines," researchers from the Symantec Threat Hunter Team, part of Broadcom Software,  said  in a report shared with The Hacker News. "This would appear to be a relatively low-reward goal for the attacker given the level of effort that would have been required to develop this sophisticated malware." This advanced piece of malware, dubbed Verblecon, is said to have been first spotted two months ago in January 2022, with the payload incorporating  polymorphic qualities  to evade signature-based detections by security software. In addition, the loader carries out further a

The Hacker News

March 29, 2022 – Education

What is credential stuffing? And how to prevent it? Full Text

Abstract This post explains what is a credential stuffing attack and which are the countermeasures to prevent them. A credential stuffing attempt can be caught as a behavioral anomaly - if you’re looking. Earmarked by the FBI as a particular threat to the financial...

Security Affairs

March 29, 2022 – Attack

Hackers use modified MFA tool against Indian govt employees Full Text

Abstract A new campaign from the hacking group tracked as APT36, aka 'Transparent Tribe' or' Mythic Leopard,' has been discovered using new custom malware and entry vectors in attacks against the Indian government.

BleepingComputer

March 29, 2022 – Criminals

Hackers Steal Over $600 Million from Axie Infinity Developer’s Ronin Bridge Full Text

Abstract The Ronin bridge and Katana Dex have been halted after suffering an exploit for 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC), worth a combined $612 million at Tuesday's prices.

Coin Telegraph

March 29, 2022 – Malware

Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation Full Text

Abstract Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar. Wslink, as the malicious loader is called, was first  documented  by Slovak cybersecurity company ESET in October 2021, with very few telemetry hits detected in the past two years spanning Central Europe, North America, and the Middle East. Analysis of the malware samples have yielded little to no clues about the initial compromise vector used, and no code, functionality, or operational similarities have been uncovered to suggest that this is a tool from a previously identified threat actor. Packed with a file compression utility named NsPack, Wslink makes use of what's called a  process virtual machine  (VM), a mechanism to run an application in a platform-independent manner that abstracts the underlying hardware or opera

The Hacker News

March 29, 2022 – Attack

Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure Full Text

Abstract Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure. On March 29, 2022, a massive cyber attack caused a major internet disruption across Ukraine on national provider Ukrtelecom....

Security Affairs

March 29, 2022 – Government

CISA warns of attacks targeting Internet-connected UPS devices Full Text

Abstract In a joint advisory with the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. organizations today to secure Internet-connected UPS devices from ongoing attacks.

BleepingComputer

March 29, 2022 – Business

Steve Mnuchin’s private equity firm buys Zimperium for $525m Full Text

Abstract Former US Treasury secretary Steve Mnuchin's private equity firm has announced its plans to buy a controlling stake in a mobile cybersecurity company for more than half a billion dollars.

The Register

March 29, 2022 – Attack

A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages Full Text

Abstract A threat actor dubbed " RED-LILI " has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules. "Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks," Israeli security company Checkmarx  said . "As it seems this time, the attacker has fully-automated the process of NPM account creation and has opened dedicated accounts, one per package, making his new malicious packages batch harder to spot." The findings build on recent reports from  JFrog  and  Sonatype , both of which detailed hundreds of NPM packages that leverage techniques like  dependency confusion  and typosquatting to target Azure, Uber, and Airbnb developers. According to a detailed analysis of RED-LILI's modus operandi, earliest evidence of anomalous activity is said to have occurred on February 23, 2022, with the cluster of malicious packages publis

The Hacker News

March 29, 2022 – Vulnerabilities

Wyze Cam flaw lets hackers remotely access your saved videos Full Text

Abstract A Wyze Cam internet camera vulnerability allows unauthenticated, remote access to videos and images stored on local memory cards and has remained unfixed for almost three years.

BleepingComputer

March 29, 2022 – Attack

School of Hard Knocks: Job Fraud Threats Target University Students Full Text

Abstract Employment fraud typically impacts individuals, and the results can be costly. According to the FBI’s Internet Crime Complaint center, the average reported loss from this type of scheme is $3,000.

Proof Point

March 29, 2022 – Attack

New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack Full Text

Abstract An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. In a set of screenshots posted on Twitter, Bill Demirkapi  published  a two-page "intrusion timeline" allegedly prepared by Mandiant, the cybersecurity firm hired by Sitel to investigate the security breach. Sitel, through its acquisition of Sykes Enterprises in September 2021, is the third-party service provider that provides customer support on behalf of Okta. The authentication services provider revealed last week that on January 20, it was alerted to a new factor that was added to a Sitel customer support engineer's Okta account, an attempt that it said was successful and blocked. The incident only came to light two months later after LAPSUS$  posted screenshots  on their Telegram channel as evidence of the breach on March 22. The

The Hacker News

March 29, 2022 – Solution

Consistency in password resets helps block credential theft Full Text

Abstract As important as end user training and message filtering may be, there is a third method that tip the odds in their favor. Because phishing attacks often come disguised as password reset emails, it is important to handle password resets in a way that makes it obvious that email messages are not part of the password reset process.

BleepingComputer

March 29, 2022 – Hacker

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” – Krebs on Security Full Text

Abstract There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies, and social media firms.

Krebs on Security

March 29, 2022 – Criminals

Europol dismantles massive call center investment scam operation Full Text

Abstract Europol has announced the arrest of 108 people suspected of being involved in an international call center operation that tricked victims into investment scams.

BleepingComputer

March 29, 2022 – Malware

Verblecon malware loader used in stealthy crypto mining attacks Full Text

Abstract Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for rannsomware and erespionage attacks, although it is currently used for low-reward attacks.

BleepingComputer

March 28, 2022 – Government

CISA warns orgs to patch actively exploited Chrome, Redis bugs Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch a Google Chome zero-day and a critical Redis vulnerability actively exploited in the wild within the next three weeks.

BleepingComputer

March 28, 2022 – Attack

Oklahoma City Indian Clinic impacted by Suncrypt’s ransomware attack Full Text

Abstract The explanation for the “technological issues” appears to be a ransomware attack by Suncrypt, who have added the clinic to their dedicated leak site. Suncrypt claims that they have acquired 350GB+ of files.

Data Breaches

March 28, 2022 – Phishing

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware Full Text

Abstract A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with The Hacker News. "A forged reply to a previous stolen email is being used as a way to convince the recipient to open the attachment. This is notable because it increases the credibility of the phishing email and may cause a high infection rate." The latest wave of attacks, detected in mid-March 2022, is said to have targeted organizations within energy, healthcare, law, and pharmaceutical sectors. IcedID, aka BokBot, like its counterparts TrickBot and  Emotet , is a  banking trojan  that has evolved to become an entry point for more sophisticated threats, including hu

The Hacker News

March 28, 2022 – Breach

Anonymous is working on a huge data dump that will blow Russia away Full Text

Abstract The Anonymous collective hacked the Russian construction company Rostproekt and announced that a leak that will Blow Russia Away.  Anonymous continues its offensive against Russia, the collective announced the hack of the Russian construction company...

Security Affairs

March 28, 2022 – Denial Of Service

Hacked WordPress sites force visitors to DDoS Ukrainian targets Full Text

Abstract Hackers are compromising WordPress sites to insert a malicious script that uses visitors' browsers to perform distributed denial-of-service attacks on Ukrainian websites.

BleepingComputer

March 28, 2022 – Malware

Update: Hundreds more packages found in malicious npm ‘factory’ Full Text

Abstract On Monday, Checkmarx researchers said they have also been tracking these activities and have recorded over 600 malicious packages published over five days, bringing the total to over 700.

ZDNet

March 28, 2022 – Criminals

Of Cybercriminals and IP Addresses Full Text

Abstract You don't like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes. Their IP address will never be exposed directly to the target's machine. Cybercriminals will always use third-party IP addresses to deliver their attacks. There are countless ways to deliver cyberattacks. But one thing is common to all of them. The need for a pool of IP addresses to serve as a medium. Criminals need IP addresses to deliver distributed denial of service attacks. Criminals need IP addresses to hide behind when probing services. Criminals need IP addresses to attempt brute force attacks. Criminals need IP addresses to run bot networks and services. In a nutshell, criminals need to maintain IP addresses under their control for pretty much anything. It is their most important asset and is the ammo they need to deliver attacks. So how

The Hacker News

March 28, 2022 – Ransomware

Hive ransomware ports its encryptor to Rust programming language Full Text

Abstract The Hive ransomware gang ported its encryptor to the Rust programming language and implemented new features. The Hive ransomware operation has developed a Rust version of their encryptor and added new features to prevent curious from snooping on the victim's...

Security Affairs

March 28, 2022 – Disinformation

Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards Full Text

Abstract The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news.

BleepingComputer

March 28, 2022 – Attack

Attackers Use Compromised Philippine Navy Certificate to Spread Remote Access Tool Full Text

Abstract Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.

Avast

March 28, 2022 – Attack

‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks Full Text

Abstract The operators of the  Purple Fox malware  have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers  said  in a report published on March 25, 2022. "The installers are actively distributed online to trick users and increase the overall botnet infrastructure." The findings follow  prior research  from Minerva Labs that shed light on a similar modus operandi of leveraging fraudulent Telegram applications to distribute the backdoor. Other disguised software installers include WhatsApp, Adobe Flash Player, and Google Chrome. These packages act as a first-stage loader, triggering an infection sequence that leads to the deployment of a second-stage payload from a remote server and culminating in the

The Hacker News

March 28, 2022 – Botnet

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability Full Text

Abstract The Muhstik botnet has been observed targeting Redis servers exploiting the recently disclosed CVE-2022-0543 vulnerability. Muhstik is a botnet that is known to use web application exploits to compromise IoT devices, it has been around for at least...

Security Affairs

March 28, 2022 – Vulnerabilities

Critical SonicWall firewall patch not released for all devices Full Text

Abstract Security hardware manufacturer SonicWall has fixed a critical vulnerability in the SonicOS security operating system that allows denial of service (DoS) attacks and could lead to remote code execution (RCE).

BleepingComputer

March 28, 2022 – Phishing

Phishing Kits Evolve and Evade Detection Full Text

Abstract Off-the-shelves, modern phishing kits are being sold on underground forums that contain several, sophisticated detection avoidance and traffic filtering processes to not be marked as threats.  Fake websites impersonating renowned brands are created using phishing kits featuring realistic login ... Read More

Cyware Alerts - Hacker News

March 28, 2022 – Attack

While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio Full Text

Abstract While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). On Friday, Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from...

Security Affairs

March 28, 2022 – Ransomware

SunCrypt ransomware is still alive and kicking in 2022 Full Text

Abstract SunCrypt, a ransomware as service (RaaS) operation that reached prominence in mid-2020, is reportedly still active, even if barely, as its operators continue to work on giving its strain new capabilities.

BleepingComputer

March 28, 2022

Malware-as-a-Service Gains Prominence in Threat Landscape Full Text

Abstract While organizations have improved their backup strategy, ransomware groups are responding by exfiltrating sensitive data and threatening to expose it. Cybercriminals are still shifting to living-off-the-land attack techniques.

Cyware Alerts - Hacker News

March 28, 2022 – APT

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon Full Text

Abstract Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian...

Security Affairs

March 28, 2022 – Solution

New Windows security feature blocks vulnerable drivers Full Text

Abstract Microsoft will allow Windows users to block drivers with known vulnerabilities with the help of Windows Defender Application Control (WDAC) and a vulnerable driver blocklist.

BleepingComputer

March 28, 2022 – Attack

Chrome and Edge hit with V8 type confusion vulnerability with in-the-wild exploit Full Text

Abstract Google is urging users on Windows, macOS, and Linux to update Chrome builds to version 99.0.4844.84, following the discovery of a vulnerability that has an exploit in the wild.

ZDNet

March 28, 2022 – Phishing

Shopping trap: The online stores’ scam that hits users worldwide Full Text

Abstract Shopping trap: Criminal gangs from China have been using copies of online stores of popular brands to target users all over the world Malicious schemas linked to online stores are on the rise in 2022. Criminal gangs from China have been using copies...

Security Affairs

March 28, 2022 – Attack

Microsoft Exchange targeted for IcedID reply-chain hijacking attacks Full Text

Abstract The distribution of the IcedID malware has returned to notable numbers thanks to a new campaign that hijacks existing email conversations threads and injects payloads that are hard to spot as malicious.

BleepingComputer

March 28, 2022 – General

Cloud-native adoption shifts security responsibility across teams Full Text

Abstract As organizations increase cloud-native adoption, a new Styra report outlines why developers and IT decision-makers need a unified approach to address security and compliance issues.

Help Net Security

March 27, 2022 – Botnet

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability Full Text

Abstract Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to  CVE-2022-0543 , a  Lua sandbox escape flaw  in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The vulnerability is rated 10 out of 10 for severity. "Due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbox and execute arbitrary code on the host," Ubuntu noted in an advisory released last month. According to  telemetry data  gathered by Juniper Threat Labs, the attacks leveraging the new flaw are said to have commenced on March 11, 2022, leading to the retrieval of a malicious shell script ("russia.sh") from a remote server, which is then utilized to fetch and execute the botnet binaries from another s

The Hacker News

March 27, 2022 – Ransomware

Hive ransomware ports its Linux VMware ESXi encryptor to Rust Full Text

Abstract The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations.

BleepingComputer

March 27, 2022 – Vulnerabilities

Sophos Firewall affected by a critical authentication bypass flaw Full Text

Abstract Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides...

Security Affairs

March 27, 2022 – Vulnerabilities

Critical Sophos Firewall vulnerability allows remote code execution Full Text

Abstract Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.

BleepingComputer

March 27, 2022 – General

Mar 20- Mar 26 Ukraine – Russia the silent cyber conflict Full Text

Abstract This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. March 25 - Anonymous leaked 28GB of data stolen from the Central Bank of Russia Anonymous announced that the affiliate group...

Security Affairs

March 27, 2022 – Breach

Okta: “We made a mistake” delaying the Lapsus$ hack disclosure Full Text

Abstract Okta has admitted that it made a mistake delaying the disclosure of hack from the Lapsus$ data extortion group that took place in January. Additionally, the company has provided a detailed timeline of the incident and its investigation activities.

BleepingComputer

March 27, 2022 – General

Security Affairs newsletter Round 358 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....

Security Affairs

March 27, 2022 – Vulnerabilities

Western Digital addressed a critical bug in My Cloud OS 5 Full Text

Abstract Western Digital fixed a critical flaw affecting My Cloud OS 5 devices that allowed attackers to gain remote code execution with root privileges. Western Digital has addressed a critical vulnerability, tracked as CVE-2021-44142, that could have allowed...

Security Affairs

March 27, 2022 – Government

CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog Full Text

Abstract The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited...

Security Affairs

March 26, 2022 – Business

Kaspersky named first Russian company on security risk list Full Text

Abstract The U.S. placed internet-security provider AO Kaspersky Lab on a list of companies deemed a threat to national security, for the first time adding a Russian entity to a list dominated by Chinese telecommunications firms.

Livemint

March 26, 2022 – General

Experts seek cyberwarfare definition following recent cyber warnings Full Text

Abstract Recent White House warnings urging the private sector to shore up its cyber defenses have experts questioning why U.S. officials haven’t already defined what constitutes cyberwarfare.

The Hill

March 26, 2022 – Government

FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List Full Text

Abstract The U.S. Federal Communications Commission (FCC) on Friday  moved  to add Russian cybersecurity company Kaspersky Lab to the " Covered List " of companies that pose an "unacceptable risk to the national security" of the country. The development marks the first time a Russian entity has been added to the list that's been otherwise dominated by Chinese telecommunications firms. Also added alongside Kaspersky were China Telecom (Americas) Corp and China Mobile International USA. The block list includes information security products, solutions, and services supplied, directly or indirectly, by the company or any of its predecessors, successors, parents, subsidiaries, or affiliates. The FCC said the decision was made pursuant to a Binding Operational Directive (BOD)  issued  by the Department of Homeland Security on September 11, 2017 that barred federal agencies from using Kaspersky-branded products in their information systems. The security services provider,

The Hacker News

March 26, 2022 – Hacker

Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion Full Text

Abstract A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after  Mustang Panda  to capitalize on the conflict. "The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine since the invasion began," SentinelOne researcher Tom Hegel  said  in a report published this week. SentinelOne's analysis follows an advisory from Ukraine's Computer Emergency Response Team (CERT-UA) earlier this week  outlining  a spear-phishing campaign that leads to the delivery of a RAR archive file, which comes with an executable that's designed to open a decoy file while stealthily dropping a malicious DLL called HeaderTip in the background. Scarab was  first documented  by the Symantec Threat Hunter Team, part of Broadcom Software, in January 2015, when i

The Hacker News

March 26, 2022 – Vulnerabilities

CISA adds 66 vulnerabilities to list of bugs exploited in attacks Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of 'Known Exploited Vulnerabilities.'

BleepingComputer

March 26, 2022 – Vulnerabilities

Western Digital fixes critical bug giving root on My Cloud NAS devices Full Text

Abstract Western Digital has fixed a critical severity vulnerability in the Samba vfs_fruit VFS module that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.

BleepingComputer

March 26, 2022 – Government

FCC adds Kaspersky to Covered List due to unacceptable risks to national security Full Text

Abstract The Federal Communications Commission (FCC) added Kaspersky to its Covered List because it poses unacceptable risks to U.S. national security. The Federal Communications Commission (FCC) added multiple Kaspersky products and services to its Covered...

Security Affairs

March 26, 2022 – Attack

Russian military behind hack of satellite communication devices in Ukraine at war’s outset, U.S. officials say Full Text

Abstract U.S. intelligence analysts have concluded that Russian military spy hackers were behind a cyberattack on a satellite broadband service that disrupted Ukraine’s military communications at the start of the war last month.

MSN

March 26, 2022 – Attack

Chinese Threat Actor Scarab Found Targeting Ukraine Full Text

Abstract The malicious activity by the threat actor dubbed UAC-0026 represents one of the first public examples of a Chinese threat actor targeting Ukraine since the invasion began.

Sentinel One

March 26, 2022 – Vulnerabilities

Honda downplays vulnerability allowing hackers to lock, unlock and start Civics Full Text

Abstract Honda said it has no plans to update its older vehicles after researchers with the University of Massachusetts and cybersecurity firm Cybereason released a proof-of-concept for a replay vulnerability affecting the Honda Civics.

The Record

March 26, 2022 – Government

New Advisory Released by the CISA, the FBI, and the DOE on Russia Threat Activity Against Energy Sector Organizations Full Text

Abstract This joint Cybersecurity Advisory coauthored by the CISA, the FBI, and the DOE provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 against Energy Sector organizations.

US CERT

March 26, 2022 – Breach

Okta says 366 clients had data ‘acted upon’ in Lapsus$ hack Full Text

Abstract As many as 366 Okta customers might have had their data ‘acted upon’ following the LapsusUS$ cyberattack against the identity security giant’s customer support subcontractor.

CRN

March 26, 2022 – Ransomware

Conti Ransomware Attacks Persist With an Updated Version Despite Leaks Full Text

Abstract The most recent Conti ransomware update introduced a number of new features and changes to the ransomware code. Some of these modifications include new command-line arguments.

Security Boulevard

March 26, 2022 – Ransomware

Ransomware infections follow precursor malware Full Text

Abstract A ransomware infection is usually preceded by what Lumu founder and CEO Ricardo Villadiego calls "precursor malware," essentially reconnaissance malicious code that has been around for a while.

The Register

March 26, 2022 – Vulnerabilities

100s of Russian Building Controllers Can be Remotely Hacked Full Text

Abstract Jose Bertin, an IT security researcher, has identified critical vulnerabilities in Tekon Avtomatika’s building controllers, which, if exploited, can lead to remote hacking of building controllers used by a vast number of Russian organizations.

Hackread

March 25, 2022 – Government

US officials say Russia behind hack of Ukrainian satellite communications at invasion start: report Full Text

Abstract The Russian military spy service, the GRU, was behind a hack that affected the Ukrainian military’s communications at the start of Russia's invasion into the country, U.S. intelligence analysts say, The Washington Post reported, citing U.S. officials familiar.

The Hill

March 25, 2022 – Vulnerabilities

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability Full Text

Abstract Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as  CVE-2022-1096 , the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022. Type confusion errors, which arise when a resource (e.g., a variable or an object) is accessed using a type that's incompatible to what was originally initialized, could have serious consequences in languages that are not  memory safe  like C and C++, enabling a malicious actor to perform out-of-bounds memory access. "When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution," MITRE's Common Weakness Enum

The Hacker News

March 25, 2022 – Policy and Law

The 2022 Cyber Incident Reporting Law: Key Issues to Watch Full Text

Abstract The new reporting mandate is designed to encourage compliance with the law and increase the quantity and quality of cyber incident reporting

Lawfare

March 25, 2022 – Breach

Anonymous leaked 28GB of data stolen from the Central Bank of Russia Full Text

Abstract Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia This week the Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. The...

Security Affairs

March 25, 2022 – General

Cybersecurity at the DNS Layer: Using AI to Analyze, Learn and Protect Full Text

Abstract Essentials in modern day cybersecurity include artificial intelligence and machine learning that can autonomously understand, learn and act to thwart cyberattacks.

Threatpost

March 25, 2022 – Policy and Law

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide Full Text

Abstract The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The [Federal Security Service] conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data," the U.S. government  said , attributing the attacks to an APT actor known as  Energetic Bear . In addition, the Justice Department  charged  four Russian government employees, including three officers of the Russian Federal Security Service and a computer programmer at the Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), for their roles in carrying out the attacks on oil refineries, nuclear facilities, and energy companies. The four Russian nationals are Pavel Aleksandrovich Akul

The Hacker News

March 25, 2022 – Vulnerabilities

Chrome emergency update fixes actively exploited a zero-day bug Full Text

Abstract Google addresses an actively exploited zero-day flaw with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux. Google fixed an actively exploited high-severity zero-day vulnerability with the release of Chrome 99.0.4844.84 for Windows,...

Security Affairs

March 25, 2022 – Criminals

7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in U.K. Full Text

Abstract The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta. "The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector, Michael O'Sullivan, said in a statement shared with The Hacker News. "Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing." The development, which was first  disclosed  by BBC News, comes after a report from Bloomberg  revealed  that a 16-year-old Oxford-based teenager is the mastermind of the group. It's not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is al

The Hacker News

March 25, 2022 – Government

Chinese threat actor Scarab targets Ukraine, CERT-UA warns Full Text

Abstract Ukraine CERT (CERT-UA) released details about a campaign that SentinelLabs linked with the suspected Chinese threat actor tracked as Scarab. Ukraine CERT (CERT-UA) published technical details about a malicious activity tracked as UAC-0026, which SentinelLabs...

Security Affairs

March 25, 2022 – Cryptocurrency

Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users Full Text

Abstract Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. "These malicious apps were able to steal victims' secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey,"  said  Lukáš Štefanko, senior malware researcher at ESET in a report shared with The Hacker News. The wallet services are said to have been distributed through a network of over 40 counterfeit wallet websites that are promoted with the help of misleading articles posted on legitimate Chinese websites, as well as by means of recruiting intermediaries through Telegram and Facebook groups, in an attempt to trick unsuspecting visitors into downloading the malicious apps. ESET, which has been tracking the campaign since May 2021, attributed it to the work of a single criminal group. The trojanized cr

The Hacker News

March 25, 2022 – Criminals

UK police arrested 7 alleged members of Lapsus$ extortion gang Full Text

Abstract UK police suspect that a 16-year-old from Oxford is one of the leaders of the popular Lapsus$ extortion group. The City of London Police announced to have arrested seven teenagers suspected of being members of the notorious Lapsus$ extortion gang,...

Security Affairs

March 25, 2022 – Policy and Law

US indicted 4 Russian government employees for attacks on critical infrastructure Full Text

Abstract The U.S. has indicted four Russian government employees for their involvement in attacks on entities in critical infrastructure. The U.S. has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies...

Security Affairs

March 25, 2022 – Malware

Storm Cloud Attempting To GIMMICK macOS Users Full Text

Abstract Volexity discovered a newly discovered macOS variant of Gimmick, a malware implant developed by a Chinese group tracked as Storm Cloud. It is targeting organizations across Asia. The samples of the GIMMICK malware are large and complex, which suggests the threat actor behind it seems to be well res ... Read More

Cyware Alerts - Hacker News

March 24, 2022 – Attack

Microsoft Azure Developers Awash in PII-Stealing npm Packages Full Text

Abstract A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.

Threatpost

March 24, 2022 – Malware

Microsoft Help Files Disguise Vidar Malware Full Text

Abstract Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look.

Threatpost

March 24, 2022 – Hacker

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms Full Text

Abstract Google's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks  aimed at security researchers  last year. The shortcoming in question is  CVE-2022-0609 , a use-after-free vulnerability in the browser's Animation component that Google addressed as part of updates (version 98.0.4758.102) issued on February 14, 2022. It's also the first zero-day flaw patched by the tech giant since the start of 2022. "The earliest evidence we have of this exploit kit being actively deploy

The Hacker News

March 24, 2022 – Phishing

Phishing kits constantly evolve to evade security software Full Text

Abstract Modern phishing kits sold on cybercrime forums as off-the-shelve packages feature multiple and sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won't mark them as a threat.

BleepingComputer

March 24, 2022 – Vulnerabilities

Microweber developers resolve XSS vulnerability in CMS software Full Text

Abstract These shortcomings meant it was possible for attackers to upload an XSS payload, providing it contained a file whose name ended with ‘html’ ­– a category that includes far more than just simple .html files.

The Daily Swig

March 24, 2022 – General

Hillicon Valley — New York taxis coming to Uber Full Text

Abstract Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here. 

The Hill

March 24, 2022 – Criminals

23-Year-Old Russian Hacker Wanted by FBI for Running Marketplace of Stolen Logins Full Text

Abstract A 23-year-old Russian national has been indicted in the U.S. and added to the Federal Bureau of Investigation's (FBI) Cyber Most Wanted List for his alleged role as the administrator of Marketplace A, a cyber crime forum that sold stolen login credentials, personal information, and credit card data. Igor Dekhtyarchuk , who first appeared in hacker forums in 2013 under the alias "floraby," has been accused of charges of wire fraud, access device fraud, and aggravated identity theft, a set of offenses that could lead to up to 20 years in federal prison. According to the FBI's  Wanted poster , Dekhtyarchuk previously studied at the Ural State University in Yekaterinburg, Russia, and was last known to reside in the city of Kamensk-Uralsky. "Marketplace A specialized in the sale of unlawfully obtained access devices for compromised online payment platforms, retailers, and credit card accounts, including providing the data associated with those accounts such as na

The Hacker News

March 24, 2022 – Hacker

Experts explained how to hack a building controller widely adopted in Russia Full Text

Abstract A researcher discovered critical flaws that can be exploited by remote attackers to hack a building controller popular in Russia. A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller...

Security Affairs

March 24, 2022 – Breach

HubSpot Data Breach Ripples Through Crytocurrency Industry Full Text

Abstract ~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.

Threatpost

March 24, 2022 – Breach

Morgan Stanley client accounts breached in social engineering attacks Full Text

Abstract Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised following vishing attacks.

BleepingComputer

March 24, 2022 – Vulnerabilities

Many Critical Flaws Patched in Delta Electronics Energy Management System Full Text

Abstract At least 30 vulnerabilities were found in the past year in the DIAEnergie industrial energy management system made by Delta Electronics. The company says it has created patches for all of them.

Security Week

March 24, 2022 – Policy and Law

DOJ charges former Russian government empoyees for hacking energy sectors Full Text

Abstract The U.S. Department of Justice indicted four Russian nationals on Thursday alleged to have hacked energy sectors in 135 countries.

The Hill

March 24, 2022 – APT

Chinese APT Hackers Targeting Betting Companies in Southeast Asia Full Text

Abstract A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong. Cybersecurity firm Avast dubbed the campaign  Operation Dragon Castling , describing its malware arsenal as a "robust and modular toolset." The ultimate motives of the threat actor are not immediately discernible as yet nor has it been linked to a known hacking group. While multiple initial access avenues were employed during the course of the campaign, one of the attack vectors involved leveraging a previously unknown remote code execution flaw in the WPS Office suite ( CVE-2022-24934 ) to backdoor its targets. The issue has since been addressed by Kingsoft Office, the developers of the office software. In the case observed by the Czech security firm, the vulnerability was used to drop a malicious binary from a fake update server with the domain update.wps[.]cn that triggers a m

The Hacker News

March 24, 2022 – Hacker

Anonymous targets western companies still active in Russia, including Auchan, Leroy Merlin e Decathlon Full Text

Abstract Anonymous launches its offensive against Wester companies still operating in Russia, it 'DDoSed' Auchan, Leroy Merlin e Decathlon websites. Since the start of the Russian invasion of Ukraine on February 24, Anonymous has declared war on Russia and...

Security Affairs

March 24, 2022 – APT

Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection Full Text

Abstract Mustang Panda’s already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.

Threatpost

March 24, 2022 – Policy and Law

US charges 4 Russian govt employees with critical infrastructure hacks Full Text

Abstract The U.S. has indicted four Russian government employees for their involvement in hacking campaigns targeting hundreds of companies and organizations from the global energy sector between 2012 and 2018.

BleepingComputer

March 24, 2022 – Attack

Anonymous claims to have hacked the Central Bank of Russia Full Text

Abstract The infamou hacker collective claims to have compromised the systems of the Central Bank of Russia and stolen 35,000 files, it announced that it will leak the files in 48 hours.

Security Affairs

March 24, 2022 – Criminals

Alleged Microsoft, Okta hackers arrested in UK Full Text

Abstract British authorities arrested seven individuals on Thursday suspected of hacking major tech companies including Okta and Microsoft, according to Reuters.

The Hill

March 24, 2022 – Malware

How to Build a Custom Malware Analysis Sandbox Full Text

Abstract Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service. Why do you need a malware sandbox?  A sandbox allows detecting cyber threats and analyzing them safely. All information remains secure, and a suspicious file can't access the system. You can monitor malware processes, identify their patterns and investigate behavior. Before setting up a sandbox, you should have a clear goal of what you want to achieve through the lab.  There are two ways how to organize your working space for analysis: Custom sandbox.  Made from scratch by an analyst on their own, specifically for their needs. A turnkey solution.  A versatile service with a range of configurations to meet yo

The Hacker News

March 24, 2022 – Vulnerabilities

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control Full Text

Abstract VMware addressed two critical arbitrary code execution vulnerabilities affecting its Carbon Black App Control platform. VMware released this week, software updates to address two critical security vulnerabilities, CVE-2022-22951 and CVE-2022-22952...

Security Affairs

March 24, 2022 – General

Top 3 Attack Trends in API Security – Podcast Full Text

Abstract Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.

Threatpost

March 24, 2022 – Vulnerabilities

Western Digital My Cloud OS update fixes critical vulnerability Full Text

Abstract Western Digital has released new My Cloud OS firmware to fix a vulnerability exploited by bug hunters during the Pwn2Own 2021 hacking competition to achieve remote code execution.

BleepingComputer

March 24, 2022 – General

Internet crime in 2021: Investment fraud losses soar Full Text

Abstract The number of complaints received by the FBI IC3 in 2021 (847,376) has surpassed that of complaints in 2020 (791,790), and the total monetary loss suffered by victims ($6.9 Billion) has far outstripped losses suffered in 2020 ($4.2 Billion).

Help Net Security

March 24, 2022 – Attack

Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England Full Text

Abstract Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a  security incident  experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. The company added that 366 corporate customers, or about 2.5% of its customer base, may have been impacted by the "highly constrained" compromise. "On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer' Okta account [from a new location]," Okta's Chief Security Officer, David Bradbury,  said  in a statement. "This factor was a password." The disclosure comes after LAPSUS$ posted screenshots of Okta's apps and systems earlier this week, about two months after the hackers gain access to the company's internal network over a five-day period between January 16 and 21, 2022 using remote desktop proto

The Hacker News

March 24, 2022 – Attack

Anonymous claims to have hacked the Central Bank of Russia Full Text

Abstract The Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. Anonymous continues to target Russian government organizations and private businesses, now it is claiming to have hacked the Central...

Security Affairs

March 24, 2022 – Phishing

Tax-Season Scammers Spoof Fintechs, Including Stash, Public Full Text

Abstract Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.

Threatpost

March 24, 2022 – Criminals

Lapsus$ suspects arrested for Microsoft, Nvidia, Okta hacks Full Text

Abstract As Lapsus$ data extortion gang announced that several of its members are taking a vacation, the City of London Police say they have arrested seven individuals connected to the gang.

BleepingComputer

March 24, 2022 – Breach

Lapsus$ Infiltrates High Profile Victims Through Employee Accounts Full Text

Abstract The Lapsus$ group, also tracked as DEV-0537, deploys the RedLine password stealer to get access to session tokens and passwords. It buys session tokens and credentials from underground forums. These credentials are used to access VPN, RDP, and VDI systems.

Cyware Alerts - Hacker News

March 24, 2022 – Malware

Over 200 Malicious NPM Packages Caught Targeting Azure Developers Full Text

Abstract A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. "After manually inspecting some of these packages, it became apparent that this was a targeted attack against the entire  @azure NPM scope , by an attacker that employed an automatic script to create accounts and upload malicious packages that cover the entirety of that scope," JFrog researchers Andrey Polkovnychenko and Shachar Menashe  said  in a new report. The entire set of malicious packages was disclosed to the NPM maintainers roughly two days after they were published, leading to their quick removal, but not before each of the packages were downloaded around 50 times on average. The attack refers to what's called typosquatting, which takes place when bad actors push rogue packages with names mimicking legitimate libraries to a public software registry such as NPM or PyPI wit

The Hacker News

March 24, 2022 – Attack

Okta says 375 customers impacted by the hack, but Lapsus$ gang says it is lying Full Text

Abstract The provider of access management systems Okta confirmed the data breach and revealed that 2.5% of its customers were impacted. This week Lapsus$ extortion group claimed to have stolen sensitive data from the identity and access management giant...

Security Affairs

March 24, 2022 – Malware

Malicious Microsoft Excel add-ins used to deliver RAT malware Full Text

Abstract Researchers report a new version of the JSSLoader remote access trojan being distributed malicious Microsoft Excel addins.

BleepingComputer

March 24, 2022 – Malware

Vidar spyware is now hidden in Microsoft help files Full Text

Abstract According to Trustwave, the email campaign distributing Vidar is not very sophisticated. The email contains a generic subject line and an attachment, "request.doc," which is actually a .iso disk image.

ZDNet

March 24, 2022 – General

South Africa wants to fight SIM swapping with biometric checks Full Text

Abstract The independent communications authority of South Africa (ICASA) has submitted a radical proposal to tackle the problem of SIM swapping attacks in the country, suggesting that local service providers should keep biometric data of cellphone number owners.

BleepingComputer

March 24, 2022 – Attack

Ukrainian Enterprises Targeted with New DoubleZero Wiper Malware Full Text

Abstract DoubleZero wipe files use two techniques, overwriting their content with zero blocks of 4096 bytes (using FileStream.Write) or using API-calls NtFileOpen, NtFsControlFile (code: FSCTL_SET_ZERO_DATA).

Security Affairs

March 24, 2022 – Hacker

North Korean hackers exploit Chrome zero-day weeks before patch Full Text

Abstract North Korean state hackers have exploited a zero-day, remote code execution vulnerability in Google Chrome web browser for more than a month before a patch became available, in attacks targeting news media, IT companies, cryptocurrency and fintech organizations.

BleepingComputer

March 24, 2022 – Criminals

This is how much the average Conti hacking group member earns a month Full Text

Abstract According to findings by Secureworks, the average Conti ransomware group member earns a salary of $1,800 per month, a figure you might consider low considering the success of the criminal gang.

ZDNet

March 24, 2022 – General

A Better Grasp of Cyber Attack Tactics Can Stop Criminals Faster Full Text

Abstract Recently, FortiGuard Labs released the latest Global Threat Landscape Report for the second half of 2021. There is a ton of data in it and several key takeaways. The main themes that weave through this report are about the increase in cybercriminal sophistication as well as speed.

BleepingComputer

March 24, 2022 – Business

MixMode raises $45 million to automate cyberattack detection for organizations Full Text

Abstract MixMode announced that it has raised $45 million in a Series B funding round led by the growth equity firm PSG, with participation from existing investor Entrada Ventures.

Help Net Security

March 23, 2022 – Ransomware

DeadBolt Ransomware Resurfaces to Hit QNAP Again Full Text

Abstract A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.

Threatpost

March 23, 2022 – Vulnerabilities

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control Full Text

Abstract VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as  CVE-2022-22951 and CVE-2022-22952 , both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system. Credited with reporting the two issues is security researcher Jari Jääskelä. That said, successful exploitation of the vulnerabilities banks on the prerequisite that the attacker is already logged in as an administrator or a highly privileged user. VMware Carbon Black App Control is an  application allow listing solution  that's used to lock down servers and critical systems, prevent unwanted changes, and ensure continuous compliance with regulatory mandates. CVE-2022-22951 has been described as a command injection vulnerability that could enable an authenticated, high privileged actor w

The Hacker News

March 23, 2022 – Criminals

FBI adds Russian cybercrime market owner to most wanted list Full Text

Abstract A Russian national has been indicted by the US DOJ and added to the FBI's Cyber Most Wanted list for allegedly creating and managing a cybercrime marketplace.

BleepingComputer

March 23, 2022 – Malware

BitRAT Spreads as Windows Activator Full Text

Abstract A new BitRAT malware campaign is leveraging illegal crack tools for Windows 10 license verification. The campaign targets users looking to activate pirated Windows OS versions on webhards for free. BitRAT supports generic keylogging, audio recording, clipboard monitoring, credential theft from web ... Read More

Cyware Alerts - Hacker News

March 23, 2022 – General

Hillicon Valley — FBI warns of possible Russian cyberattacks Full Text

Abstract Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here and view the full edition here.

The Hill

March 23, 2022 – Hacker

Chinese ‘Mustang Panda’ Hackers Spotted Deploying New ‘Hodur’ Malware Full Text

Abstract A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the  PlugX  remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur , owing to its resemblance to another PlugX (aka Korplug) variant called  THOR  that came to light in July 2021. "Most victims are located in East and Southeast Asia, but a few are in Europe (Greece, Cyprus, Russia) and Africa (South Africa, South Sudan)," ESET malware researcher Alexandre Côté Cyr  said  in a report shared with The Hacker News. "Known victims include research entities, internet service providers (ISPs), and European diplomatic missions mostly located in East and Southeast Asia." Mustang Panda, also known as TA416, HoneyMyte, RedDelta, or PKPLUG, is a  cyber espionage group  that's primarily known for targeting non-governmental organizations with a specific focu

The Hacker News

March 23, 2022 – Attack

Ukrainian enterprises hit with the DoubleZero wiper Full Text

Abstract Ukraine CERT-UA warns of cyberattack aimed at Ukrainian enterprises using the a wiper dubbed DoubleZero. Ukraine CERT-UA continues to observe malware based attacks aimed at Ukrainian organizations, in a recent alert it warned of attacks employing...

Security Affairs

March 23, 2022 – Attack

New Mustang Panda hacking campaign targets diplomats, ISPs Full Text

Abstract An ongoing Mustang Panda campaign that has started at least eight months ago has been uncovered by threat analysts who also managed to sample and analyze custom malware loaders and a new Korplug variant.

BleepingComputer

March 23, 2022 – Attack

Browser-in-the-Browser - An (Almost) Invisible Attack Full Text

Abstract Researchers devised a new phishing technique, dubbed Browser-in-the-Browser (BitB) attack that lets cybercriminals spoof a browser window within a browser by leveraging a mix of HTML and CSS code. The novel BitB attack bypasses both a URL with HTTPS encryption and a hover-over-it security check.&nb ... Read More

Cyware Alerts - Hacker News

March 23, 2022 – Breach

Sensitive health data of 50 million Americans hacked or breached last year: analysis Full Text

Abstract The health data of almost 50 million Americans was breached last year, according to a Politico analysis of data from the Department of Health and Human Services.

The Hill

March 23, 2022 – Malware

New Variant of Chinese Gimmick Malware Targeting macOS Users Full Text

Abstract Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as  Storm Cloud , cybersecurity firm Volexity characterized the new malware, dubbed  Gimmick , a "feature-rich, multi-platform malware family that uses public cloud hosting services (such as Google Drive) for command-and-control (C2) channels." The cybersecurity firm said it recovered the sample through memory analysis of a compromised MacBook Pro running macOS 11.6 (Big Sur) as part of an intrusion campaign that took place in late 2021. "Storm Cloud is an advanced and versatile threat actor, adapting its tool set to match different operating systems used by its targets," Volexity researchers Damien Cash, Steven Adair, and Thomas Lancaster  said  in a report. "They make use of built-in operating system utilities, open-source too

The Hacker News

March 23, 2022 – Government

FBI warns of growing risks of Russia-linked attacks on US energy firms Full Text

Abstract The FBI is warning of risks related to cyber attacks aimed at energy companies of Russia-linked threat actors. The FBI is warning energy companies of the risks of cyber attacks carried out by Russia-linked threat actors, reported The Associated Press. The...

Security Affairs

March 23, 2022 – General

FBI: Ransomware hit 649 critical infrastructure orgs in 2021 Full Text

Abstract The Federal Bureau of Investigation (FBI) says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report.

BleepingComputer

March 23, 2022 – Malware

Slithering Serpent - New Backdoor and a Unique Attack Chain Full Text

Abstract An unknown and likely sophisticated threat actor is leveraging a unique amalgamation of open-source software, a detection bypass technique, and steganography to attack French entities.

Cyware Alerts - Hacker News

March 23, 2022 – Business

Microsoft confirms breach by Lapsus$ hacker group Full Text

Abstract Microsoft has confirmed that the hacker group Lapsus$ breached its security system, after the digital extortion gang claimed credit earlier this week.

The Hill

March 23, 2022 – Solution

Use This Definitive RFP Template to Effectively Evaluate XDR solutions Full Text

Abstract A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions. XDR has been referred to as the next step in the evolution of Endpoint Detection and Response (EDR) solutions. Because XDR represents a new solution category, there is no single accepted definition of what capabilities and features should (and shouldn't) be included. Each provider approaches XDR with different strengths and perspectives on how what an XDR solution should include. Therefore, selecting an XDR provider is quite challenging as organizations must organize and prioritize a wide range of capabilities that can differ significantly between providers. Cynet is now addressing this need with the Definitive RFP Template for XDR solutions ( download here ),

The Hacker News

March 23, 2022 – APT

China-linked GIMMICK implant now targets macOS Full Text

Abstract Gimmick is a newly discovered macOS implant developed by the China-linked APT Storm Cloud and used to target organizations across Asia. In late 2021, Volexity researchers investigated an intrusion in an environment they were monitoring and discovered...

Security Affairs

March 23, 2022 – Hacker

Hackers steal from hackers by pushing fake malware on forums Full Text

Abstract Security analysts from two companies have spotted a new case of hackers targeting hackers via clipboard stealers disguised as cracked RATs and malware building tools.

BleepingComputer

March 23, 2022 – Malware

DirtyMoe Modules Introduce Worm-Like Features Full Text

Abstract Avast researchers have observed three main ways in which the malware is being disseminated - PurpleFox EK, PurpleFox Worm, and injected Telegram installers. It is likely that the malware propagates through other methods too.

Cyware Alerts - Hacker News

March 23, 2022 – Government

FBI ‘concerned’ about possible Russian cyberattacks on critical infrastructure Full Text

Abstract FBI Director Christopher Wray on Tuesday warned the private sector to prepare for potential cyberattacks, saying U.S. agents were "particularly focused on the destructive cyber threat" from Russian agents.

The Hill

March 23, 2022 – Botnet

Over 200,000 MicroTik Routers Worldwide Are Under the Control of Botnet Malware Full Text

Abstract Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years.  According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted  Glupteba botnet  as well as the infamous TrickBot malware were all distributed using the same command-and-control (C2) server. "The C2 server serves as a botnet-as-a-service controlling nearly 230,000 vulnerable MikroTik routers," Avast's senior malware researcher, Martin Hron,  said  in a write-up, potentially linking it to what's now called the Mēris botnet. The botnet is known to exploit a known vulnerability in the Winbox component of MikroTik routers ( CVE-2018-14847 ), enabling the attackers to gain unauthenticated, remote administrative access to any affected device. Parts of the Mēris botnet were  sinkholed  in late  September 2021 . "The  CVE-2018-

The Hacker News

March 23, 2022 – Criminals

It’s official, Lapsus$ gang compromised a Microsoft employee’s account Full Text

Abstract Microsoft confirmed that Lapsus$ extortion group has hacked one of its employees to access and steal the source code of some projects. Microsoft confirmed that Lapsus$ extortion group has hacked one of its employees to access and steal the source...

Security Affairs

March 23, 2022 – Vulnerabilities

Hackers exploit new WPS Office flaw to breach betting firms Full Text

Abstract An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems.

BleepingComputer

March 23, 2022 – APT

APT Group Targets Betting Companies Using MulCom Backdoor in Taiwan, the Philippines, and Hong Kong Full Text

Abstract Due to the similarities between the MulCom backdoor used by this group and FFRat, researchers suspect that the FFRat codebase is being shared between several Chinese adversary groups.

Avast

March 23, 2022 – Ransomware

Ten notorious ransomware strains put to the encryption speed test Full Text

Abstract Researchers have conducted a technical experiment, testing ten ransomware variants to determine how fast they encrypt files and evaluate how feasible it would be to timely respond to their attacks.

BleepingComputer

March 23, 2022 – Business

Weeks after launch, Island hits $1.3B valuation with $115M round Full Text

Abstract The round was led by previous lead investor Insight Partners, and comes just weeks after the New York-based venture capital firm raised over $20 billion for its 12th flagship fund.

Tech Crunch

March 23, 2022 – Malware

New JSSLoader Trojan Delivered Through XLL Files Full Text

Abstract Attackers are now using .XLL files to deliver a new, obfuscated version of JSSLoader. This new malware variant utilizes the Excel add-ins feature to load the malware and inspect the changes inside.

Morphisec

March 23, 2022 – Government

FBI Warns of Growing Russian Hacking Activity Targeting US Energy Firms Full Text

Abstract The FBI advisory shares 140 internet protocol, or IP, addresses that it says have been associated with the scanning of critical infrastructure in the U.S. since at least March 2021.

Security Week

March 23, 2022 – Hacker

Chinese Mustang Panda Hacker Group Spotted Deploying New Hodur Malware Full Text

Abstract ESET researchers have discovered Hodur, a previously undocumented Korplug variant spread by Mustang Panda, that uses phishing lures referencing current events in Europe, including the invasion of Ukraine.

ESET Security

March 22, 2022 – Criminals

Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta Full Text

Abstract Lapsus$ shared screenshots of internal Okta systems and 40Gb of purportedly stolen Microsoft data on Bing, Bing Maps and Cortana.

Threatpost

March 22, 2022 – Breach

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group Full Text

Abstract Microsoft on Tuesday  confirmed  that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. "No customer code or data was involved in the observed activities," Microsoft's Threat Intelligence Center (MSTIC) said, adding that the breach was facilitated by means of a single compromised account that has since been remediated to prevent further malicious activity. The Windows maker, which was already tracking the group under the moniker DEV-0537 prior to the public disclosure,  said  it "does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk." "This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact," the company's security

The Hacker News

March 22, 2022 – Breach

Okta confirms 2.5% customers impacted by hack in January Full Text

Abstract Okta, a major provider of access management systems, says that 2.5%, or approximately 375 customers, were impacted by a cyberattack claimed by the Lapsus$ data extortion group.

BleepingComputer

March 22, 2022 – Attack

Microsoft confirms they were hacked by Lapsus$ extortion group Full Text

Abstract Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code.

BleepingComputer

March 22, 2022 – Ransomware

Another Source Code Leak for Conti Ransomware Full Text

Abstract New source code for the Russian-based Conti ransomware operation has been leaked on Twitter—as revenge for the ongoing war—by the Ukrainian researcher named Conti Leaks. The source code leak is a Visual Studio solution that can be decompiled easily, thus allowing anyone to compile the code and the ... Read More

Cyware Alerts - Hacker News

March 22, 2022 – Government

Hillicon Valley — Biden’s child privacy call gets backers Full Text

Abstract Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here. 

The Hill

March 22, 2022 – Breach

LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta Full Text

Abstract Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang. The development, which was first reported by  Vice  and  Reuters , comes after the cyber criminal group posted screenshots and source code of what it said were the companies' internal projects and systems on its Telegram channel. The leaked 37GB archive shows that the group may have accessed the repositories related to Microsoft's Bing, Bing Maps, and Cortana, with the  images  highlighting Okta's Atlassian suite and in-house Slack channels. "For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor," the hacking cartel wrote on Telegram. On top of this, the group alleged that it breached LG Electronics (LGE) for the "second time" in a year. Bill Demirkapi, an independent security researcher,  noted  th

The Hacker News

March 22, 2022 – Breach

Anonymous hacked Nestlè and leaked 10 GB of sensitive Full Text

Abstract The popular Anonymous hacktivist collective announced to have hacked Nestlè and leaked 10 GB of sensitive data because the food and beverage giant continued to operate in Russia. The popular Anonymous hacktivist collective recently declared war on all companies...

Security Affairs

March 22, 2022 – General

FIDO: Here’s Another Knife to Help Murder Passwords Full Text

Abstract After years of promising a passwordless future – really, any day now! – FIDO is proposing tweaks to WebAuthn that could put us out of password misery. Experts aren’t so sure.

Threatpost

March 22, 2022 – Government

White House shares checklist to counter Russian cyberattacks Full Text

Abstract The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future.

BleepingComputer

March 22, 2022 – Criminals

BlackMatter Affiliates Propagate BlackCat Ransomware Full Text

Abstract Researchers analyzed two recent ransomware attacks by BlackCat and BlackMatter and discovered overlaps in their TTPs. However, one of the representatives of BlackCat had already claimed that the ransomware is not the rebranding of BlackMatter. BlackCat could be playing an important role in helping ... Read More

Cyware Alerts - Hacker News

March 22, 2022 – Breach

Software firm investigates digital breach Full Text

Abstract Okta, a software company based in San Francisco, said it is investigating a possible digital breach after hackers posted screenshots of internal information, according to Reuters.

The Hill

March 22, 2022 – Solution

Wazuh Offers XDR Functionality at a Price Enterprises Will Love — Free! Full Text

Abstract Back in 2018, Palo Alto Networks CTO and co-founder Nir Zuk coined a new term to describe the way that businesses needed to approach cybersecurity in the years to come. That term, of course, was extended detection and response (XDR). It described a unified cybersecurity infrastructure that brought endpoint threat detection, network analysis and visibility (NAV), access management, and more under a single roof to find and neutralize digital threats in real-time. And Zuk's vision of XDR proved prophetic. In the years since he coined the phrase, platforms leveraging the XDR model have emerged as the de-facto leaders of the business cybersecurity industry. But their scale and complexity put them in a product class that's just out of reach for some enterprises. Fortunately, the open-source community — as it often does — has filled the XDR void with an affordable product — because it's totally free. It's called  Wazuh , and it provides enterprises the tools they need to bu

The Hacker News

March 22, 2022 – Attack

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices  Full Text

Abstract Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. Since January, DeadBolt...

Security Affairs

March 22, 2022 – Breach

Okta confirms support engineer’s laptop was hacked in January Full Text

Abstract Okta, a major provider of access management systems, has completed its investigation into a breach incident claimed by the Lapsus$ data extortion group.

BleepingComputer

March 22, 2022 – General

FBI: AvosLocker Ransomware is Actively Targeting U.S. Critical Infrastructure Full Text

Abstract The FBI issued a joint cybersecurity advisory against AvosLocker ransomware operations aimed at crippling the networks of U.S. critical infrastructure. It has targeted multiple sectors including financial services, critical manufacturing sectors, and government facilities as well. The advisory ... Read More

Cyware Alerts - Hacker News

March 22, 2022 – Government

U.S. Government Warns Companies of Potential Russian Cyber Attacks Full Text

Abstract The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for  economic sanctions  imposed by the west on the country following its  military assault on Ukraine  last month. "It's part of Russia's playbook," U.S. President Joe Biden  said  in a  statement , citing "evolving intelligence that the Russian Government is exploring options." The development comes as the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned of "possible threats" to U.S. and international satellite communication (SATCOM) networks in the wake of a cyber attack targeting  Viasat KA-SAT network , used extensively by the Ukrainian military, roughly around the time when Russian armed forces invaded Ukraine on February 24. "Successful intrusions into SATCOM networks could create risk in SATCOM network providers' customer environments," the agencies  said . T

The Hacker News

March 22, 2022 – Vulnerabilities

Three critical RCE flaws affect hundreds of HP printer models Full Text

Abstract Three critical RCE flaws affect hundreds of HP LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. HP issued a security bulletin warning of a buffer overflow vulnerability, tracked as CVE-2022-3942 (CVSS...

Security Affairs

March 22, 2022 – Malware

Custom macOS malware of Chinese hackers ‘Storm Cloud’ exposed Full Text

Abstract Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud.'

BleepingComputer

March 22, 2022 – Attack

Scottish mental health charity “devastated” by heartless RansomEXX ransomware attack Full Text

Abstract SAMH (the Scottish Association for Mental Health) helps provide care and support for adults and young people suffering from issues with their mental health, and campaigns to influence positive social change.

Bit Defender

March 22, 2022 – Vulnerabilities

New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems Full Text

Abstract Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software's  InsydeH2O  and HP Unified Extensible Firmware Interface ( UEFI ). Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity vulnerabilities are rated 8.2 out of 10 on the CVSS scoring system. "The active exploitation of all the discovered vulnerabilities can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement," firmware security company Binarly, which discovered the latter three flaws,  said  in a write-up. "The remote device health attestation solutions will not detect the affected systems due to the design limitations in visibility of the firmware runtime." All the flaws relate to improper input v

The Hacker News

March 22, 2022 – Criminals

Lapsus$ extortion gang claims to have stolen sensitive data from Okta Full Text

Abstract The Lapsus$ extortion group claims to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack....

Security Affairs

March 22, 2022 – Outage

Greece’s public postal service offline due to ransomware attack Full Text

Abstract ELTA, the state-owned provider of postal services in Greece, has disclosed a ransomware incident detected on Sunday that is still keeping most of the organizations services offline.

BleepingComputer

March 22, 2022 – Business

Application Security Firm ForAllSecure Raises $21 Million Full Text

Abstract ForAllSecure plans to use the funding to accelerate growth, hire new talent, and build a solution that would help secure open source projects that businesses worldwide depend on.

Security Week

March 22, 2022 – Breach

Lapsus$ extortion gang leaked the source code for some Microsoft projects Full Text

Abstract The Lapsus$ extortion group claims to have hacked Microsoft 's internal Azure DevOps server and leaked the source code for some projects. Microsoft recently announced that is investigating claims that the Lapsus$ cybercrime gang breached...

Security Affairs

March 22, 2022 – General

The top 5 things the 2022 Weak Password Report means for IT security Full Text

Abstract Given that passwords have had such unprecedented longevity, it would seem that password security best practices would be refined to the point of perfection. Even so, Specops Software's first annual Weak Password Report has yielded some interesting results that may cause you to rethink the way that your organization manages passwords.

BleepingComputer

March 22, 2022 – Business

McAfee Enterprise’s security service edge business is now called Skyhigh Security Full Text

Abstract At the start of this year, Symphony Technology Group (STG) announced Trellix was the new name for the business unit that resulted from the merger of McAfee Enterprise and FireEye last October.

ZDNet

March 22, 2022 – Attack

Serpent backdoor targets French entities with high-evasive attack chain Full Text

Abstract A new email campaign aimed at French entities leverages the Chocolatey Windows package manager to deliver the Serpent backdoor. Proofpoint researchers uncovered a targeted attack leveraging an open-source package installer Chocolatey to deliver a backdoor...

Security Affairs

March 22, 2022 – Vulnerabilities

Hundreds of HP printer models vulnerable to remote code execution Full Text

Abstract HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.

BleepingComputer

March 22, 2022 – Attack

Top Russian meat producer hit with Windows BitLocker encryption attack Full Text

Abstract Moscow-based meat producer and distributor Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems, according to a report from Rosselkhoznadzor - the Russian federal veterinary and phytosanitary supervision service.

BleepingComputer

March 22, 2022 – Breach

Okta investigating claims of customer data breach from Lapsus$ group Full Text

Abstract Okta, a leading provider of authentication services and Identity and access management (IAM) solutions says it is investigating claims of data breach.

BleepingComputer

March 22, 2022 – Breach

Lapsus$ hackers leak 37GB of Microsoft’s alleged source code Full Text

Abstract The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft's internal Azure DevOps server.

BleepingComputer

March 22, 2022 – APT

Russia-linked InvisiMole APT targets state organizations of Ukraine Full Text

Abstract Ukraine CERT (CERT-UA) warns of spear-phishing ​​attacks conducted by UAC-0035 group (aka InvisiMole) on state organizations of Ukraine. The Government Team for Response to Computer Emergencies of Ukraine (CERT-UA) warns of spear-phishing messages...

Security Affairs

March 21, 2022 – Malware

BitRAT malware now spreading as a Windows 10 license activator Full Text

Abstract A new BitRAT malware distribution campaign is underway, exploiting users looking to activate pirated Windows OS versions for free using unofficial Microsoft license activators.

BleepingComputer

March 21, 2022 – Hacker

Caketap Rootkit by UNC2891 Targets Banks Customers Full Text

Abstract The LightBasin threat actor is using the new Unix rootkit Caketap against servers running Oracle Solaris. Caketap can hide network files, processes, and connections, and install hooks into system functions for remote commands and configurations. The group has mostly targeted Oracle Solaris-bas ... Read More

Cyware Alerts - Hacker News

March 21, 2022 – Government

White House warns Russia prepping possible cyberattacks against US Full Text

Abstract The White House on Monday urged private companies to bolster their cyber defenses, citing evolving intelligence suggesting the Russian government is exploring “options for potential cyberattacks” targeting U.S. critical infrastructure.

The Hill

March 21, 2022 – Phishing

New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable Full Text

Abstract A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on ( SSO ) options embedded on websites such as "Sign in with Google" (or Facebook, Apple, or Microsoft). While the default behavior when a user attempts to sign in via these methods is to be greeted by a pop-up window to complete the authentication process, the BitB attack aims to replicate this entire process using a mix of HTML and CSS code to create an entirely fabricated browser window. "Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it's basically indistinguishable," mrd0x_  said  in a technical write-up published last

The Hacker News

March 21, 2022 – Government

White House Statement and Briefing on Nation’s Cybersecurity Full Text

Abstract President Biden's statement warns U.S. companies to prepare for possible Russian cyberattacks.

Lawfare

March 21, 2022 – Malware

Android password-stealing malware infects 100,000 Google Play users Full Text

Abstract A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download.

BleepingComputer

March 21, 2022 – Malware

Gh0stCringe Targets Weakly Configured Microsoft SQL, MySQL Servers Full Text

Abstract AhnLab found a malware threat dubbed Gh0stCringe targeting Oracle's open-source MySQL and Microsoft's SQL Server by abusing weak user credentials. Moreover, researchers have identified multiple malware samples—such as KingMiner and Vollgar CoinMiner—on the targeted servers. Experts say frequen ... Read More

Cyware Alerts - Hacker News

March 21, 2022 – Malware

New Backdoor Targets French Entities via Open-Source Package Installer Full Text

Abstract Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called  Serpent  on compromised systems. Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the victimology patterns observed. The ultimate objective of the campaign remains presently unknown. "The threat actor attempted to install a backdoor on a potential victim's device, which could enable remote administration, command and control (C2), data theft, or deliver other additional payloads," Proofpoint researchers  said  in a report shared with The Hacker News. The phishing lure that triggers the infection sequence makes use of a resume-themed subject line, with the attached macro-embedded Microsoft Word document masquerading as information related to the European Union's General Data Prot

The Hacker News

March 21, 2022 – Criminals

Lapsus$ gang claims to have hacked Microsoft source code repositories Full Text

Abstract Microsoft is investigating claims that the Lapsus$ hacking group breached its internal Azure DevOps source code repositories. Microsoft announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source...

Security Affairs

March 21, 2022 – Vulnerabilities

Windows zero-day flaw giving admin rights gets unofficial patch, again Full Text

Abstract A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server.

BleepingComputer

March 21, 2022 – Attack

Attackers Targeting Unpatched SolarWinds WHD Instances Full Text

Abstract In the wake of new attacks, SolarWinds urged customers to remove their Web Help Desk instances from their publicly accessible infrastructure. An attacker may take advantage of unpatched WHD instances (CVE-2021-35251) for getting access to environmental details about the installation. SolarWinds rec ... Read More

Cyware Alerts - Hacker News

March 21, 2022 – Phishing

‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users Full Text

Abstract Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. Cybersecurity company Sophos, which has named the organized crime campaign " CryptoRom ," characterized it as a wide-ranging global scam. "This style of cyber-fraud, known as sha zhu pan (杀猪盘) — literally 'pig butchering plate' — is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence," Sophos analyst Jagadeesh Chandraiah  said  in a report published last week. The campaign works by approaching potential targets through dating apps like Bumble, Tinder, Facebook Dating, and Grindr, before moving the conversation to messaging apps such as Wh

The Hacker News

March 21, 2022 – Privacy

Italy’s data privacy watchdog investigates how Kaspersky manages Italian users’ data Full Text

Abstract Italy's data privacy watchdog launched an investigation into the "potential risks" associated with the use of Russian antivirus software Kaspersky. Italy's data privacy watchdog has launched an investigation into potential risks associated with the use of the Kaspersky...

Security Affairs

March 21, 2022 – Attack

Serpent malware campaign abuses Chocolatey Windows package manager Full Text

Abstract Threat actors are abusing the popular Chocolatey Windows package manager in a new phishing campaign to install new 'Serpent' backdoor malware on systems of French government agencies and large construction firms.

BleepingComputer

March 21, 2022 – Attack

GoDaddy Managed Hosting Service Targeted via Backdoor Infection Full Text

Abstract The Wordfence Incident Response team alerted nearly 300 websites hosted on GoDaddy's Managed WordPress service that were infected with a common backdoor. The backdoor payload is a 2015 Google search SEO-poisoning tool. Website admins are suggested to remove the backdoor and spam search engine resul ... Read More

Cyware Alerts - Hacker News

March 21, 2022 – Hacker

South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau Full Text

Abstract Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix  attributed  the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by  Zscaler  in December 2021. Believed to be active since 2007, DarkHotel has a history of striking "senior business executives by uploading malicious code to their computers through infiltrated hotel Wi-Fi networks, as well as through spear-phishing and P2P attacks," Zscaler researchers Sahil Antil and Sudeep Singh said. Prominent sectors targeted include law enforcement, pharmaceuticals, and automotive manufacturers. The attack chains involved distributing email messages directed to individuals in executive roles in the hotel, such as the vice president of human resources, assistan

The Hacker News

March 21, 2022 – Breach

Hacker leaked a new version of Conti ransomware source code on Twitter Full Text

Abstract A Ukrainian security researcher has leaked more source code from the Conti ransomware operation to protest the gang's position on the conflict. Hacker leaked a new version of the Conti ransomware source code on Twitter as retaliation of the gang's...

Security Affairs

March 21, 2022 – Breach

Microsoft investigating claims of hacked source code repositories Full Text

Abstract Microsoft says they are investigating claims that the Lapsus$ data extortion hacking group breached their internal Azure DevOps source code repositories and stolen data.

BleepingComputer

March 21, 2022 – Malware

Influx of Trojanized Apps on Google Play Store Full Text

Abstract Dr.Web disclosed numerous trojanized apps on Google Play Store prompting potential victims to take action, such as depositing money for trading or signing up for expensive subscriptions, benefitting the scammers eventually. The detected malicious apps include SecretVideoRecorder, FakeAntiVirus, Key ... Read More

Cyware Alerts - Hacker News

March 21, 2022 – Botnet

DirtyMoe modules expand the bot using worm-like techniques Full Text

Abstract The DirtyMoe botnet continues to evolve and now includes a module that implements wormable propagation capabilities. In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet (PurpleFox, Perkiler, and NuggetPhantom),...

Security Affairs

March 21, 2022 – Breach

Iranian hackers leak Mossad chief’s personal information Full Text

Abstract Iranian hackers on Wednesday published a video on an anonymous Telegram channel featuring personal photos and documents allegedly obtained from a phone used by the wife of Mossad Director David Barnea.

JNS

March 21, 2022 – Vulnerabilities

How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable Full Text

Abstract A large number of IP cameras and surveillance systems used in enterprise networks were recently discovered to be vulnerable to remote code execution and information leakage due to CVE-2021-28372.

Palo Alto Networks

March 21, 2022 – Phishing

Facebook phish claims “Someone tried to log into your account” Full Text

Abstract The mail itself combines a fairly clean design with minimal messaging. There’s a tendency with some phish attempts to overstuff the mail with all manner of nonsense to look more convincing.

Malwarebytes Labs

March 21, 2022 – General

Payment fraud attack rate across fintech ballooned 70% in 2021 Full Text

Abstract According to Sift, these rising attacks were aimed primarily at alternative payments like digital wallets, which saw a 200% increase in payment fraud, along with payments service providers (+169%), and cryptocurrency exchanges (+140%).

Help Net Security

March 21, 2022 – Breach

HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle Full Text

Abstract While user information was leaked to hackers, the companies say that passwords and other internal information was not affected. As Hubspot is an external tool, hackers did not gain access to internal systems.

Yahoo! Finance

March 20, 2022 – Breach

More Conti ransomware source code leaked on Twitter out of revenge Full Text

Abstract A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine.

BleepingComputer

March 20, 2022 – Ransomware

Newer Conti ransomware source code leaked out of revenge Full Text

Abstract A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine.

BleepingComputer

March 20, 2022 – Breach

Anonymous leaked data stolen from Russian pipeline company Transneft Full Text

Abstract Anonymous hacked Omega Company, the in-house R&D unit of Transneft, the Russian oil pipeline giant, and leaked stolen data. Anonymous collective claims it has hacked Omega Company, which is the in-house R&D unit of Transneft, the Russia-based...

Security Affairs

March 20, 2022 – Vulnerabilities

Western Digital app bug gives elevated privileges in Windows, macOS Full Text

Abstract Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service (DoS) attacks.

BleepingComputer

March 20, 2022 – Government

Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict Full Text

Abstract This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the previous weeks: March 18 - China-linked threat actors are targeting the government...

Security Affairs

March 20, 2022 – General

Security Affairs newsletter Round 358 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....

Security Affairs

March 20, 2022 – Government

EU and US agencies warn that Russia could attack satellite communications networks Full Text

Abstract FBI, CISA, and the European Union Aviation Safety Agency (EASA) warn of possible threats to international satellite communication (SATCOM) networks. Satellite communication (SATCOM) networks are critical infrastructure for modern society, US and EU agencies...

Security Affairs

March 19, 2022 – Attack

Got Milk? After Supplier Hit by Cyberattack, a NH School District Is Short Full Text

Abstract The school district said they were informed of the cyberattack on the dairy company. In a statement, the superintendent said the school anticipates milk shortages in the coming weeks.

NBC Boston

March 19, 2022 – Breach

NRA Confirms It Got Pwned by Cybercriminals Full Text

Abstract A ransomware gang calling itself “Grief” bragged to the digital underworld last October about compromising the gun lobby’s servers and stealing sensitive internal documents.

Gizmodo

March 19, 2022 – Phishing

New Phishing toolkit lets anyone create fake Chrome browser windows Full Text

Abstract A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows.

BleepingComputer

March 19, 2022 – Breach

Russian pipeline company Transneft hit by data leak Full Text

Abstract The data leak came to notice after the leak hosting website Distributed Denial of Secrets published a link to 79GB of emails from the Omega Company, the research and development division of Transneft.

The Verge

March 19, 2022 – Government

FBI: Avoslocker ransomware targets US critical infrastructure Full Text

Abstract The Federal Bureau of Investigation (FBI) warns of AvosLocker ransomware being used in attacks targeting multiple US critical infrastructure sectors.

BleepingComputer

March 19, 2022 – Breach

1 Million Texans Potentially Impacted By Dental Care Data Breach Full Text

Abstract Jefferson Dental and Orthodontics, which has 72 offices across Texas, reported to the Texas Attorney General’s Office a data breach affecting more than a million residents of Texas.

CBS Local

March 19, 2022 – Attack

Hackers hit mass background-check firm used by state agencies, universities Full Text

Abstract Computer hackers made off with highly sensitive personal records on more than 164,000 job-seekers and license applicants in a virtual “smash and grab” attack last November on Creative Services Inc., a company that conducts background checks.

Data Breaches

March 19, 2022 – Criminals

Avoslocker ransomware gang targets US critical infrastructure Full Text

Abstract The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker...

Security Affairs

March 19, 2022 – Hacker

Cyber Attackers Tap Cloud Native Technologies in Russia-Ukraine War Full Text

Abstract Researchers at Aqua revealed trends by analyzing data from public repositories that contain code and tools used for the cyber-aggression on both sides of the Russia-Ukraine conflict.

Security Boulevard

March 19, 2022 – Criminals

Crooks claims to have stolen 4TB of data from TransUnion South Africa Full Text

Abstract TransUnion South Africa discloses a data breach, threat actors who stolen sensitive data, demanded a ransom payment not to release stolen data. TransUnion South Africa announced that threat actors compromised a company server based in South Africa...

Security Affairs

March 19, 2022 – Criminals

Exotic Lily initial access broker works with Conti gang Full Text

Abstract Google's Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google's Threat Analysis Group (TAG) researchers linked a new initial access broker, named...

Security Affairs

March 19, 2022 – Ransomware

Emsisoft releases free decryptor for the victims of the Diavol ransomware Full Text

Abstract Cybersecurity firm Emsisoft released a free decryptor that allows the victims of the Diavol ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims...

Security Affairs

March 18, 2022 – Ransomware

The Week in Ransomware - March 18th 2022 - Targeting the auto industry Full Text

Abstract This week, the automotive industry has been under attack, with numerous companies exhibiting signs of breaches or ransomware activity.

BleepingComputer

March 18, 2022 – Hacker

Caketap, a new Unix rootkit used to siphon ATM banking data Full Text

Abstract Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data while investigating the activity of the LightBasin cybercrime group (aka UNC1945).

Security Affairs

March 18, 2022 – Attack

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines Full Text

Abstract A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, with some of the group's tactics, techniques, and procedures sharing overlaps with that of another cluster dubbed  UNC1945 . The intrusions staged by the actor involve "a high degree of OPSEC and leverage both public and private malware, utilities, and scripts to remove evidence and hinder response efforts," Mandiant researchers  said  in a new report published this week. Even more concerningly, the attacks spanned several years in some cases, during the entirety of which the actor remained undetected by leveraging a rootkit called CAKETAP, which is designed to conceal n

The Hacker News

March 18, 2022 – Attack

China-linked threat actors are targeting the government of Ukraine Full Text

Abstract Google's TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes. Google's Threat Analysis Group (TAG) researchers uncovered cyberespionage operations conducted by the Chinese People's Liberation...

Security Affairs

March 18, 2022 – Ransomware

Free decryptor released for TrickBot gang’s Diavol ransomware Full Text

Abstract Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom.

BleepingComputer

March 18, 2022 – Breach

South Africa credit bureau breached, data reportedly held for $15M ransom Full Text

Abstract The country’s arm of TransUnion confirmed that “a criminal third party obtained access to a TransUnion South Africa server through misuse of an authorized client’s credentials.” The company said the ransom demand “will not be paid.”

CyberScoop

March 18, 2022 – Criminals

Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware Full Text

Abstract An analysis of two ransomware attacks has  identified overlaps  in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it's typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks,  BlackCat  (aka Alphv) marks a new frontier in that the cyber crime cartel is built out of affiliates of other ransomware-as-a-service (RaaS) operations. BlackCat first emerged in November 2021 and has since targeted several organizations worldwide over the past few months. It has been called out for being similar to  BlackMatter , a short-lived ransomware family that originated from  DarkSide , which attracted notoriety for its high-profile attack on  Colonial Pipeline  in May 2021. In an interview with Recorded Future's The Record last month, a BlackCat representative dismissed rumors that it's a rebranding of BlackMatter, while noting that it

The Hacker News

March 18, 2022 – General

Caketap, a new Unix rootkit used to siphon ATM banking data Full Text

Abstract Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin...

Security Affairs

March 18, 2022 – Breach

Hackers claim to breach TransUnion South Africa with ‘Password’ password Full Text

Abstract TransUnion South Africa has disclosed that hackers breached one of their servers using stolen credentials and demanded a extortion demand not to release stolen data.

BleepingComputer

March 18, 2022 – Botnet

Microsoft: Here’s how this notorious botnet used hacked routers for stealthy communication Full Text

Abstract Microsoft has filled in one new detail about how the TrickBot gang's IoT C2 devices, namely compromised MikroTik routers, were being used since 2018 for stealthy communication with infected PCs.

ZDNet

March 18, 2022 – Criminals

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang Full Text

Abstract Google's Threat Analysis Group (TAG) took the wraps off a new  initial access broker  that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform ( CVE-2021-40444 ) as part of widespread phishing campaigns that involved sending no fewer than 5,000 business proposal-themed emails a day to 650 targeted organizations globally. "Initial access brokers are the opportunistic locksmiths of the security world, and it's a full-time job," TAG researchers Vlad Stolyarov and Vlad Stolyarov  said . "These groups specialize in breaching a target in order to open the doors — or the Windows — to the malicious actor with the highest bid." Exotic Lily, first spotted in September 2021, is said to have been involved in data exfiltration and deployment of th

The Hacker News

March 18, 2022 – Vulnerabilities

Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager Full Text

Abstract TIM Red Team Research (RTR) researchers discovered a new flaw on Ericsson Network Manager, aka Ericsson flagship network product. TIM Red Team Research (RTR) team discovered a new vulnerability affecting Ericsson Network Manager, which is known as Ericsson...

Security Affairs

March 18, 2022 – Attack

DarkHotel hacking campaign targets luxury Macao resorts Full Text

Abstract The South Korean DarkHotel hacking group has been spotted in a new campaign spanning December 2021 through January 2022, targeting luxury hotels in Macao, China.

BleepingComputer

March 18, 2022 – Policy and Law

What the Newly Signed US Cyber-Incident Law Means for Security Full Text

Abstract The new law requires critical infrastructure companies in the 16 industry sectors identified by the federal government to report to the CISA within 72 hours if they are experiencing a cyberattack and within 24 hours of making a ransomware payment.

Dark Reading

March 18, 2022 – Botnet

Russia-linked Cyclops Blink botnet targeting ASUS routers Full Text

Abstract The recently discovered Cyclops Blink botnet, which is believed to be a replacement for the VPNFilter botnet, is now targeting the ASUS routers. The recently discovered Cyclops Blink botnet is now targeting the ASUS routers, reports Trend...

Security Affairs

March 18, 2022 – Attack

Google: Chinese state hackers target Ukraine’s government Full Text

Abstract Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine.

BleepingComputer

March 18, 2022 – Attack

Japan’s Bridgestone confirms ransomware attack at US subsidiary Full Text

Abstract Japanese tyre manufacturer Bridgestone has confirmed that its US subsidiary had suffered a ransomware attack, just weeks after suppliers of automaker Toyota Motor reported similar attacks.

Channel News Asia

March 18, 2022 – Solution

Microsoft releases open-source tool for checking MikroTik Routers compromise Full Text

Abstract Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers...

Security Affairs

March 18, 2022 – Ransomware

These four types of ransomware make up nearly three-quarters of reported incidents Full Text

Abstract Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.

ZDNet

March 18, 2022 – General

node-ipc NPM Package sabotage to protest Ukraine invasion Full Text

Abstract The developer behind the popular "node-ipc" NPM package uploaded a destructive version to protest Russia's invasion of Ukraine. RIAEvangelist, the developer behind the popular "node-ipc" NPM package, shipped a new version that wipes Russia, Belarus...

Security Affairs

March 17, 2022 – Government

CISA, FBI warn US critical orgs of threats to SATCOM networks Full Text

Abstract CISA and the FBI warned US critical infrastructure organizations of potential threats targeting satellite communication (SATCOM) networks in the US and worldwide.

BleepingComputer

March 17, 2022 – Ransomware

Around 34 Ransomware Variants Detected In Q4 2021 Full Text

Abstract The ransomware landscape witnessed 34 different variants in approximately 722 distinct attacks, with LockBit 2.0, Conti, and PYSA occupying the top three places. In comparison to Q3 2021 data, the attacks on the manufacturing sector have declined while consumer and industrial products rose by ... Read More

Cyware Alerts - Hacker News

March 17, 2022 – General

Hillicon Valley — Invasion complicates social media policy Full Text

Abstract Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here. 

The Hill

March 17, 2022 – General

Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion Full Text

Abstract In what's yet another act of sabotage, the developer behind the popular "node-ipc" NPM package shipped a new version to protest Russia's invasion of Ukraine, raising concerns about security in the open-source and the  software supply chain . Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP addresses located either in Russia or Belarus, and wiping arbitrary file contents and replacing it with a heart emoji. Node-ipc is a prominent  node module  used for local and remote inter-process communication with support for Linux, macOS, and Windows. It has over 1.1 million weekly downloads. "A very clear abuse and a critical supply chain security incident will occur for any system on which this NPM package will be called upon, if that matches a geo-location of either Russia or Belarus," Synk researcher Liran Tal  said  in an analysis. The issue has been assig

The Hacker News

March 17, 2022 – Government

Dev Sabotages Popular NPM Package to Protest Russian Invasion Full Text

Abstract In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.

Threatpost

March 17, 2022 – Hacker

New Unix rootkit used to steal ATM banking data Full Text

Abstract Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions.

BleepingComputer

March 17, 2022 – Botnet

New Botnet Targets Linux Devices Via Log4J Vulnerability Full Text

Abstract New B1txor20 botnet is actively exploiting Log4j flaws in Linux systems to create a bot army that helps hackers install rootkits and steal sensitive records. The bot sends the stolen information, results of any command execution, or any other information to its C2 server in form of a DNS reque ... Read More

Cyware Alerts - Hacker News

March 17, 2022 – Government

Russian ministry says it’s ‘recording unprecedented attacks’ on government websites Full Text

Abstract Russia’s digital development and communications ministry said in a statement on Thursday it is “recording unprecedented attacks” on government websites and state-run news outlets amid Russia’s invasion in Ukraine, The Washington Post reported.

The Hill

March 17, 2022 – Botnet

DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly Full Text

Abstract The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g.,  EternalBlue  and  Hot Potato  Windows privilege escalation," Avast researcher Martin Chlumecký  said  in a report published Wednesday. "One worm module can generate and attack hundreds of thousands of private and public IP addresses per day; many victims are at risk since many machines still use unpatched systems or weak passwords." Active since 2016, the  DirtyMoe botnet  is used for carrying out cryptojacking and distributed denial-of-service (DDoS) attacks, and is deployed by means of external exploit kits like  PurpleFox  or injected installers of Telegram Messenger. Also employed as part of the attack sequence is a DirtyMoe service that triggers the launch of two additional processes, namely the Core and

The Hacker News

March 17, 2022 – Hacker

Anonymous continues to support Ukraine against the Russia Full Text

Abstract The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let's...

Security Affairs

March 17, 2022 – Criminals

Google exposes tactics of a Conti ransomware access broker Full Text

Abstract Google's Threat Analysis Group has exposed the operations of a threat actor group dubbed "EXOTIC LILY," an initial access broker linked to the Conti and Diavol ransomware operations.

BleepingComputer

March 17, 2022 – Malware

Kwampirs Malware Linked with Shamoon Full Text

Abstract Security experts linked the activities of Shamoon APT with those behind Kwapirs malware. They said both could be from the same group as they have been collaborating, sharing updates, techniques, and codes for years. Organizations should be ready with countermeasures including reliable anti-malware ... Read More

Cyware Alerts - Hacker News

March 17, 2022 – Education

The Golden Hour of Incident Response Full Text

Abstract As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making effective decisions. However, keeping a cool head and actions planned out is crucial in successfully handling a security incident. This blog will elaborate on some key points to help readers facilitate better incident response procedures. Preparation is essential Before taking on any incidents, security analysts would need to know a great deal of information. To start off, incident response analysts need to familiarize themselves with their roles and responsibilities. IT infrastructure has evolved rapidly over the past years. For example, we observed increasing movement to cloud computing and data storage. The fast-changing IT environment frequently requires analysts to update their skill sets,

The Hacker News

March 17, 2022 – Attack

SolarWinds Warns of Attacks Targeting Web Help Desk Users Full Text

Abstract SolarWinds warns customers of potential cyberattacks targeting unpatched installs of its Web Help Desk (WHD) product. SolarWinds has published a security advisory to warn customers of the risk of cyberattacks targeting unpatched Web Help Desk (WHD)...

Security Affairs

March 17, 2022 – Malware

ASUS warns of Cyclops Blink malware attacks targeting routers Full Text

Abstract Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk.

BleepingComputer

March 17, 2022 – Attack

New Wipers and Fake AV Updates Target Ukraine Full Text

Abstract Researchers spotted the third wiper malware in use against Ukrainian organizations, which destroys user data and partition information from attached drives while also reporting a new phishing attack. The Ukrainian agency has linked the recent activity with the UAC-0056 group with medium confidence. ... Read More

Cyware Alerts - Hacker News

March 17, 2022 – Malware

TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control Full Text

Abstract Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. "By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds another persistence layer that helps malicious IPs evade detection by standard security systems," Microsoft's Defender for IoT Research Team and Threat Intelligence Center (MSTIC)  said . TrickBot, which emerged as a banking trojan in 2016, has evolved into a sophisticated and persistent threat, with its modular architecture enabling it to adapt its tactics to suit different networks, environments, and devices as well as offer access-as-a-service for next-stage payloads like Conti ransomware. The expansion to TrickBot's capabilities comes amid reports of its  infrastructure goin

The Hacker News

March 17, 2022 – Criminals

Ukraine SBU arrested a hacker who supported Russia during the invasion Full Text

Abstract The Security Service of Ukraine (SBU) announced the arrest of a "hacker" who helped Russian Army during the invasion. The Security Service of Ukraine (SBU) announced to have arrested a hacker who provided technical support to Russian troops during...

Security Affairs

March 17, 2022 – Outage

Europe warns of aircraft GPS outages tied to Russian invasion Full Text

Abstract The European Union Aviation Safety Agency (EASA), EU's air transport safety and environmental protection regulator, warned today of intermittent outages affecting Global Navigation Satellite Systems (GNSS) linked to the Russian invasion of Ukraine.

BleepingComputer

March 17, 2022 – Botnet

Sandworm-linked CyclopsBlink botnet has another piece of hardware in its sights Full Text

Abstract Botnet activity that drew loud warnings last month from U.S. and U.K. cybersecurity agencies has expanded to a second type of hardware, according to researchers at Trend Micro.

CyberScoop

March 17, 2022 – Criminals

Ukraine Secret Service Arrests Hacker Helping Russian Invaders Full Text

Abstract The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of Russia. The individual has also been accused of routing phone calls from Russia to the mobile phones of Russian troops in Ukraine. "Up to a thousand calls were made through this hacker in one day. Many of them are from the top leadership of the enemy army," the SBU  alleged , adding it confiscated the equipment that was used to pull off the operation. Besides implicating the hacker for helping Russia make anonymous phone calls to its military forces based in Ukraine, the agency said the hacker passed commands and instructions to different groups of "Russian invaders.&

The Hacker News

March 17, 2022 – Botnet

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit Full Text

Abstract Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360's Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked...

Security Affairs

March 17, 2022 – Solution

Microsoft creates tool to scan MikroTik routers for TrickBot infections Full Text

Abstract The TrickBot trojan has just added one more trick up its sleeve, now using vulnerable IoT (internet of things) devices like modem routers as proxies for its C2 (command and control) server communication.

BleepingComputer

March 17, 2022 – Criminals

Lapsus$ gang sends a worrying message to would-be criminals Full Text

Abstract The Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country's Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.

The Register

March 17, 2022 – Vulnerabilities

New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers Full Text

Abstract A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called  cr8escape  could be exploited by an attacker to break out of containers and obtain root access to the host. "Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods," CrowdStrike researchers John Walker and Manoj Ahuje  said  in an analysis published this week. A lightweight alternative to Docker,  CRI-O  is a  container runtime  implementation of the Kubernetes Container Runtime Interface (CRI) that's used to pull container images from registries and launch an Open Container Initiative ( OCI )-compatible runtime such as runC to spawn and run container processes. The vulnerability is rated 8.8 on the CVSS vulnerability scoring system and affects CRI-O versions 1.19 and later. Following responsible disclosure, patches have been released to address the fl

The Hacker News

March 17, 2022 – Hacker

BIG sabotage: Famous npm package deletes files to protest Ukraine war Full Text

Abstract This week, the developer of the popular npm package 'node-ipc' released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War. The 'node-ipc' package, which gets downloaded over a million times weekly, began deleting files on developer's machines, in addition to creating new text files with "peace" messages.

BleepingComputer

March 16, 2022 – General

Soldiers, Statesmen and Cyber Crises: Cyberspace and Civil-Military Relations Full Text

Abstract Cyberspace may be a domain of military operations, but it is not predominantly so. Civil-military relations in the United States must adapt to new demands or cyberspace may be irretrievably diminished.

Lawfare

March 16, 2022 – Phishing

‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps Full Text

Abstract Scammers are bypassing Apple’s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.

Threatpost

March 16, 2022 – Deepfake

Russia’s disinformation uses deepfake video of Zelenskyy telling people to lay down arms Full Text

Abstract Russian disinformation continues, this time it used a deepfake video of Zelenskyy inviting Ukrainians to 'lay down arms.' A deepfake video of the Ukrainian president Volodymyr Zelenskyy telling its citizens to lay down arms is the last example of disinformation...

Security Affairs

March 16, 2022 – Botnet

New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw Full Text

Abstract A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it  B1txor20  "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes." First observed propagating through the  Log4j vulnerability  on February 9, 2022, the malware leverages a technique called DNS tunneling to build communication channels with command-and-control (C2) servers by encoding data in DNS queries and responses. B1txor20, while also buggy in some ways, currently supports the ability to obtain a shell, execute arbitrary commands, install a rootkit, open a  SOCKS5 proxy , and functions to upload sensitive information back to the C2 server. Once a machine is successfully compromised, the malware utilizes the DNS tunnel to retrieve and execute co

The Hacker News

March 16, 2022 – Government

CISA adds 15 new flaws to the Known Exploited Vulnerabilities Catalog Full Text

Abstract The US Cybersecurity and Infrastructure Security Agency (CISA) added 15 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited...

Security Affairs

March 16, 2022 – Attack

Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware Full Text

Abstract Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices.

BleepingComputer

March 16, 2022 – Attack

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud Full Text

Abstract FBI and CISA warn Russia-linked threats actors gained access to an NGO cloud after enrolling their own device in the organization's Duo MFA. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) ...

Security Affairs

March 16, 2022 – Attack

SolarWinds warns of attacks targeting Web Help Desk instances Full Text

Abstract SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk (WHD) instances and advised removing them from publicly accessible infrastructure (likely to prevent the exploitation of a potential security flaw).

BleepingComputer

March 16, 2022 – Breach

Hacker breaches key Russian ministry in blink of an eye Full Text

Abstract In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Original post at https://cybernews.com/cyber-war/hacker-breaches-key-russian-ministry-in-blink-of-an-eye/ Spielerkid89,...

Security Affairs

March 16, 2022 – Vulnerabilities

Microsoft Defender tags Office updates as ransomware activity Full Text

Abstract Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems.

BleepingComputer

March 16, 2022 – Breach

Hundreds of GoDaddy-hosted sites backdoored in a single day Full Text

Abstract Internet security analysts have spotted a spike in backdoor infections on WordPress websites hosted on GoDaddy's Managed WordPress service, all featuring an identical backdoor payload.

BleepingComputer

March 16, 2022 – Government

CISA adds 15 vulnerabilities to list of flaws exploited in attacks Full Text

Abstract The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks.

BleepingComputer

March 16, 2022 – Attack

Emotet malware campaign impersonates the IRS for 2022 tax season Full Text

Abstract The Emotet malware botnet is taking advantage of the 2022 U.S. tax season by sending out malicious emails pretending to be the Internal Revenue Service sending tax forms or federal returns.

BleepingComputer

March 16, 2022 – Denial Of Service

OpenSSL cert parsing bug causes infinite denial of service loop Full Text

Abstract OpenSSL has released a security update to address a vulnerability in the library that, if exploited, activates an infinite loop function and leads to denial of service conditions.

BleepingComputer

March 15, 2022 – Government

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’ Full Text

Abstract DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.

Threatpost

March 15, 2022 – Vulnerabilities

Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw Full Text

Abstract There are currently no mitigations for the severe Linux kernel bug, QNAP warned on Monday.

Threatpost

March 15, 2022 – Attack

Pandora Ransomware Hits Giant Automotive Supplier Denso Full Text

Abstract Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany.

Threatpost

March 15, 2022 – Hacker

HackerOne apologizes to Ukrainian hackers for mistakenly blocking payouts Full Text

Abstract Today, Chris Evans, the CISO of bug bounty platform HackerOne, apologized to Ukrainian hackers after erroneously blocking their bug bounty payouts following sanctions imposed on Russia and Belarus after Ukraine's invasion.

BleepingComputer

March 15, 2022 – Malware

Raccoon Stealer Using Telegram for Hidden Communications Full Text

Abstract The credential-stealing Raccoon Stealer is spotted using the chat app to store and update C2 addresses as adversaries find creative new ways to distribute the malware. The cybercriminals are attempting to evade detection by packing the credential stealer, using Themida or malware packers. Expe ... Read More

Cyware Alerts - Hacker News

March 15, 2022 – Government

Ukraine claims to have arrested ‘hacker’ helping Russians Full Text

Abstract The Security Service of Ukraine (SSU) claimed on Tuesday that a “hacker” who had assisted Russia had been detained by officials.

The Hill

March 15, 2022 – Ransomware

Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021 Full Text

Abstract As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the three-month-period between October and December 2021. "The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5%, and Hive at 10.1%," the researchers said in a report shared with The Hacker News. Some of the most impacted sectors during the quarterly period were consumer and industrial products; manufacturing; professional services and consulting; real estate; life sciences and health care; technology, media and telecommunications; energy, resources and agric

The Hacker News

March 15, 2022 – Vulnerabilities

CVE-2022-0778 DoS flaw in OpenSSL was fixed Full Text

Abstract OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778,...

Security Affairs

March 15, 2022 – General

Dozens of ransomware variants used in 722 attacks over 3 months Full Text

Abstract The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants.

BleepingComputer

March 15, 2022 – Malware

Lampion Trojan Returns with its Old Attack Infrastructure Full Text

Abstract One of the most active banking trojans has been spotted tweaking its technique but using the same old infrastructure to target its victims in banking the sector. The attackers use fake banking templates impersonating Portuguese organizations to bait victims. Organizations are recommended to ma ... Read More

Cyware Alerts - Hacker News

March 15, 2022 – Malware

CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks Full Text

Abstract Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper " CaddyWiper ," which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (" caddy.exe ") shows that the malware was compiled at 7:19 a.m. UTC, a little over two hours prior to its deployment. CaddyWiper is notable for the fact that it doesn't share any similarities with previously discovered wipers in Ukraine, including  HermeticWiper  (aka FoxBlade or KillDisk) and  IsaacWiper  (aka Lasainraw), the two of which have been deployed in systems belonging to government and commercial entities. "The ultimate goal of the attackers is the same as with IsaacWiper and HermeticWiper: make the systems unusable by erasing user data and partition i

The Hacker News

March 15, 2022 – Vulnerabilities

Critical flaws affect Veeam Data Backup software Full Text

Abstract Veeam addressed two critical vulnerabilities impacting the Backup & Replication product for virtual environments. Veeam has released security patches to fix two critical vulnerabilities, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS score...

Security Affairs

March 15, 2022 – Government

FBI warns of MFA flaw used by state hackers for lateral movement Full Text

Abstract The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols.

BleepingComputer

March 15, 2022 – Attack

MuddyWater Uses SloughRAT To Target Turkey and Arabian Peninsula Full Text

Abstract Iranian MuddyWater APT launched a new series of attacks targeting Turkey and the Arabian Peninsula. The recent intrusions appear to be a continuation of a November 2021 campaign targeting Turkish entities. Its malicious activities shows group's peaked interest in the region and geopolitics.

Cyware Alerts - Hacker News

March 15, 2022 – Outage

Massive DDoS Attack Knocked Israeli Government Websites Offline Full Text

Abstract A number of websites belonging to the Israeli government were felled in a distributed denial-of-service ( DDoS ) attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel National Cyber Directorate (INCD)  said  in a tweet. "As a result, access to several websites, among them government websites, was denied for a short time. As of now, all of the websites have returned to normal activity." A distributed denial-of-service attack is a malicious attempt to hamper the normal traffic of a targeted server or service by overwhelming the victim and its surrounding infrastructure with a flood of junk internet traffic by leveraging compromised computers and IoT devices as sources of attack traffic. The development comes after internet watchdog NetBlocks  reported  "significant disruptions" registered on multiple networks supplied by Israel&

The Hacker News

March 15, 2022 – General

The German BSI agency recommends replacing Kaspersky antivirus software Full Text

Abstract German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus...

Security Affairs

March 15, 2022 – Botnet

New Linux botnet exploits Log4J, uses DNS tunneling for comms Full Text

Abstract A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies.

BleepingComputer

March 15, 2022 – General

Malicious web application requests skyrocketing, bad actors stealthier than ever before Full Text

Abstract Between 2020 and 2021, the number of malicious web application requests climbed 88%, more than double the year-over-year growth rate in distributed denial-of-service (DDoS) attacks, which were up 37% over 2020.

Help Net Security

March 15, 2022 – Vulnerabilities

Dirty Pipe Linux flaw impacts most QNAP NAS devices Full Text

Abstract Taiwanese vendor QNAP warns most of its NAS devices are impacted by high severity Linux vulnerability dubbed 'Dirty Pipe.' Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by the recently discovered...

Security Affairs

March 15, 2022 – Malware

Android trojan persists on the Google Play Store since January Full Text

Abstract Security researchers tracking the mobile app ecosystem have noticed a recent spike in trojan infiltration on the Google Play Store, with one of the apps having over 500,000 installs.

BleepingComputer

March 15, 2022 – Breach

Update: Thousands of Secret Keys Found in Leaked Samsung Source Code Full Text

Abstract An analysis of the recently leaked Samsung source code revealed that thousands of secret keys have been exposed, including many that could be highly useful to malicious actors.

Security Week

March 15, 2022 – Policy and Law

FTC to fine CafePress for cover up of massive data breach Full Text

Abstract The U.S. Federal Trade Commission (FTC) wants to slap the former owner of the CafePress custom t-shirt and merchandise site with a $500,000 fine for failing to secure its users' data and attempting to cover up a significant data breach impacting millions.

BleepingComputer

March 15, 2022 – Business

Cyber Insurance Firm Cowbell Raises $100 Million Full Text

Abstract The latest investment round was led by the Anthemis Group. All previous investors participated as well, along with NYCA Partners, Permira, PruVen Capital, and Viola Fintech.

Security Week

March 15, 2022 – Phishing

Massive phishing campaign uses 500+ domains to steal credentials Full Text

Abstract Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet.

BleepingComputer

March 15, 2022 – General

Kronos ransomware attack raises questions of vendor liability Full Text

Abstract The December ransomware attack against workforce management company Ultimate Kronos Group hindered the ability of its customers to process payrolls. The attack, which has far-reaching ramifications, has stakeholders looking for who is to blame.

Cybersecurity Dive

March 15, 2022 – Government

German government advises against using Kaspersky antivirus Full Text

Abstract BSI, the federal cybersecurity authority in Germany, has issued a public statement to warn critical entities in the country against using Kaspersky antivirus software products.

BleepingComputer

March 15, 2022 – General

Prison service for England and Wales recorded more than 2,000 data breaches over 12 months Full Text

Abstract The employee’s sensitive personal data was apparently exposed because of unauthorized access gained to the Justice Academy, an online learning and careers platform used by MoJ and other public sector staff.

The Daily Swig

March 15, 2022 – Attack

CaddyWiper, a new data wiper hits Ukraine Full Text

Abstract Experts discovered a new wiper, tracked as CaddyWiper, that was employed in attacks targeting Ukrainian organizations. Experts at ESET Research Labs discovered a new data wiper, dubbed CaddyWiper, that was employed in attacks targeting Ukrainian organizations. The...

Security Affairs

March 14, 2022 – Vulnerabilities

‘Dirty Pipe’ Linux Flaw Affects a Wide Range of QNAP NAS Devices Full Text

Abstract Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x," the company  said . "If exploited, this vulnerability allows an unprivileged user to gain administrator privileges and inject malicious code." The Taiwanese firm said it's continuing to thoroughly  investigate its product line  for the vulnerability and that there's no QNAP NAS running QTS 4.x are immune to the Dirty Pipe flaw. Tracked as  CVE-2022-0847  (CVSS score: 7.8), the shortcoming resides in the Linux kernel that could permit an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of vulnerable machines. The issue

The Hacker News

March 14, 2022 – Attack

Fake antivirus updates used to deploy Cobalt Strike in Ukraine Full Text

Abstract Ukraine's Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware.

BleepingComputer

March 14, 2022 – Attack

China-based TA416 Ramp-Up Espionage Against European Governments Full Text

Abstract A Chinese-backed threat group has been observed targeting European diplomatic entities indulging in refugee and migrant services. The group takes advantage of web bugs to profile its targets. An analysis revealed that the threat group is using an updated version of PlugX malware. To stay protected, ... Read More

Cyware Alerts - Hacker News

March 14, 2022 – Government

Intel chair ‘amazed’ Russia hasn’t launched full-scale cyberwarfare Full Text

Abstract Sen. Mark Warner (D-Va.), chairman of the Senate Intelligence Committee, said on Monday he was surprised Russia hasn’t launched more destructive cyberattacks against Ukraine and the West despite having the capability to do so. 

The Hill

March 14, 2022 – Breach

Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords Full Text

Abstract French video game company Ubisoft on Friday confirmed it was a victim of a "cyber security incident," causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. "Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident," the company  said  in a statement. The news of the hack comes amid a string of high-profile attacks targeting  NVIDIA ,  Samsung ,  Mercado Libre , and  Vodafone  in recent weeks. While the extortionist gang LAPSUS$ claimed responsibility for these attacks, it's not immediately clear if the group is behind the Ubisoft breach as well. Technology news site The Verge, which first  reported  the development, said th

The Hacker News

March 14, 2022 – Outage

A massive DDoS attack hit Israel, government sites went offline Full Text

Abstract Many Israel government websites were offline after a cyberattack, defense sources claim that this is the largest-ever attack that hit the country. Israeli media reported that a massive DDoS attack has taken down many Israel government websites. The Jerusalem...

Security Affairs

March 14, 2022 – General

2021 mobile security: Android more vulnerabilities, iOS more zero-days Full Text

Abstract Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what's coming in 2022. 

BleepingComputer

March 14, 2022 – Vulnerabilities

Prophet Spider Exploits Citrix Flaw to Deliver Webshell Full Text

Abstract Crowdstrike reported a threat group named Prophet Spider that is abusing an RCE vulnerability in Citrix ShareFile to compromise Microsoft's Internet Information Services webserver. The relative path-traversal vulnerability (CVE-2021-22941) was disclosed in ShareFile Zones Storage Controller. Organi ... Read More

Cyware Alerts - Hacker News

March 14, 2022 – Government

Bipartisan group of senators press Mayorkas on US readiness for Russian cyberthreat Full Text

Abstract A bipartisan group of senators is pressing Homeland Security Secretary Alejandro Mayorkas on the U.S.’s readiness for Russian cyberattacks amid Moscow’s invasion of Ukraine.

The Hill

March 14, 2022 – General

Why Enterprise Threat Mitigation Requires Automated, Single-Purpose Tools Full Text

Abstract As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it's not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited resources. For systems administrators finding the time and resources to mitigate against a growing and constantly moving threat is challenging. In this article, we outline the difficulties implied by enterprise threat mitigation, and explain why automated, purpose-built mitigation tools are the way forward. Threat management is an overwhelming task There is a range of specialists that work within threat management, but the practical implementation of threat management strategies often comes down to systems administrators. Whether it's patch management, intrusion detection or remediation after an attack, sysadmins typically bear the brunt of the work. It's an impossible task, gi

The Hacker News

March 14, 2022 – Solution

Ukraine is using Clearview AI’s facial recognition during the conflict Full Text

Abstract Ukraine's defense ministry began using Clearview AI’s facial recognition technology to uncover Russian assailants, combat misinformation and identify the dead. Ukraine's defense ministry announced it will use the AI’s facial recognition technology...

Security Affairs

March 14, 2022 – Attack

New CaddyWiper data wiping malware hits Ukrainian networks Full Text

Abstract Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks.

BleepingComputer

March 14, 2022 – Attack

Hackers Target German Branch of Russian Oil Giant Rosneft Full Text

Abstract The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said on Monday, with hacker group Anonymous claiming responsibility.

Security Week

March 14, 2022 – Criminals

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups Full Text

Abstract A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets,  said  Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week. Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack. The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as  ADFind , NetScan,  SoftPerfect , and  LaZagne . Also employed is an AccountRestore executable to brute-force administrator credentials and a forked ver

The Hacker News

March 14, 2022 – Attack

Anonymous claims to have hacked German subsidiary of Russian energy giant Rosneft Full Text

Abstract Anonymous claims to have hacked the systems of the German subsidiary of Russian energy giant Rosneft and stole 20TB of data. The Anonymous hacker collective claimed to have hacked the German branch of the Russian energy giant Rosneft. In hacktivists...

Security Affairs

March 14, 2022 – Vulnerabilities

QNAP warns severe Linux bug affects most of its NAS devices Full Text

Abstract Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux vulnerability dubbed 'Dirty Pipe' that allows attackers with local access to gain root privileges.

BleepingComputer

March 14, 2022 – Attack

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats Full Text

Abstract The malware takes advantage of a template from the Portuguese Tax services (Autoridade Tributária e Aduaneira) to disseminate the threat in the wild. Maxtrilha uses the same templates to target users.

Security Affairs

March 14, 2022 – Vulnerabilities

New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access Full Text

Abstract A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a  kernel panic . Tracked as  CVE-2022-25636  (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel. The issue was  discovered  by Nick Gregory, a research scientist at Capsule8. "This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat," Red Hat  said  in an advisory published on February 22, 2022. Similar alerts have been released by  Debian ,  Oracle Linux ,  SUSE , and  Ubuntu . Netfilter is a  framework  provided by the Linux kernel that enables various networking-related operations, including packet filtering, network address translation, and

The Hacker News

March 14, 2022 – Malware

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats Full Text

Abstract Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats Introduction A new variant of a Brazilian trojan has impacted Internet end users in Portugal since last month (February 2022). Although...

Security Affairs

March 14, 2022 – Attack

Automotive giant DENSO hit by new Pandora ransomware gang Full Text

Abstract DENSO has published an announcement to confirm that its German business computer network was accessed by an unauthorized third party on March 10, 2022, resulting in a data breach.

BleepingComputer

March 14, 2022 – Denial Of Service

Hacker Planned Terabytes of DDoS Traffic Using a Single Packet Full Text

Abstract Researchers from a number of organizations confirmed that attackers have been exploiting Mitel enterprise collaboration products to amplify DDoS attacks by 4 billion times from a single packet. The exploitation of the flaw began on February 18 and mainly reflected onto ports 80 and 443. Those ... Read More

Cyware Alerts - Hacker News

March 14, 2022 – APT

Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers Full Text

Abstract New findings released last week showcase the overlapping source code and techniques between the operators of  Shamoon  and  Kwampirs , indicating that they "are the same group or really close collaborators." "Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline," Pablo Rincón Crespo of Cylera Labs  said . "If Kwampirs is based on the original Shamoon, and Shamoon 2 and 3 campaign code is based on Kwampirs, […] then the authors of Kwampirs would be potentially the same as the authors of Shamoon, or must have a very strong relationship, as has been seen over the course of many years," Rincón Crespo added. Shamoon, also known as DistTrack, functions as an information-stealing malware that also incorporates a destructive component that allows it to overwrite the Master Boot Record (MBR) with arbitrary data so as to render the infected machine inoperable. The malware, developed

The Hacker News

March 14, 2022 – General

Russia-Ukraine cyber conflict poses critical infrastructure at risk Full Text

Abstract While the Russia-Ukraine cyber conflict goes on, nation-state actors, crooks, and hacktivists continue to pose critical infrastructure at risk. Critical infrastructure is a privileged target for almost any kind of threat actor, the ongoing Russia-Ukraine...

Security Affairs

March 14, 2022 – Breach

South Denver Cardiology Associates Discloses Unauthorized Access to its Databases Full Text

Abstract SDCA admitted that an unnamed attacker broke into its systems and had access to confidential databases for three days between January 2, 2022, and January 5, 2022, before the breach was detected and thwarted.

The Daily Swig

March 14, 2022 – Vulnerabilities

Critical Vulnerabilities Patched in Veeam Data Backup Solution Full Text

Abstract The flaws were identified in the Veeam Distribution Service, which by default listens to TCP port 9380 and allows even unauthenticated users to access internal API functions.

Security Week

March 14, 2022 – Vulnerabilities

AMD Updates Spectre Mitigations Following Intel Research Full Text

Abstract AMD last week informed customers that it has updated mitigations for a variant of the Spectre side-channel attack. The update comes in response to research conducted by Intel.

Security Week

March 14, 2022 – Breach

Ubisoft reveals ‘security incident’ forcing company-wide password refresh Full Text

Abstract The gaming giant, headquartered in Montreuil, France, said on March 10 that the incident took place earlier this month, causing "temporary disruption to some of our games, systems, and services."

ZDNet

March 13, 2022 – Phishing

Fake Valorant cheats on YouTube infect you with RedLine stealer Full Text

Abstract Korean security analysts have spotted a malware distribution campaign that uses Valorant cheat lures on YouTube to trick players into downloading RedLine, a powerful information stealer.

BleepingComputer

March 13, 2022 – General

US, EU cyber investments in Ukraine pay off amid war Full Text

Abstract Recent U.S. and European investments in cyber defense in Ukraine are being put to the test following Russia's invasion of the country.

The Hill

March 13, 2022 – Attack

Anonymous sent a message to Russians: “remove Putin” Full Text

Abstract Anonymous has published a new message for Russian citizens inviting them to remove Putin that is sacrificing them and killing Ukrainians. The hacker collective Anonymous has published a new message for Russians inviting them to wake up and remove...

Security Affairs

March 13, 2022 – Malware

The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years Full Text

Abstract The hidden C2: Lampion trojan release 212 is on the rise and using a C2 server for two years. Lampion trojan is one of the most active banking trojans impacting Portuguese Internet end users since 2019. This piece of malware is known for the usage...

Security Affairs

March 13, 2022 – Government

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict Full Text

Abstract This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. March 12 - Russian Internet watchdog Roskomnadzor is going to ban Instagram Russian Internet watchdog Roskomnadzor is going...

Security Affairs

March 13, 2022 – General

Security Affairs newsletter Round 357 by Pierluigi Paganini Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....

Security Affairs

March 13, 2022 – Breach

LockBit ransomware group claims to have hacked Bridgestone Americas Full Text

Abstract LockBit ransomware gang claimed to have hacked Bridgestone Americas, one of the largest manufacturers of tires. LockBit ransomware gang claimed to have compromised the network of Bridgestone Americas, one of the largest manufacturers of tires, and stolen...

Security Affairs

March 12, 2022 – Denial Of Service

Attackers Created Terabytes of DDoS Attack Traffic Using a Single Packet Full Text

Abstract Researchers from a number of organizations confirmed that attackers have been exploiting Mitel enterprise collaboration products to amplify DDoS attacks by 4 billion times from a single packet. The researchers recommend updating the systems with the latest patches. Additionally, Mitel users can det ... Read More

Cyware Alerts - Hacker News

March 12, 2022 – Policy and Law

VPN provider bans BitTorrent after getting sued by film studios Full Text

Abstract "No logs" VPN provider TorGuard has reached a legal settlement with over two dozen movie studios that sued the company for encouraging piracy and copyright infringement. In the settlement, TorGuard has agreed to block BitTorrent traffic for its users.

BleepingComputer

March 12, 2022 – Malware

Android malware Escobar steals your Google Authenticator MFA codes Full Text

Abstract The Aberebot banking trojan appears to have returned, as its author is actively promoting a new version of the tool on dark web markets and forums.

BleepingComputer

March 12, 2022 – Breach

Ubisoft confirms ‘cyber security incident’, resets staff passwords Full Text

Abstract Video game developer Ubisoft has confirmed that it suffered a 'cyber security incident' that caused disruption to some of its services. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, also appears to be behind Ubisoft incident.

BleepingComputer

March 12, 2022 – Attack

Attackers use website contact forms to spread BazarLoader malware Full Text

Abstract Threat actors are spreading the BazarLoader malware via website contact forms to evade detection, researchers warn. Researchers from cybersecurity firm Abnormal Security observed threat actors spreading the BazarLoader/BazarBackdoor malware via website...

Security Affairs

March 12, 2022 – Government

Russian Internet watchdog Roskomnadzor is going to ban Instagram Full Text

Abstract Russian Internet watchdog Roskomnadzor is going to ban Instagram in Russia to prevent the spreading of info related to the Ukraine invasion. Russia will ban Instagram, the decision was announced by Russian Internet watchdog Roskomnadzor. Officially...

Security Affairs

March 12, 2022 – Outage

Ubisoft suffered a cyber security incident that caused a temporary disruption Full Text

Abstract Video game company Ubisoft has suffered a 'cyber security incident' that had a severe impact on games, systems, and services. The rumors of a cyber attack against Ubisoft circulated online in the last few days, while data extortion group LAPSUS$...

Security Affairs

March 12, 2022 – Breach

287,652 South Denver Cardiology Associates patients notified of breach Full Text

Abstract In a notice on their website, the South Denver Cardiology Associates noted that there was no impact to the contents of patient medical records and no unauthorized access to the patient portal.

Data Breaches

March 12, 2022 – Policy and Law

Hacked US Companies to Face New Reporting Requirements Full Text

Abstract The rules are part of a broader effort by the Biden administration and Congress to shore up the nation’s cyber defenses after a series of high-profile digital espionage campaigns and disruptive ransomware attacks.

Security Week

March 12, 2022 – Attack

Anonymous Hacks Russian Media Censoring Agency Roskomnadzor Full Text

Abstract The international hacktivists collective Anonymous has struck again and this time the group is claiming to have hacked Roskomnadzor, a major Russian federal agency. The group also claims to have stolen over 360,000 files.

Hackread

March 11, 2022 – Criminals

LockBit ransomware gang claims attack on Bridgestone Americas Full Text

Abstract A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang.

BleepingComputer

March 11, 2022 – Government

Spending bill includes large funding increase to boost cybersecurity Full Text

Abstract The government funding bill sent to President Biden includes a surge in funding to the agency that oversees the nation’s cybersecurity infrastructure and includes language that requires companies in critical sectors to alert the government of potential hacks.

The Hill

March 11, 2022 – Vulnerabilities

Multiple Security Flaws Discovered in Popular Software Package Managers Full Text

Abstract Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It's, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of the affected package managers. "This means that an attack cannot be launched directly against a developer machine from remote and requires that the developer is tricked into loading malformed files," SonarSource researcher Paul Gerste  said . "But can you always know and trust the owners of all packages that you use from the internet or company-internal repositories?" Package managers refer to  systems  or a set of tools that are used to automate installing, upgrading, configuring third-party dependencies required for developing applications. While there are inherent  security

The Hacker News

March 11, 2022 – Disinformation

Anonymous hacked Roskomnadzor agency revealing Russian disinformation Full Text

Abstract The Anonymous collective continues to launch attacks against Russian entities, this is a summary of recent offensives. Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass...

Security Affairs

March 11, 2022 – General

Russia Issues Its Own TLS Certs Full Text

Abstract The country’s citizens are being blocked from the internet because foreign certificate authorities can’t accept payments due to Ukraine-related sanctions, so it created its own CA.

Threatpost

March 11, 2022 – Outage

New ONE PIECE anime episodes delayed after Toei cyberattack Full Text

Abstract Anime giant Toei suffered a weekend cyberattack causing delays in airing new episodes of popular anime series, including ONE PIECE and Delicious Party Precure.

BleepingComputer

March 11, 2022 – Government

Russian Pushing New State-run TLS Certificate Authority to Deal With Sanctions Full Text

Abstract The Russian government has established its own TLS certificate authority ( CA ) to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country's unprovoked military invasion of Ukraine. According to a message posted on the  Gosuslugi  public services portal, the Ministry of Digital Development is expected to provide a domestic replacement to handle the issuance and renewal of TLS certificates should they get revoked or expired. The service is offered to all legal entities operating in Russia, with the certificates delivered to site owners upon request within 5 working days. TLS certificates are used to digitally bind a cryptographic key to an organization's details, enabling web browsers to confirm the domain's authenticity and ensure that the communication between a client computer and the target website is secure. The proposal comes as companies like DigiCert have been  restricted  from doing business in

The Hacker News

March 11, 2022 – Vulnerabilities

Open database leaves major Chinese ports exposed to shipping chaos Full Text

Abstract The freight logs of two major Chinese shipping ports have been leaking data, a problem which if left unresolved could disrupt the supply chain of up to 70,000 tonnes of cargo a day, with potentially serious consequences for international shipping. The...

Security Affairs

March 11, 2022 – Outage

Russian defense firm Rostec shuts down website after DDoS attack Full Text

Abstract Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "cyberattack."

BleepingComputer

March 11, 2022– Criminals

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders Full Text

Abstract Lapsus$ Ransomware gang is looking for insiders willing to sell remote access to major technology corporations and ISPs. Thursday, March 10, Lapsus$ ransomware gang announced they're starting to recruit insiders employed within major technology giants...

Security Affairs

March 11, 2022 – Breach

Wightlink Reports Potential Data Breach After Suffering Highly Sophisticated Cyberattack Full Text

Abstract In a statement obtained by The Daily Swig, Wightlink said: “Unfortunately, despite Wightlink taking appropriate security measures, some of its back-office IT systems were affected by a cyber-attack last month.

The Daily Swig

March 11, 2022 – Breach

Vodafone investigates claims of a data breach made by Lapsus$ gang Full Text

Abstract Vodafone is investigating a recently suffered cyberattack, after a ransomware gang Lapsus$ claimed to have stolen its source code. Vodafone announced to have launched an investigation after the Lapsus$ cybercrime group claimed to have stolen its source...

Security Affairs

March 11, 2022 – Vulnerabilities

High-Severity Vulnerabilities Patched in Omron PLC Programming Software Full Text

Abstract Several high-severity vulnerabilities that can be exploited for remote code execution were patched recently in the CX-Programmer software of Japanese electronics giant Omron.

Security Week

March 11, 2022 – Business

SafeBase bags $18M Series A to speed up vendor security auditing process Full Text

Abstract The company, which allows clients to share their security posture with customers, announced an $18 million Series A investment led by New Enterprise Associates, with participation from Y Combinator and Comcast Ventures.

Tech Crunch

March 10, 2022 – General

Most Orgs Would Take Security Bugs Over Ethical Hacking Help Full Text

Abstract A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways.

Threatpost

March 10, 2022 – Education

Here’s How to Find if WhatsApp Web Code on Your Browser Has Been Hacked Full Text

Abstract Meta Platforms' WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service's web app on desktop computers. Available in the form of a Chrome and Edge  browser extension , the  open-source add-on  is designed to "automatically verif[y] the authenticity of the WhatsApp Web code being served to your browser," Facebook  said  in a statement. The goal with Code Verify is to confirm the integrity of the web application and ensure that it hasn't been tampered with to inject malicious code. The social media company is also planning to release a Firefox plugin to achieve the same level of security across browsers. The system works with Cloudflare acting as a third-party audit to compare the cryptographic hash of WhatsApp Web's JavaScript code that's shared by Meta with that of a locally computed hash of the code running on the browser client. Code Verify is also meant to be flexi

The Hacker News

March 10, 2022 – Malware

Corporate website contact forms used to spread BazarBackdoor malware Full Text

Abstract The stealthy BazarBackdoor malware is now being spread via website contact forms rather than typical phishing emails to evade detection by security software.

BleepingComputer

March 10, 2022 – Malware

Qakbot injects itself into the middle of your conversations Full Text

Abstract The messages generally contain brief text content, followed by a link to download a zip archive. These links may be “bare URLs” like above, or hot-linked text in the message body.

Sophos

March 10, 2022 – Attack

Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign Full Text

Abstract The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive malware in an enterprise," Cisco Talos researchers Asheer Malhotra, Vitor Ventura, and Arnaud Zobec  said  in a report published today. The group, which has been active since at least 2017, is known for its attacks on various sectors that help further advance Iran's geopolitical and national security objectives. In January 2022, the U.S. Cyber Command attributed the actor to the country's Ministry of Intelligence and Security (MOIS). MuddyWater is also believed to be a "conglomerate of  multiple teams  operating independently rather than a single threat actor group,&q

The Hacker News

March 10, 2022 – Denial Of Service

Crooks target Ukraine’s IT Army with a tainted DDoS tool Full Text

Abstract Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine's IT Army. Cisco Talos researchers have uncovered a malware campaign targeting Ukraine's IT Army, threat actors are using infostealer malware mimicking...

Security Affairs

March 10, 2022 – Breach

Multi-Ransomwared Victims Have It Coming–Podcast Full Text

Abstract Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.

Threatpost

March 10, 2022 – Malware

Malware disguised as security tool targets Ukraine’s IT Army Full Text

Abstract A new malware distribution campaign has surfaced, taking advantage of the willingness of a large number of people to support Ukraine in the ongoing cyber warfare to infect them with info-stealers.

BleepingComputer

March 10, 2022 – Business

HelpSystems to Acquire MDR Services Firm Alert Logic Full Text

Abstract Software firm HelpSystems continues on its cybersecurity buying spree, announcing on Wednesday that it has agreed to acquire Alert Logic, a provider of managed detection and response (MDR) services.

Security Week

March 10, 2022 – Vulnerabilities

New Exploit Bypasses Existing Spectre-v2 Mitigations in Intel, AMD, Arm CPUs Full Text

Abstract Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage  speculative execution  attacks such as Spectre to leak sensitive information from host memory. Attacks like  Spectre  are designed to break the isolation between different applications by taking advantage of an  optimization technique  called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets. While chipmakers have incorporated both software and hardware  defenses , including  Retpoline  as well as safeguards like Enhanced Indirect Branch Restricted Speculation ( eIBRS ) and  Arm   CSV2 , the latest method demonstrated by VUSec researchers aim to get around all these protections. Called  Branch History Injection  (BHI or Spectre-BHB), it's a new variant of Spectre-V2 attacks (tracked as CVE-2017-5715) that bypasses both eIB

The Hacker News

March 10, 2022 – Government

CISA added 98 domains to the joint alert related to Conti ransomware gang Full Text

Abstract The U.S. CISA has updated the alert on Conti ransomware and added 98 domain names used by the criminal gang. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware operations, the agency added 100 domain...

Security Affairs

March 10, 2022 – Criminals

REvil ransomware member extradited to U.S. to stand trial for Kaseya attack Full Text

Abstract The U.S. Department of Justice announced that alleged REvil ransomware affiliate, Yaroslav Vasinskyi, was extradited to the United States last week to stand trial for the Kaseya cyberattack.

BleepingComputer

March 10, 2022 – Government

Conti Uses New Domains After Recent Code Leaks - Warns CISA Full Text

Abstract The notoriety of the Conti ransomware group has come under the spotlight as the CISA shared an alert with IoCs consisting of close to 100 domain names. Organizations should follow mitigation strategies and recommendations provided in the alert. Besides, security admins can use provided IOCs for bet ... Read More

Cyware Alerts - Hacker News

March 10, 2022 – Hacker

Ukrainian Hacker Linked to REvil Ransomware Attacks Extradited to United States Full Text

Abstract Yaroslav Vasinskyi , a Ukrainian national, linked to the Russia-based  REvil ransomware group  has been extradited to the U.S. to face charges for his role in carrying out the file-encrypting malware attacks against several companies, including Kaseya last July. The 22-year-old had been previously arrested in Poland in October 2021, prompting the U.S. Justice Department (DoJ) to  file charges  of conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering. Ransomware is the digital equivalent of extortion wherein cybercrime actors encrypt victims' data and take it hostage in return for a monetary payment to recover the data, failing which the stolen information is published online or sold to other third-parties. According to the DoJ, in addition to the headline-grabbing attacks on JBS and Kaseya, REvil is said to have propagated its infection to more than 175,000 computers, netting the

The Hacker News

March 10, 2022 – Botnet

New Emotet botnet is rapidly growing, with +130K unique bots spread across 179 countries Full Text

Abstract A few months after its return the Emotet botnet has already infected over 130,000 unique bots spread across 179 countries. The Emotet botnet continues to grow and has infected approximately 130,000 hosts since its resurrection in November 2021. Early...

Security Affairs

March 10, 2022 – Policy and Law

REvil ransomware member extradited to U.S. to stand trial for Kaseya attack Full Text

Abstract The U.S. Department of Justice announced that alleged REvil ransomware affiliate, Yaroslav Vasinskyi, was extradited to the United States last week to stand trial for the Kaseya cyberattack.

BleepingComputer

March 10, 2022 – Malware

Raccoon Stealer: “Trash panda” abuses Telegram Full Text

Abstract Avast researchers came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.

Avast

March 10, 2022 – Vulnerabilities

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices Full Text

Abstract Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked...

Security Affairs

March 10, 2022 – Breach

SEC wants public companies to report breaches within four days Full Text

Abstract The US Securities and Exchange Commission (SEC) has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're determined as being a material incident (one that shareholders would likely consider important).

BleepingComputer

March 10, 2022 – Breach

Notorious Hacker Group Claims to Steal 200 GB of Source Code from Vodafone Full Text

Abstract The notorious hacker group, calling itself “Lapsus$,” claims to have obtained roughly 200 Gb of source code files, allegedly representing approximately 5,000 GitHub repositories.

Security Week

March 10, 2022 – Government

Russia creates its own TLS certificate authority to bypass sanctions Full Text

Abstract Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals.

BleepingComputer

March 9, 2022 – APT

APT41 Spies Broke Into 6 US State Networks via a Livestock App Full Text

Abstract The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.

Threatpost

March 9, 2022 – Vulnerabilities

Most ServiceNow Instances Misconfigured, Exposed Full Text

Abstract Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being vulnerable to malicious data extraction.

Threatpost

March 09, 2022 – Botnet

Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers Full Text

Abstract The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence with a total of approximately 130,000 unique bots spread across 179 countries since November 2021," researchers from Lumen's Black Lotus Labs  said  in a report. Emotet, prior to its  takedown  in late January 2021 as part of a coordinated law enforcement operation dubbed "Ladybird," had infected no fewer than 1.6 million devices globally, acting as a conduit for cybercriminals to install other types of malware, such as banking trojans or ransomware, onto compromised systems. The malware  officially resurfaced  in November 2021  using TrickBot  as a delivery vehicle, with the latter  shuttering its attack infrastructure

The Hacker News

March 9, 2022 – APT

Russian APTs Furiously Phish Ukraine – Google Full Text

Abstract Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China’s Mustang Panda targeting Europe.

Threatpost

March 09, 2022 – Government

CISA updates Conti ransomware alert with nearly 100 domain names Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware with indicators of compromise (IoCs) consisting of close to 100 domain names used in malicious operations.

BleepingComputer

March 9, 2022 – Vulnerabilities

Access:7 - Supply Chain Flaws Impacting IoT and Medical Devices Full Text

Abstract The seven flaws have been dubbed Access:7 and are present in PTC’s Axeda agent, which is used for remote access and management of more than 150 connected devices across over 100 vendors. 

Cyware Alerts - Hacker News

March 09, 2022 – Denial Of Service

Hackers Abuse Mitel Devices to Amplify DDoS Attacks by 4 Billion Times Full Text

Abstract Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1. The attack vector – dubbed TP240PhoneHome ( CVE-2022-26143 ) – has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies, gaming firms, and other organizations. "Approximately 2,600 Mitel MiCollab and MiVoice Business Express collaboration systems acting as PBX-to-Internet gateways were incorrectly deployed with an abusable system test facility exposed to the public Internet," Akamai researcher Chad Seaman said in a joint advisory . "Attackers were actively leveraging these systems to launch reflection/amplification DDoS attacks of more than 53 million packets per second (PPS)." DDoS reflection attacks typically involve spoofing the IP address of a vic

The Hacker News

March 9, 2022 – General

Come Compete in the White Hat Cyber Forecasting Challenge Full Text

Abstract This challenge will be a tournament and it will ask participants to issue predictions on a range of cybersecurity topics.

Lawfare

March 9, 2022 – APT

Google blocked China-linked APT31’s attacks targeting U.S. Government Full Text

Abstract Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. government. Google announced to have blocked a phishing campaign originating conducted by China-linked cybereaspionage group...

Security Affairs

March 09, 2022 – Vulnerabilities

Nearly 30% of critical WordPress plugin bugs don’t get a patch Full Text

Abstract Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture.

BleepingComputer

March 9, 2022 – Attack

NVIDIA’s Code Signing Certificates Stolen and Abused in Attacks Full Text

Abstract Lapsus$, responsible for the recent attack on Nvidia, reportedly released two of the company's old code-signing certificates, and threat actors have started abusing it. In some cases, the stolen certificates were used to sign Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans. Ad ... Read More

Cyware Alerts - Hacker News

March 09, 2022 – Vulnerabilities

Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart UPS Devices Full Text

Abstract Three high-impact security vulnerabilities have been disclosed in  APC Smart-UPS devices  that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed  TLStorm , the flaws "allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks," Ben Seri and Barak Hadad, researchers from IoT security company Armis, said in a report published Tuesday. Uninterruptible power supply ( UPS ) devices function as emergency backup power providers in mission-critical environments such as medical facilities, server rooms, and industrial systems. Most of the afflicted devices, totaling over 20 million, have been identified so far in healthcare, retail, industrial, and government sectors. TLStorm consists of a trio of critical flaws that can be triggered via unauthenticated network packets without requiring any user interaction, meaning it's a zero-click att

The Hacker News

March 9, 2022 – Attack

Multiple Russian government websites hacked in a supply chain attack Full Text

Abstract Threat actors hacked Russian federal agencies' websites in a supply chain attack involving the compromise of a stats widget. Some Russian federal agencies' websites were compromised in a supply chain attack, threat actors compromised the stats widget...

Security Affairs

March 09, 2022 – Hacker

Hackers fork open-source reverse tunneling tool for persistence Full Text

Abstract Security experts have spotted an interesting case of a suspected ransomware attack that employed custom-made tools typically used by APT (advanced persistent threat) groups.

BleepingComputer

March 9, 2022 – Government

Ragnar Locker Breached 52 Organizations and Counting, FBI Warns Full Text

Abstract The FBI issued an alert about the Ragnar Locker ransomware group that has claimed 52 entities as its victims across 10 critical infrastructure sectors in the U.S, so far. The IOCs in the alert has information from Bitcoin addresses where hackers collect the ransom to the email addresses of operator ... Read More

Cyware Alerts - Hacker News

March 09, 2022 – Education

The Incident Response Plan - Preparing for a Rainy Day Full Text

Abstract The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.  Just as it wasn't raining when Noah built the ark, companies must face the fact that they need to prepare - and educate the organization on - a well-thought-out response plan if a successful cyberattack does occur. Obviously, the worst time to plan your response to a cyberattack is when it happens. With so many companies falling victim to cyberattacks, an entire cottage industry of Incident Response (IR) services has arisen. Thousands of IR engagements have helped surface best practices and preparedness guides to help those that have yet to fall victim to a cyberattack.  Recently, cybersecurity company Cynet provided an  Incident Response plan Word template  to help com

The Hacker News

March 9, 2022 – Attack

Anonymous hacked Russian cams, websites, announced a clamorous leak Full Text

Abstract The collective Anonymous has hacked public cameras in Russia and transmitted their live feed on a website, it also announced a clamorous leak. Anonymous and other hacker groups continue to target Russia, in a recent attack the collective has taken...

Security Affairs

March 09, 2022 – Vulnerabilities

Intel, AMD, Arm warn of new speculative execution CPU bugs Full Text

Abstract Security researchers have found new a new way to bypass existing hardware-based defenses for speculative execution in modern computer processors from Intel, AMD, and ARM.

BleepingComputer

March 9, 2022 – Botnet

Updated SharkBot Variant Makes its Way into Google Play Store Full Text

Abstract Researchers exposed cybercriminals distributing the SharkBot banking trojan via Google Play Store. The malware is using Automatic Transfer Systems (ATS) to transfer money by abusing the Accessibility permission on devices and grants itself additional required permissions. Smartphone users are reque ... Read More

Cyware Alerts - Hacker News

March 09, 2022 – APT

Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant Full Text

Abstract APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application ( CVE-2021-44207 ) as well as the now infamous zero-day in Log4j ( CVE-2021-44228 )," researchers from Mandiant  said  in a report published Tuesday, calling it a "deliberate campaign." Besides web compromises, the persistent attacks also involved the weaponization of exploiting deserialization, SQL injection, and directory traversal vulnerabilities, the cybersecurity and incident response firm noted. The  prolific  advanced persistent threat, also known by the monikers Barium and Winnti, has a  track record  of targeting organizations in both the public and private sectors to orchestrate espionage activity in parallel with fi

The Hacker News

March 9, 2022 – Vulnerabilities

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems Full Text

Abstract Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. Researchers from cybersecurity firm Binarly discovered 16 high-severity vulnerabilities...

Security Affairs

March 09, 2022 – Government

US Treasury: Russia may bypass sanctions using ransomware payments Full Text

Abstract The Treasury Department's Financial Crimes Enforcement Network (FinCEN) warned U.S. financial institutions this week to keep an eye out for attempts to evade sanctions and US-imposed restrictions following Russia's invasion of Ukraine.

BleepingComputer

March 9, 2022 – Vulnerabilities

Siemens Addresses Over 90 Vulnerabilities Affecting Third-Party Components Full Text

Abstract Siemens has released 15 new advisories to inform customers about more than 100 vulnerabilities affecting its products, including over 90 security flaws introduced by the use of third-party components.

Security Week

March 09, 2022 – Vulnerabilities

Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses Full Text

Abstract Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System ( CPS ) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu  said  the shortcomings, when chained together, can lead to "an unauthenticated attacker gaining root on these devices." Pascom Cloud Phone System is an integrated collaboration and communication solution that allows businesses to host and set up private telephone networks across different platforms as well as facilitate the monitoring, maintenance, and updates associated with the virtual phone systems. The set of three flaws includes those stemming from an arbitrary path traversal in the web interface, a server-side request forgery ( SSRF ) due to an outdated third-party dependency ( CVE-2019-18394 ), and a post-authentication command injection using a daemon service ("exd.pl"). In other words, the vulnerabilities can

The Hacker News

March 9, 2022 – Breach

Samsung data breach: Lapsus$ gang stole Galaxy devices’ source code Full Text

Abstract Samsung confirmed that threat actors had access to the source code of its Galaxy smartphones in recent security breach. Samsung this week disclosed a data breach, threat actors had access to internal company data, including the source code of Galaxy...

Security Affairs

March 09, 2022 – Attack

Russian government sites hacked in supply chain attack Full Text

Abstract Russia says some of its federal agencies' websites were compromised on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies.

BleepingComputer

March 9, 2022 – Attack

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs Full Text

Abstract It is an extension of the 2017 Spectre version 2 attack, also known as Spectre-BTI (Branch Target Injection) and, just like Spectre v2, can result in the leak of sensitive information from the privileged kernel memory space.

CSO Online

March 09, 2022 – Phishing

Chinese phishing actors consistently targeting EU diplomats Full Text

Abstract The China-aligned group tracked as TA416 (aka Mustang Panda) has been consistently targeting European diplomats since August 2020, with the most recent activity involving refreshed lures to coincide with the Russian invasion of Ukraine.

BleepingComputer

March 9, 2022 – Vulnerabilities

Adobe Patches ‘Critical’ Security Flaws in Illustrator, After Effects Full Text

Abstract The patches, scheduled as part of Adobe’s Patch Tuesday release cycle, address a range of arbitrary code execution and memory leak vulnerabilities that could expose data to malicious hacker attacks.

Security Week

March 9, 2022 – Denial Of Service

Attackers Exploit Flaw in Mitel Systems to Launch Terabyte Scale DDoS Attack in the Wild Full Text

Abstract The flaw resides in around 2,600 incorrectly provisioned Mitel MiCollab and MiVoice Business Express systems that act as PBX-to-internet gateways and have a test mode that should not be exposed to the internet.

ZDNet

March 9, 2022 – Vulnerabilities

SAP Patches Critical Security Flaws in Monitoring Solutions Full Text

Abstract The most serious of the documented flaws is rated critical and described as a missing authorization check vulnerability in SAP Focused Run that could lead to complete system compromise.

Security Week

March 9, 2022 – Vulnerabilities

Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities Full Text

Abstract Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including 3 zero-days. Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including Microsoft Windows...

Security Affairs

March 08, 2022 – Vulnerabilities

APC UPS zero-day bugs can remotely burn out devices, disable power Full Text

Abstract A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric.

BleepingComputer

March 8, 2022 – Denial Of Service

DDoS Attacks Fuel Pandemonium Full Text

Abstract A threat actor launched an attack using DanaBot against the webmail server belonging to the Ukrainian Ministry of Defense. The malware was utilized to deploy another second-stage malware.

Cyware Alerts - Hacker News

March 08, 2022 – Government

Angry Putin set to ‘double down’ in Ukraine, intel chiefs warn lawmakers Full Text

Abstract Intelligence experts Tuesday painted a picture of an increasingly determined Vladimir Putin set to “double down” on his invasion of Ukraine despite being ill-prepared for the consequences to Russia’s economy and with little prospect for long-term success.

The Hill

March 08, 2022 – Vulnerabilities

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices Full Text

Abstract Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The  shortcomings , which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP's UEFI firmware. The variety of devices affected includes HP's laptops, desktops, point-of-sale (PoS) systems, and edge computing nodes. "By exploiting the vulnerabilities disclosed, attackers can leverage them to perform privileged code execution in firmware, below the operating system, and potentially deliver persistent malicious code that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV), Secure Boot and Virtualization-Based Security isolation," firmware security firm Binarly said in a report shared with The Hacker News. The most severe of the flaws concern a number of memory corruption vulnerabilities in t

The Hacker News

March 8, 2022 – Government

U.S. Cyber Command’s Annual Legal Conference Full Text

Abstract A very timely opportunity: Cyber Command’s annual legal conference is online for all to see this Thursday, March 10, 2022.

Lawfare

March 08, 2022 – Vulnerabilities

Android’s March 2022 security updates fix three critical bugs Full Text

Abstract Google has released the March 2022 security updates for Android 10, 11, and 12, addressing three critical severity flaws, one of which affects all devices running the latest version of the mobile OS.

BleepingComputer

March 8, 2022 – Government

FBI Warns of the Impersonation of Law Enforcement and Government Officials Full Text

Abstract The FBI is warning of ongoing widespread fraud schemes in which scammers impersonate law enforcement or government officials in attempts to extort money or steal personally identifiable information.

IC3

March 08, 2022 – Phishing

Belarus targeted Ukraine, Poland in phishing campaigns: Google Full Text

Abstract Google’s threat analysis team said that Belarus has targeted Ukrainian and Polish officials with phishing attacks amid Russia’s invasion of Ukraine. 

The Hill

March 08, 2022 – Phishing

Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks Full Text

Abstract A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed to Russia's GRU military intelligence – as a landing page for its social engineering attacks. The disclosure comes close on the heels of an advisory from the Computer Emergency Response Team of Ukraine (CERT-UA)  warning  of phishing campaigns targeting Ukr.net users that involve sending messages from compromised accounts containing links to attacker-controlled credential harvesting pages. Another cluster of threat activity concerns webmail users of Ukr.net, Yandex.ru, wp.pl, rambler.ru, meta.ua, and i.ua, who have been at the receiving end of phishing attacks by a Belarusian threat actor tracked as Ghostwrit

The Hacker News

March 8, 2022 – APT

Google TAG: Russia, Belarus-linked APTs targeted Ukraine Full Text

Abstract Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google Threat Analysis Group (TAG), which focuses on the analysis of nation-state threat actors, revealed to have blocked...

Security Affairs

March 08, 2022 – Vulnerabilities

Microsoft March 2022 Patch Tuesday fixes 71 flaws, 3 zero-days Full Text

Abstract Today is Microsoft's March 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 71 flaws.

BleepingComputer

March 8, 2022 – Vulnerabilities

PROPHET SPIDER Exploits Citrix ShareFile Vulnerability to Deliver Webshell Full Text

Abstract At the start of 2022, CrowdStrike found PROPHET SPIDER exploiting CVE-2021-22941 vulnerability impacting Citrix ShareFile Storage Zones Controller to compromise a Microsoft IIS web server.

Crowdstrike

March 08, 2022 – Business

Google to acquire Mandiant for $5.4 billion Full Text

Abstract Google plans to acquire Mandiant, the cybersecurity firm that uncovered the SolarWinds hack, for $5.4 billion, the tech giant announced Tuesday. 

The Hill

March 08, 2022 – Business

Google Buys Cybersecurity Firm Mandiant for $5.4 Billion Full Text

Abstract Google is officially buying threat intelligence and incident response company Mandiant in an all-cash deal approximately valued at $5.4 billion, the two technology firms announced Tuesday. Mandiant is expected to be folded into Google Cloud upon the closure of the acquisition, which is slated to happen later this year, adding to the latter's growing portfolio of security offerings such as BeyondCorp Enterprise , VirusTotal , Chronicle , and the Cybersecurity Action Team . "Today, organizations are facing cybersecurity challenges that have accelerated in frequency, severity and diversity, creating a global security imperative," Google  said  in a statement. "To address these risks, enterprises need to be able to detect and respond to adversaries quickly; analyze and automate threat intelligence to scale threat detection across organizations; orchestrate and automate remediation; validate their protection against known threats; and visualize their IT environment i

The Hacker News

March 8, 2022 – Vulnerabilities

Access:7 flaws impact +150 device models from over 100 manufacturers Full Text

Abstract Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform. Researchers from medical device cybersecurity company CyberMDX have discovered seven serious flaws, collectively tracked...

Security Affairs

March 08, 2022 – Vulnerabilities

HP patches 16 UEFI firmware bugs allowing stealthy malware infections Full Text

Abstract HP has disclosed 16 high-impact UEFI firmware vulnerabilities that could allow threat actors to infect devices with malware that gain high privileges and remain undetectable by installed security software.

BleepingComputer

March 8, 2022 – Government

CISA Adds 95 Flaws to Its Catalog, Urges For Quick Action Full Text

Abstract The CISA added more than 60 flaws affecting Cisco and Microsoft products. All the Cisco vulnerabilities are rated critical as they can be abused by cybercriminals to run arbitrary code and for privilege escalation. Most vulnerabilities have a due date of March 24. The cybersecurity agency recommend ... Read More

Cyware Alerts - Hacker News

March 08, 2022 – Breach

Samsung Confirms Data Breach After Hackers Leak Galaxy Source Code Full Text

Abstract Samsung on Monday confirmed a security breach that resulted in the exposure of internal company data, including the source code related to its Galaxy smartphones. "According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees," the electronics giant  told  Bloomberg. The South Korean chaebol also confirmed that it doesn't anticipate any impact to its business or its customers as a result of the incident and that it has implemented new security measures to prevent such breaches in the future. The confirmation comes after the LAPSUS$ hacking group dumped 190GB of Samsung data on its Telegram channel towards the end of last week, allegedly exposing the source code for trusted applets installed within  TrustZone , algorithms for biometric authentication, bootloaders for recent devices, and even confidential data from its chip supplier Qualcom

The Hacker News

March 8, 2022 – Government

CISA urges to fix actively exploited Firefox zero-days by March 21 Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added recently disclosed Firefox zero-days to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added two critical security...

Security Affairs

March 08, 2022 – Attack

Google: Chinese hackers target Gmail users affiliated with US govt Full Text

Abstract Google's Threat Analysis Group has warned multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31.

BleepingComputer

March 8, 2022 – Breach

Update: Samsung confirms Galaxy source code breach but says no customer information was stolen Full Text

Abstract Samsung has now confirmed in a statement, without naming the hacking group, that there was a security breach, but it asserted that no personal information of customers was compromised.

ZDNet

March 08, 2022 – Vulnerabilities

Critical “Access:7” Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices Full Text

Abstract As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called " Access:7 ," the weaknesses – three of which are rated Critical in severity – potentially affect more than  150 device models  spanning over 100 different manufacturers, posing a significant supply chain risk. PTC's Axeda solution includes a cloud platform that allows device manufacturers to establish connectivity to remotely monitor, manage and service a wide range of connected machines, sensors, and devices via what's called the agent, which is installed by the OEMs before the devices are sold to customers. "Access:7 could enable hackers to remotely execute malicious code, access sensitive data, or alter configuration on medical and IoT devices running PTC's Axeda remote code and management agent," researchers from Forescout and CyberMDX said in a joint report

The Hacker News

March 8, 2022 – Breach

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors Full Text

Abstract The US FBI warns that the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors. The US Federal Bureau of Investigation (FBI) and CISA published a flash alert to warn...

Security Affairs

March 08, 2022 – Business

ProtonMail urges Russian users to renew as payment options dry up Full Text

Abstract ProtonMail is urging its Russian user base to hurry up and renew their subscriptions before it is too late, as multiple payment processing services like Mastercard, Visa, and PayPal are exiting the Russian market. ProtonMail is a provider of privacy-centric and end-to-end encrypted email services to millions around the world.

BleepingComputer

March 8, 2022 – Vulnerabilities

Fresh flaws in Facebook Canvas earn bug bounty hunter a second payday Full Text

Abstract Facebook’s attempt at addressing the bug last year was found to be deficient. Researchers found three new flaws: a race conditions issue, a security bypass, and an issue involving encrypted parameters.

The Daily Swig

March 8, 2022 – Phishing

Ukraine’s CERT-UA warns of phishing attacks against Ukrainian citizens Full Text

Abstract Ukraine's CERT-UA warned citizens of new phishing attacks launched through compromised email accounts belonging to Indian entities. Ukraine's Computer Emergency Response Team (CERT-UA) is warning of new phishing attacks targeting Ukrainian citizens...

Security Affairs

March 08, 2022 – Outage

Cloudflare to auto-brick servers that go offline in Ukraine, Russia Full Text

Abstract Cloudflare announced that it is taking drastic measures to protect data of customers in Eastern Europe under current conditions of the Russian invasion of Ukraine.

BleepingComputer

March 8, 2022 – Solution

FIDO authentication standard could signal the passing of passwords Full Text

Abstract The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.

Tech Target

March 8, 2022 – Vulnerabilities

Dirty Pipe Linux flaw allows gaining root privileges on major distros Full Text

Abstract Dirty Pipe is a Linux vulnerability, tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow...

Security Affairs

March 08, 2022 – Denial Of Service

DDoS attacks now use new record-breaking amplification vector Full Text

Abstract A new reflection/amplification DDoS vector has been spotted in the wild, offering threat actors a record-breaking amplification ratio of almost 4.3 billion to 1.

BleepingComputer

March 8, 2022 – Business

Cybersecurity startup Axonius valued at $2.6 bln after latest funding Full Text

Abstract The latest financing led by Accel comes a year after Axonius raised $100 million at a valuation of $1.2 billion. Silver Lake Partners and existing investors Bessemer Venture Partners also participated.

Reuters

March 08, 2022 – Botnet

Emotet growing slowly but steadily since November resurgence Full Text

Abstract The notorious Emotet botnet is still being distributed steadily in the wild, having now infected 130,000 systems in 179 countries.

BleepingComputer

March 8, 2022 – APT

China-linked TA416 Increases Attack Activity Against European Governments as Conflict in Ukraine Escalates Full Text

Abstract The campaigns utilize web bugs to profile the victims before sending a variety of PlugX malware payloads via malicious URLs. TA416 has recently updated its PlugX malware variant.

Proof Point

March 08, 2022 – Breach

E-commerce giant Mercado Libre confirms source code data breach Full Text

Abstract E-commerce giant Mercado Libre has confirmed "unauthorized access" to a part of its source code this week. Mercado additionally says data of around 300,000 of its users was accessed by threat actors.

BleepingComputer

March 8, 2022 – General

70% of breached passwords are still in use Full Text

Abstract A new SpyCloud report examined trends related to exposed data. Researchers identified 1.7 billion exposed credentials, a 15% increase from 2020, and 13.8 billion recaptured PII records obtained from breaches in 2021.

Help Net Security

March 08, 2022 – Hacker

Google: Russia, China, Belarus state hackers target Ukraine, Europe Full Text

Abstract Google says Russian, Belarusian, and Chinese threat actors targeted Ukrainian and European government and military organizations, as well as individuals, in sweeping phishing campaigns and DDoS attacks.

BleepingComputer

March 08, 2022 – Government

CISA: Patch actively exploited Firefox zero-days until March 21st Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch two critical Firefox security vulnerabilities exploited in attacks within the next two weeks.

BleepingComputer

March 08, 2022 – Vulnerabilities

Access:7 vulnerabilities impact medical and IoT devices Full Text

Abstract A set of seven vulnerabilities collectively tracked as Access:7 have been found in PTC's Axeda agent, a solution used for remote access and management of over 150 connected devices from more than 100 vendors.

BleepingComputer

March 7, 2022 – Breach

Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak Full Text

Abstract The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked.

Threatpost

March 7, 2022 – Breach

NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware Full Text

Abstract NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.

Threatpost

March 7, 2022 – Vulnerabilities

Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape Full Text

Abstract Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser.

Threatpost

March 07, 2022 – Vulnerabilities

The Continuing Threat of Unpatched Security Vulnerabilities Full Text

Abstract Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as "patches," when they come to know about these application vulnerabilities to secure these weaknesses. Adversaries often probe into your software, looking for unpatched systems and attacking them directly or indirectly. It is risky to run unpatched software. This is because attackers get the time to become aware of the  software's unpatched vulnerabilities  before a patch emerges. A  report  found that unpatched vulnerabilities are the most consistent and primary ransomware attack vectors. It was recorded that in 2021,  65  new vulnerabilities arose that were connected to ransomware. This was observed to be a twenty-nine percent growth compared to the number of vulnerabilities in 2020.  Gr

The Hacker News

March 07, 2022 – Vulnerabilities

Researchers Warn of Linux Kernel ‘Dirty Pipe’ Arbitrary File Overwrite Vulnerability Full Text

Abstract Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed " Dirty Pipe " (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the flaw "leads to privilege escalation because unprivileged processes can inject code into root processes." Kellerman said the bug was discovered after digging into a support issue raised by one of the customers of the cloud and hosting provider that concerned a case of a "surprising kind of corruption" affecting web server access logs. The Linux kernel flaw is said to have existed since  version 5.8 , with the vulnerability sharing similarities to that of  Dirty Cow  (CVE-2016-5195), which came to light in October 2016. "A flaw was found in the way the 'flags' member of the new pipe

The Hacker News

March 07, 2022 – Vulnerabilities

New Linux bug gives root on all major distros, exploit released Full Text

Abstract A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.

BleepingComputer

March 7, 2022 – General

Ukrainian WordPress Sites Witness Massive Attack Volumes Full Text

Abstract Wordfence recorded a whopping 144,000 attacks on February 25, 2022, and a total of 209,624 attacks between February 25 and 27. Most of the attacks were focused on a subset of 376 academic websites.

Cyware Alerts - Hacker News

March 07, 2022 – General

Hillicon Valley — Presented by Nokia — US partners with Spain in fighting cyberattacks Full Text

Abstract Today is Monday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup. 

The Hill

March 07, 2022 – Vulnerabilities

Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking Full Text

Abstract Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating System, and "can grant unauthenticated attackers access to the victim's box simply by knowing the IP address, Ethiopian cyber security research firm Octagon Networks ' Paulos Yibelo said in a statement shared with The Hacker News. TOS is the  operating system  designed for TNAS appliances, enabling users to manage storage, install applications, and backup data. Following responsible disclosure, the flaws were patched in  TOS version 4.2.30  released last week on March 1, 2022. One of the issues, tracked as CVE-2022-24990, concerns a case of information leak in a component called "webNasIPS," resulting in the exposure of TOS firmware version, the default gateway interfac

The Hacker News

March 7, 2022 – Business

What to Make of Microsoft’s Year in Cybersecurity Full Text

Abstract Microsoft simultaneously combats, profits from and contributes to cybersecurity problems.

Lawfare

March 7, 2022 – Cryptocurrency

Coinbase blocked 25,000 crypto addresses linked to Russian individuals and entities Full Text

Abstract Coinbase announced that it's blocking access to more than 25,000 blockchain addresses linked to Russian individuals and entities. The popular cryptocurrency exchange Coinbase announced today that it's blocking access to more than 25,000 blockchain...

Security Affairs

March 7, 2022 – Attack

Novel Attack Turns Amazon Devices Against Themselves Full Text

Abstract Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers.

Threatpost

March 07, 2022 – Breach

FBI: Ransomware gang breached 52 US critical infrastructure orgs Full Text

Abstract The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware group has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors.

BleepingComputer

March 7, 2022 – Denial Of Service

Log4Shell Exploit Channelized to Launch DDoS and Cryptomining Attacks Full Text

Abstract According to a report by Barracuda, the volume of attacks attempting to exploit the Log4Shell vulnerability remained relatively constant over the past two months. Mirai and its other versions appeared in most of the attacks that made use of the Log4Shell exploit. 

Cyware Alerts - Hacker News

March 07, 2022 – Government

US, Spain join forces in cyberwarfare amid Russia-Ukraine war Full Text

Abstract The U.S. is partnering up with fellow NATO member Spain to fight cyberattacks in the wake of Russia’s invasion of Ukraine.

The Hill

March 07, 2022 – Education

Understanding How Hackers Recon Full Text

Abstract Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target's attack surface for gaps that can be used as entry points. So, the first line of defense is to limit the potentially useful information available to a potential attacker as much as possible. As always, the tug of war between operational necessity and security concerns needs to be taken into account, which requires a better understanding of the type of information typically leveraged. What information are hackers looking for during recon? When running recon on an organization, hackers – whether white or black hats - are "casing a joint." To plan their attack, they will try and uncover as much information as possible about: Your infrastructure The types

The Hacker News

March 7, 2022 – Malware

SharkBot, the new generation banking Trojan distributed via Play Store Full Text

Abstract SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. SharkBot is a banking trojan that has been active since October 2021, it allows to steal banking account credentials and bypass multi-factor...

Security Affairs

March 07, 2022 – Cryptocurrency

Coinbase blocks over 25,000 Russian-linked crypto addresses Full Text

Abstract Coinbase, one of the most popular cryptocurrency exchange platforms, announced today that it's blocking access to more than 25,000 blockchain addresses linked to Russian individuals and entities.

BleepingComputer

March 7, 2022 – Phishing

8X Increase in Russian-Based Phishing Full Text

Abstract Avanan analyzed more than two million customer email inboxes since February 16. On the 27th, the attacks increased by eight times as compared to the baseline volume. 

Cyware Alerts - Hacker News

March 07, 2022 – Phishing

Ukrainian CERT Warns Citizens of Phishing Attacks Using Compromised Accounts Full Text

Abstract Ukraine's Computer Emergency Response Team (CERT-UA) warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information. The agency  cautioned  that the emails arrive with the subject line "Увага" (meaning "Attention") and claim to be from a domestic email service called Ukr.net, when in actuality, the email address of the sender is "muthuprakash.b@tvsrubber[.]com." The messages purportedly warn the recipients of an unauthorized attempt to log in to their accounts from an IP address based out of the eastern Ukrainian city of Donetsk, further prompting them to click on a link to change their passwords with immediate effect. "After following the link and entering the password, it gets to the attackers," CERT-UA noted in a Facebook post over the weekend. "In this way, they gain access to

The Hacker News

March 7, 2022 – Attack

Anonymous hacked Russian streaming services to broadcast war footage Full Text

Abstract Anonymous hacked into the most popular Russian streaming services to broadcast war footage from Ukraine. The popular hacker collective Anonymous continues to target Russian entities, a few hours ago the group hacked into the most popular Russian streaming...

Security Affairs

March 07, 2022 – Privacy

Dozens of COVID passport apps put user’s privacy at risk Full Text

Abstract Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users' privacy at risk.

BleepingComputer

March 7, 2022 – Breach

Japanese beauty retailer Acro blames third-party hack for breach of 100k payment cards Full Text

Abstract In a data breach notice, Acro revealed that customers of two of its beauty product websites were impacted as the result of the exploitation of a vulnerability in a third-party payment processing vendor.

The Daily Swig

March 7, 2022 – Vulnerabilities

Mozilla addresses two actively exploited zero-day flaws in Firefox Full Text

Abstract Mozilla fixed two critical actively exploited zero-day bugs in Firefox with the release of 97.0.2, ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0. Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus...

Security Affairs

March 07, 2022 – Government

FBI: Govt officials impersonated in widespread extortion schemes Full Text

Abstract Scammers are impersonating government officials and law enforcement in active and rampant extortion schemes targeting Americans' money or personally identifiable information (PII).

BleepingComputer

March 7, 2022 – Attack

Charities and NGOs providing support in Ukraine hit by malware Full Text

Abstract The news was reported by Amazon that associates the attacks with state-sponsored hackers and confirmed that it is helping customers impacted by the attacks to adopt security best practices.

Security Affairs

March 07, 2022 – Breach

Samsung confirms hackers stole Galaxy devices source code Full Text

Abstract Samsung Electronics confirmed on Monday that its network was breached and the hackers stole confidential information, including source code present in Galaxy smartphones.

BleepingComputer

March 7, 2022 – Business

AppSec Firm Cider Security Emerges From Stealth With $38 Million in Funding Full Text

Abstract Cider Security plans to use the new funding to expand its research and development operations in Israel and to open new offices around the world, to support increasing demand.

Security Week

March 07, 2022 – Vulnerabilities

Microsoft fixes critical Azure bug that exposed customer data Full Text

Abstract Microsoft has addressed a critical vulnerability in the Azure Automation service that could have allowed attackers to take full control over other Azure customers' data.

BleepingComputer

March 7, 2022 – Phishing

Google Fights Phishing With Updated Workspace Notifications Full Text

Abstract Instead of just showing the name, now, Google is including the commenter's email address in Workspace comment notifications, so that users can better assess the legitimacy of the message.

Security Week

March 07, 2022 – Attack

Rompetrol gas station network hit by Hive ransomware Full Text

Abstract Romania's Rompetrol gas station network has been hit by a ransomware attack. Rompetrol, owned by KMG International announced today that it was battling a "complex cyberattack." BleepingComputer has learned that the Hive ransomware gang is behind this attack.

BleepingComputer

March 7, 2022 – Malware

Beware of malware offering “Warm greetings from Saudi Aramco” Full Text

Abstract Malwarebytes found a Formbook campaign targeting oil and gas companies. The campaign was delivered through targeted emails containing two attachments, a PDF file and an Excel document.

Malwarebytes Labs

March 06, 2022 – Malware

SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store Full Text

Abstract The threat actor behind a nascent Android banking trojan named  SharkBot  has managed to evade Google Play Store security barriers by masquerading as an antivirus app. SharkBot, like its malware counterparts  TeaBot ,  FluBot , and  Oscorp  (UBEL), belongs to a category of financial trojans capable of siphoning credentials to initiate money transfers from compromised devices by circumventing multi-factor authentication mechanisms. It first emerged on the scene in November 2021. Where SharkBot stands apart is in its ability to carry out the unauthorized transactions via Automatic Transfer Systems (ATS), which stands in contrast to TeaBot, which requires a live operator to interact with the infected devices to conduct the malicious activities. "The ATS features allow the malware to receive a list of events to be simulated, and they will be simulated in order to do the money transfers," Alberto Segura and Rolf Govers, malware analysts at cybersecurity firm NCC Group,  said

The Hacker News

March 06, 2022 – Vulnerabilities

2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP! Full Text

Abstract Mozilla has pushed out-of-band  software updates  to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as  use-after-free issues  impacting the Extensible Stylesheet Language Transformations ( XSLT ) parameter processing and the  WebGPU  inter-process communication ( IPC ) Framework. XSLT is an XML-based language used for the conversion of XML documents into web pages or PDF documents, whereas WebGPU is an emerging web standard that's been billed as a successor to the current WebGL JavaScript graphics library. The description of the two flaws is below – CVE-2022-26485  – Removing an XSLT parameter during processing could lead to an exploitable use-after-free CVE-2022-26486  – An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape Use-after-fre

The Hacker News

March 06, 2022 – Vulnerabilities

Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs Full Text

Abstract ​Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks.

BleepingComputer

March 6, 2022 – General

Anonymous offers $52,000 worth of Bitcoin to Russian troops for surrendered tank. Is it fake news? Full Text

Abstract The popular hacker collective Anonymous is offering to Russian troops $52,000 in BTC for each surrendered tank. The popular hacker collective Anonymous will reportedly pay $52,000 in BTC for a tank surrendered by Russian troops. Ukrainian media...

Security Affairs

March 06, 2022 – Breach

Adafruit discloses data leak from ex-employee’s GitHub repo Full Text

Abstract Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed "unauthorized access" to information about certain users on or before 2019.

BleepingComputer

March 6, 2022 – Vulnerabilities

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape Full Text

Abstract A Linux kernel flaw, tracked as CVE-2022-0492, can allow an attacker to escape a container to execute arbitrary commands on the container host. A now-patched high-severity Linux kernel vulnerability, tracked as CVE-2022-0492 (CVSS score: 7.0),...

Security Affairs

March 6, 2022 – General

Security Affairs newsletter Round 356 Full Text

Abstract A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....

Security Affairs

March 6, 2022 – General

Feb 27- Mar 05 Ukraine – Russia the silent cyber conflict Full Text

Abstract This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. March 5 - Anonymous #OpRussia Thousands of sites hacked, data leaks and more Anonymous and its affiliates continue to target...

Security Affairs

March 6, 2022 – Attack

Charities and NGOs providing support in Ukraine hit by malware Full Text

Abstract Malware based attacks are targeting charities and non-governmental organizations (NGOs) providing support in Ukraine Charities and non-governmental organizations (NGOs) that in these weeks are providing support in Ukraine are targeted by malware attacks...

Security Affairs

March 5, 2022 – Attack

European Officials Aiding the Ukrainian Refugee Movement are Under Attack Full Text

Abstract Security researchers found a campaign, dubbed Asylum Ambuscade, targeting European government personnel helping Ukrainian refugees with attachments containing the SunSeed malware. The attachment uses the Emergency Meeting of the NATO Security Council as a lure. To stay protected, v ictims are urge ... Read More

Cyware Alerts - Hacker News

March 05, 2022

Russia weighs risks of launching cyberattacks against the West Full Text

Abstract Although the United States is bracing for retaliatory Russian cyberattacks, experts in the field say the Kremlin is likely still weighing whether destructive action in cyberspace is worth the blowback. 

The Hill

March 05, 2022 – Vulnerabilities

New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container Full Text

Abstract Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called  control groups , also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups, thereby making it possible to limit and monitor the usage of resources such as CPU, memory, disk I/O, and network. Tracked as  CVE-2022-0492  (CVSS score: 7.0), the  issue   concerns  a  case  of  privilege escalation  in the cgroups v1 release_agent functionality, a script that's executed following the termination of any process in the cgroup. "The issue stands out as one of the simplest Linux privilege escalations discovered in recent times: The Linux kernel mistakenly exposed a privileged operation to unprivileged users," Unit 42 researcher Yuval Avrahami  said  in a report publishe

The Hacker News

March 5, 2022 – Encryption

New Side-Channel Attack on Homomorphic Encryption Full Text

Abstract A group of researchers has demonstrated the first side-channel attack on homomorphic encryption that can let anyone read the data in encrypted mode.  The attack exploiting the flaw is named RevEAL and exploits the Gaussian sampling that exists in Microsoft SEAL's encryption phase. This manif ... Read More

Cyware Alerts - Hacker News

March 05, 2022 – Malware

Malware now using NVIDIA’s stolen code signing certificates Full Text

Abstract Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.

BleepingComputer

March 5, 2022 – Attack

RuRAT Campaign Uses Innovative Lure to Target Potential Victims Full Text

Abstract BleepingComputer spotted a spear-phishing campaign venture capital firm to infect victims with RuRAT malware and gain initial access to the targeted systems. The phishing email originates from an IP address belonging to a U.K virtual server company. Experts recommend always staying alert whene ... Read More

Cyware Alerts - Hacker News

March 05, 2022 – Malware

SharkBot malware hides as Android antivirus in Google Play Full Text

Abstract The banking trojan tracked as SharkBot has infiltrated the Google Play Store, Android's official and most trusted app store, posing as an antivirus and system cleaner application.

BleepingComputer

March 5, 2022 – Malware

Conti’s Source Code Now Publicly Available Full Text

Abstract The Russia-Ukraine cyberwar continues to evolve, with a researcher leaking a big chunk of internal messages and source code associated with the Conti ransomware group. The leak includes how the threat actors are organized like a business, how they avoid law enforcement, and much more. Meanwhile, so ... Read More

Cyware Alerts - Hacker News

March 05, 2022 – Denial Of Service

Russia shares list of 17,000 IPs allegedly DDoSing Russian orgs Full Text

Abstract The Russian government shared a list of 17,576 IP addresses allegedly used to launch distributed denial-of-service (DDoS) attacks targeting Russian organizations and their networks.

BleepingComputer

March 5, 2022 – Breach

Lapsus$ gang leaks data allegedly stolen from Samsung Electronics Full Text

Abstract The Lapsus$ ransomware group claimed to have hacked Samsung Electronics and leaked alleged stolen confidential data. The Lapsus$ ransomware gang claims to have stolen a huge trove of sensitive data from Samsung Electronics and leaked 190GB of alleged...

Security Affairs

March 5, 2022 – Breach

Anonymous #OpRussia Thousands of sites hacked, data leaks and more Full Text

Abstract Anonymous and its affiliates continue to target Russia and Belarus, it is also targeting the Russian disinformation machine. Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned...

Security Affairs

March 5, 2022 – Outage

Thousands of satellite users offline in Europe following a cyberattack, is it a conflict spillover? Full Text

Abstract Thousands of satellite internet users across Europe were disconnected from the internet by a cyber-event, experts suspect a cyber attack. Orange confirmed that "nearly 9,000 subscribers" of a satellite internet service provided by its subsidiary Nordnet...

Security Affairs

March 5, 2022 – Attack

Elon Musk warns of possible targeted attacks on Starlink in Ukraine Full Text

Abstract SpaceX chief Elon Musk has expressed his concerns over the future of SpaceX’s Starlink service in Ukraine, given the current scenario of uncertainty in the country post the Russian invasion.

Hackread

March 04, 2022 – Attack

Amazon: Charities, aid orgs in Ukraine attacked with malware Full Text

Abstract Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia's war.

BleepingComputer

March 04, 2022 – Government

Hillicon Valley — Tech moves to deplatform Russian state media Full Text

Abstract Today is Friday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup. 

The Hill

March 04, 2022 – Disinformation

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism Full Text

Abstract Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app for their activities, as the Russia-Ukraine conflict enters its eighth day. A new analysis by Israeli cybersecurity company Check Point Research has  found  that "user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group." Prominent among the groups are anti-Russian cyber attack groups, including the Ukraine government-backed IT Army, which has urged its more 270,000 members to conduct distributed denial-of-service (DDoS) attacks against Russian entities. Other hacktivist-oriented Telegram groups used to coordinate the attacks on Russian targets via DDoS, SMS or call-based attacks are Anna_ and Mark_, Check Point researchers noted. That said, there may be more to these attacks than meets the eye. "It seems that many of the hacktivist groups are more focused on building self-reputation and receiving credit for supporting Ukraine or Russia, th

The Hacker News

March 4, 2022 – Government

Russian watchdog Roskomnadzor also blocked Facebook in Russia Full Text

Abstract State communications watchdog Roskomnadzor has ordered to block access to Facebook in Russia amid the ongoing invasion of Ukraine. State communications watchdog Roskomnadzor ordered to block access to Facebook over its decision to ban Russian media...

Security Affairs

March 4, 2022 – Botnet

Massive Meris Botnet Embeds Ransomware Notes from REvil Full Text

Abstract Notes threatening to tank targeted companies’ stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL.

Threatpost

March 04, 2022 – Ransomware

The Week in Ransomware - March 4th 2022 - The Conti Leaks Full Text

Abstract This week's biggest story is the massive data leak from the Conti ransomware operation, including over 160,000 internal messages between members and source code for the ransomware and TrickBot operation.

BleepingComputer

March 4, 2022 – Malware

Highly Sophisticated FoxBlade Malware Targets Ukrainian Networks Full Text

Abstract Microsoft laid bare a cyberattack effort involving the FoxBlade malware, which was launched against Ukraine hours before Russia’s tanks and missiles began to hit the country. Upon understanding the threat it poses, the firm provided technical advice on how to identify and mitigate the enclosed ... Read More

Cyware Alerts - Hacker News

March 04, 2022 – Government

White House sides with Congress over contentious cyber bill Full Text

Abstract The White House has endorsed a cyber bill that has divided members of the Biden administration and Senate lawmakers.

The Hill

March 4, 2022 – Government

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 95 vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 95 vulnerabilities to its Known...

Security Affairs

March 04, 2022 – Government

Ukraine to join NATO intel-sharing cyberdefense hub Full Text

Abstract While Ukraine is yet to become a member of the North Atlantic Treaty Organization (NATO), the country has been accepted as a contributing participant to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).

BleepingComputer

March 4, 2022 – Malware

The New Daxin Network Attack Tool has a Chinese Link Full Text

Abstract The CISA and Symantec laid bare Daxin, a stealthy backdoor linked to a Chinese hacker group. The highly sophisticated rootkit was used against select governments and other critical infrastructure targets. Organizations are suggested to make use of IOCs that may help in the detection of malicious ac ... Read More

Cyware Alerts - Hacker News

March 4, 2022 – Denial Of Service

These are the sources of DDoS attacks against Russia, local NCCC warns Full Text

Abstract Russian government released a list containing IP addresses and domains behind DDoS attacks that hit Russian infrastructure after the invasion. While the conflict on the battlefield continues, hacktivists continue to target Russian infrastructure...

Security Affairs

March 04, 2022 – Breach

Hackers leak 190GB of alleged Samsung data, source code Full Text

Abstract The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company.

BleepingComputer

March 4, 2022 – Vulnerabilities

CISA Adds Another 95 Flaws to its Known Exploited Vulnerabilities List Full Text

Abstract The CISA just added 95 new bugs to its catalog of known exploited vulnerabilities, including multiple critical Cisco router flaws, new and old Windows flaws, bugs in Adobe Flash Player, and more.

ZDNet

March 4, 2022 – Government

Russia-Ukraine, who are the soldiers that crowd cyberspace? Full Text

Abstract While Russia is invading Ukraine, multiple forces are joining in the conflict, especially in the cyber space, let's analyze them The analysis of the current scenario in cyberspace is not easy due to the presence of multiple threat actors and the difficulty...

Security Affairs

March 04, 2022 – General

Experts urge EU not to force insecure certificates in web browsers Full Text

Abstract A group of 38 cybersecurity professors and IT experts worldwide, together with the Electronic Frontier Foundation (EFF), have cosigned a letter to EU regulators that warns of a proposal that could expose internet users to cybercrime.

BleepingComputer

March 4, 2022 – Phishing

The most impersonated brands in phishing attacks Full Text

Abstract With six brands in the top 20, financial services was the most impersonated industry of 2021, representing 35% of all phishing pages, rising sharply based on its place at 28% in 2020.

Help Net Security

March 04, 2022 – Business

Cisco joins long list of security companies supporting Ukraine Full Text

Abstract Cisco has joined the growing list of security and technology companies that no longer offer services in Russia after their invasion of Ukraine.

BleepingComputer

March 04, 2022 – Malware

Russia-Ukraine war exploited as lure for malware distribution Full Text

Abstract Threat actors are distributing malware using phishing themes related to the invasion of Ukraine, aiming to infect their targets with remote access trojans (RATs) such as Agent Tesla and Remcos.

BleepingComputer

March 04, 2022 – Phishing

Social media phishing attacks are at an all time high Full Text

Abstract Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.

BleepingComputer

March 04, 2022 – Government

CISA warns organizations to patch 95 actively exploited bugs Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 95 vulnerabilities to its list of actively exploited security issues, the largest number since issuing the binding operational directive (BOD) last year.

BleepingComputer

March 03, 2022 – Vulnerabilities

New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances Full Text

Abstract Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions starting from 14.4 and prior to 14.8. Credited with discovering and reporting the flaw is Jake Baines, a senior security researcher at Rapid7. Following responsible disclosure on November 18, 2021, patches were  released  for self-managed servers as part of GitLab critical security releases 14.8.2, 14.7.4, and 14.6.5 shipped on February 25, 2022. "The vulnerability is the result of a missing authentication check when executing certain GitLab GraphQL API queries," Baines  said  in a report published Thursday. "A remote, unauthenticated attacker can use this vulnerability to collect regi

The Hacker News

March 03, 2022 – Denial Of Service

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks Full Text

Abstract As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday  released  a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure. Some of the noticeable domains in the listing released by Russia's National Coordination Center for Computer Incidents (NCCCI) included the U.S. Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and websites of several media publications such as the USA Today, 24News.ge, megatv.ge, and Ukraine's Korrespondent magazine. As part of its recommendations to counter the DDoS attacks, the agency is urging organizations to ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, and watch out for phishing attacks. "Use Russ

The Hacker News

March 03, 2022 – Breach

NY OAG warns T-Mobile data breach victims of identity theft risks Full Text

Abstract The New York State Office of the Attorney General (NY OAG) warned victims of the August 2021 T-Mobile data breach that they faced identity theft risks after some of the stolen information ended up for sale on the dark web.

BleepingComputer

March 3, 2022 – Phishing

Phishing Campaign Targeted Those Aiding Ukraine Refugees Full Text

Abstract A military email address was used to distribute malicious email macros among EU personnel helping Ukrainians.

Threatpost

March 03, 2022 – Attack

Malware campaign impersonates VC firm looking to buy sites Full Text

Abstract BleepingComputer was recently contacted by an alleged "venture capitalist" firm that wanted to invest or purchase our site. However, as we later discovered, this was a malicious campaign designed to install malware that provides remote access to our devices.

BleepingComputer

March 3, 2022 – Breach

West Virginia-based Mon Health Discloses Data Breach Impacting Patients, Employees, and Partners Full Text

Abstract The healthcare services provider discovered the incident on December 18, when some of its IT systems were disrupted, but learned of the potential data theft only a couple of weeks later.

Security Week

March 03, 2022 – General

Hillicon Valley — DOJ slams Senate cyber bill Full Text

Abstract Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup. 

The Hill

March 03, 2022 – Encryption

Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption Full Text

Abstract A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the "first side-channel attack" on homomorphic encryption that could be exploited to leak data as the encryption process is underway. "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted," Aydin Aysu, one of the authors of the study,  said . "This demonstrates that even next generation encryption technologies need protection against side-channel attacks." Homomorphic Encryption is a  form of encryption  that allows certain types of computation to be performed directly on encrypted data without having to decrypt it in the first place. It's also meant to be privacy-preserving in that it allows sharing of sensitive data with other third-party services, such as data analytics firms, for further processing while the underlyin

The Hacker News

March 3, 2022 – Ransomware

Avast released a free decryptor for the HermeticRansom that hit Ukraine Full Text

Abstract Avast released a decryptor for the HermeticRansom ransomware used in recent targeted attacks against Ukrainian entities. Avast has released a free decryptor for the HermeticRansom ransomware employed in targeted attacks against Ukrainian systems since...

Security Affairs

March 03, 2022 – Breach

NVIDIA data breach exposed credentials of over 71,000 employees Full Text

Abstract More than 71,000 employee credentials were stolen and leaked online following a data breach suffered by US chipmaker giant Nvidia last month.

BleepingComputer

March 3, 2022 – Business

CardinalOps Raises $17.5 Million for Threat Coverage Optimization Platform Full Text

Abstract CardinalOps, which is a threat coverage optimization company, on Thursday announced raising $17.5 million in a Series A funding round that brings the total raised by the firm to $24 million.

Security Week

March 03, 2022 – Attack

Ukraine cyber group to strike at Russia’s critical infrastructure Full Text

Abstract A Ukrainian cyber guerrilla warfare group is planning to strike back against Russia, targeting the country’s critical infrastructure amid the Russian invasion of Ukraine. 

The Hill

March 03, 2022 – Vulnerabilities

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products Full Text

Abstract Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. The two flaws – tracked as  CVE-2022-20754 and CVE-2022-20755  (CVSS scores: 9.0) – relate to an arbitrary file write and a command injection flaw in the API and web-based management interfaces of the two products that could have serious impacts on affected systems. The company said both the issues stem from insufficient input validation of user-supplied command arguments, a weakness that could be weaponized by an authenticated, remote attacker to carry out directory traversal attacks, overwrite arbitrary files, and run malicious code on the underlying operating system as the root user. "These vulnerabilities were found during internal security testing by Jason Crowder of the Cisco Advanced Security Initiative

The Hacker News

March 3, 2022 – Vulnerabilities

75% of medical infusion pumps affected by known vulnerabilities Full Text

Abstract Researchers analyzed more than 200,000 network-connected medical infusion pumps and discovered that over 100,000 of them are vulnerable. Researchers from Palo Alto Networks have analyzed more than 200,000 medical infusion pumps on the networks of hospitals...

Security Affairs

March 03, 2022 – Attack

Ukraine says local govt sites hacked to push fake capitulation news Full Text

Abstract The Security Service of Ukraine (SSU) said today "enemy" hackers are using compromised local government and regional authorities' websites to push rumors that Ukraine surrendered and signed a peace treaty with Russia.

BleepingComputer

March 3, 2022 – Phishing

Ransomware infections top list of the most common results of phishing attacks Full Text

Abstract In a new study, eighty-four percent of organizations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result.

Tech Republic

March 03, 2022 – Government

DOJ officials criticize Senate-passed cyber bill Full Text

Abstract Senior officials at the Department of Justice (DOJ) have knocked a Senate-passed cybersecurity bill as having “serious flaws,” criticizing it over a lack of direct reporting to the FBI.

The Hill

March 03, 2022 – Education

How to Automate Offboarding to Keep Your Company Safe Full Text

Abstract In the midst of 'The Great Resignation,' the damage from employees (or contractors) leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life.  When employee counts range into the five-figure territory — and entire networks of contractors have to be accounted for as well — it's easy to lose track of who's, literally, coming and going. Oftentimes, there are "offboarding" steps that are forgotten about — disabling or removing the user from Active Directory or IAM is not sufficient as the user may have local credentials on some of the SaaS platforms or other sensitive systems.  Technically speaking, there are ways to automate offboarding using protocols such as SCIM and JIT mapping; however, it requires a high level of maturity in an IT environment and the staff to implement it. For organizations not implementing SC

The Hacker News

March 3, 2022 – Vulnerabilities

Cisco fixed two critical flaws in Expressway, TelePresence VCS solutions Full Text

Abstract Cisco fixed critical flaws in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products. Cisco announced security patches for a couple of critical vulnerabilities, tracked as CVE-2022-20754 and CVE-2022-20755...

Security Affairs

March 03, 2022 – General

Hacktivists, cybercriminals switch to Telegram after Russian invasion Full Text

Abstract Telegram, the free instant messaging service that promises secure end-to-end communications, has assumed a pivotal role in the ongoing conflict between Russia and Ukraine, as it's being massively used by hacktivists and cyber-criminals alike.

BleepingComputer

March 3, 2022 – Vulnerabilities

Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products Full Text

Abstract Cisco this week announced patches that address a couple of critical vulnerabilities in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products.

Security Week

March 03, 2022 – Breach

Hackers Who Broke Into NVIDIA’s Network Leak DLSS Source Code Online Full Text

Abstract American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling (DLSS) technology. "We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict," the company  said  in a security notice. "However, we are aware that the threat actor took employee passwords and some NVIDIA proprietary information from our systems and has begun leaking it online." The incident is said to have come to light on February 23, with the company noting that it's taken steps to analyze the leaked information and that it's enforcing all of its employees to change their passwords with immediate effect. The confirmation comes days after  The Telegraph  last week reported that the company is investigating a potential cyber

The Hacker News

March 3, 2022 – Education

The Difference Between Human and Machine Identities Full Text

Abstract As digital transformation is advancing and automation is becoming an essential component of modern enterprises, collaboration between humans and machines is crucial. With this level of interaction, a new identity problem is emerging as machines operate...

Security Affairs

March 03, 2022 – Ransomware

Free decryptor released for HermeticRansom victims in Ukraine Full Text

Abstract Avast Threat Labs has released a decryptor for the HermeticRansom ransomware strain used predominately in targeted attacks against Ukrainian systems in the past ten days.

BleepingComputer

March 3, 2022 – Denial Of Service

Avast researchers warns against joining in DDoS attacks in aid of Ukraine Full Text

Abstract These DDoS tools collect personal data that can make users identifiable, such as IP address, country code, city, location based on IP address, username, hardware configuration, and system language.

Avast

March 03, 2022 – Vulnerabilities

Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities Full Text

Abstract An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices," Unit 42 security researcher Aveek Das  said  in a report published Wednesday. Palo Alto Networks' threat intelligence team said it obtained the scans from seven medical device manufacturers. On top of that, 52.11% of all infusion pumps scanned were susceptible to two known vulnerabilities that were disclosed in 2019 as part of 11 flaws collectively called " URGENT/11 " – CVE-2019-12255  (CVSS score: 9.8) – A buffer overflow flaw in the TCP component of Wind River VxWorks CVE-2019-12264  (CVS

The Hacker News

March 3, 2022 – Attack

Ukrainian WordPress sites under massive complex attacks Full Text

Abstract Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. Cyber attacks are an important component of the military strategy against Ukraine, experts observed a spike...

Security Affairs

March 3, 2022 – Government

US Senate approves cyber incident reporting bill amid worries about Russian threats Full Text

Abstract The cyber incident reporting bill would mandate that critical infrastructure operations alert the DHS within 72 hours of a hack and 24 hours if the organization made a ransomware payment.

The Record

March 03, 2022 – Policy and Law

U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security Full Text

Abstract The U.S. Senate unanimously  passed  the " Strengthening American Cybersecurity Act " on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new  bipartisan legislation , among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in addition to alerting the agency about ransomware payments within 24 hours. Furthermore, affected organizations are required to preserve relevant data and promptly share updates "to a previously submitted covered cyber incident report if substantial new or different information becomes available or if the covered entity makes a ransom payment after submitting a covered cyber incident report." The Strengthening American Cybersecurity Act of 2022 combines three different bills: the Cyber Incident Reporting Act ( CIRA ), the Federal Information Security Management A

The Hacker News

March 2, 2022 – Malware

TeaBot Trojan Haunts Google Play Store, Again Full Text

Abstract Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.

Threatpost

March 02, 2022 – General

Ukrainian sites saw a 10x increase in attacks when invasion started Full Text

Abstract Internet security companies have recorded a massive wave of attacks against Ukrainian WordPress sites since Russia invaded Ukraine, aiming to take down the websites and cause general demoralization.

BleepingComputer

March 2, 2022 – Hacker

MuddyWater Rounds up its Arsenal with Multi-Malware Sets Full Text

Abstract Cybersecurity agencies released a joint cybersecurity advisory detailing malicious cyber operations by MuddyWater, which has been targeting a wide range of government and private-sector organizations in Asia, Africa, Europe, and North America. Among others, the CISA recommends organizations to use ... Read More

Cyware Alerts - Hacker News

March 02, 2022 – Government

Senate passes cybersecurity bill amid fears of Russian cyberattacks Full Text

Abstract The Senate unanimously passed cybersecurity legislation on Tuesday that would require companies in critical sectors to alert the government of potential hacks or ransomware. 

The Hill

March 02, 2022 – Attack

Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies Full Text

Abstract Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social engineering attacks " Asylum Ambuscade ." "The email included a malicious macro attachment which utilized social engineering themes pertaining to the Emergency Meeting of the NATO Security Council held on February 23, 2022," researchers Michael Raggi and Zydeca Cass  said  in a report published Tuesday. "The email also contained a malicious attachment which attempted to download malicious Lua malware named SunSeed and targeted European government personnel tasked with managing transportation and population movement in Europe." The findings build on an  advisory  issued by the State Service

The Hacker News

March 2, 2022 – General

Cyber Realism in a Time of War Full Text

Abstract Activity in the digital domain may affect the war in Eastern Europe at the margins, but it will not decide it. That should tell us something about the West’s cyber posture.

Lawfare

March 2, 2022 – Government

A cyberattack on Russian satellites is an act of war, the invasion of Ukraine no Full Text

Abstract Russia considers it legitimate to invade another country but warns it will consider cyberattacks on its satellites an act of war. Anonymous and the numerous hacker groups that declared war on Russia continue to target Russian government entities and private...

Security Affairs

March 02, 2022 – Vulnerabilities

Over 100,000 medical infusion pumps vulnerable to years old critical bug Full Text

Abstract Data collected from more than 200,000 network-connected medical infusion pumps used to deliver medication and fluids to patients shows that 75% of them are running with known security issues that attackers could exploit.

BleepingComputer

March 2, 2022 – Hacker

Iranian Hackers Introduce New Malware to Target Middle East Full Text

Abstract Mandiant tracked cybercriminals collaborating under the moniker UNC3313 deploying two new targeted malware to claim victims in the middle east. The group moves quickly to gain remote access by using ScreenConnect to intrude systems within an hour of initial compromise. Furthermore, the security fir ... Read More

Cyware Alerts - Hacker News

March 02, 2022 – Denial Of Service

Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks Full Text

Abstract Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. "The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack," Akamai researchers  said  in a report published Tuesday. "This type of attack dangerously lowers the bar for DDoS attacks, as the attacker needs as little as 1/75th (in some cases) the amount of bandwidth from a volumetric standpoint," the researchers added. A distributed reflective denial-of-service ( DRDoS ) is a form of distributed denial-of-service (DDoS) attack that relies on publicly accessible UDP servers and bandwidth amplification factors (BAFs) to overwhelm a victim's system with a high volume of UDP responses. In these attacks, the adversary sends a

The Hacker News

March 2, 2022 – Vulnerabilities

Popular open-source PJSIP library is affected by critical flaws Full Text

Abstract Researchers from JFrog's Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog's Security Research team discovered five vulnerabilities in the popular PJSIP open-source...

Security Affairs

March 02, 2022 – Government

Russian space agency says hacking satellites is an act of war Full Text

Abstract Russia will consider any cyberattacks targeting Russian satellite infrastructure an act of war, as the country's space agency director said in a TV interview.

BleepingComputer

March 2, 2022 – Botnet

TrickBot’s AnchorDNS is Now Upgraded to AnchorMail Full Text

Abstract Researchers identified an improved version of the AnchorDNS backdoor, dubbed AnchorMail, being used in Conti ransomware attacks. Post-execution, AnchorMail creates a scheduled task for persistence that runs every 10 minutes. Experts recommend training your employees to spot phishing emails is ... Read More

Cyware Alerts - Hacker News

March 02, 2022 – Education

LIVE Webinar: Key Lessons Learned from Major Cyberattacks in 2021 and What to Expect in 2022 Full Text

Abstract With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks. Over the course of 2021 we saw an increase in multiple attack approaches; some old, some new. Phishing and ransomware continued to grow from previous years, as expected, while new attacks on supply chains and cryptocurrencies captured our attention. We also saw an uptick in critical Windows vulnerabilities, again proving that no matter how many vulnerabilities are found, more will always exist.  As we enter 2022, we are seeing novel attacks originating from the conflict in Ukraine, which will certainly make their way into criminal attacks on worldwide businesses. In an upcoming webinar ( register here ), Cybersecurity company Cynet will provide an in-depth review of the high-profile attacks we saw in 2021 and provide guidance to cybersecurity professionals for 2022. What are the top cyberattacks in 2021 that Cyn

The Hacker News

March 2, 2022 – Phishing

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees Full Text

Abstract A spear-phishing campaign, tracked as Asylum Ambuscade, targets European government personnel aiding Ukrainian refugees. Researchers from cybersecurity firm Proofpoint uncovered a spear-phishing campaign, likely conducted by a nation-state actor,...

Security Affairs

March 02, 2022 – General

Attacks abusing programming APIs grew over 600% in 2021 Full Text

Abstract Security analysts warn of a sharp rise in API attacks over the past year, with most companies still following inadequate practices to tackle the problem.

BleepingComputer

March 2, 2022 – Breach

Update: NVIDIA discloses data breach after the recent ransomware attack Full Text

Abstract The chipmaker company launched an investigation into the incident to determine the extent of the intrusion that confirmed that the attackers have stolen data from the chipmaker.

Security Affairs

March 2, 2022 – Attack

NVIDIA discloses data breach after the recent ransomware attack Full Text

Abstract Chipmaker giant Nvidia confirmed a data breach after the recently disclosed security incident, proprietary information stolen. The chipmaker giant Nvidia was recentty victim of a ransomware attack that impacted some of its systems for two days. The security...

Security Affairs

March 02, 2022 – Vulnerabilities

Log4shell exploits now used mostly for DDoS botnets, cryptominers Full Text

Abstract The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers.

BleepingComputer

March 2, 2022 – Attack

WordPress-hosted Ukrainian University Websites Hacked in Targeted Attacks Full Text

Abstract The group, whose members refer to themselves as ‘the Mx0nday’, have targeted the WordPress-hosted sites more than 100,000 times since February 24, when Russian troops officially invaded Ukraine.

The Daily Swig

March 2, 2022 – Attack

Anonymous and its affiliates continue to cause damage to Russia Full Text

Abstract The massive operation launched by the Anonymous collective against Russia for its illegitimate invasion continues. The popular collective Anonymous, and its affiliates, relentlessly continue their offensive against Russian targets. In the last few hours,...

Security Affairs

March 02, 2022 – Phishing

Phishing attacks target countries aiding Ukrainian refugees Full Text

Abstract A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.

BleepingComputer

March 2, 2022 – Disinformation

Google TAG removes fraudulent ‘influence’ operations linked to Belarus, Moldova, Ukraine Full Text

Abstract The influence operation was terminated in January, prior to the start of the conflict, but at a time when tensions between Russia and Ukraine was rising due to the presence of Russian troops at the border.

ZDNet

March 2, 2022 – Breach

Ukrainian researcher leaked the source code of Conti Ransomware Full Text

Abstract A Ukrainian researcher leaked the source for the Conti ransomware and components for the control panels. Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after...

Security Affairs

March 2, 2022 – Policy and Law

Security leaders want legal action for failing to patch for Log4j Full Text

Abstract The most commonly experienced impact of Log4j was the need for IT and security teams to work over the holidays to assess risk and make critical changes to protect infrastructure and data,

Help Net Security

March 2, 2022 – Business

Bright Security (NeuraLegion) Raises $20 Million in Series A Funding Full Text

Abstract The investment round was led by Evolution Equity Partners and received participation from previous investors, including DNX Ventures, Fusion Fund, Incubate Fund, and J-ventures.

Security Week

March 2, 2022 – Vulnerabilities

Remote code execution vulnerability uncovered in Hashnode blogging platform Full Text

Abstract A remote code execution (RCE) attack chain caused due to a local file inclusion bug in the developer blogging platform Hashnode has been disclosed by security researchers.

The Daily Swig

March 2, 2022 – Vulnerabilities

Google Paid Out Over $100,000 for Vulnerabilities Patched by Chrome 99 Full Text

Abstract Nine of the externally reported security holes are rated high severity, the majority of which are use-after-free bugs affecting components such as Cast UI, Omnibox, Views, WebShare, and Media.

Security Week

March 1, 2022 – Attack

Ukraine Hit with Novel ‘FoxBlade’ Trojan Hours Before Invasion Full Text

Abstract Microsoft detected cyberattacks launched against Ukraine hours before Russia’s tanks and missiles began to pummel the country last week.

Threatpost

March 1, 2022 – Attack

Microsoft Accounts Targeted by Russian-Themed Credential Harvesting Full Text

Abstract Malicious emails warning Microsoft users of “unusual sign-on activity” from Russia are looking to capitalizing on the Ukrainian crisis.

Threatpost

March 01, 2022 – Vulnerabilities

Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack Full Text

Abstract As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack. The weaknesses were  identified and reported  by JFrog's Security Research team, following which the project maintainers released patches ( version 2.12 ) last week on February 24, 2022. PJSIP is an open-source embedded  SIP protocol  suite written in C that supports audio, video, and instant messaging features for popular communication platforms such as  WhatsApp  and BlueJeans. It's also  used  by  Asterisk , a widely-used private branch exchange (PBX) switching system for VoIP networks. "Buffers used in PJSIP typically have limited sizes, especially the ones allocated in the stack or supplied by the application, however in several places, we do not check if our usage can exceed the sizes," PJSIP's

The Hacker News

March 01, 2022 – Vulnerabilities

Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software Full Text

Abstract Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. Following responsible disclosure by researchers from  Kerbit , an Ethiopia-based penetration-testing and vulnerability research firm, on December 15, 2021, the issues were addressed in  version 24.97  of the WEB GUI shipped on January 11, 2022. "[F]ix critical vulnerabilities - new SQL injects for unauthenticated users allowing gaining admin privileges," the maintainers of VoIPmonitor noted in the change log. VoIPmonitor is an open-source network packet sniffer with commercial frontend for SIP RTP and RTCP VoIP protocols running on Linux, allowing users to monitor and troubleshoot quality of SIP VoIP calls as well as decode, play, and archive calls in a  CDR  database. The three flaws identified by Kerbit is below – CVE-2022-24259  (CVSS sco

The Hacker News

March 01, 2022 – Malware

TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps Full Text

Abstract An Android banking trojan designed to steal credentials and SMS messages has been observed once again sneaking past Google Play Store protections to target users of more than 400 banking and financial apps, including those from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via the device screen's live streaming (requested on-demand) plus the abuse of Accessibility Services for remote interaction and key-logging," Cleafy researchers  said  in a report. "This enables Threat Actors (TAs) to perform ATO (Account Takeover) directly from the compromised phone, also known as 'On-device fraud.'" Also known by the name Anatsa, TeaBot first  emerged  in May 2021, camouflaging its malicious functions by posing as seemingly innocuous PDF document and QR code scanner apps that are distributed via the official Google Play Store instead of third-party apps stores or via fraudulent websites. These apps, also known as dropper applications, act a

The Hacker News

March 01, 2022 – Ransomware

Conti Ransomware source code leaked by Ukrainian researcher Full Text

Abstract A Ukrainian researcher continues to deal devastating blows to the Conti ransomware operation, leaking further internal conversations, as well as the source for their ransomware, administrative panels, and more.

BleepingComputer

March 1, 2022 – General

Threat Actors to Shift Focus Back to Consumers Full Text

Abstract In comparison to organizations, consumers are less secure, have fewer resources, and sometimes miss having a reliable antivirus solution.

Cyware Alerts - Hacker News

March 01, 2022 – Attack

Second New ‘IsaacWiper’ Data Wiper Targets Ukraine After Russian Invasion Full Text

Abstract A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware " IsaacWiper ," which it said was detected on February 24 in an organization that was not affected by  HermeticWiper  (aka FoxBlade), another data wiping malware that targeted several organizations on February 23 as part of a sabotage operation aimed at rendering the machines inoperable. Further analysis of the HermeticWiper attacks, which infected at least five Ukrainian organizations, have revealed a worm constituent that propagates the malware across the compromised network and a ransomware module that acts as a "distraction from the wiper attacks," corroborating a  prior report  from Symantec. "These destructive attacks leveraged at least three components: HermeticWiper

The Hacker News

March 1, 2022 – Encryption

How the U.K. and the Senate Judiciary Committee Are Being Dangerously Foolish About Cryptography Full Text

Abstract In an attempt to prevent the online circulation of child sexual abuse material, a reintroduced Senate bill runs the risk of failing to combat the problem while simultaneously decreasing internet security.

Lawfare

March 1, 2022 – Malware

IsaacWiper, the third wiper spotted since the beginning of the Russian invasion Full Text

Abstract IsaacWiper, a new data wiper was used against an unnamed Ukrainian government network after Russia's invasion of Ukraine. ESET researchers uncovered a new data wiper, tracked as IsaacWiper, that was used against an unnamed Ukrainian government network...

Security Affairs

March 1, 2022 – Malware

Daxin Espionage Backdoor Ups the Ante on Chinese Malware Full Text

Abstract Via node-hopping, the espionage tool can reach computers that aren’t even connected to the internet.

Threatpost

March 01, 2022 – Solution

Microsoft rolling out new endpoint security solution for SMBs Full Text

Abstract Microsoft has started rolling out its new endpoint security solution for small and medium-sized businesses (SMBs) known as Microsoft Defender for Business to Microsoft 365 Business Premium customers worldwide starting today, March 1st.

BleepingComputer

March 1, 2022 – Breach

Chrome Skype extension with nine million installs found to be leaking user info Full Text

Abstract Security researcher Wladimir Palant discovered a “trivial” bug in the Skype-for-Chrome extension that allowed websites to ascertain information about user accounts that should typically be off-limits.

The Daily Swig

March 01, 2022 – Education

Break into Ethical Hacking with 18 Advanced Online Courses for Just $42.99 Full Text

Abstract It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications.  The All-In-One 2022 Super-Sized Ethical Hacking Bundle  helps you gain both, with 18 courses covering all aspects of cybersecurity. Normally, you pay $3,284 for this training, but you can get it now for only $42.99 via The Hacker New Deals. The purpose of ethical hacking is to find weaknesses in the system that a malicious hacker may exploit. A certified expert can work either full-time or freelance, earning up to $149,000 a year, according to PayScale. This bundle would be perfect for anyone interested in the field of cybersecurity, offering the opportunity to start off on the right foot. Starting with the fundamentals, the beginner-friendly instruction will take you all the way to high-level tec

The Hacker News

March 1, 2022 – APT

China-linked APT used Daxin, one of the most sophisticated backdoor even seen Full Text

Abstract Daxin is the most advanced backdoor in the arsenal of China-linked threat actors designed to avoid the detection of sophisticated defense systems. ​Symantec researchers discovered a highly sophisticated backdoor, named Daxin, which is being used...

Security Affairs

March 01, 2022 – Malware

TeaBot malware slips back into Google Play Store to target US users Full Text

Abstract The TeaBot banking trojan was spotted once again in Google Play Store where it posed as a QR code app and spread to more than 10,000 devices.

BleepingComputer

March 1, 2022 – Botnet

What Does TrickBot’s Shutdown Imply? Full Text

Abstract After months of inactivity, operators behind the TrickBot malware botnet appear to went offline with their server infrastructure. Its TTPs were becoming highly detectable.  Going by experts, the decline in the volume of the Trickbot campaigns is accompanied by the fact that its operators are w ... Read More

Cyware Alerts - Hacker News

March 01, 2022 – Breach

Conti Ransomware Gang’s Internal Chats Leaked Online After Siding With Russia Full Text

Abstract Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate's internal chats. The file dump, published by malware research group  VX-Underground , is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated ransomware group from January 2021 to February 2022, in a move that's expected to offer  unprecedented   insight  into the gang's workings. "Glory to Ukraine," the leaker said in their message. The leaked conversations show that Conti used fake front companies to attempt to schedule product demos with security firms like CarbonBlack and Sophos to obtain code signing certificates, with the operators working in scrum sprints to complete the software development tasks. Additionally, the messages  confirm  the  shutdown of the TrickBot botnet  last week as well as high

The Hacker News

March 1, 2022 – Government

CISA and FBI warn of potential data wiping attacks spillover Full Text

Abstract US CISA and the FBI warned US organizations that data wiping attacks targeting Ukraine entities could spill over to targets worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published...

Security Affairs

March 01, 2022 – Breach

NVIDIA confirms data was stolen in recent cyberattack Full Text

Abstract Chipmaker giant Nvidia confirms that its network was breached in a cyberattack last week, giving intruders access to proprietary information data and employee login data.

BleepingComputer

March 1, 2022 – Vulnerabilities

Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections Full Text

Abstract Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted device.

Cisco Talos

March 01, 2022 – Criminals

TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail Full Text

Abstract Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's  AnchorDNS  backdoor, dubbed the new, upgraded variant AnchorMail. AnchorMail "uses an email-based [command-and-control] server which it communicates with using SMTP and IMAP protocols over TLS," IBM's malware reverse engineer, Charlotte Hammond,  said . "With the exception of the overhauled C2 communication mechanism, AnchorMail's behavior aligns very closely to that of its AnchorDNS predecessor." The cybercrime actor behind TrickBot, ITG23 aka Wizard Spider, is also known for its development of the Anchor malware framework, a backdoor reserved for targeting selected high value victims since at least 2018 via TrickBot and BazarBackdoor (aka BazarLoader), an additiona

The Hacker News

March 01, 2022 – Denial Of Service

Content filtering devices abused for 65x DDoS amplification Full Text

Abstract Researchers have identified an alarming new trend in DDoS attacks that target middlebox devices to attain enormous 6,533% amplification levels. With such an amplification level, threat actors can launch catastrophic attacks with limited bandwidth/equipment.

BleepingComputer

March 1, 2022 – Vulnerabilities

Critical GitLab vulnerability could allow attackers to steal runner registration tokens Full Text

Abstract The vulnerability affects all versions from 12.10 to 14.6.4, all versions starting from 14.7 to 14.7.3, and all versions starting from 14.8 to 14.8.1, according to a security advisory from GitLab.

The Daily Swig

March 01, 2022 – Attack

Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion Full Text

Abstract Update: It's worth noting that the malware Microsoft tracks as FoxBlade is the same as the data wiper that's been denominated HermeticWiper (aka KillDisk). Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade , according to the tech giant's Threat Intelligence Center (MSTIC), noting that it added new signatures to its Defender anti-malware service to detect the exploit within three hours of the discovery. "These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine's economy and beyond its borders in the  2017 NotPetya attack ," Microsoft's President and Vice Chair, Brad Smith,  said . Addition

The Hacker News

March 01, 2022 – Phishing

Hundreds of eBike phishing sites abuse Google Ads to push scams Full Text

Abstract A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands.

BleepingComputer

March 1, 2022 – Education

Introducing the Golden GMSA Attack Full Text

Abstract The attack against Group Managed Service Accounts (gMSA) can allow attackers to dump Key Distribution Service (KDS) root key attributes and generate the password for all the associated gMSAs offline.

Security Boulevard

March 01, 2022 – Attack

China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks Full Text

Abstract A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named  Daxin , as a technologically advanced malware, allowing the attackers to carry out a variety of communications and information-gathering operations aimed at entities in the telecom, transportation, and manufacturing sectors that are of strategic interest to China. "Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control (C2) functionality that enables remote actors to communicate with secured devices not connected directly to the internet," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in an independent advisory. The implant takes the form of a Windows kernel driver that implements an elabor

The Hacker News

March 01, 2022 – Attack

New worm and data wiper malware seen hitting Ukrainian networks Full Text

Abstract Newly discovered malware was deployed in destructive attacks against Ukrainian organizations and governmental networks before and after Russia invaded the country on February 24.

BleepingComputer

March 01, 2022 – Business

‘Help Ukraine’ crypto scams emerge as Ukraine raises over $37 million Full Text

Abstract Scammers are now targeting unsuspecting users via phishing webpages, forum posts, and email links enticing users to "help Ukraine" by donating cryptocurrency. The development follows Ukraine's successful effort of raising over $37 million in crypto donations from all around the world amid the country's ongoing Russian invasion.

BleepingComputer

March 01, 2022 – Attack

Reality Winner’s Twitter account was hacked to target journalists Full Text

Abstract Twitter account of former intelligence specialist, Reality Winner was hacked over the weekend by threat actors looking to target journalists at prominent media organizations. After taking over Winner's verified Twitter account, hackers changed the profile name to "Feedback Team" to impersonate Twitter staff and began sending out DMs.

BleepingComputer

March 1, 2022 – Attack

FoxBlade malware targeted Ukrainian networks hours before Russia’s invasion Full Text

Abstract Microsoft revealed that Ukrainian entities were targeted with a previous undetected malware, dubbed FoxBlade, several hours before the invasion. The Microsoft Threat Intelligence Center (MSTIC) continues to investigate the attacks that are targeting...

Security Affairs

More

Table of contents