
|

|
|
October 2, 2023
|
|
Microsoft Defender no longer flags Tor Browser as malware
For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender. [...] |
October 2, 2023
|
|
Exim patches three of six zero-day bugs disclosed last week
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI), one of them allowing unauthenticated attackers to gain remote code execution. [...] |
October 2, 2023
|
|
New BunnyLoader threat emerges as a feature-rich malware-as-a-service
Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard. [...] |
October 2, 2023
|
|
Ransomware gangs now exploiting critical TeamCity RCE flaw
Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server. [...] |
October 2, 2023
|
|
Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform. [...] |
October 2, 2023
|
|
Arm warns of Mali GPU flaws likely exploited in targeted attacks
Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers. [...] |
October 2, 2023
|
|
Motel One discloses data breach following ransomware attack
The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards. [...] |
October 2, 2023
|
|
FBI warns of surge in 'phantom hacker' scams impacting elderly
The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States. [...] |
October 1, 2023
|
|
Amazon sends Mastercard, Google Play gift card order emails by mistake
Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. [...] |
October 1, 2023
|
|
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang
The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors. [...] |
October 1, 2023
|
|
New Marvin attack revives 25-year-old decryption flaw in RSA
A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been resolved still impacts several widely-used projects today. [...] |
September 30, 2023
|
|
Cloudflare DDoS protections ironically bypassed using Cloudflare
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. [...] |
September 30, 2023
|
|
Microsoft fixes Outlook prompts to reopen closed windows
Microsoft has resolved a known issue that caused Outlook Desktop to unexpectedly prompt users to reopen previously closed windows. [...] |
September 29, 2023
|
|
The Week in Ransomware - September 29th 2023 - Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed. [...] |
September 29, 2023
|
|
Millions of Exim mail servers exposed to zero-day RCE attacks
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers. [...] |
September 29, 2023
|
|
Exploit released for Microsoft SharePoint Server auth bypass flaw
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. [...] |
September 29, 2023
|
|
ShinyHunters member pleads guilty to $6 million in data theft damages
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group. [...] |
September 29, 2023
|
|
Discord is investigating cause of 'You have been blocked' errors
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [...] |
September 29, 2023
|
|
Lazarus hackers breach aerospace firm with new LightlessCan malware
The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor. [...] |
September 28, 2023
|
|
Progress warns of maximum severity WS_FTP Server vulnerability
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software. [...] |
September 28, 2023
|
|
Microsoft breach led to theft of 60,000 US State Dept emails
Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May. [...] |
September 28, 2023
|
|
Bing Chat responses infiltrated by ads pushing malware
Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware. [...] |
September 28, 2023
|
|
FBI: Dual ransomware attack victims now get hit within 48 hours
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days. [...] |
September 28, 2023
|
|
Cisco urges admins to fix IOS software zero-day exploited in attacks
Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild. [...] |
September 28, 2023
|
|
Cisco Catalyst SD-WAN Manager flaw allows remote server access
Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server. [...] |
September 28, 2023
|
|
Security researcher stopped at US border for investigating crypto scam
Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Curry was further served with a 'Grand Jury' subpoena that demanded him to appear in court for testimony. [...] |
June 23, 2022
|
|
Spyware vendor works with ISPs to infect iOS and Android users
Google's Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. [...] |
June 23, 2022
|
|
Microsoft aims to make Edge the go-to browser for gaming
Microsoft wants to make Edge the go-to browser for gaming, with new features unveiled today, including a new gaming portal and the public release of its Clarity boost upscaling feature when using Xbox Cloud Gaming. [...] |
June 23, 2022
|
|
Lithuania warns of rise in DDoS attacks against government sites
The National Cyber Security Center (NKSC) of Lithuania has issued a public warning about a steep increase in distributed denial of service (DDoS) attacks directed against public authorities in the country. [...] |
June 23, 2022
|
|
Malicious Windows 'LNK' attacks made easy with new Quantum builder
Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack. [...] |
June 23, 2022
|
|
Automotive hose maker Nichirin hit by ransomware attack
Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, has been hit by a ransomware attack causing the company to take the network offline. [...] |
June 23, 2022
|
|
Chinese hackers use ransomware as decoy for cyber espionage
Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities. [...] |
June 23, 2022
|
|
New MetaMask phishing campaign uses KYC lures to steal passphrases
A new phishing campaign is targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases. [...] |
June 23, 2022
|
|
Conti ransomware hacking spree breaches over 40 orgs in a month
The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. [...] |
June 22, 2022
|
|
NSA shares tips on securing Windows devices with PowerShell
The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines. [...] |
June 22, 2022
|
|
Chinese hackers target script kiddies with info-stealer trojan
Cybersecurity researchers have discovered a new campaign attributed to the Chinese "Tropic Trooper" hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan. [...] |
June 22, 2022
|
|
Microsoft: Russia stepped up cyberattacks against Ukraine’s allies
Microsoft said today that Russian intelligence agencies have stepped up cyberattacks against governments of countries that have allied themselves with Ukraine after Russia's invasion. [...] |
June 22, 2022
|
|
Privacy-focused Brave Search grew by 5,000% in a year
Brave Search, the browser developer's privacy-centric Internet search engine, is celebrating its first anniversary after surpassing 2.5 billion queries and seeing almost 5,000% growth in a year. [...] |
June 22, 2022
|
|
MEGA fixes critical flaws that allowed the decryption of user data
MEGA has released a security update to address a set of severe vulnerabilities that could have exposed user data, even if the data had been stored in encrypted form. [...] |
June 22, 2022
|
|
June Windows Server 2022 update adds support for WSL2
Microsoft says support for Windows Subsystem for Linux (WSL 2) distros can now be added to any machine running Windows Server 2022 by installing this month's Patch Tuesday updates. [...] |
June 22, 2022
|
|
Microsoft reveals cause behind this week’s Microsoft 365 outage
Microsoft has revealed that this week's Microsoft 365 worldwide outage was caused by an infrastructure power outage that led to traffic management servicing failovers in multiple regions. [...] |
June 22, 2022
|
|
Critical PHP flaw exposes QNAP NAS devices to RCE attacks
QNAP has warned customers today that many of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. [...] |
June 21, 2022
|
|
Yodel parcel company confirms cyberattack is disrupting delivery
Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. [...] |
June 21, 2022
|
|
7-zip now supports Windows ‘Mark-of-the-Web’ security feature
7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files. [...] |
June 21, 2022
|
|
Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware
The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. [...] |
June 21, 2022
|
|
Adobe Acrobat may block antivirus tools from monitoring PDF files
Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. [...] |
June 21, 2022
|
|
Phishing gang behind millions in losses dismantled by police
Members of a phishing gang behind millions of euros in losses were arrested today following a law enforcement operation coordinated by the Europol. [...] |
June 21, 2022
|
|
Massive Cloudflare outage caused by network configuration error
Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience. [...] |
June 21, 2022
|
|
Microsoft 365 outage affects Microsoft Teams and Exchange Online
An ongoing outage is affecting multiple Microsoft 365 services, with customers worldwide reporting delays, sign-in failures, and issues accessing their accounts. [...] |
June 21, 2022
|
|
New ToddyCat APT group targets Exchange servers in Asia, Europe
An advanced persistent threat (APT) group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. [...] |
June 21, 2022
|
|
Icefall: 56 flaws impact thousands of exposed industrial devices
A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments. [...] |
June 20, 2022
|
|
Windows emergency update fixes Microsoft 365 issues on Arm devices
Microsoft has released an out-of-band (OOB) Windows update to address a known issue that would cause Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after installing the June 2022 Patch Tuesday updates. [...] |
June 20, 2022
|
|
New DFSCoerce NTLM Relay attack allows Windows domain takeover
A new Windows NTLM relay attack called DFSCoerce has been discovered that uses MS-DFSNM, Microsoft's Distributed File System, to completely take over a Windows domain. [...] |
June 20, 2022
|
|
Recent Windows Server updates break VPN, RDP, RRAS connections
This month's Windows Server updates are causing a wide range of issues for administrators, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled. [...] |
June 20, 2022
|
|
Flagstar Bank discloses data breach impacting 1.5 million customers
Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack. [...] |
June 20, 2022
|
|
Windows 10 and Windows 11 downloads blocked in Russia
People in Russia can no longer download Windows 10 and Windows 11 ISOs and installation tools from Microsoft, with no reason for the block provided by the company. [...] |
June 20, 2022
|
|
New 'BidenCash' site sells your stolen credit card for just 15 cents
A recently launched carding site called 'BidenCash' is trying to get notoriety by leaking credit card details along with information about their owners. [...] |
June 20, 2022
|
|
Microsoft 365 credentials targeted in new fake voicemail campaign
A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. [...] |
June 19, 2022
|
|
Google Chrome extensions can be fingerprinted to track you online
A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online. [...] |
June 19, 2022
|
|
Android-wiping BRATA malware is evolving into a persistent threat
The threat actors operating the BRATA banking trojan have evolved their tactics and incorporated new information-stealing features into their malware. [...] |
June 18, 2022
|
|
QNAP NAS devices targeted by surge of eCh0raix ransomware attacks
This week a new series of ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices according to user reports and sample submissions on the ID-Ransomware platform. [...] |
June 18, 2022
|
|
Browser extension lets you remove specific sites from search results
The uBlackList browser extension lets you clean up search results by removing specific sites when searching on Google, DuckDuckGo, Bing, and other search engines. [...] |
June 18, 2022
|
|
Wave of 'Matanbuchus' spam is infecting devices with Cobalt Strike
Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. [...] |
June 17, 2022
|
|
The Week in Ransomware - June 17th 2022 - Have I Been Ransomed?
Ransomware operations are constantly evolving their tactics to pressure victims to pay. For example, this week, we saw a new extortion tactic come into play with the creation of dedicated websites to extort victims with searchable data. [...] |
June 17, 2022
|
|
June Windows updates break Microsoft 365 sign-ins on Arm devices
Microsoft is investigating a new known issue causing Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after deploying the June 2022 Windows updates. [...] |
June 17, 2022
|
|
Cisco says it won’t fix zero-day RCE in end-of-life VPN routers
Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. [...] |
June 17, 2022
|
|
New Windows 11 privacy feature lists apps that used your microphone, camera
Microsoft has recently added a new privacy feature that allows Windows 11 users to get a list of all the apps that have recently accessed their sensitive info and devices, including their camera, microphone, and contacts. [...] |
June 17, 2022
|
|
Russian RSocks botnet disrupted after hacking millions of devices
The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide for use as proxy servers. [...] |
June 17, 2022
|
|
QNAP 'thoroughly investigating' new DeadBolt ransomware attacks
Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. [...] |
June 17, 2022
|
|
Microsoft: June Windows updates may break Wi-Fi hotspots
Microsoft is investigating a newly acknowledged issue causing connectivity issues when using Wi-Fi hotspots after deploying Windows updates released during the June 2022 Patch Tuesday. [...] |
June 16, 2022
|
|
Sophos Firewall zero-day bug exploited weeks before fix
Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. [...] |
June 16, 2022
|
|
iCloud hacker gets 9 years in prison for stealing nude photos
A California man who hacked thousands of Apple iCloud accounts was sentenced to 8 years in prison after pleading guilty to conspiracy and computer fraud in October 2021. [...] |
June 16, 2022
|
|
New MaliBot Android banking malware spreads as a crypto miner
Threat analysts have discovered a new Android malware strain named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain. [...] |
June 16, 2022
|
|
730K WordPress sites force-updated to patch critical plugin bug
WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. [...] |
June 16, 2022
|
|
Anker Eufy smart home hubs exposed to RCE attacks by critical flaw
Anker's central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw. [...] |
June 16, 2022
|
|
New cloud-based Microsoft Defender for home now generally available
Microsoft has announced today the general availability of Microsoft Defender for individuals, the company's new security solution for personal phones and computers. [...] |
June 16, 2022
|
|
MetaMask, Phantom warn of flaw that could steal your crypto wallets
MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it. [...] |
June 16, 2022
|
|
Revisit Your Password Policies to Retain PCI Compliance
Organizations that are subject to the PCI regulations must carefully consider how best to address these new requirements. Some of the requirements are relatively easy to address. Even so, some of the new requirements go beyond what Windows native security mechanisms are capable of. Here is what you need to know. [...] |
June 16, 2022
|
|
Microsoft Office 365 feature can help cloud ransomware attacks
Security researchers are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management and storage. [...] |
June 15, 2022
|
|
Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike
The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. [...] |
June 15, 2022
|
|
Cisco Secure Email bug can let attackers bypass authentication
Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. [...] |
June 15, 2022
|
|
Zimbra bug allows stealing email logins with no user interaction
Zimbra and SonarSource proceeded to the coordinated disclosure of a high-severity vulnerability that allows unauthenticated attackers to steal cleartext credentials from Zimbra without any user interaction. [...] |
June 15, 2022
|
|
Extortion gang ransoms Shoprite, largest supermarket chain in Africa
Shoprite Holdings, Africa's largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. [...] |
June 15, 2022
|
|
Microsoft: Windows update to permanently disable Internet Explorer
Microsoft confirmed today that a future Windows update will permanently disable the Internet Explorer web browser on users' systems. [...] |
June 15, 2022
|
|
Citrix warns critical bug can let attackers reset admin passwords
Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords. [...] |
June 15, 2022
|
|
Interpol seizes $50 million, arrests 2000 social engineers
An international law enforcement operation, codenamed 'First Light 2022,' has seized 50 million dollars and arrested thousands of people involved in social engineering scams worldwide. [...] |
June 15, 2022
|
|
InQuest Labs: Man + Machine vs Business Email Compromise (BEC)
Attackers only have to be right once while defenders need to be right 100% of the time. To help combat this asymmetric disadvantage, InQuest provides an open research portal that combines crowdsourced efforts with machine learning to combat the likes of Bumblebee and other BEC related threats. [...] |
June 15, 2022
|
|
New peer-to-peer botnet infects Linux servers with cryptominers
A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. [...] |
June 15, 2022
|
|
Microsoft: June Windows Server updates may cause backup issues
Microsoft says that some applications might fail to backup data using Volume Shadow Copy Service (VSS) after applying the June 2022 Patch Tuesday Windows updates. [...] |
June 15, 2022
|
|
Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs
For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub. [...] |
June 14, 2022
|
|
Ransomware gang creates site for employees to search for their stolen data
The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack [...] |
June 14, 2022
|
|
New Hertzbleed side-channel attack affects Intel, AMD CPUs
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS). [...] |
June 14, 2022
|
|
Android malware on the Google Play Store gets 2 million downloads
Cybersecurity researchers have discovered adware and information-stealing malware on the Google Play Store last month, with at least five still available and having amassed over two million downloads. [...] |
June 14, 2022
|
|
Windows 11 KB5014697 update adds Spotlight for Desktop, fixes 33 bugs
Microsoft has released the Windows 11 KB5014697 cumulative update with security updates, improvements, and the new Spotlight for Desktop feature that automatically changes your desktop background. [...] |
June 14, 2022
|
|
Windows 10 KB5014699 and KB5014692 updates released
Microsoft has released the Windows 10 KB5014699 and KB5014692 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve bugs. [...] |
June 14, 2022
|
|
Microsoft patches actively exploited Follina Windows zero-day
Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. [...] |
June 14, 2022
|
|
Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws
Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. [...] |
June 14, 2022
|
|
Owner of ‘DownThem’ DDoS service gets 2 years in prison
Matthew Gatrel, 33, a citizen of Illinois, has been sentenced to two years in prison for operating platforms offering DDoS (distributed denial of service) services to subscribers. [...] |
June 14, 2022
|
|
Firefox now blocks cross-site tracking by default for all users
Mozilla says that starting today, all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. [...] |
June 14, 2022
|
|
Cloudflare mitigates record-breaking HTTPS DDoS attack
Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date. [...] |
June 13, 2022
|
|
Kaiser Permanente data breach exposes health data of 69K people
Kaiser Permanente, one of America's leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. [...] |
June 13, 2022
|
|
Gallium hackers backdoor finance, govt orgs using new PingPull malware
The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa. [...] |
June 13, 2022
|
|
Internet Explorer (almost) breathes its final byte on Wednesday
Microsoft will finally end support for Internet Explorer on multiple Windows versions on Wednesday, June 15, almost 27 years after its launch on August 24, 1995. [...] |
June 13, 2022
|
|
Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto
Security researchers have uncovered a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services. [...] |
June 13, 2022
|
|
Metasploit 6.2.0 improves credential theft, SMB support features, more
Metasploit 6.2.0 has been released with 138 new modules, 148 new improvements/features, and 156 bug fixes since version 6.1.0 was released in August 2021. [...] |
June 13, 2022
|
|
Microsoft: Exchange servers hacked to deploy BlackCat ransomware
Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. [...] |
June 13, 2022
|
|
New Syslogk Linux rootkit uses magic packets to trigger backdoor
A new rootkit malware named 'Syslogk' has been spotted in the wild, and it features advanced process and file hiding techniques that make detection highly unlikely. [...] |
June 13, 2022
|
|
Russian hackers start targeting Ukraine with Follina exploits
Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...] |
June 12, 2022
|
|
PyPI package 'keep' mistakenly included a password stealer
PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to contain a password-stealer and a backdoor due to the presence of malicious 'request' dependency within some versions. [...] |
June 12, 2022
|
|
New Vytal Chrome extension hides location info that your VPN can't
A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. [...] |
June 12, 2022
|
|
Hello XD ransomware now drops a backdoor while encrypting
Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. [...] |
June 11, 2022
|
|
WiFi probing exposes smartphone users to tracking, info leaks
Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby's WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it. [...] |
June 11, 2022
|
|
Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware
Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. [...] |
June 10, 2022
|
|
The Week in Ransomware - June 10th 2022 - Targeting Linux
It has been relatively quiet this week with many companies and researchers at the RSA conference. However, we still had some interesting ransomware reports released this week. [...] |
June 10, 2022
|
|
New PACMAN hardware attack targets Macs with Apple M1 CPUs
A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. [...] |
June 10, 2022
|
|
Iranian hackers target energy sector with new DNS backdoor
The Iranian Lycaeum APT hacking group uses a new .NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors. [...] |
June 10, 2022
|
|
Hackers exploit recently patched Confluence bug for cryptomining
A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. [...] |
June 9, 2022
|
|
Microsoft starts rolling out Windows 11 File Explorer tabs
Microsoft is finally rolling out the new File Explorer tabbed interface with the release of Windows 11 Insider Preview Build 25136 to the Dev Channel. [...] |
June 9, 2022
|
|
Bizarre ransomware sells decryptor on Roblox Game Pass store
A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service's in-game Robux currency. [...] |
June 9, 2022
|
|
New Notepad, Media Player updates out for Windows 11 Insiders
Microsoft has announced that the Windows 11 Notepad and Media Player applications are getting some new updates for Windows Insiders. [...] |
June 9, 2022
|
|
Microsoft Defender now isolates hacked, unmanaged Windows devices
Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network. [...] |
June 9, 2022
|
|
Vice Society ransomware claims attack on Italian city of Palermo
The Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage. [...] |
June 9, 2022
|
|
Dark web sites selling Western weapons allegedly sent to Ukraine
Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders. [...] |
June 9, 2022
|
|
New Symbiote malware infects all running processes on Linux systems
Threat analysts have discovered a new malware targeting Linux systems that operates as a symbiote in the host, blending perfectly with running processes and network traffic to steal account credentials and give its operators backdoor access. [...] |
June 9, 2022
|
|
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade
A previously unknown Chinese-speaking threat actor has been uncovered by threat analysts SentinelLabs who were able to link it to malicious activity going as far back as 2013. [...] |
June 8, 2022
|
|
Kali Linux team to stream free penetration testing course on Twitch
Offensive Security, the creators of Kali Linux, announced today that they would be offering free access to their live-streamed 'Penetration Testing with Kali Linux (PEN-200/PWK)' training course later this month. [...] |
June 8, 2022
|
|
Massive Facebook Messenger phishing operation generates millions
Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements. [...] |
June 8, 2022
|
|
Linux botnets now exploit critical Atlassian Confluence bug
Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs. [...] |
June 8, 2022
|
|
Emotet malware now steals credit cards from Google Chrome users
The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. [...] |
June 8, 2022
|
|
Cuba ransomware returns to extorting victims with updated encryptor
The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks. [...] |
June 8, 2022
|
|
Poisoned CCleaner search results spread information-stealing malware
Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program. [...] |
June 7, 2022
|
|
Surfshark, ExpressVPN pull out of India over data retention laws
Surfshark announced today they are shutting down its VPN (virtual private network) services in India in response to the new requirements in the country that demand all providers to keep customer logs for 180 days. [...] |
June 7, 2022
|
|
Telegram to soon launch its premium plan at $4.99 per month
In addition to official advertisements in the messaging app, Telegram is also bringing a new premium subscription to the messaging app. [...] |
June 7, 2022
|
|
US seizes SSNDOB market for selling personal info of 24 million people
SSNDOB, an online marketplace that sold the names, social security numbers, and dates of birth of approximately 24 million US people, has been taken offline following an international law enforcement operation. [...] |
June 7, 2022
|
|
US: Chinese govt hackers breached telcos to snoop on network traffic
Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. [...] |
June 7, 2022
|
|
New SVCReady malware loads from Word doc properties
A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. [...] |
June 7, 2022
|
|
Qbot malware now uses Windows MSDT zero-day in phishing attacks
A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. [...] |
June 7, 2022
|
|
Linux version of Black Basta ransomware targets VMware ESXi servers
Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers. [...] |
June 7, 2022
|
|
Windows 11 22H2 closer to release, lands in the Release channel
Microsoft has moved Windows 11, version 22H2, to the Windows Insider Release channel, indicating that it is in its final round of testing before it's likely released this fall. [...] |
June 7, 2022
|
|
New ‘DogWalk’ Windows zero-day bug gets free unofficial patches
Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform. [...] |
June 7, 2022
|
|
Online gun shops in the US hacked to steal credit cards
Rainier Arms and Numrich Gun Parts, two American gun shops that operate e-commerce sites on rainierarms.com and gunpartscorp.com, have disclosed data breach incidents resulting from card skimmer infections on their sites. [...] |
June 7, 2022
|
|
Shields Health Care Group data breach affects 2 million patients
Shields Health Care Group (Shields) suffered a data breach that exposed the data of approximately 2,000,000 people in the United States after hackers breached their network and stole data. [...] |
June 7, 2022
|
|
Why Netflix isn't the Only One Bummed About Password Sharing
Carnegie Mellen found that as much as 28% of end-users willingly share passwords with others, and a Specops study found that of those who share passwords 21% of people don't know who else their password has been shared with. That's a lot of sharing going on. [...] |
June 7, 2022
|
|
Android June 2022 updates bring fix for critical RCE vulnerability
Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical. [...] |
June 6, 2022
|
|
QBot now pushes Black Basta ransomware in bot-powered attacks
The Black Basta ransomware gang has partnered with the QBot malware operation to gain spread laterally through hacked corporate environments. [...] |
June 6, 2022
|
|
Mandiant: “No evidence” we were hacked by LockBit ransomware
American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data. [...] |
June 6, 2022
|
|
Microsoft bug banned Rewards accounts when redeeming points
Microsoft has fixed a bug where the Microsoft Rewards accounts of customers who redeemed points would get suspended without warning. [...] |
June 6, 2022
|
|
Ransomware gangs now give victims time to save their reputation
Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries. [...] |
June 6, 2022
|
|
Windows zero-day exploited in US local govt phishing attacks
European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [...] |
June 6, 2022
|
|
Italian city of Palermo shuts down all systems to fend off cyberattack
The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists. [...] |
June 5, 2022
|
|
Exploit released for Atlassian Confluence RCE bug, patch now
Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend. [...] |
June 5, 2022
|
|
Evasive phishing mixes reverse tunnels and URL shortening services
Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop. [...] |
June 5, 2022
|
|
Microsoft: Windows Autopatch now available for public preview
Microsoft has announced this week that Windows Autopatch, a service to automatically keep Windows and Microsoft 365 software up to date in enterprise environments, has now reached public preview. [...] |
June 4, 2022
|
|
Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack
Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab's Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam. [...] |
June 4, 2022
|
|
Windows 11 'Restore Apps' feature will make it easier to set up new PCs
Microsoft is working on a new 'Restore Apps' feature for Windows 11 that will allow users to quickly reinstall all of their previously installed apps from the Microsoft Store on a new or freshly installed PC. [...] |
June 4, 2022
|
|
Apple blocked 1.6 millions apps from defrauding users in 2021
Apple said this week that it blocked more than 343,000 iOS apps were blocked by the App Store App Review team for privacy violations last year, while another 157,000 were rejected for attempting to mislead or spamming iOS users. [...] |
June 4, 2022
|
|
SMSFactory Android malware sneakily subscribes to premium services
Security researchers are warning of an Android malware named SMSFactory that adds unwanted costs to the phone bill by subscribing victims to premium services. [...] |
June 3, 2022
|
|
The Week in Ransomware - June 3rd 2022 - Evading sanctions
Ransomware gangs continue to evolve their operations as victims refuse to pay ransoms due to sanctions or other reasons. [...] |
June 3, 2022
|
|
Novartis says no sensitive data was compromised in cyberattack
Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. [...] |
June 3, 2022
|
|
WatchDog hacking group launches new Docker cryptojacking campaign
The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software. [...] |
June 3, 2022
|
|
Atlassian fixes Confluence zero-day widely exploited in attacks
Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers. [...] |
June 3, 2022
|
|
Americans report losing over $1 billion to cryptocurrency scams
The U.S. Federal Trade Commission (FTC) says over 46,000 people Americans have reported losing more than $1 billion worth of cryptocurrency to scams between January 2021 and March 2022. [...] |
June 3, 2022
|
|
Microsoft disrupts Bohrium hackers’ spear-phishing operation
The Microsoft Digital Crimes Unit (DCU) has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India. [...] |
June 3, 2022
|
|
GitLab security update fixes critical account take over flaw
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover. [...] |
June 2, 2022
|
|
Critical Atlassian Confluence zero-day actively used in attacks
Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. [...] |
June 2, 2022
|
|
Windows 10 KB5014023 update fixes slow copying, app crashes
Microsoft has released optional cumulative update previews for Windows 10 versions 20H2, 21H1, and 21H2, with fixes for slow file copying and applications crashing due to Direct3D issues. [...] |
June 2, 2022
|
|
Top 10 Android banking trojans target apps with 1 billion downloads
The ten most prolific Android mobile banking trojans target 639 financial applications that collectively have over one billion downloads on the Google Play Store. [...] |
June 2, 2022
|
|
Evil Corp switches to LockBit ransomware to evade sanctions
The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC). [...] |
June 2, 2022
|
|
Ransomware gang now hacks corporate websites to show ransom notes
A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes. [...] |
June 2, 2022
|
|
Microsoft blocks Polonium hackers from using OneDrive in attacks
Microsoft said it blocked a Lebanon-based hacking group it tracks as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israelian organizations. [...] |
June 2, 2022
|
|
Chinese LuoYu hackers deploy cyber-espionage malware via app updates
A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. [...] |
June 2, 2022
|
|
Conti ransomware targeted Intel firmware for stealthy attacks
Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [...] |
June 2, 2022
|
|
Clipminer malware gang stole $1.7M by hijacking crypto payments
Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. [...] |
June 2, 2022
|
|
Foxconn confirms ransomware attack disrupted production in Mexico
Foxconn electronics manufacturer has confirmed that one of its Mexico-based production plants has been impacted by a ransomware attack in late May. [...] |
June 1, 2022
|
|
New Windows Search zero-day added to Microsoft protocol nightmare
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. [...] |
June 1, 2022
|
|
Former OpenSea head of product charged with NFT insider trading
Nathaniel Chastain, a former product manager at OpenSea, the largest online non-fungible token (NFT) marketplace, has been arrested and charged by the U.S. Department of Justice (DOJ) with NFT insider trading. [...] |
June 1, 2022
|
|
Hundreds of Elasticsearch databases targeted in ransom attacks
A campaign targeting poorly secured Elasticsearch databases has deleted their contents and dropped ransom notes on 450 instances, demanding a payment of $620 to give them back their indexes, totaling a demand of $279,000. [...] |
June 1, 2022
|
|
FBI seizes domains used to sell stolen data, DDoS services
The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and to provide DDoS attack services. [...] |
June 1, 2022
|
|
US govt: Paying Karakurt extortion ransoms won’t stop data leaks
Several U.S. federal agencies warned organizations today against paying ransom demands made by the Karakurt gang since that will not prevent their stolen data from being sold to others. [...] |
June 1, 2022
|
|
RuneScape phishing steals accounts and in-game item bank PINs
Cybersecurity researchers have discovered a new RuneScape-themed phishing campaign, and it stands out among the various operations for being exceptionally well-crafted. [...] |
June 1, 2022
|
|
Windows MSDT zero-day vulnerability gets free unofficial patch
A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.' [...] |
June 1, 2022
|
|
FluBot Android malware operation shutdown by law enforcement
Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. [...] |
June 1, 2022
|
|
SideWinder hackers plant fake Android VPN app in Google Play Store
Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting. [...] |
June 1, 2022
|
|
Ransomware attacks need less than four days to encrypt systems
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. [...] |
June 1, 2022
|
|
Telegram’s blogging platform abused in phishing attacks
Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials. [...] |
May 31, 2022
|
|
Hackers steal WhatsApp accounts using call forwarding trick
There's a trick that allows attackers to hijack a victim's WhatsApp account and gain access to personal messages and contact list. [...] |
May 31, 2022
|
|
Windows MSDT zero-day now exploited by Chinese APT hackers
Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems. [...] |
May 31, 2022
|
|
Over 3.6 million MySQL servers found exposed on the Internet
Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists. [...] |
May 31, 2022
|
|
FBI warns of Ukrainian charities impersonated to steal donations
Scammers are claiming to be collecting donations to help Ukrainian refugees and war victims while impersonating legitimate Ukrainian humanitarian aid organizations, according to the Federal Bureau of Investigation (FBI). [...] |
May 31, 2022
|
|
Costa Rica’s public health agency hit by Hive ransomware
All computer systems on the network of Costa Rica's public health service (known as Costa Rican Social Security Fund or CCCS) are now offline following a Hive ransomware attack that hit them this morning. [...] |
May 31, 2022
|
|
New XLoader botnet uses probability theory to hide its servers
Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation. [...] |
May 31, 2022
|
|
Aligning Your Password Policy enforcement with NIST Guidelines
Although most organizations are not required by law to comply with NIST standards, it is usually in an organization's best interest to follow NIST's cybersecurity standards. This is especially true for NIST's password guidelines. [...] |
May 31, 2022
|
|
Microsoft shares mitigation for Office zero-day exploited in attacks
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. [...] |
May 30, 2022
|
|
Vodafone plans carrier-level user tracking for targeted ads
Vodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level. [...] |
May 30, 2022
|
|
Italy warns organizations to brace for incoming DDoS attacks
The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday. [...] |
May 30, 2022
|
|
Google quietly bans deepfake training projects on Colab
Google has quietly banned deepfake projects on its Colaboratory (Colab) service, putting an end to the large-scale utilization of the platform's resources for this purpose. [...] |
May 30, 2022
|
|
Three Nigerians arrested for malware-assisted financial crimes
Interpol has announced the arrest of three Nigerian men in Lagos, who are suspected of using remote access trojans (RATs) to reroute financial transactions and steal account credentials. [...] |
May 30, 2022
|
|
New Microsoft Office zero-day used in attacks to execute PowerShell
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. [...] |
May 29, 2022
|
|
EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws
EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. [...] |
May 29, 2022
|
|
Mobile trojan detections rise as malware distribution level declines
Kaspersky's quarterly report on mobile malware distribution records a downward trend that started at the end of 2020, detecting one-third of the malicious installations reported in Q1 2021, and about 85% of those counted in Q4 2021. [...] |
May 29, 2022
|
|
New Yorker imprisoned for role in carding group behind $568M damages
John Telusma, a 37-year-old man from New York, was sentenced to four years in prison for selling and using stolen and compromised credit cards on the Infraud carding portal operated by the transnational cybercrime organization with the same name. [...] |
May 28, 2022
|
|
Microsoft: The new Windows 11 features from Build 2022
During the Build 2022 developer conference, Microsoft announced a number of new features for Windows 11, including an improved Windows Subsystem for Android (WSA) and more. [...] |
May 28, 2022
|
|
Clop ransomware gang is back, hits 21 victims in a single month
After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back according to NCC Group researchers. [...] |
May 28, 2022
|
|
New Windows Subsystem for Linux malware steals browser auth cookies
Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. [...] |
May 27, 2022
|
|
FBI warns of hackers selling credentials for U.S. college networks
Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States. [...] |
May 27, 2022
|
|
GitHub: Attackers stole login details of 100K npm user accounts
GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. [...] |
May 27, 2022
|
|
Microsoft finds severe bugs in Android apps from large mobile providers
Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers. [...] |
May 27, 2022
|
|
Microsoft to force better security defaults for all Azure AD tenants
Microsoft has announced that it will force enable stricter secure default settings known as 'security defaults' on all existing Azure Active Directory (Azure AD) tenants starting in late June 2022. [...] |
May 27, 2022
|
|
BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state
Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems. [...] |
May 26, 2022
|
|
Intuit warns of QuickBooks phishing threatening to suspend accounts
Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings. [...] |
May 26, 2022
|
|
Microsoft: Windows 11 22H2 has reached RTM with build 22621
Microsoft's Windows Hardware Compatibility Program has confirmed that Windows 11 22H2 build 22621 is the Released to Manufacturing (RTM) build, meaning that the development of Window's 11 next feature update is ready for release. [...] |
May 26, 2022
|
|
Windows 11 KB5014019 breaks Trend Micro ransomware protection
This week's Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micro's security products that breaks some of their capabilities, including the ransomware protection feature. [...] |
May 26, 2022
|
|
OAS platform vulnerable to critical RCE and API access flaws
Threat analysts have disclosed vulnerabilities affecting the Open Automation Software (OAS) platform, leading to device access, denial of service, and remote code execution. [...] |
May 26, 2022
|
|
Exploit released for critical VMware auth bypass bug, patch now
Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges. [...] |
May 26, 2022
|
|
Microsoft shares mitigation for Windows KrbRelayUp LPE attacks
Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. [...] |
May 26, 2022
|
|
Zyxel warns of flaws impacting firewalls, APs, and controllers
Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. [...] |
May 26, 2022
|
|
Google shut down caching servers at two Russian ISPs
Two Russian internet service providers (ISPs) have received notices from Google that the global caching servers on their network have been disabled. [...] |
May 26, 2022
|
|
Industrial Spy data extortion market gets into the ransomware game
The Industrial Spy data extortion marketplace has now launched its own ransomware operation, where they now also encrypt victim's devices. [...] |
May 26, 2022
|
|
New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps
The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets. [...] |
May 25, 2022
|
|
FTC fines Twitter $150M for using 2FA info for targeted advertising
The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising. [...] |
May 25, 2022
|
|
Microsoft adds support for WSL2 distros on Windows Server 2022
Microsoft has announced that Windows Subsystem for Linux (WSL2) distros are now supported on Windows Server 2022 after installing this week's cumulative update previews. [...] |
May 25, 2022
|
|
New ‘Cheers’ Linux ransomware targets VMware ESXi servers
A new ransomware named 'Cheers' has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers. [...] |
May 25, 2022
|
|
Microsoft adds Office subscriptions to Windows 11 account settings
Microsoft has improved the account settings in the latest Windows 11 preview build, a settings page that now lists Office subscriptions linked to the user's Microsoft 365 account. [...] |
May 25, 2022
|
|
New ChromeLoader malware surge threatens browsers worldwide
The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat. [...] |
May 25, 2022
|
|
Tails 5.0 Linux users warned against using it "for sensitive information"
Tails developers have warned users to stop using the portable Debian-based Linux distro until the next release if they're entering or accessing sensitive information using the bundled Tor Browser application. [...] |
May 25, 2022
|
|
Darknet market Versus shuts down after hacker leaks security flaw
The Versus Market, one of the most popular English-speaking criminal darknet markets, is shutting down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers. [...] |
May 25, 2022
|
|
Is 100% Cybersecurity Readiness Possible? Medical Device Pros Weigh In
As medical devices become more connected and reliant on software, their codebase grows both in size and complexity, and they are increasingly reliant on third-party and open source software components. Learn more from 150 senior decision makers who oversee product security or cybersecurity compliance in the medical device industry, [...] |
May 25, 2022
|
|
Hacker says hijacking libraries, stealing AWS keys was ethical research
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended. [...] |
May 25, 2022
|
|
Interpol arrests alleged leader of the SilverTerrier BEC gang
After a year-long investigation that involved Interpol and several cybersecurity companies, the Nigeria Police Force has arrested an individual believed to be in the top ranks of a prominent business email compromise (BEC) group known as SilverTerrier or TMT. [...] |
May 25, 2022
|
|
SpiceJet airline passengers stranded after ransomware attack
Indian low-cost airline SpiceJet has informed its customers of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures today. [...] |
May 25, 2022
|
|
BPFDoor malware uses Solaris vulnerability to get root privileges
New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. [...] |
May 24, 2022
|
|
Windows 11 KB5014019 update fixes app crashes, slow copying
Microsoft has released optional cumulative update previews for Windows 11, Windows 10 version 1809, and Windows Server 2022, with fixes for Direct3D issues impacting client and server systems. [...] |
May 24, 2022
|
|
DuckDuckGo browser allows Microsoft trackers due to search agreement
The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. [...] |
May 24, 2022
|
|
Mozilla fixes Firefox, Thunderbird zero-days exploited at Pwn2Own
Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. [...] |
May 24, 2022
|
|
Hackers target Russian govt with fake Windows updates pushing RATs
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware. [...] |
May 24, 2022
|
|
Microsoft: Credit card stealers are getting much stealthier
Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code. [...] |
May 24, 2022
|
|
CISA adds 41 vulnerabilities to list of bugs used in cyberattacks
The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR. [...] |
May 24, 2022
|
|
US Senate: Govt’s ransomware fight hindered by limited reporting
A report published today by U.S. Senator Gary Peters, Chairman of the Senate Homeland Security and Governmental Affairs Committee, says law enforcement and regulatory agencies lack insight into ransomware attacks to fight against them effectively. [...] |
May 24, 2022
|
|
Screencastify Chrome extension flaws allow webcam hijacks
The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders. [...] |
May 24, 2022
|
|
Trend Micro fixes bug Chinese hackers exploited for espionage
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware. [...] |
May 24, 2022
|
|
Researchers to release exploit for new VMware auth bypass, patch now
Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. [...] |
May 24, 2022
|
|
Popular PyPI and PHP libraries hijacked to steal AWS keys
PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. Additionally, versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets. [...] |
May 23, 2022
|
|
GM credential stuffing attack exposed car owners' personal info
US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed customer information and allowed hackers to redeem rewards points for gift cards. [...] |
May 23, 2022
|
|
Fake Windows exploits target infosec community with Cobalt Strike
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. [...] |
May 23, 2022
|
|
Photos of abused victims used in new ID verification scam
Scammers are now leveraging dating apps like Tinder and Grindr to pose themselves as former victims of physical abuse to gain your trust and sympathy and sell you "ID verification" services. BleepingComputer came across multiple instances of users on online dating apps being approached by these catfishing profiles. [...] |
May 23, 2022
|
|
Hackers can hack your online accounts before you even register them
Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. [...] |
May 23, 2022
|
|
New RansomHouse group sets up extortion market, adds first victims
Yet another data-extortion cybercrime operation has appeared on the darknet named 'RansomHouse' where threat actors publish evidence of stolen files and leak data of organizations that refuse to make a ransom payment. [...] |
May 23, 2022
|
|
Russian hackers perform reconnaissance against Austria, Estonia
In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College. [...] |
May 22, 2022
|
|
Elon Musk deep fakes promote new cryptocurrency scam
Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency. [...] |
May 22, 2022
|
|
PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. [...] |
May 22, 2022
|
|
Microsoft tests new Windows 11 Desktop search that only works with Edge
Microsoft is testing a new feature in the latest Windows 11 preview build that displays an Internet search box directly on the desktop. The problem is that it does not honor your default browser and only uses Bing and Microsoft Edge instead. [...] |
May 22, 2022
|
|
Google: Predator spyware infected Android devices using zero-days
Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox. [...] |
May 21, 2022
|
|
Ransomware attack exposes data of 500,000 Chicago students
The Chicago Public Schools has suffered a massive data breach that exposed the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack in December. [...] |
May 21, 2022
|
|
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. [...] |
May 21, 2022
|
|
Windows 11 hacked three more times on last day of Pwn2Own contest
On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits. [...] |
May 20, 2022
|
|
The Week in Ransomware - May 20th 2022 - Another one bites the dust
Ransomware attacks continue to slow down, likely due to the invasion of Ukraine, instability in the region, and subsequent worldwide sanctions against Russia. [...] |
May 20, 2022
|
|
Cisco urges admins to patch IOS XR zero-day exploited in attacks
Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely gain access to Redis instances running in NOSi Docker containers. [...] |
May 20, 2022
|
|
Microsoft disables telemetry in Windows 11 Subsystem for Android by default
Microsoft has updated the Windows Subsystem for Android in Windows 11 to make telemetry collection optional and announced an upgrade to Android 12.1. [...] |
May 20, 2022
|
|
Backdoor baked into premium school management plugin for WordPress
Security researchers have discovered a backdoor in a premium WordPress plugin built as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating. [...] |
May 20, 2022
|
|
Emergency Windows 10 updates fix Microsoft Store app issues
Microsoft has released out-of-band (OOB) updates on Thursday evening to address a newly acknowledged issue impacting Microsoft Store apps. [...] |
May 20, 2022
|
|
Windows 11 hacked again at Pwn2Own, Telsa Model 3 also falls
During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft's Windows 11 OS again and demoed zero-days in Tesla Model 3's infotainment system. [...] |
May 20, 2022
|
|
Russian Sberbank says it’s facing massive waves of DDoS attacks
Sberbank's vice president and director of cybersecurity, Sergei Lebed, has told participants of the Positive Hack Days forum that the company is going through a period of unprecedented targeting by hackers. [...] |
May 20, 2022
|
|
Canada bans Huawei and ZTE from 5G networks over security concerns
The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks. [...] |
May 19, 2022
|
|
Conti ransomware shuts down operation, rebrands into smaller units
The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more. [...] |
May 19, 2022
|
|
Netgear fixes bad Orbi firmware update that locked admin console
Netgear is pushing out fixes for a bad Orbi firmware update released earlier this month that prevents users from accessing the device's admin console. [...] |
May 19, 2022
|
|
Microsoft emergency updates fix Windows AD authentication issues
Microsoft has released emergency out-of-band (OOB) updates to address Active Directory (AD) authentication issues after installing Windows Updates issued during the May 2022 Patch Tuesday on domain controllers. [...] |
May 19, 2022
|
|
Media giant Nikkei’s Asian unit hit by ransomware attack
Publishing giant Nikkei disclosed that the group's headquarters in Singapore was hit by a ransomware attack almost one week ago, on May 13th. [...] |
May 19, 2022
|
|
Microsoft detects massive surge in Linux XorDDoS malware activity
A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today. [...] |
May 19, 2022
|
|
U.S. DOJ will no longer prosecute ethical hackers under CFAA
The U.S. Department of Justice (DOJ) has announced a revision of its policy on how federal prosecutors should charge violations of the Computer Fraud and Abuse Act (CFAA), carving out "good-fath" security research from being prosecuted. [...] |
May 19, 2022
|
|
Lazarus hackers target VMware servers with Log4Shell exploits
The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers. [...] |
May 19, 2022
|
|
Phishing websites now use chatbots to steal your credentials
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors. [...] |
May 19, 2022
|
|
Microsoft Teams, Windows 11 hacked on first day of Pwn2Own
During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform. [...] |
May 19, 2022
|
|
QNAP alerts NAS customers of new DeadBolt ransomware attacks
Taiwan-based network-attached storage (NAS) maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads. [...] |
May 19, 2022
|
|
Ransomware gangs rely more on weaponizing vulnerabilities
Security researchers are warning that external remote access services continue to be the main vector for ransomware gangs to breach company networks. [...] |
May 18, 2022
|
|
Microsoft releases first ISO image for new Windows 11 Dev builds
Microsoft has released the first ISO image for the new Windows 11 Preview builds in the Dev channel, allowing Windows Insiders to perform clean installs of the operating system. [...] |
May 18, 2022
|
|
Spanish police dismantle phishing gang that emptied bank accounts
The Spanish police have announced the arrest of 13 people and the launch of investigations on another 7 for their participation in a phishing ring that defrauded at least 146 people. [...] |
May 18, 2022
|
|
Critical Jupiter WordPress plugin flaws let hackers take over sites
WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw. [...] |
May 18, 2022
|
|
National bank hit by ransomware trolls hackers with dick pics
After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination). [...] |
May 18, 2022
|
|
US recovers $15 million from global Kovter ad fraud operation
The US government has recovered over $15 million from Swiss bank accounts belonging to operators behind the '3ve' online advertising fraud scheme. [...] |
May 18, 2022
|
|
DHS orders federal agencies to patch VMware bugs within 5 days
The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch (FCEB) agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks. [...] |
May 18, 2022
|
|
Chinese ‘Space Pirates’ are hacking Russian aerospace firms
A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems. [...] |
May 18, 2022
|
|
VMware patches critical auth bypass flaw in multiple products
VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges. [...] |
May 18, 2022
|
|
CISA shares guidance to block ongoing F5 BIG-IP attacks
In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability (CVE-2022-1388). [...] |
May 18, 2022
|
|
Fake crypto sites lure wannabe thieves by spamming login credentials
Threat actors are luring potential thieves by spamming login credentials for other people account's on fake crypto trading sites, illustrating once again, that there is no honor among thieves. [...] |
May 18, 2022
|
|
Microsoft warns of brute-force attacks targeting MSSQL servers
Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords. [...] |
May 17, 2022
|
|
North Korean devs pose as US freelancers and aid DRPK govt hackers
The U.S. government is warning that the Democratic People's Republic of Korea (DPRK) is dispatching its IT workers to get freelance jobs at companies across the world to obtain privileged access that is sometimes used to facilitate cyber intrusions. [...] |
May 17, 2022
|
|
Microsoft: Windows Server 20H2 reaches end of service in August
Microsoft has reminded customers today that Windows Server, version 20H2 will be reaching the end of service (EOS) on August 9, 2022. [...] |
May 17, 2022
|
|
NVIDIA fixes ten vulnerabilities in Windows GPU display drivers
NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities in its GPU drivers. [...] |
May 17, 2022
|
|
Microsoft Defender for Endpoint gets new troubleshooting mode
Microsoft says Defender for Endpoint now comes with a new 'troubleshooting mode' that will help Windows admins test Defender Antivirus performance and run compatibility scenarios without getting blocked by tamper protection. [...] |
May 17, 2022
|
|
Cybersecurity agencies reveal top initial access attack vectors
A joint security advisory issued by multiple national cybersecurity authorities revealed today the top 10 attack vectors most exploited by threat actors for breaching networks. [...] |
May 17, 2022
|
|
Hackers can steal your Tesla Model 3, Y using new Bluetooth attack
Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices. [...] |
May 17, 2022
|
|
What is ISO 27001 and Why it Matters for Compliance Standards
ISO 27001 may seem like a big undertaking, but the certification can pay off in more ways than one—including overlap with compliance regulations. Read about the benefits of ISO 27001 and how to get started. [...] |
May 17, 2022
|
|
CISA warns admins to patch actively exploited Spring, Zyxel bugs
The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. [...] |
May 17, 2022
|
|
Hackers target Tatsu WordPress plugin in millions of attacks
Hackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites. [...] |
May 16, 2022
|
|
HTML attachments remain popular among phishing actors in 2022
HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves. [...] |
May 16, 2022
|
|
Third-party web trackers log what you type before submitting
An extensive study looking into the top 100k ranking websites has revealed that many are leaking information you enter in the site forms to third-party trackers before you even press submit. [...] |
May 16, 2022
|
|
US links Thanos and Jigsaw ransomware to 55-year-old doctor
The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals. [...] |
May 16, 2022
|
|
Apple emergency update fixes zero-day used to hack Macs, Watches
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...] |
May 16, 2022
|
|
Ukraine supporters in Germany targeted with PowerShell RAT malware
An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data. [...] |
May 16, 2022
|
|
CISA warns not to install May Windows updates on domain controllers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory (AD) authentication issues caused by the May 2022 updates that patch it. [...] |
May 16, 2022
|
|
Kali Linux 2022.2 released with 10 new tools, WSL improvements, and more
Offensive Security has released Kali Linux 2022.2, the second version in 2022, with desktop enhancements, a fun April Fools screensaver, WSL GUI improvements, terminal tweaks, and best of all, new tools to play with! [...] |
May 16, 2022
|
|
Sophos antivirus driver caused BSODs after Windows KB5013943 update
Sophos has released a fix for a known issue triggering blue screens of death (aka BSODs) on Windows 11 systems running Sophos Home antivirus software after installing the KB5013943 upda [...] |
May 16, 2022
|
|
Engineering firm Parker discloses data breach after ransomware attack
The Parker-Hannifin Corporation announced a data breach exposing employees' personal information after the Conti ransomware gang began publishing allegedly stolen data last month. [...] |
May 15, 2022
|
|
What's new and improved in Windows 11 22H2, coming soon
Windows 11 version 22H2 aka Sun Valley 2 is set to launch later this year. Unlike the original Windows 11 release, it won't be a massive update with radical design changes. Instead, Sun Valley 2 will be similar to Windows 10 Anniversary Update, so you can expect minor improvements and a few new features. [...] |
May 15, 2022
|
|
Hackers are exploiting critical bug in Zyxel firewalls and VPNs
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. [...] |
May 15, 2022
|
|
Fake Pixelmon NFT site infects you with password-stealing malware
A fake Pixelmon NFT site entices fans with free tokens and collectibles while infecting them with malware that steals their cryptocurrency wallets. [...] |
May 15, 2022
|
|
Windows admins frustrated by Quick Assist moving to Microsoft Store
Windows admins have been expressing their dismay at Microsoft's decision to move the Quick Assist remote assistance tool to the Microsoft Store. [...] |
May 14, 2022
|
|
Microsoft fixes new PetitPotam Windows NTLM Relay attack vector
A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. [...] |
May 14, 2022
|
|
Angry IT admin wipes employer’s databases, gets 7 years in prison
Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. [...] |
May 14, 2022
|
|
Crypto thief threatened to cut man's fingers 'one by one,' stole £34K
Online crypto scams and ponzi schemes leveraging social media platforms are hardly anything new. But, this gruesome case of a London-based crypto robber transcends the virtual realm and tells a shocking tale of real-life victims from whom the perpetrator successfully stole £34,000. [...] |
May 13, 2022
|
|
The Week in Ransomware - May 13th 2022 - A National Emergency
While ransomware attacks have slowed during Russia's invasion of Ukraine and the subsequent sanctions, the malware threat continues to affect organizations worldwide. [...] |
May 13, 2022
|
|
Italian CERT: Hacktivists hit govt sites in ‘Slow HTTP’ DDoS attacks
Italy's Computer Security Incident Response Team (CSIRT) has published an announcement about the recent DDoS attacks that key sites in the country suffered in the last couple of days. [...] |
May 13, 2022
|
|
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. [...] |
May 13, 2022
|
|
Fake Binance NFT Mystery Box bots steal victim's crypto wallets
A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories. [...] |
May 13, 2022
|
|
SonicWall ‘strongly urges’ admins to patch SSLVPN SMA1000 bugs
SonicWall "strongly urges" customers to patch several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances. [...] |
May 13, 2022
|
|
Google Chrome updates failing on Android devices in Russia
A growing number of Russian Chrome users on Android report getting errors when attempting to install the latest available update of the popular web browser. [...] |
May 12, 2022
|
|
Iranian hackers exposed in a highly targeted espionage campaign
Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools. [...] |
May 12, 2022
|
|
Ukrainian imprisoned for selling access to thousands of PCs
Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old from Ukraine, was sentenced today to 4 years in prison for stealing thousands of login credentials per week and selling them on a dark web marketplace. [...] |
May 12, 2022
|
|
Eternity malware kit offers stealer, miner, worm, ransomware tools
Threat actors have launched the 'Eternity Project,' a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted. [...] |
May 12, 2022
|
|
Zyxel silently fixes critical RCE vulnerability in firewall products
Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago. [...] |
May 12, 2022
|
|
BPFdoor: Stealthy Linux malware bypasses firewalls for remote access
A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. [...] |
May 12, 2022
|
|
NVIDIA has open-sourced its Linux GPU kernel drivers
NVIDIA has published the source code of its kernel modules for the R515 driver, using a dual licensing model that combines the GPL and MIT licenses, making the modules legally re-distributable. [...] |
May 12, 2022
|
|
Historic Hotel Stay, Complementary Emotet Exposure included
Historic Hotel of America serving up modern malware to their guests. Why securing your inbox with more than just anti-malware engines is needed to prevent cybercrime attacks. [...] |
May 12, 2022
|
|
Microsoft: May Windows updates cause AD authentication failures
Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. [...] |
May 11, 2022
|
|
Windows 11 to show suggested actions when copying data to the clipboard
Microsoft is testing a new 'Suggested Actions' feature in Windows 11 Dev builds where the operating system suggests actions you can take with data you copy into the clipboard. [...] |
May 11, 2022
|
|
Windows 11 KB5013943 update causes 0xc0000135 application errors
Windows 11 users are receiving 0xc0000135 errors when attempting to launch applications after installing the recent Windows 11 KB5013943 cumulative update. [...] |
May 11, 2022
|
|
US charges hacker for breaching brokerage accounts, securities fraud
The U.S. Department of Justice (DoJ) has charged Idris Dayo Mustapha for a range of cybercrime activities that took place between 2011 and 2018, resulting in financial losses estimated to over $5,000,000. [...] |
May 11, 2022
|
|
Microsoft: Windows 10 20H2 has reached end of service
Microsoft says multiple editions of Windows 10 20H2 and Windows 10 1909 have reached their end of service (EOS) on this month's Patch Tuesday, on May 10, 2022. [...] |
May 11, 2022
|
|
HP fixes bug letting attackers overwrite firmware in over 200 models
HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which might allow arbitrary code execution. [...] |
May 11, 2022
|
|
New stealthy Nerbian RAT malware spotted in ongoing attacks
A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers. [...] |
May 11, 2022
|
|
CISA tells federal agencies to fix actively exploited F5 BIG-IP bug
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices. [...] |
May 11, 2022
|
|
Our Medical Devices' Open Source Problem - What Are the Risks?
There is no doubt that open source powers our development processes, enabling software developers to build high quality, innovative products faster than ever before. But OSS also comes with its own set of risks that device manufacturers must address while leveraging its many advantages. [...] |
May 11, 2022
|
|
FBI, CISA, and NSA warn of hackers increasingly targeting MSPs
Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they're increasingly targeted by supply chain attacks. [...] |
May 11, 2022
|
|
Bitter cyberspies target South Asian govts with new malware
New activity has been observed from Bitter, an APT group focused on cyberespionage, targeting the government of Bangladesh with new malware with remote file execution capabilities. [...] |
May 11, 2022
|
|
Microsoft fixes Windows Direct3D issue behind app crashes
Microsoft has addressed aknown issue causingapps using Direct3D 9 to experience issues after installing April 2022 cumulative updates, including crashes and errors on systems using certainGPUs. [...] |
May 11, 2022
|
|
New IceApple exploit toolset deployed on Microsoft Exchange servers
Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography. [...] |
May 10, 2022
|
|
Critical F5 BIG-IP vulnerability targeted by destructive attacks
A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable. [...] |
May 10, 2022
|
|
UK cybersecurity center sent 33 million alerts to companies
The NCSC (National Cyber Security Centre) in the UK reports having served 33 million alerts to organizations signed up for its "Early Warning" service. Additionally, the government agency has dealt with a record number of online scams in 2021, removing more than 2.7 million from the internet. [...] |
May 10, 2022
|
|
Apple discontinues the revolutionary iPod music player
Apple has decided to pull the plug on the production of the iPod Touch (7th gen), discontinuing the revolutionary iOS-based music player introduced 15 years ago. [...] |
May 10, 2022
|
|
GitHub announces enhanced 2FA experience for npm accounts
Today, GitHub has launched a new public beta to notably improve the two-factor authentication (2FA) experience for all npm user accounts. [...] |
May 10, 2022
|
|
Microsoft fixes new NTLM relay zero-day in all Windows versions
Microsoft has addressed an actively exploitedWindows LSA spoofing zero-day that unauthenticated attackers can exploit remotely to force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol. [...] |
May 10, 2022
|
|
Windows 11 KB5013943 update fixes screen flickers and .NET app issues
Microsoft has released the Windows 11 KB5013943 cumulative update with security updates, improvements, and fixes for screen flickers in Safe Mode and a bug causing some NET 3.5 apps not to open. [...] |
May 10, 2022
|
|
Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws
Today is Microsoft's May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, withone actively exploited,and a total of 75 flaws. [...] |
May 10, 2022
|
|
Windows 10 KB5013942 and KB5013945 updates released
Microsoft has released Windows 10 KB5013945and KB5013942cumulative updates for versions 21H2, version 21H1, version 20H2, and 1909 to fix security vulnerabilities and resolve bugs. [...] |
May 10, 2022
|
|
FluBot Android malware targets Finland in new SMS campaigns
Finland's National Cyber Security Center (NCSC-FI) has issued a warning about the FluBotAndroid malware infections increasing due to a new campaign that relies on SMS and MMS for distribution. [...] |
May 10, 2022
|
|
UK govt releases free tool to check for email cybersecurity risks
The United Kingdom's National Cyber Security Centre (NCSC) today released a new email security check service to help organizations easily identify vulnerabilities that could allow attackers to spoof emails or can lead toemail privacy breaches. [...] |
May 10, 2022
|
|
German automakers targeted in year-long malware campaign
A years-long phishing campaign has targeted German companies in the automotive industry, attempting to infect their systems with password-stealing malware. [...] |
May 10, 2022
|
|
US, EU blame Russia for cyberattack on satellite modems in Ukraine
The European Union formally accused Russia of coordinating the cyberattack that hitsatellite Internet modems in Ukraine on February 24,roughly one hour before Russia invaded Ukraine. [...] |
May 9, 2022
|
|
Lincoln College to close after 157 years due ransomware attack
Lincoln College, aliberal-arts school fromrural Illinois, says it will close its doors later this month, 157 years since it was founded and following a hard hit on its finances after the COVID-19 pandemic and a recent ransomware attack. [...] |
May 9, 2022
|
|
Hackers display "blood is on your hands" on Russian TV, take down RuTube
Hackers continue to target Russia with cyberattacks, defacing Russian TV to show pro-Ukrainian messages and taking down the RuTube video streaming site. [...] |
May 9, 2022
|
|
Dell, Apple, Netflix face lawsuits for pulling services out of Russia
A Moscow Arbitration Court has reportedly seized almost $11million belonging to Dell LLCafter the company failed to provide paid-for services to a local system integrator. [...] |
May 9, 2022
|
|
Microsoft releases fixes for Azure flaw allowing RCE attacks
Microsoft has released security updates to address a security flaw affectingAzure Synapse and Azure Data Factory pipelines that could let attackersexecute remote commands acrossIntegration Runtime infrastructure. [...] |
May 9, 2022
|
|
Ukraine warns of "chemical attack" phishing pushing stealer malware
Ukraine'sComputer Emergency Response Team (CERT-UA) is warning of the mass distribution of Jester Stealer malware via phishing emails using warnings of impending chemical attacks to scare recipients into opening attachments. [...] |
May 9, 2022
|
|
Hackers exploiting critical F5 BIG-IP flaw to drop backdoors
Threat actors have started massively exploiting the critical vulnerability tracked as CVE-2022-1388, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads. [...] |
May 9, 2022
|
|
Hackers are now hiding malware in Windows Event Logs
Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. [...] |
May 9, 2022
|
|
Costa Rica declares national emergency after Conti ransomware attacks
The Costa Rican PresidentRodrigo Chaveshas declared a national emergency following cyber attacks from Conti ransomware group. BleepingComputer also observedContipublished most of the 672 GBdump that appears to contain data belonging tothe Costa Rican governmentagencies. [...] |
May 8, 2022
|
|
Check your gems: RubyGems fixes unauthorized package takeover bug
The RubyGemspackagerepository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packagesfrom the repository and republish their tainted or malicious versions with the same file names and version numbers. [...] |
May 8, 2022
|
|
Exploits created for critical F5 BIG-IP flaw, install patch immediately
Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. [...] |
May 8, 2022
|
|
Caramel credit card stealing service is growing in popularity
A credit card stealing service is growing in popularity, allowing any low-skilled threat actors an easy and automated way to get started in the world of financial fraud. [...] |
May 8, 2022
|
|
Google Play now blocks paid app downloads, updates in Russia
Google is now blocking Russian users and developersfrom downloading or updating paid applications from the Google Play Store dueto sanctions,starting Thursday. [...] |
May 7, 2022
|
|
Fake crypto giveaways steal millions using Elon Musk Ark Invest video
Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube. [...] |
May 7, 2022
|
|
UK sanctions Russian microprocessor makers, banning them from ARM
The UK government added 63 Russian entities to its sanction list on Wednesday. Among them are Baikal Electronics and MCST (Moscow Center of SPARC Technologies), the two most important chip makers in Russia. [...] |
May 7, 2022
|
|
Trend Micro antivirus modified Windows registry by mistake - How to fix
Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that causedMicrosoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified. [...] |
May 7, 2022
|
|
US offers $15 million reward for info on the Conti ransomware gang
The US Department of State is offering up to $15 million for information that helps identify and locate leadership and co-conspirators of the infamous Conti ransomware gang. [...] |
May 6, 2022
|
|
The Week in Ransomware - May 6th 2022 - An evolving landscape
Ransomware operations continue to evolve, with new groups appearing and others quietly shutting down their operations or rebranding as new groups. [...] |
May 6, 2022
|
|
Xbox is down worldwide with users unable to play games
Microsoft says theXbox Live services are currently down in a major outage, impacting customers worldwide and preventing them from launching or buying games. [...] |
May 6, 2022
|
|
Ferrari subdomain hijacked to push fake Ferrari NFT collection
One of Ferrari's subdomains was hijacked yesterday to host a scam promoting fake Ferrari NFT collection,according to researchers. The Ethereum wallet associated with the cryptocurrencyscam appears to have collected a fewhundred dollars before the hacked subdomain was shut down. [...] |
May 6, 2022
|
|
US agricultural machinery maker AGCO hit by ransomware attack
AGCO, a leading US-based agricultural machinery producer, has announced it was hit by a ransomware attack impacting some of its production facilities. [...] |
May 6, 2022
|
|
QNAP fixes critical QVR remote command execution vulnerability
QNAP has released several security advisories today to alert its customers about various fixes for flaws affecting its products. The one that stands out is a critical RCE (remote code execution) in QVR. [...] |
May 6, 2022
|
|
US sanctions Bitcoin laundering service used by North Korean hackers
The US Department of Treasury today sanctionedcryptocurrencymixer Blender.io used last month by the North Korean-backed Lazarus hacking group to launder funds stolen fromAxie Infinity's Ronin bridge. [...] |
May 6, 2022
|
|
NVIDIA fined for failure to disclose cryptomining sales boost
The U.S. Securities and Exchange Commission (SEC) announced Friday that it settledcharges against multinational tech firm NVIDIA for "inadequate disclosures" ofcryptomining's impact on its gaming business. [...] |
May 6, 2022
|
|
SheetJS ditches npm registry over 2FA requirement and 'legal matters'
In a surprising move, the popular open source project, SheetJS aka "xlsx,"has dropped support for the npm registry. Downloaded about 1.4 million times every week on npm, SheetJS is relied upon by NodeJS developers looking to craft and parse Excel spreadsheets using nothing but JavaScript. [...] |
May 6, 2022
|
|
Google Docs crashes on seeing "And. And. And. And. And."
A bug in Google Docs is causing it to crash when a series of words are typed into a document opened with the online word processor. BleepingComputer was able to reproduce the issue last night and reached out to Google. [...] |
May 5, 2022
|
|
New Raspberry Robin worm uses Windows Installer to drop malware
Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives. [...] |
May 5, 2022
|
|
White House: Prepare for cryptography-cracking quantum computers
President Joe Biden signed a national security memorandum (NSM) on Thursday asking government agencies to implement a set of measures that wouldmitigate risks posed by quantum computers to US national cyber security. [...] |
May 5, 2022
|
|
Ukraine's IT Army is disrupting Russia's alcohol distribution
Hacktivists operating on the side of Ukraine have focused their DDoS attacks on a portal that is considered crucial for the distribution of alcoholic beverages in Russia. [...] |
May 5, 2022
|
|
NIST updates guidance for defending against supply-chain attacks
The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks. [...] |
May 5, 2022
|
|
FTC to force ISP to deploy fiber for 60K users to match speed claims
The Federal Trade Commission (FTC) today proposed an order requiring Connecticut-based internet service provider Frontier Communications to stop "lying" to its customers and support its high-speed internet claims. [...] |
May 5, 2022
|
|
Microsoft, Apple, and Google to support FIDO passwordless logins
Microsoft, Apple, and Google announced today plans to support a common passwordless sign-in standard(known as passkeys) developed by theWorld Wide Web Consortium(W3C) and the FIDO Alliance. [...] |
May 5, 2022
|
|
Google fixes actively exploited Android kernel vulnerability
Google has released the second part of the May security patch for Android, including a fix for an actively exploited Linux kernel vulnerability. [...] |
May 5, 2022
|
|
New NetDooka malware spreads via poisoned search results
A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device. [...] |
May 5, 2022
|
|
Tor project upgrades network speed performance with new system
The Tor Project has published details about a newly introduced system called Congestion Control that promises to eliminate speed limits on the network. [...] |
May 5, 2022
|
|
Heroku admits that customer credentials were stolen in cyberattack
Heroku has now revealed that the stolenGitHub integration OAuth tokens from last monthfurther led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledgedthe same compromised token was used by attackers toexfiltratecustomers'hashed and salted passwords from "a database." [...] |
May 4, 2022
|
|
F5 warns of critical BIG-IP RCE bug allowing device takeover
F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. [...] |
May 4, 2022
|
|
Cisco fixes NFVIS bugs that help gain root and hijack hosts
Cisco has addressed several security flaws found in theEnterprise NFV Infrastructure Software (NFVIS), a solution that helpsvirtualize network services for easier management of virtual network functions (VNFs). [...] |
May 4, 2022
|
|
Pixiv, DeviantArt artists hit by NFT job offers pushing malware
Users on Pixiv, DeviantArt, and other creator-oriented online platforms report receiving multiple messages from people claiming to be from the "Cyberpunk Ape Executives" NFT project, with the main goal to infect artists' devices with information-stealing malware. [...] |
May 4, 2022
|
|
Attackers hijack UK NHS email accounts to steal Microsoft logins
For about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. [...] |
May 4, 2022
|
|
Heroku forces user password resets but fails to explain why
Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month's security incident while providing no information as to why they are doing so other than vaguely mentioning it is to further secure accounts. [...] |
May 4, 2022
|
|
FBI says business email compromise is a $43 billion scam
The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. [...] |
May 4, 2022
|
|
Hackers stole data undetected from US, European orgs since 2019
Cybersecurity analysts have exposed a lengthy operation attributed to the group of Chinese hackers known as "Winnti" and tracked as APT41, which focused on stealing intellectual property assets like patents, copyrights, trademarks, and other types of valuable data. [...] |
May 4, 2022
|
|
GitHub to require 2FA from active developers by the end of 2023
GitHub announced today that all users who contribute code on its platform (an estimated 83 milliondevelopers in total) will be required to enable two-factor authentication (2FA) on their accounts by the end of 2023. [...] |
May 4, 2022
|
|
Microsoft: Windows 11 KB5012643 update will break some apps
Microsoft has warned Windows 11 users that they might experienceissues launching and using some .NET Framework 3.5applications. [...] |
May 4, 2022
|
|
Using PowerShell to manage password resets in Windows domains
With breaches running rampant, it's common to force password resets on your Windows domain. This article shows how admins can use PowerShell to manage password resets and introduce software that makes it even easier. [...] |
May 4, 2022
|
|
Pro-Ukraine hackers use Docker images to DDoS Russian sites
Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS)attacks against a dozenRussian and Belarusianwebsites managed bygovernment, military, and news organizations. [...] |
May 4, 2022
|
|
Mitsubishi Electric faked safety and quality control tests for decades
Mitsubishi Electric, one of the world's leading providers of large-scale electrical and HVAC systems has admitted to fraudulently conducting quality assurance tests on its transformers—for decades. [...] |
May 4, 2022
|
|
Microsoft warns Exchange Online basic auth will be disabled
Microsoft warned customers today that it will start disabling Basic Authentication in random tenants worldwide on October 1, 2022. [...] |
May 3, 2022
|
|
New ransomware strains linked to North Korean govt hackers
Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide. [...] |
May 3, 2022
|
|
Conti, REvil, LockBit ransomware bugs exploited to block encryption
Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today. [...] |
May 3, 2022
|
|
New phishing warns: Your verified Twitter account may be at risk
Phishing emails increasingly target verified Twitter accounts with emails designed to steal their account credentials, as shown by numerous ongoing campaigns conducted by threat actors. [...] |
May 3, 2022
|
|
SEC ramps up fight on cryptocurrency fraud by doubling cyber unit
The USSecurities and Exchange Commission (SEC) announced today that it will almost double theCrypto Assets and Cyber Unit to ramp up the fight against cryptocurrency fraud to protect investors from "cyber-related threats." [...] |
May 3, 2022
|
|
Google: Chinese state hackers keep targeting Russian govt agencies
Google said today that a Chinese-sponsored hacking group linked to China'sPeople's Liberation Army Strategic Support Force (PLA SSF) is targeting Russian government agencies. [...] |
May 3, 2022
|
|
Microsoft PowerShell lets you track Windows Registry changes
A handy tip was shared online this week, showing how you can use PowerShell to monitor changes to the Windows Registry over time. [...] |
May 3, 2022
|
|
Unpatched DNS bug affects millions of routers and IoT devices
A vulnerability in the domain name system (DNS) componentof apopular C standard library that ispresent in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. [...] |
May 3, 2022
|
|
Aruba and Avaya network switches are vulnerable to RCE attacks
Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices. [...] |
May 2, 2022
|
|
Chinese cyber-espionage group Moshen Dragon targets Asian telcos
Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia. [...] |
May 2, 2022
|
|
New PyScript project lets you run Python programs in the browser
The project was announced this weekend at PyCon US 2022 and acts as a wrapper around thePyodideproject, which loads the CPython interpreter as a WebAssembly browser module. [...] |
May 2, 2022
|
|
Microsoft Defender for Business stand-alone now generally available
Microsoft saysthat itsenterprise-grade endpoint security for small to medium-sized businesses is now generally available. [...] |
May 2, 2022
|
|
Google SMTP relay service abused for sending phishing emails
Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users. [...] |
May 2, 2022
|
|
Cyberspies breach networks via IP cameras to steal Exchange emails
A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions. [...] |
May 2, 2022
|
|
Car rental giant Sixt facing disruptions due to a cyberattack
Car rental giant Sixt was hit by a weekend cyberattack causing business disruptions at customer care centers and select branch [...] |
May 2, 2022
|
|
Microsoft fixes Windows 11 bug causing flickers in safe mode
Microsoft has addressed a newly acknowledged known issue that caused flickering screen problems and made some Windows apps (e.g., File Explorer, Start Menu, and Taskbar) seem unstable in Safe Mode without Networking. [...] |
May 2, 2022
|
|
U.S. DoD tricked into paying $23.5 million to phishing actor
The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD). [...] |
May 1, 2022
|
|
REvil ransomware returns: New malware sample confirms gang is back
The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks. [...] |
May 1, 2022
|
|
Open source 'Package Analysis' tool finds malicious npm, PyPI packages
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious attacks on open source registries. the open source tool released on GitHub was able to identify over 200 malicious npm and PyPI packages. [...] |
May 1, 2022
|
|
Russian hackers compromise embassy emails to target governments
Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 (Cozy Bear or Nobelium)targeting diplomats and government entities. [...] |
May 1, 2022
|
|
A YouTuber is promoting DDoS attacks on Russia — how legal is this?
A YouTube influencer with hundreds of thousands of subscribers is encouraging everyone to conduct cyber warfare against Russia. How risky is it and can you get in trouble? [...] |
May 1, 2022
|
|
Google fights doxxing with updated personal info removal policy
Google has expanded its policies to allow doxxing victims to remove more of their personally identifiable information (PII) from search engine results starting earlier this week. [...] |
April 30, 2022
|
|
Fake Windows 10 updates infect you with Magniber ransomware
Fake Windows 10 updates on crack sites are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month. [...] |
April 30, 2022
|
|
Atlassian doubles the number of orgs affected by two week outage
Atlassian says that this month'stwo-week-long cloud outagehas impacted almost double the number of customers it initially estimated after learning of the incident. [...] |
April 29, 2022
|
|
The Week in Ransomware - April 29th 2022 - New operations emerge
This week we have discovered numerous new ransomware operations that have begun operating, with one appearing to be a rebrandof previous operations. [...] |
April 29, 2022
|
|
Windows 11 gets new group policies to tweak the Start Menu
Microsoft has released a new Windows 11 build to the Dev and Beta Channels that introduces multiple group policies that IT administrators can use to tweak the Start menu, the taskbar, and the system tray. [...] |
April 29, 2022
|
|
Online library app Onleihe faces issues after cyberattack on provider
Library lending app Onleiheannounced problems lending several media formats offered on the platform, like audio, video, and e-book files, after a cyberattack targeted their vendor. [...] |
April 29, 2022
|
|
Google gives 50% bonus to Android 13 Beta bug bounty hunters
Google has announced that all security researchers whoreport Android 13 Beta vulnerabilitiesthrough its Vulnerability Rewards Program(VRP)will get a 50% bonus on top of the standard reward until May 26th, 2022. [...] |
April 29, 2022
|
|
India to require cybersecurity incident reporting within six hours
The Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-INwithin six hours, even if those incidents are port or vulnerability scans of computer systems. [...] |
April 29, 2022
|
|
Russian hacktivists launch DDoS attacks on Romanian govt sites
The Romanian national cyber security and incident response team, DNSC, has issued a statement about a series of distributed denial-of-service (DDoS) attacks targeting several public websites managed by the state entities. [...] |
April 28, 2022
|
|
Hands on with Microsoft Edge's new built-in VPN feature
Edge's Secure Network is powered by Cloudflare - one of the most trusted DNS hosts in the industry - and it aims to protect your device and sensitive data as you browse. The featureis in the early stage of development available to select users in Edge Canaryand it's not a full-fledged VPN service offered in browsers like Opera. [...] |
April 28, 2022
|
|
WhatsApp is currently down with users reporting connection issues
WhatsApp is down according to user reports mentioning issues connecting to the messaging platform and the inability to send messages although still connected. [...] |
April 28, 2022
|
|
EmoCheck now detects new 64-bit versions of Emotet malware
The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. [...] |
April 28, 2022
|
|
Synology warns of critical Netatalk bugs in multiple products
Synology has warned customersthat some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities. [...] |
April 28, 2022
|
|
Microsoft fixes ExtraReplica Azure bugs that exposed user databases
Microsoft has addressed a chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious usersescalate privileges and gain access to other customers' databases after bypassing authentication. [...] |
April 28, 2022
|
|
Medical software firm fined 1.5M for leaking data of 490k patients
The French data protection authority (CNIL) fined medical software vendor Dedalus Biology with EUR 1.5 millionforviolating three articles of the GDPR (General Data Protection Regulation). [...] |
April 28, 2022
|
|
Ukraine targeted by DDoS attacks from compromised WordPress sites
Ukraine's computer emergency response team (CERT-UA) has published an announcement warning of ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal. [...] |
April 28, 2022
|
|
How to Attack Your Own Company's Service Desk to spot risks
Specops Secure Service Desk is an excellent tool for keeping a help desk safe from social engineering attacks. Although Specops Secure Service Desk offers numerous features, there are three capabilities that are especially useful for thwarting social engineering attacks. [...] |
April 28, 2022
|
|
New Bumblebee malware takes over BazarLoader's ransomware delivery
A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. [...] |
April 28, 2022
|
|
NPM flaw let attackers add anyone as maintainer to malicious packages
A logical flaw in the npm registry, dubbed 'package planting' let authors of malicious packagesquietly add anyone and any number of users as 'maintainers' to their packages in an attempt to boostthe trust in their package. [...] |
April 28, 2022
|
|
Ransom payment is roughly 15% of the total cost of ransomware attacks
Researchers analyzing the collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by the threat actors. [...] |
April 28, 2022
|
|
Austin Peay State University resumes after ransomware cyber attack
Austin Peay State University (APSU) confirmed yesterday that it had been a victim of a ransomware attack. The university, located in Clarksville, Tennesseeadvised students, staff, and facultyto disconnect their computers and devices from the university network immediatelyas a precaution. [...] |
April 27, 2022
|
|
PSA: Onyx ransomware destroys large files instead of encrypting them
A new Onyx ransomware operation is destroying large files instead of encrypting them, preventing those files from being decrypted even if a ransom is paid. [...] |
April 27, 2022
|
|
New Black Basta ransomware springs into action with a dozen breaches
A new ransomware gang known as Black Basta has quickly catapulted into operation this month, claiming to have breached over twelve companies in just a few weeks. [...] |
April 27, 2022
|
|
GitHub: How stolen OAuth tokens helped breach dozens of orgs
GitHub has shared a timeline of this month'ssecurity breach when a threat actor gained access to and stole private repositoriesbelonging to dozens of organizations. [...] |
April 27, 2022
|
|
QNAP warns users to disable AFP until it fixes critical bugs
Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities. [...] |
April 27, 2022
|
|
Microsoft says Russia hit Ukraine with hundreds of cyberattacks
Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian hacking groups targeting the country's infrastructure and Ukrainian citizens. [...] |
April 27, 2022
|
|
Russian govt impersonators target telcos in phishing attacks
A previously unknown andfinancially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries. [...] |
April 27, 2022
|
|
Cybersecurity agencies reveal top exploited vulnerabilities of 2021
In partnership with the NSA and the FBI, cybersecurity authorities worldwide have released today a list of the top 15 vulnerabilities routinely exploited by threat actors during 2021. [...] |
April 27, 2022
|
|
RIG Exploit Kit drops RedLine malware via Internet Explorer bug
Threat analysts have uncovered yet another large-scale campaign delivering the RedLine stealer malware onto worldwide targets. [...] |
April 27, 2022
|
|
Chinese state-backed hackers now target Russian state officers
Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyteand Bronze President). [...] |
April 27, 2022
|
|
Number of publicly exposed database instances hits new record
Security researchers have noticed an increase in the number of databases publicly exposed to the Internet, with308,000 identified in 2021. The growth continued quarter over quarter, peaking in the first months of this year. [...] |
April 27, 2022
|
|
New Nimbuspwn Linux vulnerability gives hackers root privileges
A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware. [...] |
April 26, 2022
|
|
US offers $10 million reward for tips on Russian Sandworm hackers
The U.S. is offering up to $10 million to identify or locate six Russian GRU hackers who are part of the notorious Sandworm hacking group. [...] |
April 26, 2022
|
|
Emotet malware now installs via PowerShell in Windows shortcut files
The Emotet botnet is now using Windows shortcut files (.LNK) containing PowerShell commands to infect victims computers, moving away from Microsoft Office macros that are now disabled by default. [...] |
April 26, 2022
|
|
American Dental Association hit by cyberattack, operations disrupted
The American Dental Association (ADA) was hit by a weekend cyberattack causing them to shut down portions of their network while investigating the attack. [...] |
April 26, 2022
|
|
Coca-Cola investigates hackers' claims of breach and data theft
Coca-Cola, the world's largest soft drinks maker, has confirmed in a statement to BleepingComputer that it is aware of the reports about a cyberattack on its network and is currently investigating the claims. [...] |
April 26, 2022
|
|
Google Play Store now forces apps to disclose what data is collected
Google is rolling out a new Data Safety section on the Play Store, Android's official app repository, where developers must declare what data their software collects from users of their apps. [...] |
April 26, 2022
|
|
Public interest in Log4Shell fades but attack surface remains
It's been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is still way behind. [...] |
April 26, 2022
|
|
David Colombo on Tesla Hacks and Growing into Hacking
Cybellum interviewed David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to Our Own Devices. Not yet 20 years old, the prolific cyber researcher already has to his credit the exposure of numerous critical vulnerabilities, including the honor of hacking his way into Tesla vehicles. [...] |
April 26, 2022
|
|
Hackers exploit critical VMware RCE flaw to install backdoors
Advanced hackers are actively exploiting a critical remote code execution (RCE) vulnerability,CVE-2022-22954, that affects in VMware Workspace ONE Access (formerly called VMware Identity Manager). [...] |
April 25, 2022
|
|
Windows 10 KB5011831 update released with 26 bug fixes, improvements
Microsoft has released the optional KB5011831 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that fixes 26 bugs. [...] |
April 25, 2022
|
|
CISA adds 7 vulnerabilities to list of bugs exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added sevenvulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. [...] |
April 25, 2022
|
|
Emotet malware infects users again after fixing broken installer
The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments. [...] |
April 25, 2022
|
|
North Korean hackers targeting journalists with novel malware
North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain. [...] |
April 25, 2022
|
|
French hospital group disconnects Internet after hackers steal data
The GHT Coeur Grand Est. Hospitals and Health Care group comprising nine establishments with 3,370 beds across Northeast France has disclosed a cyberattack that resulted in the theft of sensitive administrative and patient data. [...] |
April 25, 2022
|
|
New powerful Prynt Stealer malware sells for just $100 per month
Threat analysts have spotted yet another addition to the growing space of info-stealer malware infections, named Prynt Stealer, which offers powerful capabilities and extra keylogger and clipper modules. [...] |
April 25, 2022
|
|
Quantum ransomware seen deployed in rapid network attacks
The Quantum ransomware, a strain first discovered in August 2021, were seen carrying out speedy attacks that escalate quickly, leaving defenders little time to react. [...] |
April 24, 2022
|
|
Enable Windows 11's God Mode to access all settings in one screen
The settings app has been significantly improved, but several Control Panel features are still missing. Thankfully, Windows 11 still comes with the Control Panel and File Explorer-basedadvanced configuration page called "God Mode" that allows you to easily access all advanced tools, features, and tasks. [...] |
April 23, 2022
|
|
Animated QR codes: how do they work, and how to create your own?
Is there such a thing as animated QR codes? And could they work?Even those whomay not knowhowexactly QR codes work have pretty much been exposed to them by now. [...] |
April 22, 2022
|
|
'Hack DHS' bug hunters find 122 security flaws in DHS systems
The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. [...] |
April 22, 2022
|
|
Russian hackers are seeking alternative money-laundering options
The Russian cybercrime community, one of the most active and prolific in the world, is turning to alternative money-launderingmethods due to sanctions on Russia and law enforcement actions against dark web markets. [...] |
April 22, 2022
|
|
US govt grants academics $12M to develop cyberattack defense tools
The USDepartment of Energy (DOE) has announced that it will provide $12 million in funding tosix university teams to developdefense and mitigation tools to protect US energy delivery systems from cyberattacks. [...] |
April 22, 2022
|
|
T-Mobile confirms Lapsus$ hackers breached internal systems
T-Mobile has confirmed that the Lapsus$ extortion gang breached its network "several weeks ago"using stolen credentials and gained access to internal systems. [...] |
April 22, 2022
|
|
Chinese hackers behind most zero-day exploits during 2021
Threat analysts report that zero-day vulnerability exploitation is on the rise with Chinese hackers using most of them in attacks last year. [...] |
April 22, 2022
|
|
Atlassian fixes critical Jira authentication bypass vulnerability
Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company'sweb application security framework. [...] |
April 22, 2022
|
|
Ubuntu 22.04 LTS released with performance and security improvements
Canonical has announced the general availability of version 22.04 of the Ubuntu Linux distribution, codenamed 'Jammy Jellyfish', which brings betterhardware support and an improved security baseline. [...] |
April 22, 2022
|
|
Windows 10 KB5012636 cumulative update fixes freezing issues
Microsoft has released the optional KB5012636 cumulative update preview for Windows 10 1809 and Windows Server 2019, with fixes for system freezing issues affecting client and server systems. [...] |
April 21, 2022
|
|
Docker servers hacked in ongoing cryptomining malware campaign
Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet. [...] |
April 21, 2022
|
|
Hackers earn $400K for zero-day ICS exploits demoed at Pwn2Own
Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21. [...] |
April 21, 2022
|
|
QNAP asks users to mitigate critical Apache HTTP Server bugs
QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices. [...] |
April 21, 2022
|
|
U.S. Treasury sanctions Russian cryptocurrency mining companies
The U.S. Department of the Treasury has announced a new package of sanctions targeting parties that facilitate evasion of previous measures imposed on Russia. [...] |
April 21, 2022
|
|
Critical bug in Android could allow access to users' media files
Security analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec (ALAC). [...] |
April 21, 2022
|
|
GitHub restores popular Python repo hit by bogus DMCA takedown
Yesterday, following a DMCA complaint, GitHub took down a repository that hosts theofficial SymPy project documentation website. It turns out the DMCA notice filed by HackerRank's representatives was sent out in error and generated much backlash from the open source community.The DMCA notice has since been rescinded. [...] |
April 21, 2022
|
|
Binance tells Russian users with over 10k to withdraw everything
Binance has announced some significant changes in its services for Russia-based users, which mark the company's effort toalign with European Union's fifth wave of sanctions against Russia. [...] |
April 21, 2022
|
|
Cisco Umbrella default SSH key allows theft of admin credentials
Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely. [...] |
April 21, 2022
|
|
FBI: BlackCat ransomware breached at least 60 entities worldwide
The Federal Bureau of Investigation (FBI) saysthe Black Cat ransomware gang, also known as ALPHV,has breached the networks of at least 60 organizations worldwide, between November 2021 and March 2022. [...] |
April 20, 2022
|
|
REvil's TOR sites come alive to redirect to new ransomware operation
REvil ransomware's servers in the TOR network are back up after months of inactivity and redirect to a new operation that appears to have started since at least mid-December last year. [...] |
April 20, 2022
|
|
Microsoft Exchange servers hacked to deploy Hive ransomware
A Hive ransomware affiliatehas been targeting Microsoft Exchange servers vulnerable to ProxyShellsecurity issues to deploy various backdoors, including Cobalt Strike beacon. [...] |
April 20, 2022
|
|
FBI warns of ransomware attacks targeting US agriculture sector
The US Federal Bureau of Investigation (FBI) warned Food and Agriculture (FA) sector organizations today of an increased riskthat ransomware gangs "may be more likely" to attackthem during the harvest and planting seasons. [...] |
April 20, 2022
|
|
US and allies warn of Russian hacking threat to critical infrastructure
Today, Five Eyes cybersecurity authorities warned critical infrastructure network defenders of an increased risk that Russia-backed hacking groups could target organizations within and outside Ukraine's borders. [...] |
April 20, 2022
|
|
Okta: Lapsus$ breach lasted only 25 minutes, hit 2 customers
Identity and access management firm Okta says an investigation into the January Lapsus$ breach concluded the incident's impact was significantly smaller than expected. [...] |
April 20, 2022
|
|
Microsoft Defender flags Google Chrome updates as suspicious
Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due toa false positive issue. [...] |
April 20, 2022
|
|
Brave adds Discussions to enrich its search results
Brave, the maker of the homonymous web browser,has announced a new feature called Discussions thataddsconversations from online forums to its privacy-focused search engine. [...] |
April 20, 2022
|
|
Russian state hackers hit Ukraine with new malware variants
Threat analysts report the activity of the Russian state-sponsored threat group known as Gamaredon (Armageddon, Shuckworm), is still notably active in Ukrainian computer networks. [...] |
April 20, 2022
|
|
Amazon Web Services fixes container escape in Log4Shell hotfix
Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4jlogging libraryor containers. [...] |
April 19, 2022
|
|
CISA warns of attackers now exploiting Windows Print Spooler bug
The Cybersecurity and Infrastructure Security Agency (CISA) has addedthreenew security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler. [...] |
April 19, 2022
|
|
Emotet botnet switches to 64-bit modules, increases activity
The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines. [...] |
April 19, 2022
|
|
QNAP urges customers to disable UPnP port forwarding on routers
Taiwanese hardware vendor QNAPurged customers on Monday to disableUniversal Plug and Play (UPnP) port forwarding on their routers to prevent exposing their network-attached storage (NAS) devicesto attacks from the Internet. [...] |
April 19, 2022
|
|
Microsoft disables SMB1 by default for Windows 11 Home Insiders
Microsoft announced today that the 30-year-old SMBv1 file-sharing protocol is now disabled by default on Windows systems running the latest Windows 11 Home Dev channel builds, the last editions of Windows or Windows Server that still came with SMBv1 enabled. [...] |
April 19, 2022
|
|
Real-time voice concealment algorithm blocks microphone spying
Columbia University researchers have developed a novel algorithm that can block rogue audio eavesdropping via microphones in smartphones, voice assistants, and IoTs in general. [...] |
April 19, 2022
|
|
GitHub notifies owners of private repos stolen using OAuth tokens
GitHubsays it notified all organizations believed to have had data stolen from their private repositories by attackers abusing compromised OAuth user tokensissued to Heroku and Travis-CI. [...] |
April 19, 2022
|
|
How to protect your ADFS from password spraying attacks
Microsoft recommends a multi-tiered approach for securing your ADFS environment from password attacks. Learn how Specops can fill in the gaps to add further protection against password sprays and other password attacks. [...] |
April 19, 2022
|
|
New stealthy BotenaGo malware variant targets DVR devices
Threat analysts have spotted a new variant of the BotenaGo botnet malware, and it's the stealthiest seen so far, running undetected by any anti-virus engine. [...] |
April 19, 2022
|
|
Lenovo UEFI firmware driver bugs affect over 100 laptop models
Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its laptop models. [...] |
April 19, 2022
|
|
LinkedIn brand takes lead as most impersonated in phishing attacks
Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for more than 52% of all such incidents at a global level. [...] |
April 18, 2022
|
|
US warns of Lazarus hackers using malicious cryptocurrency apps
CISA, the FBI, and the US Treasury Department warned today that the North Korean Lazarus hacking group is targeting organizations in the cryptocurrency and blockchain industrieswith trojanized cryptocurrency applications. [...] |
April 18, 2022
|
|
Free decryptor released for Yanluowang ransomware victims
Kaspersky today revealed it found a vulnerability in Yanluowang ransomware's encryption algorithm, which makes it possible to recover files it encrypts. [...] |
April 18, 2022
|
|
Newly found zero-click iPhone exploit used in NSO spyware attacks
Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on devices belonging to Catalan politicians, journalists, and activists. [...] |
April 18, 2022
|
|
Hackers steal $655K after picking MetaMask seed from iCloud backup
MetaMask has publisheda warning for their iOS users about the seeds of cryptocurrency wallets being storedin Apple's iCloud if app data backup is active. [...] |
April 18, 2022
|
|
Unofficial Windows 11 upgrade installs info-stealing malware
Hackers are luring unsuspecting users with a fake Windows 11 upgrade that comes with malware that steals browser data and cryptocurrency wallets. [...] |
April 18, 2022
|
|
Windows 10 21H2 now in broad deployment, available to everyone
Microsoft says Windows 10, version 21H2 (aka the November 2021 Update) is now designated for broad deployment, making it available to everyone via Windows Update. [...] |
April 18, 2022
|
|
Beanstalk DeFi platform loses $182 million in flash-load attack
The decentralized, credit-basedfinance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of$182 million, the attacker stealing $80 million in crypto assets. [...] |
April 17, 2022
|
|
Customize Windows 11 experience with these apps
Windows 11 is now available with a long list of limitations and missing features. The big feature update is currently available for download as an optional update and if you've already upgraded to the new operating system, you can try the third-party programs highlighted below. [...] |
April 17, 2022
|
|
Microsoft: Office 2013 will reach end of support in April 2023
Microsoft has reminded customers this week thatMicrosoft Office 2013 is approaching its end of support next year, advising to switch to a newer version toreduce their exposureto security risks. [...] |
April 16, 2022
|
|
New Industrial Spy stolen data market promoted through cracks, adware
Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, promoting the site through adware and software cracks. [...] |
April 16, 2022
|
|
GitHub suspends accounts of Russian devs at sanctioned companies
Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under US sanctions. [...] |
April 15, 2022
|
|
GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
GitHub revealed today that an attacker is using stolen OAuth user tokens (issued toHeroku and Travis-CI) to download data from private repositories. [...] |
April 15, 2022
|
|
The Week in Ransomware - April 15th 2022 - Encrypting Russia
While countries worldwide have been the frequent target of ransomware attacks, Russia and CIS countries have been avoided by threat actors. The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities. [...] |
April 15, 2022
|
|
T-Mobile customers warned of unblockable SMS phishing attacks
An ongoing phishing campaign targets T-Mobile customers with malicious links using unblockable texts sent via SMS (Short Message Service) group messages. [...] |
April 15, 2022
|
|
Cisco vulnerability lets hackers craft their own login credentials
Cisco has released a security advisory to warn about a critical vulnerability (CVSS v3 score: 10.0), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) software. [...] |
April 15, 2022
|
|
CISA orders agencies to fix actively exploited VMware, Chrome bugs
The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution. [...] |
April 15, 2022
|
|
Cryptocurrency DeFi platforms are now more targeted than ever
Hackers are increasingly targeting DeFi (Decentralized Finance) cryptocurrency platforms, with Q1 2022 data showing that more platforms are being targeted than ever before. [...] |
April 15, 2022
|
|
'Mute' button in conferencing apps may not actually mute your mic
A new study shows that pressing the mute button on popular video conferencing apps (VCA) may not actually work like you think it should, with apps still listening in on your microphone. [...] |
April 15, 2022
|
|
Karakurt revealed as data extortion arm of Conti cybercrime syndicate
After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortiongroup, showing that the two gangs are part of the same operation. [...] |
April 14, 2022
|
|
Wind turbine firm Nordex hit by Conti ransomware attack
The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month. [...] |
April 14, 2022
|
|
Critical Windows RPC CVE-2022-26809 flaw raises concerns - Patch now
Microsoft has fixed a new Windows RPC CVE-2022-26809 vulnerability that is raising concerns among security researchers due to its potential for widespread, significant cyberattacks once an exploit is developed. Therefore, all organization needs to apply Windows security updates as soon as possible. [...] |
April 14, 2022
|
|
FBI: Payment app users targeted in social engineering attacks
Cybercriminals are attempting to trick American users ofdigital payment apps into making instant money transfers in social engineering attacks using text messages with fakebank fraud alerts. [...] |
April 14, 2022
|
|
Google Chrome emergency update fixes zero-day used in attacks
Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks. [...] |
April 14, 2022
|
|
Windows 11 tool to add Google Play secretly installed malware
A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts, Chrome extensions, and potentially other malware. [...] |
April 14, 2022
|
|
Microsoft increases awards for high-impact Microsoft 365 bugs
Microsoft has increased the maximum awards for high-impact security flaws reported through the Microsoft 365 and the Dynamics 365 / Power Platform bug bounty programs. [...] |
April 14, 2022
|
|
New ZingoStealer infostealer drops more malware, cryptominers
A new information-stealing malware called ZingoStealer has been discovered with powerful data-stealing features and the ability to load additional payloads or mine Monero. [...] |
April 14, 2022
|
|
FBI links largest crypto hack ever to Lazarus state hackers
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the address that received the cryptocurrency stolen inthe largest cryptocurrency hack ever, thehack of Axie Infinity's Ronin network bridge. [...] |
April 14, 2022
|
|
Atlassian finally explains the cause of ongoing cloud outage
Atlassian has finally revealed the exact cause of an ongoing cloud services outage the company estimates could impact some of its customers for up to two more weeks. [...] |
April 14, 2022
|
|
Hackers target Ukrainian govt with IcedID malware, Zimbra exploits
Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware. [...] |
April 14, 2022
|
|
Hetzner lost customer data and gave 20 as compensation
Hetzner Online GmbH, a German cloud services provider, told some customers this week that their data had been irreversibly lost and were provided a 20€ compensation in online credit. [...] |
April 14, 2022
|
|
The top 10 password attacks and how to stop them
To better understand how to protect passwords in your environment from attacks, let's look at the top 10 password attacks and see what your organization can do to prevent them. [...] |
April 14, 2022
|
|
Instagram beyond pics: Sexual harassers, crypto crooks, ID thieves
A platform for everyoneto seamlessly share their best moments online, Instagram is slowly turning into a mecca for the undesirables—from sexual harassers to crypto "investors" helping you "get rich fast." How do you keep yourself safe against such profiles? [...] |
April 14, 2022
|
|
Flaw in Rarible NFT market allowed tricky crypto asset transfers
A security flaw in the Rarible NFT (non-fungible token) marketplace allowed threat actors to use a relatively simple attack vector to steal digital assets from the target's accounts and transfer them directly to their wallets. [...] |
April 14, 2022
|
|
OldGremlin ransomware deploys new malware on Russian mining org
OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year. [...] |
April 13, 2022
|
|
CISA warns orgs to patch actively exploited Windows LPE bug
The Cybersecurity and Infrastructure Security Agency (CISA) has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severitylocal privilege escalation bug in theWindows Common Log File System Driver. [...] |
April 13, 2022
|
|
African banks heavily targeted in RemcosRAT malware campaigns
African banks are increasingly targeted by malware distribution campaigns that employ HTML smuggling tricks and typo-squatted domains to drop remote access trojans (RATs). [...] |
April 13, 2022
|
|
New Fodcha DDoS botnet targets over 100 victims every day
A rapidly growing botnet is ensnaring routers, DVRs, and servers across the Internet to target more than 100 victims every day indistributed denial-of-service (DDoS) attacks. [...] |
April 13, 2022
|
|
Hackers exploit critical VMware CVE-2022-22954 bug, patch now
Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems. [...] |
April 13, 2022
|
|
US warns of govt hackers targeting industrial control systems
A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy (DOE) warns of government-backed hacking groups being able to hijack multiple industrial devicesusing a new ICS-focused malware toolkit. [...] |
April 13, 2022
|
|
Microsoft disrupts Zloader malware in global operation
A months-long global operation led by Microsoft's Digital Crimes Unit (DCU) has taken down dozens of domains used as command-and-control (C2) servers by the notoriousZLoader botnet. [...] |
April 13, 2022
|
|
3 Reasons Connected Devices are More Vulnerable than Ever
We are surrounded by billions of connected devices that contribute round-the-clock to practically every aspect of our lives - from transportation, to entertainment, to health and well-being. Here are the top three reasons why connected-device cybersecurity is more fragile than ever. [...] |
April 13, 2022
|
|
New EnemyBot DDoS botnet recruits routers and IoTs into its army
A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec. [...] |
April 13, 2022
|
|
Critical flaw in Elementor WordPress plugin may affect 500k sites
The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites. [...] |
April 13, 2022
|
|
Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now
Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolvedbut, as it turns out, wasn't fully remedied. As such,CISA is urging users and administrators to upgrade to the latest, patched Struts 2 versions. [...] |
April 12, 2022
|
|
Ethereum dev imprisoned for helping North Korea evade sanctions
Virgil Griffith, a US cryptocurrency expert, was sentenced on Tuesday to 63 months in prison after pleading guilty to assisting the Democratic People's Republic of Korea (DPRK) with technical info on how to evade sanctions. [...] |
April 12, 2022
|
|
Microsoft: Windows Server now supports automatic .NET updates
Microsoft says Windows admins can now opt into automatic updates for .NET (.NET Core)viaMicrosoft Update (MU) on Windows Server systems. [...] |