#StopRansomware: Hive Ransomware
Summary Actions to Take Today to Mitigate Cyber Threats from Ransomware: • Prioritize remediating known exploited vulnerabilities. • Enable and enforce multifactor authentication with strong passwords • Close unused ports and remove any application not deemed necessary for day-to-day operations....
9.8CVSS
10AI Score
0.973EPSS
Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation
Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between June 28 and November 23, 2022, resulting in the....
1.2AI Score
Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware
Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and...
1.1AI Score
Black Friday shoppers beware: online threats so far in 2022
The shopping event of the year, Black Friday, is almost here, and while the big day does not officially arrive until Friday, November 25th, deals are already starting. The day kickstarts the frenzied holiday shopping season with eye-catching promotional deals that lure shoppers into spending more.....
-0.4AI Score
ChurchInfo Arbitrary File Upload Vulnerability
ChurchInfo is a free church database program from the ChurchInfo team that helps churches track members, families, groups, pledges, and payments. ChurchInfo 1.2.13 and later, and 1.3.0 and prior versions, is vulnerable to arbitrary file uploads. The vulnerability stems from the application's lack.....
8.8CVSS
3.3AI Score
0.07EPSS
WordPress Five Star Restaurant Reservations plugin licensing issue vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Five Star Restaurant Reservations plugin version prior to 2.4.12 is vulnerable to an authorization...
6.1CVSS
1.5AI Score
0.001EPSS
This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos
A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access...
0.5AI Score
Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns
The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making.....
0.7AI Score
Crimeware and financial cyberthreats in 2023
A look back on the year 2022 and what to expect in 2023 Every year, as part of the Kaspersky Security Bulletin, we predict which major trends will be followed in the coming year by attackers, who target financial organizations. The predictions, based on our extensive experience, help individuals...
0.7AI Score
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti By Jambul Tologonov· November 22, 2022 Introduction On October 31, 2022, Yanluowang’s TOR site was hacked displaying a message “check and mate!! Yanluowang Matrix chat hacked @yanluowangleaks Time’s.....
1.1AI Score
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti By Jambul Tologonov· November 22, 2022 Introduction On October 31, 2022, Yanluowang’s TOR site was hacked displaying a message “check and mate!! Yanluowang Matrix chat hacked @yanluowangleaks Time’s.....
6.3AI Score
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...
6.1CVSS
0.001EPSS
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...
6.1CVSS
6.1AI Score
0.001EPSS
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...
6.1CVSS
6.1AI Score
0.001EPSS
Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet
Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The U.S. District Court for the Southern District of New York imposed monetary sanctions against the defendants and their U.S.-based legal counsel.....
1.3AI Score
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...
6.3AI Score
0.001EPSS
Witness Block Parsing DoS Vulnerability
Impact All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on...
8.2CVSS
6.2AI Score
0.001EPSS
Witness Block Parsing DoS Vulnerability
Impact All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on...
8.2CVSS
6.5AI Score
0.001EPSS
Meta Reportedly Fires Dozens of Employees for Hijacking Users' Facebook and Instagram Accounts
Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Some of these cases involved bribery, the publication said, citing sources and...
0.3AI Score
Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide
The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure...
1.6AI Score
Researchers Quietly Cracked Zeppelin Ransomware Keys
Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called "Zeppelin" in May 2020. He'd been on the job less than six months, and because of the way his predecessor architected things, the company's data backups also were encrypted by Zeppelin. After.....
0.1AI Score
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....
8.2CVSS
6.4AI Score
0.001EPSS
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....
6.5CVSS
0.001EPSS
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....
6.5CVSS
6.5AI Score
0.001EPSS
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....
6.5CVSS
6.3AI Score
0.001EPSS
CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments.....
8.2CVSS
8.3AI Score
0.001EPSS
Top Zeus Botnet Suspect “Tank” Arrested in Geneva
Vyacheslav "Tank" Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources. Wanted Ukrainian...
AI Score
Attacker can spoof remainingETH and double-spend their input ETH to Exchange
Lines of code Vulnerability details Description remainingETH is an important state variable in Exchange.sol, which keeps track of how many ETH have yet to be used as payment from the current msg.value. The setupExecution modifier sets the value before and after execution: modifier setupExecution()....
6.9AI Score
Lines of code Vulnerability details Exchange refund operation will return all ETH stored in the contract instead of the remaining amount from the exchange operation The function that refunds remaining ETH in the Exchange contract will send back all the balance present in the contract instead of...
6.7AI Score
Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks
The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world. The 33-year-old Ontario resident, Mikhail Vasiliev, has been taken into custody and is awaiting extradition to the...
0.4AI Score
The state of cryptojacking in the first three quarters of 2022
Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are...
AI Score
Revenue stream split can be bypassed
Lines of code Vulnerability details The Spigot.claimRevenue function allows (anyone) to claim revenue tokens from the spigot (push and pull payments) and escrows them for the owner to withdraw later. The revenue is automatically split between the treasury and escrow according to the settings in...
6.9AI Score
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating...
AI Score
New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader
Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like.....
0.5AI Score
U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web
The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04....
-0.5AI Score
Update 20.7 for Microsoft Dynamics 365 Business Central (on-premises) 2022 Release Wave 1 (Application Build 20.7.48483, Platform Build 20.0.48457) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes an information...
4.4CVSS
4.8AI Score
0.004EPSS
[PNM-003] finalize can be called by bidders, allows them to cancelBid
Lines of code Vulnerability details Description The finalize function is used to finalize the auction, locking all bids, and paying the seller. However, any user, including bidders can call finalize, as it is a public function, and there are no user checks. This may allow bidders to input...
6.8AI Score
US seizes $1.4 billion in Bitcoin from Silk Road Market Scammer
By Habiba Rashid The seizure of 50,000 Bitcoin took place in November 2021 when authorities raided the home of James Zhong, a 32-year-old in Gainesville, Georgia - The value of the seized BTC was $3.36 billion at that time. This is a post from HackRead.com Read the original post: US seizes $1.4...
1.3AI Score
IRS Seizes Another Silk Road Hacker’s $3.36 Billion Bitcoin Stash
A year after a billion-dollar seizure of the dark web market's crypto, the same agency found a giant trove hidden under a different hacker's...
2.7AI Score
btcd mishandles witness size checking
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. Specific Go Packages Affected...
9.8CVSS
8.9AI Score
0.002EPSS
btcd mishandles witness size checking
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. Specific Go Packages Affected...
9.8CVSS
9.5AI Score
0.002EPSS
The Worrying Rise of Cybercrime as a Service (CaaS)
What is CaaS? Put simply, Cybercrime as a Service (CaaS) means black hat hackers for hire. Now, any ex-employee with a grudge, any disgruntled customer, any troubled ex-partner, or vindictive competitor, literally anyone with the right browser, can hire a dark web bad actor to perform...
AI Score
News overview In Q3 2022, DDoS attacks were, more often than not, it seemed, politically motivated. As before, most news was focused on the conflict between Russia and Ukraine, but other high-profile events also affected the DDoS landscape this quarter. The pro-Russian group Killnet, active since.....
0.4AI Score
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...
9.8CVSS
9.3AI Score
0.002EPSS
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...
9.8CVSS
0.002EPSS
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...
9.8CVSS
9.5AI Score
0.002EPSS
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...
9.8CVSS
9.4AI Score
0.002EPSS
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...
9.7AI Score
0.002EPSS
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size...
9.8CVSS
8.9AI Score
0.002EPSS
Threat Roundup for October 28 to November 4
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 28 and Nov. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,.....
0.1AI Score