20764 matches found
How XDR Helps Protect Critical Infrastructure
Critical infrastructure is important for societal existence, growth, and development. Societies are reliant on the services provided by critical infrastructure sectors like telecommunication, energy, healthcare, transportation, and information technology. Safety and security are necessary for the...
Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities
The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which analyzed a RAR archive file titled...
Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier
A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to a threat activity group it...
Microsoft Alerts Cryptocurrency Industry of Targeted Cyberattacks
Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center MSTIC is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that...
New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network
NOTE: In this blog, Zerobot refers to a botnet that spreads primarily through IoT and web application vulnerabilities. It is not associated with the chatbot ZeroBot.ai. A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen...
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks
A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat APT group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful...
Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics
Hackers with ties to the Iranian government have been linked to an ongoing social engineering and credential phishing campaign directed against human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East. At least 20 individuals are believed ...
Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide
Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects group...
Understanding NIST CSF to assess your organization's Ransomware readiness
Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a rece...
Telecom and BPO Companies Under Attack by SIM Swapping Hackers
A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing BPO companies at lease since June 2022. "The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping...
Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware
A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered f...
New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers
Three different security flaws have been disclosed in American Megatrends AMI MegaRAC Baseboard Management Controller BMC software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote...
Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware
A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "Although it disguises itself as a ransomware and extorts money from the victim for 'decrypting' data, it does not actually encrypt, but purposefully destroys data ...
When Being Attractive Gets Risky - How Does Your Attack Surface Look to an Attacker?
In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. This...
SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manne...
North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps
The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and...
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported...
Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis...
Hackers Sign Android Malware Apps with Compromised Platform Certificates
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing...
CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
The U.S. Cybersecurity and Infrastructure Security Agency CISA this week released an Industrial Control Systems ICS advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users ...
The Value of Old Systems
Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting...
Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases ICD for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw CVSS score: 8.8, dubbed "Hell's Keychain" by cloud securi...
Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was...
What the CISA Reporting Rule Means for Your IT Security Protocol
The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 CIRCIA requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking NPRM that CISA must publish sooner than 24 months...
Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely
Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store...
Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities
The threat actors behind Cuba aka COLDDRAW ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of...
Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day...
Hackers Leak Another Set of Medibank Customer Data on the Dark Web
Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. "We are in the process of analyzing the data, but the data released appears to be the data we...
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...
What Developers Need to Fight the Battle Against Common Vulnerabilities
Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and...
Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users
More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading...
Malware Authors 'Accidentally' Crash KmsdBot Cryptocurrency Mining Botnet
An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down by the threat actors themselves. KmsdBot, as christened by the Akamai Security Intelligence Response Team SIRT, came to light mid-November 2022 for its ability to...
LastPass Suffers Another Security Breach; Exposed Some Customers Information
Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its...
North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets
The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor ... has a wide range of spying capabilities, including monitoring drives and portable...
Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection
New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface CLI tool. npm CLI's install and audit commands have built-in capabilities to check a package and all...
This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms
A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo com.vanjan.sms, had over 100,000 downloads and...
French Electricity Provider Fined for Storing Users' Passwords with Weak MD5 Algorithm
The French data protection watchdog on Tuesday fined electricity provider Électricité de France EDF €600,000 for violating the European Union General Data Protection Regulation GDPR requirements. The Commission nationale de l'informatique et des libertés CNIL said the electric utility breached...
Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevan...
3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS
Researchers have disclosed details of three new security vulnerabilities affecting operational technology OT products from CODESYS and Festo that could lead to source code tampering and denial-of-service DoS. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of...
Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines
A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis o...
New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and...
Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge, involves applying a filter known as Invisible Body that just leaves behind a silhouette of th...
7 Cyber Security Tips for SMBs
When the headlines focus on breaches of large enterprises like the Optus breach, it's easy for smaller businesses to think they're not a target for hackers. Surely, they're not worth the time or effort? Unfortunately, when it comes to cyber security, size doesn't matter. Assuming you're not a...
Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data
Ireland's Data Protection Commission DPC has levied fines of €265 million $277 million against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry...
CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 a...
Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services
Amazon Web Services AWS has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perfor...
The 5 Cornerstones for an Effective Cyber Security Awareness Training
It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information. The hard news: they're...
Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks
Over a dozen security flaws have been discovered in baseboard management controller BMC firmware from Lanner that could expose operational technology OT and internet of things IoT networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip SoC, that's found in serv...
Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption E2EE for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments,...
All You Need to Know About Emotet in 2022
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans...