U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk

The U.S. Federal Communications Commission FCC formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously...

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations

Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities wer...

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group TAG has been...

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka EDK, is an open source implementation of the Unified Extensible Firmware Interfac...

U.K. Police Arrest 142 in Global Crackdown on 'iSpoof' Phone Spoofing Service

A coordinated law enforcement effort has dismantled an online phone number spoofing service called iSpoof and arrested 142 individuals linked to the operation. The websites, ispoof.me and ispoof.cc, allowed the crooks to "impersonate trusted corporations or contacts to access sensitive informatio...

Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation

Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between June 28 and November 23, 2022, resulting in th...

New RansomExx Ransomware Variant Rewritten in the Rust Programming Language

The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 aka DefrayX, is primarily...

Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws

A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022...

Boost Your Security with Europe's Leading Bug Bounty Platform

As 2022 comes to an end, now's the time to level up your bug bounty program with Intigriti. Are you experiencing slow bug bounty lead times, gaps in security skills, or low-quality reports from researchers? Intigriti's expert triage team and global community of ethical hackers are enabling...

Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps

The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps...

This Android File Manager App Infected Thousands of Devices with SharkBot Malware

The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecuri...

Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware

Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and...

34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware

As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. "The underground market value of stolen logs and compromised card details is estimated around $5.8...

Ducktail Malware Operation Evolves with New Malicious Capabilities

The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook session...

Top Cyber Threats Facing E-Commerce Sites This Holiday Season

Delivering a superior customer experience is essential for any e-commerce business. For those companies, there's a lot at stake this holiday season. According to Digital Commerce 360, nearly $1.00 of every $4.00 spent on retail purchases during the 2022 holiday season will be spent online,...

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries

Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chai...

Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-U.S. Influence Operation

Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle East and Central Asia. The network, which...

Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike

A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 by a red team with a number of test emai...

This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos

A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access websi...

Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware

A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts. "These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency...

Here's How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers

The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business...

Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns

The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery TOAD, wherein the victims are social engineered into making a...

U.S. Authorities Seize Domains Used in 'Pig butchering' Cryptocurrency Scams

The U.S. Justice Department DoJ on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five victims, the DoJ said. Pig butchering, also...

Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data

The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net. The threat actor...

Notorious Emotet Malware Returns With High-Volume Malspam Campaign

The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week,...

Been Doing It The Same Way For Years? Think Again.

As IT professionals, we all reach a certain point in our IT career where we realize that some of our everyday tasks are done the same way year after year without anyone questioning why it's done that way. Despite the constant change and improvement in technology, some things just get done the sam...

Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet

Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The U.S. District Court for the Southern District of New York imposed monetary sanctions against the defendants and their U.S.-based legal counsel...

Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild

Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Clou...

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022

The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking...

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group...

Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide

A notorious advanced persistent threat actor known as Mustang Panda has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world. The primary targets of the intrusions from May to October 2022 included counties in the Asia Pacific...

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system...

Meta Reportedly Fires Dozens of Employees for Hijacking Users' Facebook and Instagram Accounts

Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Some of these cases involved bribery, the publication said, citing sources and...

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities,"...

Threat hunting with MITRE ATT&CK and Wazuh

Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay...

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide

The threat actors behind the Hive ransomware-as-a-service RaaS scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure...

W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack

An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technic...

Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign

A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019. The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over 42,000 imposter domains, with initi...

FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva

A Ukrainian national who has been wanted by the U.S for over a decade has been arrested by Swiss authorities for his role in a notorious cybercriminal ring that stole millions of dollars from victims' bank accounts using malware called Zeus. Vyacheslav Igorevich Penchukov, who went by online...

100 Apps, Endless Security Checks

On average, organizations report using 102 business-critical SaaS applications, enabling operations of most departments across an organization, such as IT and Security, Sales, Marketing, R&D, Product Management, HR, Legal, Finance, and Enablement. An attack can come from any app, no matter how...

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The issues...

Iranian Hackers Compromised a U.S. Federal Agency's Network Using Log4Shell Exploit

Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency CISA, come in...

North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor

Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the U.S. "Dtrack allows criminals to upload, download, start ...

Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data

Hundreds of databases on Amazon Relational Database Service Amazon RDS are exposing personal identifiable information PII, new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the...

7 Reasons to Choose an MDR Provider

According to a recent survey, 90% of CISOs running teams in small to medium-sized enterprises SMEs use a managed detection and response MDR service. That's a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the...

Warning: New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers

Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service DDoS attacks against game servers. "In fact, it turns out that this campaign is less like RapperBot than an older campaign that...

Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their...

Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform

Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability CVSS score: 9.8, at its core, takes advantage of a critical sandbox escape in vm2...

PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

--- Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet TTE that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed PCspooF by a group of...

Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service

Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on. "Before it was patched, the flaw would have allowed threat acto...