Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validation in Mojo, which refers to a collection of...

Prynt Stealer Contains a Backdoor to Steal Victims' Data Stolen by Other Cybercriminals

Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims' exfiltrated data when used by other cybercriminals. "While this untrustworthy behavior i...

JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users

More details have emerged about the operators behind the first-known phishing campaign specifically aimed at the Python Package Index PyPI, the official third-party software repository for the programming language. Connecting it to a threat actor tracked as JuiceLedger, cybersecurity firm...

The Ultimate Security Blind Spot You Don't Know You Have

How much time do developers spend actually writing code? According to recent studies, developers spend more time maintaining, testing and securing existing code than they do writing or improving code. Security vulnerabilities have a bad habit of popping up during the software development process,...

Warning: PyPI Feature Executes Code Automatically After Python Package Download

In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically...

New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers

Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group. The findings suggest that "Evil Corp is likely using...

Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content

A "major" security issue in the Google Chrome web browser, as well as Chromium-based alternatives, could allow malicious web pages to automatically overwrite clipboard content without requiring any user consent or interaction by simply visiting them. The clipboard poisoning attack is said to have...

Stop Worrying About Passwords Forever

So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time. Think about it, internal apps that you do...

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks

.jpg The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control C2 infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-Ju...

Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services AWS credentials, posing a major security risk. "Over three-quarters 77% of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter...

Infra Used in Cisco Hack Also Targeted Workforce Management Solution

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm eSentire, which disclosed the findings, raised the possibility...

Microsoft Discover Severe 'One-Click' Exploit for TikTok Android App

Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link. "Attackers could have leveraged the vulnerability to hijack an account without users' awarene...

Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability

Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The shortcoming, tracked as CVE-2022-32893 CVSS score: 8.8, is an out-of-bounds write issue affecting WebKit that could...

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit off retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website...

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

A persistent Golang-based malware campaign dubbed GOWEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope JWST as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix, points to the growing adoption of Go among thre...

Interested in Reducing Your Risk Profile? Jamf Has a Solution for That

The threat landscape has changed dramatically over the past decade. While cybercriminals continue to look for new ways to gain access to networks and steal sensitive information, the mobile attack surface is also expanding. Mobile devices are not only becoming more powerful but also more vulnerab...

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 a reference to eleet or leet to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program OSS VRP, the offering is...

Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks

A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well ...

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread...

Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs

As threat complexity increases and the boundaries of an organization have all but disappeared, security teams are more challenged than ever to deliver consistent security outcomes. One company aiming to help security teams meet this challenge is Stellar Cyber. Stellar Cyber claims to address the...

India's Newest Airline Akasa Air Found Leaking Passengers' Personal Information

Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to the exposure of detai...

FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

The U.S. Federal Bureau of Investigation FBI on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance DeFi platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to ste...

FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones

The U.S. Federal Trade Commission FTC on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users b...

New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim

A new ransomware strain written in Golang dubbed "Agenda" has been spotted in the wild, targeting healthcare and education entities in Indonesia, Saudi Arabia, South Africa, and Thailand. "Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and ha...

Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software

A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019. "The malicious tools can be used by anyone," Maya Horowitz,...

A CISO's Ultimate Security Validation Checklist

If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you're away? More importantly – do you have the right action plan in place for a seamless return? Whether you're on the way out of – or back to – t...

Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users

Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication 2FA service. The communication tools company said the unauthorized access...

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater aka...

Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 CVSS score: 9.9, the issue has been characterized as a command injection vulnerability in...

Hackers Breach LastPass Developer System to Steal Source Code

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed,...

Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control C2 framework in their intrusion campaigns as a replacement for Cobalt Strike. "Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time," Microsoft...

Okta Hackers Behind Twilio and Cloudflare Attacks Hit Over 130 Organizations

The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the...

Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed MagicWeb by Microsoft's threat intelligence teams, the development reiterates...

U.S. Government Spending Billions on Cybersecurity

In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are makin...

Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats

The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart since early 2022. Russian cybersecurity firm Kaspersky codenamed the cluster GoldDragon, with the infection chain...

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks

The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages. "This is the first known phishing attack against PyPI," the maintainers of the official third-party...

Crypto Miners Using Tox P2P Messenger as Command and Control Server

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format ELF artifact "72client"...

Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs

A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards NICs. The approach, codenamed ETHERLED, comes from Dr...

Guide: How Service Providers can Deliver vCISO Services at Scale

From ransomware to breaches, from noncompliance penalties to reputational damage – cyberthreats pose an existential risk to any business. But for SMEs and SMBs, the danger is compounded. These companies realize they need an in-house Chief Information Security Officer CISO – someone who can assess...

Hackers Using Fake DDoS Protection Pages to Distribute Malware

WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims ...

Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users

The threat actors behind a large-scale adversary-in-the-middle AiTM phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. "This campaign specifically targeted chief executives and other senior members of various organization...

GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software

DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Communi...

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group TAG, the actively in-development malicious software ...

XCSSET Malware Updates with Python 3 to Target macOS Monterey Users

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial version...

The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware

Ransomware is the de facto threat organizations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims' lack of adequate preparation. Think about bad security policies, untested backups, patch management...

Suspected Iranian Hackers Targeted Several Israeli Organizations for Espionage

A suspected Iranian threat activity cluster has been linked to attacks aimed at Israeli shipping, government, energy, and healthcare organizations as part of an espionage-focused campaign that commenced in late 2020. Cybersecurity firm Mandiant is tracking the group under its uncategorized monike...

New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the...

CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2022-0028 CVSS score: 8.6, i...

Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. The malware, which Doctor Web first came across in July 2022, were discovered in the system partiti...