Hackers Behind Twilio Breach Also Targeted Cloudflare Employees

Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio. The attack, which transpired around the...

CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 CVSS score: 7.5, the issue concerns a path...

Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack

As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 10...

Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack

Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee...

U.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering

The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. Tornado Cash, which allows users to move...

The Truth About False Positives in Security

TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Let's explain why. Introduction False positives have made a somewhat unexpected appearance in our lives in recent years. I am, of course,...

The Truth About False Positives in Security

TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Let's explain why. Introduction False positives have made a somewhat unexpected appearance in our lives in recent years. I am, of course,...

10 Credential Stealing Python Libraries Found on PyPI Repository

In what's yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python Package Index PyPI for their ability to harvest critical data points such as passwords and API tokens. The packages "install info-stealers that enable attacker...

Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions

Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Russian cybersecurity firm Kaspersky attributed...

New Orchard Botnet Uses Bitcoin Founder's Account Info to Generate Malicious Domains

A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control C2 infrastructure. "Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using...

The Benefits of Building a Mature and Diverse Blue Team

A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming a red teamer as a natural career progression. The reason I got stirred up is not that I want to change either my job or my position, as I am a happy...

Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore

A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after expanding to Europe. "Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment...

Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook

Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertak...

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute...

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. "As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the perso...

Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users

Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to othe...

Iranian Hackers Likely Behind Disruptive Cyberattacks Against Albanian Government

A threat actor working to further Iranian goals is said to have been behind a set of damaging cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive...

Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages

The U.S. Department of Homeland Security DHS has warned of critical security vulnerabilities in Emergency Alert System EAS encoder/decoder devices. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks. The August 1 advisory...

Resolving Availability vs. Security, a Constant Conflict in IT

Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn't always easy – though sometimes there is a novel solution that helps. In IT management there is a...

A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'

A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control C2 services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service DDoS attack...

CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 CVSS score:...

Who Has Control: The SaaS App Admin Paradox

Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team...

Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers

As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the devices and unauthorized access to the broader network. "The attack can ...

New Woody RAT Malware Being Used to Target Russian Organizations

An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office...

Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage

A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the...

Three Common Mistakes That May Sabotage Your Security Training

Phishing incidents are on the rise. A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques. The Need for Security Awareness Training Although technical solutions protect against phishing...

Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution RCE or cause a denial-of-service DoS condition on affected devices. The most critical of the flaws impact Cisco Small...

Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour

A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE — short for Supersingular Isogeny Key...

VirusTotal Reveals Most Impersonated Software in Malware Attacks

Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer,...

On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams

The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis. Nearly 60% of enterprises can't find the staff to protect their data and reputations! from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association ISSA i...

Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

A new, large-scale phishing campaign has been observed using adversary-in-the-middle AitM techniques to get around security protections and compromise enterprise email accounts. "It uses an adversary-in-the-middle AitM attack technique capable of bypassing multi-factor authentication," Zscaler...

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 CVSS scores: 4.7 - 9.8, impact...

Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

Researchers have disclosed a new offensive framework referred to as Manjusaka that they call is a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control C2, written in Golang with a User Interface in Simplified Chinese, is freely available and can...

New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications

Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as ...

What is ransomware and how can you defend your business from it?

Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems known as...

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

A threat actor associated with the LockBit 3.0 ransomware-as-a-service RaaS operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initia...

Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys

Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secre...

Two Key Ways Development Teams Can Increase Their Security Maturity

Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent...

Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals

A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan R...

Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers

The operators of the Gootkit access-as-a-service AaaS malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro...

Stop Putting Your Accounts At Risk, and Start Using a Password Manager

--- Image via Keeper Right Now, Get 30% Off Keeper, the Most Trusted Name in Password Management. In one way or another, almost every aspect of our lives is online, so it's no surprise that hackers target everything from email accounts to banks to smart home devices, looking for vulnerabilities t...

Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates aka SocGholish malware being delivered via existing Raspberry Robin infections on July 26,...

North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, whi...

CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-26138, concerns the use of hard-coded...

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code...

Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices

Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum ONVIF standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 CVSS score: 7.4, the "vulnerability could be abused by attackers to...

Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network

The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the spam campaigns, said it identified no less than 3,000 emails containing IPFS phishing UR...

How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber...

Spanish Police Arrest 2 Nuclear Power Workers for Cyberattacking the Radiation Alert System

Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network RAR, which took place between March and June 2021. The act of sabotage is said to have disabled more than one-third of the sensors that are...

Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation

A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a...