New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it B1txor20 "based on its propagation using the file name...

New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers

The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service DoS condition when parsing certificates. Tracked as CVE-2022-0778 CVSS score: 7.5, the issue stems from parsing a malformed certificate with...

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. "As early as May 2021,...

Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Researchers have disclosed an unpatched security vulnerability in "dompdf," a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. "By injecting CSS into the data processed by dompdf, it can be tricked into storing a...

German Government Warns Against Using Russia's Kaspersky Antivirus Software

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany's Federal Office of Information Security BSI against using the company's security solutions in the country over "doubts about the reliability of the manufacturer." Calling that the decision was made on...

Build Your 2022 Cybersecurity Plan With This Free PPT Template

The end of the year is coming, and it's time for security decision-makers to make plans for 2022 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced. The Definitive 2022...

Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code. "The vulnerabilities require authentication,...

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

The Irish Data Protection Commission DPC on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million $18.6 million for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region. "The DPC found that Meta Platforms failed to have ...

Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471. The attacks mark an increase of 110 and 129 attacks from the third and second...

CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks

Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper "CaddyWiper," which it said ...

Massive DDoS Attack Knocked Israeli Government Websites Offline

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service DDoS attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel Nationa...

'Dirty Pipe' Linux Flaw Affects a Wide Range of QNAP NAS Devices

Network-attached storage NAS appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been...

Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords

French video game company Ubisoft on Friday confirmed it was a victim of a "cyber security incident," causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wid...

Why Enterprise Threat Mitigation Requires Automated, Single-Purpose Tools

As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it's not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited...

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen...

New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access

A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 CVSS score: 7.8, the vulnerability impacts Linux kernel...

Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers

New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they "are the same group or really close collaborators." "Research evidence shows identification of co-evolution between both Shamoon and Kwampirs...

Multiple Security Flaws Discovered in Popular Software Package Managers

Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It's, however, worth noting that the flaws...

Russian Pushing New State-run TLS Certificate Authority to Deal With Sanctions

The Russian government has established its own TLS certificate authority CA to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country's unprovoked military invasion of Ukraine. According to a message posted on the Gosuslugi publi...

Here's How to Find if WhatsApp Web Code on Your Browser Has Been Hacked

Meta Platforms' WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service's web app on desktop computers. Available in the form of a Chrome and Edge browser extension, the open-source add-on is designed to...

Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign

The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans RATs on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthoriz...

New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to bre...

Ukrainian Hacker Linked to REvil Ransomware Attacks Extradited to United States

Yaroslav Vasinskyi, a Ukrainian national, linked to the Russia-based REvil ransomware group has been extradited to the U.S. to face charges for his role in carrying out the file-encrypting malware attacks against several companies, including Kaseya last July. The 22-year-old had been previously...

Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once...

Hackers Abuse Mitel Devices to Amplify DDoS Attacks by 4 Billion Times

Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service DDoS attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1. The attack vector – dubbed TP240PhoneHome CVE-2022-26143 – has...

Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices

Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws "allow for complete remote takeover of Smart-UPS...

The Incident Response Plan - Preparing for a Rainy Day

The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent...

Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant

APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-d...

Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses

Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System CPS that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu said the shortcomings, when chained together, can lead t...

Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms

Microsoft's Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity...

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface UEFI firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in...

Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks

A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group TAG said it took down two Blogspot domains that were used b...

Google Buys Cybersecurity Firm Mandiant for $5.4 Billion

Google is officially buying threat intelligence and incident response company Mandiant in an all-cash deal approximately valued at $5.4 billion, the two technology firms announced Tuesday. Mandiant is expected to be folded into Google Cloud upon the closure of the acquisition, which is slated to...

Samsung Confirms Data Breach After Hackers Leak Galaxy Source Code

Samsung on Monday confirmed a security breach that resulted in the exposure of internal company data, including the source code related to its Galaxy smartphones. "According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not...

Critical "Access:7" Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses – three of which are rated Critical in severity – potentially affect more than 150...

The Continuing Threat of Unpatched Security Vulnerabilities

Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as "patches,"...

Researchers Warn of Linux Kernel 'Dirty Pipe' Arbitrary File Overwrite Vulnerability

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed "Dirty Pipe" CVE-2022-0847,...

Microsoft Azure 'AutoWarp' Bug Could Have Let Attackers Access Customers' Accounts

Details have been disclosed about a now-addressed critical vulnerability in Microsoft's Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control. "This attack could mean full control over resources and data belonging to the...

Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking

Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage TNAS devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating Syste...

Understanding How Hackers Recon

Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets an...

Ukrainian CERT Warns Citizens of Phishing Attacks Using Compromised Accounts

Ukraine's Computer Emergency Response Team CERT-UA warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information. The agency cautioned that t...

SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store

The threat actor behind a nascent Android banking trojan named SharkBot has managed to evade Google Play Store security barriers by masquerading as an antivirus app. SharkBot, like its malware counterparts TeaBot, FluBot, and Oscorp UBEL, belongs to a category of financial trojans capable of...

2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!

Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free...

New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container

Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to a...

Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks

Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service DDoS attack targeting an unnamed website that peaked at 2.5 million requests per second RPS. "While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting...

CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478. "These types of vulnerabilities are a frequent attack vector for malicious...

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism

Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app to coordinate their activities, leak data, and spread disinformation, as the Russia-Ukraine conflict enters its eighth day. A new analysis by Israeli cybersecurity company Check Point Research has found that...

New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances

Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 CVSS score: 5.3, the medium-severity flaw affects all version...

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service DDoS attacks aimed at its domestic infrastructure. Some of the...

Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption

A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the "first side-channel attack" on homomorphic encryption that could be exploited to leak data as the encryption process is underway. "Basically, by monitoring power...