Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service DDoS attacks aimed at its domestic infrastructure. Some of the...

Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption

A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the "first side-channel attack" on homomorphic encryption that could be exploited to leak data as the encryption process is underway. "Basically, by monitoring power...

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products

Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server VCS that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. The two flaws – tracked as...

How to Automate Offboarding to Keep Your Company Safe

In the midst of 'The Great Resignation,' the damage from employees or contractors leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life. When...

Hackers Who Broke Into NVIDIA's Network Leak DLSS Source Code Online

American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling DLSS technology. "We have no evidence...

Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities

An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposur...

U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security

The U.S. Senate unanimously passed the "Strengthening American Cybersecurity Act" on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new bipartisan legislation, among other things, stipulates entities that experience a cyber incident to...

Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies

Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious...

Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks

Distributed denial-of-service DDoS attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. "The attack … abuses vulnerable firewalls and content filteri...

LIVE Webinar: Key Lessons Learned from Major Cyberattacks in 2021 and What to Expect in 2022

With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks. Over the course of 2021 we saw an increase in multiple attack approaches; some old, some new. Phishing and ransomware...

Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack

As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service DoS in applications that use the protocol stack. The weaknesses were identified and...

Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software

Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. Following responsible disclosure by researchers from Kerbit, an...

TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps

An Android banking trojan designed to steal credentials and SMS messages has been observed once again sneaking past Google Play Store protections to target users of more than 400 banking and financial apps, including those from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via...

Second New 'IsaacWiper' Data Wiper Targets Ukraine After Russian Invasion

A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper,"...

Break into Ethical Hacking with 18 Advanced Online Courses for Just $42.99

It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-On...

Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia

Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, an anonymous security researcher using the Twitter handle @ContiLeaks has leaked the syndicate's internal chats. The file dump, published by malware...

TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail

Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's AnchorDNS...

Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion

UPDATE: It's worth noting that the malware Microsoft tracks as FoxBlade is the same as the data wiper that's been denominated HermeticWiper aka KillDisk. Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital...

China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks

A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the...

CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild. Tracked as CVE-2022-24682 CVSS score: 6.1, the issue...

100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature

A group of academics from Tel Aviv University have disclosed details of now-patched "severe" design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the...

CISA Warns of High-Severity Flaws in Schneider and GE Digital's SCADA Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA last week published an industrial control system ICS advisory related to multiple vulnerabilities impacting Schneider Electric's Easergy medium voltage protection relays. "Successful exploitation of these vulnerabilities may disclose...

Rebirth of Emotet: New Features of the Botnet and How to Detect it

One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story. But the malware never ceased to surprise. November 2021, i...

Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures

Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol. The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggerin...

Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API

An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an...

Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store

A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbe...

Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides

Ukraine's Computer Emergency Response Team CERT-UA has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia's military invasion of the country. "Mass phishing emails have recently been observed...

New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors

Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to...

Iran's MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat APT group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesse...

Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks

The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. In addition to cautioning of the "threat of an increase in the intensity of computer attacks," Russia's National...

Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. "TrickBot ...

New Flaws Discovered in Cisco's Network Operating System for Switches

Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650 CVSS score: 8.8, which relates to a command injection flaw in the NX-API...

TrickBot Gang Likely Shifting Operations to Switch to New Malware

TrickBot, the infamous Windows crimeware-as-a-service CaaS solution that's used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaign...

From Pet Systems to Cattle Farm — What Happened to the Data Center?

There's something about craftsmanship. It's personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings. The story of data centers is one of going from...

Warning — Deadbolt Ransomware Targeting ASUSTOR NAS Devices

ASUSTOR network-attached storage NAS devices have become the latest victim of Deadbolt ransomware, less than a month after similar attacks singled out QNAP NAS appliances. In response to the infections, the company has released firmware updates ADM 4.0.4.RQO2 to "fix related security issues." The...

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that Federal...

U.S., U.K. Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter...

New Wiper Malware Targeting Ukraine Amid Russia's Military Operation

Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper "HermeticWiper...

Dridex Malware Deploying Entropy Ransomware on Hacked Computers

Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal...

Chinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool

Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group, an advanced persistent threat APT with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency NSA. Dubbed "Bvp47" owing to numerous...

9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software

Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. "This gives the attacker access to all sensitive and perhaps...

25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository

Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after 17 similar packages were taken down. The libraries in question...

Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace

Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a phishing attack against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. NFTs, short for non-fungible tokens, are digital tokens that act like...

Chinese Hackers Target Taiwan's Financial Trading Sector with Supply Chain Attack

An advanced persistent threat APT group operating with objectives aligned with the Chinese government has been linked to an organized supply chain attack on Taiwan's financial sector. The attacks are said to have first commenced at the end of November 2021, with the intrusions attributed to a...

Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike

Vulnerable internet-facing Microsoft SQL MS SQL Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not...

New Android Banking Trojan Spreading via Google Play Store Targets Europeans

A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabri...

Iranian State Broadcaster IRIB Hit by Destructive Wiper Malware

An investigation into the cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting IRIB, in late January 2022 revealed the deployment of a wiper malware and other custom implants, as the country's national infrastructure continues to face a wave of attacks...

A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022

For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses. And unfortunately — the bad guys...

Hackers Exploiting Infected Android Devices to Register Disposable Accounts

An analysis of SMS phone-verified account PVA services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation. SMS PVA services, since gaining prevalence in 2018,...

Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm

Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's...