Justice Department Appoints First Director of National Cryptocurrency Enforcement Team

The U.S. Department of Justice DoJ earlier this week appointed Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team NCET it established last year. The NCET was created to tackle the criminal misuse of cryptocurrencies and digital assets," with a focus on...

U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday published a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The "Free Cybersecurity Services and...

Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites

Patches have been issued to contain a "severe" security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site's private data using an account on the vulnerable sites. "All versions of UpdraftPlus from March 2019 onwards...

Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks

Microsoft has warned of emerging threats in the Web3 landscape, including "ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages. The company's Microsoft 365 Defende...

PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans

Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and ...

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating syste...

Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware

A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling...

4 Cloud Data Security Best Practices All Businesses Should Follow Today

These days, businesses all around the world have come to depend on cloud platforms for a variety of mission-critical workflows. They keep their CRM data in the cloud. They process their payrolls in the cloud. They even manage their HR processes through the cloud. And all of that means they're...

Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails

Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance ESA that could result in a denial-of-service DoS condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 CVSS...

Another Critical RCE Discovered in Adobe Commerce and Magento Platforms

Adobe on Thursday updated its advisory for an actively exploited zero-day affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. Tracked as CVE-2022-24087, the issue – like CVE-2022-24086 – is rated 9.8 on th...

Google Bringing Privacy Sandbox to Android to Limit Sharing of User Data

Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. To that end, the internet giant said it will work towards building solutions that prevent...

Getting Your SOC 2 Compliance as a SaaS Company

If you haven't heard of the term, you will soon enough. SOC 2, meaning System and Organization Controls 2, is an auditing procedure developed by the American Institute of CPAs AICPA. Having SOC 2 compliance means you have implemented organizational controls and practices that provide assurance fo...

This New Tool Can Retrieve Pixelated Text from Redacted Documents

The practice of blurring out text using a method called pixelation may not be as secure as previously thought. While the most foolproof way of concealing sensitive textual information is to use opaque black bars, other redaction methods like pixelation can achieve the opposite effect, enabling th...

Researchers Warn of a New Golang-based Botnet Under Continuous Development

Cybersecurity researchers have unpacked a nascent Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. "Kraken already features the ability to download and execute secondary...

Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage

The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff...

U.S. Says Russian Hackers Stealing Sensitive Data from Defense Contractors

State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors CDCs to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. The sustaine...

[Webinar] When More Is Not Better: Solving Alert Overload

The increasing volume and sophistication of cyberattacks have naturally led many companies to invest in additional cybersecurity technologies. We know that expanded threat detection capabilities are necessary for protection, but they have also led to several unintended consequences. The "more is...

TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with mor...

VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products

VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service DoS condition. As of writing, there's no evidence that any of the...

EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware

The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, stating that the technology's "unprecedented level of intrusiveness" could endanger users' right to privacy. "Pegasus constitutes a paradigm...

High-Severity RCE Security Bug Reported in Apache Cassandra Database Software

Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution RCE on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak...

Facebook Agrees to Pay $90 Million to Settle Decade-Old Privacy Violation Case

Meta Platforms has agreed to pay $90 million to settle a lawsuit over the company's use of cookies to allegedly track Facebook users' internet activity even after they had logged off from the platform. In addition, the social media company will be required to delete all of the data it illegally...

Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA

Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is...

SafeDNS: Cloud-based Internet Security and Web Filtering Solution for MSPs

Remote workplace trend is getting the upper hand in 2022. A recent survey by IWG the International Workplace Group determined that 70% of the world's professionals work remotely at least one day a week, with 53% based outside their workplace at least half of the week. Taking this into...

Experts Warn of Hacking Group Targeting Aviation and Defense Sectors

Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans RATs on compromised systems. The use...

New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin

A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and...

New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP!

Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked CVE-2022-0609, is...

Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts

Spain's National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring...

Critical Security Flaws Reported in Moxa MXview Network Management Software

Technical details have been disclosed regarding a number of security vulnerabilities affecting Moxa's MXview web-based network management system, some of which could be chained by an unauthenticated adversary to achieve remote code execution on unpatched servers. The five security weaknesses "cou...

Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. Tracked as CVE-2022-24086, the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring...

Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers

A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks...

France Rules That Using Google Analytics Violates GDPR Data Protection Law

French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation GDPR laws in the country, almost a month after a similar decision was reached in Austria. To that end, the National Commission on Informatics and...

Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw

Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a...

FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors

A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of 1,500 hosts. Dubbed FritzFrog, "the decentralized botnet targets any device that expos...

COVID Does Not Spread to Computers

"…well, of course!" is what you might think. It's a biological threat, so how could it affect digital assets? But hang on. Among other effects, this pandemic has brought about a massive shift in several technological areas. Not only did it force numerous organizations - that up to now were...

CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks

--- Image Source: TechPrivacy Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. The incidents singled ou...

Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards

A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. To that end, t...

Critical RCE Flaws in 'PHP Everywhere' Plugin Affect Thousands of WordPress Sites

Critical security vulnerabilities have been disclosed in a WordPress plugin known as PHP Everywhere that's used by more than 30,000 websites worldwide and could be abused by an attacker to execute arbitrary code on affected systems. PHP Everywhere is used to flip the switch on PHP code across...

U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack

The U.S. Justice Department DoJ on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan,...

Guide: Alert Overload and Handling for Lean IT Security Teams

Alarming research reveals the stress and strains the average cybersecurity team experiences on a daily basis. As many as 70% of teams report feeling emotionally overwhelmed by security alerts. Those alerts come at such high volume, high velocity, and high intensity that they become an extreme...

Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign

An advanced persistent threat APT group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — codenamed "Out to Sea" — to a...

Russian APT Hackers Used COVID-19 Lures to Target European Diplomats

The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. According to ESET's T3 2021 Threat Report shared with The Hacker News, the intrusions paved t...

Microsoft and Other Major Software Firms Release February 2022 Patch Updates

Microsoft on Tuesday rolled out its monthly security updates with fixes for 51 vulnerabilities across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated...

Palestine-Aligned Hackers Use New NimbleMamba Implant in Recent Attacks

An advanced persistent threat APT hacking group operating with motives that likely align with Palestine has embarked on a new campaign that takes advantage of a previously undocumented implant called NimbleMamba. The intrusions leveraged a sophisticated attack chain targeting Middle Eastern...

Several Malware Families Using Pay-Per-Install Service to Expand Their Targets

A detailed examination of a Pay-per-install PPI malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader, RedLine Stealer, Vidar, Raccoon, and GCleaner since at least May 2021. Loaders are malicious programs used for loading...

'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns

A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time. Dubbed Roaming Mantis, the latest spate of activities observed in...

Medusa Android Banking Trojan Spreading Through Flubot's Attacks Network

Two different Android banking Trojans, FluBot and Medusa, are relying on the same delivery vehicle as part of a simultaneous attack campaign, according to new research published by ThreatFabric. The ongoing side-by-side infections, facilitated through the same smishing SMS phishing infrastructure...

How Attack Surface Management Preempts Cyberattacks

The wide-ranging adoption of cloud facilities and the subsequent mushrooming of organizations' networks, combined with the recent migration to remote work, had the direct consequence of a massive expansion of organizations' attack surface and led to a growing number of blind spots in connected...

Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks

Microsoft on Monday said it's taking steps to disable Visual Basic for Applications VBA macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector. "Bad actors send...

Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse

Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on...