Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

North Korean threat actors exploited a remote code execution RCE zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according to researchers. Google Threat Analysis Group TAG discovered the flaw, tracked as CVE-2022-0609, on Feb. 10, reporting a...

UK Cops Collar 7 Suspected Lapsus$ Gang Members

City of London Police have arrested seven people suspected of being connected to the Lapsus$ gang. The bust came within hours of Bloomberg having published a report about a teenage boy living at his mother’s house near Oxford, England who’s suspected of being the Lapsus$ mastermind. The police...

Microsoft Azure Developers Awash in PII-Stealing npm Packages

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information PII in a large-scale typosquatting attack against Microsoft Azure cloud users. That’s according to the JFrog Security Research team,...

Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug

The latest installment of the Dark Souls gaming franchise, Elden Ring, contains a security vulnerability that allows bad actors to throw players on PCs into an endless loop of losing their characters’ lives, rendering it essentially unplayable. Malwarebytes Labs researcher Christopher Boyd said...

HubSpot Data Breach Ripples Through Crytocurrency Industry

A rogue employee working at HubSpot – used by more than 135,000 and growing customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday. The breach has rippled through the...

Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection

The Chinese advanced persistent threat APT Mustang Panda a.k.a. Temp.Hex, HoneyMyte, TA416 or RedDelta has upgraded its espionage campaign against diplomatic missions, research entities and internet service providers ISPs – largely in and around Southeast Asia. For one thing, the APT has deployed...

Microsoft Help Files Disguise Vidar Malware

Where’s the last place you’d expect to find malware? In an email from your mother? Embedded in software you trust and use everyday actually, that’s probably the first place you should look? How about in a technical documentation file? In a report published Thursday, Trustwave SpiderLabs revealed ...

Top 3 Attack Trends in API Security – Podcast

In late July 2021, online retailers got hit with a jaw-dropping 2,800 percent increase in attack takeovers. Dead-set on gift card fraud via “scrape for resale” and other types of fraud, the attacks spiraled up to the rate of 700,000 attacks per day. In a separate case – of a loan application frau...

Tax-Season Scammers Spoof Fintechs, Including Stash, Public

Threat actors have new targets in their sites this tax season during the annual barrage of cyber-scams as people file their U.S. income-tax documents. Novel email campaigns are spoofing popular financial technology fintech applications and their tax notifications to try to dupe victims into givin...

DeadBolt Ransomware Resurfaces to Hit QNAP Again

DeadBolt ransomware has resurfaced in a new wave of attacks on QNAP that begin in mid-March and signals a new targeting of the Taiwan-based network-attached storage NAS devices by the fledgling threat, researchers said. Researchers from Censys, which provides attack-surface management solutions,...

Microsoft: Lapsus$ Used Employee Account to Steal Source Code

In a new blog post published last night, Microsoft confirmed that the Lapsus$ extortion group hacked one of its employee’s accounts to get “limited access” to project source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single...

Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta

Both Microsoft and Okta are investigating claims by the new, precocious data extortion group Lapsus$ that the gang has breached their systems. Lapsus$ claimed to have gotten itself “superuser/admin” access to internal systems at authentication firm Okta. It also posted 40GB worth of files to its...

Russia Lays Groundwork for Cyberattacks on U.S. Infrastructure

The Russian government is exploring “options for potential cyberattacks” on critical infrastructure in the U.S., the White House warned on Monday, in retaliation for sanctions and other punishments as the war in Ukraine grinds on. Officials said that its latest intelligence shows cyber-related...

FIDO: Here’s Another Knife to Help Murder Passwords

We all hate passwords, but none of us want to make logging into our accounts a hassle with extra time, steps and devices. That’s why the Fast Identity Online Alliance FIDO published a white paper PDF on Thursday, outlining different use cases for the adoption of their FIDO2 set of specifications...

Serpent Backdoor Slithers into Orgs Using Chocolatey Installer

Researchers have discovered a cyberattack that uses unusual evasion tactics to backdoor French organizations with a novel malware dubbed Serpent, they said. A team from Proofpoint observed what they call an “advanced, targeted threat” that uses email-based lures and malicious files typical of man...

Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

We’ve had it beaten into our brains: Before you go wily-nily clicking on a page, check the URL. First things first, the tried-and-usually-but-not-always-true advice goes, check that the site’s URL shows “https,” indicating that the site is secured with TLS/SSL encryption. If only it were that eas...

Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts

A popular mobile app in the official Google Play store called “Craftsart Cartoon Photo Tools” has racked up more than 100,000 installs – but unfortunately for the app’s enthusiasts, it contains a version of the Facestealer Android malware. That’s according to researchers at Pradeo, who said the a...

Conti Ransomware V. 3, Including Decryptor, Leaked

Pro-Ukraine security researcher @ContiLeaks yesterday uploaded a fresher version of Conti ransomware than they had previously released – specifically, the source code for Conti Ransomware V3.0 – to VirusTotal. ContiLeaks posted a link to the code on Twitter. The code includes a compiled locker an...

Bridgestone Hit as Ransomware Torches Toyota Supply Chain

On Friday, Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in February, prompting it to shut down the computer network and production at its factories in North and Middle America for about a week, said Reuters. Among other things, Bridgestone is a major supplier of...

Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure

In a warning to aviation authorities and air operators on Thursday, the European Union Aviation Safety Agency EASA warned of satellite jamming and spoofing attacks across a broad swath of Eastern Europe that could affect air navigation systems. The warning came in tandem with a separate alert fro...

DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data

An advanced persistent threat APT group has been targeting luxury hotels in Macao, China with a spear-phishing campaign aimed at breaching their networks and stealing the sensitive data of high-profile guests staying at resorts, including the Grand Coloane Resort and Wynn Palace. A threat researc...

Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet

The modular botnet known as Cyclops Blink, linked to the same advanced persistent threat APT behind the NotPetya wiper attacks, is expanding its device targeting to include ASUS routers. Further, it’s likely that the botnet’s purpose is far more sinister than the average Mirai-knockoff’s penchant...

Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops

Google’s Threat Analysis Group TAG has provided a rare look inside the operations of a cybercriminal dubbed “Exotic Lily,” that appears to serve as an initial-access broker for both Conti and Diavol ransomware gangs. Researchers’ analysis exposes the business-like approach the group takes to...

Dev Sabotages Popular NPM Package to Protest Russian Invasion

The developer behind the hugely popular npm package “node-ipc” has released sabotaged versions of the library to condemn Russia’s invasion of Ukraine: a supply-chain tinkering that he’d prefer to call “protestware” as opposed to “malware.” Regardless of the peace-not-war messaging, node-ipc is no...

Misconfigured Firebase Databases Exposing Data in Mobile Apps

Thousands of mobile apps – some of which have been downloaded tens of millions of times – are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research CPR found that in three months’ time, 2,1...

Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast

You know that hazy window that’s been obscuring the cyber threat landscape, leaving the feds squinting to try to see what’s really going on? The government has recently pulled out some squeegees. Case in point: the government spending deal that President Biden signed into law on Friday. The bill...

‘CryptoRom’ Crypto Scam is Back via Side-Loaded Apps

For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS...

Another Destructive Wiper Targets Organizations in Ukraine

Researchers have discovered yet another destructive data-wiping malware targeting organizations in Ukraine, the third to be found in as many weeks attacking systems in the country that’s currently defending itself against a Russian physical invasion. A team from cybersecurity firm ESET on Monday...

Phony Instagram ‘Support Staff’ Emails Hit Insurance Company

A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published by Armorblox on Wednesday, the attack combined brand...

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’

Israel’s Nation Cyber Directorate confirmed in a tweet on Monday that a denial-of-service DDoS attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. The incident led to the Directorate to briefly declare a state of...

Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw

The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most of QNAP’s network-attached storage NAS appliances, the Taiwanese manufacturer warned on Monday. Dirty Pipe, a recently reporte...

Pandora Ransomware Hits Giant Automotive Supplier Denso

A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora ransomware group began leaking data that attackers claimed was stolen in the incident. The...

Staff Think Conti Group Is a Legit Employer – Podcast

Thanks to gray-hat Ukrainian hacker ContiLeaks, the Conti ransomware gang spilled its guts in late February. Since then, researchers have been poring over the group’s secrets, including a massive trove of chat logs and other doxxed data, including source code for Conti ransomware, TrickBot malwar...

Cybercrooks’ Political In-Fighting Threatens the West

A rift has formed in the cybercrime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware. According to a report PDF published Monday, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along...

Russia Issues Its Own TLS Certs

Russia is offering its own trusted Transport Layer Security TLS certificate authority CA to replace certificates that need to be renewed by foreign countries. As it is, a pile of sanctions imposed in the wake of Russia’s invasion of Ukraine is gumming up its citizen’s access to websites. As it is...

Raccoon Stealer Crawls Into Telegram

A credential stealer that first rose to popularity a couple of years ago is now abusing Telegram for command-and-control C2. A range of cybercriminals continue to widen its attack surface through creative distribution means like this, researchers have reported. Raccoon Stealer, which first appear...

Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers

Looking to cyber-hassle Russia, Ukrainian sympathizers? Be careful — malware is making the rounds, disguised as a pro-Ukraine cyber-tool that will turn around and bite you instead, researchers are warning. In a Wednesday threat advisory, Cisco Talos described a campaign it’s observed in which a...

Most Orgs Would Take Security Bugs Over Ethical Hacking Help

Enterprises are putting greater stock in cybersecurity, but outdated “security by obscurity” is still prevailing as companies wrestle with security awareness and shy away from bug-bounty programs. That’s according to new survey data from HackerOne, which found that a full 65 percent of...

Russia May Use Ransomware Payouts to Avoid Sanctions

Russia may ramp up ransomware attacks against the United States as a way to ease the financial hurt it’s under due to sanctions, U.S. federal authorities are warning. Those sanctions have been levied against the nation and Vladimir Putin’s government due to its invasion of Ukraine. The Financial...

Multi-Ransomwared Victims Have It Coming–Podcast

You hate to blame the victim, but the fact of the matter is that businesses are just asking to get whacked with ransomware multiple times. A recent study of IT leaders from cloud-native network detection and response firm ExtraHop shows that businesses aren’t even aware of the “attack me,” “easy...

Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...

APT41 Spies Broke Into 6 US State Networks via a Livestock App

USAHerds – an app used PDF by farmers to speed their response to diseases and other threats to their livestock – has itself become an infection vector, used to pry open at least six U.S. state networks by one of China’s most prolific state-sponsored espionage groups. In a report published by...

Most ServiceNow Instances Misconfigured, Exposed

Nearly 70 percent of instances of the software-as-a-service SaaS platform ServiceNow Customers aren’t locking down access correctly, leading to 70 percent of ServiceNow implementations tested by AppOmni being potentially exposed to the public. ServiceNow is a $4.5 billion company whose software...

Russian APTs Furiously Phish Ukraine – Google

While Russia is fighting a physical war on the ground against Ukraine, advanced persistent threat APT groups affiliated with or backing Vladimir Putin’s government are ramping up phishing and other attacks against Ukrainian and European targets in cyberspace, Google is warning. Researchers from...

Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday

Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update – only three of which are rated critical in severity. The other 68 are all rated “important.” Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been...

The Uncertain Future of IT Automation

The majority of today’s cybersecurity breaches stem from unpatched vulnerabilities and outdated systems, which means that many cyberattacks are preventable. Unfortunately, it can be challenging for IT teams to keep up with the pace of new patches every month, especially when employee devices are...

Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure

Three critical security vulnerabilities in widely used smart uninterruptible power supply UPS devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found. Researchers a...

Bug in the Linux Kernel Allows Privilege Escalation, Container Escape

To go along with the “Dirty Pipe” Linux security bug coming to light, two researchers from Huawei – Yiqi Sun and Kevin Wang – have discovered a vulnerability in the “control groups” feature of the Linux kernel which allows attackers to escape containers, escalate privileges and execute arbitrary...

Novel Attack Turns Amazon Devices Against Themselves

UPDATE Researchers from the University of London and the University of Catania have discovered how to weaponize Amazon Echo devices to hack themselves. The – dubbed “Alexa vs. Alexa” – leverages what the researchers called “a command self-issue vulnerability”: using pre-recorded messages which,...

Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak

Just days after leaking data it claims to have exfiltrated from chipmaker NVIDIA, ransomware group Lapsus$ is claiming another international company among its victims — this time releasing data purportedly stolen from Samsung Electronics. The consumer electronics giant confirmed in a media...