Protergo Content Editor

TELUS, Canada’s second-largest telecom, is investigating a potential data breach after a threat actor claimed to have employee data and private source code repositories belonging to the company. The threat actor posted screenshots showing payroll records and private source code repositories for sale. Although TELUS has not found evidence of corporate or retail customer data …

TELUS Probing Stolen Source Code and Employee Data Leak Read More »

Dole Food Company, a leading provider of fresh fruits and vegetables, is currently dealing with a ransomware attack that has affected its operations. The company has stated that the impact is limited, but leaked information from a Texan grocery store suggests that the attack has forced Dole to shut down production plants in North America …

Fruit Giant Dole Suffers Ransomware Attack Impacting Operations Read More »

Cryptocurrency exchange Coinbase recently experienced a cyber attack in which attackers gained access to the company’s data. However, Coinbase claims that it caught the attack in time, preventing any loss of funds or customer information. The exchange has determined that the same group that targeted Twilio and Cloudflare is likely behind the attack. According to …

Coinbase Targeted by Cyberattackers using SMS phishing tactics Read More »

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). “Once …

Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack Read More »

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” the tech giant’s Exchange Team said in a post. “There are too many aspects of …

Microsoft Urges Customers to Secure On-Premises Exchange Servers Read More »

In what’s a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. “Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying …

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort Read More »

Seven days after the breach, French telecom company La Post Mobile still hasn’t recovered from the attack by LockBit ransomware. The mobile phone network owned by the French Post was hit with a ransomware attack on 4 July, severely disrupting the company’s administrative and management services. Users trying to access La Post Mobile’s website are …

Millions affected as ransomware knocks out French telecom firm Read More »

The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine. A sneaky malware for Linux is backdooring devices to steal data and can affect all the processes running on a particular machine, researchers have found. The …

Sneaky Orbit Malware Backdoors Linux Devices Read More »

State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks. Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. Threat actors from North …

U.S. Healthcare Orgs Targeted with Maui Ransomware Read More »

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) …

Clever phishing method bypasses MFA using Microsoft WebView2 apps Read More »

Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack. Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks. In a new report by CrowdStrike, the company …

Mitel zero-day used by hackers in suspected ransomware attack Read More »

Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. The company has not published any details about the incident, such as when it occurred or its nature but implies that customer payment information has not been affected since it …

Yodel parcel company confirms cyberattack is disrupting delivery Read More »

For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through …

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs Read More »

Shoprite Holdings, Africa’s largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. Shoprite is Africa’s largest supermarket chain, with a revenue of $5.8 billion and149,000 employees. The retailer has 2,943 stores, serving millions of customers in South Africa, Nigeria, Ghana, Madagascar, Mozambique, Namibia, …

Extortion gang ransoms Shoprite, largest supermarket chain in Africa Read More »

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need …

Microsoft patches actively exploited Follina Windows zero-day Read More »

Massachusetts-based Shields Heath Care Group experienced a cyber incident that might have impacted the personal data of 2 million patients. “To date, we have no evidence to indicate that any information from this incident was used to commit identity theft or fraud,” the group said. On 28 March 2022, Shields was alerted about the suspicious …

2 million patients impacted by a cyberattack on a healthcare organization Read More »

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns. Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new …

Potent Emotet Variant Spreads Via Stolen Email Credentials Read More »

Several malware families are being delivered using the recently disclosed Windows vulnerability identified as Follina and CVE-2022-30190, which remains without an official patch. The vulnerability, related to the Microsoft Support Diagnostic Tool (MSDT), can be exploited for remote code execution using specially crafted documents. While the root cause of the security hole appears to have …

‘Follina’ Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware Read More »

The malware spreads through push notifications, alerts, and malvertising on free video streaming, adult sites, and game-hack pages. TrojanSMS, which the company calls SMSFactory, siphons money from victims worldwide, including the US, France, and Spain, by sending premium SMS and making calls to premium-rate phone numbers. “These numbers appear to be part of a conversion …

TrojanSMS malware spreading via two malicious Android app stores Read More »

The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name “NDSW/NDSX,” said that “the malware was one of the top infections” detected in 2021, accounting for …

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Read More »

Criminal forums are full of recently stolen admin-level credentials from various US-based colleges and universities. Cybercriminals advertise a wide variety of US education institution credentials for sale, the FBI warned. Some credentials are sold on publicly accessible forums. “This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyberattacks …

Stolen credentials of US universities advertised all over the web Read More »

Indian low-cost airline SpiceJet was forced to cancel several flights, leaving hundreds stranded at the airport. The airline announced it suffered from a ransomware attack on the official company’s account, claiming that the incident impacted SpiceJet’s flight operations. “While our IT team has to a large extent contained and rectified the situation, this has had …

Flights cancelled over a ransomware attack on an airline Read More »

GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. The threat actor successfully breached and exfiltrated data from private repositories belonging to dozens of organizations. GitHub disclosed this security breach on April 15, …

GitHub: Attackers stole login details of 100K npm user accounts Read More »

Attackers claim they represent the infamous REvil ransomware gang, considered defunct for months. A recent distributed denial-of-service (DDoS) attack against a hospitality firm displayed a familiar message, as the attackers named themselves REvil. A report by Akamai, a cloud networking provider, says that the company’s client was targeted with a DDoS attack. Interestingly, in the note demanding …

DDoS attackers pose as REvil, sparking fear the gang is back Read More »

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found. WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, …

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover Read More »

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins. Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems. The goal, according to researchers, is to infect systems with cryptomining malware. …

Sysrv-K Botnet Targets Windows, Linux Read More »

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that’s executed while an iPhone is “off.” The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and …

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF Read More »

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers. Cybercriminals are promoting a new, modular malware-as-a-service offering that allows would-be attackers to choose from a cornucopia of threats via a Telegram channel that to date has more than 500 subscribers, researchers have …

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service Read More »

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found. A newly discovered and complex remote access trojan (RAT) is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the …

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks Read More »

A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker’s choice, such as …

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store Read More »

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed …

Hackers Are Now Hiding Malware in Windows Event Logs Read More »

Lincoln College, a liberal-arts school from rural Illinois, says it will close its doors later this month, 157 years since its founding and following a brutal hit on its finances from the COVID-19 pandemic and a recent ransomware attack. This decision was made even harder with the college having survived multiple disasters, including a major …

Lincoln College Closed After 157 Years Due Ransomware Attack Read More »

Cybersecurity practitioners are sounding the alarm bells. Amplified by the not-going-away-anytime-soon Great Resignation and the here-to-stay shift to hybrid-remote work models, Insider Risk sees exponential growth. Exponential growth, lagging indicators, flattening the curve — the pandemic forced us all to get familiar with concepts like these. And these same ideas are extremely relevant to how …

Cloud Tech Powers the Hybrid-remote Workforce — and Increases Insider Risk Read More »

The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its ‘Hack DHS’ bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to …

‘Hack DHS’ Bug Hunters Finds 122 Security Flaws in DHS Systems Read More »

A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs. On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware. That’s according to a survey of business customers using Microsoft 365 …

Most Email Security Approaches Fail to Block Common Threats Read More »

MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple’s iCloud if app data backup is active. MetaMask is a “hot” cryptocurrency wallet used by over 21 million investors to store their wallet tokens and manage their digital assets. In cryptocurrency lingo, a seed is a secret recovery …

Hackers steal $655K after picking MetaMask seed from iCloud backup Read More »

Cisco has released a security advisory to warn about a critical vulnerability (CVSS v3 score: 10.0), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) software.  The security flaw allows remote attackers to log in to target devices through the management interface without using a valid password. The bug involves the improper implementation of the …

Cisco vulnerability lets hackers craft their own login credentials Read More »

Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay. High-end Italian fashion house Ermenegildo Zegna revealed on Monday that it was the target of a ransomware attack last August — and that it managed to recover its systems from back-up without paying a ransom. The …

Menswear Brand Zegna Reveals Ransomware Attack Read More »

A cybercriminal group once notorious for digital payment card theft is believed to have switched its focus to ransomware attacks, in a reminder of just how versatile threat actors have become. Crooks thought to be affiliated to the FIN7 group – which shot to notoriety last decade when it used malware to steal millions of …

‘Resilient’ gang traded card fraud for ransoms, says report Read More »

Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. Sunday morning, Twitter was abuzz with reports from owners of Trezor hardware cryptocurrency wallets who received phishing notifications claiming that the company suffered a data breach. …

Hackers breach MailChimp’s internal tools to target crypto customers Read More »

An Android spyware application has been spotted masquerading as a “Process Manager” service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name “com.remote.app” — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group …

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers Read More »

The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs …

Apple Rushes Out Patches for 0-Days in MacOS, iOS Read More »

Spring released emergency updates to fix the ‘Spring4Shell’ zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. Yesterday, an exploit for a zero-day remote code execution vulnerability in the Spring Framework dubbed ‘Spring4Shell’ was briefly published on GitHub and then removed. However, as nothing stays hidden on the Internet, the code was …

Spring patches leaked Spring4Shell zero-day RCE vulnerability Read More »

Researchers have uncovered dozens of trojanized cryptocurrency wallet apps performing malicious activities. The goal of these apps is to steal cryptocurrency funds, especially from Chinese users. The fake apps operation ESET researchers have revealed over 40 copycat websites of popular cryptocurrency wallets.  These impersonated websites are promoted via ads placed on legitimate sites, along with adverts …

Crypto Stealing Malware Spreads via Fake Wallet Apps Read More »

The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. Cyberattackers are targeting uninterruptible power supply (UPS) devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are …

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments Read More »

IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors. As part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as “some customers …

Globant confirms hack after Lapsus$ leaks 70GB of stolen data Read More »

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall. RCE bug in web administration console On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the …

Critical Sophos Firewall vulnerability allows remote code execution Read More »

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim’s ransom negotiations. As the enterprise becomes increasingly reliant on virtual machines to save computer resources, consolidate servers, and for easier backups, ransomware gangs are …

Hive ransomware ports its Linux VMware ESXi encryptor to Rust Read More »

The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of ‘Known Exploited Vulnerabilities.’ These flaws have been observed in real cyberattacks against organizations, so they are published to raise awareness to system administrations and serve as official advisories for applying the corresponding security updates. …

CISA adds 66 vulnerabilities to list of bugs exploited in attacks Read More »

Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February. North Korean threat actors exploited a remote code execution (RCE) zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according …

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch Read More »

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained “limited access” to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. “No customer code or data was involved in the observed activities,” Microsoft’s Threat Intelligence Center (MSTIC) said, adding …

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group Read More »

A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server. The locally exploited vulnerability in Windows User Profile Service is tracked as CVE-2021-34484 and was given a CVSS v3 score of 7.8. While …

Windows zero-day flaw giving admin rights gets an unofficial patch, again Read More »

A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download. The Android malware is disguised as a cartoonifier app called ‘Craftsart Cartoon Photo Tools,’ allowing users to upload an image and convert it into a cartoon rendering. Over the …

Android password-stealing malware infects 100,000 Google Play users Read More »

Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. Gh0stCringe, aka CirenegRAT, is a variant of Gh0st RAT malware that was most recently deployed in 2020 Chinese cyber-espionage operations but dates as far back as 2018. In a new report today by cybersecurity firm AhnLab, researchers …

Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware Read More »

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, …

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines Read More »

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) …

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang Read More »

The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.” A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published on Wednesday, …

Phony Instagram ‘Support Staff’ Emails Hit Insurance Company Read More »

Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany. A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora …

Pandora Ransomware Hits Giant Automotive Supplier Denso Read More »

DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency. Israel’s Nation Cyber Directorate confirmed in a tweet on Monday that a denial-of-service (DDoS) attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. The incident led to the Directorate …

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’ Read More »

Video game developer Ubisoft has confirmed that it suffered a ‘cyber security incident’ that caused disruption to its games, systems, and services. The announcement comes after multiple Ubisoft users had reported issues last week accessing their Ubisoft service. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, appears to be behind …

Ubisoft confirms ‘cyber security incident’, resets staff passwords Read More »

A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer, which is currently at less than three hours. Timer activated Bridgestone has tens …

Bridgestone Americas confirms ransomware attack, LockBit leaks data Read More »

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. “While Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence …

Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers Read More »

A malicious campaign is installing RuRAT malware that provides remote access for compromised devices. The attackers are impersonating a venture capital firm wanting to invest money or purchase the victim’s site. Recently, BleepingComputer received a spear-phishing email from an IP address belonging to a U.K virtual server company. The email impersonated a venture capitalist interested in buying …

RuRAT Campaign Uses Innovative Lure to Target Potential Victims Read More »

A spear-phishing campaign has been identified targeting European government personnel helping Ukrainian refugees. The campaign is still ongoing and is being tracked as Asylum Ambuscade. According to Proofpoint, a nation-state actor is believed to have compromised a Ukrainian armed service member’s email account to target European government personnel aiding refugees fleeing Ukraine. The phishing messages included …

European Officials Aiding the Ukrainian Refugee Movement are Under Attack Read More »

Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed “unauthorized access” to information about certain users on or before 2019. Based in New York City, Adafruit is a producer of open-source hardware components since 2005. The company designs, manufactures, and sells electronics products, tools, and accessories. …

Adafruit discloses data leak from ex-employee’s GitHub repo Read More »

​Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks. Both zero-day vulnerabilities are “Use-after-free” bugs, which is when a program tries to use memory that has been previously cleared. When threat actors exploit this type of bug, it can …

Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs Read More »

The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer. Gang teases Samsung data leak In a …

Hackers leak 190GB of alleged Samsung data, source code Read More »

More than 71,000 employee credentials were stolen and leaked online following a data breach suffered by US chipmaker giant Nvidia last month. The Have I Been Pwned data breach notification service has added data belonging to 71,335 compromised accounts to its database on Wednesday. Have I Been Pwned says the stolen data contains “email addresses …

NVIDIA data breach exposed credentials of over 71,000 employees Read More »

The Security Service of Ukraine (SSU) said today “enemy” hackers are using compromised local government and regional authorities’ websites to push rumors that Ukraine surrendered and signed a peace treaty with Russia. SSU revealed this in a tweet further distributed by Ukraine’s State Service for Special Communication and Information Protection (SSSCIP) to Ukrainian Twitter users. “WARNING! ANOTHER FAKE! The enemy has broken into …

Ukraine says local govt sites hacked to push fake capitulation news Read More »

Cisco this week announced patches that address a couple of critical vulnerabilities in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products. Tracked as CVE-2022-20754 and CVE-2022-20755 and featuring a CVSS score of 9.0, the two security holes can be exploited by a remote, authenticated attacker to write files or execute code …

Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products Read More »

The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn’t care less: It’s still operating just fine. Still, the dump is a bouquet’s worth of intel. The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The …

Conti Ransomware Decryptor, TrickBot Source Code Leaked Read More »

Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than …

TeaBot Trojan Haunts Google Play Store, Again Read More »

The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations. Some of the world’s most popular communication apps are using an open-source library riddled with newfound security holes. One thing this open-source, flawed library shares with the Apache Log4J …

RCE Bugs in Hugely Popular VoIP Apps: Patch Now! Read More »

The plants will shut down on Tuesday, halting about a third of the company’s global production. Toyota doesn’t know how long the 14 plants will be unplugged. What was potentially a cyberattack hit one of Toyota’s parts suppliers, causing the company to move to shut down about a third of the company’s global production tomorrow, …

Toyota to Close Japan Plants After Suspected Cyberattack Read More »

The Lapsus$ data extortion group has released what they claim to be data stolen from the Nvidia GPU designer. The cache is an archive that is almost 20GB large. While the U.S. chipmaker giant has yet to confirm a breach on its network, the threat actor has been active with messages about the alleged hack …

Hackers to NVIDIA: Remove mining cap or we leak hardware data Read More »

The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks’ favorites, ProxyShell and ProxyLogon – as initial infection vectors. The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found. The group has likely been prying open …

Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang Read More »

Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend. Yet another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept (PoC) exploit for the recently patched CVE-2022-24086 …

New Critical RCE Bug Found in Adobe Commerce, Magento Read More »

After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware. TrickBot is a Windows malware platform that uses multiple modules for various malicious activities, including information stealing, …

Conti ransomware gang takes over TrickBot malware operation Read More »

Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware. Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point …

Microsoft Teams Targeted With Takeover Trojans Read More »

A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution (RCE) as SYSTEM on any unpatched MXview server, researchers warned this week. …

Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa Read More »

A “deliberate and malicious” cyber-attack targeting Vodafone Portugal knocked mobile networks offline across the country this week. The incident, which started on Monday evening (February 7), suspended 4G and 5G networks for customers, as well as digital TV and SMS services. Vodafone said it has seen “no evidence” that customer data has been accessed or compromised due …

Cyber-attack at Vodafone Portugal knocks mobile network services offline Read More »

Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. The timing of the attacks coincides with the moment that Microsoft announced Windows 11’s broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize …

Fake Windows 11 upgrade installers infect you with RedLine malware Read More »

Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays. The Swiss company provides services for cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries. It handles 282 million passengers and 4.8 million tons of cargo every year, …

Swissport ransomware attack delays flights, disrupt operations Read More »

The company’s RV line of small-business routers contains 15 different security vulnerabilities, some unpatched, that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating. UPDATE Critical security vulnerabilities in Cisco’s Small Business RV Series routers could allow privilege escalation, remote code execution (RCE) with root privileges on …

Critical Cisco Bugs Open VPN Routers to Cyberattacks Read More »

Microsoft has added SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers’ email communication integrity and security. Redmond first announced MTA-STS’ introduction in September 2020, after revealing that it was also working on adding inbound and outbound support for DNSSEC (Domain Name System Security Extensions) and DANE for SMTP (DNS-based Authentication of Named Entities). “We have been validating …

Office 365 boosts email security against MITM, downgrade attacks Read More »

Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains. It does this by locking the original token in a smart contract and then minting a wrapped version of the stored token that can be transferred …

Wormhole cryptocurrency platform hacked to steal $326 million Read More »

The Conti gang strikes again, disrupting the nom-merchant’s supply chain and threatening supermarket shelves that could stay empty for weeks. KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could affect deliveries to supermarkets through the end of March – at the earliest. The British …

KP Snacks Left with Crumbs After Ransomware Attack Read More »

A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network, create new administrative users, or perform …

Windows vulnerability with new public exploits lets you become admin Read More »

The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims. Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. Act fast if you have the goods and the moral equanimity, to make up to $400,000 for a …

Zerodium Spikes Payout for Zero-Click Outlook Zero-Days Read More »

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics’ network has been crippled. Two Taiwanese companies were affected by separate ransomware incidents this week, forcing one to scramble to restore crippled systems and another to push out an emergency update to mitigate attacks on its customers. Delta …

Conti, DeadBolt Ransomwares Target Delta, QNAP Read More »

The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line. After remaining available for more than two weeks, a malicious two-factor authentication (2FA) application has been removed from Google Play — but not before it was downloaded more than 10,000 times. The app, which is fully functional …

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play Read More »

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts. Although, the company’s CEO stresses that customer funds are not at risk. With regards to daily trading volume, Crypto.com is reportedly the world’s third-largest cryptocurrency trading platform “on a mission to accelerate the world’s transition to cryptocurrency.” Crypto.com CEO: 400 …

Crypto.com confirms 483 accounts hacked, $34 million withdrawn Read More »

Researchers have discovered a critical vulnerability in the AWS Glue service, which could allow remote attackers to access sensitive data owned by large numbers of customers. Dubbed “Superglue” by the Orca Security Research Team, the bug was made possible by an internal misconfiguration within the service. AWS Glue is a serverless data integration service that allows …

AWS Patches Glue Bug That Put Customer Data at Risk Read More »

The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back Yesterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part …

New Windows Server updates cause DC boot loops, break Hyper-V Read More »

TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target more operating systems, macOS and Linux, in particular. The return of this malware strain was noticed last month, when threat actors used it in conjunction with the Log4Shell exploit to target vulnerable machines. Now, a report from Crowdstrike sheds more light on this …

TellYouThePass ransomware returns as a cross-platform Golang threat Read More »

A new multi-platform backdoor malware named ‘SysJoker’ has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a …

New SysJoker backdoor targets Windows, macOS, and Linux Read More »