Protergo Content Editor

Thumbnail 3 600x397 1

Thousands of GitHub Repositories Deliver Fake PoC Exploits with Malware

Researchers at the Leiden Institute of Advanced Computer Science have discovered thousands of repositories on GitHub that provide fake proof-of-concept (PoC) exploits for various vulnerabilities, including some malware. GitHub is one of the largest code-hosting platforms he uses, which researchers use to publish his PoC exploits so that the security community can review fixes for …

Thousands of GitHub Repositories Deliver Fake PoC Exploits with Malware Read More »

d4da shutterstock 2190937123

Hackers say they stole 1.4TB of data from UK’s Kingfisher Insurance

The newly discovered Android malware has been confirmed to have infected approximately 20 million users. This malware, called Clicker, was injected into the Google Play Store using 16 different malicious applications. Clicker Campaign McAfee researchers have announced that this malware is disguised as a legitimate utility and targets his Android phone users. These tools include …

Hackers say they stole 1.4TB of data from UK’s Kingfisher Insurance Read More »

Microsoft Data Breach

Microsoft Data Breach, Sensitive Information Exposed From Misconfigured Server

Security researchers at threat intelligence firm SOCRadar notified Microsoft on September 24, 2022 about a misconfiguration of Microsoft endpoints. Confidential information of some of his Microsoft customers was exposed by improperly configured servers. “This misconfiguration could have resulted in unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospects. B. Planned …

Microsoft Data Breach, Sensitive Information Exposed From Misconfigured Server Read More »

Shutterstock 2176876417

US video game publisher confirms user data is up for sale following data breach

2K Games confirmed that customers’ personal data was obtained and put up for sale following last month’s security breach. 2K Games suffered a security breach in September – at the time, it was already apparent that personal data was stolen by threat actors, as confirmed by 2K. During the attack, an unauthorized third party accessed …

US video game publisher confirms user data is up for sale following data breach Read More »

whatsapp red noglow

Unofficial WhatsApp Android app caught stealing users’ accounts

A new version of an unofficial WhatsApp Android application named ‘YoWhatsApp’ has been found stealing access keys for users’ accounts. YoWhatsApp is a fully working messenger app that uses the same permissions as the standard WhatsApp app and is promoted through advertisements on popular Android applications like Snaptube and Vidmate. The app includes additional features over …

Unofficial WhatsApp Android app caught stealing users’ accounts Read More »

Toyota leak data

Toyota customer data exposed as dev published key on GitHub

Toyota confirmed that data of almost 300,000 of its customers leaked online after the company’s developer published the source code of the user site on GitHub five years ago. The world’s largest car manufacturer, Toyota, apologized for leaking the details of 296,019 of its customers since 2017. The leaked data included email addresses and customer …

Toyota customer data exposed as dev published key on GitHub Read More »

image ransomware gang leaks data stolen from lausd school system 166474825959029

Ransomware gang leaks data stolen from LAUSD school system

The Vice Society Ransomware gang posted statistics and files Sunday morning that had been stolen from the Los Angeles Unified School District all through a cyberattack in advance this month. LAUSD superintendent Alberto M. Carvalho showed the discharge of stolen statistics in a declaration published to Twitter, in conjunction with pronouncing a brand new hotline …

Ransomware gang leaks data stolen from LAUSD school system Read More »

Using MS Teams

Microsoft to let Office 365 users report Teams phishing messages

Microsoft is running on updating Microsoft Defender for Office 365 to permit Microsoft Teams customers to alert their employer’s protection crew of any dodgy messages they receive. Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection or Office 365 ATP) protects corporations from malicious threats from e mail messages, links, and collaboration tools. …

Microsoft to let Office 365 users report Teams phishing messages Read More »

hacked 1

New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

A social engineering marketing campaign leveraging job-themed lures is weaponizing a years-vintage far off code execution flaw in Microsoft Office to set up Cobalt Strike beacons on compromised hosts. “The payload determined is a leaked model of a Cobalt Strike beacon,” Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer stated in a brand new evaluation …

New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons Read More »

Australia Phones Data Breach

Australia Phones Cyber-Attack Exposes Personal Data

The breach exposed customers’ names, dates of birth, phone numbers and email addresses. The company – which has more than ten million subscribers – says it has shut down the attack but not before other details such as driver’s licences and passport numbers were hacked. Optus says payment data and account passwords were not compromised. …

Australia Phones Cyber-Attack Exposes Personal Data Read More »

Data Privacy Law

Indonesia Set to Pass New Data Privacy Law After Spate of Leaks

Data operators could face up to five years in jail and a maximum fine of 5 billion rupiah ($337,000) for leaking or misusing private information, according to Indonesia’s new data privacy bill set to be passed by parliament this week.  Institutions may collect personal information for a specific purpose but must erase the record once …

Indonesia Set to Pass New Data Privacy Law After Spate of Leaks Read More »

Uber

Uber Investigating Breach of Its Computer Systems

Uber discovered its computer network had been breached on Thursday, September 15th, 2022. Leading the company to take several of its internal communications and engineering systems offline as it investigated the extent of the hack. The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent …

Uber Investigating Breach of Its Computer Systems Read More »

lastpass password manager Keys

Hackers Had Access to LastPass’s Development Systems for Four Days

Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. “There is no evidence of any threat actor activity beyond the established timeline,” LastPass CEO Karim Toubba said in an update shared on September …

Hackers Had Access to LastPass’s Development Systems for Four Days Read More »

crypto mining

Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies

Malicious actors like Kinsing use both recently discovered and legacy vulnerabilities in Oracle WebLogic Server to propagate cryptocurrency mining malware. Cybersecurity firm Trend Micro said it has found that financially motivated groups are using vulnerabilities to drop Python scripts with the ability to disable the operating system’s “OS.” Security features such as Security-Enhanced Linux (SELinux). …

Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies Read More »

starbucks 1360x909 1

Hacker sells stolen Starbucks data of 219,000 Singapore customers

The Singapore division of Starbucks, the popular American coffeehouse chain, has admitted that it suffered a data breach incident impacting over 219,000 of its customers. The first clue that they were breached came on September 10, when a threat actor offered to sell a database containing sensitive details of 219,675 Starbucks customers on a popular …

Hacker sells stolen Starbucks data of 219,000 Singapore customers Read More »

YouTube headpic

New malware bundle self-spreads through YouTube gaming videos

A new malware bundle uses victims’ YouTube channels to upload malicious video tutorials advertising fake cheats and cracks for popular video games to spread the malicious package further. The self-spreading malware bundle has been promoted in YouTube videos targeting fans playing FIFA, Final Fantasy, Forza Horizon, Lego Star Wars, and Spider-Man.These uploaded videos contain links …

New malware bundle self-spreads through YouTube gaming videos Read More »

632187fbda295

Pemerintah Menuntut Keamanan Siber Sektor Swasta yang Lebih Baik di Tengah Pelanggaran Data ‘Bjorka’

Rentetan peretasan yang membobol keamanan siber Indonesia oleh seorang hacker bernama Bjorka – yang membocorkan data pejabat negara dan lembaga pemerintah – terus menjadi fokus utama Menteri Komunikasi dan Informatika Johnny G. Plate. Sebelumnya, akun Twitter yang diyakini dijalankan oleh peretas menjelaskan alasan di balik serangkaian pembobolan data tersebut. Bjorka bersikeras bahwa kebijakan perlindungan data …

Pemerintah Menuntut Keamanan Siber Sektor Swasta yang Lebih Baik di Tengah Pelanggaran Data ‘Bjorka’ Read More »

Pole Emploi France

Hackers abuse government servers to steal job seekers’ data

The attackers used the servers of Pôle Emploi, an employment agency of the French government, to trick users into divulging their credentials. Discovered by researchers at threat detection firm Vade, the exploit allowed hackers to hide phishing links in legitimate documents sent from legitimate government servers. The attack was carried out through Pôle Emploi, a …

Hackers abuse government servers to steal job seekers’ data Read More »

GIFShell

GIFShell – New Attack Method That Allows Attackers to Steal Data Using Microsoft Teams GIFs

A cybersecurity consultant and pentester, Bobby Rauch recently discovered that threat actors are abusing Microsoft Teams by executing phishing attacks using a new attack technique known as GIFshell. Using GIFs to execute covert commands for the purpose of stealing data. With the use of this new method, attackers can create complex attacks that exploit a variety of …

GIFShell – New Attack Method That Allows Attackers to Steal Data Using Microsoft Teams GIFs Read More »

wordpress

Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in 5 Million Attempts

A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. “This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information,” it said. BackupBuddy allows users to back up their entire WordPress installation from within the dashboard, including theme …

Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in 5 Million Attempts Read More »

Malware Phishing emails

Lampion malware returns in phishing attacks abusing WeTransfer

The Lampion malware is being distributed in greater volumes lately, with threat actors abusing WeTransfer as part of their phishing campaigns. WeTransfer is a legitimate file-sharing service that can be used free of charge, so it’s a no-cost way to bypass security software that may not raise alerts about the URLs used in emails. In …

Lampion malware returns in phishing attacks abusing WeTransfer Read More »

shutterstock 1917202160 scaled 1

Holiday Inn owner admits to being breached

InterContinental Hotels Group (IHG), the owner of many hotel brands, including Holiday Inn, said parts of the company’s technology systems have been subject to unauthorized activity. “IHG’s booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing,” the company said on Tuesday. It disclosed the breach to the London Stock …

Holiday Inn owner admits to being breached Read More »

63174855c94b7

Data KPU Diduga Bocor, 105 Juta Data Valid Dijual Online

Kasus kebocoran data di Indonesia kembali terjadi, kali ini menyangkut KPU. Pada hari Selasa 6 September, ditemukan sebanyak 105 juta data penduduk Indonesia yang diduga milik KPU dibagikan di forum online “Breached Forums”. Data itu diunggah oleh salah seorang anggota forum dengan username “Bjorka” dan dijual seharga Rp 5.000 dollar AS (Rp 74,4 juta). Dalam …

Data KPU Diduga Bocor, 105 Juta Data Valid Dijual Online Read More »

Shutterstock 1058938274

Fitness platform suffers major breach, revealing user data and sensitive photos

Move With Us – a fitness platform that offers women’s health and fitness programs – suffered a data breach, possibly exposing sensitive information and revealing progress photos of users. An error occurring on the customer profile page allowed users to log in to other peoples’ profiles, giving them access to emails, addresses, phone numbers, names, …

Fitness platform suffers major breach, revealing user data and sensitive photos Read More »

c7664131 ba01 4a71 ab8e 91af7e2f1bd7 169

Data 347 GB Dokumen Perusahaan di Indonesia Dijual di Dunia Maya

Data yang berisi dokumen ribuan perusahaan di Indonesia bocor dan diperdagangkan di dunia maya. Hingga kini belum diketahui dari mana asal kebocoran data tersebut.Hal tersebut terlacak dari postingan di dark web berjudul “347GB Confidential documents of 21.7K Indonesia Companies + Foreign Companies (branch)”. Situs ini beralamatkan di breached(dot)xx, yaitu situs forum peretas yang mirip dengan …

Data 347 GB Dokumen Perusahaan di Indonesia Dijual di Dunia Maya Read More »

1200x800 mainpic

Over 1,800 iOS and Android apps leak AWS credentials

Flawed Android and iOS app developer practices could allow attackers to access private Amazon Web Services (AWS) credentials, researchers say. Android and iOS were found to contain hard-coded AWS credentials, a flaw malicious actors could use to penetrate private databases, resulting in personal data loss and data breaches. Researchers at Broadcom Software identified 1,859 publicly …

Over 1,800 iOS and Android apps leak AWS credentials Read More »

Cara Verified Instagram Syarat hingga Berbagai Keuntungannya

Hackers exploit users’ desire to get verified by Instagram

Threat actors take advantage of Instagram’s highly sought-after verification program to harvest user credentials. Cybersecurity company Vade discovered a sophisticated and targeted phishing campaign designed to lure Instagram users into a trap and harvest their personal information and account credentials. It all starts with an email saying that your Instagram account has been reviewed and …

Hackers exploit users’ desire to get verified by Instagram Read More »

twitter confirms zero day bug that exposed 54m accounts showcase image 3 a 19732

Twitter Confirms Zero-Day Bug That Exposed 5.4M Accounts

The compromised profiles, which were earlier put on sale in a cybercrime forum, were breached after a now-patched bug allowed anyone to enter a phone number or an email address of a user and learn if that information was connected to an existing Twitter account and, if so, which specific account. ISMG could not independently …

Twitter Confirms Zero-Day Bug That Exposed 5.4M Accounts Read More »

ezgif 4 b9056b6f0c

Two terabytes of data released as hackers strive to expose companies’ environmental damage

The hacking collective Guacamaya hacked and released over two terabytes of data from five mining companies and two public agencies in Central and South America to expose the negative environmental developments in the area. A collection of files and emails was released from two public agencies (from Colombia and Guatemala,) as well as five private …

Two terabytes of data released as hackers strive to expose companies’ environmental damage Read More »

crypto bridge nomad loses 190m in free for all attack showcase image 4 a 19680

Crypto Bridge Nomad Loses $190M in Free-For-All Attack

Dozens of hackers converged on trading platform Nomad to drain nearly $200 million in digital assets held by the U.S. cryptocurrency firm in an attack described by an observer as a “frenzied free-for-all.” The attack, discovered late Monday afternoon, vaults Nomad into the upper tier of cross-chain bridge hacking victims. Cross-chain bridges perform a vital cryptocurrency service …

Crypto Bridge Nomad Loses $190M in Free-For-All Attack Read More »

virus spreading network devices nodes connected Internet of Things malware hacked e1491237560204

As Microsoft blocks Office macros, hackers find new attack vectors

Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut (LNK) attachments. VBA and XL4 Macros are small programs created to automate repetitive tasks in Microsoft Office applications, which threat actors …

As Microsoft blocks Office macros, hackers find new attack vectors Read More »

Uber 10

Uber dodges lawsuit by taking blame for data breach

Uber has admitted responsibility for a data breach in 2016 that exposed millions of its users to malicious hackers to avoid prosecution, the US Department of Justice has disclosed. “Uber Technologies has entered a non-prosecution agreement with federal prosecutors to resolve a criminal investigation into the coverup of a significant data breach suffered by the …

Uber dodges lawsuit by taking blame for data breach Read More »

DKnCXCBzVhrirv84RYHLg8 1200 80

Attackers exploit PrestaShop vulnerability to steal payment data

Threat actors target the e-commerce platform by exploiting a zero-day vulnerability that allows them to execute arbitrary instructions. PrestaShop, an open-source e-commerce platform hosting over 300,000 shops, ran into a ‘major security vulnerability.’ Attackers discovered a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites. “Malicious actors …

Attackers exploit PrestaShop vulnerability to steal payment data Read More »

At least 3 lawsuits filed against T Mobile for its recent major security breach

T-Mobile to pay $350m for a massive data breach

T-Mobile will pay $350 million in settlement following the 2021 hack, which exposed 76.6 million US residents’ data. Back in August 2021, T-Mobile reported a data breach after an online forum said that the personal data of more than 100 million of the company’s users was leaked. The breached data (which came from T-Mobile’s servers) included not …

T-Mobile to pay $350m for a massive data breach Read More »

Screenshot 2022 07 18 133037

Cloudflare named the botnet behind record-breaking DDoS attack

Cloudflare says that Mantis botnet is responsible for the 26 million requests per second.HTTPS DDoS attack, the largest on record. Cloudflare claims the largest distributed denial-of-service (DDoS) attack was the work of a botnet the company dubbed ‘Mantis.’ The name alludes to a Mantis shrimp, a small yet powerful crustacean. “Similarly, the Mantis botnet operates a small …

Cloudflare named the botnet behind record-breaking DDoS attack Read More »

Peringkatan Ancaman Keamanan dan Kerentanan Sistem

Android merupakan sistem operasi telepon seluler yang menggunakan beberapa fungsi KeyguardServiceWrapper.Java dan file terkait untuk melihat secara singkat apa yang ada di bawah layar kunci yang dapat menyebabkan peningkatan hak istimewa yang dapat menyebabkan eksploitasi berkelanjutan. Lockscreen ByPass adalah upaya untuk mengeksploitasi atau memaksa perilaku tak terduga dari proses yang tidak secara langsung pada lockscreen …

Peringkatan Ancaman Keamanan dan Kerentanan Sistem Read More »

Screenshot 2022 07 18 132201

CISA orders agencies to patch new Windows zero-day used in attacks

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild. This high severity security flaw (tracked as CVE-2022-22047) impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases. Microsoft has patched it as …

CISA orders agencies to patch new Windows zero-day used in attacks Read More »

mobile security

‘Callback’ Phishing Campaign Impersonates Security Firms

Victims instructed to make a phone call that will direct them to a link for downloading malware. A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware. Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is …

‘Callback’ Phishing Campaign Impersonates Security Firms Read More »

Screenshot 2022 07 12 131929

Millions affected as ransomware knocks out French telecom firm

Seven days after the breach, French telecom company La Post Mobile still hasn’t recovered from the attack by LockBit ransomware. The mobile phone network owned by the French Post was hit with a ransomware attack on 4 July, severely disrupting the company’s administrative and management services. Users trying to access La Post Mobile’s website are …

Millions affected as ransomware knocks out French telecom firm Read More »

ransomware7 e1636129059903

U.S. Healthcare Orgs Targeted with Maui Ransomware

State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks. Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. Threat actors from North …

U.S. Healthcare Orgs Targeted with Maui Ransomware Read More »

Clever phishing method bypasses MFA using Microsoft WebView2 apps 1024x576 1

Clever phishing method bypasses MFA using Microsoft WebView2 apps

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) …

Clever phishing method bypasses MFA using Microsoft WebView2 apps Read More »

Clever phishing method bypasses MFA using Microsoft WebView2 apps 1024x576 1

Mitel zero-day used by hackers in suspected ransomware attack

Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack. Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks. In a new report by CrowdStrike, the company …

Mitel zero-day used by hackers in suspected ransomware attack Read More »

yodel parcel delivery van driving along the promenade on blackpool seafront in lancashire MHGF50

Yodel parcel company confirms cyberattack is disrupting delivery

Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. The company has not published any details about the incident, such as when it occurred or its nature but implies that customer payment information has not been affected since it …

Yodel parcel company confirms cyberattack is disrupting delivery Read More »

Screenshot 2022 06 20 131410

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs

For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through …

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs Read More »

shoprite

Extortion gang ransoms Shoprite, largest supermarket chain in Africa

Shoprite Holdings, Africa’s largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. Shoprite is Africa’s largest supermarket chain, with a revenue of $5.8 billion and149,000 employees. The retailer has 2,943 stores, serving millions of customers in South Africa, Nigeria, Ghana, Madagascar, Mozambique, Namibia, …

Extortion gang ransoms Shoprite, largest supermarket chain in Africa Read More »

5aqbc9EcwYY3uKSBCBzo4d 1200 80

Microsoft patches actively exploited Follina Windows zero-day

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need …

Microsoft patches actively exploited Follina Windows zero-day Read More »

healthcare cyber attack feature

2 million patients impacted by a cyberattack on a healthcare organization

Massachusetts-based Shields Heath Care Group experienced a cyber incident that might have impacted the personal data of 2 million patients. “To date, we have no evidence to indicate that any information from this incident was used to commit identity theft or fraud,” the group said. On 28 March 2022, Shields was alerted about the suspicious …

2 million patients impacted by a cyberattack on a healthcare organization Read More »

email 1

Potent Emotet Variant Spreads Via Stolen Email Credentials

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns. Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new …

Potent Emotet Variant Spreads Via Stolen Email Credentials Read More »

39Follina  39 Vulnerability Abused to Deliver Qbot  AsyncRAT  Other Malware

‘Follina’ Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware

Several malware families are being delivered using the recently disclosed Windows vulnerability identified as Follina and CVE-2022-30190, which remains without an official patch. The vulnerability, related to the Microsoft Support Diagnostic Tool (MSDT), can be exploited for remote code execution using specially crafted documents. While the root cause of the security hole appears to have …

‘Follina’ Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware Read More »

android

TrojanSMS malware spreading via two malicious Android app stores

The malware spreads through push notifications, alerts, and malvertising on free video streaming, adult sites, and game-hack pages. TrojanSMS, which the company calls SMSFactory, siphons money from victims worldwide, including the US, France, and Spain, by sending premium SMS and making calls to premium-rate phone numbers. “These numbers appear to be part of a conversion …

TrojanSMS malware spreading via two malicious Android app stores Read More »

hacked

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network

The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name “NDSW/NDSX,” said that “the malware was one of the top infections” detected in 2021, accounting for …

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Read More »

Uni students   Main

Stolen credentials of US universities advertised all over the web

Criminal forums are full of recently stolen admin-level credentials from various US-based colleges and universities. Cybercriminals advertise a wide variety of US education institution credentials for sale, the FBI warned. Some credentials are sold on publicly accessible forums. “This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyberattacks …

Stolen credentials of US universities advertised all over the web Read More »

26151358336a7ac

Flights cancelled over a ransomware attack on an airline

Indian low-cost airline SpiceJet was forced to cancel several flights, leaving hundreds stranded at the airport. The airline announced it suffered from a ransomware attack on the official company’s account, claiming that the incident impacted SpiceJet’s flight operations. “While our IT team has to a large extent contained and rectified the situation, this has had …

Flights cancelled over a ransomware attack on an airline Read More »

02bff94837b5ca81f9777812d351bd05

GitHub: Attackers stole login details of 100K npm user accounts

GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. The threat actor successfully breached and exfiltrated data from private repositories belonging to dozens of organizations. GitHub disclosed this security breach on April 15, …

GitHub: Attackers stole login details of 100K npm user accounts Read More »

ddos attack damage blog img

DDoS attackers pose as REvil, sparking fear the gang is back

Attackers claim they represent the infamous REvil ransomware gang, considered defunct for months. A recent distributed denial-of-service (DDoS) attack against a hospitality firm displayed a familiar message, as the attackers named themselves REvil. A report by Akamai, a cloud networking provider, says that the company’s client was targeted with a DDoS attack. Interestingly, in the note demanding …

DDoS attackers pose as REvil, sparking fear the gang is back Read More »

greenland

Cyberattack behind Greenland’s healthcare ‘system crash’

Island nation’s health system workers fell back on using phones after a cyberattack knocked out IT systems. The chief governing body of Greenland, Naalakkersuisut, announced that a cyberattack caused IT systems to crash throughout the world’s largest island. To mitigate the issues caused by the attack, operators were forced to restart IT systems and servers that run …

Cyberattack behind Greenland’s healthcare ‘system crash’ Read More »

WordPress patch dlya XSS 700x412 1

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found. WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, …

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover Read More »

botnet

Sysrv-K Botnet Targets Windows, Linux

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins. Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems. The goal, according to researchers, is to infect systems with cryptomining malware. …

Sysrv-K Botnet Targets Windows, Linux Read More »

iphone

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that’s executed while an iPhone is “off.” The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and …

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF Read More »

malware e1612299860235

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers. Cybercriminals are promoting a new, modular malware-as-a-service offering that allows would-be attackers to choose from a cornucopia of threats via a Telegram channel that to date has more than 500 subscribers, researchers have …

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service Read More »

trojan malware

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found. A newly discovered and complex remote access trojan (RAT) is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the …

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks Read More »

jocker malware

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store

A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker’s choice, such as …

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store Read More »

2350300773

Hackers Are Now Hiding Malware in Windows Event Logs

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed …

Hackers Are Now Hiding Malware in Windows Event Logs Read More »

Lincoln College

Lincoln College Closed After 157 Years Due Ransomware Attack

Lincoln College, a liberal-arts school from rural Illinois, says it will close its doors later this month, 157 years since its founding and following a brutal hit on its finances from the COVID-19 pandemic and a recent ransomware attack. This decision was made even harder with the college having survived multiple disasters, including a major …

Lincoln College Closed After 157 Years Due Ransomware Attack Read More »

woman office typing laptop

Cloud Tech Powers the Hybrid-remote Workforce — and Increases Insider Risk

Cybersecurity practitioners are sounding the alarm bells. Amplified by the not-going-away-anytime-soon Great Resignation and the here-to-stay shift to hybrid-remote work models, Insider Risk sees exponential growth. Exponential growth, lagging indicators, flattening the curve — the pandemic forced us all to get familiar with concepts like these. And these same ideas are extremely relevant to how …

Cloud Tech Powers the Hybrid-remote Workforce — and Increases Insider Risk Read More »

hackdhs 800x400 1

‘Hack DHS’ Bug Hunters Finds 122 Security Flaws in DHS Systems

The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its ‘Hack DHS’ bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to …

‘Hack DHS’ Bug Hunters Finds 122 Security Flaws in DHS Systems Read More »

email

Most Email Security Approaches Fail to Block Common Threats

A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs. On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware. That’s according to a survey of business customers using Microsoft 365 …

Most Email Security Approaches Fail to Block Common Threats Read More »

vMceSPPqG4mpUYMbmhE9MN 1200 80

Hackers steal $655K after picking MetaMask seed from iCloud backup

MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple’s iCloud if app data backup is active. MetaMask is a “hot” cryptocurrency wallet used by over 21 million investors to store their wallet tokens and manage their digital assets. In cryptocurrency lingo, a seed is a secret recovery …

Hackers steal $655K after picking MetaMask seed from iCloud backup Read More »

Cisco headpic

Cisco vulnerability lets hackers craft their own login credentials

Cisco has released a security advisory to warn about a critical vulnerability (CVSS v3 score: 10.0), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) software.  The security flaw allows remote attackers to log in to target devices through the management interface without using a valid password. The bug involves the improper implementation of the …

Cisco vulnerability lets hackers craft their own login credentials Read More »

ZEGNA3 e1649783958663

Menswear Brand Zegna Reveals Ransomware Attack

Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay. High-end Italian fashion house Ermenegildo Zegna revealed on Monday that it was the target of a ransomware attack last August — and that it managed to recover its systems from back-up without paying a ransom. The …

Menswear Brand Zegna Reveals Ransomware Attack Read More »

credit card fraud 770x462 1

‘Resilient’ gang traded card fraud for ransoms, says report

A cybercriminal group once notorious for digital payment card theft is believed to have switched its focus to ransomware attacks, in a reminder of just how versatile threat actors have become. Crooks thought to be affiliated to the FIN7 group – which shot to notoriety last decade when it used malware to steal millions of …

‘Resilient’ gang traded card fraud for ransoms, says report Read More »

ilustrasi mailchimp

Hackers breach MailChimp’s internal tools to target crypto customers

Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. Sunday morning, Twitter was abuzz with reports from owners of Trezor hardware cryptocurrency wallets who received phishing notifications claiming that the company suffered a data breach. …

Hackers breach MailChimp’s internal tools to target crypto customers Read More »

andro

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

An Android spyware application has been spotted masquerading as a “Process Manager” service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name “com.remote.app” — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group …

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers Read More »

apple ios vulnerability bug

Apple Rushes Out Patches for 0-Days in MacOS, iOS

The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs …

Apple Rushes Out Patches for 0-Days in MacOS, iOS Read More »

Spring releases a patch for Spring4Shell vulnerability

Spring patches leaked Spring4Shell zero-day RCE vulnerability

Spring released emergency updates to fix the ‘Spring4Shell’ zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. Yesterday, an exploit for a zero-day remote code execution vulnerability in the Spring Framework dubbed ‘Spring4Shell’ was briefly published on GitHub and then removed. However, as nothing stays hidden on the Internet, the code was …

Spring patches leaked Spring4Shell zero-day RCE vulnerability Read More »

28dc shutterstock 1293015925

Crypto Stealing Malware Spreads via Fake Wallet Apps

Researchers have uncovered dozens of trojanized cryptocurrency wallet apps performing malicious activities. The goal of these apps is to steal cryptocurrency funds, especially from Chinese users. The fake apps operation ESET researchers have revealed over 40 copycat websites of popular cryptocurrency wallets.  These impersonated websites are promoted via ads placed on legitimate sites, along with adverts …

Crypto Stealing Malware Spreads via Fake Wallet Apps Read More »

ics report 2018 featured e1550010921723

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments

The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. Cyberattackers are targeting uninterruptible power supply (UPS) devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are …

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments Read More »

maxresdefault

Globant confirms hack after Lapsus$ leaks 70GB of stolen data

IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors. As part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as “some customers …

Globant confirms hack after Lapsus$ leaks 70GB of stolen data Read More »

351634

Critical Sophos Firewall vulnerability allows remote code execution

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall. RCE bug in web administration console On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the …

Critical Sophos Firewall vulnerability allows remote code execution Read More »

HiveRansomware

Hive ransomware ports its Linux VMware ESXi encryptor to Rust

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim’s ransom negotiations. As the enterprise becomes increasingly reliant on virtual machines to save computer resources, consolidate servers, and for easier backups, ransomware gangs are …

Hive ransomware ports its Linux VMware ESXi encryptor to Rust Read More »

CISA e1636943038654

CISA adds 66 vulnerabilities to list of bugs exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of ‘Known Exploited Vulnerabilities.’ These flaws have been observed in real cyberattacks against organizations, so they are published to raise awareness to system administrations and serve as official advisories for applying the corresponding security updates. …

CISA adds 66 vulnerabilities to list of bugs exploited in attacks Read More »

4 tips optimalkan google chrome agar lancar internetan qYPnvNjpaw

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February. North Korean threat actors exploited a remote code execution (RCE) zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according …

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch Read More »

hackers

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained “limited access” to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. “No customer code or data was involved in the observed activities,” Microsoft’s Threat Intelligence Center (MSTIC) said, adding …

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group Read More »

zero day bugs1

Windows zero-day flaw giving admin rights gets an unofficial patch, again

A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server. The locally exploited vulnerability in Windows User Profile Service is tracked as CVE-2021-34484 and was given a CVSS v3 score of 7.8. While …

Windows zero-day flaw giving admin rights gets an unofficial patch, again Read More »

925652928

Android password-stealing malware infects 100,000 Google Play users

A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download. The Android malware is disguised as a cartoonifier app called ‘Craftsart Cartoon Photo Tools,’ allowing users to upload an image and convert it into a cartoon rendering. Over the …

Android password-stealing malware infects 100,000 Google Play users Read More »

microsoft scaled 1

Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware

Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. Gh0stCringe, aka CirenegRAT, is a variant of Gh0st RAT malware that was most recently deployed in 2020 Chinese cyber-espionage operations but dates as far back as 2018. In a new report today by cybersecurity firm AhnLab, researchers …

Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware Read More »

atm hacking

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, …

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines Read More »

asdfasf

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) …

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang Read More »

Instagram phishing dollars scaled e1647376181384

Phony Instagram ‘Support Staff’ Emails Hit Insurance Company

The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.” A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published on Wednesday, …

Phony Instagram ‘Support Staff’ Emails Hit Insurance Company Read More »

auto car production manufacturing plant scaled e1646068444761 1

Pandora Ransomware Hits Giant Automotive Supplier Denso

Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany. A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora …

Pandora Ransomware Hits Giant Automotive Supplier Denso Read More »

DDoS3 scaled e1647372073620

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’

DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency. Israel’s Nation Cyber Directorate confirmed in a tweet on Monday that a denial-of-service (DDoS) attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. The incident led to the Directorate …

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’ Read More »

download

Ubisoft confirms ‘cyber security incident’, resets staff passwords

Video game developer Ubisoft has confirmed that it suffered a ‘cyber security incident’ that caused disruption to its games, systems, and services. The announcement comes after multiple Ubisoft users had reported issues last week accessing their Ubisoft service. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, appears to be behind …

Ubisoft confirms ‘cyber security incident’, resets staff passwords Read More »

pickup 01

Bridgestone Americas confirms ransomware attack, LockBit leaks data

A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer, which is currently at less than three hours. Timer activated Bridgestone has tens …

Bridgestone Americas confirms ransomware attack, LockBit leaks data Read More »

researchers spot comeback emotet botnet showcase image 7 a 17913

Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. “While Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence …

Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers Read More »

shutterstock 390209794

RuRAT Campaign Uses Innovative Lure to Target Potential Victims

A malicious campaign is installing RuRAT malware that provides remote access for compromised devices. The attackers are impersonating a venture capital firm wanting to invest money or purchase the victim’s site. Recently, BleepingComputer received a spear-phishing email from an IP address belonging to a U.K virtual server company. The email impersonated a venture capitalist interested in buying …

RuRAT Campaign Uses Innovative Lure to Target Potential Victims Read More »

700f shutterstock 2116718237

European Officials Aiding the Ukrainian Refugee Movement are Under Attack

A spear-phishing campaign has been identified targeting European government personnel helping Ukrainian refugees. The campaign is still ongoing and is being tracked as Asylum Ambuscade. According to Proofpoint, a nation-state actor is believed to have compromised a Ukrainian armed service member’s email account to target European government personnel aiding refugees fleeing Ukraine. The phishing messages included …

European Officials Aiding the Ukrainian Refugee Movement are Under Attack Read More »

CircuitPython Hero

Adafruit discloses data leak from ex-employee’s GitHub repo

Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed “unauthorized access” to information about certain users on or before 2019. Based in New York City, Adafruit is a producer of open-source hardware components since 2005. The company designs, manufactures, and sells electronics products, tools, and accessories. …

Adafruit discloses data leak from ex-employee’s GitHub repo Read More »

Firefox Logo Hero Image 675px

Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs

​Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks. Both zero-day vulnerabilities are “Use-after-free” bugs, which is when a program tries to use memory that has been previously cleared. When threat actors exploit this type of bug, it can …

Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs Read More »

Samsung building

Hackers leak 190GB of alleged Samsung data, source code

The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer. Gang teases Samsung data leak In a …

Hackers leak 190GB of alleged Samsung data, source code Read More »