Protergo Content Editor

Crypto.com confirms 483 accounts hacked, $34 million withdrawn

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts. Although, the company’s CEO stresses that customer funds are not at risk. With regards to daily trading volume, Crypto.com is reportedly the world’s third-largest cryptocurrency trading platform “on a mission to accelerate the world’s transition to cryptocurrency.” Crypto.com CEO: 400 …

Crypto.com confirms 483 accounts hacked, $34 million withdrawn Read More »

DHL dethrones Microsoft as most imitated brand in phishing attacks

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth. This isn’t surprising considering that the final quarter of every year includes the Black Friday, Cyber Monday, and Christmas shopping season, so phishing lures based on package deliveries naturally increase. DHL is an international …

DHL dethrones Microsoft as most imitated brand in phishing attacks Read More »

Microsoft: Fake ransomware targets Ukraine in data-wiping attacks

Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine. Starting January 13th, Microsoft detected the new attacks that combined a destructive MBRLocker with a data-corrupting malware used to destroy the victim’s data intentionally. A two-stage attack destroys data Microsoft calls this new malware family ‘WhisperGate’ …

Microsoft: Fake ransomware targets Ukraine in data-wiping attacks Read More »

AWS Patches Glue Bug That Put Customer Data at Risk

Researchers have discovered a critical vulnerability in the AWS Glue service, which could allow remote attackers to access sensitive data owned by large numbers of customers. Dubbed “Superglue” by the Orca Security Research Team, the bug was made possible by an internal misconfiguration within the service. AWS Glue is a serverless data integration service that allows …

AWS Patches Glue Bug That Put Customer Data at Risk Read More »

New Windows Server updates cause DC boot loops, break Hyper-V

The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back Yesterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part …

New Windows Server updates cause DC boot loops, break Hyper-V Read More »

TellYouThePass ransomware returns as a cross-platform Golang threat

TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target more operating systems, macOS and Linux, in particular. The return of this malware strain was noticed last month, when threat actors used it in conjunction with the Log4Shell exploit to target vulnerable machines. Now, a report from Crowdstrike sheds more light on this …

TellYouThePass ransomware returns as a cross-platform Golang threat Read More »

New SysJoker backdoor targets Windows, macOS, and Linux

A new multi-platform backdoor malware named ‘SysJoker’ has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a …

New SysJoker backdoor targets Windows, macOS, and Linux Read More »

Health Ministry Responds to Massive Data Leak of Medical Records

Reports have emerged about an alleged massive data leak of Indonesian hospital patients’ medical information being sold in an illegal internet forum. Hackers claimed to have breached the Indonesian Health Ministry centralized server to obtain the data.  According to a report by Antaranews, the data that were sold in the dark web contains 720 GB of personal medical information from …

Health Ministry Responds to Massive Data Leak of Medical Records Read More »

Attackers Exploit Flaw in Google Docs’ Comments Feature

A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said. Attackers are using the “Comments” feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers have discovered. Researchers from email collaboration and security …

Attackers Exploit Flaw in Google Docs’ Comments Feature Read More »

Apache found critical bugs in httpd web server

Apache, which name has been in the news for the past two weeks due to the severe vulnerability in the logging library, issued yet another update. This time, it has nothing to do with the Log4j vulnerability (dubbed Log4Shell). Apache issued the patch addressing two CVE-numbered flaws affecting the httpd server. According to the cybersecurity …

Apache found critical bugs in httpd web server Read More »

Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities

Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. “Exploitation attempts and testing have remained high during the last weeks of December,” Microsoft Threat Intelligence Center (MSTIC) said in revised guidance published earlier this week. “We have …

Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities Read More »

Another T-Mobile cyberattack reportedly exposed customer info and SIMs

T-Mobile has suffered another cyberattack after being rocked by a massive data breach in August. This time around, attackers accessed “a small number of” customers’ accounts, according to documents posted by The T-Mo Report. According to the report, customers either fell victim to a SIM swapping attack (which could allow someone to bypass SMS-powered two-factor authentication), had personal plan information …

Another T-Mobile cyberattack reportedly exposed customer info and SIMs Read More »

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group (APT) to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a …

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools Read More »

Log4j zero-day vulnerability: Apa yang perlu Anda ketahui

Celah keamanan di Log4j, suatu Java library untuk mencatat pesan error log dalam aplikasi, adalah security vulnerability paling terkenal di internet saat ini dan hadir dengan skor severity 10 dari 10.  Library ini dikembangkan oleh Apache Software Foundation open-source dan merupakan bagian utama dari Java-logging framework. Sejak minggu lalu, peringatan oleh CERT New Zealand menyatakan …

Log4j zero-day vulnerability: Apa yang perlu Anda ketahui Read More »

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the …

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security Read More »

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities. The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has …

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code Read More »

Two Active Directory Bugs Lead to Easy Windows Domain Takeover

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. In a Monday alert, Microsoft urged organizations to immediately …

Two Active Directory Bugs Lead to Easy Windows Domain Takeover Read More »

FBI: Another Zoho ManageEngine Zero-Day Under Active Attack

APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. Another Zoho ManageEngine zero-day vulnerability is under active attack from an APT group, this time looking to override legitimate functions of servers running ManageEngine Desktop Central and elevate privileges — with an ultimate goal …

FBI: Another Zoho ManageEngine Zero-Day Under Active Attack Read More »

Half-Billion Compromised Credentials Lurking on Open Cloud Server

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned. According to the National Crime Agency’s National Cyber Crime Unit in the U.K., nearly 586 million sets of credentials had been collected in a compromised cloud storage facility, free for the taking by any cybercrime …

Half-Billion Compromised Credentials Lurking on Open Cloud Server Read More »

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G

Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment. The “vulnerabilities in the handover procedure are not limited to one handover case only but they impact all different handover cases and scenarios …

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G Read More »

Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store

A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users’ contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. The latest Joker malware was found in a messaging-focused app named Color Message (“com.guo.smscolor.amessage”), which …

Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store Read More »

Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability

The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all versions of …

Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability Read More »

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. “This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability,” Matthew …

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability Read More »

New Fileless Malware Uses Windows Registry as Storage to Evade Detection

A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky “fileless” techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion’s Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm (DGA) to identify its command-and-control (C2) infrastructure and …

New Fileless Malware Uses Windows Registry as Storage to Evade Detection Read More »

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed “Owowa,” on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. “Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web …

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials Read More »

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to pummel unpatched systems with a variety of malware. The new vulnerability, assigned …

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges Read More »

How MikroTik Routers Became a Cybercriminal Target

The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said. The routers leveraged by the Mēris botnet in a massive distributed denial-of-service (DDoS) attack against Russia’s internet giant Yandex have also been the unwitting platform for numerous cyberattacks, researchers have found. …

How MikroTik Routers Became a Cybercriminal Target Read More »

Microsoft Seizes Domains Used by a Chinese Hacking Group

The move delivers a blow to the hackers behind sophisticated attacks on government agencies, think tanks, and other organizations. MICROSOFT SAID IT has seized control of servers that a China-based hacking group was using to compromise targets that align with that country’s geopolitical interests. The hacking group, which Microsoft has dubbed Nickel, has been in Microsoft’s …

Microsoft Seizes Domains Used by a Chinese Hacking Group Read More »

Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators

The malware’s unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely. Google’s Threat Analysis Group (TAG) has disrupted the blockchain-enabled botnet known as Glupteba, which is made up of around 1 million compromised Windows and internet of things (IoT) devices. In tandem, Google also filed a lawsuit against the botnet’s operators. Glupteba, already …

Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators Read More »

Malicious KMSPico Windows Activator Stealing Users’ Cryptocurrency Wallets

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed “CryptBot,” is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing …

Malicious KMSPico Windows Activator Stealing Users’ Cryptocurrency Wallets Read More »

Hackers Steal $200 Million Worth of Cryptocurrency Tokens from BitMart Exchange

Cryptocurrency trading platform BitMart has disclosed a “large-scale security breach” that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. The breach is said to have impacted two of its hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC). The company noted that …

Hackers Steal $200 Million Worth of Cryptocurrency Tokens from BitMart Exchange Read More »

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found. The ransomware business is booming, and feeble corporate security and a flourishing ransomware-as-a-service (RaaS) affiliate market are to blame, researchers say. Access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers …

‘Double-Extortion’ Ransomware Damage Skyrockets 935% Read More »

Report: Aberebot-2.0 Hits Banking Apps and Crypto Wallets

Newer, More Capable Aberebot Banking Trojan Variant on Sale for $7,000 on Dark Web A new variant of the Aberebot banking malware, targeting 213 banking apps and nine crypto wallet apps in 22 countries, has been uncovered by researchers. Named Aberebot-2.0, the Telegram-based malware is the new version of the Aberebot Android banking Trojan discovered …

Report: Aberebot-2.0 Hits Banking Apps and Crypto Wallets Read More »

Cybersecurity’s Influences Towards The Healthcare Industry

The long-lasting effects of the pandemic can still be seen today across many different industries. Multiple waves of infections are still currently happening in countries around the world, even though vaccination numbers are at their highest point. Healthcare services are still at their toes in battling the number of infections soaring day by day. Their …

Cybersecurity’s Influences Towards The Healthcare Industry Read More »

Panasonic Confirms Cyberattack and Data Breach

On Friday, the tech giant said its network was illegally accessed on November 11. Tech manufacturing giant Panasonic has confirmed that its network was accessed illegally this month during a cyberattack. In a statement released on Friday, the Japanese company said it was attacked on November 11 and determined that “some data on a file server had …

Panasonic Confirms Cyberattack and Data Breach Read More »

IKEA Hit by Sophisticated Malware Attack Leveraging Internal Emails

A major cyberattack recently struck Swedish retail giant IKEA with malicious actors targeting and phishing for internal mailboxes of employees of the company. According to BleepingComputer who accessed an internal alert email sent by IKEA, the retail giant suffered a reply-chain phishing attack. The attackers are leveraging stolen reply-chain emails to carry out the phishing …

IKEA Hit by Sophisticated Malware Attack Leveraging Internal Emails Read More »

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named “Babadeda” that’s capable of bypassing antivirus solutions and stage a variety of attacks. “[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware,” …

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable Read More »

GoDaddy Breach Widens to Include Reseller Subsidiaries

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords, and more were stolen. The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected. The additional affected companies are …

GoDaddy Breach Widens to Include Reseller Subsidiaries Read More »

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a “massive eavesdrop campaign” without the users’ knowledge. The discovery of the flaws is the result of …

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally Read More »

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery

A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices. Why would a game about a cat’s “cute diary” need permission to make phone calls or suss out your location? It doesn’t: “Cat cute diary” is one of 190 …

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery Read More »

Why GoDaddy Data Breach Of +1 Million Clients Is Worse Than Described

GoDaddy Managed WordPress hosting customers suffered a data breach. Passwords have been reset but effects may still be persist. Over one million GoDaddy hosting customers suffered a data breach in September 2021 that went unnoticed for two months. GoDaddy described the security event as a vulnerability. Security researchers indicate that the cause of the vulnerability …

Why GoDaddy Data Breach Of +1 Million Clients Is Worse Than Described Read More »

Common Cloud Misconfigurations Exploited in Minutes, Report

Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes. Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo …

Common Cloud Misconfigurations Exploited in Minutes, Report Read More »

Bureau Veritas hit by cyberattack on cybersecurity system

French firm Bureau Veritas, which specializes in laboratory testing, inspection and certification services, has reported a cyberattack that affected its cybersecurity system. The security breach was detected on 20 November. As a preventive measure, the company took all its servers and data offline for a temporary period. At present, further investigations and corrective procedures are …

Bureau Veritas hit by cyberattack on cybersecurity system Read More »

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years

Pen Test Partners didn’t disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm. Sky, a U.K. broadband provider, left about 6 million customers’ underbellies exposed to attackers who could remotely sink their fangs into their home networks: a nice, …

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years Read More »

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible …

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells Read More »

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models

Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest …

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models Read More »

Ransomware Phishing Emails Sneak Through SEGs

The MICROP ransomware spreads via Google Drive and locally stored passwords. Secure email gateway (SEG) protections aren’t necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages. Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP …

Ransomware Phishing Emails Sneak Through SEGs Read More »

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months

The bureau’s flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets’ networks. A threat actor has been exploiting a zero-day vulnerability in FatPipe’s virtual private network (VPN) devices as a way to breach companies and gain access to their internal networks, since …

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months Read More »

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple Fortinet FortiOS vulnerabilities …

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws Read More »

Hacker sends spam to 100,000 from FBI email address

The FBI and Cybersecurity and Infrastructure Security Agency said they were aware of the fake emails sent from the FBI account, but declined to share more information. An apparently malicious hacker sent spam emails from an FBI email server Friday night to at least 100,000 people, an email spam watchdog group has found. The person’s …

Hacker sends spam to 100,000 from FBI email address Read More »

Millions of Routers, IoT Devices at Risk from New Open-Source Malware

BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities. Newly surfaced malware that is difficult to detect and written in Google’s open-source programming language has the potential to exploit millions of routers and IoT devices, researchers have found. Discovered by researchers at AT&T AlienLabs, BotenaGo can exploit more than 30 different vulnerabilities to …

Millions of Routers, IoT Devices at Risk from New Open-Source Malware Read More »

Costco Confirms: A Data Skimmer’s Been Ripping Off Customers

Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services. Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if …

Costco Confirms: A Data Skimmer’s Been Ripping Off Customers Read More »

Tiny Font Size Fools Email Filters in BEC Phishing

The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials. A new business email compromise (BEC) campaign targeting Microsoft 365 users is using a range of sophisticated obfuscation tactics within phishing emails that can fool natural language processing filters and are undetectable to end users. …

Tiny Font Size Fools Email Filters in BEC Phishing Read More »

Critical Flaws in Philips TASY EMR Could Expose Patient Data

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive personal data from patient databases. “Successful exploitation of these vulnerabilities could result in patients’ confidential data being exposed or extracted from Tasy’s database, give unauthorized …

Critical Flaws in Philips TASY EMR Could Expose Patient Data Read More »

Proofpoint Phish Harvests Microsoft O365, Google Logins

A savvy campaign impersonating the cybersecurity company skated past Microsoft email security. Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims’ Microsoft Office 365 and Google email credentials. According to researchers at Armorblox, they spotted one such campaign lobbed at an unnamed global communications company, with nearly a thousand …

Proofpoint Phish Harvests Microsoft O365, Google Logins Read More »

Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267 (CVSS score: 9.8), the heap overflow vulnerability “can be exploited locally …

Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module Read More »

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar

The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info. A new Magecart threat actor is stealing people’s payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines (VM) …

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar Read More »

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from …

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access Read More »

Possible cyberattack disrupts healthcare services in Canadian province -minister

A possible cyber attack against the healthcare system in the Canadian province of Newfoundland has disrupted services and forced the cancellation of some appointments, health authorities said on Monday. An investigation was underway to understand the nature and extent of the attack, which was detected on Saturday, health minister John Haggie told reporters. “This led …

Possible cyberattack disrupts healthcare services in Canadian province -minister Read More »

New ‘Trojan Source’ Technique Lets Hackers Hide Vulnerabilities in Source Code

A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that’s semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed “Trojan Source attacks,” the technique “exploits subtleties in text-encoding standards such as Unicode to …

New ‘Trojan Source’ Technique Lets Hackers Hide Vulnerabilities in Source Code Read More »

Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices

Cybersecurity researchers disclosed details of what they say is the “largest botnet” observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Qihoo 360’s Netlab security team dubbed …

Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices Read More »

Microsoft warns of rise in password sprays targeting cloud accounts

The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. Password spraying is a type of brute force attack where the attackers attempt to gain access to large lists of accounts using a small number of commonly used passwords. …

Microsoft warns of rise in password sprays targeting cloud accounts Read More »

Ransomware Has Disrupted Almost 1,000 Schools in the US This Year

There have been more than 70 ransomware attacks affecting around 1,000 U.S. schools this year, and it may get worse before it gets better. 2021 has been the year of ransomware.  Some high-profile ransomware attacks, like the Colonial Pipeline hack that halted distribution of gas on the East Coast of the U.S. or meat supplier JBS, have made …

Ransomware Has Disrupted Almost 1,000 Schools in the US This Year Read More »

Cyberattack Cripples Iranian Fuel Distribution Network

The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. An attack on the fuel distribution chain in Iran reportedly forced the shutdown of a network of filling stations Tuesday, leaving motorists stranded at pumps across the country and unable to fill …

Cyberattack Cripples Iranian Fuel Distribution Network Read More »

BSSN Admits Site Hacked by Defaced Attack

Spokesman for the National Cyber and Crypto Agency (BSSN), Anton Setiawan admitted that his website had been hacked this morning. According to him, there is no data concerning the public interest has been affected from the hack. “Yes, that’s right, there is no (public data). Only malware data for research purposes,” Anton said when confirmed, …

BSSN Admits Site Hacked by Defaced Attack Read More »

Threat Actors Abuse Discord to Push Malware

The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs–across its network of 150 million users, putting corporate workplaces at risk. Threat actors are abusing the core features of the popular Discord digital communication platform to persistently deliver various types of malware—in particular remote access trojans (RATs) that can …

Threat Actors Abuse Discord to Push Malware Read More »

KPAI Data Leaks Allegedly Covering Minors’ Identity

The issue of data leakage from the Indonesian Child Protection Commission (KPAI) has attracted the attention of cyber security experts. The data includes the identities of minors, which underscores their vulnerability to online predators. In the middle of this week, KPAI came into the spotlight after a number of screenshots from the Raid Forums hacker …

KPAI Data Leaks Allegedly Covering Minors’ Identity Read More »

Aussie cyber spies to control critical infrastructure during ransomware attacks

The new bill, if passed, will allow cyberwarfare operatives to take over control of critical infrastructure under attack. Australia’s top cyber spies are set to gain greater powers in the event of ransomware or other cyber attacks on critical infrastructure. The Australian Signals Directorate (ASD), a government agency in charge of cyber warfare and information …

Aussie cyber spies to control critical infrastructure during ransomware attacks Read More »

VPN Exposes Data for 1M Users, Leading to Researcher Questioning

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack. Free virtual private network (VPN) service Quickfox, which provides access to Chinese websites from outside the country, exposed the personally identifiable information (PII) of more than a million users in just the latest high-profile VPN security failure. The incident has some security …

VPN Exposes Data for 1M Users, Leading to Researcher Questioning Read More »

Fresh APT Harvester Reaps Telco, Government Data

The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics. A previously unseen advanced persistent threat (APT) group dubbed Harvester by researchers is attacking telcos, IT companies and government-sector targets in a campaign that’s been ongoing since June. According to a Symantec analysis, the group sports a veritable …

Fresh APT Harvester Reaps Telco, Government Data Read More »

Multiple cyberattack attempts on Israeli hospitals thwarted, officials say

National Cyber Directorate and Health Ministry say ‘early assessments and a quick response’ stopped the attacks over weekend; Hillel Yaffe’s systems still being restored. A wave of attempted cyberattacks targeting Israeli hospitals and health centers were thwarted over the weekend, the National Cyber Directorate and Health Ministry announced Sunday. “Early assessments and a quick response …

Multiple cyberattack attempts on Israeli hospitals thwarted, officials say Read More »

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones. On Wednesday, Verizon’s Visible – an all-digital, uber-cheap wireless carrier – confirmed what customers have been complaining about on Reddit and Twitter all week: …

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack Read More »

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege escalation. Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution (RCE) zero-day vulnerability that’s being actively exploited. …

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug Read More »

Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack

Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems. Two of the addressed security flaws are rated Critical, 68 …

Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack Read More »

OVER 14,000 GMAIL USERS FALL VICTIM TO RUSSIAN GOVERNMENT-SPONSORED PHISHING CAMPAIGN

Through a letter sent via email, Google has notified some 14,000 Gmail users that during the past months they could have been the target of a sophisticated spear phishing campaign operated by a hacking group identified as APT28. The letter is signed by Shane Huntley, director of the Google Threat Analysis Group. Huntley emphasizes the fact that these alerts do not mean …

OVER 14,000 GMAIL USERS FALL VICTIM TO RUSSIAN GOVERNMENT-SPONSORED PHISHING CAMPAIGN Read More »

Brewer’s Token Gaffe Causes Massive PII Breach

An authentication error left the personal data of hundreds of thousands of BrewDog customers and Equity for Punks shareholders exposed for a year and a half.  The gaffe involving an API bearer token was discovered by researchers at security consulting and testing company Pen Test Partners.  “Every mobile app user was given the same hard-coded API Bearer Token, …

Brewer’s Token Gaffe Causes Massive PII Breach Read More »

Intuit warns QuickBooks customers of ongoing phishing attacks

Intuit has warned QuickBooks customers that they are targeted by an ongoing phishing campaign impersonating the company and trying to lure potential victims with fake renewal charges. The company said it received reports from customers that they were emailed and told that their QuickBooks plans had expired. “This email did not come from Intuit. The sender is not …

Intuit warns QuickBooks customers of ongoing phishing attacks Read More »

Someone hijacked a Navy warship’s Facebook account so they could livestream ‘Age of Empires’

The official Facebook page for the USS KIDD (DDG-100) appears to have been hijacked by someone who really just wants to play “Age of Empires”. For the last several days, someone has been having a lot of fun playing the classic 1997 strategy game “Age of Empires.” Normally, that wouldn’t be news (the game is …

Someone hijacked a Navy warship’s Facebook account so they could livestream ‘Age of Empires’ Read More »

5-Year Breach May Have Exposed Billions of Text Messages

The attack affected Syniverse, a major telecom company that annually routes billions of text messages for hundreds of mobile carriers. Major telecommunications provider Syniverse, which routes billions of text messages each year for providers including AT&T, Verizon, and T-Mobile, has revealed it is the victim of a five-year-long security breach that may have exposed millions …

5-Year Breach May Have Exposed Billions of Text Messages Read More »

Twitch Leak Included Emails, Passwords in Clear Text: Researcher

A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails; employees’ emails; and more. Twitch users, if you haven’t changed your password yet, go. Now. Do it. Your email and password may already have been leaked – unhashed, unencrypted, in cleartext. Researchers have been …

Twitch Leak Included Emails, Passwords in Clear Text: Researcher Read More »

ATO attacks increased 307% between 2019 and 2021

Sift released a report which details the evolving methods fraudsters employ to launch account takeover (ATO) attacks against consumers and businesses. The report details a sophisticated fraud ring that sought to overwhelm e-commerce merchants by innovating upon typical credential stuffing campaigns. Specifically, the fraud ring, dubbed Proxy Phantom, used a massive cluster of connected, rotating IP addresses …

ATO attacks increased 307% between 2019 and 2021 Read More »

3.1M Neiman Marcus Customer Card Details Breached

Experts say the detection delay of 17 months is a colossal security blunder by the retailer.  Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May …

3.1M Neiman Marcus Customer Card Details Breached Read More »

Apple Pay with Visa Hacked to Make Payments via Locked iPhones

Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed. An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The …

Apple Pay with Visa Hacked to Make Payments via Locked iPhones Read More »

Baby’s Death Alleged to Be Linked to Ransomware

Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby’s death. A U.S. hospital paralyzed by ransomware in 2019 will be defending itself in court in November over the death of a newborn, allegedly caused by the cyberattack. As the Wall Street Journal reported on Thursday, the …

Baby’s Death Alleged to Be Linked to Ransomware Read More »

OWASP Top 10 risks get update, highlighting insecure design — injection no longer on top

Just in time for OWASP’s 20th anniversary last week, the Open Web Application Security Project’s Top 10 list of critical security risks has received its first update since 2017. The OWASP Top 10 were first released in 2003 and serve as a foundation for various compliance and security tools. To come up with the 2021 …

OWASP Top 10 risks get update, highlighting insecure design — injection no longer on top Read More »

UK umbrella payroll firm GiantPay confirms it was hit by ‘sophisticated’ cyber-attack

Giant Group, the umbrella company that has thousands of contractors on its books, has been targeted by a “sophisticated” cyber-attack that floored systems and left workers out in the cold, the biz has now confirmed. The attack happened last Wednesday (September 22) and forced the outfit – known to many as Giant Pay – to …

UK umbrella payroll firm GiantPay confirms it was hit by ‘sophisticated’ cyber-attack Read More »

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence. The threat actors behind the notorious SolarWinds supply-chain attacks have dispatched new malware to steal data and maintain persistence on victims’ networks, researchers have found. Researchers from the Microsoft Threat Intelligence Center …

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor Read More »

Google Issues Warning For 2 Billion Chrome Users

Chrome users beware, just days after I warned attacks on Google’s browser are increasing, another critical hack has been confirmed. Google published the news in a new blog post, where it revealed Chrome’s 11th ‘zero day’ exploit of the year has been found (CVE-2021-37973) and it affects Linux, macOS and Windows users. A zero-day classification means hackers …

Google Issues Warning For 2 Billion Chrome Users Read More »

2021 has broken the record for zero-day hacking attacks

A zero-day exploit—a way to launch a cyberattack via a previously unknown vulnerability—is just about the most valuable thing a hacker can possess. These exploits can carry price tags north of $1 million on the open market. And this year, cybersecurity defenders have caught the highest number ever, according to multiple databases, researchers, and cybersecurity companies who …

2021 has broken the record for zero-day hacking attacks Read More »

Unpatched Apple Zero-Day in macOS Finder Allows Code Execution

All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS. A zero-day security vulnerability in Apple’s macOS Finder system could allow remote attackers to trick users into running arbitrary commands, according to …

Unpatched Apple Zero-Day in macOS Finder Allows Code Execution Read More »

Yandex Pummeled by Potent Meris DDoS Botnet

Record-breaking distributed denial of service attack targets Russia’s version of Google – Yandex. Technical details tied to a record-breaking distributed-denial-of-service (DDoS) attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. A massive botnet, dubbed Mēris, is believed responsible, flooding Yandex with millions of HTTP requests for webpages at the same time. …

Yandex Pummeled by Potent Meris DDoS Botnet Read More »

MyRepublic Data Breach Raises Data-Protection Questions

The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say. Almost 79,400 MyRepublic mobile subscribers have been caught up in a data breach that exposed a range of personal information, the company has confirmed. The Singapore-based ISP and mobile provider said that an “unauthorized data access incident” took place on …

MyRepublic Data Breach Raises Data-Protection Questions Read More »

Stolen Credentials Led to Data Theft at United Nations

Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks. A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization …

Stolen Credentials Led to Data Theft at United Nations Read More »

Thousands of Fortinet VPN Account Credentials Leaked

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. Credentials pilfered from 87,000 unpatched Fortinet SSL-VPNs have been posted online, the company has confirmed. Or then again, maybe the number is far greater. On Wednesday, BleepingComputer reported that it’s been in touch with …

Thousands of Fortinet VPN Account Credentials Leaked Read More »

McDonald’s Email Blast Includes Password to Monopoly Game Database

Usernames, passwords for database sent in prize redemption emails. McDonald’s UK Monopoly VIP game kicked off at the end of August, and a recent round of emails sent to winners of the game’s various prizes included more than a coupon for free fries. The franchise accidentally inserted passwords for a McDonald’s server that hosted information …

McDonald’s Email Blast Includes Password to Monopoly Game Database Read More »

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

A chain of exploits could allow a malicious Azure user to infiltrate other customers’ cloud instances within Microsoft’s container-as-a-service offering. A critical security vulnerability allowing attackers to perform cross-account container takeover in Microsoft’s public cloud, dubbed “Azurescape”, has been uncovered by researchers. The issue exists in Azure Container Instances (ACI), which is Microsoft’s container-as-a-service (CaaS) …

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise Read More »

Cyber Attack Fears – Kiwibank, ANZ, NZ Post, MetService Back Online After CERT Flags Cyberattacks

The Government’s Computer Emergency Response Team (CERT NZ) is monitoring a cyber security attack which appeared to take down a number of major organisation’s websites this morning. Kiwibank, ANZ, NZ Post and MetService. NZ Police all acknowledged that their sites were slow at times. All came back online around midday, but CERT NZ posted a …

Cyber Attack Fears – Kiwibank, ANZ, NZ Post, MetService Back Online After CERT Flags Cyberattacks Read More »