News

Pair of Google Chrome Zero-Day Bugs Actively Exploited

The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. Google has addressed two zero-day security bugs that are being actively exploited in the wild. As part of the internet giant’s latest stable channel release (version 93.0.4577.82 for Windows, Mac and Linux), it fixed 11 total vulnerabilities, all …

Pair of Google Chrome Zero-Day Bugs Actively Exploited Read More »

Cyber arms dealer exploits new Apple iPhone software vulnerability that affects most versions, watchdog group says

A cyber surveillance company based in Israel developed a tool to break into Apple iPhones with a never-before-seen technique that has been in use since at least February, internet security watchdog group Citizen Lab said on Monday. The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all …

Cyber arms dealer exploits new Apple iPhone software vulnerability that affects most versions, watchdog group says Read More »

Yandex Pummeled by Potent Meris DDoS Botnet

Record-breaking distributed denial of service attack targets Russia’s version of Google – Yandex. Technical details tied to a record-breaking distributed-denial-of-service (DDoS) attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. A massive botnet, dubbed Mēris, is believed responsible, flooding Yandex with millions of HTTP requests for webpages at the same time. …

Yandex Pummeled by Potent Meris DDoS Botnet Read More »

MyRepublic Data Breach Raises Data-Protection Questions

The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say. Almost 79,400 MyRepublic mobile subscribers have been caught up in a data breach that exposed a range of personal information, the company has confirmed. The Singapore-based ISP and mobile provider said that an “unauthorized data access incident” took place on …

MyRepublic Data Breach Raises Data-Protection Questions Read More »

Stolen Credentials Led to Data Theft at United Nations

Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks. A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization …

Stolen Credentials Led to Data Theft at United Nations Read More »

Thousands of Fortinet VPN Account Credentials Leaked

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. Credentials pilfered from 87,000 unpatched Fortinet SSL-VPNs have been posted online, the company has confirmed. Or then again, maybe the number is far greater. On Wednesday, BleepingComputer reported that it’s been in touch with …

Thousands of Fortinet VPN Account Credentials Leaked Read More »

McDonald’s Email Blast Includes Password to Monopoly Game Database

Usernames, passwords for database sent in prize redemption emails. McDonald’s UK Monopoly VIP game kicked off at the end of August, and a recent round of emails sent to winners of the game’s various prizes included more than a coupon for free fries. The franchise accidentally inserted passwords for a McDonald’s server that hosted information …

McDonald’s Email Blast Includes Password to Monopoly Game Database Read More »

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

A chain of exploits could allow a malicious Azure user to infiltrate other customers’ cloud instances within Microsoft’s container-as-a-service offering. A critical security vulnerability allowing attackers to perform cross-account container takeover in Microsoft’s public cloud, dubbed “Azurescape”, has been uncovered by researchers. The issue exists in Azure Container Instances (ACI), which is Microsoft’s container-as-a-service (CaaS) …

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise Read More »

Cyber Attack Fears – Kiwibank, ANZ, NZ Post, MetService Back Online After CERT Flags Cyberattacks

The Government’s Computer Emergency Response Team (CERT NZ) is monitoring a cyber security attack which appeared to take down a number of major organisation’s websites this morning. Kiwibank, ANZ, NZ Post and MetService. NZ Police all acknowledged that their sites were slow at times. All came back online around midday, but CERT NZ posted a …

Cyber Attack Fears – Kiwibank, ANZ, NZ Post, MetService Back Online After CERT Flags Cyberattacks Read More »

IoT Attacks Skyrocket, Doubling in 6 Months

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets. The first six months of 2021 have seen a more than 100-percent growth in cyberattacks against internet-of-things (IoT) devices, researchers have found. According to a Kaspersky analysis of its telemetry from honeypots …

IoT Attacks Skyrocket, Doubling in 6 Months Read More »

Kiwis lockdown Friday workday disrupted by cyber attack

Thousands of New Zealanders’ Friday afternoon workflow was interrupted today when their internet connection cut out due to a cyber attack on a main internet provider. Internet infrastructure provider Vocus – which operates Orcon, Slingshot, Flip, and Stuff Fibre internet connections – was hit with a DDoS attack which took its internet down for about …

Kiwis lockdown Friday workday disrupted by cyber attack Read More »

Brute-Force Attacks Target Inboxes for Gift Card Data

Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data. Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found. The …

Brute-Force Attacks Target Inboxes for Gift Card Data Read More »

FIN7 Capitalizes on Windows 11 Release in Latest Gambit

The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider. The FIN7 financial cybercrime gang is back, delivering JavaScript backdoors using Word documents themed around the next version of Windows. That’s according to researchers at Anomali, who observed a recent campaign from the group that leveraged six different docs, all …

FIN7 Capitalizes on Windows 11 Release in Latest Gambit Read More »

Series of Data Leaks Cases of Government’s Health Data

Several cases of alleged leaks of the government’s health data have occurred in Indonesia. The most recent one is the alleged data leak in Indonesia’s Health Alert Card or eHAC application managed by the Ministry of Health before it was merged into the PeduliLindung application. A number of information technology experts have reminded the government …

Series of Data Leaks Cases of Government’s Health Data Read More »

Indonesia’s Ministry of Health Calls Data Leak in Old Version of eHAC, Saves Important User Information

The Ministry of Health of Indonesia (Kemenkes) has finally raised its voice regarding the data leakage of the users of eHAC application. As a result, it is estimated that the data belonging to 1.3 million users are vulnerable to being accessed by anyone. Head of the Ministry of Health’s Data and Information Center, dr. Anas …

Indonesia’s Ministry of Health Calls Data Leak in Old Version of eHAC, Saves Important User Information Read More »

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform

HPE joins Apple in warning customers of a high-severity Sudo vulnerability. Hewlett Packard Enterprise (HPE) is warning a vulnerability in Sudo, an open-source program used within its Aruba AirWave management platform, could allow any unprivileged and unauthenticated local user to gain root privileges on a vulnerable host. Rated high in severity, HPE warns the Sudo flaw …

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform Read More »

LockBit Gang to Publish 103GB of Bangkok Air Customer Data

The airline announced the breach on Thursday, and the ransomware gang started a countdown clock the next day. The LockBit ransomware gang has apparently struck again, having purportedly stolen 103GB worth of files from Bangkok Airways and promising to release them tomorrow, on Tuesday. A Dark Web intelligence firm calling itself DarkTracer (apparently a separate …

LockBit Gang to Publish 103GB of Bangkok Air Customer Data Read More »

Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping

The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims’ personal information, sensitive company data and more. A serious security vulnerability in Microsoft Exchange Server that researchers have dubbed ProxyToken could allow an unauthenticated attacker to access and steal emails from a target’s mailbox. Microsoft Exchange uses two websites; one, the front end, is …

Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping Read More »

F5 Bug Could Lead to Complete System Takeover

The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode. Application delivery and networking firm F5 released a baker’s dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted …

F5 Bug Could Lead to Complete System Takeover Read More »

New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack

“It’s really a gut punch, that’s for sure,” Select Board member William Kennedy said Monday The town of Peterborough, New Hampshire, said Monday that it has lost $2.3 million in taxpayer dollars as the result of a cyberattack. “It pains us to inform the residents and taxpayers of Peterborough that, like so many other towns …

New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack Read More »

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange …

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws Read More »

Google Issues Warning For 2 Billion Chrome Users

Google Chrome has over two billion users worldwide and dominates the web browser market. But this also makes it the prime target of hackers and now Google has issued its fourth urgent upgrade warning in two months.  In an official blog post, Google has revealed seven ‘High’ rated security threats have been discovered in Chrome with the …

Google Issues Warning For 2 Billion Chrome Users Read More »

U.S. State Department reportedly hit by a cyberattack in recent weeks

The U.S. State Department was hit by a cyberattack and notifications of a potentially serious breach were made by the Department of Defense Cyber Command, a Fox News reporter said on Saturday. A knowledgeable source told Reuters the State Department has not experienced significant disruptions and has not had its operations impeded in any way. Fox …

U.S. State Department reportedly hit by a cyberattack in recent weeks Read More »

North Korean APT Hackers Attack Victims Using MS IE & Edge Browser Exploits

Researchers uncovered a new browser-based attackers from the infamous North Korean APT Hackers groups targeting the victims with the different browser exploits names as “BLUELIGHT“. InkySquid, a threat group based on North Korea and the groups broadly known as monikers ScarCruft and APT37 have recently attacked the South Korean website (www.dailynk[.]com) that is focused on …

North Korean APT Hackers Attack Victims Using MS IE & Edge Browser Exploits Read More »

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. “The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors,” SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of …

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups Read More »

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices. Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things (IoT) devices – one that exposes live video and audio streams to …

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop Read More »

T-Mobile confirms it was hacked after customer data posted online

T-Mobile has confirmed “unauthorized access” to its systems, days after a portion of customer data was listed for sale on a known cybercriminal forum. The U.S. cell giant, which last year completed a $26 billion merger with Sprint, confirmed an intrusion but that it has “not yet determined that there is any personal customer data involved.” …

T-Mobile confirms it was hacked after customer data posted online Read More »

Black Hat: Novel DNS Hack Spills Confidential Corp Data

Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53’s DNS service and Google Cloud DNS. LAS VEGAS – Amazon and Google patched a domain name service (DNS) bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed …

Black Hat: Novel DNS Hack Spills Confidential Corp Data Read More »

QR Code Scammers Get Creative with Bitcoin ATMs

Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology’s trust relationship with users. With the use of QR codes rising, so, too, are the numbers of scams that aim to take advantage of them. Researchers warned that threat actors …

QR Code Scammers Get Creative with Bitcoin ATMs Read More »

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online

The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said. Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. However, …

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online Read More »

‘Glowworm’ Attack Turns Power Light Flickers into Audio

Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings. Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations. As an increasing amount …

‘Glowworm’ Attack Turns Power Light Flickers into Audio Read More »

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

A cyber attack that derailed websites of Iran’s transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called “Meteor.” The campaign — dubbed “MeteorExpress” — has not been linked to any previously identified threat group or to additional attacks, …

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System Read More »

New Android Malware Uses VNC to Spy and Steal Passwords from Victims

A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. Dubbed “Vultur” due to its use of Virtual Network Computing (VNC)’s remote screen-sharing technology to gain full visibility on targeted users, the …

New Android Malware Uses VNC to Spy and Steal Passwords from Victims Read More »

UC San Diego Health Breach Tied to Phishing Attack

Employee email takeover exposed personal, medical data of students, employees and patients. Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred …

UC San Diego Health Breach Tied to Phishing Attack Read More »

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities

Majority of top vulnerabilities targeted last year were disclosed in the past two years, agencies from the United States, United Kingdom, and Australia have said, with Microsoft Office CVE dating from 2017. At the end of almost seven months in 2021, one of the 30 most exploited vulnerabilities dates from 2017, according to the US …

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities Read More »

Indonesia’s BRI Life probes reported data leak of 2 million users

BRI Life, the insurance arm of Indonesia’s Bank Rakyat Indonesia (BRI) (BBRI.JK), said on Tuesday it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers. Hudson Rock, a cybercrime monitoring firm, told Reuters that it had found evidence which showed that multiple computers …

Indonesia’s BRI Life probes reported data leak of 2 million users Read More »

iOS 14.7.1: Apple Issues Urgent iPhone Update With Important Security Fixes

Apple has just issued iOS 14.7.1—an urgent update that comes with an “important” security fix for an issue that is already being used by adversaries to attack iPhones. For this reason, the iPhone maker says the iOS 14.7.1 update is urgent, and it is “recommended for all users.” The issue patched in iOS 14.7.1 is a vulnerability …

iOS 14.7.1: Apple Issues Urgent iPhone Update With Important Security Fixes Read More »

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. “LemonDuck, an actively updated and robust malware that’s primarily …

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems Read More »

Microsoft shares mitigations for new PetitPotam NTLM relay attack

Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. PetitPotam is a new method that can be used to conduct an NTLM relay attack discovered by French security researcher Gilles Lionel (Topotam). This method was disclosed this week along with a proof-of-concept …

Microsoft shares mitigations for new PetitPotam NTLM relay attack Read More »

Cyber attack disrupts major South African port operations

Some movement of cargo impacted.A cyber attack has disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said. Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected, three sources with direct knowledge of the matter told Reuters. Cape Town Harbour Carriers Association said in …

Cyber attack disrupts major South African port operations Read More »

Memory Corruption Issues Lead 2021 CWE Top 25

The MITRE Common Weakness Enumeration (CWE) team’s latest list of most dangerous software flaws includes several that shot up in significance since 2020. Memory corruption errors remain one of the most common and dangerous weaknesses in modern software. The MITRE-operated Homeland Security Systems Engineering and Development Institute put the issue on top of its latest …

Memory Corruption Issues Lead 2021 CWE Top 25 Read More »

740 Ransomware Victims Named on Data Leak Sites in Q2 2021

Digital Shadows’ Q2 ransomware report highlighted that the number of victims posted to data leak sites increased by 47% compared to Q1. More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cybersecurity firm Digital Shadows.  Out of the …

740 Ransomware Victims Named on Data Leak Sites in Q2 2021 Read More »

MacOS Being Picked Apart by $49 XLoader Data Stealer

Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes. There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low …

MacOS Being Picked Apart by $49 XLoader Data Stealer Read More »

In the latest LinkedIn phishing scam, the sender’s email address appears to be from Paul University which is based in Nigeria.

Phishing scams are one of the most often done owing to their simplicity and sadly, reliability as well. In the latest, researchers from ArmorBlox have discovered a new LinkedIn phishing campaign that targeted approximately 700 users through Google Workspace by hosting the phishing page on Google Forms. The phishing email itself prompted users to verify their LinkedIn accounts with …

In the latest LinkedIn phishing scam, the sender’s email address appears to be from Paul University which is based in Nigeria. Read More »

Fake Zoom App Dropped by New APT ‘LuminousMoth’

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. Researchers have spotted a weird one: A newly identified threat actor linked to China that’s first mass-attacking, but then cherry-picking, just a few targets to hit with malware and data exfiltration. …

Fake Zoom App Dropped by New APT ‘LuminousMoth’ Read More »

Microsoft’s ‘PrintNightmare’ lingers, requires new patches

Despite Microsoft’s efforts, the remote code execution bug known as “PrintNightmare” remains exposed and vulnerable to exploitation on some systems. The software giant issued its monthly Patch Tuesday security release to address a total of 117 CVE-listed security vulnerabilities. Of those 117 bugs, three were zero-day vulnerabilities that were under exploitation in the wild. These include CVE-2021-34448, …

Microsoft’s ‘PrintNightmare’ lingers, requires new patches Read More »

Kaseya warns of phishing campaign pushing fake security updates

Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates. “Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that …

Kaseya warns of phishing campaign pushing fake security updates Read More »