News

U.S. State Department reportedly hit by a cyberattack in recent weeks

The U.S. State Department was hit by a cyberattack and notifications of a potentially serious breach were made by the Department of Defense Cyber Command, a Fox News reporter said on Saturday. A knowledgeable source told Reuters the State Department has not experienced significant disruptions and has not had its operations impeded in any way. Fox …

U.S. State Department reportedly hit by a cyberattack in recent weeks Read More »

North Korean APT Hackers Attack Victims Using MS IE & Edge Browser Exploits

Researchers uncovered a new browser-based attackers from the infamous North Korean APT Hackers groups targeting the victims with the different browser exploits names as “BLUELIGHT“. InkySquid, a threat group based on North Korea and the groups broadly known as monikers ScarCruft and APT37 have recently attacked the South Korean website (www.dailynk[.]com) that is focused on …

North Korean APT Hackers Attack Victims Using MS IE & Edge Browser Exploits Read More »

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. “The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors,” SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of …

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups Read More »

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices. Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things (IoT) devices – one that exposes live video and audio streams to …

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop Read More »

T-Mobile confirms it was hacked after customer data posted online

T-Mobile has confirmed “unauthorized access” to its systems, days after a portion of customer data was listed for sale on a known cybercriminal forum. The U.S. cell giant, which last year completed a $26 billion merger with Sprint, confirmed an intrusion but that it has “not yet determined that there is any personal customer data involved.” …

T-Mobile confirms it was hacked after customer data posted online Read More »

Black Hat: Novel DNS Hack Spills Confidential Corp Data

Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53’s DNS service and Google Cloud DNS. LAS VEGAS – Amazon and Google patched a domain name service (DNS) bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed …

Black Hat: Novel DNS Hack Spills Confidential Corp Data Read More »

QR Code Scammers Get Creative with Bitcoin ATMs

Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology’s trust relationship with users. With the use of QR codes rising, so, too, are the numbers of scams that aim to take advantage of them. Researchers warned that threat actors …

QR Code Scammers Get Creative with Bitcoin ATMs Read More »

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online

The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said. Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. However, …

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online Read More »

‘Glowworm’ Attack Turns Power Light Flickers into Audio

Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings. Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations. As an increasing amount …

‘Glowworm’ Attack Turns Power Light Flickers into Audio Read More »

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

A cyber attack that derailed websites of Iran’s transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called “Meteor.” The campaign — dubbed “MeteorExpress” — has not been linked to any previously identified threat group or to additional attacks, …

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System Read More »

New Android Malware Uses VNC to Spy and Steal Passwords from Victims

A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. Dubbed “Vultur” due to its use of Virtual Network Computing (VNC)’s remote screen-sharing technology to gain full visibility on targeted users, the …

New Android Malware Uses VNC to Spy and Steal Passwords from Victims Read More »

UC San Diego Health Breach Tied to Phishing Attack

Employee email takeover exposed personal, medical data of students, employees and patients. Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred …

UC San Diego Health Breach Tied to Phishing Attack Read More »

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities

Majority of top vulnerabilities targeted last year were disclosed in the past two years, agencies from the United States, United Kingdom, and Australia have said, with Microsoft Office CVE dating from 2017. At the end of almost seven months in 2021, one of the 30 most exploited vulnerabilities dates from 2017, according to the US …

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities Read More »

Indonesia’s BRI Life probes reported data leak of 2 million users

BRI Life, the insurance arm of Indonesia’s Bank Rakyat Indonesia (BRI) (BBRI.JK), said on Tuesday it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers. Hudson Rock, a cybercrime monitoring firm, told Reuters that it had found evidence which showed that multiple computers …

Indonesia’s BRI Life probes reported data leak of 2 million users Read More »

iOS 14.7.1: Apple Issues Urgent iPhone Update With Important Security Fixes

Apple has just issued iOS 14.7.1—an urgent update that comes with an “important” security fix for an issue that is already being used by adversaries to attack iPhones. For this reason, the iPhone maker says the iOS 14.7.1 update is urgent, and it is “recommended for all users.” The issue patched in iOS 14.7.1 is a vulnerability …

iOS 14.7.1: Apple Issues Urgent iPhone Update With Important Security Fixes Read More »

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. “LemonDuck, an actively updated and robust malware that’s primarily …

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems Read More »

Microsoft shares mitigations for new PetitPotam NTLM relay attack

Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. PetitPotam is a new method that can be used to conduct an NTLM relay attack discovered by French security researcher Gilles Lionel (Topotam). This method was disclosed this week along with a proof-of-concept …

Microsoft shares mitigations for new PetitPotam NTLM relay attack Read More »

Cyber attack disrupts major South African port operations

Some movement of cargo impacted.A cyber attack has disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said. Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected, three sources with direct knowledge of the matter told Reuters. Cape Town Harbour Carriers Association said in …

Cyber attack disrupts major South African port operations Read More »

Memory Corruption Issues Lead 2021 CWE Top 25

The MITRE Common Weakness Enumeration (CWE) team’s latest list of most dangerous software flaws includes several that shot up in significance since 2020. Memory corruption errors remain one of the most common and dangerous weaknesses in modern software. The MITRE-operated Homeland Security Systems Engineering and Development Institute put the issue on top of its latest …

Memory Corruption Issues Lead 2021 CWE Top 25 Read More »

740 Ransomware Victims Named on Data Leak Sites in Q2 2021

Digital Shadows’ Q2 ransomware report highlighted that the number of victims posted to data leak sites increased by 47% compared to Q1. More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cybersecurity firm Digital Shadows.  Out of the …

740 Ransomware Victims Named on Data Leak Sites in Q2 2021 Read More »

MacOS Being Picked Apart by $49 XLoader Data Stealer

Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes. There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low …

MacOS Being Picked Apart by $49 XLoader Data Stealer Read More »

In the latest LinkedIn phishing scam, the sender’s email address appears to be from Paul University which is based in Nigeria.

Phishing scams are one of the most often done owing to their simplicity and sadly, reliability as well. In the latest, researchers from ArmorBlox have discovered a new LinkedIn phishing campaign that targeted approximately 700 users through Google Workspace by hosting the phishing page on Google Forms. The phishing email itself prompted users to verify their LinkedIn accounts with …

In the latest LinkedIn phishing scam, the sender’s email address appears to be from Paul University which is based in Nigeria. Read More »

Fake Zoom App Dropped by New APT ‘LuminousMoth’

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. Researchers have spotted a weird one: A newly identified threat actor linked to China that’s first mass-attacking, but then cherry-picking, just a few targets to hit with malware and data exfiltration. …

Fake Zoom App Dropped by New APT ‘LuminousMoth’ Read More »

Microsoft’s ‘PrintNightmare’ lingers, requires new patches

Despite Microsoft’s efforts, the remote code execution bug known as “PrintNightmare” remains exposed and vulnerable to exploitation on some systems. The software giant issued its monthly Patch Tuesday security release to address a total of 117 CVE-listed security vulnerabilities. Of those 117 bugs, three were zero-day vulnerabilities that were under exploitation in the wild. These include CVE-2021-34448, …

Microsoft’s ‘PrintNightmare’ lingers, requires new patches Read More »

Protergo Webinar Collaboration with Data Center Indonesia DCI

In this modernized, technological era, there are still countless companies in Indonesia from different sectors and industries, who have not prioritized cybersecurity, nor were they aware of the many cyberattack occurrence within the country. Seeing this phenomenon, in this webinar event, Protergo collaborated with DCI to explain their joined effort in improving the security of …

Protergo Webinar Collaboration with Data Center Indonesia DCI Read More »

Kaseya warns of phishing campaign pushing fake security updates

Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates. “Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that …

Kaseya warns of phishing campaign pushing fake security updates Read More »

HOW TO PROTECT OURSELVES FROM FUTURE THREATS

24 March 2021 In an effort to suppress the transmission of COVID-19, many companies are implementing work from home. To make it easier for workers, many systems are already operating digitally and can be operated remotely.  However, without realizing it, cyber-attacks and cases of data leaks are becoming more and more common. Seeing this, Protergo …

HOW TO PROTECT OURSELVES FROM FUTURE THREATS Read More »