News

Twitter Source Code Leaked on Public GitHub Repository

The popular social media platform Twitter is actively searching for the person responsible for a recent data leak and any other individuals who became involved in the incident by downloading the data. A GitHub user publicly exposed a part of the platform’s proprietary source code and internal tools for approximately three months before Twitter issued …

Twitter Source Code Leaked on Public GitHub Repository Read More »

Hacktivism on the Rise: KillNet Anonymous Sudan’s Cyber Campaign Targets Australia

The world of cyberattacks continues to evolve with the emergence of new hacktivist groups that target different countries for various political reasons. One such group that has been making headlines is KillNet Anonymous Sudan, which is affiliated with the pro-Russian hacktivist group KillNet. The dark web team of SOCRadar has discovered alarming posts on the …

Hacktivism on the Rise: KillNet Anonymous Sudan’s Cyber Campaign Targets Australia Read More »

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker “pompompurin,” faces a maximum penalty of up to five years in prison. He was arrested on March 15, …

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison Read More »

Emotet malware distributed as fake W-9 tax forms from the IRS

A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. Emotet is a notorious malware infection distributed through phishing emails that in the past contained Microsoft Word and Excel documents with malicious macros that install the malware. However, after Microsoft began …

Emotet malware distributed as fake W-9 tax forms from the IRS Read More »

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users’ personal information and chat titles in the upstart’s ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users’ conversations from …

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident Read More »

Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. Attack chains mounted by the group commence with a spear-phishing email …

Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies Read More »

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market. With this rise in threats, budgets, and solutions, how prepared are industries and …

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks Read More »

Hackers use new PowerMagic and CommonMagic malware to steal data

Security researchers have discovered attacks from an advanced threat actor that used “a previously unseen malicious framework” called CommonMagic and a new backdoor called PowerMagic. Both malware pieces have been used since at least September 2021 in operations that continue to this day and target organizations in the administrative, agriculture, and transportation sectors for espionage …

Hackers use new PowerMagic and CommonMagic malware to steal data Read More »

New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks

A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm with the potential for massive attacks. The new botnet was discovered by researchers at Akamai at the start of the year, who caught it on their HTTP and SSH honeypots, …

New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks Read More »

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim …

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack Read More »

Emotet malware now distributed in Microsoft OneNote files to evade defenses

The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. Emotet is a notorious malware botnet historically distributed through Microsoft Word and Excel attachments that contain malicious macros. If a user opens the attachment and enables macros, a DLL will be downloaded and executed …

Emotet malware now distributed in Microsoft OneNote files to evade defenses Read More »

FakeCalls Android malware returns with new ways to hide on phones

Android malware ‘FakeCalls’ is circulating again in South Korea, imitating phone calls for over 20 financial organizations and attempting to fool bankers into giving away their credit card details. The particular malware isn’t new, as Kaspersky published a report about it a year ago. However, Check Point researchers now report that more recent versions have implemented …

FakeCalls Android malware returns with new ways to hide on phones Read More »

BianLian ransomware gang shifts focus to pure data extortion

The BianLian ransomware group has shifted its focus from encrypting its victims’ files to only exfiltrating data found on compromised networks and using them for extortion. This operational development in BianLian was reported by cybersecurity company Redacted, who have seen signs of the threat group attempting to craft their extortion skills and increase the pressure on …

BianLian ransomware gang shifts focus to pure data extortion Read More »

Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets

Project Zero, Google’s zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung’s Exynos chipsets used in mobile devices, wearables, and cars. The Exynos modem security flaws were reported between late 2022 and early 2023. Four of the eighteen zero-days were identified as the most serious, enabling remote code execution from the Internet to the baseband. …

Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets Read More »

Mental health provider Cerebral alerts 3.1M people of data breach

Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services. Cerebral is a remote telehealth company that provides online therapy and medication management for various mental health conditions, including anxiety, depression, ADHD, Bipolar Disorder, and substance abuse. In a ‘Notice of HIPAA Privacy …

Mental health provider Cerebral alerts 3.1M people of data breach Read More »

Major Cyberattacks in Review: February 2023

As we enter March 2023, the world continues to face a surge in cyberattacks that threaten individuals, businesses, and government agencies. The last month has already witnessed some of the most significant cyber incidents, including data breaches and ransomware attacks that have impacted millions of people and organizations worldwide. As the threat landscape continues to …

Major Cyberattacks in Review: February 2023 Read More »

Acer Breached, Hacker Selling Access to 160GB of Stolen Data

Acer has been breached by a hacker who claims to have stolen confidential data from the PC maker, including files on the company’s products.  The culprit is now selling access to the stolen files on a forum frequented by hackers. “The leak contains a total 160GB of 655 directories, and 2,869 files,” the attacker wrote …

Acer Breached, Hacker Selling Access to 160GB of Stolen Data Read More »

New TPM 2.0 flaws could let hackers steal cryptographic keys

The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys. TPM is a hardware-based technology that provides operating systems with tamper-resistant secure cryptographic functions. It can be used to store cryptographic keys, passwords, and other critical data, …

New TPM 2.0 flaws could let hackers steal cryptographic keys Read More »

Bing Chat has a secret ‘Celebrity’ mode to impersonate celebrities

A secret Bing Chat ‘Celebrity’ mode allows users to instruct the AI to impersonate celebrities, answering questions and talking like the person it imitates. Microsoft is constantly testing new, hidden features in Bing Chat that allow you to turn it into different chat modes, such as gaming, personal assistant, or a friend who can help you …

Bing Chat has a secret ‘Celebrity’ mode to impersonate celebrities Read More »

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse engineering. Cybersecurity …

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics Read More »

BidenCash market leaks over 2 million stolen credit cards for free

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. Rather than keeping it under wraps, the threat actors advertised this massive leak on an underground cybercrime forum for more extensive reach and to attract as much attention as possible. According …

BidenCash market leaks over 2 million stolen credit cards for free Read More »

Hackers Exploit Containerized Environments to Steals Proprietary Data and Software

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. “The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials,” Sysdig said in a new report. The advanced cloud attack also entailed the deployment of …

Hackers Exploit Containerized Environments to Steals Proprietary Data and Software Read More »

New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers

Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack. “Underpinning this campaign was the use of transfer[.]sh,” Cado Security said in a report shared with The Hacker News. “It’s possible that it’s an attempt at evading detections based on …

New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers Read More »

Hackers use fake ChatGPT apps to push Windows, Android malware

Threat actors are exploiting the popularity of OpenAI’s ChatGPT chatbot to distribute malware for Windows and Android, or direct unsuspecting vitims to phishing pages. ChatGPT gained immense traction since its launch in November 2022, becoming the most rapidly growing consumer application in modern history with more then100 million users by January 2023. This massive popularity and …

Hackers use fake ChatGPT apps to push Windows, Android malware Read More »

TELUS Probing Stolen Source Code and Employee Data Leak

TELUS, Canada’s second-largest telecom, is investigating a potential data breach after a threat actor claimed to have employee data and private source code repositories belonging to the company. The threat actor posted screenshots showing payroll records and private source code repositories for sale. Although TELUS has not found evidence of corporate or retail customer data …

TELUS Probing Stolen Source Code and Employee Data Leak Read More »

Fruit Giant Dole Suffers Ransomware Attack Impacting Operations

Dole Food Company, a leading provider of fresh fruits and vegetables, is currently dealing with a ransomware attack that has affected its operations. The company has stated that the impact is limited, but leaked information from a Texan grocery store suggests that the attack has forced Dole to shut down production plants in North America …

Fruit Giant Dole Suffers Ransomware Attack Impacting Operations Read More »

GoDaddy Hackers Stole Source Code, Customer Details

GoDaddy, a web hosting behemoth, said the company suffered from a multi-year breach with attackers installing malware on its servers. Unknown attackers accessed GoDaddy’s servers via cPanel shared hosting environment and installed malware, in an attack spanning several years. According to the company, the breach was discovered in December 2022, after investigating customer complaints about …

GoDaddy Hackers Stole Source Code, Customer Details Read More »

Activision Hackers Exposed Employee and Game Info

Activision has suffered a data breach, with threat actors accessing the game publisher’s corporate Slack environment and game release calendar. Activision confirmed it was breached. Researchers at VX-Underground first announced the breach, adding that Activision decided to keep the security incident under wraps. “They [the attackers] exfiltrated sensitive workplace documents, as well as content scheduled …

Activision Hackers Exposed Employee and Game Info Read More »

Coinbase Targeted by Cyberattackers using SMS phishing tactics

Cryptocurrency exchange Coinbase recently experienced a cyber attack in which attackers gained access to the company’s data. However, Coinbase claims that it caught the attack in time, preventing any loss of funds or customer information. The exchange has determined that the same group that targeted Twilio and Cloudflare is likely behind the attack. According to …

Coinbase Targeted by Cyberattackers using SMS phishing tactics Read More »

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component. The flaw affects versions 1.0.0 …

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software Read More »

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign. The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn. The malicious functionalities include the “ability to read and leak target’s contact list, SMS, voice call content, location and …

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists Read More »

Scandinavian Airlines says cyberattack caused passenger data leak

Scandinavian Airlines (SAS) has posted a notice warning passengers that a recent multi-hour outage of its website and mobile app was caused by a cyberattack that also exposed customer data. The cyberattack caused some form of a malfunction on the airline’s online system, causing passenger data to become visible to other passengers. This data includes …

Scandinavian Airlines says cyberattack caused passenger data leak Read More »

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAC, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a severe bug residing in the FortiNAC network …

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy Read More »

Mobile game with 10m+ downloads spills source code, endangers user data

The source code of Escalators, a mobile game available on Google Play Store and Apple’s App Store, was allegedly posted on several popular hacker forums. The threat actor posted a dataset of nearly 600 MB of likely stolen information. Source code leaks pose a significant security threat to developers as their intellectual property can be …

Mobile game with 10m+ downloads spills source code, endangers user data Read More »

AI-based visual editing service leaks user images and customer data

Cutout.pro, an AI media manipulation service, leaked nine gigabytes of data, including usernames and images it created using specific queries. Artificial intelligence-based tools such as ChatGPT or DALL-E have caught the attention of swaths of internet users. However, few have likely considered the security implications of uploading text or images to such tools, and a recent Cybernews discovery is …

AI-based visual editing service leaks user images and customer data Read More »

San Diego healthcare provider admits breach involving patient data

Sharp HealthCare, a San Diego-based group with ten healthcare institutions and over 18,000 employees, said certain patient information was compromised in a January breach. The company detected suspicious activity on a server that runs the Sharp.com website on January 12. An unauthorized party gained access to the server for a few hours and was able …

San Diego healthcare provider admits breach involving patient data Read More »

Researcher Successfully Hacked Toyota’s Global Network

A Florida-based cybersecurity researcher had a slow week in late October 2022 and decided to inspect the systems of various major companies for exploits. In a week, he detected four different security issues at Toyota, all of which he deemed critical. Eaton Zveare, Director of Technology at Grape Intentions, an online wine store, has a …

Researcher Successfully Hacked Toyota’s Global Network Read More »

Hackers Use Fake Crypto Job Offers to Push info-Stealing Malware

A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named ‘Enigma.’ According to Trend Micro, which has been tracking the malicious activity, the threat actors use a set of heavily obfuscated loaders that …

Hackers Use Fake Crypto Job Offers to Push info-Stealing Malware Read More »

Hackers Breach Reddit to Steal Source Code and Internal Data

Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code. The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens. After one employee fell …

Hackers Breach Reddit to Steal Source Code and Internal Data Read More »

Ransomware Attack on ION Group Impacts Derivatives Trading Market

The LockBit ransomware gang has claimed responsibility for the cyberattack on ION Group, a UK-based software company whose products are used by financial institutions, banks, and corporations for trading, investment management, and market analytics. On January 31, 2023, the firm disclosed the incident in a short statement saying that it impacted ION Cleared Derivatives, a …

Ransomware Attack on ION Group Impacts Derivatives Trading Market Read More »

Florida hospital takes IT systems offline after cyberattack

Tallahassee Memorial HealthCare (TMH) has taken its IT systems offline and suspended non-emergency procedures following a late Thursday cyberattack. While all its network systems were taken online, TMH says this attack only impacted some of them. Patients who require emergency medical services (EMS) will also be diverted to other hospitals, as TMH will only accept …

Florida hospital takes IT systems offline after cyberattack Read More »

TruthFinder, Instant Checkmate confirm data breach affecting 20M customers

PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers. TruthFinder and Instant Checkmate are subscription-based services allowing customers to perform background checks on other people. When conducting background checks, the sites will …

TruthFinder, Instant Checkmate confirm data breach affecting 20M customers Read More »

The Week in Ransomware – February 3rd 2023 – Ending with a mess

While the week started slowly, it turned into a big ransomware mess, with attacks striking a big blow at businesses running VMware ESXi servers. The attacks started Friday morning, with threat actors targeting unpatched VMware ESXi servers with a new ransomware variant dubbed ESXiArgs. The attacks were fast and widespread, with admins worldwide soon reporting that they were …

The Week in Ransomware – February 3rd 2023 – Ending with a mess Read More »

Digital taxi service offline after cyberattack

A taxi-booking service in Australia has been forced to shut down after a cyberattack, leaving disabled and child passengers temporarily stranded. Frustrated users have vented their displeasure on Twitter following the announcement on the social media platform. Another day, another business compromised by threat actors. The latest victim is Black and White Cabs, a digital …

Digital taxi service offline after cyberattack Read More »

GitHub breach: attackers cloned code signing certificates

GitHub claims unknown attackers accessed its code repositories and stole certificates for GitHub Desktop and Atom applications. GitHub, a popular hosting service for software development, notified users of an “unauthorized access” the company detected on December 7, 2022. According to GitHub, the attack only affected repositories used in the planning and development of GitHub Desktop …

GitHub breach: attackers cloned code signing certificates Read More »

Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). “Once …

Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack Read More »

Microsoft Urges Customers to Secure On-Premises Exchange Servers

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” the tech giant’s Exchange Team said in a post. “There are too many aspects of …

Microsoft Urges Customers to Secure On-Premises Exchange Servers Read More »

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort

In what’s a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) operation has been seized as part of a coordinated law enforcement effort involving 13 countries. “Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying …

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort Read More »

Peringkatan Ancaman Keamanan dan Kerentanan Sistem

Android merupakan sistem operasi telepon seluler yang menggunakan beberapa fungsi KeyguardServiceWrapper.Java dan file terkait untuk melihat secara singkat apa yang ada di bawah layar kunci yang dapat menyebabkan peningkatan hak istimewa yang dapat menyebabkan eksploitasi berkelanjutan. Lockscreen ByPass adalah upaya untuk mengeksploitasi atau memaksa perilaku tak terduga dari proses yang tidak secara langsung pada lockscreen …

Peringkatan Ancaman Keamanan dan Kerentanan Sistem Read More »

Millions affected as ransomware knocks out French telecom firm

Seven days after the breach, French telecom company La Post Mobile still hasn’t recovered from the attack by LockBit ransomware. The mobile phone network owned by the French Post was hit with a ransomware attack on 4 July, severely disrupting the company’s administrative and management services. Users trying to access La Post Mobile’s website are …

Millions affected as ransomware knocks out French telecom firm Read More »

U.S. Healthcare Orgs Targeted with Maui Ransomware

State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks. Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. Threat actors from North …

U.S. Healthcare Orgs Targeted with Maui Ransomware Read More »

Clever phishing method bypasses MFA using Microsoft WebView2 apps

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) …

Clever phishing method bypasses MFA using Microsoft WebView2 apps Read More »

Mitel zero-day used by hackers in suspected ransomware attack

Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack. Mitel VOIP devices are used by critical organizations in various sectors for telephony services and were recently exploited by threat actors for high-volume DDoS amplification attacks. In a new report by CrowdStrike, the company …

Mitel zero-day used by hackers in suspected ransomware attack Read More »

Yodel parcel company confirms cyberattack is disrupting delivery

Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. The company has not published any details about the incident, such as when it occurred or its nature but implies that customer payment information has not been affected since it …

Yodel parcel company confirms cyberattack is disrupting delivery Read More »

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs

For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through …

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs Read More »

Extortion gang ransoms Shoprite, largest supermarket chain in Africa

Shoprite Holdings, Africa’s largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. Shoprite is Africa’s largest supermarket chain, with a revenue of $5.8 billion and149,000 employees. The retailer has 2,943 stores, serving millions of customers in South Africa, Nigeria, Ghana, Madagascar, Mozambique, Namibia, …

Extortion gang ransoms Shoprite, largest supermarket chain in Africa Read More »

Microsoft patches actively exploited Follina Windows zero-day

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need …

Microsoft patches actively exploited Follina Windows zero-day Read More »

2 million patients impacted by a cyberattack on a healthcare organization

Massachusetts-based Shields Heath Care Group experienced a cyber incident that might have impacted the personal data of 2 million patients. “To date, we have no evidence to indicate that any information from this incident was used to commit identity theft or fraud,” the group said. On 28 March 2022, Shields was alerted about the suspicious …

2 million patients impacted by a cyberattack on a healthcare organization Read More »

Potent Emotet Variant Spreads Via Stolen Email Credentials

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns. Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new …

Potent Emotet Variant Spreads Via Stolen Email Credentials Read More »

‘Follina’ Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware

Several malware families are being delivered using the recently disclosed Windows vulnerability identified as Follina and CVE-2022-30190, which remains without an official patch. The vulnerability, related to the Microsoft Support Diagnostic Tool (MSDT), can be exploited for remote code execution using specially crafted documents. While the root cause of the security hole appears to have …

‘Follina’ Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware Read More »

TrojanSMS malware spreading via two malicious Android app stores

The malware spreads through push notifications, alerts, and malvertising on free video streaming, adult sites, and game-hack pages. TrojanSMS, which the company calls SMSFactory, siphons money from victims worldwide, including the US, France, and Spain, by sending premium SMS and making calls to premium-rate phone numbers. “These numbers appear to be part of a conversion …

TrojanSMS malware spreading via two malicious Android app stores Read More »

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network

The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name “NDSW/NDSX,” said that “the malware was one of the top infections” detected in 2021, accounting for …

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Read More »

Stolen credentials of US universities advertised all over the web

Criminal forums are full of recently stolen admin-level credentials from various US-based colleges and universities. Cybercriminals advertise a wide variety of US education institution credentials for sale, the FBI warned. Some credentials are sold on publicly accessible forums. “This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyberattacks …

Stolen credentials of US universities advertised all over the web Read More »

Flights cancelled over a ransomware attack on an airline

Indian low-cost airline SpiceJet was forced to cancel several flights, leaving hundreds stranded at the airport. The airline announced it suffered from a ransomware attack on the official company’s account, claiming that the incident impacted SpiceJet’s flight operations. “While our IT team has to a large extent contained and rectified the situation, this has had …

Flights cancelled over a ransomware attack on an airline Read More »

GitHub: Attackers stole login details of 100K npm user accounts

GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. The threat actor successfully breached and exfiltrated data from private repositories belonging to dozens of organizations. GitHub disclosed this security breach on April 15, …

GitHub: Attackers stole login details of 100K npm user accounts Read More »

DDoS attackers pose as REvil, sparking fear the gang is back

Attackers claim they represent the infamous REvil ransomware gang, considered defunct for months. A recent distributed denial-of-service (DDoS) attack against a hospitality firm displayed a familiar message, as the attackers named themselves REvil. A report by Akamai, a cloud networking provider, says that the company’s client was targeted with a DDoS attack. Interestingly, in the note demanding …

DDoS attackers pose as REvil, sparking fear the gang is back Read More »

Cyberattack behind Greenland’s healthcare ‘system crash’

Island nation’s health system workers fell back on using phones after a cyberattack knocked out IT systems. The chief governing body of Greenland, Naalakkersuisut, announced that a cyberattack caused IT systems to crash throughout the world’s largest island. To mitigate the issues caused by the attack, operators were forced to restart IT systems and servers that run …

Cyberattack behind Greenland’s healthcare ‘system crash’ Read More »

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found. WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, …

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover Read More »

Sysrv-K Botnet Targets Windows, Linux

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins. Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems. The goal, according to researchers, is to infect systems with cryptomining malware. …

Sysrv-K Botnet Targets Windows, Linux Read More »

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that’s executed while an iPhone is “off.” The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and …

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF Read More »

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers. Cybercriminals are promoting a new, modular malware-as-a-service offering that allows would-be attackers to choose from a cornucopia of threats via a Telegram channel that to date has more than 500 subscribers, researchers have …

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service Read More »

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found. A newly discovered and complex remote access trojan (RAT) is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the …

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks Read More »

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store

A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker’s choice, such as …

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store Read More »

Hackers Are Now Hiding Malware in Windows Event Logs

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed …

Hackers Are Now Hiding Malware in Windows Event Logs Read More »

Lincoln College Closed After 157 Years Due Ransomware Attack

Lincoln College, a liberal-arts school from rural Illinois, says it will close its doors later this month, 157 years since its founding and following a brutal hit on its finances from the COVID-19 pandemic and a recent ransomware attack. This decision was made even harder with the college having survived multiple disasters, including a major …

Lincoln College Closed After 157 Years Due Ransomware Attack Read More »

Cloud Tech Powers the Hybrid-remote Workforce — and Increases Insider Risk

Cybersecurity practitioners are sounding the alarm bells. Amplified by the not-going-away-anytime-soon Great Resignation and the here-to-stay shift to hybrid-remote work models, Insider Risk sees exponential growth. Exponential growth, lagging indicators, flattening the curve — the pandemic forced us all to get familiar with concepts like these. And these same ideas are extremely relevant to how …

Cloud Tech Powers the Hybrid-remote Workforce — and Increases Insider Risk Read More »

‘Hack DHS’ Bug Hunters Finds 122 Security Flaws in DHS Systems

The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its ‘Hack DHS’ bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to …

‘Hack DHS’ Bug Hunters Finds 122 Security Flaws in DHS Systems Read More »

Most Email Security Approaches Fail to Block Common Threats

A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs. On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware. That’s according to a survey of business customers using Microsoft 365 …

Most Email Security Approaches Fail to Block Common Threats Read More »

Hackers steal $655K after picking MetaMask seed from iCloud backup

MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple’s iCloud if app data backup is active. MetaMask is a “hot” cryptocurrency wallet used by over 21 million investors to store their wallet tokens and manage their digital assets. In cryptocurrency lingo, a seed is a secret recovery …

Hackers steal $655K after picking MetaMask seed from iCloud backup Read More »

Cisco vulnerability lets hackers craft their own login credentials

Cisco has released a security advisory to warn about a critical vulnerability (CVSS v3 score: 10.0), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) software.  The security flaw allows remote attackers to log in to target devices through the management interface without using a valid password. The bug involves the improper implementation of the …

Cisco vulnerability lets hackers craft their own login credentials Read More »

Menswear Brand Zegna Reveals Ransomware Attack

Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay. High-end Italian fashion house Ermenegildo Zegna revealed on Monday that it was the target of a ransomware attack last August — and that it managed to recover its systems from back-up without paying a ransom. The …

Menswear Brand Zegna Reveals Ransomware Attack Read More »

‘Resilient’ gang traded card fraud for ransoms, says report

A cybercriminal group once notorious for digital payment card theft is believed to have switched its focus to ransomware attacks, in a reminder of just how versatile threat actors have become. Crooks thought to be affiliated to the FIN7 group – which shot to notoriety last decade when it used malware to steal millions of …

‘Resilient’ gang traded card fraud for ransoms, says report Read More »

Hackers breach MailChimp’s internal tools to target crypto customers

Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. Sunday morning, Twitter was abuzz with reports from owners of Trezor hardware cryptocurrency wallets who received phishing notifications claiming that the company suffered a data breach. …

Hackers breach MailChimp’s internal tools to target crypto customers Read More »

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

An Android spyware application has been spotted masquerading as a “Process Manager” service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name “com.remote.app” — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group …

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers Read More »

Apple Rushes Out Patches for 0-Days in MacOS, iOS

The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs …

Apple Rushes Out Patches for 0-Days in MacOS, iOS Read More »

Spring patches leaked Spring4Shell zero-day RCE vulnerability

Spring released emergency updates to fix the ‘Spring4Shell’ zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. Yesterday, an exploit for a zero-day remote code execution vulnerability in the Spring Framework dubbed ‘Spring4Shell’ was briefly published on GitHub and then removed. However, as nothing stays hidden on the Internet, the code was …

Spring patches leaked Spring4Shell zero-day RCE vulnerability Read More »

Crypto Stealing Malware Spreads via Fake Wallet Apps

Researchers have uncovered dozens of trojanized cryptocurrency wallet apps performing malicious activities. The goal of these apps is to steal cryptocurrency funds, especially from Chinese users. The fake apps operation ESET researchers have revealed over 40 copycat websites of popular cryptocurrency wallets.  These impersonated websites are promoted via ads placed on legitimate sites, along with adverts …

Crypto Stealing Malware Spreads via Fake Wallet Apps Read More »

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments

The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. Cyberattackers are targeting uninterruptible power supply (UPS) devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are …

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments Read More »

Globant confirms hack after Lapsus$ leaks 70GB of stolen data

IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors. As part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as “some customers …

Globant confirms hack after Lapsus$ leaks 70GB of stolen data Read More »

Critical Sophos Firewall vulnerability allows remote code execution

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall. RCE bug in web administration console On Friday, Sophos disclosed a critical remote code execution vulnerability impacting Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier that the …

Critical Sophos Firewall vulnerability allows remote code execution Read More »

Hive ransomware ports its Linux VMware ESXi encryptor to Rust

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim’s ransom negotiations. As the enterprise becomes increasingly reliant on virtual machines to save computer resources, consolidate servers, and for easier backups, ransomware gangs are …

Hive ransomware ports its Linux VMware ESXi encryptor to Rust Read More »

CISA adds 66 vulnerabilities to list of bugs exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of ‘Known Exploited Vulnerabilities.’ These flaws have been observed in real cyberattacks against organizations, so they are published to raise awareness to system administrations and serve as official advisories for applying the corresponding security updates. …

CISA adds 66 vulnerabilities to list of bugs exploited in attacks Read More »

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February. North Korean threat actors exploited a remote code execution (RCE) zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according …

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch Read More »

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained “limited access” to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. “No customer code or data was involved in the observed activities,” Microsoft’s Threat Intelligence Center (MSTIC) said, adding …

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group Read More »

Windows zero-day flaw giving admin rights gets an unofficial patch, again

A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server. The locally exploited vulnerability in Windows User Profile Service is tracked as CVE-2021-34484 and was given a CVSS v3 score of 7.8. While …

Windows zero-day flaw giving admin rights gets an unofficial patch, again Read More »

Android password-stealing malware infects 100,000 Google Play users

A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download. The Android malware is disguised as a cartoonifier app called ‘Craftsart Cartoon Photo Tools,’ allowing users to upload an image and convert it into a cartoon rendering. Over the …

Android password-stealing malware infects 100,000 Google Play users Read More »