News

HPE joins Apple in warning customers of a high-severity Sudo vulnerability. Hewlett Packard Enterprise (HPE) is warning a vulnerability in Sudo, an open-source program used within its Aruba AirWave management platform, could allow any unprivileged and unauthenticated local user to gain root privileges on a vulnerable host. Rated high in severity, HPE warns the Sudo flaw …

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform Read More »

The airline announced the breach on Thursday, and the ransomware gang started a countdown clock the next day. The LockBit ransomware gang has apparently struck again, having purportedly stolen 103GB worth of files from Bangkok Airways and promising to release them tomorrow, on Tuesday. A Dark Web intelligence firm calling itself DarkTracer (apparently a separate …

LockBit Gang to Publish 103GB of Bangkok Air Customer Data Read More »

The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims’ personal information, sensitive company data and more. A serious security vulnerability in Microsoft Exchange Server that researchers have dubbed ProxyToken could allow an unauthenticated attacker to access and steal emails from a target’s mailbox. Microsoft Exchange uses two websites; one, the front end, is …

Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping Read More »

26 Agustus 2021 In a post on the RaidForums website on Tuesday, an unnamed user said they were selling a collection of 460,000 documents compiled from the user data of over two million BRI Life clients for $7,000. The post was accompanied by a 30 minute video of the documents, which included bank account details, …

Protergo Holds Webinar, Discussing Data Leakage in Indonesia Read More »

The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode. Application delivery and networking firm F5 released a baker’s dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted …

F5 Bug Could Lead to Complete System Takeover Read More »

“It’s really a gut punch, that’s for sure,” Select Board member William Kennedy said Monday The town of Peterborough, New Hampshire, said Monday that it has lost $2.3 million in taxpayer dollars as the result of a cyberattack. “It pains us to inform the residents and taxpayers of Peterborough that, like so many other towns …

New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack Read More »

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange …

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws Read More »

Google Chrome has over two billion users worldwide and dominates the web browser market. But this also makes it the prime target of hackers and now Google has issued its fourth urgent upgrade warning in two months.  In an official blog post, Google has revealed seven ‘High’ rated security threats have been discovered in Chrome with the …

Google Issues Warning For 2 Billion Chrome Users Read More »

The U.S. State Department was hit by a cyberattack and notifications of a potentially serious breach were made by the Department of Defense Cyber Command, a Fox News reporter said on Saturday. A knowledgeable source told Reuters the State Department has not experienced significant disruptions and has not had its operations impeded in any way. Fox …

U.S. State Department reportedly hit by a cyberattack in recent weeks Read More »

Researchers uncovered a new browser-based attackers from the infamous North Korean APT Hackers groups targeting the victims with the different browser exploits names as “BLUELIGHT“. InkySquid, a threat group based on North Korea and the groups broadly known as monikers ScarCruft and APT37 have recently attacked the South Korean website (www.dailynk[.]com) that is focused on …

North Korean APT Hackers Attack Victims Using MS IE & Edge Browser Exploits Read More »

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. “The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors,” SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of …

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups Read More »

A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices. Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things (IoT) devices – one that exposes live video and audio streams to …

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop Read More »

T-Mobile has confirmed “unauthorized access” to its systems, days after a portion of customer data was listed for sale on a known cybercriminal forum. The U.S. cell giant, which last year completed a $26 billion merger with Sprint, confirmed an intrusion but that it has “not yet determined that there is any personal customer data involved.” …

T-Mobile confirms it was hacked after customer data posted online Read More »

Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53’s DNS service and Google Cloud DNS. LAS VEGAS – Amazon and Google patched a domain name service (DNS) bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed …

Black Hat: Novel DNS Hack Spills Confidential Corp Data Read More »

Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology’s trust relationship with users. With the use of QR codes rising, so, too, are the numbers of scams that aim to take advantage of them. Researchers warned that threat actors …

QR Code Scammers Get Creative with Bitcoin ATMs Read More »

The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said. Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. However, …

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online Read More »

Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings. Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations. As an increasing amount …

‘Glowworm’ Attack Turns Power Light Flickers into Audio Read More »

A cyber attack that derailed websites of Iran’s transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called “Meteor.” The campaign — dubbed “MeteorExpress” — has not been linked to any previously identified threat group or to additional attacks, …

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System Read More »

A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. Dubbed “Vultur” due to its use of Virtual Network Computing (VNC)’s remote screen-sharing technology to gain full visibility on targeted users, the …

New Android Malware Uses VNC to Spy and Steal Passwords from Victims Read More »

Employee email takeover exposed personal, medical data of students, employees and patients. Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred …

UC San Diego Health Breach Tied to Phishing Attack Read More »

Majority of top vulnerabilities targeted last year were disclosed in the past two years, agencies from the United States, United Kingdom, and Australia have said, with Microsoft Office CVE dating from 2017. At the end of almost seven months in 2021, one of the 30 most exploited vulnerabilities dates from 2017, according to the US …

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities Read More »

BRI Life, the insurance arm of Indonesia’s Bank Rakyat Indonesia (BRI) (BBRI.JK), said on Tuesday it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers. Hudson Rock, a cybercrime monitoring firm, told Reuters that it had found evidence which showed that multiple computers …

Indonesia’s BRI Life probes reported data leak of 2 million users Read More »

Apple has just issued iOS 14.7.1—an urgent update that comes with an “important” security fix for an issue that is already being used by adversaries to attack iPhones. For this reason, the iPhone maker says the iOS 14.7.1 update is urgent, and it is “recommended for all users.” The issue patched in iOS 14.7.1 is a vulnerability …

iOS 14.7.1: Apple Issues Urgent iPhone Update With Important Security Fixes Read More »

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. “LemonDuck, an actively updated and robust malware that’s primarily …

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems Read More »

Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. PetitPotam is a new method that can be used to conduct an NTLM relay attack discovered by French security researcher Gilles Lionel (Topotam). This method was disclosed this week along with a proof-of-concept …

Microsoft shares mitigations for new PetitPotam NTLM relay attack Read More »

Some movement of cargo impacted.A cyber attack has disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said. Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected, three sources with direct knowledge of the matter told Reuters. Cape Town Harbour Carriers Association said in …

Cyber attack disrupts major South African port operations Read More »

The MITRE Common Weakness Enumeration (CWE) team’s latest list of most dangerous software flaws includes several that shot up in significance since 2020. Memory corruption errors remain one of the most common and dangerous weaknesses in modern software. The MITRE-operated Homeland Security Systems Engineering and Development Institute put the issue on top of its latest …

Memory Corruption Issues Lead 2021 CWE Top 25 Read More »

Digital Shadows’ Q2 ransomware report highlighted that the number of victims posted to data leak sites increased by 47% compared to Q1. More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cybersecurity firm Digital Shadows.  Out of the …

740 Ransomware Victims Named on Data Leak Sites in Q2 2021 Read More »

Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes. There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low …

MacOS Being Picked Apart by $49 XLoader Data Stealer Read More »

Phishing scams are one of the most often done owing to their simplicity and sadly, reliability as well. In the latest, researchers from ArmorBlox have discovered a new LinkedIn phishing campaign that targeted approximately 700 users through Google Workspace by hosting the phishing page on Google Forms. The phishing email itself prompted users to verify their LinkedIn accounts with …

In the latest LinkedIn phishing scam, the sender’s email address appears to be from Paul University which is based in Nigeria. Read More »

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. Researchers have spotted a weird one: A newly identified threat actor linked to China that’s first mass-attacking, but then cherry-picking, just a few targets to hit with malware and data exfiltration. …

Fake Zoom App Dropped by New APT ‘LuminousMoth’ Read More »

Despite Microsoft’s efforts, the remote code execution bug known as “PrintNightmare” remains exposed and vulnerable to exploitation on some systems. The software giant issued its monthly Patch Tuesday security release to address a total of 117 CVE-listed security vulnerabilities. Of those 117 bugs, three were zero-day vulnerabilities that were under exploitation in the wild. These include CVE-2021-34448, …

Microsoft’s ‘PrintNightmare’ lingers, requires new patches Read More »

In this modernized, technological era, there are still countless companies in Indonesia from different sectors and industries, who have not prioritized cybersecurity, nor were they aware of the many cyberattack occurrence within the country. Seeing this phenomenon, in this webinar event, Protergo collaborated with DCI to explain their joined effort in improving the security of …

Protergo Webinar Collaboration with Data Center Indonesia DCI Read More »

Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates. “Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that …

Kaseya warns of phishing campaign pushing fake security updates Read More »

24 March 2021 In an effort to suppress the transmission of COVID-19, many companies are implementing work from home. To make it easier for workers, many systems are already operating digitally and can be operated remotely.  However, without realizing it, cyber-attacks and cases of data leaks are becoming more and more common. Seeing this, Protergo …

HOW TO PROTECT OURSELVES FROM FUTURE THREATS Read More »