Cybersecurity News

Search

The U.S. Environmental Protection Agency (EPA) is currently navigating through a significant data breach, purportedly executed by a hacker known as USDoD. This breach has compromised the personal and sensitive information of over 8.5 million individuals, encompassing both clients and contractors, highlighting severe concerns around identity theft, cyber espionage, and potential impacts on environmental reporting.

Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection

A staggering 1 million WordPress sites are currently at risk due to a critical SQL injection vulnerability found in the LayerSlider plugin, a popular tool for crafting animated web content. The flaw, designated CVE-2024-2879, has been given a severe threat rating of 9.8 out of 10, posing a significant risk to site integrity and user data security.

Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks

Wiz.io, a trailblazer in cloud security, is teaming up with Hugging Face, the forefront runner in open-source AI tools, to innovate security solutions that fortify AI technologies. This partnership underscores a pivotal move towards enhancing the security fabric of AI infrastructures amidst escalating threats.

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

A sophisticated phishing campaign targets Windows users in the region, utilizing emails with ZIP attachments. These attachments unveil an HTML file that masquerades as an invoice, leading to the download of malicious files. Research from Trustwave SpiderLabs highlights that the emails come from a "temporary[.]link" domain, employing Roundcube Webmail. A deceptive error message is displayed on a site ("facturasmex[.]cloud"), which cleverly transitions to a CAPTCHA verification for visitors from Mexico, exploiting Cloudflare Turnstile.

New Malware Alert

Researchers at Proofpoint and Team Cymru have uncovered 'Latrodectus,' a sophisticated downloader involved in phishing campaigns since late November 2023. This malware exhibits advanced sandbox evasion techniques and is designed to download payloads and execute commands remotely. Evidence suggests its creators are also behind the notorious IcedID malware, with Latrodectus being utilized by initial access brokers to deploy further malicious software.

Solar Spider Spins Up New Malware

A new cyberattack campaign, believed to have ties to China, is utilizing an advanced version of the JavaScript remote access Trojan, JSOutProx, to target banks in the Middle East. This sophisticated malware, notorious for its flexibility and customizable features, allows cybercriminals to tailor attacks specifically to each victim's environment. According to Resecurity, the malware has been used to mimic SWIFT payment notifications for enterprises and MoneyGram templates for private individuals.

appin

The New Delhi-based hack-for-hire group, Appin, operated for several years, engaging in global cyber espionage and data theft for a diverse clientele including private investigators, government agencies, and law enforcement. Their activities, corroborated by Reuters and analyzed by SentinelOne, involved hacking into computers of businesses, politicians, and high-profile individuals. Appin's operations included a range of cybercrimes such as email breaches, phone and computer hacking, and data theft from various international entities. Although Appin no longer exists in its original form, its legacy continues through spinoffs and has significantly influenced the hack-for-hire market​​​​​​​​.

Google discovered a vulnerability in Intel CPUs, named "Reptar," posing a risk to numerous systems, including those in cloud environments. Reptar, a side-channel vulnerability, enables data leakage and sensitive information theft, like credit card details. It exploits Intel CPUs' speculative execution, potentially causing host machine crashes and denial of service in multi-tenant virtualized settings, alongside possible privilege escalation. Intel acknowledged the issue, releasing a patch and advising immediate device updates, while working on a long-term solution​.

multicim technologies

🎉 Big News! CareChain has successfully completed SOC 2 certification, marking a significant milestone in its commitment to ensuring the highest standards of security and privacy. Oppos Inc. assisted MultiCIM Technologies on their SOC 2 journey with the design and implementation of SOC 2 controls and provisioning of their ancillary services.

state-sponsored cyber espionage actors

State-sponsored cyber espionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.

octo tempest hacking group

Octo Tempest hacking group, involved in major attacks since 2022, is deemed highly dangerous by Microsoft due to advanced techniques and adaptability.

generative ai security challenges

Generative AI presents new security challenges, as many employees use it without authorization, amplifying shadow IT risks and raising concerns for CISOs.

HijackLoader

HijackLoader, a new modular malware loader, is gaining popularity among cybercriminals. Despite lacking advanced features and having poor code quality, it effectively delivers payloads like DanaBot, SystemBC, and RedLine Stealer. The malware uses evasion techniques and offers various loading options for malicious payloads. This trend highlights the evolving cybercrime landscape, with stealers becoming a primary initial attack vector.

Vitalik Buterin's Twitter account was hacked, leading to a loss of over $690,000. The hacker shared a post from Buterin's account promoting a malicious NFT giveaway. Users who connected their wallets to the provided link lost their funds. Buterin blamed Twitter's OTP authentication for the breach.

windows 11 vulnerability

A vulnerability in Windows 11 allows arbitrary code execution due to factors like a TOCTOU race condition and lack of Mark-of-the-Web validation. Exploited using a .theme file, this vulnerability can let attackers execute malicious commands. Microsoft has been alerted but hasn't fully addressed the issue.

HijackLoader

HijackLoader, a new modular malware loader, is gaining popularity among cybercriminals. Despite lacking advanced features and having poor code quality, it effectively delivers payloads like DanaBot, SystemBC, and RedLine Stealer. The malware uses evasion techniques and offers various loading options for malicious payloads. This trend highlights the evolving cybercrime landscape, with stealers becoming a primary initial attack vector.

TikTok faces a €345 million fine

TikTok faces a €345 million fine from the Irish Data Protection Commission for GDPR violations concerning children's data. Issues include default public content settings for child users, lack of transparency, and manipulative registration processes. Despite disagreeing with the decision, TikTok plans to redesign account registration for 16 and 17-year-olds.

ncurses programming library

The "ncurses" programming library, essential for text-based user interfaces, has been found to contain multiple memory corruption vulnerabilities. Discovered by Microsoft researchers, these flaws could lead to data leaks, privilege escalation, and arbitrary code execution.

Software company Retool

Software company Retool revealed a breach affecting 27 cloud customers due to an SMS-based social engineering attack. The breach was exacerbated by a recent Google Account cloud synchronization feature. The attack began with an SMS phishing attempt, leading to unauthorized access and a loss of $15 million in cryptocurrency for one user.

Greater Manchester Police

Greater Manchester Police (GMP) officer data, including names and photos used for ID badges, was stolen in a major hack targeting a third-party badge supplier. This incident mirrors a similar attack on London's Metropolitan Police last month. The breaches raise concerns about UK's cybersecurity measures for public safety.

Mark Cuban's crypto wallet was hacked, resulting in a loss of around $900,000 in cryptocurrency. This incident, reported by blockchain investigator Wazz, saw Cuban's funds drained in just ten minutes. While Cuban suspects a phishing attack via a fake MetaMask version, experts believe he might have made a security oversight. This is not Cuban's first crypto-related setback.

ddos attacks

In 2023, DDoS attacks remain a significant threat to businesses, potentially causing substantial financial losses. Top DDoS mitigation companies like Cloudflare, Radware, Akamai, and AWS Shield offer solutions ranging from network to application layer protection, ensuring businesses stay resilient against such cyber threats.

fileless malware

Fileless malware operates within a system's RAM, bypassing traditional defense mechanisms like antivirus and endpoint detection. Unlike conventional malware, it doesn't rely on executable files, making it stealthier. It exploits legitimate processes, often through phishing tactics.

RedLine and Vidar information stealers

Cybercriminals behind RedLine and Vidar information stealers are now using phishing campaigns with Extended Validation (EV) code signing certificates to deliver ransomware. Trend Micro's analysis indicates a shift towards multipurpose techniques. The attacks begin with phishing emails, with victims receiving malware and ransomware payloads.

okta agent

ALPHV/BlackCat ransomware operators claim responsibility for the MGM Resorts cyberattack, alleging they breached MGM's systems via the Okta platform. Okta, a leading identity and access management provider, had previously warned about potential social engineering attacks.

amazon web services

A cloud-native cryptojacking operation targets unique Amazon Web Services (AWS) offerings like AWS Amplify, AWS Fargate, and Amazon SageMaker for illicit cryptocurrency mining. Dubbed AMBERSQUID by Sysdig, the operation bypasses AWS's resource approval checks.

Morgan Stanley

A new chapter for Oppos! We're honored to be part of Morgan Stanley's 2023 Inclusive Ventures Lab.

NodeStealer 2.0

Burger King France faces a data leak scare! A misconfiguration in their site exposed sensitive data, potentially leading to a cyberattack.

Beware of malicious npm packages targeting developers! Cybersecurity researchers have discovered packages designed to exfiltrate sensitive information, potentially related to a targeted campaign in the cryptocurrency sector.

Beware of the evolving Magniber Ransomware targeting Windows users! Originally exploiting Internet Explorer vulnerabilities, it now poses as a Windows security update package in Edge and Chrome browsers.

NYC Couple Pleads Guilty to Money Laundering

A married couple from NYC has pleaded guilty to money laundering charges linked to the 2016 Bitfinex cryptocurrency exchange hack, resulting in the theft of 120,000 bitcoin.

Russian cybersecurity hero Ilya Sachkov faces a 14-year prison sentence for alleged treason. As the founder of Group-IB, he exposed cybercrime operations in Russia.

phishing attack exploiting a zero-day flaw in Salesforce

Beware of the latest sophisticated phishing attack exploiting a zero-day flaw in Salesforce's email and SMTP services. Cybercriminals use legitimate @salesforce.com addresses to dupe users into sharing their credentials on Facebook.

NYC Couple Pleads Guilty to Money Laundering

A married couple from NYC has pleaded guilty to money laundering charges linked to the 2016 Bitfinex cryptocurrency exchange hack, resulting in the theft of 120,000 bitcoin.

Hackers are exploiting a Windows policy loophole to forge kernel-mode driver signatures, enabling them to load malicious drivers without verification. Cisco Talos discovered the weakness, which bypasses Windows certificate policies. Microsoft has taken steps to mitigate the threat, but the vulnerability poses a significant risk.

Rekoobe

Rekoobe, a backdoor targeting Linux environments, is actively exploited by the Chinese threat group APT31. AhnLab Security Emergency Response Center (ASEC) has identified and analyzed multiple Rekoobe variants.

OpenAI has launched the GPT-4 API, making it available to developers. GPT-4 offers significant improvements over its predecessor, GPT-3.5, including the ability to handle text and image inputs and generate code.

Apple has issued a critical security alert urging iPhone, iPad, and Mac users to update their devices immediately. The Rapid Security Response update addresses a software vulnerability in Safari WebKit that could lead to arbitrary code execution.

A Windows policy loophole allows threat actors, primarily native Chinese speakers, to forge signatures on kernel-mode drivers, granting complete access to compromised systems.

DDoS attacks have surged by 168% on government services, with an 83% YoY increase in the telecommunications sector, according to StormWall's Q2 2023 Report. Discover key insights into the evolving cyber threat landscape and learn how to bolster DDoS protection measures in the face of escalating attacks.

Microsoft's July security update

Microsoft's July security update addresses 130 vulnerabilities, with five actively exploited. The flaws impact various products like Windows, Office, .Net, and Azure Active Directory. Critical and moderate severity issues include remote code execution, security bypass, privilege escalation, and more.

New fileless attack PyLoose

New fileless attack named PyLoose has emerged, targeting cloud workloads to deliver a cryptocurrency miner. Security researchers at Wiz discovered the Python-based attack, which loads an XMRig Miner directly into memory using memfd, a Linux fileless technique.

Some 340,000 FortiGate SSL VPN appliances remain exposed to the threat more than three weeks after Fortinet released firmware updates to address the issue.

Honda's e-commerce platform

Honda's e-commerce platform for power equipment, marine, and lawn & garden products had major vulnerabilities that exposed customer data. Security researcher Eaton Zveare discovered flaws allowing unauthorized access and data leakage. Although Honda acknowledged the issues, no bug bounty program was in place.

BreachForums

BreachForums, a notorious cybercrime and hacking forum, has resurfaced under the control of the infamous hacking group ShinyHunters. This development raises concerns among cybersecurity experts and law enforcement agencies worldwide.

GitHub accounts

Fraudulent cybersecurity company creates fake GitHub accounts pushing malicious repositories with fake zero-day exploits. Exercise caution when downloading code and scrutinize it for security risks.

VMware ESXi

A Chinese threat actor exploited a zero-day authentication bypass flaw in VMware ESXi, enabling privileged commands on guest virtual machines. The vulnerability, disclosed to VMware by Mandiant, allows file transfers without guest credentials. The threat actor, UNC3886, utilized a sophisticated attack chain, including backdoors and lateral movement techniques.

smart cards

Researchers have discovered a new method for extracting cryptographic keys from smart cards and smartphones by recording footage of power LEDs using surveillance cameras or iPhones. This innovative side-channel attack exploits physical signals emitted by devices during cryptographic calculations. Although there are limitations to these attacks, they highlight a breakthrough in side-channel attack techniques.

Microsoft's June 2023 Patch Tuesday update addressed 69 vulnerabilities, including critical flaws in Exchange and SharePoint Server. While no zero-day vulnerabilities were disclosed, organizations should prioritize patching critical bugs, such as the SharePoint Server elevation of privilege vulnerability.

Severe security vulnerabilities have been discovered in Microsoft Azure Bastion and Azure Container Registry, leaving them susceptible to cross-site scripting (XSS) attacks. These vulnerabilities could lead to unauthorized data access, modifications, and disruptions. Threat actors could exploit weaknesses in the postMessage iframe to inject malicious JavaScript code and compromise sensitive data.

A massive phishing campaign impersonating popular brands, including Nike, Puma, and Adidas, has been discovered, utilizing over 6,000 scam websites. The attackers employ brand names combined with random country names in domain names to deceive users. Users are urged to verify website legitimacy, watch for suspicious domain names, and exercise caution when encountering unusually good deals.

Temporary phone numbers

In today's interconnected digital world, protecting our privacy is crucial. Temporary phone numbers offer privacy and convenience by acting as an intermediary for verification. They safeguard personal information, manage multiple accounts, and separate online and personal communications.

Researchers have discovered the first instance of automated SaaS ransomware extortion, indicating a growing interest among threat actors in targeting data from software-as-a-service providers.

Microsoft Visual Studio

#CybersecurityAlert: A bug in Microsoft Visual Studio installer is causing a stir in the cyber world! This flaw allows attackers to masquerade as legit software publishers, enabling them to infiltrate development environments, take control, poison code, and steal valuable intellectual property.

CannabisWiki Conference & Expo Panel

Join Darace Rose, an industry expert, at the CannabisWiki Conference & Expo on June 14th, as she shares valuable insights and trends in the ever-evolving cannabis landscape. Don't miss this opportunity to gain knowledge and network with fellow enthusiasts in the industry.

Canadian Women in Cybersecurity Conference! 💻

Join us on May 30, 2023, as we celebrate the power of diversity at the Canadian Women in Cybersecurity Conference! Get ready for inspiring keynotes, thought-provoking panels, hands-on technical reviews, and engaging in-person and virtual experiences.

Microsoft Visual Studio

Mullvad VPN’s office in Gothenburg was raided by Swedish police for user data, but the VPN provider was able to show that they do not store customer data. Mullvad is known for its strict privacy policy, recently launching a privacy-focused web browser and being named the best VPN service by Wirecutter in March.

Google Chrome Drops Browser Lock Icon

Google Chrome is retiring the lock icon used to indicate an HTTPS-secured connection between the website, Chrome, and the network, replacing it with a more neutral tune icon. The move is intended to make permission controls and security information more accessible to users, while avoiding any misunderstandings regarding the lock icon's meaning.

Operation SpecTor has led to the arrest of 288 vendors and the seizure of over $53.4 million, 850 kg of drugs, and 117 firearms in a coordinated international action against drug trafficking on the dark web. The operation, which involved nine countries, represents the highest number of arrests and funds seized in any international crackdown.

Card Skimmers and ATMs Used to Drain EBT Accounts in SoCal

Thirteen people were arrested for stealing millions of dollars from low-income Southern California residents by draining electronic benefit transfer (EBT) accounts through card skimmers and ATMs. The LAPD's investigation continues, and the suspects are believed to be part of a Romanian syndicate known for targeting economically vulnerable people.

DNA Sequencing Equipment Vulnerability

The recent vulnerability in Illumina's gene sequencers highlights the need for strong cybersecurity measures in the medical field. While the vulnerability raises the possibility of attackers targeting medical research facilities, it also demonstrates the effectiveness of reporting medical device vulnerabilities. Healthcare organizations need to be vigilant and prioritize the cybersecurity of their devices.

Chinese Hacker Group Earth Longzhi Resurfaces

Chinese state-sponsored hacking group Earth Longzhi, a subgroup of APT41, has resumed its cyber espionage activities after six months of inactivity. The group has been targeting government, healthcare, technology, and manufacturing entities in Taiwan, Thailand, the Philippines, and Fiji, using advanced malware tactics such as DLL sideloading and "stack rumbling." Stay vigilant and protect your organization from these cyber threats.

3 tips to strengthen aws container

Containers are crucial for any cloud application, but they come with security risks. Fortra’s Alert Logic team provides three ways to enhance your Amazon Web Services (AWS) container security, including setting table stakes, monitoring container registries, and understanding the AWS shared responsibility model. Protect your entire container ecosystem and keep malicious web actors at bay.

Beware of the surge in malicious campaigns that exploit Telegram bots to spread malware. According to Cofense Intelligence, there has been a significant increase in phishing attacks and credential theft in Q1 of 2023, highlighting the need for organizations to stay vigilant and update their security measures.

Joint Effort by US and Ukrainian Law Enforcement Authorities Led to Seizure of 9 Crypto Laundering Sites used by Ransomware Gangs. This coordinated takedown is a significant step towards disrupting the underground digital infrastructure that facilitates illegal activities by cybercriminals.

Google Passkeys

Exciting news! Google's new passwordless sign-in with Passkeys is now available across all platforms, making your account more secure than ever.

Houzez WordPress theme

Hackers are exploiting two high-risk vulnerabilities in the Houzez WordPress theme and plugin commonly used by real estate websites. Stay vigilant!

The notorious cyber-espionage group Iron Tiger (aka Emissary Panda or APT27) has expanded its SysUpdate malware framework to target Linux-based systems. The malware abuses system services, grabs screenshots, executes commands, and more.

BlackLotus

BlackLotus becomes the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape.

Mobile banking malware

Mobile banking malware is on the rise, with over 200,000 new installers discovered by Kaspersky Lab's cybersecurity researchers in 2022, marking the highest surge in the past six years.

cyberattacks

As cyberattacks on cloud environments rise, some cloud services lack adequate logging for forensics. What happened in that cyberattack? With some cloud services, you may never know.

Security firm BitSight

Security firm BitSight suspects that a botnet called Mylobot is behind BHProxies, a residential proxy service that allows users to route their web traffic anonymously through compromised computers. The malware includes over 1,000 hard-coded domain names, some of which overlap with those used by BHProxies.

Law firms are being targeted with GootLoader and FakeUpdates malware. GootLoader, active since 2020, is a first-stage downloader that can deliver various secondary payloads.

The U.S. Marshals Service is investigating a ransomware attack on a stand-alone system, which has compromised sensitive information. Employees are urged to be vigilant.

MFA

As MFA adoption rises, cybercriminals are doubling down on bypassing it, resulting in a steady stream of compromises. Learn about MFA flooding, proxy attacks, and session hijacking.

GoDaddy

GoDaddy's multi-year breach exposes spear-phishing risks to businesses. Intruders stole customer and employee credentials, source code, and foisted malware on customer sites.

R3NIN sniffer malware

New threat to e-commerce consumers: R3NIN sniffer malware can steal payment card data and PII from hacked merchant sites.

BidenCash

BidenCash, a notorious dark web carding marketplace, leaks over 2 million valid credit cards worldwide as part of their birthday anniversary promotion.

Ransomware attack on Dish Network's IT systems

Ransomware attack on Dish Network's IT systems disrupts internal communications and call centers, potentially compromising personal data.

New data reveals that T-Mobile faced over 100 cyber attacks in 2022, with cybercriminals using SIM-swapping to steal personal information. Stay vigilant against phishing attempts.

Lucky Mouse

Canadian businesses beware: Lucky Mouse expands their SysUpdate toolkit to target Linux devices with new evasion features.

MyloBot

A sophisticated botnet known as MyloBot has compromised thousands of systems, with most of them located in India, the U.S., Indonesia, and Iran.

Cybercrime is becoming more standardized globally, and Europe is no exception. While attackers use the same techniques as their counterparts worldwide, their motivations may differ.

Samsung recently unveiled a cutting-edge addition to their feature suite, known as Message Guard. This new feature is specifically designed to offer an enhanced level of security to users against malware and spyware.

Coinbase, one of the largest cryptocurrency exchanges in the world, has reported a cybersecurity incident that targeted its employees with an SMS phishing attack (Smishing) using persistent social engineering tactics.

BEC

BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.

Corporate networks

Corporate networks have become more complex and distributed, making it challenging to detect unknown attack patterns. With increasing cybersecurity threats and a talent shortage, organizations are turning to predictive analytics and Machine Learning-driven network security solutions to monitor and secure their networks against cyber threats.

GSPIMS

The Global Supplier Preparation Information Management System, or GSPIMS, of Toyota, was breached by a security researcher using a backdoor. After 90 days, the hacker dutifully alerted the company about the breach.

CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to help victims of ESXiArgs ransomware. It has been dubbed SXiArgs-Recover.

Apps like Telegram, WhatsApp, and Discord

Apps like Telegram, WhatsApp, and Discord are a hotbed of cybercriminal communication and scams. The Dutch national police shut down the criminal messaging service Exclu in conjunction with a sweeping crackdown that included 79 searches and 42 arrests in the Netherlands, Germany, and Belgium.

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

The U.S. National Institute of Standards and Technology (NIST) has declared that the Ascon family of authenticated encryption and hashing algorithms will be standardized for use in lightweight cryptography applications.

CISA Offers Recovery Tool for ESXiArgs Ransomware Victims

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced a new tool, called SXiArgs-Recover, to assist individuals affected by ESXiArgs ransomware.

Cybercriminals Target Telecom Provider Networks

Experts predict that the growing reliance on mobile devices for multi-factor authentication and the widespread adoption of 5G and VoIP technology could lead to a surge in attacks in the future.

bianlian

The BianLian Ransomware group has set its sights on organizations worldwide, with a particular focus on Australia, the United States, and the United Kingdom.

roaming mantis malware

The Roaming Mantis malware distribution campaign has updated its Android malware to include a DNS changer, which alters the DNS settings on vulnerable WiFi routers to spread the infection to other devices.

Cybercriminals Target Telecom Provider Networks

Experts predict that the growing reliance on mobile devices for multi-factor authentication and the widespread adoption of 5G and VoIP technology could lead to a surge in attacks in the future.

Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner

Yum! Brands, the operator of fast food chains KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill, has been hit by a ransomware attack which resulted in the closure of 300 locations in the United Kingdom.

mailchimp

Mailchimp, a widely used email marketing and newsletter service, has revealed another security breach that allowed attackers to access an internal support and account admin tool, gaining information about 133 customers.

ics

Cyber attackers are expanding their efforts to target critical infrastructure, complicating the threat landscape and causing industrial organizations to reassess their security measures.

chatgpt

The sophisticated AI bot can create malware without any malicious code, making it difficult to defend against.

paypal

PayPal states that the issue did not arise from a breach in their systems, as there is no evidence indicating that the user information was obtained directly from them.

Massive Ad Fraud Scheme Shut Down

The ad fraud was uncovered during the researchers' examination of an iOS app that had been severely affected by an app spoofing attack.

New 'Hook' Android malware

Cybercriminals are marketing a new Android malware called 'Hook,' claiming that it can take control of mobile devices in real-time via VNC (virtual network computing).

New Research Delves into the World of Malicious LNK Files and Hackers Behind Them

Cybercriminals are turning to malicious LNK files as a common means of gaining access and deploying harmful payloads such as Bumblebee, IcedID, and Qakbot.

Vulnerable Historian Servers Imperil OT Networks

These specialized servers that gather and store information on device operation frequently bridge the gap between IT and OT networks.

Cisa exchange flaw

Today, the CISA added two additional exploited defects to its list. CVE-2022-41080 is a Microsoft Exchange elevation of privileges flaw that can be coupled with CVE-2022-41082 ProxyNotShell to execute remote code.

Darknet turns turns to android

Darkweb drug markets are using custom Android apps to boost privacy and elude law enforcement. These apps allow shop customers to contact with drug dealers and provide delivery instructions.

hacker forum posted twitter hacked account information

Over 5.4 million Twitter user data including private information were posted on a hacker forum. A security researcher uncovered another big, potentially more significant data dump of millions of Twitter records, illustrating how widespread threat actors misused this bug. The hacked data includes private phone numbers and email addresses.

microsoft

Microsoft revealed four macOS ransomware families: KeRanger, FileCoder, MacRansom, and EvilQuest. "While these malware families are old, they exemplify the range of capabilities and malicious behavior on the platform," the tech giant's report said.

At its peak in November 2022, the cloud threat actor group created three to five GitHub accounts per minute, totaling over 130,000 bogus accounts across Heroku, Togglebox, and GitHub. In September, 1,652 GitHub accounts were created, followed by 20,725 in November. There are 100,723 unique Heroku accounts.

artificial intelligence and cybersecurity

AI has various uses, including cybersecurity. AI and machine learning can stay up with hackers, automate threat detection, and respond more effectively than software-driven or manual procedures.

BitRat malware stole bank information

A new malware campaign uses stolen bank information as bait in phishing emails to drop BitRAT. The unknown enemy compromised a Colombian cooperative bank's IT infrastructure to construct dummy emails to trick victims into accepting suspicious Excel attachments.

Flipper Zero phishing attacks

A new phishing campaign exploits the growing interest in Flipper Zero to steal personal information and cryptocurrency. Flipper Zero is a portable, multi-functional hacking tool. The tool supports RFID emulation, key cloning, radio communications, NFC, infrared, Bluetooth, and more.

Wabtec Corporation, a U.S. rail and locomotive business, announced a data breach that exposed personal and sensitive information. Wabtec manufactures locomotives and rail systems in the U.S. The company employs 25,000 employees in 50 countries and is the world's leader in freight locomotives and transportation.

sickkid canada was attacked by ransomware lockbit

LockBit ransomware group releases free decryptor for SickKids - a teaching and research hospital in Toronto, stating a member violated rules by assaulting the hospital. The hospital's internal and corporate systems, phone lines, and website were hit by ransomware on December 18.

Earspy spying android users

A team of researchers discovered an Android eavesdropping technique that can recognize the caller's gender, identity, and private communication. EarSpy is a side-channel exploit that captures motion sensor data from mobile device ear speakers to eavesdrop.

malware steals 8 million dollars from trojanized bitkeep app

Multiple BitKeep crypto wallet users reported that hackers emptied their wallets during Christmas. BitKeep is a multi-chain web3 DeFi wallet that supports 30 blockchains, 76 mainnets, 20,000 decentralized apps, and 223,000 assets. Over 8 million people in 168 countries use it for asset management and transactions.

Louisiana hospital cyberattack data breach

The Lake Charles Memorial Health System (LCMHS) is notifying thousands of patients of a data breach. LCMHS has a 314-bed hospital, a 54-bed women's hospital, a 42-bed behavioral health hospital, and an uninsured primary care clinic.

Bitcoin.com crypto attack cryptocurrency

BTC.com, one of the world's largest cryptocurrency mining pools, was attacked, and approximately $3 million in crypto assets were stolen. BTC.com has 2.6% of the network's overall hashrate, according to its mining pool tracker.

EU privacy watchdog check tweeter massive data leak

The Irish Data Protection Commission (DPC) is investigating a large Twitter data leak after hearing last month that 5.4 million user records were stolen on a hacking forum. This data was taken via an API flaw. Twitted was repaired in January and scrapes public and private info.

Guardian newspaper was hit by a ransomware

The Guardian suspected a ransomware attack. It started as a "severe issue" that disrupted "behind-the-scenes services" in the last 24 hours. The firm said it would continue publishing to its website, one of the most frequented in the world, and was "confident" it could still publish physical papers.

Queensland university of technology IT shutdown

A cyberattack at Queensland's second-largest university prompted printers to spill malware notes. As a precaution, the Queensland University of Technology shut down various IT systems. "Royal is the newest ransomware, and less is known about it and its operators," U.S. authorities said two weeks ago.

okta source code hacked after github were compromised

Okta's private GitHub repositories were hacked this month, the company says. Threat actors stole Okta's source code, according to a 'secret' email warning discovered by BleepingComputer.

cryptocurrency and banks are targeted by a virus

Android banking virus called 'Godfather' trojan targets 16 nations, stealing account information for 400 online financial services and cryptocurrency exchanges. Malware generates login screens overlaid on banking and crypto exchange app login forms, misleading users into inputting credentials on HTML phishing pages.

Ukraine delta military is targeted by malware

A compromised Ukrainian Ministry of Defense email account sent phishing emails and instant messages to 'DELTA' users to infect systems with malware. DELTA is a technology designed by Ukraine and its partners to track enemy forces' movements.

H hotel in germany attacked by play ransomware

The Play ransomware group attacked H-Hotels, causing communication failures. H-Hotels has 60 hotels with 9,600 rooms in Germany, Austria, and Switzerland. The 2,500-person hotel chain is one of the largest in the DACH region, operating under 'H-Hotels' and the sub-brands Hyperion, H4 Hotels, H2 Hotels, H + Hotels, H.ostels, and H.omes. H-Hotels said the cyberattack happened on December 11, 2022.

google email security Gmail add clients side encryption

Google's client-side encryption for Gmail is in beta for Workspace and school clients as part of efforts to safeguard web-based correspondence. Concerns about internet privacy and data security are at an all-time high, making this a welcome shift for people who respect their personal data. Google Workspace Enterprise Plus, Education Plus, and Education Standard clients can apply until January 20, 2023. Google personal accounts can't access it.

Saudi Arabia updated their cyber security defense

RIYADH: According to the CEO of a leading digital security company, companies in Saudi Arabia and globally should attest to having up-to-date cyber defenses. Eugene Kaspersky, CEO and cofounder of IT security company Kaspersky, told Arab News in an exclusive interview that governments should regulate cybersecurity systems and require businesses to follow guidelines like they do for fire hazards.

saudi arabia spying using ex twitter employee

A former Twitter employee was sentenced to 3.5 years in prison for spying for Saudi Arabia by disclosing user data. Ahmad Abouammo, 45, was convicted of money laundering, fraud, fabricating records, and being a foreign agent in August.

Japanase lawmakers has been targeting for cyber attack

MirrorFace, a hacker gang, has been targeting Japanese lawmakers for weeks before the House of Councilors election in July 2022. ESET uncovered the campaign because to hackers' missteps that left traces.

cyber attack in fire rescue Victoria

Fire Rescue Victoria [FRV] is dealing with a significant IT outage and a cyber assault. Due to a computer breakdown, FRV is alerting firemen to crises by mobile phone and radio. Preliminary investigations indicated the service was targeted by "an external third party"

Twitter allegedly failed to report a data breach that occurred in 2021

Los Angeles-based cyber expert, Chad Loder, founder of a cyber security awareness company called Habitu8, on November 23, warned users, of an alleged data breach affecting twitter that happened around 2021 that was not reported.

vendor of Uber was hacked

A threat actor disclosed employee email addresses, company reports, and IT asset information stolen from a third-party vendor. 'UberLeaks' began exposing Uber and Uber Eats data on a hacking forum infamous for data breaches early Saturday.

California department of finance was attack

The California Department of Finance faces cyberattack. According to the Governor's Office of Emergency Services, no state money was affected. Russian-affiliated ransomware gang LockBit said the California Department of Finance was a victim.

twitter faced data breach

Twitter stated today that the new release of millions of member accounts, including phone numbers and email addresses, originated from the same data breach announced in August 2022. Twitter's incident response team believes user data released in November 2022 was obtained using the same vulnerability before it was addressed in January 2022.

new screen recording from microsoft

Microsoft adds a built-in screen recorder to Windows 11's Snipping Tool, allowing users to capture desktop videos without a third-party app. The upgrade is being rolled out in phases to Windows Insiders in the Dev Channel and requires Snipping Tool version 11.2211.35.0.

zombinder ties to genuine android apps

A darknet platform called 'Zombinder' allows threat actors to link malware to legitimate Android apps, infecting victims while retaining full app functionality to elude suspicion. ThreatFabric found dangerous Windows and Android operations sharing various malware families.

Icloud end to end encryption

Apple on Wednesday revealed additional encryption capabilities for iCloud backups and a feature to help users authenticate identities in Messages. The 2023 security changes include Advanced Data Protection for iCloud, which encrypts iCloud backups end-to-end.

Amnesty international Data breach in canada

Amnesty International Canada reported a security intrusion in early October tied to a Chinese-sponsored threat group. The international human rights NGO noticed suspicious activity on its IT infrastructure on October 5.

Pwn2Own Toronto 2022 Samsung galaxy S22 Hacked

During the first day of Pwn2Own Toronto 2022, contestants hacked the Samsung Galaxy S22 twice. STAR Labs was the first to exploit a zero-day on Samsung's flagship handset, winning $50,000 and 5 Master of Pwn points. Chim also demonstrated a successful exploit targeting the Samsung Galaxy S22, receiving $25,000 (50% of the second round reward) and 5 Master of Pwn points.

cyber crimes are normal as per Gen z

According to a new EU-funded study, many adolescent internet users engage in cybercrimes such as money mulling, digital piracy, and hate speech. The UEL research was funded by the bloc's Horizon budget and conducted with Europol's cybercrime center. It polled 8000 16-19-year-olds about 20 internet behaviors. The Guardian, which saw the research, said half engaged in unlawful activities.

tech business and cyber threat

Manufacturers raised operational technology (OT) security concerns. Providing access to third parties for remote monitoring and maintenance (33%). Respondents also cited IT versus OT security (26.8%) and an increased attack surface due to OT convergence (21.4%).

Mitsubishi electric news

U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of various vulnerabilities in Mitsubishi Electric GX Works3 engineering software. GX Works3 is used in ICS systems to upload and download programs from/to the controller, debug software and hardware issues, and perform maintenance.

IBM clouds supply chain

A vulnerability in IBM Cloud Databases for PostgreSQL that might have exposed customers to supply chain attacks has recently been addressed by IBM. The flaw was identified by cloud security company Wiz researchers, who gave it the name Hell's Keychain. It is a "first-of-its-kind supply-chain attack vector targeting a cloud provider's infrastructure," according to the company.

Cybersecurity news get oppos inc toronto canada

Acer released a firmware upgrade to fix a security vulnerability that might disable UEFI Secure Boot. CVE-2022-4020 affects Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker said the vulnerability might change Secure Boot settings by generating NVRAM variables. ESET researcher Martin Smolár discovered the weakness. He previously reported Lenovo flaws.

Lastpass encountered another data breach

Another security breach involving the LastPass password management service found attackers gaining access to some of its users' personal information.

medibank data breach

The cybercriminals responsible for the Medibank cyberattack have released what looks to be the last of the customer data they stole from the health insurance company on the dark web, claiming that the theft is "closed."

Australia passed data breach law

The Australian government passed a bill that enhances penalties for significant data breaches. Maximum penalty have been increased from AU$2.22 million to AU$50 million, or 30% of an entity's adjusted turnover in the relevant period, whichever is greater.

facebook faces fine for data breach

Meta Platforms was fined €265 million ($277 million) by Ireland's Data Protection Commission (DPC) for failing to protect the personal data of more than 500 million Facebook users. The fines follow an inquiry by the European regulator on April 14, 2021, after a leak of a "collected dataset of Facebook personal data" This included 533 million users' phone numbers, birthdates, locations, email addresses, gender, marital status, account creation date, and other profile details.

data breach attack confirmed by north carolina college

North Carolina's Guilford College revealed ransomware perpetrators seized student, faculty, and staff data. A campus official said the attack happened in October and police were contacted. The school disconnected its networks and contacted outside security specialists to investigate.

hacker forum posted twitter hacked account information

Over 5.4 million Twitter user data including private information were posted on a hacker forum. A security researcher uncovered another big, potentially more significant data dump of millions of Twitter records, illustrating how widespread threat actors misused this bug. The hacked data includes private phone numbers and email addresses.

Elon confirms end to end encryption in twitter 2.0

Twitter CEO Elon Musk confirmed E2EE for direct messages. Musk envisions Twitter 2.0 as an "everything app" Musk's slide deck mentions long-form tweets and payments.

data breach attack confirmed by virginia county

Southampton County, Virginia, began notifying residents last week that their personal information may have been hacked by ransomware. A threat actor encrypted data on a Southampton server in September. The county claims it swiftly contained the ransomware attack and initiated an investigation to discover what data was compromised.

Cybersecurity in Ecommerce

Client-side cross-site scripting embeds harmful code. When a customer visits the site, the code executes and gathers personal, financial, and session data. Cybercriminals inject code to skim credit card info when e-skimming. Security software and apps can tighten your defenses and prevent attackers from exploiting client-side vulnerabilities.

30M netted from cybercriminals from Interpol

Interpol seized $130 million in virtual assets in a global campaign on cybercrime and money laundering. Between June 28 and November 23, 2022, the international police operation HAECHI-III resulted in 975 arrests and the closure of 1,600 cases. South Korea wanted them for allegedly embezzling €28 million from 2,000 victims in a Ponzi scam.

Openvpn android app modified by hackers

A cyberespionage threat actor has been luring users with bogus VPN software for Android since at least 2017. Researchers believe the campaign "highly targeted" contact and phone data, device location, and app messages.

coinbase and metamask cyberattack

A phishing campaign is stealing cryptocurrency from Coinbase, MetaMask, Crypto.com, and KuCoin by bypassing multi-factor authentication. Threat actors utilize Microsoft Azure Web Apps to host phishing sites and entice victims to them with fake transaction confirmation requests or suspicious activity alerts.

crypto scheme

Two Estonians were arrested in Estonia on Sunday after being indicted in the U.S. for a $575 million bitcoin Ponzi scam. Sergei Potapenko, 37, and Ivan Turgin, 37, are accused of scamming hundreds of thousands of victims between December 2013 and August 2019. They allegedly laundered victims' money through shell businesses, bank accounts, virtual asset services, and cryptocurrency wallets.

mustang panda to attack asia pacific

Mustang Panda is tied to spear-phishing assaults against the government, education, and research sectors worldwide. Myanmar, Australia, the Philippines, Japan, and Taiwan were among the countries targeted from May to October 2022, Trend Micro claimed.

maple leaf cyberattack

Maple Leaf foods was recently hit with a cyber attack that resulted in system outages and disruptions of business operations. The incident was announced on Sunday November November 6th and since then the firm’s IT staff has taken immediate action to resolve the situation. According to Maple Leaf's statement: "The company is executing its business continuity plans as it works to restore the impacted systems,"

Windows advised developers stays away

Microsoft has recommended developers still using .NET Core 3.1 LTS upgrade to the latest version before next month's EOS. Customers were cautioned to update to .NET 6 (LTS) or .NET 7 "as soon as feasible" before .NET Core 3.1 (LTS) hits EOS on December 13, 2022. Dominique Whittaker, Senior Program Manager for .NET Core and .NET Native, warned in July that Microsoft will halt technical support and updates after EOS.

5 million data AirAsia stolen

#Daixin Team exposed sample #AirAsia data on its data leak portal. Threat actors claim to have five million passengers' and all workers' personal data.

russian suspects accused of running zlibrary

Anton Napolsky (33) and Valeriia Ermakova (27) were accused with IP offences related to Z-Library, a pirate eBook repository. The suspects were arrested in Argentina on November 3, 2022, at U.S. request. The DOJ and FBI confiscated Z-clearnet Library's domains (z-lib.org, b-ok.org, and 3lib.net) a day later, but the operators' fate was unknown.

europe is the new target of north korean hackers

North Korean hackers use a new DTrack backdoor to attack European and Latin American firms. DTrack is a modular backdoor with a keylogger, screenshot snapper, browsing history retriever, running process snooper, and more.

privacy sandbox release for android 13

Google will begin handing out Privacy Sandbox on Android 13 smartphones in early 2023. Google introduced Privacy Sandbox for Android in February to prevent user monitoring while giving marketers performance-measurement alternatives.

instagram facebook suspended in turkey

After yesterday's tragic blast on Istanbul's stiklal Avenue, Turkish authorities restricted access to Instagram, Facebook, Twitter, YouTube, and Telegram and imposed a nationwide broadcast restriction. After bomb, Turkish ISPs censor social media Sunday, November 13th, social media reported a bomb blast on Istanbul's stiklal boulevard. The explosion, now labeled a terrorist act, reportedly occurred at 4:20 PM local time near Taksim Square, killing 8 and injuring 81.

failed upgrades windows kerberos

Microsoft is investigating a new known vulnerability affecting Kerberos sign-in failures and other authentication problems after downloading cumulative Patch Tuesday upgrades. All Windows versions above Windows 2000 use Kerberos instead of NTLM for domain-connected devices.

android location monitoring leads google to 319M penalty

Google has agreed to pay $391.5 million to settle a privacy lawsuit filed by a coalition of attorneys general from 40 U.S. states. The settlement shows that the U.S. attorneys general discovered while investigating a 2018 Associated Press article that the search giant misled Android users and tracked their locations since at least 2014 even when they thought location tracking was disabled.

Venus ransomware targeting healthcare organizations

HHS warns that Venus ransomware is also targeting healthcare companies HHS' security team indicates at least one incidence when Venus ransomware was deployed on a U.S. healthcare organization's network in an HC3 analyst report.

Icexloader phishing emails

Phishing campaign has infected thousands of home and corporate users with IceXLoader. IceXLoader, a malware loader first identified this summer, has been updated with a multi-stage delivery chain.

Android phone lock screen bypass

David Schütz accidentally bypassed the lock screen on his fully patched Google Pixel 6 and Pixel 5 smartphones, allowing anyone with physical access to open them. Exploiting the Android lock screen vulnerability is a simple five-step process that takes minutes. Last week's Android update patched a security flaw that had been exploitable for at least six months.

lockbit 3.0

LockBit 3.0 affiliates use phishing emails to install Amadey Bot and encrypt devices. According to a new AhnLab investigation, the threat actor targets firms with phishing emails that seem like job offers or copyright notices. LockBit 3.0 is distributed as an obfuscated PowerShell script or executable to encrypt files.

Google chrome news

Cloud9, a new Chrome browser botnet, uses malicious extensions to hijack online accounts, log keystrokes, insert advertising and malicious JS code, and launch DDoS assaults. Cloud9 is a remote access trojan (RAT) for the Chromium web browser, including Google Chrome and Microsoft Edge.

Q+A called the hacking of Medibank customers' data a "dog act," but the former prime minister's cybersecurity Malcolm Turnbull expert argues Medibank should pay the ransom. The hackers reportedly demanded $15.09 million in ransom not to divulge stolen client data, including abortion data.

British checking every internet in UK

UK's National Cyber Security Centre (NCSC) is screening all Internet-exposed devices for vulnerabilities. UK cyber-vulnerability and Internet-connected system owners' security postures will be assessed.

Github microsoft and open ai sued

Programmer and lawyer Matthew Butterick sued Microsoft, GitHub, and OpenAI, claiming that GitHub's Copilot breaches open-source licensing and violates programmers' rights.

Hacktivist DDoS attacks

On Friday, the FBI reported that hacktivist-coordinated DDoS operations have little impact on targeted services. In a private industry notification today, the law enforcement agency revealed that they target public-facing infrastructure like websites instead of services, causing less interruption.

Aurubis cyberattack ransomware

Last October 28th, hackers targeted Aurubis’s IT systems, forcing them to shut down and disconnect many of the systems to stop the attack from spreading. Industrial cybersecurity firm Dragos reported that manufacturing companies have paid the highest ransoms so far this year, which further motivates these attacks.

Romcat malware

BlackBerry observed that RomCom (remote access trojan) threat actors were cloning official download pages for SolarWinds Network Performance Monitor (NPM), KeePass password manager, and PDF Reader Pro to disguise malware as legal apps.

Twitter blue tick is now $8

Critics claim that the change may make it more difficult to locate trustworthy sources. The richest man in the world, Mr. Musk, noted that premium customers would receive preferential treatment in replies and searches, as well as half as many advertisements.

GIMP.org

GNU Image Manipulation Program's main website, GIMP.org, appeared in Google searches for "GIMP" last week. 'GIMP.org' as the target domain makes this ad seem credible. However, clicking on it took users to a copycat phishing website that gave them a 700 MB application disguised as GIMP that was malware.

Overwatch 2 ddos attack 2022

DDOS attack stands for distributed denial of service and it’s a type of cyber attack where someone tries to make a service/resource unavailable by overwhelming it with fake requests. Because of this, the launch of Overwatch 2 was significantly delayed and the company lost hundreds of thousands of dollars.

Azure Cosmos DB

CosMiss is a security problem in Azure Cosmos DB's built-in Jupyter Notebooks, which connect into the Azure portal and accounts to make searching, analyzing, and visualizing NoSQL data easier. Microsoft's fully managed NoSQL database Azure Cosmos DB supports large-scale APIs. Jupyter Notebooks lets users access Cosmos DB data online.

Windows update crashes Onedrive business

Microsoft is investigating a known problem affecting OneDrive and OneDrive for Business crashes on Windows 10 computers with this month's updates. OneDrive can abruptly close after installing KB5018410 or later upgrades.

Raspberry Robin infected DEV 0856

Raspberry Robin is becoming an access-as-a-service malware for installing IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. MSTIC is tracking the activity group behind the USB-based Raspberry Robin infections as DEV-0856, which has at least four verified entry points and a potential ransomware aim.

Aurubis cyber attack

German copper company Aurubis announced a hack that compelled it to shut down IT systems to prevent its spread. Aurubis claims on its website that shutting down various systems at its locations has not affected production.

TATA power cyberattack by Hive Ransomware

The Hive ransomware organization has taken ownership of a cyberattack that Tata Power revealed this month. Tata Power is the largest integrated power firm in India and a subsidiary of the global conglomerate Tata Group. Tata Power is situated in Mumbai.

Microsoft resolves sync problem

Microsoft resolved an issue preventing its vulnerable driver blocklist from being synced to previous Windows versions. This #blocklist prevents threat actors from installing legitimate but vulnerable drivers on HVCI-enabled Windows computers or Windows in S Mode in Bring Your Own Vulnerable Driver (BYOVD) attacks.

Cisco anyconnect vulnerability

Cisco informed customers today that two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited. The AnyConnect Secure Mobility Client simplifies secure workplace endpoint access and lets employees operate from anywhere while connecting to a secure VPN using SSL and IPsec IKEv2. Local attackers can hijack DLLs and copy files to system directories using CVE-2020-3433 and CVE-2020-3153.

Typosquat

Over 200 typosquatting websites are impersonating twenty-seven brands to lure users into downloading Windows and Android malware. This campaign's domains are quite similar to the legitimate ones, with a single letter position change or an extra "s," making them easy to notice.

Metro hit by cyberattack

After a cyberattack, METRO's infrastructure and store payments are down. The company's IT team and outside experts are investigating the outage's cause. Günter Born reported that Austria, Germany, and France stores have experienced IT outages since October 17.

Fastcompany data breach Pizza123

The business magazine reused the weak password across a dozen WordPress accounts, according to the criminal hackers who claimed responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The hackers detailed the attack in their own article on FastCompany before the publication took down the site.

Verizon customers account hacked

Verizon reported this week that a third party obtained the last four digits of the credit card used to make automatic payments on your account between October 6 and October 10, 2022.

REVIL ransomware cartel

Researchers linked the relatively new Ransom Cartel ransomware operation to the legendary REvil gang - compromising thousands of organizations in a Kaseya MSP supply-chain #attack, extorting Acer for $50 million, and extorting Apple with stolen designs of unreleased devices.

Blackbyte ransomware

A BlackByte ransomware affiliate is leveraging "ExByte" to steal data from Windows devices quickly. Thus, ransomware organizations like ALPHV and LockBit are constantly refining their data theft capabilities.

Whatsapp Yowhatsapp

A new version of the unauthorized WhatsApp Android app 'YoWhatsApp' steals account access credentials. YoWhatsApp is a fully functional chat program that advertises on famous Android apps like Snaptube and Vidmate. It uses the same permissions as WhatsApp.

Microsoft 360

Microsoft is phasing out the Microsoft Office name after 32 years, rebranding Microsoft Office cloud products to Microsoft365. Microsoft Office, which included Word, Excel, and PowerPoint, was published in 1990. Outlook, Access, and OneNote came later.

Venus ransomware

Venus Ransomware hackers are encrypting Windows PCs through Remote Desktop Services. Venus Ransomware began encrypting victims worldwide in mid-August 2022. Another ransomware using the same encrypted file extension since 2021 may be connected.

The alleged hacker was a 17-year-old from the UK who was able to steal roughly 50 minutes worth of footage for GTA6, the newest version of the game scheduled for release in 2024.

Did you know that threat actors are sending phishing emails claiming that the Hellenic Tax Office?

ADATA rejects a RansomHouse cyberattack after threat actors posted stolen files on their leaked site. RansomHouse posted ADATA files to their data leak site on Tuesday, saying they took 1TB of information in 2022. Threat actors leaked purportedly stolen company files.

BidenCash, a dark web carding market, offered 1,221,551 credit cards for free download to promote their business. Carding is the trafficking and usage of stolen credit cards from point-of-sale malware, magecart assaults, or information-stealing malware.

#Fortinet advised administrators to update #FortiGate firewalls and #FortiProxy web proxies to fix a severe #vulnerability. The security flaw (CVE-2022-40684) allows remote threat actors to log onto unpatched devices.

The #LofyGang distributed 200 malicious packages and bogus #hacking tools on NPM and GitHub to steal credentials. Researchers discovered some of these packages in supply chain attacks utilizing typo-squatted package names.

Cyber activity trying to hack electoral infrastructure is unlikely to produce a huge disruption or block voting, according to FBI and CISA. FBI and CISA have reviewed the dangers over time, and neither has found evidence of deliberate intervention having a quantifiable impact.

The AFP detained a 19-year-old in Sydney for allegedly extorting hacked Optus customer data. The suspect utilized 10,200 documents hacked last month by Optus hackers and threatened to sell victims' data unless they paid AUD 2,000 ($1,300) within two days.

DNS (Digital Network System) reported yesterday a data breach that exposed customer and staff information.
DNS: "We've uncovered holes in our information infrastructure's protection and are working to strengthen it."

Working with Trend Micro's Zero Day Initiative, the researchers secretly exposed the vulnerabilities to Microsoft, which acknowledged the issues were being exploited and said it was accelerating the deployment of security upgrades.

Vice Society Ransomware leaked stolen LAUSD data and documents Sunday. LAUSD superintendent Alberto M. Carvalho confirmed the distribution of stolen data on Twitter and announced a new hotline for parents and kids to ask inquiries.

The Brave browser will soon remove annoying and potentially privacy-harming cookie consent advertisements. These unpleasant alerts are required for internet businesses to comply with GDPR.

Prilex targeted ATMs in 2014 and PoS devices in 2016. The malware peaked in 2020 and faded in 2021. Last year's pause appears to have been to produce a more complex and potent version, say Kaspersky analysts.

Vice Society Ransomware leaked stolen LAUSD data and documents Sunday. LAUSD superintendent Alberto M. Carvalho confirmed the distribution of stolen data on Twitter and announced a new hotline for parents and kids to ask inquiries.

Bl00Dy #Ransomware Gang has started using a freshly disclosed #LockBit ransomware generator. LockBit 3.0 was leaked on #Twitter last week after its operator had a dispute with its developer. This builder lets anyone create an encryptor and decryptor for #attacks.

Security experts estimate that infected cloud servers cost victims $53 for every $1 in cryptocurrency mined. This activity is ascribed to financially motivated hacking gangs, especially TeamTNT, that attack Docker Hubs, AWS, Redis, and Kubernetes deployments.

Security researchers found that 75 Google Play and 10 App Store apps with ad fraud were installed 13 million times. The ad fraud apps also impersonated legitimate apps and impressions to make income.

Microsoft's Azure Virtual Desktop now supports passwordless authentication. "Today we're announcing a public preview for Azure AD-based single sign-on and passwordless authentication using Windows Hello and FIDO2 keys," stated Microsoft's David Bélanger.

American Airlines said its Cyber Security Response Team learned of a recently publicized data compromise through phishing campaign targets. American's CIRT found unauthorized activity in Microsoft 365 after receiving phishing reports, the airline said.

A new security feature dubbed Enhanced Phishing Protection, included in the recently released version of Windows 11 22H2, alerts users when they enter their Windows password in unsafe programs or on websites.

CISA has added a severe Java deserialization vulnerability impacting Zoho ManageEngine products to its list of exploited issues. This bug (CVE-2022-35405) can be exploited in low-complexity attacks to remotely execute code on servers.

NSA gives guidance to assist in securing OT/ICS infrastructure.
The National Security Agency (NSA) and CISA joint advice identifies measures security professionals should take to defend against IT-enabled OT and ICS assets, which give a greater attack surface.

In July 2022, 14 months after the initial hack, "HomeLand Justice," an Iranian-backed threat group, targeted the Albanian government, knocking down several websites and services.

#GitHub warns about a phishing campaign that began on September 16 and impersonates CircleCI. The false messages say the user terms and privacy policy have changed and recipients must sign into their GitHub account to accept the changes and continue using the services.

The Hive ransomware operation claimed responsibility for an attack on the New York Racing Association (NYRA), which earlier announced that a cyber attack on June 30, 2022, compromised member data.

Hacker help desk is targeting 2K game players for malware attacks. Unauthorized party sent harmful link to players. Please don't open emails or click links from 2K Games support."

Microsoft Defender for Endpoint (MDE) will so be turned on by default - Microsoft. The business added this functionality to its enterprise endpoint security platform in March 2019 to prevent attackers from disabling antimalware or removing security updates.

Phishing attacks using Microsoft 365 pretend as US government agencies. The phishing actors behind this effort have made changes to boost its success. Cofense reports phishing emails to have a consistent format, big logos, and a link to the PDF.

50,150 customers were affected, - Lithuania's State Data Protection Inspectorate. According to Revolut, 20,687 consumers in the EEA are affected, but just 379 Lithuanians. It appears the threat actor used social engineering to acquire access to the database.

The hacker claims to have obtained "GTA 5 and 6 source code and assets, GTA 6 testing build" and is extorting Rockstar Games to prevent additional data leaks. The threat actor says they'll accept bids above $10,000 for GTA V source code and assets, but not GTA 6.

Hackers now employ "sock puppets" for phishing assaults.
Proofpoint researchers named multi-persona impersonation (MPI), TA453 is made of dummy characters or sock puppets. this results in an email exchange that seems realistic and lends credibility to the dialogue.

The alleged hacker was a 17-year-old from the UK who was able to steal roughly 50 minutes worth of footage for GTA6, the newest version of the game scheduled for release in 2024.

Whatsapp Yowhatsapp

A new version of the unauthorized WhatsApp Android app 'YoWhatsApp' steals account access credentials. YoWhatsApp is a fully functional chat program that advertises on famous Android apps like Snaptube and Vidmate. It uses the same permissions as WhatsApp.

British checking every internet in UK

UK's National Cyber Security Centre (NCSC) is screening all Internet-exposed devices for vulnerabilities. UK cyber-vulnerability and Internet-connected system owners' security postures will be assessed.

Japanase lawmakers has been targeting for cyber attack

MirrorFace, a hacker gang, has been targeting Japanese lawmakers for weeks before the House of Councilors election in July 2022. ESET uncovered the campaign because to hackers' missteps that left traces.

Stay Connected! Subscribe now to our newsletter.