Apple Releases Emergency Patches to Fix 3 Actively Exploited Zero-Day Vulnerabilities
Apple has released emergency patches to address three zero-day vulnerabilities that are being actively exploited in the wild in attacks on iPhone and Mac users. A vulnerability – CVE-2023-41991 – in the Apple security framework could be exploited to allow a malicious app to bypass signature validation. A vulnerability has been identified in the WebKit browser engine – CVE-2023-41993 – that could be exploited via a...
Google Releases Emergency Chrome Patch for Actively Exploited Zero Day Vulnerability
Google has released an emergency patch to fix an actively exploited vulnerability in its Chrome browser. The vulnerability, tracked as CVE-2023-4863, is a heap buffer overflow issue in the WebP code library. This type of vulnerability results in more data being written for a memory buffer than the buffer is able to hold, which can result in an application crashing or code execution. While Google has confirmed that there is an exploit...
Microsoft Patches 2 Actively Exploited Vulnerabilities on September 2023 Patch Tuesday
September 2023 Patch Tuesday has seen Microsoft release patches to fix 59 vulnerabilities across its product suite, including two actively exploited vulnerabilities. 5 flaws are rated critical, 55 are rated important, 1 is rated moderate, and the severity of 5 is unknown. The actively exploited vulnerabilities are: CVE-2023-36802 – Microsoft Streaming Service Proxy elevation of privilege vulnerability that allows attackers to gain...
Apache RocketMQ Vulnerability Actively Exploited by Multiple Threat Actors
A critical vulnerability in the Apache RocketMQ distributed messaging and streaming platform is being exploited by multiple threat actors. The vulnerability is tracked as CVE-2023-33246 and affects RocketMQ versions 5.1.0 and earlier. The command injection vulnerability can be exploited without authentication and has a CVSS v 3.1 severity score of 9.8. The vulnerability can be exploited by using the update configuration function to...
HijackLoader Malware Loader Proving Popular with Cybercriminals
Security researchers at Zscaler ThreatLabz have identified a new malware loader called HijackLoader which is proving popular within the cybercriminal community. The malware is being used to infect devices with several different malware payloads, including DanaBot, SystemBC, and the RedLine Stealer. The Zscaler ThreatLabz team has yet to establish which initial access vectors are used to distribute the malware. HijackLoader is a...
QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned
The U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Justice have recently announced that the QakBot malware network has been successfully dismantled and around 700,000 computers that had been infected with the malware have been cleaned. QakBot (aka QBot/Quackbot/Pinkslipbot) is a second-stage modular malware that was initially a banking Trojan and an information stealer, to which backdoor and self-propagation...
WinRAR Vulnerability Can Be Exploited to Achieve RCE
A high-severity WinRAR vulnerability has been identified that can be exploited to achieve remote code execution on Windows systems. The vulnerability is tracked as CVE-2023-40477 and has a CVSS severity score of 7.8 out of 10 since user interaction is required for the vulnerability to be exploited. The vulnerability is due to improper validation of user-supplied data, which can cause memory access beyond the end of an allocated...
Critical Ivanti Sentry Vulnerability Under Active Exploitation
A critical vulnerability in Ivanti Sentry (MobileIron Sentry) is being actively exploited in the wild. The vulnerability is an authentication bypass issue and is tracked as CVE-2023-38035. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 out of 10 and affects version 9.18 and earlier versions. The endpoint management product is used to manage, encrypt, and secure traffic between mobile devices and back-end enterprise...
Microsoft Fixes 70+ Flaws and 2 Actively Exploited 0Day Bugs
August 2023 Patch Tuesday has seen Microsoft release patches for more than 70 vulnerabilities, including two zero-day bugs that are being actively exploited in the wild. These vulnerabilities are in addition to the vulnerabilities in Microsoft Edge (Chromium) that were patched earlier this month. The latest patches include fixes for 6 critical flaws, 68 important flaws, and one rated moderate. Both of the zero-day bugs are being...
Patch Released for Another Critical Flaw in PaperCut MF/NG
Another zero-day vulnerability has been identified in PaperCut MF/NG print management software. The vulnerability is tracked as CVE-2023-39143 and has been rated critical with a CVSS v3.1 base score of 9.8/10. Successful exploitation of the flaw would allow an unauthenticated attacker to read/write arbitrary files, and depending on the configuration, achieve remote code execution. Most configurations have this setting enabled and are...
Five Eyes Cybersecurity Agencies Reveal Top Vulnerabilities Exploited in 2022
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and their international cybersecurity partners in Australia, Canada, New Zealand, and the United Kingdom have issued a joint cybersecurity advisory about the top Common Vulnerabilities and Exposures (CVEs) that were exploited by malicious actors in 2022. One takeaway from the list is that while recently...
Russian Threat Actor Conducting Convincing Phishing Campaign via Microsoft Teams
The Russian cyber threat actor Midnight Blizzard (Nobelium, APT29, UNC2452, Cozy Bear) is conducting a highly targeted phishing and social engineering campaign via Microsoft Teams to gain persistent access to Microsoft 365 environments. The United States and the United Kingdom believe Midnight Blizzard to be part of the Foreign Intelligence Service of the Russian Federation (SVR). The threat actor seeks persistent access to networks...
High Severity Vulnerabilities Identified in Ninja Forms WordPress Plugin
Three high-severity vulnerabilities have been identified in a popular form builder plugin for WordPress – Ninja Forms – with over 900,000 active installations. The vulnerabilities were identified by researchers at Patchstack who disclosed the vulnerabilities to the plugin developer – Saturday Drive – on June 22, 2023. Saturday Drive released an updated version of the plugin – v3.6.26 – on July 4, 2023, which...
Patch Released for Actively Exploited Flaw in Citrix/NetScaler ADC and Gateway
Patches have been released to fix three vulnerabilities in NetScaler Application Delivery Controller (ADC) and Gateway (Citrix ADC and Citrix Gateway), including one critical vulnerability that is being actively exploited in the wild. The actively exploited vulnerability is tracked as CVE-2023-3519 and has a CVSS v3.1 severity score of 9.8/10. The flaw can be exploited remotely by an unauthenticated attacker to execute arbitrary code...
Critical Zimbra Zero-Day Flaw Actively Exploited in Targeted Attacks
Zimbra has urged all users of the Zimbra Collaboration Suite to take immediate action to address a critical vulnerability that is being actively exploited in targeted attacks. Around 200,000 businesses currently use the email and collaboration platform and are at risk until the patch is applied or the recommended mitigations have been implemented. Version 8.8.15 of the Zimbra Collaboration Suite has a vulnerability that impacts the...
Urgent Patching Required to Fix Critical and High-Severity SonicWall GMS/Analytics Flaws
SonicWall has released patches to fix 15 vulnerabilities in its Global Management System (GMS) firewall management and Analytics solutions, including 4 critical and 4 high-severity flaws. The critical flaws could be exploited by a malicious actor to bypass authentication, which would permit access to any information the application is permitted to access, including sensitive data belonging to other users. An attacker could modify,...
Microsoft Addresses 132 Vulnerabilities on July 2023 Patch Tuesday
It’s been a busy month for Microsoft with 132 vulnerabilities addressed on July 2023 Patch Tuesday. This month’s haul includes 9 CVEs that are rated critical, 122 rated important, and 6 zero-day flaws. 37 of the vulnerabilities are remote code execution flaws and 33 are privilege escalation flaws. Microsoft also released a batch of 8 patches to address vulnerabilities in Microsoft Edge late last month but has yet to release any...
TrueBot Malware Campaign Uses Phishing and Netwrix Auditor Exploit for Malware Delivery
Organizations in the United States and Canada are being targeted in a TrueBot malware campaign that uses phishing emails with malicious hyperlinks and a remote code execution vulnerability in Netwrix Auditor for distributing the malware – CVE-2022-31199. TrueBot malware is known to be used by the FIN11 threat group for gaining initial access to victims’ networks. Once a foothold has been established through the installation of...
Meduza Stealer Malware Targets Password Managers and Crypto Wallets
Meduza stealer is a new information stealer that is being heavily marketed on dark web hacking forums and Telegram channels. The malware, which is being offered for a 1-month, 3-month, or lifetime plan, has comprehensive capabilities and is under active development. The malware targets Windows systems and is capable of stealing a wide range of data, including system information, login credentials, browsing histories, cookies, and...
Critical FortiNAC RCE Vulnerability Patched by Fortinet
A critical vulnerability in FortiNAC network access control solutions has been patched by Fortinet. Successful exploitation of the flaw would allow an attacker to remotely execute arbitrary code. The vulnerability is tracked as CVE-2023-33299 and has a CVSS severity score of 9.6/10. Fortinet’s FortiNAC is a zero-trust access solution that is used to view devices and users on the network, giving admins granular control over network...
CISA Warns Critical Zyxel NAS Vulnerability is Being Actively Exploited
A critical vulnerability in Zyxel network-attached storage (NAS) devices is being exploited in attacks, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability is tracked as CVE-2023-27992 and affects Zyxel NAS326, NAS540, and NAS542 devices running firmware version 5.21 and earlier versions. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 out of 10. Successful exploitation of...
NSA Publishes BlackLotus Mitigation Guide
The U.S. National Security Agency (NSA) has published a mitigation guide for BlackLotus malware. BlackLotus is a UEFI bootkit that is planted in the firmware of an infected device. Bootkits load at the initial stage of the boot process, before operating systems are loaded, and are not typically identified by security solutions. Further, the developer claims that security software cannot detect and kill the bootkit since it runs under...
BlackCat Ransomware Group Threatens to Leak Data Stolen in Reddit Cyberattack
The BlackCat ransomware group, aka ALPHV, claims it stole 80GB of data in a Reddit cyberattack in February 2023, and is now threatening to leak the stolen data if Reddit doesn’t pay up. The attack in question, according to a February 9, 2023, announcement by Reddit, started with a phishing attempt on an employee that allowed the group to steal credentials that provided access to sensitive data. Reddit said the stolen data includes...
Progress Software Urges Immediate Patching of New MOVEit Transfer Vulnerability
Progress Software has issued a security advisory about another zero-day bug in its MOVEit Transfer file transfer solution that requires immediate mitigation. The flaw can be exploited to escalate privileges and potentially allow access to customers’ environments. Progress Software released a patch to fix the vulnerability, tracked as CVE-2023-35708, on June 15, 2023; however, patches for two previous zero-day vulnerabilities should be...
June 2023 Patch Tuesday: Microsoft Patches 78 Flaws; 6 Critical
Microsoft has fixed 78 vulnerabilities on June 2023 Patch Tuesday bringing the month’s total up to 94 including the 16 vulnerabilities in Chromium-based browsers that were patched on June 2, 2023. None of this month’s patches address vulnerabilities that are currently being exploited in the wild nor are any fixes included for zero-day bugs. This month’s updates address 6 flaws that have been rated critical and 70 vulnerabilities that...
Patch Released for Critical Fortinet FortiGate SSL-VPN RCE Vulnerability
Fortinet has released a patch to fix a critical remote code execution vulnerability in its FortiGate SSL-VPN devices. The vulnerability can be exploited pre-authentication, allowing a remote attacker to interfere with the VPN. The flaw can be exploited even if multi-factor authentication is activated, according to the French cybersecurity firm, Olympe Cyberdefense. If the remote web interface is exposed and the firmware is not updated...
Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double
The recently published Verizon 2023 Data Breach Investigations Report provides insights into the tactics, techniques, and procedures that cyber actors are using to gain access to networks to achieve their objectives. The data for the report comes from security incidents and data breaches between Nov. 1, 2021, to Oct. 31, 2022, which this year includes 953,894 security incidents and 254,968 confirmed breaches, including more than...
Security Agencies Issue Warning About North Korean Spear Phishing Campaigns
Intelligence and law enforcement agencies in the United States and South Korea have issued a warning about the North Korean state-sponsored hacking group Kimsuky (aka APT43, Thallium, and Velvet Chollima), which has been targeting individuals in research centers, think tanks, academic institutions, and news media organizations in spear phishing campaigns, often posing as journalists, academics, and other individuals with credible...
Barracuda Email Security Gateway Flaw Exploited in Limited Attacks
A zero-day vulnerability in Barracuda’s Email Security Gateway (ESG) appliances has been targeted by hackers, resulting in some customers’ appliances being compromised. The vulnerability was identified by Barracuda on May 19, 2023, and patches were rapidly developed to fix the issue, which were released on May 20 and May 21. Barracuda said only the vulnerability was only exploited on a subset of ESG appliances, and not all users have...
KeePass Vulnerability Allows Master Passwords to be Obtained from the Memory
A vulnerability has been identified in KeePass password management solution that allows an attacker to recover the cleartext master password from the memory if the password is typed in using the keyboard. The password cannot be obtained if it is copied from the clipboard. The vulnerability has been assigned the Common Vulnerability and Exposure code, CVE-2023-32784. KeePass has yet to issue a patch to address the flaw but is expected...
New Ransomware Actor Targeting Critical Infrastructure Firms
A new ransomware gang has emerged that has been conducting attacks on critical infrastructure organizations in the United States and South Korea. RA Group has been operating since late April 2023 and uses a new ransomware based on Babuk ransomware source code that was leaked on a Russian hacking forum in 2021. The attacks conducted by the group used an executable file that was named after the victim, and each of the attacks involved a...
4 Out of 10 Medical Devices Have Unpatched Critical Vulnerabilities
A new report from the cybersecurity firm Armis has identified the riskiest connected medical devices used by hospitals in the United States. Connected medical devices are a security weak point, and each year many new vulnerabilities are detected. One of the main problems for healthcare organizations is keeping on top of patching, which can be a challenge for connected medical devices as they are constantly in use. One of the biggest...
Exploit Released for Critical PaperCut Vulnerability: Exploitation Detected
An exploit has been released for a critical vulnerability in the widely used print management software PaperCut, which is used by more than 700,000 organizations worldwide and has over 100 million installs. The vulnerability is tracked as CVE-2023–27350 and has a CVSS v3 severity score of 9.8 out of 10. The flaw can be exploited by a remote attacker to bypass authentication on affected installations of PaperCut and execute arbitrary...
Android Privilege Escalation Bug Exploited to Spy on Chinese E-Commerce App Users
A high-severity vulnerability in Android devices is being actively exploited to spy on users of a popular Chinese e-commerce app, according to a recent alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability is a privilege escalation bug in WorkSource, which affects Android-11, Android-12, Android-12L, Android-13, and Android ID: A-220302519. The flaw is tracked as CVE-2023-20963, has a CVSS v3...
Microsoft Fixes 97 Vulnerabilities Including an Actively Exploited Windows 0Day Bug
Microsoft released patches to fix 97 vulnerabilities on April 2023 Patch Tuesday including a Windows zero-day privilege execution vulnerability in the Windows Common Log File System (CLFS) driver. Seven of the month’s vulnerabilities have been rated critical, and the remaining 90 have been rated important. 17 flaws were also patched earlier this month for Microsoft Edge and Chromium-based browsers. The zero-day vulnerability is...
Apple Releases Patches for 2 Actively Exploited Zero-Day Flaws
Apple has released patches to fix two zero-day vulnerabilities that can be exploited to execute arbitrary code on unpatched iPhones, iPads, and Macs. Apple has received reports that indicate the vulnerabilities are being actively exploited in the wild. The first flaw is tracked as CVE-2023-28206 and is an out-of-bounds write vulnerability in the IOSurfaceAccelerator framework that is due to insufficient input validation. The...
U.S. Companies Warned About BEC Campaign Seeking Bulk Goods Purchases
The Federal Bureau of Investigation (FBI) has recently issued a warning to vendors in the United States following an increase in a form of business email compromise attack that attempts to fraudulently obtain high-value goods. Business email compromise (BEC) is one of the most financially damaging forms of cybercrime. According to the FBI, its Internet Crime Complaint Center (IC3) received 21,832 complaints about BEC attacks in 2021,...
Critical IBM Aspera Faspex Vulnerability Being Exploited by Ransomware Gangs
Ransomware gangs are targeting a critical vulnerability in the IBM Aspera Faspex application to gain access to enterprise networks. Aspera is a file-exchange application used by enterprises to rapidly transfer large files or large volumes of files. The application is based on IBM’s Fast, Adaptive, and Secure Protocol (FASP), which intelligently uses available network bandwidth to transfer files to shared inboxes, workgroups, or...
Emotet Returns with Campaign Using OneNote Email Attachments
After a hiatus of around 3 months, the Emotet botnet sprung back to life and is sending large volumes of malicious emails. Initially, the email campaigns had Word and Excel file attachments and used macros to deliver the Emotet Trojan. The problem with this approach is Microsoft now disables macros by default in Internet-delivered Office files, which means Office documents and spreadsheets are no longer effective for malware delivery....
March 2023 Patch Tuesday: Microsoft Fixes 83 Flaws, Including 2 Zero-Day Bugs
Microsoft released patches to fix 83 vulnerabilities on March 2023 Patch Tuesday, including two actively exploited zero-day flaws, one in Outlook and one in Windows SmartScreen. This month’s round of updates includes patches for 9 critical flaws, 70 important issues, 1 moderate flaw, and three Mariner flaws where the severity is unknown. A further 21 vulnerabilities in Chromium-based browsers were addressed in an update on...
Trezor Confirms Customers Being Targeted in Phishing Campaign
Trezor users are being targeted in a multi-channel phishing campaign that attempts to trick them into disclosing their recovery seeds, which will allow their wallets to be stolen. Trezor provides hardware-based wallets for cryptocurrency, which are a more secure way of storing cryptocurrency than software-based wallets; however, that does not mean cryptocurrency cannot be stolen. Users are provided with a 12-24-character seed or...
FBI Says New York Field Office Cyber Intrusion Has Been Contained
Hackers have taken a rather bold step by hacking into a computer system used by the Federal Bureau of Investigation (FBI) New York Field Office. The cyberattack was first reported by CNN on Friday, and the FBI has now reported that the intrusion has been successfully contained and that it was an isolated incident, although the investigation into the scope and overall impact of the intrusion is ongoing. CNN reported that the computer...
HardBit 2.0 Ransomware Actors Request Insurance Details to Tailor Ransom Demands
The HardBit ransomware gang has recently updated its ransomware to version 2.0 and has adopted a new tactic when extorting victims – Convincing them that it is in their best interests to disclose information about their cyber insurance policy. The operators try to find out how much the insurance company will cover and will set their ransom demand accordingly. The aim is to get the biggest payout possible and ensure the insurance...
Zero-Day GoAnywhere MFT Vulnerability Exploited by Clop Ransomware Gang
A zero-day vulnerability in the GoAnywhere MFT secure file transfer tool has allegedly been exploited by the Clop ransomware gang to attack more than 130 organizations. The vulnerability – CVE-2023-0669 – can be remotely exploited to gain access to unpatched GoAnywhere MFT instances that have their admin console exposed to the Internet. Successful exploitation of the flaw will allow arbitrary code to be executed. BleepingComputer says...
Massive Global Ransomware Campaign Hits Thousands of VMWare ESXi Servers
A massive ransomware campaign exploiting a 2-year-old vulnerability in VMWare ESXi servers has seen more than 3,200 servers attacked since Friday. An unknown threat actor is exploiting the flaw to deliver a new ransomware variant dubbed ESXiArgs, named after the .args extension used for encrypted files. The new ransomware uses the sosemanuk algorithm to encrypt files, which is relatively rare. This algorithm was used by Babuk...
Spate of DDoS Attacks on Hospitals as Hacktivist Group Responds to Increased Support for Ukraine
Healthcare providers in the United States and other NATO countries have been warned about the risk of distributed denial of service (DDoS) attacks by the Russian hacktivist group Killnet. More than a dozen hospitals and health systems in the United States have been attacked over the past few days, including Stanford Healthcare, University of Michigan Health, University of Pittsburg Medical Center, Duke University Hospital, Buena Vista...
QNAP Warns of Critical Vulnerability in its NAS Devices
The network-attached storage (NAS) device maker QNAP has warned customers about a critical remote code injection vulnerability affecting devices running QTS or QuTS hero firmware and has urged users to update the firmware immediately to prevent exploitation of the flaw, which has been assigned a CVSS severity score of 9.8/10 The vulnerability, tracked as CVE-2022-27596, can be exploited remotely on Internet-exposed QNAP devices...
Unskilled Cybercriminals Could Use ChatGPT for Phishing Emails and Malware
Last month, OpenAI launched an AI-based system called ChatGPT that is capable of answering queries and generating natural language text, which can be used for essays, emails, articles, blog posts, resumes, wedding speeches, poems, song lyrics, and even computer code. Google was so alarmed at the capability of the solution to write web content that it issued a code-red to protect its search business, and there is genuine concern that...
Norton LifeLock Customers Warned that Password Vaults May be At Risk
The antivirus software and cybersecurity firm Norton has recently started notifying certain Norton LifeLock customers that a malicious actor has gained access to their Norton accounts and potentially also accessed their password vaults. Users have been advised to change the password for their Norton account and Password Manager immediately. The news comes shortly after one of the world’s most popular password managers – LastPass...
January 2023 Patch Tuesday: Microsoft Fixes Almost 100 Vulnerabilities, 1 Exploited 0Day
Patches have been released to fix almost 100 vulnerabilities on January 2023 Patch Tuesday, including one actively exploited zero-day Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability and another zero-day that has been publicly disclosed. In total, 98 vulnerabilities have been fixed, 11 of which are rated critical, 7 of which are remote code execution vulnerabilities and 4 are elevation of privilege...
Zoho: Patch This Critical ManageEngine Vulnerability Now!
A critical SQL injection vulnerability has been identified in multiple Zoho ManageEngine products. Zoho is urging all business users of the affected software solutions to patch the vulnerability immediately to prevent exploitation. The patch adds proper validation and escaping special characters to prevent the vulnerability from being exploited. The vulnerability is tracked as CVE-2022-47523 and affects its Password Manager Pro,...
Hacker Claims to Have Scraped the Data of 400 Million Twitter Users
A hacker has recently posted a listing on a popular hacking forum advertising a data set that includes the public and private data of approximately 400 million Twitter users. The data was allegedly obtained by exploiting an API vulnerability in 2021 that has since been patched. The same vulnerability was exploited previously in a 5.4 million record data breach – one which the Irish Data Protection Commission has just started...
Chinese APT Actor Activity Exploiting Critical Flaw in Citrix ADC and Citrix Gateway
U.S. federal authorities are urging Citrix ADC and Citrix Gateway users to patch an unauthenticated remote code execution vulnerability that is being actively exploited by Chinese state-sponsored hackers. The vulnerability – tracked as CVE-2022-27518 – is a critical Citrix Application Delivery Controller (ADC) and Gateway Authentication bypass vulnerability with a CVSS v3 base score of 9.8 out of 10. An unauthenticated...
Almost 50 Bugs Fixed by Microsoft on December 2022 Patch Tuesday, Including 2 Zero-days
December 2022 Patch Tuesday sees Microsoft release patches to fix 49 flaws across its product suite, including fixes for two zero-day flaws, one of which is being actively exploited in the wild. Six of the vulnerabilities are rated critical, 40 are rated important, and 2 are moderate. 13 of the flaws have been rated as “more likely to be exploited”. Patches were also released to fix 24 vulnerabilities in Microsoft Edge earlier this...
TrueBot Malware Infections Spike and Link to Evil Corp is Confirmed
Security researchers at Cisco Talos say there has been a marked increase in infections with TrueBot malware and the creation of two botnets, one focused on the United States and the other worldwide, with a particular focus on Mexico and Brazil. TrueBot malware, aka Silence downloader, is linked to the Silence Group, a group that has been active since at least 2016 and is known to conduct high-impact targets on financial institutions....
Rackspace Confirms Hosted Exchange Outage Caused by a Ransomware Attack
The cloud computing company Rackspace has confirmed that its ongoing Hosted Exchange outage was the result of a ransomware attack. The attack was detected on December 2, with the Texas-based company confirming proactive measures were taken to contain the breach by isolating its Hosted Exchange environment, with the investigation confirming this was a ransomware attack. At this early stage of the investigation, it has yet to be...
Warning Issued About Possible Expansion of Destructive Cyberattacks Beyond Ukraine’s Borders
A hybrid war is being waged in Ukraine involving conventional military operations and non-military methods such as cyberattacks on critical infrastructure and private companies. While Moscow continues to deny conducting cyberattacks as part of the war efforts, governments in the United States and Europe have attributed the escalating number of cyberattacks on the Ukrainian government and private companies in Ukraine to Russian...
LastPass Suffers Second Hacking Incident – Some Customer Data Compromised
In August 2022, hackers gained access to the development environment of LastPass and stole some of its source code and proprietary technical information only. LastPass investigated the breach and confirmed that no customer information was accessed or stolen in the attack, but determined they had access to the development environment for 4 days. Now the world’s most popular password manager has now announced that customer data has been...
CISA Releases Updated Version of its Infrastructure Resilience Planning Framework
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an updated version of its Infrastructure Resilience Planning Framework (IRPF). The IRPF was developed to be used by state, local, tribal and territorial (SLTT) planners to improve the resilience of critical infrastructure services in the face of multiple threats and changes, to ensure services that are vital to the social and economic well-being of the...
Multiple Threat Actors Exploiting Windows 0Day That Prevents Generation of MotW Warnings
A phishing campaign has been detected that exploits a zero-day Windows vulnerability to drop Qbot malware, a password-stealing Trojan cum malware dropper. QBot has been observed delivering the Brute Ratel and Cobalt Strike post-exploitation tool kits, and ransomware payloads such as Egregor and Black Basta. When files are downloaded from the Internet from untrusted locations, a Mark of the Web attribute is added to the files that...
FBI, CISA, HHS Issue Warning About Hive Ransomware Attacks
A joint security alert has been issued to the healthcare and public health sector (HPH) warning about Hive ransomware attacks. The Hive ransomware gang has been aggressively targeting the HPH sector since at least June 2021. According to the alert, the group has generated more than $100 million in ransom payments and has attacked more than 1,300 companies. Several industry sectors have been targeted by the gang, including Government...
Iranian APT Actor Breached US Government Organization Using Log4Shell Exploit
An Iranian Advanced Persistent Threat (APT) actor has exploited the Log4Shell vulnerability (CVE-2021-44228) in an unpatched VMware Horizon server of a Federal Civilian Executive Branch (FCEB) organization, according to a recent alert from the Cybersecurity and Infrastructure Security Agency (CISA). CISA and the Federal Bureau of Investigation launched an investigation into suspected APT activity in mid-June 2022. The investigation...
CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management
Many organizations struggle with vulnerability management due to the number and complexity of new resources and limited resources to devote to remediating vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently issued guidance to help organizations improve vulnerability management by implementing an efficient process for assessing and remediating vulnerabilities. Large organizations generally...
Six Actively Exploited Zero Day Vulnerabilities Patched by Microsoft on November Patch Tuesday
Microsoft released patches to fix 68 vulnerabilities on November 2022 Patch Tuesday, 11 of which are rated critical with the remainder rated important. This round of patches includes fixes for six zero-day vulnerabilities that are being actively exploited in real-world attacks. Two of the zero-day flaws – CVE-2022-41082 (EoP – important) & CVE-2022-41040 (RCE – critical) – have been dubbed ProxyNotShell and...
MFA Bypassed in Dropbox Phishing Attack Targeting GitHub Credentials
Dropbox has announced that it has suffered a phishing-related data breach in which hackers gained access to proprietary code stored in GitHub repositories. The San Francisco-based file hosting service provider said customer accounts were not compromised, but hackers gained access to 130 code repositories on GitHub using credentials stolen from employees after they responded to phishing emails. Dropbox said no user content, passwords,...
U.S News Websites Delivering Malware Through Compromised Third-Party JavaScript Code
A media company that provides video content and advertising on the websites of major news outlets in the United States has been compromised, and its infrastructure is being used to push the SocGholish JavaScript malware framework out to hundreds of newspapers in the United States. According to cybersecurity firm Proofpoint, more than 250 U.S. news outlets have had the malicious code intermittently displayed on their websites. Some of...
OpenSSL Vulnerability Downgraded from Critical to High Severity
On October 25, 2022, a warning was issued about a critical vulnerability in OpenSSL that had the potential to be as bad as the 2014 Heartbleed bug. No information was released at the time about the nature of the flaw, other than it being a critical flaw in OpenSSL versions 3.0-3.0.6, and that a patch was due to be released on November 1 between 13:00 and 17:00 UTC. The OpenSSL Project has now confirmed that two vulnerabilities have...
Apple Fixes Actively Exploited 0Day Vulnerability Affecting iPhones and iPads
Apple has released a batch of security updates to fix known vulnerabilities in its iOS operating system, including a fix for zero-day iOS vulnerability that is being actively exploited in the wild in attacks on iPhones and iPads. The 0day vulnerability – tracked as CVE-2022-42827 – is an out-of-bounds write vulnerability in the kernel that affects iPhone 8 and later, all models of iPad Pro, iPad Air 3rd generation and...
Healthcare Industry Warned About Daixin Team Cybercrime Group
A joint security alert has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) about Daixin Team – A ransomware and data extortion group that predominantly conducts attacks on the healthcare and public health sector (HPH). Daixin Team first started conducting ransomware and data extortion attacks in June 2022. The group...
Threat Actors Advertising Tool for Exploiting Vulnerabilities in Veeam Backup & Replication
Several remote code execution vulnerabilities have been identified in the Veeam Backup & Replication application which have been exploited by threat actors, with some threat actors advertising a weaponized tool that will achieve remote code execution by exploiting the flaws. Veeam Backup & Replication is a backup app built that is used for backing up and restoring virtual environments built on VMware vSphere, Nutanix AHV, and...
Study Suggests Risk of Malware Infection from GitHub-Hosted PoC Exploits is Over 10%
A recent study, conducted by researchers at Leiden Institute of Advanced Computer Science, suggests the risk of being infected with malware from downloading proof-of-concept (PoC) exploit code from GitHub is more than 10%. GitHub is a popular code-hosting platform that is used by more than 83 million developers worldwide for contributing to the open source community and sharing, tracking, and controlling changes to their code. GitHub...
Zimbra Zero-Day Flaw Exploited to Infect at Least 1,600 Servers with Web Shells
Patches have been released by Zimbra to fix an actively exploited flaw affecting Zimbra Collaboration (Zimbra Collaboration Suite). The critical flaw, tracked as CVE-2022-41352, is a remote code execution vulnerability affecting the cpio utility used by the Amavis open source content filter to scan and extract files. If the flaw is successfully exploited, an attacker can use the cpio package to gain incorrect access to any other user...
October Patch Tuesday: 90+ Vulnerabilities Patched, but Not ProxyNotShell Flaws
Microsoft released patches to fix 96 vulnerabilities across its suite of products on October 2022 Patch Tuesday, including fixes for two zero-day vulnerabilities, one of which is being actively exploited in the wild. 13 of the patches address critical vulnerabilities, 71 are rated important, 1 is rated moderate, and the severity of 11 of the flaws is unknown. In late September, Microsoft announced that two zero-day vulnerabilities had...
New Callback Phishing Tactics Used to Gain Access to Devices
Ransomware gangs have resurrected a callback phishing technique for gaining initial access to networks, where initial contact is made with the victim via email and a telephone number is provided for the victim to call, along with an important reason for making contact. This is usually a pending charge for a fake subscription to a product or service or a free trial that is due to come to an end, resulting in a charge being applied....
FBI Warns of Increase in Pig Butchering Cryptocurrency Investment Scams
The Federal Bureau of Investigation (FBI) has issued a warning following a rise in ‘pig butchering’ cryptocurrency investment scams. These scams are usually conducted via social media by scammers who are willing to invest time into building relationships with their victims (pigs). After earning their trust, the scammers convince them to invest in cryptocurrencies via fake cryptocurrency platforms. In contrast to other forms of social...
Hackers Hide Backdoor Malware in Old Windows Logo
A hacking group known as Witchetty (aka LookingFrog) is using steganography to hide backdoor malware within a Windows logo. The campaign is ongoing and has so far seen targeted attacks conducted on governments in the Middle East and a stock exchange in Africa, according to a recent report from Symantec. The threat actor has strong links with the Chinese state-sponsored threat group APT10 and the TA10 operatives behind attacks on...
Microsoft Confirms Two Exchange Server Zero-Day Vulnerabilities Being Actively Exploited
Microsoft has confirmed that two zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited in the wild and that patches are currently being developed to address the flaws. The vulnerabilities affect Microsoft Exchange Server 2013, 2016, and 2019, one of which is a Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2022-41040, and the second, tracked as CVE-2022-41082, is a remote code execution...
IRS Warns of Exponential Increase in IRS-Themed Smishing Attacks
The U.S. Internal Revenue Service (IRS) has issued a warning following a massive increase in SMS-based phishing (smishing) attacks over the past few weeks. The IRS-themed messages include links to malicious websites that attempt to steal sensitive personal and financial information. The IRS says it observed an increase in smishing attacks on taxpayers in the fall of 2020, with the attacks continuing throughout the pandemic, but this...
Cybersecurity Awareness Month 2022 Focuses on People
Cybersecurity Awareness Month 2022 runs from October 1 to October 31, with the month of October having been dedicated to improving awareness about cybersecurity since 2004. Throughout October, the U.S. Cybersecurity and Infrastructure Security (CISA) and the National Cybersecurity Alliance (NCA) will lead a collaborative effort between government and industry to improve cybersecurity awareness in the United States and beyond. The...
Erbium Information Stealer Distributed via Fake Software Cracks
A new malware-as-a-service (MaaS) operation – Erbium – is gaining popularity in the cybercrime community. The MaaS provides strong customer support, the malware is competitively priced, and it has extensive functionality. According to a recent report from Cyfirma, the MaaS operation has been advertising on Russian language hacking forums since at least July. Initially, the malware was offered for just $9 per week, although due...
The Emotet Botnet Is Being Used to Deliver Quantum and BlackCat Ransomware
Security researchers at AdvIntel have recently confirmed that the Emotet botnet is currently being used to deliver ransomware payloads, with the operators of the botnet teaming up with the Quantum and BlackCat ransomware operations. Emotet started life as a banking Trojan and was first detected in 2014. Over the years the malware has received several upgrades to add further capabilities, with the malware-infected devices now serving...
LastPass Says Hackers Accessed Systems for 4 Days
The world’s most popular password manager, LastPass, has provided more information on its August 2022 cyberattack and data breach. The forensic investigation has confirmed that an unauthorized individual gained access to its internal systems for a period of four days; however, no evidence was found to indicate that an individual or individuals had access to any parts of its network before or after that timeline. LastPass CEO, Karim...
Phishing Campaign Uses a Queen Elizabeth II Lure to Steal Credentials
Whenever there is a major news story that is attracting considerable public interest, phishers are quick to respond, so it is no surprise that they have responded to the death of Queen Elizabeth II. A campaign has recently been identified that masquerades as a notification from Microsoft about an initiative to commemorate her reign. If you live in the United Kingdom, you will almost certainly have received notifications in your inbox...
September 2022 Patch Tuesday: Microsoft Patches 5 Critical Vulnerabilities and Actively Exploited 0Day
Microsoft released patches to fix 63 vulnerabilities on September 2022 Patch Tuesday, 5 of which have been rated critical, including one zero-day vulnerability affecting Windows that is being actively exploited in the wild. A second zero-day vulnerability has been publicly disclosed but has been rated important with Microsoft believing exploitation is less likely. The actively exploited zero-day is tracked as CVE-2022-37969, has a...
Ransomware Gangs Adopt Stealthier Technique That Accelerates Encryption Process
Several ransomware gangs have changed their file encryption techniques, and instead of encrypting entire files they are now opting for intermittent encryption, with files only partially encrypted. This technique allows files to be encrypted far more quickly and helps the attackers evade security solutions, which often fail to detect the encryption due to the lower intensity of file IO operations and the greater similarity between...
12% of Enterprise IT Assets Lack Endpoint Protection
A recent study has revealed 12% of enterprise IT assets do not have enterprise protection installed, and 5% are not covered by patch management processes. The lack of protection and unpatched vulnerabilities could be exploited by threat actors to gain access to enterprise networks. Sevco Security conducted the study using data from 500,000 IT assets and published the findings of the study in its State of Cybersecurity Attack Surface...
Ransomware Warning Issued to U.S. School Districts Following Major Attack 2nd Largest U.S. School District
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have issued a joint security alert warning U.S. school districts about the Vice Society ransomware gang, days after the second-largest school district in the United States was crippled by a ransomware attack. Major Ransomware Attack Reported by Los Angeles Unified...
TikTok Denies Theft of 2 Billion Data Records and Source Code
On September 3, 2022, a hacker operating under the name of AgainstTheWest claimed on a hacking forum that TikTok and WeChat had been breached and a database had been stolen from an Alibaba cloud repository that contained the personal information of users of the platforms. TikTok and WeChat are both Chinese companies; however, the companies are not owned by the same parent company, which suggests that the hacking claim may not be...
Luca Stealer Malware Targets Cryptocurrency Wallets and Password Managers
A new malware variant dubbed Luca Stealer is growing in popularity following the release of its source code for free in July. At present, it appears that attacks are at a relatively low level, but the number of variants detected has increased in recent weeks and there is concern that Luca Stealer could become a significant threat. Luca Stealer is suspected of being used in an attack on the Solana blockchain network (SOL) in early...
Mid-Year Threat Report Suggests Ransomware Losses Likely to Exceed $30 Billion by 2023
Ransomware is the most serious threat to large and medium-sized businesses, and global ransomware damages have been predicted to exceed $30 billion by 2023, according to the Mid-Year Cyber Protection Operation Centers Report from Acronis. Attacks are showing no sign of slowing as cybercriminal gangs continue to make huge profits from their attacks. According to the report, the Conti ransomware gang was paid $2.7 billion in...
Residential Proxies Increasingly Used to Hide Credential Stuffing Attacks
Cyber threat actors are increasingly using hacked residential routers to hide their credential stuffing attacks, according to a recent alert from the Federal Bureau of Investigation (FBI). Credential stuffing is a type of brute force attack where a threat actor uses a large list of usernames and passwords that have been compromised in previous data breaches to access accounts on unrelated websites. The attack relies on the reuse of...
2 ‘Actively Exploited’ RCE Vulnerabilities Patched in iPhones, iPads, iPods, and Macs
Two critical zero-day vulnerabilities have been patched by Apple that may have been actively exploited in the wild. Exploitation of the flaws allows threat actors to remotely execute code on vulnerable iPhone, iPad, and Mac devices. The vulnerabilities affect the 6S iPhone and later models, 6th generation iPads and later, iPad Air 2 and later, iPad mini 4 and later, all iPad Pro models, the 7th generation iPod touch, Mac computer with...
IBM X-Force Provides Insights into the Rapidly Changing OT Threat Landscape
IBM X-Force has analyzed data from its incident response and managed security services (MSS) and has provided valuable insights into the rapidly expanding operational technology (OT) cyber threat landscape. This year, cybersecurity agencies have issued multiple alerts about threats to OT and the potential for attacks on critical infrastructure, new malware threats have been identified that target OT, and many new vulnerabilities have...
Hackers are Actively Exploiting 5 Vulnerabilities in the Zimbra Collaboration Suite
Five vulnerabilities have been identified in the Zimbra Collaboration Suite (ZCS) that are being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency has recently issued a security advisory to raise awareness of the flaws and to share mitigations to reduce the risk of compromise. ZCS is used by more than 200,000 businesses worldwide. The first vulnerability – tracked as CVE-2022-27924 (CVSS...
2022 Sees Major Increase in Malicious Browser Downloads
According to Kaspersky, in H1, 2022, 1,300,000 attempts were made to install malicious browser extensions, which is a substantial increase from 2021, when 1,823,263 attempts were made for the entire year. From January 1, 2020, to June 30, 2022, 6,795,056 attempts were made by 4.3 million users of Kaspersky software to install malicious browser extensions. There are many legitimate browser extensions, such as ad blockers, spell...
Ransomware Gangs are Weaponizing Their Stolen Data and Making BEC Attacks Easier
Business email compromise (BEC) attacks have been increasing. According to the Federal Bureau of Investigation (FBI), BEC attacks are the costliest type of cybercrime and resulted in $43 billion in losses between June 2016 and December 2021. In 2021 alone, 19,954 complaints were received by the FBI’s Internet Crime Complaint Center (IC3) and almost $2.4 billion was lost to the scams. Abnormal Security reports an 84% annual...
Ransomware Attack on CISCO Used an Employee’s Compromised Personal Google Account
CISCO has confirmed that the initial access to its network in an attempted May 2022 ransomware attack was a compromised employee’s personal Google account. The account contained credentials that had been synched from their browser. The attack involved multiple voice phishing calls where the attacker impersonated trusted support organizations, and used the MFA fatigue tactic, where multiple push notifications are sent in the hope that...
Microsoft Patches 121 Vulnerabilities Including an Actively Exploited 0-Day Bug
Microsoft released updates to fix 121 CVEs on August 2022 Patch Tuesday, including two zero-day flaws, one of which is being actively exploited in the wild. The actively exploited zero-day flaw has been dubbed DogWalk and is a vulnerability in the Windows Support Diagnostic Tool (MSDT). If exploited, an attacker could remotely execute arbitrary code on vulnerable systems. The flaw is tracked as CVE-2022-34713 and an exploit for the...
Sophisticated Twilio Smishing Attack Sees Accounts and Customer Data Compromised
The digital communication platform provider Twilio has confirmed that multiple employees have been tricked into disclosing their account credentials in a smishing attack. Smishing is the use of SMS messages for conducting a phishing attack to steal employee credentials. Those credentials can be used to access employee accounts and any sensitive data accessible through those accounts. Twilio provides programmable communication tools...
NHS 111 Services Disrupted by Cyberattack on Managed Service Provider
The National Health Service (NHS) in the United Kingdom is currently dealing with a cyberattack on one of its managed service providers, Advanced. Birmingham-based Advanced helps operate NHS 111 services. NHS 111 is a web and telephone service where patients can get quick health and mental health information on non-urgent medical matters. Advanced detected the cyberattack on Thursday, August 4, 2022, and has confirmed it has affected...