InfoSec News

The Week in Ransomware - June 24th 2022 - Splinter Cells The Conti ransomware gang has finally ended their charade and turned off their Tor data leak and negotiation sites, effectively shutting down the operation. [...] via BleepingComputer (author: Lawrence Abrams)

When I reset my Windows PC, I ended up with Home edition. How do I get my Pro upgrade back? [Ask ZDNet] Got a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer. via Latest topics for ZDNet in Security

June Windows preview updates fix VPN, RDP, RRAS, and Wi-Fi issues The optional Windows update previews released by Microsoft this week come with more than the regular performance improvements and bug fixes. [...] via BleepingComputer (author: Sergiu Gatlan)

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma. The packages and as via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

iPhone users: Google Chrome browser on iOS is getting these five new features Google offers up better password management for Chrome on iOS to appeal to iPhone users who stick with Safari. via Latest topics for ZDNet in Security

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Windows 11 KB5014668 update fixes upgrade fails, game crashes Microsoft has released the optional KB5014668 cumulative update previews for Windows 11 with fixes for issues leading to game crashes and failed upgrades to the latest Windows version. [...] via BleepingComputer (author: Sergiu Gatlan)

Your email is a major source of security risks and it's getting worse Criminals still like using email to phish credentials but ransomware delivered by email has tapered off. via Latest topics for ZDNet in Security

NSA, CISA say: Don't block PowerShell, here's what to do instead PowerShell is often abused by attackers but defenders should not switch off the Windows command-line tool, warn cybersecurity agencies. via Latest topics for ZDNet in Security

Police seize and dismantle massive phishing operation Europol has coordinated a joint operation to arrest members of a cybercrime gang and effectively dismantle their campaigns that netted million in Euros. This operation also led the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie) to nine arrests, 24 house searches, and the seizure of firearms, ammunition, jewelry, electronic devices, cash, and cryptocurrency. The group was involved in fraud, money laundering, phishing, and scams. According to a Europol press release , the group’s modus operandi started with an email, text message, or private message containing a link to a phishing page. Once recipients opened the link, they would be directed to a bogus bank website. Here, they were encouraged to enter their banking credentials. Money mules then used these credentials to cash out millions in Euros from victim accounts. On top of fraud, the group was also involved in drug and possible firearms...

Conti ransomware hacking spree breaches over 40 orgs in a month The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. [...] via BleepingComputer (author: Ionut Ilascu)

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor said in an via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

NSA shares tips on securing Windows devices with PowerShell The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines. [...] via BleepingComputer (author: Ionut Ilascu)

Watch out for the email that says “You have a new voicemail!” A phishing campaign is using voicemail notification messages to go after victims’ Office 365 credentials. According to researchers at ZScaler , the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can listen to the message by clicking on the attachment. To add credibility, the name of the attachment starts with a music note character like f.e. ♫ to make it look like a sound clip. In reality, it is an HTML file with obfuscated javascript embedded. The javascript uses the windows.location.replace method to redirect the target to a specially crafted phishing page. The access to the page is behind a reCAPTCHA, probably to keep out the bots, particularly any automated URL analysis tools. Spoofed email Email spoofing basically comes down to sending emails with a false sender address. This can be used in various ways by a...

Europol Busts Phishing Gang Responsible for Millions in Losses Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Yodel parcel company confirms cyberattack is disrupting delivery Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. [...] via BleepingComputer (author: Ionut Ilascu)

7-zip now supports Windows ‘Mark-of-the-Web’ security feature 7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files. [...] via BleepingComputer (author: Lawrence Abrams)

Microsoft Exchange servers hacked by new ToddyCat APT gang An advanced persistent threat (APT) group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. [...] via BleepingComputer (author: Sergiu Gatlan)

1.5 million customers impacted by Flagstar Bank data breach The security incident occurred in December 2021. via Latest topics for ZDNet in Security

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

You can be tracked online using your Chrome browser extensions via Malwarebytes Labs (author: Christopher Boyd)

Security vulnerabilities: 5 times that organizations got hacked via Malwarebytes Labs (author: Bill Cozens)

New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System (DFS): Namespace Management Protocol (MS-DFSNM) to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay [Domain Controller authentication to [Active Directory via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Windows emergency update fixes Microsoft 365 issues on Arm devices Microsoft has released an out-of-band (OOB) Windows update to address a known issue that would cause Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after installing the June 2022 Patch Tuesday updates. [...] via BleepingComputer (author: Sergiu Gatlan)

Client-side Magecart attacks still around, but more covert via Malwarebytes Labs (author: Threat Intelligence Team)

This phone-wiping Android banking trojan is getting nastier The BRATA Android banking trojan aims to gain a persistent foothold on a target's network. via Latest topics for ZDNet in Security

Ransomware attacks: This is the data that cyber criminals really want to steal There are certain types of data that criminals target the most, according to an analysis of attacks. via Latest topics for ZDNet in Security

This new Windows 11 privacy feature shows when apps access your microphone, camera or location Microsoft has enabled a new privacy feature for Windows 11 that shows which apps access sensitive data or devices like the microphone. via Latest topics for ZDNet in Security

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

A week in security (June 13 – June 19) Last week on Malwarebytes Labs: ● Serious vulnerabilities found in ITarian software, patches available for SaaS products ● Update Chrome now: Four high risk vulnerabilities found ● Taking down the IP2Scam tech support campaign ● Don’t panic! “Unpatchable” Mac vulnerability discovered ● Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CVEs) ● “Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft ● Instagram scam steals your selfies to trick your friends ● Karakurt extortion group: Threat profile ● Email compromise leads to healthcare data breach at Kaiser Permanente ● It’s official, today you can say goodbye to Internet Explorer. Or can you? ● Update now! Microsoft patches Follina, and many other security updates ● Firefox stops advertisers tracking you as you browse, calls itself the most “private and secure major browser” ● Reco...

Securing the software supply chain, with Kim Lewandowski: Lock and Code S03E13 At the start of the global coronavirus pandemic, nearly everyone was forced to learn about the “supply chain.” Immediate stockpiling by an alarmed (and from a smaller share, opportunistic) public led to an almost overnight disappearance of hand sanitizer, bottled water, toilet paper, and face masks. In time, those items returned to stores. But then a big ship got stuck in the Suez, and once again, we learned even more about the vulnerability of supply chains. They can handle little stress. They can be derailed with one major accident. They spread farther than we know. While the calamity in the canal involved many lessons, there was another story in late 2020 that required careful study in cyberspace—an attack on the digital supply chain. That year, attackers breached a network management tool called Orion, which is developed by the Texas-based company SolarWinds. Months before the attack was caught, ...

BRATA Android Malware Gains Advanced Mobile Threat Capabilities The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

QNAP NAS devices targeted by surge of eCh0raix ransomware attacks This week a new series of ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices according to user reports and sample submissions on the ID-Ransomware platform. [...] via BleepingComputer (author: Sergiu Gatlan)

This browser extension lets you remove specific sites from search results The uBlackList browser extension lets you clean up search results by removing specific sites when searching on Google, DuckDuckGo, Bing, and other search engines. [...] via BleepingComputer (author: Lawrence Abrams)

eCh0raix ransomware starts targeting QNAP NAS devices again This week a new series of ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices according to user reports and sample submissions on the ID-Ransomware platform. [...] via BleepingComputer (author: Sergiu Gatlan)

New phishing attack infects devices with Cobalt Strike Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. [...] via BleepingComputer (author: Bill Toulas)

Wave of 'Matanbuchus' spam is infecting devices with Cobalt Strike Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. [...] via BleepingComputer (author: Bill Toulas)

Tinder Swindlers: How scammers steal your heart, then your money Love bombing, catfishing, blackmail, and more: Here are common tactics criminals use to lure you into parting with cash or private information. via Latest topics for ZDNet in Security

Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and Italy An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

How do I get OneDrive under control? [Ask ZDNet] Got a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer. via Latest topics for ZDNet in Security

QNAP 'thoroughly investigating' new DeadBolt ransomware attacks Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. [...] via BleepingComputer (author: Sergiu Gatlan)

Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild. The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity and affects multiple versions starting from 3.0. It has been fixed in 3.0.34.2 , 3.1.10, 3.2.28, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft: June Windows updates may break Wi-Fi hotspots Microsoft is investigating a newly acknowledged issue causing connectivity issues when using Wi-Fi hotspots after deploying Windows updates released during the June 2022 Patch Tuesday. [...] via BleepingComputer (author: Sergiu Gatlan)

Sophos Firewall zero-day bug exploited weeks before fix Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. [...] via BleepingComputer (author: Ionut Ilascu)

iCloud hacker gets 9 years in prison for stealing nude photos A California man who hacked thousands of Apple iCloud accounts was sentenced to 8 years in prison after pleading guilty to conspiracy and computer fraud in October 2021. [...] via BleepingComputer (author: Sergiu Gatlan)

Photos of kids taken from spyware-ridden phones found exposed on the internet A stalkerware -type app that boasts “the best free phone spying software on the market,” has exposed the data it snooped on from the phones it was installed in. The data exposed by TheTruthSpy included GPS locations and photos on victims’ phones, and images of children and babies. This news, first reported by Motherboard , is the latest in a lengthening list of spyware brands breached due to their poor cybersecurity hygiene. And TheTruthSpy is hardly the first of its kind to put kids’ data at risk. The images exposed by TheTruthSpy were available to anyone who visited a particular URL on TheTruthSpy’s website. The photos included those of a young boy looking at the camera, a baby’s soiled diaper, a pet cat, and photos of the inside of someone’s home. TheTruthSpy can be downloaded from the Google Play and Apple App stores. According to its website, it has 15+ features , including monitoring multiple c...

High-Severity RCE Vulnerability Reported in Popular Fastjson Library Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called "AutoType." It was patched by the project maintainers in via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

MaliBot: A New Android Banking Trojan Spotted in the Wild A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot. The information stealing trojan, codenamed MaliBot by F5 Labs, is as feature-rich as its counterparts, allowing it to steal credentials and cookies, bypass multi-factor via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication. Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Firefox: Our new cookie protection will stop companies tracking you across sites Firefox puts website tracking cookies in a "cookie jar" to fence them in exclusively to the site that dropped the cookie. via Latest topics for ZDNet in Security

Comprehensive, Easy Cybersecurity for Lean IT Security Teams Starts with XDR Breaches don't just happen to large enterprises. Threat actors are increasingly targeting small businesses. In fact, 43% of data breaches involved small to medium-sized businesses. But there is a glaring discrepancy. Larger businesses typically have the budget to keep their lights on if they are breached. Most small businesses (83%), however, don't have the financial resources to recover if they via The Hacker News (author: noreply@blogger.com (The Hacker News))

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub. [...] via BleepingComputer (author: Ionut Ilascu)

New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed Hertzbleed by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling (DVFS), power and thermal via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

A tiny botnet launched the largest DDoS attack on record A small but powerful army of just 5,000 devices generated a record-breaking web attack. via Latest topics for ZDNet in Security

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Patch Tuesday: Microsoft Issues Fix for Actively Exploited 'Follina' Vulnerability Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are 55 other flaws, three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, five other shortcomings were resolved in the Microsoft Edge browser. &LT!- via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Ransomware gang creates site for employees to search for their stolen data The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack [...] via BleepingComputer (author: Lawrence Abrams)

Brazil's data protection authority to gain independence from presidential office This will enable the body to fully perform its functions, and it falls in line with other regulatory regimes around the world. via Latest topics for ZDNet in Security

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Gallium hackers backdoor finance, govt orgs using new PingPull malware The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa. [...] via BleepingComputer (author: Bill Toulas)

Internet Explorer (almost) breathes its final byte on Wednesday Microsoft will finally end support for Internet Explorer on multiple Windows versions on Wednesday, June 15, almost 27 years after its launch on August 24, 1995. [...] via BleepingComputer (author: Sergiu Gatlan)

Quick and Simple: BPFDoor Explained BPFDoor isn't new to the cyberattack game — in fact, it's gone undetected for years — but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the stealthy nature of malware, how it works, and how it can be prevented. What's BPFDoor? BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit via The Hacker News (author: noreply@blogger.com (The Hacker News))

A week in security (June 6 – June 12) Last week on Malwarebytes Labs: ● FBI warns of scammers soliciting donations for Ukraine ● Microsoft autopatch is here…but can you use it? ● Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool ● Rotten apples banned from App store ● Hackers can take over accounts you haven’t even created yet ● Ransomware Task Force priorities see progress in first year ● Coffee app in hot water for constant tracking of user location ● SSNDOB stolen data marketplace shut down by global law enforcement operation ● 5 Linux malware families SMBs should protect themselves against ● Awful 4chan chat bot spouts racial slurs and antisemitic abuse ● MakeMoney malvertising campaign adds fake update template ● Apple’s passkeys attempt to solve the password problem ● Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices ● BlackBasta is the latest ransomware to targe...

Hello XD Ransomware Installing Backdoor on Targeted Windows and Linux Systems Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool ' DIG.net ,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. " via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

 0_0

Show HN: Ory Kratos – Open-source identity server written in Go https://ift.tt/rKuEb8W June 9, 2022 at 02:17PM

Show HN: Big HN – Tiny Userscript to Increase Font Size on HN https://ift.tt/BeyWq1X June 11, 2022 at 12:20AM

Show HN: A web-based sequencer where you can make, listen to, and share patterns https://drawbeats.com/ June 11, 2022 at 12:30AM

Show HN: Finance for Founders Guide https://ift.tt/QaymPqL June 10, 2022 at 06:32PM

Show HN: LinkWarden – A self-hosted bookmark and archive manager https://ift.tt/rMEm8WG June 9, 2022 at 11:26PM

Show HN: I built a tool to describe ~4.3B colors A simple tool I made over the week to explore and learn about different colors. You can select any color with any opacity #000000-FFFFFFFF (~4.3 billion colors/variants), and you can view a dedicated page detailing the color's closest name, conversions to Hex, RGB, CMYK, etc., shades, tints, tones, harmonies, opacities, and WCAG contrast compliance. https://colorwaze.com June 10, 2022 at 10:57PM