InfoSec News

CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit. [...] via BleepingComputer (author: Ionut Ilascu)

Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected restaurants and posted for sale on the dark web. "The online ordering platforms MenuDrive and Harbortouch via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Racoon Stealer is Back — How to Protect Your Organization The Racoon Stealer malware as a service platform gained notoriety several years ago for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast trove of via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (The Hacker News))

Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Your biggest cyber crime threat has almost nothing to do with technology One type of cyberthreat is costing us all billions, and it's all to do with manipulating people rather than machines. via Latest stories for ZDNet in Security

North Korean hackers attack EU targets with Konni RAT malware Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. [...] via BleepingComputer (author: Bill Toulas)

Chrome use subject to restrictions in Dutch schools over data security concerns The Ministry of Education in the Netherlands has decided to place a conditional ban on the use of the Chrome OS and Chrome web browser until August 2023 over concerns about data privacy. [...] via BleepingComputer (author: Bill Toulas)

Massive Microsoft 365 outage caused by faulty ECS deployment In a preliminary post-incident report, Microsoft has revealed that this week's 5-hour-long Microsoft 365 worldwide outage was triggered by a faulty Enterprise Configuration Service (ECS) deployment that led to cascading failures and availability impact across multiple regions. [...] via BleepingComputer (author: Sergiu Gatlan)

Here are the top phone security threats in 2022 and how to avoid them Your handset is always at risk of being exploited. Here's what to look out for. via Latest stories for ZDNet in Security

The Week in Ransomware - July 22nd 2022 - Attacks abound New ransomware operations continue to be launched this week, with the new Luna ransomware found to be targeting both Windows and VMware ESXi servers. [...] via BleepingComputer (author: Lawrence Abrams)

Hacker selling Twitter account data of 5.4 million users for $30k Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. [...] via BleepingComputer (author: Lawrence Abrams)

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Ukrainian radio network hacked to spread fake news about Zelenskiy On Thursday, Ukrainian media group TAVR Media confirmed that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care. [...] via BleepingComputer (author: Sergiu Gatlan)

Google Bringing the Android App Permissions Section Back to the Play Store Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of tweets. "We heard your feedback that you find the app permissions section in Google Play useful, and via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

An Easier Way to Keep Old Python Code Healthy and Secure Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (The Hacker News))

Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy's Health Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk," via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Windows 11 KB5015882 update fixes bugs causing File Explorer to freeze Microsoft has released the optional KB5015882 Preview cumulative update for Windows 11 with 20 fixes or improvements, including new Focus Assist and OS upgrade features. [...] via BleepingComputer (author: Lawrence Abrams)

Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems. Of the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity. The most severe of the issues are CVE-2022-20857, CVE-2022-20858, via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Neopets data breach exposes personal data of 69 million members Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members. [...] via BleepingComputer (author: Lawrence Abrams)

Keep your data safe forever with these two apps for only $30 It's not just when you're online that your data is at risk. Hackers use social engineering to crack your passwords, as well. via Latest stories for ZDNet in Security

Google boosts Android privacy with support for DNS-over-HTTP/3 Google has added support for the DNS-over-HTTP/3 (DoH3) protocol on Android 11 and later to increase the privacy of DNS queries while providing better performance. [...] via BleepingComputer (author: Bill Toulas)

Dealing With Alert Overload? There's a Guide For That The Great Resignation – or the Great Reshuffle as some are calling it – and the growing skills gap have been dominating headlines lately. But these issues aren't new to the cybersecurity industry. While many are just now hearing about employee burnout, security teams have faced reality and serious consequences of burnout for years. One of the biggest culprits? Alert overload. The average via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (The Hacker News))

Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

New Luna ransomware encrypts Windows, Linux, and ESXi systems A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems. [...] via BleepingComputer (author: Sergiu Gatlan)

Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia" Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to Turla, an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022," Palo Alto Networks Unit 42 said in a Tuesday via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Hacking group '8220' grows cloud botnet to more than 30,000 hosts A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts. [...] via BleepingComputer (author: Bill Toulas)

New CloudMensis malware backdoors Macs to steal victims’ data Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks. [...] via BleepingComputer (author: Sergiu Gatlan)

Roblox breached: Internal documents posted online by unknown attackers A data compromise situation has impacted Roblox Corporation, the developers of the massive smash-hit video game Roblox. An as-yet unknown attacker has breached an employee account, and is in the process of exposing the data they’ve collected. Nobody knows if they’ve exhausted their newly-plundered treasure trove, or if more leaks will follow. Hacks and compromise: from myth to reality The Roblox player base is young, and naturally enough worried about risks from cheats and account compromise. As a result, Roblox spends a fair amount of time debunking hacking myths . The most well known of these debunks probably relates to its John Doe and Jane Doe developer managed accounts. Sadly for Roblox, this time around it appears that the compromise is very real with one key difference. It’s the developers under attack, rather than the players. For the time being, at least, they remain unaffected. Internal employ...

FBI: These fake apps are trying to steal your crypto. Here's what to watch out for Crypto fans have already lost millions - don't make the same mistakes. via Latest stories for ZDNet in Security

Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of via The Hacker News - Most Trusted Cyber Security and Computer Security Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

FBI Warns of Fake Cryptocurrency Apps Stealing Millions from Investors The U.S. Federal Bureau of Investigation (FBI) has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space. "The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals via The Hacker News - Cybersecurity News and Analysis (author: noreply@blogger.com (Ravie Lakshmanan))

Enforcing Password History in Your Windows AD to Curb Password Reuse 65% of end-users openly admit to reusing the same password for one or more (or all!) of their accounts. Password history requirements discourage this behavior by making it more difficult for a user to reuse their old password. [...] via BleepingComputer (author: Sponsored by Specops)

Extortionists target restaurants, demand money to take down bad reviews Restaurants and other eating establishments are being targeted by extortionists who post fake reviews online and then offer to remove them in exchange for a gift card. The possibility has always existed to leave poor reviews on Google Maps and elsewhere. However, seeing fraudsters get organised and issue extortion threats alongside the review is a new development. According to the New York Times , businesses are being “deluged” with the poor reviews. Extortion threats are then mailed to the business owners, apologising for the actions but insisting that $75 Google Play gift cards be purchased in order to have the poor reviews erased. Card codes are mailed to a ProtonMail account, where the scammers pick up their bounty. The codes are likely sold on at this point to turn a tidy profit. We don’t know if anyone actually sent a card code to the relevant mail address, nor if any reviews were removed by the fraud...

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said. "Further, the software was a malware via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

A week in security (July 11 – July 17) Last week on Malwarebytes Labs: ● Elden Ring maker Bandai Namco hit by ransomware and data leaks ● Predatory Sparrow massively disrupts steel factories while keeping workers safe ● New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs ● China’s Tonto Team increases espionage activities against Russia ● Endpoint security for Mac: 3 best practices ● Low-income consumers preyed on by fake ISP during pandemic, FCC says ● Ransomware rolled through business defenses in Q2 2022 ● Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign ● WhatsApp warns users: Fake versions of WhatsApp are trying to steal your personal info ● Update now—July Patch Tuesday patches include fix for exploited zero-day ● Fake streamed cricket matches knocks victims for six ● PyPI starts rolling out required 2FA for important projects ● Insecure password leads to Mangatoon data breach St...

Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking Juniper Networks has pushed security updates to address several vulnerabilities affecting multiple products, some of which could be exploited to seize control of affected systems. The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to release versions 22.1R1 and 21.4.0, respectively. Chief among them is a collection of 31 bugs in the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Open source security needs automation as usage climbs amongst organisations Tapping open source does not make in-house applications any less secure, but enterprises will need to navigate the complexities of managing such environments so they can quickly respond to new vulnerabilities. via Latest topics for ZDNet in Security

The Matrix messaging network now counts more than 60 million users The Matrix open network for decentralized communication has announced a record growth of 79% in the past 12 months, now counting more than 60 million users. [...] via BleepingComputer (author: Bill Toulas)

Elastix VoIP systems hacked in massive campaign to install PHP web shells Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. [...] via BleepingComputer (author: Bill Toulas)

Hackers pose as journalists to breach news media org’s networks Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. [...] via BleepingComputer (author: Bill Toulas)

Massive campaign hits Elastix VoIP systems with 500,000 unique malware samples Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. [...] via BleepingComputer (author: Bill Toulas)

Get online training for 15 different CompTIA exams for under $60 These iCollege courses pave the path to any number of IT careers. via Latest topics for ZDNet in Security

Google Removes "App Permissions" List from Play Store for New "Data Safety" Section Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's Privacy Nutrition via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Attackers scan 1.6 million WordPress sites for vulnerable plugin Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication. [...] via BleepingComputer (author: Bill Toulas)

This tiny botnet is launching the most powerful DDoS attacks yet 5,000 hijacked machines behind the Mantis botnet have launched 3,000 attacks in the past month. via Latest topics for ZDNet in Security

North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Mantis Botnet Behind the Largest HTTPS DDoS Attack Targeting Cloudflare Customers The botnet behind the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users. The most attacked industry verticals include internet and telecom, media, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft links Holy Ghost ransomware operation to North Korean hackers For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries. [...] via BleepingComputer (author: Ionut Ilascu)

Holy Ghost ransomware operation linked to North Korean hackers For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries. [...] via BleepingComputer (author: Ionut Ilascu)

Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Google: Here's how we got to rolling desktop Linux releases after Ubuntu to Debian switch Google details the benefits of moving from "big bang" OS upgrades to rolling releases. It saved its engineers from burn out. via Latest topics for ZDNet in Security

CoinPayments to shut down in US — 5 days left to withdraw funds Global crypto payments gateway, CoinPayments.net is ceasing operations in the United States soon and has advised users to withdraw their assets before July 19th, 2022. The short notice given by the exchange via a private email left some customers suspecting if this was an "exit scam" or another mysterious incident. [...] via BleepingComputer (author: Ax Sharma)

New Retbleed speculative execution CPU attack bypasses Retpoline fixes Security researchers have discovered a new speculative execution attack called Retbleed that affects processors from both Intel and AMD and could be used to extract sensitive information. [...] via BleepingComputer (author: Ionut Ilascu)

Pakistani Hackers Targeting Indian Students in Latest Malware Campaign The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News. via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New Lilith ransomware emerges with extortion site, lists first victim A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks. [...] via BleepingComputer (author: Bill Toulas)

Ransomware rolled through business defenses in Q2 2022 via Malwarebytes Labs (author: Marcin Kleczynski)

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

VMware patches vCenter Server flaw disclosed in November Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA (Integrated Windows Authentication) mechanism, VMware has finally released a patch for one of the affected versions. [...] via BleepingComputer (author: Sergiu Gatlan)

Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution. [...] via BleepingComputer (author: Bill Toulas)

Fraud protection efforts target fake corporate identities online and offline Efforts from Amazon and First Orion are among the ways that companies are cracking down on perpetrators of consumer fraud. via Latest topics for ZDNet in Security

CISA orders agencies to patch new Windows zero-day used in attacks CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild. [...] via BleepingComputer (author: Sergiu Gatlan)

New ‘Luna Moth’ hackers breach orgs via fake subscription renewals A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom. [...] via BleepingComputer (author: Bill Toulas)

PyPI starts rolling out required 2FA for important projects The Python Package Index (PyPI) says it has begun rolling out a two-factor authentication (2FA) requirement which enforces maintainers of critical projects to have 2FA enabled to publish, update, or modify them. PyPI plays an important role in the Python developers’ ecosystem. Python repository PyPi is the repository of software for the Python programming language. Python is a high-level, interpreted, general-purpose programming language. And it is a very popular language often used on servers to create web applications. Many web developers, and others, use Python packages or add-on libraries from other developers as building blocks to develop their own projects. The Python Software Foundation (PSF) manages the PyPI repository where Python developers can get third-party developed open-source packages for their projects. Critical projects The projects rated as critical by the PSF are those that are in the top 1% ...

Insecure password leads to Mangatoon data breach The hugely popular Manga comics platform Mangatoon has fallen victim to a data breach . No fewer than 23 million user accounts could be at risk, thanks to a poorly secured database. Worse still, Mangatoon doesn’t seem to be responding to messages from the breacher, or people notifying it that the breach has taken place. A limited edition run of exposed accounts Mangatoon allows comics fans to read a variety of web comics for free via the app, with the option to “unlock” whole comics for a fee. Unfortunately for Mangatoon, its Elasticsearch database was compromised leading to several attempts to get its attention. ---------------------- Anyone got a security contact at @MangatoonEN ? DMs are closed and apparently they haven't been responding to emails attempting to reach them. — Troy Hunt ( @troyhunt ) July 4, 2022 ---------------------- No response was forthcoming by email or even social media. While it’s possible every...

TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the social video platform without their permission to do so. The reversal, reported by TechCrunch, comes a day after the Italian data protection authority — the Garante per la Protezione dei Dati Personali — warned the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies Businesses know they need to secure their client-side scripts. Content security policies (CSPs) are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours (or days) in manual code reviews through thousands of lines of script on your web applications. Automated content security via The Hacker News (author: noreply@blogger.com (The Hacker News))

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems Microsoft on Monday announced the general availability of a feature called Autopatch that automatically keeps Windows and Office software up-to-date on enrolled endpoints. The launch, which comes a day before Microsoft is expected to release its monthly round of security patches, is available for customers with Windows Enterprise E3 and E5 licenses. It, however, doesn't support Windows Education via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hackers can unlock Honda cars remotely in Rolling-PWN attacks A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely. [...] via BleepingComputer (author: Bill Toulas)

Europe threatens to ban Facebook over data transfers to the US If regulators have their way, data transfers from Facebook and Instagram between Europe and the United States could stop this summer . (WhatsApp, another Meta service, will not be affected by the decision as it has a different data controller within Meta.) This could force Meta, Facebook’s parent company, to undergo some radical changes with the way it handles data from Europe, such as setting up local data centers. Otherwise, it will have no choice but to pull out of Europe . The Irish Data Protection Commission (DPD) sent a draft of its final decision on Thursday to its European counterparts regarding banning Meta from receiving user data from Europe. A Meta spokesperson told the Telegraph , “This draft decision, which is subject to review by European Data Protection Authorities, relates to a conflict of EU and US law which is in the process of being resolved.” “We welcome the EU-US agreement for a new legal frame...

Microsoft appears to be rolling back Office Macro blocking We’re seeing several reports indicating that Microsoft may have rolled back its decision to block Macros in Office . Currently no official statement exists—the reports rely on a post by a Microsoft employee in the replies of the original article where the plan to block macros was announced . Earlier this year, Microsoft decided to disable macros downloaded from the Internet in five Office apps, by default. Users trying to open files downloaded from the Internet that contained macros would see a message, with a link to an article explaining the block. ---------------------- SECURITY RISK: Microsoft has blocked macros from running because the source of this file is untrusted ---------------------- Malicious macros have been popular with criminals for more than three decades, and the step was welcomed by the security community. However, some users of Microsoft products have queried a surprising change. Dangerous files d...

Tech support scammers caught by their own cameras A Youtuber has hacked into the CCTV cameras of an office used by tech support scammers and reported them to the police. The video feed of what is going on in that office ends with the arrest of the scammers. CCTV The Youtuber, acting under the handle Scambaiter , turned his attention to Punjab in India to spy on a group of Tech Support scammers. “Scambaiting” means scamming the scammers, often by pretending to take their bait and wasting their time. The reasoning is that while the scammer is busy trying to reel the scambaiter in, they don’t have time to victimize someone else. Which makes it doing a good deed while having some fun. Scambaiter, goes a little further than simply wasting scammers’ time. He has amassed almost 1.5 million YouTube followers by “hacking back” against the scammers and exposing where and how they work—in this case by using the scammers’ own CCTV cameras against them. Scambaiter also hacked into some...

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged. According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication (2FA) condition for projects deemed "critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index (PyPI) said in a tweet last week. "Any maintainer of a via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

4 ways businesses can save money on cyber insurance via Malwarebytes Labs (author: Bill Cozens)

North Korean APT targets US healthcare sector with Maui ransomware via Malwarebytes Labs (author: Jovi Umawing)

How the FBI quietly added itself to criminals’ instant message conversations via Malwarebytes Labs (author: Pieter Arntz)

New Google Chrome feature reduces CPU use to extend battery life Google is testing a new 'Quick Intensive Throttling' feature that reduces CPU time by 10%, extending the battery life for laptops and mobile devices. [...] via BleepingComputer (author: Lawrence Abrams)

Maastricht University wound up earning money from its ransom payment Maastricht University (UM), a Dutch university with more than 22,000 students, said last week that it has recovered the ransom paid after a ransomware attack that hit its network in December 2019. [...] via BleepingComputer (author: Sergiu Gatlan)

PyPI mandates 2FA for critical projects, developer pushes back On Friday, the Python Package Index (PyPI), repository of open source Python projects announced plans to rollout two factor authentication for maintainers of "critical" projects. Although many praised the move, the developer of a popular Python project decided to delete his code from PyPI in retaliation. [...] via BleepingComputer (author: Ax Sharma)

Microsoft Outlook email searches are broken again in Windows 11 Microsoft is investigating an issue causing Outlook search not to display recent emails in desktop apps running on Windows 11 systems. [...] via BleepingComputer (author: Sergiu Gatlan)

Mangatoon data breach exposes data from 23 million accounts Manga comic reading app Mangatoon has suffered a data breach that exposed the account information of 23 million users after a hacker stole it from an Elasticsearch database. [...] via BleepingComputer (author: Lawrence Abrams)

Microsoft says Outlook search is broken again on Windows 11 Microsoft is investigating an issue causing Outlook search not to display recent emails in desktop apps running on Windows 11 systems. [...] via BleepingComputer (author: Sergiu Gatlan)

Hackers Exploiting Follina Bug to Deploy Rozena Backdoor A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as CVE-2022-30190, the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

The Week in Ransomware - July 8th 2022 - One down, many to go While we continue to see new ransomware operations launch, we also received some good news this week, with another ransomware shutting down. [...] via BleepingComputer (author: Lawrence Abrams)

Microsoft Quietly Rolls Back Plan to Block Office VBA Macros by Default Five months after announcing plans to disable Visual Basic for Applications (VBA) macros by default in the Office productivity suite, Microsoft appears to have rolled back its plans. "Based on feedback received, a rollback has started," Microsoft employee Angela Robertson said in a July 6 comment. "An update about the rollback is in progress. I apologize for any inconvenience of the rollback via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Why Developers Hate Changing Language Versions Progress powers technology forward. But progress also has a cost: by adding new capabilities and features, the developer community is constantly adjusting the building blocks. That includes the fundamental languages used to code technology solutions. When the building blocks change, the code behind the technology solution must change too. It's a challenging and time-consuming exercise that via The Hacker News (author: noreply@blogger.com (The Hacker News))

Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Free decryptor released for AstraLocker, Yashma ransomware victims New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom. [...] via BleepingComputer (author: Sergiu Gatlan)

Singapore still working on rules to tighten social media enforcement Details of the enforcement framework that will instruct social media platforms to disable access to "harmful" content will be revealed "in due course", says the Singapore government in several parliamentary responses this week that also cover digital banking service disruptions and cybersecurity measures. via Latest topics for ZDNet in Security

TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine In what's being described as an "unprecedented twist," the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft rolls back decision to block Office macros by default While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said on Thursday that it will roll back this change based on "feedback" until further notice. [...] via BleepingComputer (author: Sergiu Gatlan)

North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Over 1200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign Researchers have disclosed a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts. "This was done using automation which includes the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Cisco and Fortinet Release Security Patches for Multiple Products Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

The Age of Collaborative Security: What Tens of Thousands of Machines Witness Disclaimer: This article is meant to give insight into cyber threats as seen by the community of users of CrowdSec. What can tens of thousands of machines tell us about illegal hacker activities? Do you remember that scene in Batman - The Dark Knight, where Batman uses a system that aggregates active sound data from countless mobile phones to create a meta sonar feed of what is going on at any via The Hacker News (author: noreply@blogger.com (The Hacker News))

Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system. The malware gets its name from one of the filenames that's utilized to temporarily store the output of executed commands ("/tmp/.orbit"), according to cybersecurity firm Intezer. "It can be installed via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Windows 11 Subsystem for Android can now use VPN-assigned IPs Microsoft has released an update for the Windows Subsystem for Android, allowing all Windows 11 Insiders to use their VPN's IP address with Android apps. [...] via BleepingComputer (author: Lawrence Abrams)

Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "designed to avoid detection by endpoint via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

The End of False Positives for Web and API Security Scanning? July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps. Today, ImmuniWeb via The Hacker News (author: noreply@blogger.com (The Hacker News))

Endless cyber-threat pressure could leave security staff burnt out. Here's what you need to change Businesses need to act to boost their cybersecurity but they also need to help staff who are working with increased stress, says NCSC. via Latest topics for ZDNet in Security

To stop quantum hackers, the US just chose these four quantum-resistant encryption algorithms The US now has four post-quantum cryptographic algorithms it plans to make part of a new set of public-key cryptography standards by 2024. via Latest topics for ZDNet in Security

Bitter APT Hackers Continue to Target Bangladesh Military Entities Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans," cybersecurity firm SECUINFRA said in a new write-up published on July 5. The findings from the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method The operators of the Hive ransomware-as-a-service (RaaS) scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method. "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," Microsoft Threat via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New RedAlert Ransomware targets Windows, Linux VMware ESXi servers A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. [...] via BleepingComputer (author: Lawrence Abrams)

Ukrainian police takes down phishing gang behind payments scam Gang may have defrauded 5,000 people with promises of EU support. via Latest topics for ZDNet in Security

As New Clues Emerges, Experts Wonder: Is REvil Back? Change is a part of life, and nothing stays the same for too long, even with hacking groups, which are at their most dangerous when working in complete silence. The notorious REvil ransomware gang, linked to the infamous JBS and Kaseya, has resurfaced three months after the arrest of its members in Russia. The Russian domestic intelligence service, the FSB, had caught 14 people from the gang. In via The Hacker News (author: noreply@blogger.com (The Hacker News))

Google races out patch for high-severity Chrome browser zero-day on Windows and Android Google pushes out a fix for Chrome due to a flaw affecting its WebRTC stack in the browser that is under attack. via Latest topics for ZDNet in Security

Singapore may introduce further cryptocurrency restrictions Singapore government says it is exploring the possibility of implementing additional rules to safeguard consumer interests, pointing to potential restrictions on retail participation and cryptocurrency transactions. via Latest topics for ZDNet in Security

Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. "Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites," Cisco Talos researcher Paul Eubanks via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

HackerOne insider fired for trying to claim other people’s bounties The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne HackerOne acts as a mediator between white hat hackers that find software vulnerabilities, and software vendors who want to know about weaknesses in their products. The vendors let HackerOne take care of the first steps after a vulnerability is discovered in their software. The hackers submit detailed reports to be evaluated and triaged by HackerOne. Generally you will see the platform referred to as a bug bounty program, because part of the business entails paying rewards to the white hat hackers that find new vulnerabilities. Disclosure Responsible disclosure is one of the pillars of trust that platforms like HackerOne are ...