InfoSec News

Bosses spying on you? Here's the most disastrous truth about surveillance software With remote and hybrid working, many companies have resorted to instant, constant surveillance of their employees. But does it work? via Latest stories for ZDNET in Security

American Airlines learned it was breached from phishing targets American Airlines says its Cyber Security Response Team (CIRT) found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee's hacked Microsoft 365 account. [...] via BleepingComputer (author: Sergiu Gatlan)

American Airlines learned they were breached from phishing targets American Airlines says its Cyber Security Response Team (CIRT) found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee's hacked Microsoft 365 account. [...] via BleepingComputer (author: Sergiu Gatlan)

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he remains in police custody." The department said the arrest was made as part of an investigation in via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hackers Actively Exploiting New Sophos Firewall RCE Vulnerability Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company said it via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

A first look at the builder for LockBit 3.0 Black via Malwarebytes Labs

Malwarebytes recognized as endpoint security leader by G2 via Malwarebytes Labs

Welcome to high tech hacking in 2022: Annoying users until they say "yes" via Malwarebytes Labs

The Week in Ransomware - September 23rd 2022 - LockBit leak This week we saw some embarrassment for the LockBit ransomware operation when their programmer leaked a ransomware builder for the LockBit 3.0 encryptor. [...] via BleepingComputer (author: Lawrence Abrams)

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021. "Void Balaur [...] primarily dabbles via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Why MFA matters: These attackers cracked admin accounts then used Exchange to send spam None of the accounts broken into had MFA enabled, which could have stopped the attack from progressing so fast. via Latest stories for ZDNET in Security

Hackers Using Malicious OAuth Apps to Take Over Email Servers Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. "The malware's RAT capabilities allow the attacker to via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Medtronic's MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA The US FDA (Food and Drug Administration) has warned users of Medtronic's MiniMed 600 Series Insulin Pump System—specifically, models for MiniMed 630G and MiniMed 670G —that their medical devices have a cybersecurity issue with its communication protocol. If compromised, attackers could gain unauthorized access to the pump system itself, and alter it to deliver too much or too little insulin to the patient. Because the MiniMed 600 series devices have components (the insulin pump, the blood glucose meter, the continuous glucose monitoring transmitter, and the CareLink USB device) that communicate wirelessly, nearby attackers could gain unauthorized access to them when the pump is paired with these components. Medtronic clearly stated that such an attack could not be done over the internet. "Medtronic has no evidence to date that such an issue has occurred," the company's ...

CISA warns of critical ManageEngine RCE bug used in attacks The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalog of bugs exploited in the wild. [...] via BleepingComputer (author: Sergiu Gatlan)

Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, IT management. The shortcoming, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

5 things to teach your kids about social media via Malwarebytes Labs

Vulnerable children's identities used in tax fraud scheme The United States Attorney for the Southern District of New York has sentenced Ariel "Melo" Jimenez (38) to 12 years in prison for leading a "tax fraud and identity theft conspiracy" that resulted in the fraudulent claiming of tax credits, earning him millions of dollars. "Ariel Jimenez was the leader of a long-running fraudulent tax business that cheated the Government of tax refunds by stealing the identities of vulnerable children and using those identities to falsely claim tax credits on behalf of his clients," said US Attorney General Damian Williams in a press release . "Today's sentence holds Jimenez accountable for brazenly selling the identities of children to his customers for his own profit." Jimenez was arrested with eight of his co-conspirators: Evelin Jimenez and Ana Yessenia Jimenez, his sisters; Ireline Nunez, Leyvi Castillo, Cinthia Federo, Guillermo Arias Mo...

Scammers send fake 'Energy Bills Support Scheme' texts Watch out for an energy-themed scam being sent out via SMS. The message plays on energy price fears, similar to what we’ve seen previously . ---------------------- Scam alert. I just received this text. Click through and it looks very official. It’s a scam. The £400 energy bill discount is automatic, you don’t need to register or share any details with anyone. Please be aware. pic.twitter.com/76bT9YSkOy — Marc Ashdown ( @marcashdown ) September 20, 2022 ---------------------- It reads as follows: GOVUK: We have identified you as eligible for a discounted energy bill under the Energy Bills Support Scheme. You can apply here [URL] The message, which claims to be from the UK government, directs clickers to a phishing page which resembles a typical gov.uk website. ---------------------- Energy Bills Support Scheme Register now to receive a £400 non-repayable discount under the Energy Bills Support Scheme. ...

Tax refund phish logs keystrokes to swipe personal details There’s been some smart phishing campaigns running over the last few weeks, and this one is particularly sneaky. Bleeping Computer reports that a phishing page is targeting Greek taxpayers with a tax refund scam . The added sting in the tail comes in the form of an embedded keylogger which grabs everything entered onto the page. An untimely tax refund The phishing mails rely on that time-honoured tradition of bogus tax returns and non-existent refunds. The landing page, which mimics an official gov.gr portal, reads as follows: ---------------------- The Hellenic Tax Office has calculated your tax return, you are entitled to a tax refund of Є634.13 (around $633 USD). We have tried to transfer the amount to your account. Unfortunately we were unable to confirm your current account number. ---------------------- What follows is a drop-down form where the victim can select their bank and “log into the portal”. Accordin...

Windows 11 gets better protection against SMB brute-force attacks Microsoft announced that the Windows 11 SMB server is now better protected against brute-force attacks with the release of the Insider Preview Build 25206 to the Dev Channel. [...] via BleepingComputer (author: Sergiu Gatlan)

Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests on June 27, 2022. The "strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peaked at 3.9 million requests per second (RPS). "Attackers used HTTP/2 multiplexing, or combining via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

American Airlines suffers data breach after phishing incident via Malwarebytes Labs

Grand Theft Auto 6 suffers grand theft via Malwarebytes Labs

Kiwi Farms breached, user data potentially exposed The operators of a site known to most observers for being in a recent state of flux have announced a forum breach. Kiwi Farms, which gained a reputation for sophisticated trolling and doxxing , was recently dropped by Cloudflare after a sustained campaign to have the DDoS mitigation and cloud hosting service abandon the forum. The site has since returned, but with a major problem: a breach which potentially reveals a large amount of user data. The breach revealed The site creator had the following to say in relation to the compromise: The forum was hacked. You should assume the following. Assume your password for the Kiwi Farms has been stolen. Assume your email has been leaked. Assume any IP you've used on your Kiwi Farms account in the last month has been leaked. The attack made use of the synergy between the main forum site and a second site, XenForo. The latter is a commercial internet forum software package...

Imperva mitigated long-lasting, 25.3 billion request DDoS attack Internet security company Imperva has announced its DDoS (distributed denial of service) mitigation solution has broken a new record, defending against a single attack that sent over 25.3 billion requests to one of its customers. [...] via BleepingComputer (author: Bill Toulas)

2K Games says hacked help desk targeted players with malware American video game publisher 2K has confirmed that its help desk platform was hacked and used to target customers with fake support tickets pushing malware via embedded links. [...] via BleepingComputer (author: Sergiu Gatlan)

Windows 10 KB5017380 preview update released with new FIDO2 features Microsoft has released the optional KB5017380 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 with new FIDO2 and Windows Hello features. [...] via BleepingComputer (author: Lawrence Abrams)

Windows 11 22H2 adds kernel exploit protection to security baseline Microsoft has released the final version of security configuration baseline settings for Windows 11, version 22H2, downloadable today using the Microsoft Security Compliance Toolkit. [...] via BleepingComputer (author: Sergiu Gatlan)

MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue. [...] via BleepingComputer (author: Lawrence Abrams)

Indonesia finally passes personal data protection law After years of deliberation, the largest Southeast Asian market ratifies personal data protection bill, which will apply to local businesses as well as international corporations that handle data of Indonesian consumers. via Latest stories for ZDNET in Security

Uber Blames LAPSUS$ Hacking Group for Recent Security Breach Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others," the San Francisco-based via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hookup site targeted by typo-squatters via Malwarebytes Labs

EDR vs MDR vs XDR – What’s the Difference? via Malwarebytes Labs

A week in security (September 12 – 18) Last week on Malwarebytes Labs: ● The North Face hit by credential stuffing attack ● Facebook engineers aren't sure where all user data is kept ● 6 patch management best practices for businesses ● The MSP playbook on deciphering tech promises and shaping security culture ● Apple puts the password on life support with passkey ● BackupBuddy WordPress plugin vulnerable to exploitation, update now! ● Update now! Google patches vulnerabilities for Pixel mobile phones ● Important update! iPhones, Macs, and more vulnerable to zero-day bug ● Steam account credentials phished in browser-in-a-browser attack ● How to help your child manage their online reputation ● WPGateway WordPress plugin vulnerability could allow full site takeover ● Update now! Microsoft patches two zero-days ● The privacy concerns of tying SIM cards to real identities ● 5 technologies that help prevent cyberattacks for SMBs ● Malvertising on Microso...

American Airlines discloses data breach after employee email compromise American Airlines has notified customers of a recent data breach after attackers compromised some of its employees' email accounts and gained access to sensitive personal information. [...] via BleepingComputer (author: Sergiu Gatlan)

Uber blames security breach on Lapsus$, says they bought credentials on the dark web The hacker apparently gained access to several internal Uber systems after stealing a third-party contractor's credentials and then convinced the contractor to approve a two-factor authentication request. via Latest stories for ZDNET in Security

Microsoft Outlook is disabling Teams Meeting add-in, how to fix Microsoft is investigating a known issue affecting Outlook for Microsoft 365 users and preventing them from creating Teams meetings using the app's ribbon menu. [...] via BleepingComputer (author: Sergiu Gatlan)

VMware, Microsoft warn of widespread Chromeloader malware attacks The operators of the Chromeloader adware are evolving their attack methods and gradually transforming the low-risk tool into a dangerous malware loader, seen dropping ransomware in some cases. [...] via BleepingComputer (author: Bill Toulas)

Revolut hack exposes data of 50,000 users, fuels new phishing wave Revolut is sending out notices of a data breach to a small percentage of impacted users, informing them of a security incident where an unauthorized third party accessed internal data. [...] via BleepingComputer (author: Bill Toulas)

How botnet attacks work and how to defend against them Experts believe that the development of serverless technologies will further simplify the creation of botnets for DDoS attacks. Here's how Gcore can counter these threats. [...] via BleepingComputer (author: Sponsored by Gcore)

Emotet Botnet Started Distributing Quantum and BlackCat Ransomware The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zürich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegian aluminum giant Norsk Hydro. It's said to have infected more than 1,800 victims in 71 countries, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend. The tech giant's via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hands on with Windows 11's new Task Manager Windows 11 version 22H2 is arriving soon and it won't be a massive release, but there will be several quality improvements and bug fixes. Microsoft has already confirmed the features coming to Windows 11 with version 22H2 and users can test them by joining the Windows Insider Program. [...] via BleepingComputer (author: Mayank Parmar)

GTA 6 source code and videos leaked after Rockstar Games hack Grand Theft Auto 6 gameplay videos and source code have been leaked after a hacker allegedly breached Rockstar Game's Slack server and Confluence wiki. [...] via BleepingComputer (author: Lawrence Abrams)

Google, Microsoft can get your passwords via web browser's spellcheck Enhanced Spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively. [...] via BleepingComputer (author: Ax Sharma)

Emotet botnet now pushes Quantum and BlackCat ransomware While monitoring the Emotet botnet's current activity, security researchers found that the malware is now being used by the Quantum and BlackCat ransomware gang to deploy their payloads. [...] via BleepingComputer (author: Sergiu Gatlan)

New York ambulance service discloses data breach after ransomware attack Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, has disclosed a data breach that exposed customer information. [...] via BleepingComputer (author: Bill Toulas)

Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company said. "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app are operational." via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hackers Had Access to LastPass's Development Systems for Four Days Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass CEO Karim Toubba said in an update shared on September 15, adding, "there is no evidence that this via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Uber hacked via Malwarebytes Labs

3 ways MDR can drive business growth for MSPs via Malwarebytes Labs

How to manage SSH connections on MacOS with Termius Jack Wallen shows you how to easily manage your SSH connections in MacOS with the Termius GUI app. via Latest stories for ZDNET in Security

Uber security breach 'looks bad', potentially compromising all systems Hacker is believed to have breached Uber's entire network in a social engineering attack, which one security vendor says is more extensive than the company's 2016 global data breach and access logs potentially altered. via Latest stories for ZDNET in Security

Uber hacked, internal systems breached and vulnerability reports stolen Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server. [...] via BleepingComputer (author: Lawrence Abrams)

Uber Says It's Investigating a Potential Breach of Its Computer Systems Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first reported the incident. The hack is said to have forced the company to take its internal communications and engineering systems offline as it investigated the extent of the breach. via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

School app Seesaw compromised to send shock NSFW image via Malwarebytes Labs

Malvertising on Microsoft Edge's News Feed pushes tech support scams via Malwarebytes Labs

Explained: Fuzzing for security via Malwarebytes Labs

Here are the new security and privacy features of iOS 16 via Malwarebytes Labs

Cyber threat hunting for SMBs: How MDR can help via Malwarebytes Labs

US Senator reveals how US Customs has amassed data from Americans' devices Sen. Ron Wyden is urging the agency to stop the "indiscriminate rifling through Americans' private records." via Latest stories for ZDNET in Security

Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans (RATs), including Trochilus RAT, Gh0st RAT, and 9002 RAT," the Symantec Threat Hunter team, part of Broadcom Software, said in a report via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Webworm hackers modify old malware in new attacks to evade attribution Chinese cyberespionage hackers of the 'Webworm' group are undergoing experimentation, using modified decade-old RATs (remote access trojans) in the wild. [...] via BleepingComputer (author: Bill Toulas)

Gay hookup site typosquatted to push dodgy Chrome extensions, scams Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with many typosquatting domains that push scams and dubious Google Chrome extensions. In some cases, these illicit domains launch the Apple Music app prompting users to buy a subscription. [...] via BleepingComputer (author: Ax Sharma)

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

WPGateway WordPress plugin vulnerability could allow full site takeover There’s been a few WordPress plugin vulnerabilities in the wild recently, and today we have another one to add to the list. Sometimes when word breaks of a WordPress plugin issue, a fix is already available and all you have to do is perform an update. On other occasions, the attack is live and out there doing damage with no fix yet available. Sadly, this current exploit is an example of the latter. WPGateway allows WordPress users to run WordPress sites from one dashboard. Unfortunately, research shows that part of this functionality puts both the site and the site’s users at risk . Beware of rogue admins The issue in question allows unauthenticated individuals to add rogue users to the site. Those unauthorised users have full admin privileges, which essentially results in a full site takeover thanks to the plugin. At this point, the compromiser can do what they want with the hijacked website. They are i...

FBI: Hackers steal millions from healthcare payment processors The Federal Bureau of Investigation (FBI) has issued an alert about hackers targeting healthcare payment processors to route payments to bank accounts controlled by the attacker. [...] via BleepingComputer (author: Ionut Ilascu)

Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft Patch Tuesday: 64 new vulnerabilities, including five critical ones The critical vulnerabilities impact Microsoft Dynamics 365, Windows Internet Key Exchange (IKE) Protocol Extensions and Windows TCP/IP. via Latest stories for ZDNET in Security

BackupBuddy WordPress plugin vulnerable to exploitation, update now! Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat “hacks, malware, user error, deleted files, and running bad commands”. Unfortunately, running an older version of BackupBuddy could leave your site open to potential breaches . According to Security Week, the issue tagged as CVE-2022-31474 is down to an “insecure method of downloading the backups for local storing”. This results in people being able to grab files from the server without having been properly authenticated first. Traversing a WordPress installation The vulnerability is listed as a “Directory Traversal Vulnerability”, and affects users running BackupBuddy from version 8.5.8.0 up to 8.7.4.1 . The developers make the following observations: ● Using this vulnerability, attackers can view the contents of any file on your server ...

Apple puts the password on life support with passkey The "passwordless future" is something many internet users—and a great majority of the cybersecurity industry—have hoped for. Now Apple is about to make those hopes a reality. With the release of iOS 16 yesterday, and macOS Ventura next month, Apple fans will be able to use passkeys , its password replacement, for iPhones, iPads, and Macs. The word "passkey" is not unique to Apple, however. Microsoft and Google are using the term, too. Apple's passkey works like a password in that it is built into entry boxes where you put your password. It also acts as a digital key that users create to access their apps or websites. A video demonstrating passkey's use in Apple's WWDC 2022 event shows a prompt on the user's device before sign-in or during account creation, asking if they would like to "save a passkey" for the account in use. Once users say yes, they are prompted to authenticat...

Hackers now use ‘sock puppets’ for more realistic phishing attacks An Iranian-aligned hacking group uses a new, elaborate phishing technique involving multiple personas and email accounts to lure targets into opening malicious documents. [...] via BleepingComputer (author: Bill Toulas)

GPS jammers are being used to hijack trucks and down drones: How to stop them The problem of GPS jamming has spawned an array of anti-jamming solutions. via Latest stories for ZDNET in Security

6 patch management best practices for businesses via Malwarebytes Labs

The MSP playbook on deciphering tech promises and shaping security culture The in-person cybersecurity conference has returned. More than two years after Covid-19 pushed nearly every in-person event online, cybersecurity has returned to the exhibition hall. In San Francisco earlier this year, thousands of cybersecurity professionals walked the halls of Moscone Center at RSA 2022. In Las Vegas just last month, even more hackers, security experts, and tech enthusiasts flooded the Mandalay Bay hotel, attending the conferences Black Hat and DEFCON. And at nearly all of these conferences—and many more to come—cybersecurity vendors are setting up shop to show off their latest, greatest, you-won't-believe-we've-made-this product. The dizzying array of product names, features, and promises can overwhelm even the most veteran security professional, but for one specific group of attendee, sorting the value from the verve is all part of the job description. We're talking tod...

The North Face hit by credential stuffing attack The North Face clothing brand, which specialises in outdoor and heavy weather outerwear, has experienced a “large-scale” credential stuffing attack . This has resulted in no fewer than 194,905 accounts being compromised. What is credential stuffing, and how did it affect The North Face customers? What is credential stuffing? Credential stuffing is an attack reliant on service users being a little lax with their password practices. If users of Site A reuse their password on sites B and C, this is a problem. Should Site A ever be compromised, those login details are exposed. They might end up on data dumps, or forums, or anywhere else you care to imagine. People with access to the credentials from Site A will then try them on sites B and C, often via automation. If the user has reused their password, the accounts on those additional sites will also be vulnerable. Indeed, sometimes people will also reuse credentials from one site as...

Facebook engineers aren't sure where all user data is kept If it takes a village to raise a child, apparently it takes Facebook a team to tell you what data the company keeps about you and where they keep it. In the recently unsealed transcript of a hearing led by "Discovery Special Master" Daniel Garrie, an expert appointed by the court, two Facebook engineers were grilled regarding what user data the company keeps about its users and where they are. To everyone's frustration, their response was, essentially, "We don't know." The hearing is part of an ongoing lawsuit concerning the Facebook-Cambridge Analytica scandal . Garrie has attempted to get Facebook to reveal where personal data is stored in its 55 subsystems, but two veteran Facebook engineers—Eugene Zarashaw and Steven Elia—who were present at the hearing, couldn't give satisfying answers. "I don't believe there's a single person that exists who could answer that que...

A week in security (September 5 – 11) Last week on Malwarebytes Labs: ● Phishers use verified status as bait for Instagram users ● Microsoft will disable Basic authentication for Exchange Online in less than a month ● Zero-day puts a dent in Chrome's mojo ● Update now! QNAP warns users DeadBolt is exploiting Photo Station vulnerability ● Don't share the WhatsApp 'Martinelli' phone hacking alert: It's a hoax ● YouTuber on the run after allegedly swiping $55m from followers ● Instagram receives record fine of $400M for abuse of children's data ● InterContinental Hotels' booking systems disrupted by cyberattack ● Warning issued about Vice Society ransomware targeting the education sector ● Sextortionists used mobile malware to steal nude videos, contact lists from victims ● How to set up an Android for your kids ● YouTube transparency report shows battle against misinformation ● Evasive Shikitega Linux malware drops Monero cryptomin...

Hackers steal Steam accounts in new Browser-in-the-Browser attacks Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors. [...] via BleepingComputer (author: Bill Toulas)

Hackers stealing Steam accounts in Browser-in-the-Browser attacks Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors. [...] via BleepingComputer (author: Bill Toulas)

Hate Windows 11? Here's how to make it work more like Windows 10 Every new Windows version comes with its own set of annoyances, but for some people, Windows 11 seems even more annoying than its predecessors. Fortunately, there are ways to make things work more like they did in Windows 10. via Latest stories for ZDNET in Security

How to tighten your security in Microsoft Edge Edge offers several options to help protect you from malicious websites and other online hazards. via Latest stories for ZDNET in Security

Apple releasing iOS 16 with Lockdown, Safety Check security features Apple is releasing iOS 16 today with new features to boost iPhone users' security and privacy, including Lockdown Mode and Security Check. [...] via BleepingComputer (author: Sergiu Gatlan)

Five ways your data may be at risk — and what to do about it We store vast amounts of data — financial records, photos/videos, family schedules, freelance projects and more — on our personal computers and smartphones. Let's take a look at some of the most common threats to your data, and how you can step up your protection today. [...] via BleepingComputer (author: Sponsored by Acronis)

The worst thing about eSIM-only iPhone 14s FAQ: What does iPhone 14's switch to eSIM mean for privacy, security, and travel? via Latest stories for ZDNET in Security

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first revealed details of the issues at the Black Hat USA conference in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Best Bluetooth trackers of 2022: AirTag and alternatives ZDNET thinks the AirTag is the best Bluetooth tracker available due to its Precision Finding capabilities, replaceable battery, and the dependability of the Find My Network. But there are solid alternatives if you prefer to be outside of Apple's ecosystem. via Latest stories for ZDNET in Security

The ransomware problem won't get better until we change one thing Targets of ransomware rarely publicly acknowledge attacks. More openness would help everyone. via Latest stories for ZDNET in Security

Windows 11 22H2: Here are the new features coming later this month Windows 11 version 22H2 aka Sun Valley 2 is set to launch later this month. Unlike the original Windows 11 release, it won't be a massive update with radical design changes. Instead, Sun Valley 2 will be similar to Windows 10 Anniversary Update, so you can expect minor improvements and a few new features. [...] via BleepingComputer (author: Mayank Parmar)

Firmware bugs in many HP computer models left unfixed for over a year A set of six high-severity firmware vulnerabilities impacting a broad range of HP Enterprise devices are still waiting to be patched, although some of them were publicly disclosed since July 2021. [...] via BleepingComputer (author: Bill Toulas)

Firmware bugs in many HPE computer models left unfixed for over a year A set of six high-severity firmware vulnerabilities impacting a broad range of HP Enterprise devices are still waiting to be patched, although some of them were publicly disclosed since July 2021. [...] via BleepingComputer (author: Bill Toulas)

Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran's Islamic Revolutionary Guard Corps ( via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania The U.S. Treasury Department on Friday announced sanctions against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. "Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government and private-sector via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

US sanctions Iran’s Ministry of Intelligence over Albania cyberattack The U.S. Treasury Department announced sanctions today against Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for their role in the July cyberattack against the government of Albania, a U.S. ally and a NATO member state. [...] via BleepingComputer (author: Sergiu Gatlan)

These hackers used Log4Shell vulnerability to target US energy firms Lazarus hackers are used the flaw to target servers of energy providers in the US, Canada and Japan. via Latest stories for ZDNET in Security

Vice Society claims LAUSD ransomware attack, theft of 500GB of data The Vice Society gang has claimed the ransomware attack that hit Los Angeles Unified (LAUSD), the second largest school district in the United States, over the weekend. [...] via BleepingComputer (author: Sergiu Gatlan)

U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Lampion malware returns in phishing attacks abusing WeTransfer The Lampion malware is being distributed in greater volumes lately, with threat actors abusing WeTransfer as part of their phishing campaigns. [...] via BleepingComputer (author: Bill Toulas)

Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said. BackupBuddy allows users to back up their entire WordPress installation from within the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

North Korean Lazarus Hackers Targeting Energy Providers Around the World A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan. “The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary’s nation-state,” Cisco Talos said in a report shared via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Chinese Hackers Target Government Officials in Europe, South America and Middle East A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Shopify Fails to Prevent Known Breached Passwords A recent report revealed that ecommerce provider, Shopify uses particularly weak password policies on the customer-facing portion of its Website. According to the report, Shopify's requires its customers to use a password that is at least five characters in length and that does not begin or end with a space. According to the report, Specops researchers analyzed a list of a billion passwords via The Hacker News (author: noreply@blogger.com (The Hacker News))

Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna. Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain. The tech giant, which is monitoring the activity cluster under the moniker DEV-0270 (aka Nemesis Kitten), said it's operated by a company that functions under the public aliases Secnerd and via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service ( via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

How to set up an Android for your kids via Malwarebytes Labs

Warning issued about Vice Society ransomware targeting the education sector via Malwarebytes Labs

Sextortionists used mobile malware to steal nude videos, contact lists from victims In an international police operation supported by Interpol , law enforcement agencies have uncovered and dismantled an international sextortion ring that managed to extract at least US$ 47,000 from victims. Sextortion is a form of cybercrime in which the victim is blackmailed by threatening to make embarrassing pictures or videos public. Interpol says there's been a sharp rise in sextortion reports around the world in recent years, mirroring a rise in other types of cybercrime that has been made worse by the COVID-19 pandemic. Tactics In this particular sextortion ring, the cybercriminals contacted their victims—who were based mainly in Hong Kong (China) and Singapore—through online sex and dating platforms before asking them to download a mobile app via a hyperlink to engage in ‘naked chats’. The application turned out to be malicious in that it was specifically designed to steal the cont...