InfoSec News

An interview with cyber threat hunter Hiep Hinh via Malwarebytes Labs

Cisco warns admins to patch AnyConnect flaw exploited in attacks Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild. [...] via BleepingComputer (author: Sergiu Gatlan)

See Tickets discloses 2.5 years-long credit card theft breach Ticketing service provider 'See Tickets' has disclosed a data breach, informing customers that cybercriminals might have accessed their payment card details via a skimmer on its website. [...] via BleepingComputer (author: Bill Toulas)

Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Cybersecurity teams are reaching their breaking point. We should all be worried Stress and burnout are having a massive impact on cybersecurity teams, leaving people and businesses more vulnerable than ever. via Latest stories for ZDNET in Security

How to set up two-factor authentication for your Facebook account Applying two-factor authentication to Facebook is a useful way to protect it from being hacked - here's how to set it up. via Latest stories for ZDNET in Security

Australia seeks stiffer penalty for data breaches amidst spate of security incidents Government says it will push up maximum fines for serious or repeated data privacy breaches to AU$50 million, up from the current AU$2.22 million, in a move that follows a spate of cybersecurity incidents that compromised customer data, including Medibank. via Latest stories for ZDNET in Security

Hive claims ransomware attack on Tata Power, begins leaking data Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. In data leak screenshots seen by BleepingComputer, Hive operators are seen leaking data it claims to have stolen from Tata Power, indicating the ransom negotiations failed. [...] via BleepingComputer (author: Ax Sharma)

Healthcare site leaks personal health information via Google and Meta tracking pixels via Malwarebytes Labs

A week in security (October 17 - 23) Last week on Malwarebytes Labs: ● Thermal cameras could help reveal your password ● How to spot a scam ● Warning: "FaceStealer" iOS and Android apps steal your Facebook login ● Criminal group busted after stealing hundreds of keyless cars ● Fake tractor fraudsters plague online transactions ● DeadBolt ransomware gang tricked into giving victims free decryption keys ● Why Log4Text is not another Log4Shell ● Ransomware attack freezes newspaper printing system ● Man scammed IRL for a phone he sold online ● 5 essential security tips for SMBs ● Microsoft fixes driver blocklist placing users at risk from BYOVD attacks ● Microsoft breach reveals some customer data ● New PHP-based Ducktail infostealer is now after crypto wallets ● Venus ransomware targets remote desktop services ● Suspected LAPSUS$ group member arrested in Brazil ● Third-party application patching: Everything you need to know for your business ●...

Iran’s atomic energy agency confirms hack after stolen data leaked online The Iranian Atomic Energy Organization (AEOI) has confirmed that one of its subsidiaries' email servers was hacked after the ''Black Reward' hacking group published stolen data online. [...] via BleepingComputer (author: Bill Toulas)

Pendragon car dealer refuses $60 million LockBit ransomware demand Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them. [...] via BleepingComputer (author: Bill Toulas)

Criminals are starting to exploit the metaverse, says Interpol. So police are heading there too An international police organization is using the metaverse and wants to understand how crime could evolve. via Latest stories for ZDNET in Security

FBI warning: This ransomware group is targeting poorly protected VPN servers Attackers are using VPN servers to gain access, and then SSH and RDP to spread through networks. via Latest stories for ZDNET in Security

SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk. "The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable injection via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Why Ransomware in Education on the Rise and What That Means for 2023 The breach of LA Unified School District (LAUSD) highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education. The Labor Day weekend breach of LAUSD brought significant districtwide disruptions to access to email, computers, and applications. It's unclear what student or employee data the via The Hacker News (author: noreply@blogger.com (The Hacker News))

Thousands of GitHub repositories deliver fake PoC exploits with malware Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware. [...] via BleepingComputer (author: Bill Toulas)

Android adware apps in Google Play downloaded over 20 million times Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android. [...] via BleepingComputer (author: Bill Toulas)

TommyLeaks and SchoolBoys: Two sides of the same ransomware gang Two new extortion gangs named 'TommyLeaks' and 'SchoolBoys' are targeting companies worldwide. However, there is a catch — they are both the same ransomware gang. [...] via BleepingComputer (author: Lawrence Abrams)

Exploited Windows zero-day lets JavaScript files bypass security warnings A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks. [...] via BleepingComputer (author: Lawrence Abrams)

Critical Flaw Reported in Move Virtual Machine Powering the Aptos Blockchain Network Researchers have disclosed details about a now-patched critical flaw in the Move virtual machine that powers the Aptos blockchain network. The vulnerability "can cause Aptos nodes to crash and cause denial of service," Singapore-based Numen Cyber Labs said in a technical write-up published earlier this month. Aptos is a new entrant to the blockchain space, which launched its mainnet on October via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Gas, a positive social network for teens (no, really) A new social network is currently in the news, billed as a positive space for teens to enjoy themselves . I’m all for positive spaces online, but what is it, and will teens really be happier there than (say) Instagram, or even just hanging out in WhatsApp groups? Pump the gas Launched in August of this year, Gas is an iPhone app aimed at teens. When you sign up, you use location services to allow the app to figure out which schools are nearby. During sign-up you add friends, and according to this review , it requests access to your contacts. Once all of this is done, it allows users to share polls (with four options for each, based on what I’ve seen so far) and these happy, friendly polls let you “see who secretly likes you”, or feel a dopamine rush as you find out you’re most likely to do a really cool thing at band practice. That seems to pretty much be it. The Gas app team refer to it as “The only wholesome place left o...

The Week in Ransomware - October 21st 2022 - Stop the Presses Cybersecurity researchers did not disappoint, with reports linking RansomCartel to REvil, on OldGremlin hackers targeting Russia with ransomware, a new data exfiltration tool used by BlackByte, a warning that ransomware actors are exploiting VMware vulnerabilities, and finally, our own report on the Venus Ransomware. [...] via BleepingComputer (author: Lawrence Abrams)

5 quick tips for better Android phone security right now Here are the best, and easiest, practices to help you keep your Android device from being compromised. via Latest stories for ZDNET in Security

Clearview AI gets third €20 million fine for illegal data collection France's data protection authority (CNIL) has fined Clearview AI with €20 million for illegal collection and processing of biometric data belonging to French citizens. [...] via BleepingComputer (author: Bill Toulas)

BlackByte ransomware uses new data theft tool for double-extortion A BlackByte ransomware affiliate is using a new custom data stealing tool called 'ExByte' to steal data from compromised Windows devices quickly. [...] via BleepingComputer (author: Bill Toulas)

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

A Quick Look at the "Strengthening America's Cybersecurity" Initiative Acknowledging that you have a problem is the first step to addressing the problem in a serious way. This seems to be the reasoning for the White House recently announcing its "Strengthening America's Cybersecurity" initiative. The text of the announcement contains several statements that anyone who's ever read about cybersecurity will have heard many times over: increasing resilience, greater via The Hacker News (author: noreply@blogger.com (The Hacker News))

Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Singapore champions Asean CERT as region's cyber armour Now formally established, the Asean Regional Computer Emergency Response Team (CERT) will operate as a virtual centre comprising incident responders from across member states, each sharing information during security incidents that occur in any of the respective nation. via Latest stories for ZDNET in Security

New PHP-based Ducktail infostealer is now after crypto wallets A phishing campaign known to specifically target employees with access to their company's Facebook Business and Ads accounts has significantly widened its net and begun using a first-of-its-kind information-stealing malware to go after crypto wallets. The Ducktail (Woo-ooh!) campaign was first made public three months ago in July, but it's thought to have been active since 2018 . The cybercriminal behind the campaign is thought to be from Vietnam. Ducktail 101 Social engineering attacks and malware form the core of Ducktail's modus operandi . In previous campaigns, it used a .NET Core malware that specifically steals Facebook Business and Ads accounts and saved browser credentials. All stolen data was then exfiltrated to its command & control (C2) server, a private Telegram channel. In this latest campaign, the cybercriminals replaced .NET Core with malware written in PHP. Not only does Ducktail...

Microsoft breach reveals some customer data Microsoft customers find themselves in the middle of a data breach situation. The Microsoft Security Response Center blog reports that researchers reported a misconfigured Microsoft endpoint on September 24. This miscongifuration resulted in the possibility of “unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers”. Misconfigured servers are a major cause of unintentional data loss and unauthorised access. While the issue was apparently “quickly secured”, there are still questions as to what exactly happened and what the potential fallout could be. Assessing the impact The first and most important point: Microsoft sees no evidence of customer systems or accounts having been compromised, and affected customers have been “directly notified”. As per Microsoft: "The issue was caused by an unintentional misconfiguration on an endpoint that is not in use ...

DeadBolt ransomware gang tricked into giving victims free decryption keys Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU , who shared the method with the police. The basis for the trick iss that it was possible to cancel an unconfirmed Bitcoin transaction before payment went through through, but after the decryption key was released. Because of the large amount of Bitcoin transactions taking place at one time, it can take a while for payment to actually go through. That gave police enough time to block the transactions from going through before the payment actually took place. By then they'd already received the decryption key and could pass it on to the victims. They managed to repeat the process around 150 times before the ransomware gang pulled the plug on their sy...

The 6 best VPN deals right now: October 2022 What is the best VPN deal? Surfshark VPN is ZDNET's top choice because of its low cost relative to its strong performance. We compared these VPNs' prices and value to bring you the best current deals. via Latest stories for ZDNET in Security

How to enable end-to-end encryption for Facebook Messenger chats Here's how to enable end-to-end encryption on a per-chat basis with Facebook Messenger. via Latest stories for ZDNET in Security

This latest Firefox update makes it easier to protect your privacy online The latest Mozilla Firefox release makes it easier for users to access private browsing mode. via Latest stories for ZDNET in Security

Government officials, including Russia, call for dialogue in combating cybersecurity threats Need for multilateral cooperation and open communications is the shared message amongst senior government officials from across the globe, including Russia and the United States, who have gathered in Singapore to discuss strategies in cyberdefence. via Latest stories for ZDNET in Security

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS) advisories pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances. This consists of three weaknesses in the R-SeeNet monitoring solution, successful exploitation of which "could result in an unauthorized attacker remotely deleting files on the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

How to spot a scam via Malwarebytes Labs

Fake tractor fraudsters plague online transactions The agriculture sector has been under fire from digital attacks for some time now. The primary problem so far has been ransomware, and law enforcement recently warned that malware authors may be gearing up to time their attacks in this sector for maximum damage. The FBI highlighted that attacks occurred throughout both 2021 and 2022, including outbreaks of ransomware at multi-state grain companies. Conti, Suncrypt, BlackByte, and more also put in appearances at several grain cooperatives. And now another issue for the agricultute sector: Sophisticated scams involving fake tractors and sale portals have cost certain businesses $1.2 million in the space of a month . Worryingly, the Australian Competition and Consumer Commission claims this is an increase of 20% versus the same period of time a year earlier. From fake ad to fake tractor As with so many internet scams, it begins with fake online adverts. These take the form of ...

Thermal cameras could help reveal your password Thermal imaging cameras detect heat energy, a helpful tool for engineers when hunting for thermal insulation gaps in buildings. But did you know that such devices can now aid in password theft? Because these devices are sold a lot cheaper than they used to, pretty much anyone can get their hands on them. And anyone with a thermal imaging device could be a potential password thief. Researchers from the University of Glasgow’s School of Computing Sciences have developed a system, ThermoSecure, in order to demonstrate how these thermal imaging cameras can be used for "thermal attacks." In their paper, ThermoSecure: Investigating the effectiveness of AI-driven thermal attacks on commonly used computer keyboards , Dr. Mohamed Khamis, who led the development of ThermoSecure, Dr. John Williamson, and Norah Alotaibi, the authoring team, said: "Thermal cameras, unlike regular cameras, can reveal information without requiring...

Ransom Cartel linked to notorious REvil ransomware operation Threat analysts have connected the pieces that link the Ransom Cartel RaaS (ransomware-as-a-service) to the REvil gang, one of the most notorious and prolific ransomware groups in recent years. [...] via BleepingComputer (author: Bill Toulas)

Hackers compromised Hong Kong govt agency network for a year Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 (a.k.a. Winnti) that breached government agencies in Hong Kong and remained undetected for a year in some cases. [...] via BleepingComputer (author: Bill Toulas)

Сryptocurrency and Ransomware — The Ultimate Friendship Both cryptocurrency and ransomware are nothing new in the digital world; both have been there for a very long time, which was enough for them to find common pieces for starting their relationship. Ransomware can be like a virtual car that works on all types of fuels, and crypto is the one that is currently most recommended. No one can argue that 2020 was the year of ransomware in the cyber world via The Hacker News (author: noreply@blogger.com (The Hacker News))

Car theft ring used software to steal hundreds of vehicles without the physical key fob, say police Organised crime group used fraudulent software to duplicate keys and steal cars, says law enforcement agencies. via Latest stories for ZDNET in Security

European Police Arrest a Gang That Hacked Wireless Key Fobs to Steal Cars Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime ring that leveraged a hacking tool to steal cars without having to use a physical key fob. "The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away," Europol said in a press statement. The coordinated via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft fixes Windows TLS handshake failures in out-of-band updates Microsoft has issued an out-of-band (OOB) non-security update to address an issue triggering SSL/TLS handshake failures on client and server platforms. [...] via BleepingComputer (author: Sergiu Gatlan)

Microsoft fixes TLS handshake failures in Windows Server 2019 Microsoft has issued an out-of-band (OOB) non-security update to address an issue triggering Transport Layer Security (TLS) handshake failures on Windows Server 2019 systems. [...] via BleepingComputer (author: Sergiu Gatlan)

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. "The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook (ECB) mode of operation," Finnish cybersecurity company WithSecure said in a report published last week. Office 365 via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4 The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a technical analysis released last week. The via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New Prestige Ransomware Targeting Polish and Ukrainian Organizations A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. "The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper)," the Microsoft via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft warns over unusual ransomware attacks Microsoft warns of attacks targeting companies in Poland and Ukraine. via Latest stories for ZDNET in Security

Police tricked a ransomware gang into handing over its decryption keys. Here's how they did it Sting against Deadbolt ransomware groups provides victims with a way to get encrypted files back without paying up. via Latest stories for ZDNET in Security

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352 (CVSS score: 9.8), the issue affects a component of the Zimbra suite called Amavis, an open source content filter, and more specifically, the cpio utility it uses to scan and extract via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organization The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cybercrime syndicate called Black Axe. "'Black Axe' and other West African organized crime groups have developed transnational networks, defrauding victims of millions while channeling their profits into lavish via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Android and iOS leak some data outside VPNs via Malwarebytes Labs

Raising cybersecurity awareness is good for everyone - but it needs to be done better October is cybersecurity awareness month. But to keep people and networks safe, employees need advice all year round - and it can't be done with fear. via Latest stories for ZDNET in Security

New PHP information-stealing malware targets Facebook accounts Threat analysts have spotted a new Ducktail campaign using a new infostealer variant and novel TTPs (tactics, techniques, and procedures), while the Facebook users it targets are no longer limited to holders of business accounts. [...] via BleepingComputer (author: Bill Toulas)

Google search crashes when you ask "How many emojis on Apple" Google Search is timing out when users search for specific terms like "How many emojis on iOS," "How many emojis on Apple" or "How many emojis on Windows." [...] via BleepingComputer (author: Ax Sharma)

FBI, CISA warn of disinformation ahead of midterms In less than four weeks, the balance of power in the US House of Representatives and Senate will be up for grabs, along with a host of gubernatorial seats, and positions at the state and municipal levels. With everyone preparing to cast their ballots, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have reminded people about the potential threat of disinformation . ---------------------- Foreign actors may intensify efforts to influence outcomes of the 2022 midterm elections by circulating or amplifying reports of real or alleged malicious cyber activity on election infrastructure ---------------------- It warns that forein actors may "create and knowingly disseminate false claims and narratives regarding voter suppression, voter or ballot fraud, and other false information intended to undermine confidence in the election processes and influence public opinion of the elections' legitimacy....

Fortinet urges admins to patch bug with public exploit immediately Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks. [...] via BleepingComputer (author: Sergiu Gatlan)

Over 45,000 VMware ESXi servers just reached end-of-life Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life (EOL), with VMware no longer providing software and security updates unless companies purchase an extended support contract. [...] via BleepingComputer (author: Bill Toulas)

Almost 900 servers hacked using Zimbra zero-day flaw Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months. [...] via BleepingComputer (author: Bill Toulas)

Indian Energy Company Tata Power's IT Infrastructure Hit By Cyber Attack Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India. It further said it has taken steps to retrieve and restore the affected machines, adding it put in place via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft Office 365 email encryption could expose message content Security researchers at WithSecure have discovered it's possible to partially or fully infer the contents of encrypted messages sent through Microsoft Office 365, highlighting an intrinsic weakness in the encryption scheme used. [...] via BleepingComputer (author: Bill Toulas)

Mirai Botnet Hits Wynncraft Minecraft Server with 2.5 Tbps DDoS Attack Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service (DDoS) attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022. "The entire 2.5 Tbps attack lasted about 2 minutes, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.ai researcher James Horseman said. "Additionally, a user can via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft is rebranding 'Office' to Microsoft 365 After 32 years, Microsoft has begun to kill off the Microsoft Office brand, with plans to rebrand its Office.com and Office cloud-based apps to Microsoft 365 in the near future. [...] via BleepingComputer (author: Lawrence Abrams)

Only half of teens agree they "feel supported online" by parents via Malwarebytes Labs

Court rules webcam monitoring of remote employee was an invasion of privacy A Dutch court has ruled that the decision to fire a remote employee because he refused to keep his webcam on during working hours was unjustified. The employee worked remotely for a Florida-based software development company with a Dutch office. The court ruled that the request to keep the webcam on during all working hours did not constitute a reasonable request. The European court for human rights ruled in 2017 that video surveillance of an employee in the workplace, be it covert or not, interferes within the meaning of Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms . Article 8 of the convention provides a right to respect for one's private and family life, their home and their correspondence, while subject to certain restrictions that are in accordance with law and necessary in a democratic society. Considerations In light of the court ruling th...

Does the OWASP Top 10 Still Matter? What is the OWASP Top 10, and – just as important – what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASP is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security. It operates on the core principle that all of its materials are via The Hacker News (author: noreply@blogger.com (The Hacker News))

Android security warning: These crooks phone you and trick you into downloading malware Phishing websites steal your phone number - then a crook calls you to trick you into downloading malware. via Latest stories for ZDNET in Security

Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization An advanced persistent threat (APT) actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News. Other intrusions mounted over the past six months were directed against via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Modified WhatsApp App Caught Infecting Android Devices with Malware An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account without the app," Kaspersky said in a new report. "If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account." via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology, law, communications, branding and marketing, media, insurance, and social services, cybersecurity via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Top 5 ransomware detection techniques: Pros and cons of each via Malwarebytes Labs

UK government sounds alarm on tax scams The UK government has issued a warning for people to be on their guard against fake tax rebate scams as they gearing up to fill out their 2021/22 tax returns. Ensuring your self-employed documents are correct and accurate can be a complicated business at the best of times. Having to worry about scammers making it all worse can make it a nightmare. During tax season, a wave of bogus emails, texts, and even phone calls, can find their way into your workspace as you arrange your receipts and spreadsheets. The department responsible for tax in the UK, known as HMRC, has this to say : ---------------------- In the 12 months to August 2022, HMRC responded to more than 180,000 referrals of suspicious contact from the public, of which almost 81,000 were scams offering fake tax rebates. Criminals claiming to be from HMRC have targeted individuals by email, text and phone with their communications ranging from offering bogus tax rebates to thre...

Update now! October patch Tuesday fixes actively used zero-day...but not the one you expected Microsoft fixed 84 vulnerabilities in its October 2022 Patch Tuesday updates. Thirteen of them received the classification 'Critical'. Among them are a zero-day vulnerability that's being actively exploited, and another that hasn’t been spotted in the wild yet. The bad news is that the much-desired fix for the "ProxyNotShell" Exchange vulnerabilities was not included. What was fixed A widely accepted definition for a zero-day is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, such as the software vendor. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, computers or a network. As such, a publicly known vulnerability is called a zero-day even if there is no known actively used exploitation for it. The actively exploited vulnerability in this month's ba...

Google Forms abused in new COVID-19 phishing wave in the U.S. COVID-19-themed phishing messages are once again spiking in the U.S. following a prolonged summer hiatus that appears to be over. [...] via BleepingComputer (author: Bill Toulas)

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal, while bypassing all four of its access level protections," industrial cybersecurity via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Security awareness campaign highlights things your bank will never say via Malwarebytes Labs

An 18 year scam odyssey of stranded astronauts via Malwarebytes Labs

Smart lights vulnerable to "blink and you'll miss it" attack Over the last couple of years, key parts of our daily lives have been sliding into some form of Internet connectivity. Smartphones and other devices have become necessities. Paying bills? Those systems have moved online. Tax? Online. Wage slips and bank statements? It’s paperless time. Welfare assistance? There’s a login portal for that. In short, people need web access. However, there’s a lot of non-critical systems and services which are making this leap too. And if it's got a computer in it and it's connected to the Internet, you know that sooner or later somebody will find a way to compromise it. Internet-connected light bulbs, now is your time to shine. Shining a light on vulnerabilities Back in 2021, researchers discovered two potential flaws in a popular smart lighting system. The vulnerability allowed them to make the light bulbs blink. In a worst case scenario, the system would “forget”...

Microsoft Patch Tuesday: 84 new vulnerabilities The disclosure includes one vulnerability that has been exploited and one that has been publicly disclosed. via Latest stories for ZDNET in Security

All Windows versions can now block admin brute-force attacks Microsoft announced today that IT admins can now configure any Windows system still receiving security updates to automatically block brute force attacks targeting local administrator accounts via a group policy. [...] via BleepingComputer (author: Sergiu Gatlan)

Google's hackers: Inside the cybersecurity red team that keeps Google safe By acting like hackers, Google's red team helps to keep the company safe from cyber threats. Here's how. via Latest stories for ZDNET in Security

Windows 11 22H2 blocked due to Windows Hello issues on some systems Microsoft is now blocking the Windows 11 22H2 update from being offered on some systems because signing in using Windows Hello might not work after upgrading. [...] via BleepingComputer (author: Sergiu Gatlan)

Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as CVE-2022-40684 (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Meta accuses apps of stealing WhatsApp accounts Meta is attempting to clamp down on rogue WhatsApp-styled applications which originate from China. Bleeping Computer reports that no fewer than one million WhatsApp accounts have been compromised, allegedly as a result of using these apps which are claimed to bundle malware. Dubious apps The apps in question were available to download from multiple sources, including the developer’s own websites and also the Google Play store itself. After installation, the apps would ask device owners to punch in user credentials, which were then stolen. From Meta’s complaint : ---------------------- Beginning no later than May 2022 and continuing until at least July 2022, the Defendants…misled over one million WhatsApp users into self-compromising their accounts as part of an account takeaover attack. The self-compromised accounts were then used to send commercial spam messages. ---------------------- With around one million installs listed...

A week in security (October 3 – 9) Last week on Malwarebytes Labs: ● Romance scammer deepfakes Mark Ruffalo to con elderly artist ● Actively exploited vulnerability in Bitbucket Server and Data Center ● Ransomware-affected school district refuses to pay, gets stolen data released ● Ransomware review: September 2022 ● Huge increase in smishing scams, warns IRS ● TikTok's "secret operation" tracks you even if you don't use it ● Kim Kardashian gets huge fine for crypto ad ● Bogus job offers hide trojanised open-source software ● Admin from hell facing 10 years for sabotaging ex-employer's network ● BOD 23-01: Improving asset visibility and vulnerability detection on federal networks ● Cyberstalking, pig masks, and cockroaches: Former eBay execs are sentenced ● Data Access Agreement offers a new path for UK - US data requests ● Hundreds of Microsoft SQL servers found to be backdoored ● Android vulnerabilities could allow arbitrary code e...