InfoSec News

All You Need to Know About Emotet in 2022 For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. via The Hacker News (author: noreply@blogger.com (The Hacker News))

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Google warns: Android 'patch gap' is leaving these smartphones vulnerable to attack Google says it is working with Android smartphone manufacturers to get them to release patches for multiple critical Arm Mali GPU driver bugs. via Latest stories for ZDNET in Security

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka EDK, is an open source implementation of the Unified Extensible Firmware Interface (UEFI), which functions as an interface between the operating system and the firmware embedded in via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New Windows Server updates cause domain controller freezes, restarts Microsoft is investigating LSASS memory leaks (caused by Windows Server updates released during the November Patch Tuesday) that might lead to freezes and restarts on some domain controllers. [...] via BleepingComputer (author: Sergiu Gatlan)

Google rushes out Chrome browser fix for new zero-day flaw Google patches a sandbox escape in Chrome that an attacker can exploit by luring a target to a malicious web page. via Latest stories for ZDNET in Security

Interpol Seized $130 Million from Cybercriminals in Global "HAECHI-III" Crackdown Operation Interpol on Thursday announced the seizure of $130 million worth of virtual assets in connection with a global crackdown on cyber-enabled financial crimes and money laundering. The international police operation, dubbed HAECHI-III, transpired between June 28 and November 23, 2022, resulting in the arrests of 975 individuals and the closure of more than 1,600 cases. This comprised two fugitives via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

U.S. govt seizes domains used in 'pig butchering' scams For the first time, the U.S. Department of Justice seized seven domains that hosted websites linked to "pig butchering" scams, where fraudsters trick victims of romance scams into investing in cryptocurrency via fake investment platforms. [...] via BleepingComputer (author: Sergiu Gatlan)

New RansomExx Ransomware Variant Rewritten in the Rust Programming Language The operators of the RansomExx ransomware have become the latest to develop a new variant fully rewritten in the Rust programming language, following other strains like BlackCat, Hive, and Luna. The latest version, dubbed RansomExx2 by the threat actor known as Hive0091 (aka DefrayX), is primarily designed to run on the Linux operating system, although it's expected that a Windows version will via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Police are sending messages to 70,000 people who may have fallen victim to phone scammers A major anti-fraud operation is underway, following an international crackdown on spoofing. via Latest stories for ZDNET in Security

Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak cybersecurity firm ESET said in a new via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

'iSpoof' service dismantled, main operator and 145 users arrested The 'iSpoof' online spoofing service has been dismantled following an international law enforcement investigation that also led to the arrest of 146 people, including the suspected mastermind of the operation. [...] via BleepingComputer (author: Bill Toulas)

Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

34 Russian Hacker Groups Stole Over 50 Million Passwords with Stealer Malware As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. "The underground market value of stolen logs and compromised card details is estimated around $5.8 million," Singapore-headquartered Group-IB said in a report shared with The Hacker News. Aside from looting via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft warns: This forgotten open-source web server could let hackers 'silently' gain access to your system Users of affected network gateway appliances likely don't even know their router is running a web server that was discontinued 17 years ago. via Latest stories for ZDNET in Security

Backdoored Chrome extension installed by 200,000 Roblox players Chrome browser extension 'SearchBlox' installed by more than 200,000 users has been discovered to contain a backdoor that can steal your Roblox credentials as well as your assets on Rolimons, a Roblox trading platform. [...] via BleepingComputer (author: Ax Sharma)

Russian cybergangs stole over 50 million passwords this year At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022. [...] via BleepingComputer (author: Bill Toulas)

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices." The findings build on a prior report via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-U.S. Influence Operation Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle East and Central Asia. The network, which originated from the U.S., primarily singled out Afghanistan, Algeria, Iran, Iraq, Kazakhstan, Kyrgyzstan, via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike A nascent and legitimate penetration testing framework known as Nighthawk is likely to gain threat actors' attention for its Cobalt Strike-like capabilities. Enterprise security firm Proofpoint said it detected the use of the software in mid-September 2022 with a number of test emails sent using generic subject lines such as "Just checking in" and "Hope this works2." However, there are no via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Windows Subsystem for Linux generally available via Microsoft Store Microsoft announced today that the Store version of Windows Subsystem for Linux (WSL) is generally available for Windows 10 and 11 customers. [...] via BleepingComputer (author: Sergiu Gatlan)

Warning: This scam starts with a fake invoice. It could end with crooks stealing your data Social engineering and phony call centers are used to trick victims into installing remote software. Then the gang steals data and threatens to leak it. via Latest stories for ZDNET in Security

Here's How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to via The Hacker News (author: noreply@blogger.com (The Hacker News))

Google releases 165 YARA rules to detect Cobalt Strike attacks The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks. [...] via BleepingComputer (author: Sergiu Gatlan)

This sneaky ransomware gang keeps changing tactics to spread its malware Attackers distributing Royal ransomware use sneaky techniques to trick the unwary into downloading file-encrypting malware. via Latest stories for ZDNET in Security

Apps with over 3 million installs leak 'Admin' search API keys Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information. [...] via BleepingComputer (author: Bill Toulas)

Notorious Emotet Malware Returns With High-Volume Malspam Campaign The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Been Doing It The Same Way For Years? Think Again. [Want Bob to stop complaining? Change your practices.] [Don't delay change – it can cost you] ["Always done it that way"? Think again.] [Why you should think again about doing it the old way] [Why you should think again about doing it the same old way] As IT professionals, we all reach a certain point in our IT career where we realize that some of our everyday tasks are done the same way year via The Hacker News (author: noreply@blogger.com (The Hacker News))

Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The U.S. District Court for the Southern District of New York imposed monetary sanctions against the defendants and their U.S.-based legal counsel. The defendants have also been asked to pay Google's attorney fees. The defendants' move to press via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence (GCTI) team. The latest version of Cobalt Strike is version 4.7.2. Cobalt via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New ransomware encrypts files, then steals your Discord account The new 'AXLocker' ransomware family is not only encrypting victims' files and demanding a ransom payment but also stealing the Discord accounts of infected users. [...] via BleepingComputer (author: Bill Toulas)

Donald Trump returns to Twitter after Elon Musk's poll In a surprising move, Twitter has lifted the "permanent suspension" of former U.S. President Donald Trump's account. The move follows a Twitter poll ran by Elon Musk that asked users whether to reinstate Trump's account—the majority of 15 million respondents answered affirmatively. [...] via BleepingComputer (author: Ax Sharma)

'Welcome Back'— Donald Trump returns to Twitter after Elon Musk's poll In a surprising move, Twitter has lifted the "permanent suspension" of former U.S. President Donald Trump's account. The move follows a Twitter poll ran by Elon Musk that asked users whether to reinstate Trump's account—the majority of 15 million respondents answered affirmatively. [...] via BleepingComputer (author: Ax Sharma)

New attacks use Windows security bypass zero-day to drop malware New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. [...] via BleepingComputer (author: Lawrence Abrams)

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022 The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking users' consent in what the draft claims is "clear and plain language" describing the exact kinds of via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. "Observed DEV-0569 attacks show a pattern of continuous innovation, with via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday. Aside from being dropped via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Google Search results poisoned with torrent sites via Data Studio Threat actors are abusing Google's Looker Studio (formerly Google Data Studio) to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content. [...] via BleepingComputer (author: Ax Sharma)

Threat hunting with MITRE ATT&CK and Wazuh Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization's infrastructure, extending their access while waiting for the right via The Hacker News (author: noreply@blogger.com (The Hacker News))

Atlassian fixes critical command injection bug in Bitbucket Server Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center, the company's solution for Git repository management. [...] via BleepingComputer (author: Bill Toulas)

Microsoft: Hackers are using this 'concerning' tactic to dodge multi-factor authentication Microsoft says token theft attacks are on the rise. Here's what you need to do to protect yourself. via Latest stories for ZDNET in Security

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Phishing kit impersonates well-known brands to target US shoppers A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween. [...] via BleepingComputer (author: Bill Toulas)

Microsoft fixes Windows Kerberos auth issues in emergency updates Microsoft has released out-of-band (OOB) updates to fix a known issue triggering Kerberos sign-in failures and other authentication problems on enterprise Windows domain controllers after installing cumulative updates released during November's Patch Tuesday. [...] via BleepingComputer (author: Sergiu Gatlan)

U.S. charges Russian suspects with operating Z-Library e-Book site Anton Napolsky (33) and Valeriia Ermakova (27), two Russian nationals, were charged with intellectual property crimes by operating Z-Library, a pirate online eBook repository. [...] via BleepingComputer (author: Bill Toulas)

100 Apps, Endless Security Checks On average, organizations report using 102 business-critical SaaS applications, enabling operations of most departments across an organization, such as IT and Security, Sales, Marketing, R&D, Product Management, HR, Legal, Finance, and Enablement. An attack can come from any app, no matter how robust the app is.Without visibility and control over a critical mass of an organization’s entire SaaS via The Hacker News (author: noreply@blogger.com (The Hacker News))

Microsoft fixes bug behind Windows 10 freezes, desktop issues Microsoft has resolved a known issue triggering errors and temporarily causing the taskbar and desktop to disappear on Windows 10 systems. [...] via BleepingComputer (author: Sergiu Gatlan)

North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey and the U.S. "Dtrack allows criminals to upload, download, start or delete files on the victim host," Kaspersky researchers Konstantin Zykov and Jornt van der Wiel via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Police dismantle pirated TV streaming network with 500,000 users The Spanish police have dismantled a network of pirated streaming sites that illegally distributed content from 2,600 TV channels and 23,000 movies and series to roughly 500,000 users. [...] via BleepingComputer (author: Bill Toulas)

DuckDuckGo now lets all Android users block trackers in their apps DuckDuckGo for Android's 'App Tracking Protection' feature has reached open beta, allowing all Android users to block third-party trackers across all their installed apps. [...] via BleepingComputer (author: Bill Toulas)

FBI warning: PC and tech support scams are back. Here's what to watch out for Scammers try to convince victims they're about to lose hundreds of dollars through a service payment - then use remote access software to get into their PCs. via Latest stories for ZDNET in Security

7 Reasons to Choose an MDR Provider According to a recent survey, 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That’s a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the threat landscape and the way we do cybersecurity are among the many things that will never look via The Hacker News (author: noreply@blogger.com (The Hacker News))

Black Friday online shopping: How to boost your cybersecurity and stay safe from scammers Black Friday offers opportunities to bag discount deals - and cyber criminals know online shoppers might let their guard down in the rush. via Latest stories for ZDNET in Security

Warning: New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service (DDoS) attacks against game servers. "In fact, it turns out that this campaign is less like RapperBot than an older campaign that appeared in February and then mysteriously disappeared in the middle of April," Fortinet via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Police just launched an e-commerce fraud crackdown. Here's how to protect yourself from scammers 59 suspects arrested following a month long operation involving 19 countries - and more arrests are expected. via Latest stories for ZDNET in Security

MFA Fatigue attacks are putting your organization at risk A common threat targeting businesses is MFA fatigue attacks—a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts. This article includes some measures you can implement to prevent these types of attacks. [...] via BleepingComputer (author: Sponsored by Specops Software)

Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions Today, most Network Detection and Response (NDR) solutions rely on traffic mirroring and Deep Packet Inspection (DPI). Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this approach provides detailed analysis, it requires large amounts of processing power and is blind when via The Hacker News (author: noreply@blogger.com (The Hacker News))

Researchers Say China State-backed Hackers Breached a Digital Certificate Authority A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name Billbug, citing the use of tools previously attributed to this actor. The via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Chinese hackers target government agencies and defense orgs The Chinese espionage APT (advanced persistent threat), tracked as 'Billbug' (aka Thrip, or Lotus Blossom), is currently running a 2022 campaign targeting government agencies and defense organizations in multiple Asian countries. [...] via BleepingComputer (author: Bill Toulas)

The real cost of ransomware is even bigger than we realised Ransomware attacks are often talked about in terms of the financial cost. But in reality, these incidents can have a much bigger impact. via Latest stories for ZDNET in Security

Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information," Oregon Attorney General Ellen via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Microsoft fixes Windows DirectAccess connectivity issues Microsoft has resolved a known issue causing connectivity problems for Windows customers using the DirectAccess service to access their organizations remotely without using a virtual private network (VPN). [...] via BleepingComputer (author: Sergiu Gatlan)

New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41, a prolific Chinese advanced persistent threat (APT). Cybersecurity firm Trend Micro, which christened the espionage crew Earth Longzhi, said the actor's long-running campaign can be split into two based on the toolset deployed to attack its victims via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

What is an External Penetration Test? A penetration test (also known as a pentest) is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications. The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the impact would be if an attacker was successful. Usually performed first, an external pentest (also via The Hacker News (author: noreply@blogger.com (The Hacker News))

Instagram, Facebook, Twitter, YouTube suspended in Turkey after blast Following yesterday's deadly blast on İstiklal Avenue in Istanbul, Turkish authorities began restricting access to social media including Instagram, Facebook, Twitter, YouTube and Telegram. [...] via BleepingComputer (author: Ax Sharma)

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to facilitate information theft. "What is noteworthy is data collection from victims' machines using via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New extortion scam threatens to damage sites’ reputation, leak data An active extortion scam is targeting website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data. [...] via BleepingComputer (author: Sergiu Gatlan)

The Week in Ransomware - November 11th 2022 - LockBit feeling the heat This 'Week in Ransomware' covers the last two weeks of ransomware news, with new information on attacks, arrests, data wipers, and reports shared by cybersecurity firms and researchers. [...] via BleepingComputer (author: Lawrence Abrams)

These Two Google Play Store Apps Spotted Distributing Xenomorph Banking Trojan Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices," Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday. via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Royal Mail down: Tracking unavailable as outage exceeds 24 hours Royal Mail, UK's leading mail and parcel delivery service, has been experiencing ongoing outages with its online tracking services down for more than 24 hours at the time of writing. [...] via BleepingComputer (author: Ax Sharma)

Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Windows 11 Task Manager will let you filter processes by name, PID Windows 11 will soon let you filter processes in the Task Manager by their name, process ID, or publisher, making it easier to find a running program. [...] via BleepingComputer (author: Lawrence Abrams)

Phishing drops IceXLoader malware on thousands of home, corporate devices A ongoing phishing campaign has infected thousands of home and corporate users with a new version of the 'IceXLoader' malware. [...] via BleepingComputer (author: Bill Toulas)

Microsoft fixes MoTW zero-day used to drop malware via ISO files Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers. [...] via BleepingComputer (author: Lawrence Abrams)

Is Cybersecurity Awareness Month Anything More Than PR? Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways: The public, by taking action to stay safe online. Professionals, by joining the cyber workforce. Cyber industry partners, as part of the cybersecurity solution. CISA outlined four "things via The Hacker News (author: noreply@blogger.com (The Hacker News))

Medibank won't pay ransom as more stolen data shows up on dark web Australian health insurer calls the release of data compromised in recent security breach "disgraceful", saying it will not fork out any ransom payment based on expert advice and government guidelines. via Latest stories for ZDNET in Security

Re-Focusing Cyber Insurance with Security Validation The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump Strauss Hauer & Feld LLP's law firm clients, for example, reported a three-fold increase in insurance via The Hacker News (author: noreply@blogger.com (The Hacker News))

High-Severity Flaw Reported in Critical System Used in Oil and Gas Companies Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. "Attackers can exploit this flaw to gain root via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS," Slovak cybersecurity firm ESET explained in a series of tweets. UEFI via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Couple sentenced to prison for trying to sell nuclear warship secrets A Navy nuclear engineer and his wife were sentenced to over 19 years and more than 21 years in prison for attempting to sell nuclear warship design secrets to what they believed was a foreign power agent. [...] via BleepingComputer (author: Sergiu Gatlan)

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

LockBit affiliate uses Amadey Bot malware to deploy ransomware A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices. [...] via BleepingComputer (author: Bill Toulas)

Citrix urges admins to patch critical ADC, Gateway auth bypass Citrix is urging customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. [...] via BleepingComputer (author: Bill Toulas)

Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Enhance your privacy with this second phone number app deal Protecting your privacy while staying in touch can be a difficult problem to solve. This second-phone app helps you solve it with a lifetime subscription for $24.99, 83% off the $150 MSRP. [...] via BleepingComputer (author: Lawrence Abrams)

Password-hacking attacks are on the rise. Here's how to stop your accounts from being stolen Passwords are a common target for hackers, but many of us still aren't doing the basics to help protect our accounts. Here's what to do. via Latest stories for ZDNET in Security

How to delete your Twitter account (and protect your data) Lots of folks may be signing out of Twitter for the final time in the coming days. But leaving Twitter for good isn't as simple as just logging off forever. via Latest stories for ZDNET in Security

Ransomware gang threatens to release stolen Medibank data A ransomware gang that some believe is a relaunch of REvil and others track as BlogXX has claimed responsibility for last month's ransomware attack against Australian health insurance provider Medibank Private Limited. [...] via BleepingComputer (author: Sergiu Gatlan)

Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Mastodon now has over 1 million users amid Twitter tensions Mastodon, the free, open-source, decentralized micro-blogging social media platform, has surpassed a million monthly active users for the first time in its history. [...] via BleepingComputer (author: Bill Toulas)

Experts Find Urlscan Security Scanner Inadvertently Leaks Sensitive URLs and Data Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io , a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022. The via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Robin Banks Phishing Service for Cybercriminals Returns with Russian Server A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet. Robin Banks was via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

The 12 best holiday gift ideas for hackers in 2022 From hobbyist hackers and programmers to professionals, they will love our picks for tech gifts for hackers this holiday season. via Latest stories for ZDNET in Security

Microsoft sued for open-source piracy through GitHub Copilot Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of code authors. [...] via BleepingComputer (author: Bill Toulas)

How to export your Bitwarden vault for safekeeping Here's how to export your Bitwarden vault so that you always have a working copy on hand. via Latest stories for ZDNET in Security

Windows 11 22H2 blocked on systems using Xbox Game Bar Capture Microsoft is now blocking the Windows 11 2022 Update from being offered on some systems because of compatibility issues with the Xbox Game Bar Capture feature. [...] via BleepingComputer (author: Sergiu Gatlan)

Your OT Is No Longer Isolated: Act Fast to Protect It Not too long ago, there was a clear separation between the operational technology (OT) that drives the physical functions of a company – on the factory floor, for example – and the information technology (IT) that manages a company's data to enable management and planning. As IT assets became increasingly connected to the outside world via the internet, OT remained isolated from IT – and the via The Hacker News (author: noreply@blogger.com (The Hacker News))

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

As Twitter brings on $8 fee, phishing emails target verified accounts As Twitter announces plans to charge users $8 a month for Twitter Blue and verification under Elon Musk's management, BleepingComputer has come across several phishing emails targeting verified users. [...] via BleepingComputer (author: Ax Sharma)

Australia sees rise in cybercrimes on back of 'destructive' ransomware, state actors Australia Cyber Security Centre says the number of reported cybercrime cases climbed almost 13% in the past year, with state actors an ongoing threat and ransomware the "most destructive". via Latest stories for ZDNET in Security

Microsoft rolls out fix for Outlook disabling Teams Meeting add-in Microsoft is rolling out a fix for a known issue affecting Outlook for Microsoft 365 users and preventing them from scheduling Teams meetings because the option is no longer available on the app's ribbon menu. [...] via BleepingComputer (author: Sergiu Gatlan)

ALMA Observatory shuts down operations due to a cyberattack The Atacama Large Millimeter Array (ALMA) Observatory in Chile has suspended all astronomical observation operations and taken its public website offline following a cyberattack on Saturday, October 29, 2022. [...] via BleepingComputer (author: Bill Toulas)

New clipboard hijacker replaces crypto wallet addresses with lookalikes A new clipboard stealer called Laplas Clipper spotted in the wild is using cryptocurrency wallet addresses that look like the address of the victim's intended recipient. [...] via BleepingComputer (author: Bill Toulas)

OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Black Basta ransomware gang linked to the FIN7 hacking group Security researchers at Sentinel Labs have uncovered evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7, also known as "Carbanak." [...] via BleepingComputer (author: Bill Toulas)

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. "Given the geography of the targets and the current geopolitical situation, it's unlikely that via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users' Data Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China. The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Hundreds of U.S. news sites push malware in supply-chain attack The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S. [...] via BleepingComputer (author: Sergiu Gatlan)

New Windows 'LockSmith' PowerToy lets you free locked files Microsoft has a new utility to the PowerToys toolset that will help Windows users find the processes using selected files and unlock them without requiring a third-party tool. [...] via BleepingComputer (author: Sergiu Gatlan)

Inside Raccoon Stealer V2 Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware collected 50 million credentials. This article will give a quick guide to the latest info stealer's version via The Hacker News (author: noreply@blogger.com (The Hacker News))

Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application. Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike. It has not been attributed to any particular threat group. "SandStrike is distributed as a means to access resources about the Bahá'í religion via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub. "These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Raccoon Stealer admin will be extradited to the US, charged for computer crimes The US Department of Justice has indicted a Ukrainian national for his involvement in Raccoon Stealer, a noteworthy password-stealing Trojan leased in the underground for criminals to use as part of a malware-as-a-service (MaaS) business model. According to court documents, Mark Sokolovsky, 26, is currently held in the Netherlands under an extradition request from the US government. Dutch authorities arrested Sokolovsky, known online as “raccoonstealer ,” in March 2022. At the same time, the FBI (Federal Bureau of Investigation) partnered with Italian and Dutch law enforcement to dismantle Raccoon Stealer’s digital infrastructure, taking the existing version offline. In a press release, Deputy Attorney General Lisa O. Monaco said: ---------------------- "This case highlights the importance of the international cooperation that the Department of Justice and our partners use to dismantle modern...

Point-of-sale malware used to steal 167,000 credit cards In the 19 months between February 2021 and September 2022, two point-of-sale (POS) malware operators have stolen more than 167,000 payment records, mainly from the US, according to researchers at Group-IB . The researchers were able to retrieve information about infected machines and compromised credit cards by analyzing a command and control (C2) server used by the malware. POS malware is designed to steal debit and credit card data from POS machines in retail stores. It does this by harvesting the temporarily unencrypted card data from the machine’s memory. Due to improved security measures against this type of theft in most countries, this type of malware isn't as widely used as it once was, although it never disappeared completely. The malware The researchers found badly configured control panels for two different strains of POS malware, MajikPOS and Treasure Hunter. A possible explanation is that the operatros st...