InfoSec News

Google: Former Conti cybercrime gang members now targeting Ukraine Google says some former Conti ransomware gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations (NGOs). [...] via BleepingComputer (author: Sergiu Gatlan)

Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service (DDoS) attacks," Palo Alto Networks Unit 42 said in a via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

YouTuber on the run after allegedly swiping $55m from followers via Malwarebytes Labs

Don't share the WhatsApp 'Martinelli' phone hacking alert: It's a hoax Everyone loves a good campfire story prone to exaggeration. However, when told online it’s not quite got the same effect. Long ago, sites like Myspace would play host to very certain types of messages. “Don’t open this post from Johnny Cyberhack, or your account will be stolen and your C drive will be wiped”. Complete nonsense, but vague and scary hacking-themed missives will always find a receptive audience. Chain letters, scam messages, and viral hoaxes tied to a threat often spread like wildfire. The latest is a rehash of an old "Martinelli" hoax that's circulating again. Martinelli: Back for another round of shenanigans As reported by AFP , the older hoax has been repackaged for another round. This specific hoax has been bouncing around since at least 2017. The message, posted to Facebook but also seen on WhatsApp itself, reads as follows: Dear friends, this is a warning t...

Instagram receives record fine of $400M for abuse of children's data Ireland's Data Protection Commissioner (DPC) , the lead regulator in Europe for Meta and other tech giants, has slapped Instagram with a fine of €405M—roughly equivalent to $402M—following an investigation on how the company handled children's data. In the investigation that started in 2020, the DPC found Instagram had allowed children between the ages of 13 and 17 to operate business accounts. That meant their phone numbers and email addresses were made public, which is a clear violation of their privacy. The DPC also found that some Instagram accounts owned by children were set as "public" by default, instead of "private." A spokesperson from Meta said in a statement: ---------------------- "This inquiry focused on old settings that we updated over a year ago, and we've since released many new features to help keep teens safe and their information private. Anyone u...

Update now! QNAP warns users DeadBolt is exploiting Photo Station vulnerability QNAP (Quality Network Appliance Provider) has warned users to update Photo Station to the latest available version. The warning comes after QNAP detected that cybercriminals known as DeadBolt have been exploiting a Photo Station vulnerability in order to encrypt QNAP NAS systems that are directly connected to the internet. QNAP produces NAS (Network Attached Storage) devices, among other things. QNAP's Photo Station is an online photo album that allows users to share photos and videos stored on their NAS with others over the internet. With Photo Station, users can drag and drop photos into virtual albums, which means they don’t have to create copies when they are needed in more than one album. Deadbolt The ransomware group responsible for this attack is generally known as DeadBolt. The name DeadBolt is also used in the file extension of the encrypted files that the group's ransomware gene...

US seizes WT1SHOP market selling credit cards, credentials, and IDs An international law enforcement operation has seized the website and domains for WT1SHOP, a criminal marketplace that sold stolen credit cards, I.D. cards, and millions of login credentials. [...] via BleepingComputer (author: Lawrence Abrams)

Worok Hackers Target High-Profile Asian Companies and Governments High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020. "Worok's toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C# loader PNGLoad that uses steganography to extract hidden malicious payloads from PNG files," ESET via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))