Feb 14, 2023Ravie Lakshmanan Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second (RPS). "The majority of attacks peaked in the ballpark of 50-70 million requests per second (RPS) with the largest exceeding 71 million," the company said, calling it a … [Read more...]
Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
Feb 14, 2023Ravie LakshmananDevice Security / Zero Day Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating … [Read more...]
Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players' Systems
Feb 13, 2023Ravie LakshmananGame Hacking / Cyber Threat An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players' systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a … [Read more...]
Honeypot-Factory: The Use of Deception in ICS/OT Environments
There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though our data does not indicate at this point that a lot of threat actors specifically … [Read more...]
Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails
Feb 13, 2023Ravie LakshmananCyber Threat Intelligence The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's also the second attack aimed at Group-IB, the … [Read more...]
Hackers Targeting U.S. and German Firms Monitor Victims' Desktops with Screenshotter
A previously unknown threat actor has been targeting companies in the U.S. and Germany with bespoke malware designed to steal confidential information. Enterprise security company Proofpoint, which is tracking the activity cluster under the name Screentime, said the group, dubbed TA866, is likely financially motivated. "TA866 is an organized actor able to perform well thought-out attacks at scale … [Read more...]
New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
Feb 11, 2023Ravie LakshmananRansomware / Endpoint Security After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on an online forum, … [Read more...]
Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users
Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar … [Read more...]
CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
Feb 11, 2023Ravie LakshmananThreat Response / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated … [Read more...]
Researchers Uncover Obfuscated Malicious Code in PyPI Python Packages
Feb 10, 2023Ravie LakshmananSupply Chain / Software Security Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file. The packages in question are aptx, bingchilling2, httops, and tkint3rs, all of which were collectively … [Read more...]
North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations
Feb 10, 2023Ravie LakshmananThreat Intelligence / Ransomware State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. The attacks, which demand cryptocurrency ransoms in exchange for recovering access to … [Read more...]
3 Overlooked Cybersecurity Breaches
Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them. #1: 2 RaaS Attacks in 13 Months Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. These ransomware services can be purchased on the dark web from … [Read more...]
U.K. and U.S. Sanction 7 Russians for TrickBot, Ryuk, and Conti Ransomware Attacks
In a first-of-its-kind coordinated action, the U.K. and U.S. governments on Thursday levied sanctions against seven Russian nationals for their affiliation to the TrickBot, Ryuk, and Conti cybercrime operation. The individuals designated under sanctions are Vitaly Kovalev (aka Alex Konor, Bentley, or Bergen), Maksim Mikhailov (aka Baget), Valentin Karyagin (aka Globus), Mikhail Iskritskiy (aka … [Read more...]
Reddit Suffers Security Breach Exposing Internal Documents and Source Code
Feb 10, 2023Ravie LakshmananData Breach / Source Code Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and highly-targeted phishing attack" that took place on … [Read more...]
Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices
Feb 09, 2023Ravie LakshmananNetwork Security / IoT Security A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit vulnerabilities in Wireless IIoT devices to … [Read more...]
THN Webinar – Learn How to Comply with New Cyber Insurance Identity Security Requirements
Feb 09, 2023The Hacker NewsIdentity Protection / Cyber Insurance The Hacker News is thrilled to announce the launch of our new educational webinar series, in collaboration with the leading cybersecurity companies in the industry! Get ready to dive into the world of enterprise-level security with expert guests who will share their vast knowledge and provide you with valuable insights and … [Read more...]
NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities
Feb 09, 2023Ravie LakshmananCyber Attack / Cyber Threat A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure. "The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an exhibitor manual for PIMEC-23," the BlackBerry … [Read more...]
A Hackers Pot of Gold: Your MSP's Data
Feb 09, 2023The Hacker NewsPassword Security A single ransomware attack on a New Zealand managed service provider (MSP) disrupted several of its clients' business operations overnight, most belonging to the healthcare sector. According to the country's privacy commissioner, "a cyber security incident involving a ransomware attack" in late November upended the daily operations of New Zealand's … [Read more...]
Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms
Feb 09, 2023Ravie LakshmananThreat Intelligence / Malware The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt … [Read more...]
OpenSSL Fixes Multiple New Security Flaws with Latest Update
Feb 09, 2023Ravie LakshmananEncryption / Vulnerability The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a … [Read more...]