Feb 16, 2023Ravie LakshmananCritical Infrastructure / Cybersecurity Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part of a broader collection … [Read more...]
Breaking the Security "Black Box" in DBs, Data Warehouses and Data Lakes
Security teams typically have great visibility over most areas, for example, the corporate network, endpoints, servers, and cloud infrastructure. They use this visibility to enforce the necessary security and compliance requirements. However, this is not the case when it comes to sensitive data sitting in production or analytic databases, data warehouses or data lakes. Security teams have to rely … [Read more...]
New Threat Actor WIP26 Targeting Telecom Service Providers in the Middle East
Feb 16, 2023Ravie LakshmananCloud Security / Cyber Threat Telecommunication service providers in the Middle East are being targeted by a previously undocumented threat actor as part of a suspected espionage-related campaign. Cybersecurity firms SentinelOne and QGroup are tracking the activity cluster under the former's work-in-progress moniker WIP26. "WIP26 relies heavily on public cloud … [Read more...]
ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
Feb 16, 2023Ravie LakshmananCyber Attack / Ransomware More than 500 hosts have been newly compromised en masse by the ESXiArgs ransomware strain, most of which are located in France, Germany, the Netherlands, the U.K., and Ukraine. The findings come from attack surface management firm Censys, which discovered "two hosts with strikingly similar ransom notes dating back to mid-October 2022, just … [Read more...]
North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware
The North Korea-linked threat actor tracked as APT37 has been linked to a piece of new malware dubbed M2RAT in attacks targeting its southern counterpart, suggesting continued evolution of the group's features and tactics. APT37, also tracked under the monikers Reaper, RedEyes, Ricochet Chollima, and ScarCruft, is linked to North Korea's Ministry of State … [Read more...]
Webinar — A MythBusting Special: 9 Myths about File-based Threats
Feb 15, 2023The Hacker NewsCybersecurity Webinar Bad actors love to deliver threats in files. Persistent and persuasive messages convince unsuspecting victims to accept and open files from unknown sources, executing the first step in a cyber attack. This continues to happen whether the file is an EXE or a Microsoft Excel document. Far too often, end users have an illusion of security, masked by … [Read more...]
Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware
Feb 15, 2023Ravie LakshmananCryptocurrency / Ransomware A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas. Cisco Talos said it "observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) … [Read more...]
Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps
Feb 15, 2023The Hacker NewsSecOps / DevOps In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security are often at odds with each other— if a new feature is delivered quickly but contains security vulnerabilities, the … [Read more...]
Experts Warn of 'Beep' – A New Evasive Malware That Can Fly Under the Radar
Feb 15, 2023Ravie LakshmananThreat Detection / Malware Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. "It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find," Minerva Labs … [Read more...]
Google Rolling Out Privacy Sandbox Beta on Android 13 Devices
Feb 15, 2023Ravie LakshmananPrivacy / Technology Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant … [Read more...]
Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
Feb 15, 2023Ravie LakshmananPatch Tuesday / Software Updates Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical … [Read more...]
Massive AdSense Fraud Campaign Uncovered – 10,000+ WordPress Sites Infected
Feb 14, 2023Ravie LakshmananAd Fraud / Online Security The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infected over 10,800 websites. "The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue … [Read more...]
Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!
Feb 14, 2023Ravie LakshmananCryptocurrency / Software Security Malicious actors have published more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to infect developer systems with clipper malware. Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a follow-up to a campaign that was … [Read more...]
A CISOs Practical Guide to Storage and Backup Ransomware Resiliency
One thing is clear. The "business value" of data continues to grow, making it an organization's primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations. Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as the … [Read more...]
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
Feb 14, 2023Ravie LakshmananCyber Threat Intelligence Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America. The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147, describing the activity as an "expansion of the group's data exfiltration operations that traditionally … [Read more...]
Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second
Feb 14, 2023Ravie Lakshmanan Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second (RPS). "The majority of attacks peaked in the ballpark of 50-70 million requests per second (RPS) with the largest exceeding 71 million," the company said, calling it a … [Read more...]
Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
Feb 14, 2023Ravie LakshmananDevice Security / Zero Day Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating … [Read more...]
Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players' Systems
Feb 13, 2023Ravie LakshmananGame Hacking / Cyber Threat An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players' systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a … [Read more...]
Honeypot-Factory: The Use of Deception in ICS/OT Environments
There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though our data does not indicate at this point that a lot of threat actors specifically … [Read more...]
Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails
Feb 13, 2023Ravie LakshmananCyber Threat Intelligence The advanced persistent threat (APT) actor known as Tonto Team carried out an unsuccessful attack on cybersecurity company Group-IB in June 2022. The Singapore-headquartered firm said that it detected and blocked malicious phishing emails originating from the group targeting its employees. It's also the second attack aimed at Group-IB, the … [Read more...]