Cybercrime

February 16, 2023

Symantec, by Broadcom Software, has observed a new malware that abuses a feature of Microsoft’s Internet Information Services (IIS) to deploy a backdoor onto targeted systems. The malware, dubbed Frebniis (Backdoor.Frebniis), was used by a currently unknown threat actor against targets in Taiwan. Read more… Source: Symantec  

February 16, 2023

Nearly one year ago, Russia invaded Ukraine, and we continue to see cyber operations play a prominent role in the war. To provide more insights into the role of cyber, today, we are releasing our report Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape based on analysis from Google’s Threat Analysis ...

February 16, 2023

A new malware dubbed ‘ProxyShellMiner’ exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021. When chained together, the vulnerabilities allow unauthenticated, remote code execution, letting attackers take complete control of ...

February 15, 2023

From July to December 2022, Unit 42 researchers observed a Mirai variant called V3G4, which was leveraging several vulnerabilities to spread itself. The vulnerabilities exploited include the following: CVE-2012-4869: FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727: FRITZ!Box Webcam Remote Command Execution Vulnerability Mitel AWC Remote Command Execution Vulnerability Read more… Source: Palo Alto Unit 42  

February 15, 2023

Scandinavian airline SAS said it was hit by a cyber attack Tuesday evening and urged customers to refrain from using its app but later said it had fixed the problem. News reports said the hack paralyzed the carrier’s website and leaked customer information from its app. Read more… Source: Skift  

February 14, 2023

Crooks have breached Pepsi Bottling Ventures’ network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers. The breach happened on or around December 23, 2022. However, Pepsi Bottling Ventures – America’s largest manufacturer and distributor of Pepsi-Cola beverages – didn’t discover the unauthorized activity until ...

February 14, 2023

It sounds like the plot of a somewhat far-fetched romcom-slash-thriller Netflix series, maybe billed as You meets Your Place or Mine, dropping just in time for Valentine’s Day. In it, a pig butchering romance scammer targets her next victim: Sophos’s lead threat researcher. The security biz would probably want us to make very clear that no ...

February 14, 2023

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims. Talos observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389, using one ...

February 13, 2023

This weekend, Cloudflare blocked what it describes as the largest volumetric distributed denial-of-service (DDoS) attack to date. The attacks were launched using over 30,000 IP addresses from multiple cloud providers against various targets, including gaming providers, cloud computing platforms, cryptocurrency firms, and hosting providers. Read more… Source: Bleeping Computer  

February 11, 2023

The Play ransomware group listed networking firm A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber. BetterCyber notes that the leak site claims the group has “private and personal confidential data, a lot of technical documentation, agreements, employee and client documents.” Read more… Source: GovInfoSecurity