News


  • U.S. unveils plan to improve cyber defenses for water utilities

    January 27, 2022

    The White House on Thursday unveiled a plan to beef up cybersecurity in the nation’s water sector, an extension of its efforts to thwart attacks against critical infrastructure including electricity and natural gas pipeline operators. Senior administration officials said water facilities use automation and electronic networks that are vulnerable to cyber attacks, which could include producing ...

  • German govt warns of APT27 hackers backdooring business networks

    January 26, 2022

    The BfV German domestic intelligence services (short for Bun­des­amt für Ver­fas­sungs­schutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group. This active campaign is targeting German commercial organizations, with the attackers using the HyperBro remote access trojans (RAT) to backdoor their networks. HyperBro helps the threat actors maintain persistence on the victims’ networks by acting ...

  • DazzleSpy: Pro-democracy org hijacked to become macOS spyware distributor

    January 26, 2022

    Researchers have uncovered a new strain of macOS malware in targeted attacks against visitors to a Hong Kong pro-democracy radio station website. The website was used to facilitate a watering hole attack and to serve a Safari browser exploit to visitors, leading to the deployment and execution of spyware on victim machines. Dubbed DazzleSpy by ESET researchers, ...

  • New FluBot and TeaBot campaigns target Android devices worldwide

    January 26, 2022

    New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. The SMS topics used for spreading the FluBot malware include fake courier messages, “Is this you in this video?” coaxes, phony browser updates, and fake voicemail notifications. The most recent ...

  • Trickbot will now try to crash researcher PCs to stop reverse engineering attempts

    January 26, 2022

    The Trickbot Trojan has been revised with a new set of anti-reverse engineering features including the capability to crash computers if analysis tools are detected. Over the years, Trickbot has evolved from its original state as a banking Trojan to a wider suite of malicious components. Following the retirement of Dyre in 2016 and the disruption of ...

  • Vulnerability in Apple iOS, iPad OS and MacOS could lead to disclosure of sensitive memory data

    January 25, 2022

    Cisco Talos recently discovered an out-of-bounds read vulnerability in Apple’s macOS and iOS operating systems that could lead to the disclosure of sensitive memory content. An attacker could capitalize on that information to aid in the exploitation of other vulnerabilities This vulnerability specifically exists in the DDS image parsing functionality of Apple’s ImageIO library that exists ...

  • TianySpy Malware Uses Smishing Disguised as Message From Telco

    January 25, 2022

    It has been some time since SMS or text messaging has become a means to spread mobile malware. In September 2021, Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The chain is triggered by a smishing message that appears to be sent from a telecommunications company. It is ...

  • Trellix finds OneDrive malware targeting government officials in Western Asia

    January 25, 2022

    Hackers are using Microsoft OneDrive in a multi-stage espionage campaign aimed at high-ranking government officials in Western Asia, according to a new report from Trellix. Researchers with Trellix named the malware involved “Graphite” because it uses Microsoft’s Graph API to leverage OneDrive as a command and control server. The attack takes advantage of an MSHTML remote ...

  • Canada’s foreign affairs department hit with cyberattack

    January 25, 2022

    Canada’s foreign affairs department was hit with a cyberattack last week, according to the Treasury Board of Canada. The hack of Global Affairs Canada, the government entity responsible for diplomatic and global relations, occurred on Wednesday, according to a statement provided by the Treasury Board to ABC News. The statement does not identify who carried out the ...

  • Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers

    January 24, 2022

    A new .NET malware packer being used to deliver a variety of remote access trojans (RATs) and infostealers has a fixed password named after Donald Trump, giving the new find its name, “DTPacker.” DTPacker was discovered by researchers at Proofpoint who, since 2020, have observed it being used by several threat actors in campaigns targeting hundreds ...

  • Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant

    January 24, 2022

    While monitoring of the LockBit ransomware’s intrusion set, Trend Micro researchers found an announcement for LockBit Linux-ESXi Locker version 1.0 on October 2021 in the underground forum “RAMP,” where potential affiliates can find it. This signifies the LockBit ransomware group’s efforts to expand its targets to Linux hosts. Since October, we have been seeing samples ...

  • Malicious PowerPoint files used to push remote access trojans

    January 24, 2022

    Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. According to a report by Netskope’s Threat Labs shared with Bleeping Computer before publication, the actors are using PowerPoint files combined with legitimate cloud services that host the ...

  • CISA adds 17 vulnerabilities to list of bugs exploited in attacks

    January 22, 2022

    This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies. “Binding Operational Directive ...

  • Log4J: Microsoft discovers attackers targeting undisclosed SolarWinds vulnerability

    January 21, 2022

    Microsoft researchers have discovered a previously undisclosed vulnerability in the SolarWinds Serv-U software while monitoring threats related to Log4J vulnerabilities. Jonathan Bar Or explained on Twitter that while he was hunting for a Log4J exploit attempt, he noticed attacks coming from serv-u.exe. “Taking a closer looked revealed you could feed Ssrv-U with data and it’ll build a ...

  • Merck Awarded $1.4B Insurance Payout over NotPetya Attack

    January 21, 2022

    Unsealed court records show pharmaceutical giant Merck was awarded a $1.4 billion payout last month on its property insurance policy, for losses the company suffered because of the 2017 NotPetya cyberattacks. Merck’s cyber-insurance company, International Indemnity, was claiming the losses fell under the “War or Hostile Acts” exclusion. That’s because in Oct. 2020, the U.S. Department ...

  • McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

    January 21, 2022

    McAfee has patched two high-severity vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges, including up to SYSTEM. According to McAfee’s bulletin, the bugs are in versions prior to 5.7.5 of McAfee Agent, which is used in McAfee Endpoint Security, among other McAfee products. The Agent is the piece of ...

  • Japan’s Supreme Court rules cryptojacking scripts are not malware

    January 21, 2022

    A man found guilty of using the Coinhive cryptojacking script to mine Monero on users’ PCs while they browsed the web has been cleared by Japan’s Supreme Court on the grounds that crypto mining software is not malware. Tokyo High Court ruled against the defendant, 34-year-old Seiya Moroi, on charges of keeping electromagnetic records of an ...

  • New MoonBounce UEFI malware used by APT41 in targeted attacks

    January 20, 2022

    Security analysts have discovered and linked MoonBounce, “the most advanced” UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group (also known as Winnti). APT41 is a notorious hacking group that has been active for at least a decade and is primarily known for its stealthy cyber-espionage operations against high-profile organizations ...

  • Indonesia c.bank says ransomware attack did not impact services

    January 20, 2022

    Indonesia’s central bank said on Thursday that it had been attacked last month by ransomware, but the risk from the attack had been mitigated and did not affect its public services. “We were attacked, but so far so good as we took anticipatory measures and most importantly public services at Bank Indonesia were not disrupted at ...

  • SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack

    January 20, 2022

    Fortune 500 integrated services firm R.R.Donnelley & Sons (RRD) is the latest victim of the hacking collective known as the Conti Group. According to regulatory disclosures RRD was the victim of a network breach that resulted in stolen data in December. RRD, a global firm with 33,000 employees, disclosed incident details in its U.S. Securities and ...