News – August 2022


  • Montenegro hit by ransomware attack, hackers demand $10 million

    September 1, 2022

    The government of Montenegro has provided more information about the attack on its critical infrastructure saying that ransomware is responsible for the damage and disruptions. Public Administration Minister Maras Dukaj stated on local television yesterday that behind the attack is an organized cybercrime group. The effects of the incindet continue for the tenth day. The minister added ...

  • Vulnerability in TikTok Android app could lead to one-click account hijacking

    August 31, 2022

    Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click. The vulnerability, which would have required several issues to be chained together to exploit, has been fixed and Microsoft did not locate any evidence of in-the-wild exploitation. Attackers could have leveraged the ...

  • CISA releases two Industrial Control Systems Advisories

    August 31, 2022

    CISA has released two Industrial Control Systems (ICS) advisories on September 01, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSMA-22-244-01 Contec CMS8000 ICSA-22-244-01 Delta Electronics DOPSoft Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • China-linked APT40 gang targets wind farms, Australian government

    August 31, 2022

    Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site. The campaign, active from April to June of this year, targeted Australian government agencies, Australian media companies and manufacturers who conduct maintenance on wind turbine ...

  • Apple backports fix for actively exploited iOS zero-day to older iPhones

    August 31, 2022

    Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices. This zero-day vulnerability is the same one Apple patched for macOS Monterey and iPhone/iPad devices on August 17, and for Safari on ...

  • ModernLoader delivers multiple stealers, cryptominers and RATs

    August 30, 2022

    Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the ...

  • That ‘clean’ Google Translate app is actually Windows crypto-mining malware

    August 30, 2022

    Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches. The cryptomining Trojan, known as Nitrokod, is typically disguised as a clean Windows app and works as the user expects for days or weeks before its hidden Monero-crafting code is executed. It’s said ...

  • US govt sues Kochava for selling sensitive geolocation data

    August 29, 2022

    The U.S. Federal Trade Commission (FTC) announced today that it filed a lawsuit against Idaho-based location data broker Kochava for selling sensitive and precise geolocation data (in meters) collected from hundreds of millions of mobile devices. As the consumer protection watchdog said, Kochava’s clients could use this data to identify and keep track of mobile users’ ...

  • Nelnet Servicing breach exposes data of 2.5M student loan accounts

    August 29, 2022

    Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial was exposed after hackers breached the systems of technology services provider Nelnet Servicing. Technology services from Nelnet Servicing, including a web portal, are used by OSLA and EdFinancial to give online access students taking out a loan access to ...

  • Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers

    August 29, 2022

    A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories. Atlassian has fixed the security holes, which are present in versions 7.0.0 to 8.3.0 of the software, inclusive. Luckily there are no ...

  • CISA Releases 12 Industrial Control Systems Advisories

    August 29, 2022

    CISA has released 12 Industrial Control Systems (ICS) advisories on August 30, 2022. These advisories provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-242-01 Hitachi Energy FCP ICSA-22-242-02 Hitachi Energy GWS ICSA-22-242-03 Hitachi Energy MSM ICSA-22-242-04 Hitachi Energy RTU500 ...

  • NATO investigates hacker sale of missile firm data

    August 26, 2022

    Nato is assessing the impact of a data breach of classified military documents being sold by a hacker group online. The data includes blueprints of weapons being used by Nato allies in the Ukraine war. Criminal hackers are selling the dossiers after stealing data linked to a major European weapons maker. MBDA Missile Systems admitted its data was ...

  • Twilio breach let hackers gain access to Authy 2FA accounts

    August 26, 2022

    Twilio’s investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices. Authy is a two-factor authentication (2FA) service from Twilio that allows users to secure their online accounts where the feature is supported by identifying a second time via a dedicated app after typing in ...

  • PyPI warns of first-ever phishing campaign against its users

    August 26, 2022

    The Python Package Index, better known among developers as PyPI, has issued a warning about a phishing attack targeting developers who use the service. The community-run organization said this is the first known phishing attack against PyPI users. And the attack has unfortunately been somewhat successful, resulting in the compromise of some users’ accounts. PyPI is an ...

  • Cyber criminals are launching phishing attacks on LinkedIn

    August 25, 2022

    Regular users of LinkedIn, the professional networking and social working platform, have noticed an increase of threat actors trying to steal critical personal information through phishing attacks. These cyber criminals are using false LinkedIn accounts to trick unsuspecting victims into giving up confidential information. How are they doing it? Threat actors start by creating fraudulent LinkedIn ...