- Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts
November 23, 2022
A cybercriminal operation tracked as Ducktail has been hijacking Facebook Business accounts causing losses of up to $600,000 in advertising credits. The gang has been spotted before using malware to steal Facebook-related information and hijack associated business accounts to run their own ads that are paid for by the victim. Believed to be the work of a ...
- WannaRen Returns as Life Ransomware, Targets India
November 23, 2022
Although not as well-known as ransomware families such as Ryuk, REvil, or Maze, WannaRen ransomware made a name for itself back in 2020 after it launched attacks against Chinese internet users, infecting tens of thousands of victims. However, it has become relatively quiet since that attack, with the ransomware’s authors even sharing its private encryption ...
- CISA Releases Eight Industrial Control Systems Advisories
November 22, 2022
CISA has released eight (8) Industrial Control Systems (ICS) advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-326-01 AVEVA Edge ICSA-22-326-02 Digital Alert Systems DASDEC ICSA-22-326-03 Phoenix Contact Automation Worx ICSA-22-326-04 GE ...
- Vulnerable SDK components lead to supply chain risks in IoT and OT environments
November 22, 2022
Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets in sensitive industries. Attacks on software and hardware supply chains, like Log4J and ...
- Sweden boosts cyber, defense spending with NATO in mind
November 22, 2022
Sweden’s newly elected center-right government has prioritized spending on defense-strengthening measures in its draft budget bill for 2023, eying to edge the country closer to NATO’s target quota. Sweden, along with fellow unaligned Nordic nation Finland, is currently awaiting unanimous consent from NATO members to join the alliance, a process that could reach its conclusion in ...
- Estonian duo accused of $575m cryptocurrency scam
November 22, 2022
Police in Estonia have arrested two men suspected of running a $575m (£485m) cryptocurrency scam involving hundreds of thousands of victims. Estonian police investigated the case with the FBI, and US authorities want to extradite the pair – Estonians Sergei Potapenko and Ivan Turogin. The two 37-year-olds allegedly got people to invest in a cryptocurrency mining service ...
- Donut extortion group also targets victims with ransomware
November 22, 2022
The Donut (D0nut) extortion group has been confirmed to deploy ransomware in double-extortion attacks on the enterprise. BleepingComputer first reported on the Donut extortion group in August, linking them to attacks on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Strangely, the data for Sando and DESFA was also posted ...
- Mind the Gap
November 22, 2022
In June 2022, Project Zero researcher Maddie Stone gave a talk at FirstCon22 titled 0-day In-the-Wild Exploitation in 2022…so far. A key takeaway was that approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities. This finding is consistent with our understanding of attacker behavior: attackers will ...
- US offshore oil and gas installation at ‘increasing’ risk of cyberattack
November 21, 2022
The US Government Accountability Office (GAO) has warned that the time to act on securing the US’s offshore oil and natural gas installations is now because they are under “increasing” and “significant risk” of cyberattack. A report to Congress looked at a network of “more than 1,600 offshore oil and gas facilities,” which the federal watchdog ...
- Luna Moth Callback Phishing Campaign
November 21, 2022
Unit 42 investigated several incidents related to the Luna Moth/Silent Ransom Group callback phishing extortion campaign targeting businesses in multiple sectors including legal and retail. This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope. By design, this style of social engineering attack leaves very few artifacts ...
- New ransomware encrypts files, then steals your Discord account
November 20, 2022
The new ‘AXLocker’ ransomware family is not only encrypting victims’ files and demanding a ransom payment but also stealing the Discord accounts of infected users. When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer. This token can then be used to log in as ...