- Azerbaijan will open cybersecurity center with Israeli support
November 17, 2022
Azerbaijan is going to open a cybersecurity center with Israeli support, Azerbaijani Minister of Digital Development and Transport Rashad Nabiyev said on Thursday. According to the minister, the center is more likely to start its activities soon. “A cybersecurity center is being founded based on an agreement with an Israeli university. One of the main projects which ...
- DEV-0569 finds new ways to deliver Royal ransomware, various payloads
November 17, 2022
Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, ...
- Google wins lawsuit against alleged Russian botnet herders
November 17, 2022
A New York judge has issued a default judgment against two Russian nationals who are alleged to have helped create the “Glupteba” botnet, sold fraudulent credit card information, and generated cryptocurrency using the network. The ad giant said Glupteba had infected one million compromised devices across the globe, where it went on steal users’ account data, ...
- F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ
November 17, 2022
F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints. While these flaws require specific criteria to exist, making them very difficult to exploit, F5 warns that it could lead to a complete compromise of the devices. The first flaw is ...
- Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police
November 16, 2022
Vyacheslav Igorevich Penchukov, also known as Tank and one of the leaders of the notorious JabberZeus cybercrime gang, was arrested in Geneva last month. The Swiss Federal Office of Justice (FOJ) said Penchukov was arrested last month and is waiting to be extradited to the United States, although he can still appeal FOJ’s decision. “By order of ...
- WASP malware stings Python developers
November 16, 2022
Malware dubbed WASP is using steganography and polymorphism to evade detection, with its malicious Python packages designed to steal credentials, personal information, and cryptocurrency. Researchers from Phylum and Check Point earlier this month reported seeing new malicious packages on PyPI, a package index for Python developers. Analysts at Checkmarx this week connected the same attacker to ...
- Pilfered Keys: Free App Infected by Malware Steals Keychain Data
November 16, 2022
Today, malware spreads easily, infecting computers of various users. Commonly found on filesharing websites, they disguise themselves as normal applications. Users are then enticed to download them to save money on those programs. However, users risk their security in doing so. Free apps that are infected by a trojan will also affect users who download ...
- CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network
November 16, 2022
Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware ...
- NHS tech chief dismisses concerns over loss of statutory power to protect patient data
November 16, 2022
An outgoing NHS tech chief has defended the decision to merge his organization with a UK government-run unit, arguably diluting the statuary protection of patient data. Simon Bolton, interim chief executive of the soon-to-be-defunct NHS Digital, said the merger of the organization with NHS England, a non-departmental government body, was necessary to “provide real clarity of ...
- Electricity/Energy Cybersecurity: Trends & Survey Response
November 16, 2022
Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, we will discuss the characteristics of each industry, the motivations and ...
- Token tactics: How to prevent, detect, and respond to cloud token theft
November 16, 2022
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose. By compromising and replaying ...