Donot Team cyberespionage group updates its Windows malware framework
The Donot Team threat actor, aka APT-C-35, has added new capabilities to its Jaca Windows malware framework. The Donot Team has been active since...
News
Fake DDoS protection pages on compromised WordPress sites lead to malware infections
Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with...
Threat actors are stealing funds from General Bytes Bitcoin ATM
Threat actors have exploited a zero-day vulnerability in the General Bytes Bitcoin ATM servers to steal BTC from multiple customers....
Grandoreiro banking malware targets Mexico and Spain
A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a...
White hat hackers broadcasted talks and hacker movies through a decommissioned satellite
Hackers took control of a decommissioned satellite and broadcasted hacking conference talks and hacker movies. During the latest edition of...
Security Affairs newsletter Round 380
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
CISA added 7 new flaws to its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 7 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity...
TA558 cybercrime group targets hospitality and travel orgs
TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint...
Russia-linked Cozy Bear uses evasive techniques to target Microsoft 365 users
Russia-linked APT group Cozy Bear continues to target Microsoft 365 accounts in NATO countries for cyberespionage purposes. Mandiant researchers reported...
CISA added SAP flaw to its Known Exploited Vulnerabilities Catalog
US CISA added a critical SAP flaw to its Known Exploited Vulnerabilities Catalog after its details were disclosed at the...
A flaw in Amazon Ring could expose user’s camera recordings
Amazon addressed a high-severity flaw in its Ring app for Android that could have exposed sensitive information and camera recordings....
Cisco fixes High-Severity bug in Secure Web Appliance
Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from...
Bumblebee attacks, from initial access to the compromise of Active Directory Services
Threat actors are using the Bumblebee loader to compromise Active Directory services as part of post-exploitation activities. The Cybereason Global Security...
Estonia blocked cyberattacks claimed by Pro-Russia Killnet group
Estonia announced to have blocked a wave of cyber attacks conducted by Russian hackers against local institutions. Undersecretary for Digital...
Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild
Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild....
Business Email Compromise Attack Tactics
Is BEC more damaging than ransomware? What tactics are BEC actors using? How can organizations bolster their defenses? Jon Clay,...
Google blocked the largest Layer 7 DDoS reported to date
Google announced to have blocked the largest ever HTTPs DDoS attack, which reached 46 million requests per second (RPS). Google...
BlackByte ransomware v2 is out with new extortion novelties
A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones....
Apple fixed two new zero-day flaws exploited by threat actors
Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS,...
PoC exploit code for critical Realtek RCE flaw released online
Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC...
Black Hat USA 2022 and DEF CON 30
Black Hat 2022 USA Briefings wrapped up this past week, along with its sister conference DEF CON 30. The DEF...
China-linked RedAlpha behind multi-year credential theft campaign
A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed...
Analyzing the Hidden Danger of Environment Variables for Keeping Secrets
While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for...
Protecting S3 from Malware: The Cold Hard Truth
Cloud object storage is a core component of any modern application, but most cloud file storage security is insufficient. If...
