Kaspersky DDoS report, Q1 2022
Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists.
Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before
We identified 80 zero-days exploited in the wild in 2021, more than we've seen in any year.
LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave
Operators of the LemonDuck botnet are targeting Docker instances in a cryptocurrency mining campaign.
Securing Cloudflare Using Cloudflare
When a new security threat arises — a publicly exploited vulnerability (like log4j) or the shift from corporate-controlled environments to remote work or a potential threat actor — it is the Security team’s job to respond to protect Cloudflare’s network, customers, and employees. And as security threats evolve, so should our defense system. Cloudflare is committed to bolstering our security posture with best-in-class solutions — which is why we often turn to our own products as any other Cloudflare customer would?
CVE-2022-21449: Psychic Signatures in Java
The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, this being Doctor Who, the card is really made out of a special "psychic paper", which causes the person looking at it…
The More You Know, The More You Know You Don’t Know
A Year in Review of 0-days Used In-the-Wild in 2021
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.
Increased Enterprise Use of iOS, Mac Means More Malware
As use of Apple devices has grown in the enterprise, the company has increasingly become a target for malware threats and other attacks. ISMG spoke with experts and
Researcher uses 379-year-old algorithm to crack crypto keys found in the wild
It takes only a second to crack the handful of weak keys. Are there more out there?
Microsoft Zero-Days, Wormable Bugs Spark Concern
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.
Russia’s Sandworm hackers attempted a third blackout in Ukraine
The attack was the first in five years to use Sandworm's Industroyer malware.
RaidForums hacking forum seized by police, owner arrested
The RaidForums hacker forum, used mainly for trading and selling stolen databases, has been shut down and its domain seized by U.S. law enforcement during Operation TOURNIQUET, an action coordinated by Europol that involved law enforcement agencies in several countries.
Git security vulnerability announced
GitHub is unaffected by the vulnerabilities, but users should be aware of them and upgrade their local installation of Git.
The U.S. is using declassified intel to fight an info war with Russia, even when the intel isn't rock solid
The Biden administration has broken with precedent by using declassified intelligence in an information war against Russia — even intel that isn’t rock solid.
Industroyer2: Industroyer reloaded
ESET researchers have responded to a cyber-incident that affected an energy provider in Ukraine and involved ICS-capable malware called Industroyer2.
CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. We began seeing malicious activities at the start of April 2022. We also found the malware file server with other variants of the sample for different CPU architectures.
Police Records Show Women Are Being Stalked With Apple AirTags Across the Country
Motherboard obtained reports of stalking, harassment, and abuse using AirTags, targeting victims of intimate partner violence.
FBI Disrupts Cyclops Blink Botnet Used by Russian Intelligence Directorate
The Cyclops Blink botnet was controlled by the Russian Fed. Intelligence Directorate (GRU) and compromised thousands of devices worldwide.
DoS attacks hit Finnish websites during Zelenskyy address • The Register
Cyberattacks took down Finnish government websites on Friday while Ukrainian President Volodymyr Zelenskyy addressed Finland's members of parliament (MPs).
U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks - The New York Times
The operation is the latest effort by the Biden administration to thwart actions by Russia by making them public before Moscow can strike.
Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639
We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation.
Hackers breach MailChimp's internal tools to target crypto customers
Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.
Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams
Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.
Ongoing phishing attacks on Trezor users
Trezor users have reported being targeted by a malicious phishing attack on April 3.
Explaining Spring4Shell: The Internet security disaster that wasn’t
Vulnerability in the Spring Java Framework is important, but it's no Log4Shell.
Complete dissection of an APK with a suspicious C2 Server
During our analysis of the Penquin-related infrastructure we reported in our previous post, we paid special attention to the malicious binaries contacting these IP addresses, since as we showed in the analysis, they had been used as C2 of other threats used by Turla.
Lapsus$: Two UK teenagers charged with hacking for gang
The actions of the relatively new group have led to an international police hunt.
Apple releases macOS 12.3.1, iOS 15.4.1, watchOS 8.5.1 and more - The Mac Security Blog
Apple has just released fixes for two actively exploited vulnerabilities affecting macOS Monterey, iOS 15, and iPadOS 15.