Telegram bot SMSRanger helps cybercriminals steal one-time passwords. Attackers use a bot to send automatic messages to people, allegedly on behalf of a bank, PayPal, etc.Cybercriminals have armed themselves with a new, simplified attack tool based on scripts from the Telegram messenger that allows them to create bots to steal credentials with a one-time password, intercept control of user accounts and steal bank funds.
Victims of ransomware attacks in USA would be required to report payments to their hackers within 48 hours under a proposal from Democratic Senator Elizabeth Warren and Democratic Representative Deborah Ross.
U.S. National Security Agency warned organizations and companies about a new TLS attack called Application Layer Protocol Content Confusion Attack (ALPACA). The NSA has urged organizations to follow technical guidelines and protect servers from scenarios where attackers can access and decrypt encrypted web traffic.
Microsoft specialists released data on the attack, which the corporation called the most powerful in history. According to them, the DDoS attack was recorded back in August 2021. It was directed against a large European company that is a client of the Microsoft Azure cloud service.
New macOS zero-day bug lets attackers run commands remotely. Security researchers disclosed a new vulnerability in Apple’s macOS Finder, which makes it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big Sur.
The Japanese government adopted a draft cybersecurity strategy for the next three years, naming China, Russia and North Korea as cyberattack threats for the first time. The strategy, expected to be endorsed by the Cabinet soon, said the situation in cyberspace contains the “risk of rapidly developing into a critical situation” and that the three states are suspected of being involved in hostile cyber activities.
A team of researchers have devised a new method for protecting SSDs from ransomware attacks. It can detect ransomware, stop it in its tracks, and even recover stolen data in a matter of seconds. The cost should only be a minor increase in the SSD’s latency. SSD-Insider works by recognizing certain patters in SSD activity that are known to indicate ransomware.
Cybercriminals recreate Cobalt Strike in Linux. The new malware strain has gone unnoticed by detection tools. A re-implementation of Cobalt Strike has been “written from scratch” to attack Linux systems. Dubbed Vermilion Strike, Intezer said that the new variation leans on Cobalt Strike functionality, including its command-and-control (C2) protocol, its remote access functionality, and its ability to run shell instructions.
The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. It is unclear if this marks their ransomware gang’s return or the servers being turned on by law enforcement.The REvil ransomware gang, aka Sodinokibi, used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt approximately 60 managed service providers (MSPs) and over 1,500 of their business customers.
An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws. The existence of the vulnerabilities affecting Delta’s DIAEnergie product was disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who identified them, Michael Heinzl.
Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software (NFVIS) vulnerability with public proof-of-concept (PoC) exploit code. The security flaw (tracked as CVE-2021-34746) was found in the TACACS+ authentication, authorization, and accounting (AAA) of Cisco’s Enterprise NFV Infrastructure Software, a solution designed to help virtualize network services for easier management of virtual network functions (VNFs).
Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit (GPU) of a compromised system. While the method is not new and demo code has been published before, projects so far came from the academic world or were incomplete and unrefined.
The universal decryption key for REvil’s attack on Kaseya’s customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key.
A new Android Trojan has been identified by cybersecurity firm Zimperium, which released a report explaining how the malware has been able to hit more than 10,000 victims in 144 countries. The trojan, named FlyTrap by Zimperium researchers, has been able to spread through “social media hijacking, third-party app stores, and sideloaded applications” since March.
