- Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data, and scan for vulnerable devices, simply by using a web browser.
- A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine. Dubbed OrBit by Intezer Labs security researchers who first spotted it, this malware hijacks shared libraries to intercept function calls by modifying the LD_PRELOAD environment variable on compromised devices.
- The developer of the AstraLocker ransomware code is reportedly ceasing operations and turning attention to the far simpler art and crime of cryptojacking. The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform.
- A new ransomware operation called RedAlert, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The ransomware has been called ‘RedAlert’ based on a string used in the ransom note. However, from a Linux encryptor, the threat actors call their operation ‘N13V’.
- The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django’s main branch, and versions 4.1, 4.0, and 3.2.
- Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors. The malware, dubbed Raspberry Robin, spreads via infected USB devices.
- A New, remarkably sophisticated malware is attacking routers. Researchers say the remote-access Trojan ZuoRAT has infected at least 80 different targets.
Cybersecurity Blog Posts
- Vilius Petkauskas has prepared a material about the possible risks of child-tracking Android applications.
- Lisa Xu in her article told how vulnerability management has developed and what are the trends of its further promotion.
- Tom Hofmann shared information about possible ways to counter attacks using ransomware.
Research and analytics
- MITRE specialists have published top 25 most dangerous software weaknesses. This list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
- Imperva partnered with the Marsh McLennan Cyber Risk Analytics Center to analyze API-related incident data. Their research results suggest that the lack of secure APIs could negatively impact your business, and underscores the importance of investing in a comprehensive API security solution.
- CyberCube has issued a report Global Threat Briefing: threat actor activity update and predictions for H1 2022. In that report is a greater understanding of the key cyber actors, their motivations, and how these lead to the utilization of specific techniques will help (re)insurers and brokers predict how and where future attacks could arise and inform estimations of attack frequency and severity.
- Atlas VPN has released a report where it analyzed the amount of fines GDPR. A research reveals that GDPR fines hit a total of €97.29 million in the first half of 2022, an increase of 92% over H1 2021. In addition, according to the data analyzed by the Atlas VPN team, cybercriminals looted $1.97 billion from 175 crypto project hacks in the first half of 2022. The Ethereum ecosystem suffered the most, with more than $1 billion stolen in 32 events.
- The Unit 42 division of Palo Alto Networks analyzed the danger of the Brute Ratel C4 tool used by Red Team in their study.
- Kaspersky ICS CERT researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan. Infected machines included engineering computers in building automation systems that are part of the infrastructure of a telecommunications company.
Major Cyber Incidents
- Professional Finance Company Inc., a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations.
- Comic reading platform Mangatoon has suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database.
- SHI International has confirmed that a malware attack hit its network. SHI claims to be one of North America’s largest IT solutions providers, with $12.3 billion in revenue in 2021 and 5,000 employees around the world in operations centers in the U.S., the United Kingdom, and the Netherlands.
- Hotel giant Marriott International confirmed it was hit by data breach after an unknown threat actor breached one of its properties and stole 20GB of files. The attackers could only breach one of the chain’s properties, BWI Airport Marriott, and only had access to its network for a limited time.
- An anonymous threat actor is selling several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000). The announcement was posted on a hacker forum by someone using the handle ‘ChinaDan,’ saying that the information was leaked from the Shanghai National Police database.
- British Army’s Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. The army’s verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.