Cybersecurity News

• Hardbit ransomware version 4.0 supports new obfuscation technique.
• Hackers are attacking Windows users with Internet Explorer zero-Day vulnerability.
• Apple warns iPhone users in 98 countries of more spyware attacks.
• Critical Exim bug bypasses security filters on 1.5 million mail servers.
• Latest CapraRAT Android spyware campaign targets gamers and TikTokers.
• Dark Gate malware campaign uses Samba file shares.
• GitLab critical bug lets attackers run pipelines as other users.
• A user has

In order to improve the process of working with incoming cybersecurity events Defensys has expanded functionalities of the Defensys SIEM. The release 1.3 has a range of updates: the developer has increased the number of functions for events collection and handling, implemented new tools for content processing and search, added a report builder and new integrations to external systems. These changes will lead to better security of IT infrastructure and improve efficiency of CS specialists.

Defensys continues developing technologies for data protection and prevention of cyberattacks. New features are included in the event processing pipeline by Defensys’ specialists, updates allow SOC’s analysts to manage data processing collection in the system’s interface. Thus, the Defensys team has added new elements to the already available input and output points, buses and event normalizer, among them are an aggregator, a router and a filter. This allows users to customize event handling at its fullest, that is especially important for a large infrastructure of sources and systems.

Cybersecurity News

• Researchers have spotted exploitation attempts for the critical vulnerability impacting all D-Link DIR-859 WiFi routers.
• Brain Cipher has released decryption keys for free, allowing victims to recover their encrypted data.
• Apple’s CocoaPods platform bugs expose millions of Apps to code injection.
• Ticketmaster has started to notify customers who were impacted by a recent data breach.
• Researchers discovered a new Android malware, “Snowblind”, running active campaigns since early 2024.
• OpenSSH addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution.
• Cisco has patched a

Cybersecurity news

• Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year. The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in GPU, discovered by Clement Lecigne of Google’s Threat Analysis Group on November 22, 2022.
• Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors. Docker Hub is a cloud-based container library allowing people to freely search and download Docker images or upload their creations to the public library or personal repositories.
• Windows gamers and power users are being targeted by fake MSI Afterburner download portals to infect users with cryptocurrency miners and the RedLine information-stealing malware.

Cybersecurity news

• A threat group tracked as ‘Worok’ hides malware within PNG images to infect victims’ machines with information-stealing malware without raising alarms. This has been confirmed by researchers at Avast, who built upon the findings of ESET, the first to spot and report on Worok’s activity.
• Researchers from cybersecurity firm Avanan, uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims.

Cybersecurity news

• The Cranefly hacking group uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services web server logs. Like any web server, when a remote user accesses a webpage, IIS will log the request to log files that contain the timestamp, source IP addresses, the requested URL, HTTP status codes, and more.
• Threat actors are actively exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access to deliver cryptocurrency miners and ransomware.
• McAfee specialists have removed 16 malicious programs from the Google Play, which were extremely popular among users.

Cybersecurity news

• Computer security experts in Scotland have developed a system that uses thermal imaging and artificial intelligence to guess computer and smartphone passwords in seconds.
• A phishing-as-a-service platform named ‘Caffeine’ makes it easy for threat actors to launch attacks, featuring an open registration process allowing anyone to jump in and start their own phishing campaigns. Caffeine doesn’t require invites or referrals, nor does it require wannabe threat actors to get approval from an admin on Telegram or a hacking forum. Due to this, it removes much of the friction that characterizes almost all platforms of this kind.
• The Zimbra Collaboration Suite is impacted by a critical remote code execution vulnerability that remains unpatched, despite being exploited in attacks. The issue, tracked as CVE-2022-41352, exists because of the Cpio method that the Zimbra antivirus engine uses when scanning inbound emails.

Cybersecurity news

• The Cybersecurity and Infrastructure Security Agency has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days. CISA’s Known Exploited Vulnerabilities catalog now includes two Microsoft Exchange zero-days (CVE-2022-41040 and CVE-2022-41082) exploited in limited, targeted attacks, according to Microsoft.
• A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims’ devices. The attack is modularized and multi-staged, with most steps relying on executing obfuscated scripts from the host’s memory and abusing the Bitbucket code hosting service to evade detection.
• Hackers have found a new method to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection.

Cybersecurity news

• Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information and in some cases, passwords, to Google and Microsoft respectively. While this may be a known and intended feature of these web browsers, it does raise concerns about what happens to the data after transmission and how safe the practice might be, particularly when it comes to password fields.
• Romanian cybersecurity firm Bitdefender has released a free decryptor to help LockerGoga ransomware victims recover their files without paying a ransom.

Cybersecurity news

• A new and upgraded version of the SharkBot malware has returned to Google’s Play Store, targeting banking logins of Android users through apps that have tens of thousands of installations. The malware was present in two Android apps that did not feature any malicious code when submitted to Google’s automatic review.
• The source code of a remote access trojan dubbed ‘CodeRAT’ has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool.