Latest cybersecurity news and articles from “Cyware.com.”

Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.

Accessed on 29 November 2021, 0045 UTC.

Content provided by “Cyware.com.”

Source:  https://cyware.com/cyber-security-news-articles

Please click link or scroll down to read your selections.

Latest Cybersecurity News And Articles

Ransomware Attacks on Healthcare System Goes Way Beyond Just Data

Ransomware attacks on the healthcare sector directly impact the patients. A Ponemon study revealed that a successful attack can lead to a longer stay for patients at a round 70% of healthcare delivery organizations.

The Rise in Banking Scams: Zelle Fraud and Other Threats

A notorious group of hackers has been found targeting customers of banks with phony fraud alerts and stealing thousands of dollars from their bank accounts. The scam first came to light in August.

CronRAT Abuses Linux Task Scheduler to Stay Under the Radar

Security researchers have discovered a Linux-based remote access trojan (RAT) that uses an unusual stealth technique to steal data. It hides in the Linux calendar sub-system as a task that has a nonexistent date viz. February 31. Organizations are suggested to invest more in data protection solutio … Read More

Iranian Hackers Abusing Known Bug in Microsoft’s MSHTML

A new Iranian actor was spotted abusing an RCE flaw in Microsoft MSHTML to target Farsi-speaking people globally and stealing their Google and Instagram credentials. The attacks started in July via spear-phishing emails that targeted Windows users with Winword attachments. Exports recommend organiz … Read More

Holiday Scams May Cost $53 Million This Year, Warns FBI

The FBI has warned that online shoppers are at risk of losing more than $53 million this year to holiday scams that promise fake bargains and hard-to-find gifts.

APT C-23 Targeting Android Users in Middle East with Spyware

Sophos is warning against an evolved version of an Android spyware, allegedly used by an APT group called C-23, targeting individuals in the Middle East. It spreads via a download link in a text message sent to the target’s phone. Users are requested to a lways update Android OS and applications v … Read More

Many users are sharing passwords with someone outside their household

According to a survey by The Harris Poll, 68% of Americans admitted to using the same password on multiple accounts and 64% only change their passwords if they have to, leaving them vulnerable.

November 26, 2021

The Record by Recorded Future

North Korean state-sponsored hackers posed as Samsung recruiters and sent fake job offers to employees at South Korean security companies that sell anti-malware software, Google said this week.

New differential fuzzing tool reveals novel HTTP request smuggling techniques

Researchers have released a new fuzzing tool used for finding novel HTTP request smuggling techniques. The tool, dubbed ‘T-Reqs’, was built by a team from Northeastern University, Boston, and Akamai.

Pfizer Alleges Insider Stole COVID-19 Vaccine Docs

The New York-headquartered firm filed a complaint in a Californian district court earlier this week against “soon-to-be-former employee” Chun Xiao (Sherry) Li, according to Bloomberg Law.

CronRAT Hides Malicious Activity on Linux Systems by Scheduling Actions on February 31st

Researchers unearthed a new Linux RAT that employs an unseen stealth technique that involves masking its actions by scheduling them for execution on February 31st, a non-existent calendar day.

New UK IoT law means huge fines and a ban on default passwords

The Product Security and Telecommunications Infrastructure (PSTI) Bill requires manufacturers and sellers of IoT devices to meet new cybersecurity standards to protect customers’ privacy and security.

NCSC warns industry, academia of foreign threats to their intellectual property

Russia and China continue to engage in IP theft to bolster their defense technology and economic standing, respectively. The National Counterintelligence and Security Center urges action.

How likely are mid-market organizations to experience a breach by the end of 2021?

The vast majority of mid-market organizations are in the dark when it comes to detecting attacks and completely defenseless when it comes to warding them off, as per findings from a report by Coro.

Defense contractors are highly susceptible to ransomware attacks

The top 100 averaged a “C+” grade for information disclosure. SSL/TLS strength and application security are both lagging, with an overall “C” grade according to research by Black Kite.

Israel restricts cyberweapons export list by two-thirds, from 102 to 37 countries

The Israeli government has restricted the list of countries to which local security firms are allowed to sell surveillance and offensive hacking tools by almost two-thirds from 102 to 37 entries.

Swire Pacific Offshore Operations hit by Cl0p ransomware gang

The company didn’t share details of the attack, but it is speculated that the Cl0p gang targeted it with ransomware because the gang has updated its blog, claiming to have breached SPO’s systems.

Philippines: Personal data of 22,000 S&R members compromised in cyberattack

In a statement, NPC confirmed the receipt of a breach notification report on November 15 from S&R Membership Shopping concerning a cyberattack “that may have compromised its members’ personal data.”

Common Cloud Misconfigurations can be Exploited in Minutes: Report

In an experiment by Palo Alto Network’s Unit 42, a round 80% of the honeypots were compromised within 24 hours and the rest were compromised within a week, with SSH being the prime target.

Emotet’s Infrastructure Witnesses Huge Growth

Upon analyzing Emotet’s code, several researchers confirmed that the malware has been upgraded, along with expansion of its infrastructure, for an improved, secure, and robust operation.