New flaws expose EVlink Electric Vehicle Charging Stations to remote hacking.

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.

Accessed on 27 December 2021, 1242 UTC.

Content provided by “Cyware.com.”

Source: https://cyware.com/cyber-security-news-articles

Please click link or scroll down to read your selections.

Latest Cybersecurity News And Articles

New Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking

The flaws have been found to impact EVlink City (EVC1S22P4 and EVC1S7P4), Parking (EVW2, EVF2, and EVP2PE), and Smart Wallbox (EVB1A) devices, as well as some products that have reached end-of-life.

Echelon Infostealer Drops in via Telegram

A Telegram handle was found distributing malicious Echelon infostealer targeted at users of a cryptocurrency discussion channel on the messaging platform. Echelon aims to steal login credentials from popular file-sharing platforms and messaging applications including FileZilla, Discord, Outlook, E … Read More

An inside look at how CISA is building an agency for elite cybersecurity talent

Kiersten Todt, CISA Chief of Staff, said that one of their key priorities right now is to build out our talented workforce and to really make CISA an elite agency for top-tier talent in cybersecurity.

How to avoid “festive fraud” during the holiday season

Online fraud peaks during the year-end holidays. Scammers know that consumers, rushing around and looking for bargains, are prone to let their guards down a bit more than usual this time of year.

Photography Products, Services Provider Shutterfly Disrupted by Conti Ransomware Attack

Conti has created a private Shutterfly data leak page containing screenshots of files allegedly stolen during the ransomware attack, as part of its ” double-extortion” tactic.

Manufacturers of IT devices should step up when it comes to security

While connected devices deliver a plethora of benefits to businesses, the necessity of being connected to public networks and the internet leave them particularly vulnerable to cyberattacks.

New Blister Campaign Stealthily Targets Windows

Elastic Security researchers reported a three-month-long malware campaign delivering a stealthy loader, dubbed Blister, on Microsoft Windows. The malware loader further deploys second-stage payloads in memory including Cobalt Strike and BitRAT. Researchers suggest deploying an anti-malware solution … Read More

Web app attacks are skyrocketing, it’s time to protect APIs

Web app attacks against UK-based businesses have increased by 251% since October 2019, putting both organizations and consumers at risk, new research by Imperva has revealed.

Bluetooth reboot of pre-school play phone has privacy flaw

Chatter uses Bluetooth classic without secure pairing, which means anyone nearby could therefore hook up a Bluetooth device, and tune in to whatever is said within range of the Chatter’s microphone.

AvosLocker Ransomware Surprises with New Tactics

AvosLocker ransmware combines the AnyDesk remote administration tool with Windows Safe feature to bypass security protections of computer systems, revealed Sophos Labs. The latest variant as a Linux component that targets VMware ESXi hypervisor servers by terminating any virtual machines. Analysts … Read More

PYSA Ransomware Accelerates its Pace of Targeting Victims

Researchers underlined a surge in attacks from PYSA ransomware. The relatively new ransomware was behind 50% of attacks that occurred in November. Another actor mentioned in the report is Russian-speaking ransomware group Everest that uses a new extortion method. Actors are adopting to latest trend … Read More

A New Exploit can Bypass Recently Patched MSHTML Flaw

Sophos Labs reported an exploit developed by hackers to bypass a critical flaw concerning the Microsoft Office file format. The attackers drop the Formbook malware on targeted systems. Microsoft had already fixed the security issue as part of its September 2021 Patch Tuesday updates. People are sug … Read More

Dridex Lures Employee with Job Termination Emails

Threat actors behind Dridex malware found luring people with fake employee termination emails. The emails are used as bait to open a malicious Excel document that trolls the victim. The document, o nce opened, installs other malware, steals credentials, and performs other malicious actions. Ex … Read More

Dridex Omicron phishing taunts with funeral helpline number

A malware distributor for Dridex has been toying with victims and researchers over the last few weeks. The latest phishing campaign taunts victims with a COVID-19 funeral assistance helpline number.

Android banking trojan spreads via fake Google Play Store page

Researchers at Cyble analyzed the malware targeting Brazilian Bank Itaú Unibanco, finding that upon execution, it attempts to open the real Itaú app from the actual Play Store.

Global IT Services Provider Inetum Hit by Ransomware Attack

On Sunday, December 19, Inetum became the target of a ransomware attack that affected some of its operations in France and did not spread to larger infrastructures used by the customers.

New Rook Ransomware Feeds Off the Code of Babuk

The new Rook ransomware is primarily delivered via a third-party framework, for example Cobalt Strike; however, delivery via phishing email has also been reported in the wild.

Stealthy BLISTER Malware Slips in Unnoticed on Windows Systems

The threat actor behind Blister has been relying on multiple techniques to keep their attacks under the radar, the use of code-signing certificates being only one of their tricks.

NVIDIA, HPE Products Affected by Log4j Vulnerabilities

HPE has identified roughly 60 products that use the vulnerable library and has already published security notices (including patches and mitigations) and security bulletins for them.

Hackable Infusion Pump, Ransomware Risks To Patients

A team of McAfee ATR threat researchers recently revealed the outcomes of a more than 18-month investigation into security vulnerabilities in medical equipment such as automatic infusion pumps.

Bots are stealing Christmas!

Past research has shown that attacks originating from China are typically near the top of any botting activity list, but during this time period, China was 6th at only 2.3% of overall bad bot traffic.

Phishing campaign targets CoinSpot cryptoexchange 2FA codes

A new phishing campaign that targets CoinSpot cryptocurrency exchange users employs a new theme revolving around withdrawal confirmations with the end goal of stealing 2FA codes.

Consumers Warned of Surging Delivery Text Scams Ahead of Christmas

UK Finance cited new data from cybersecurity firm Proofpoint showing that delivery ‘smishing’ scams are surging amid the busiest shopping period of the year during Christmas and Boxing Day.

Apple fixes macOS security flaw behind Gatekeeper bypass

Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems.

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

Charging stations are not the only targets that could be affected by this vulnerability in the automotive industry. Cars’ IVI systems could also be subjected to real threats.