US, UK link new Cyclops Blink malware to Russian state hackers.

Views expressed in this cybersecurity-cyber war-cyber crime update are those of the reporters and correspondents.

Accessed on 24 February 2022, 0040 UTC.

Content supplied by “Cyware.com.”

Source:  https://cyware.com/cyber-security-news-articles

Please click link or scroll down to read your selections.

Latest Cybersecurity News And Articles

US, UK link new Cyclops Blink malware to Russian state hackers

New malware dubbed Cyclops Blink has been linked to the Russian-backed Sandworm hacking group in a joint security advisory published today by US and UK cybersecurity and law enforcement agencies.

New Phishing Technique Uses Remote Access Software

Security researchers discovered a new phishing technique wherein adversaries bypass MFA using the VNC screen sharing system without victims logging into their accounts. The demonstrated phishing technique has not been used in real-world attacks yet. However, the researcher suspects that it could be … Read More

Operation Cache Panda – Chinese APT10 Targets Taiwan

Taiwanese cybersecurity firm CyCraft attributed months-long attacks against Taiwan’s financial sector to the APT10 group (aka Stone Panda or Bronze Riverside), which is affiliated with the Chinese government. 

Social Media Attacks Double, Financial Sector Suffers Most – Report

As per the Quarterly Threat Trends & Intelligence Report by PhishLabs, social media threats increased by 103% from January to December 2021. In December, organizations witnessed an average of 68 attacks per month.

CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool

Tracked as CVE-2022-23131 and CVE-2022-23134, the two flaws could be exploited to bypass authentication and gain admin privileges, which could then allow an attacker to execute arbitrary commands.

February 23, 2022

Kostovite, Petrovite, and Erythrite Hacking Groups are Striking Industrial, Operational Technology Systems

Three new threat groups targeting firms in the industrial sector have appeared but over half of all attacks are the work of only two known cybercriminal outfits, researchers say.

Dridex Malware Deploys Entropy Ransomware on Compromised Machines

Similarities have been unearthed between the Dridex malware and a ransomware called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name.

February 23, 2022

Flawed Encryption Could Enable Initialization Vector Reuse Attacks on Samsung Smartphones

Samsung failed to implement Keymaster TA properly in Galaxy S series phones, meaning one could launch an Initialization Vector reuse attack to obtain the keys from the hardware-protected key blobs.

New Variant of CryptBot Targets All Chrome Versions

Security experts spotted a new version of the CryptBot infostealer that is offering free download versions of cracked games and pro-grade software. Its operators are using search engine optimization to rank up the distribution sites to display them at top of Google search results, allowing increase … Read More

Equation Group’s Bvp47 Covert Hacking Tool Used for Backdoor Access on Linux Systems

Dubbed “Bvp47” owing to numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm, the backdoor was extracted from Linux systems in 2013.

Xenomorph Trojan Spreading via Play Store

A new banking trojan called Xenomorph was found distributing via Google Play Store in the form of fake performance-boosting apps, targeting European banks. It comes with a modular engine that abuses accessibility services, which may allow advanced capabilities. Experts recommend using an anti-malwa … Read More

Researchers Bypass Stalking Protections on Apple Airtags Clones Using Find My Protocol

Source code for an Airtag clone was published online by Positive Security, which said its tags “successfully tracked an iPhone user… for over five days without triggering a tracking notification.”

Hackers tried to shatter the spine of global supply chains in 2021

IBM researchers say that phishing remains the most common attack vector for cyberattacks but there has also been a 33% increase in the use of vulnerabilities against unpatched systems.

Malicious JS Libraries Distributed via Official NPM Package Repository to Steal Discord Tokens

Another batch of malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems.

USA to attack bad cyber actors if it protects victims

The DoJ has revealed new policies that may see it undertake pre-emptive action against cyber threats. Such actions will be undertaken if the DoJ feels that action can reduce risks for victims.

Why DevOps pipelines are under attack and how to fight back

Software developers often have high permission levels and access privileges. If the software being produced is designed for external consumption, the impact of breaches can be dramatically greater.

9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software

Users are being urged to disable a feature to contain an unpatched vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment.

Carpet bombing DDoS attacks spiralled in 2021

Neustar Security Services has released a report which details the ongoing rise in cyberattacks in 2021, with an unprecedented number of carpet bombing distributed denial of service (DDoS) attacks.

Devious phishing method bypasses MFA using remote access software

A devious, new phishing technique allows adversaries to bypass MFA by secretly having victims log into their accounts directly on attacker-controlled servers using the VNC screen sharing system.

Payment card skimming reemerges with an online twist

Card skimming has been around for a long time and is undergoing a renaissance as financial fraudsters are recognizing new opportunities to combine physical world data theft with online intrusions.

Asustor NAS owners hit by DeadBolt ransomware attack

The message displayed by the DeadBolt ransomware claims that victims were targeted simply because they were using Asustor NAS devices, and put the blame on the vendor’s “inadequate security.”

Enterprise IoT Security Firm Phosphorus Raises $38 Million

The Nashville, TN-based enterprise IoT security firm Phosphorus Cybersecurity has raised $38 million in its Series A funding round led by SYN Ventures and MassMutual Ventures.

Zero-day RCE flaw among multiple bugs found in Extensis Portfolio – research

A group of cybersecurity researchers examined the source code of Extensis Portfolio version 3.6.3 and found a total of five vulnerabilities that required immediate attention.

French speakers blasted by sextortion scams with no text or links

In this revised type of sextortion scam, the crooks typically add some widely-known data from an earlier data breach into the email to leverage the familiarity with the related brand.

91% of UK Organizations Compromised by an Email Phishing Attack in 2021

More than nine in ten (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report.

Employees are often using devices in seriously risky ways

According to a Mobile Mentor study, 36 percent of employees admit to finding ways to work around security policies, and 72 percent value their personal privacy over company security.

Phishing Group Used 40 Fake Mobile Service Top-up Sites to Steal Credit Cards

The Ukrainian Cyberpolice has arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top-up sites.

Kids Luxury Clothing Store Melijoe Exposed 2 Million Files Due to Cloud Misconfiguration

An Amazon S3 bucket owned by the company was left accessible without authentication controls in place, exposing sensitive and personal data for potentially hundreds of thousands of customers.

Suspected Ransomware Attack Heavily Impacted Operations of Expeditors International

The information publicly available on the attack suggests the company was the victim of a ransomware attack and was forced to shut down its network to avoid the threat from spreading.

Meyer Discloses Breach Impacting US Employees’ Personal Information

The firm, which is the largest distributor of cookware in the US, revealed the incident in a notification letter to employees posted to the website of the California attorney general’s office.

As Russian cybercriminals become emboldened, US banks prepare for potential attack

The scramble comes after Biden administration officials announced that they believed Russian-backed bad actors had targeted Ukraine banks, as well as the Ukraine Ministry of Defense.

Beyond Identity Becomes Unicorn With $100 Million Series C Funding Round

Identity management solutions provider Beyond Identity announced raising $100 million in an oversubscribed Series C funding round that brings the total raised by the company to $205 million.

Revamped CryptBot Malware Variant Spread by Pirated Software Sites

CryptBot is a Windows malware that steals information from infected devices, including saved browser credentials, cookies, browser history, cryptocurrency wallets, credit cards, and files.

China-linked APT10 Group Targeted Taiwan’s Financial Sector in Months-long Attack Campaign

The attacks are believed to have started at the end of November 2021 and were still taking place this month, according to a report shared with The Record today by Taiwanese security firm CyCraft.

Mobile malware evolution 2021

In 2021, Kaspersky researchers observed a downtrend in the number of attacks on mobile users. But attacks are becoming more sophisticated in terms of both malware functionality and vectors.

Coinbase Pays $250K for ‘Market-Nuking’ Security Flaw

The root cause of the flaw was a missing logic validation check in a Retail Brokerage API endpoint, which allowed a user to submit trades to a specific order book using a mismatched source account.

Introducing Ghostbuster – AWS security tool protects against dangling elastic IP takeovers

Cybercriminals can identify vulnerable subdomains by continually claiming dangling elastic IPs until they find an IP associated with the subdomain of a targeted organization.

NIST proposes model to assess cybersecurity investment strategies in network security

It may be a challenge for businesses to work out what the most important areas are in terms of cybersecurity investment, but a new computational model could take out some of the guesswork.

A Record Number of Phishing Attacks Leverage Linkedin

With an intention to steal personal details and cause further damages, spammers and phishers are duping working professionals with a variety of job lures that are distributed via email, SMS, or instant message.