CISA orders agencies to fix actively exploited malware, chrome bugs.

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.

Accessed on 17 April 2022, 2201 UTC.

Content provided by “Cyware.com”

Source:  https://cyware.com/cyber-security-news-articles

Please click link or scroll down to read your selections.

Filter Alerts by

Latest Cybersecurity News And Articles

CISA orders agencies to fix actively exploited VMware, Chrome bugs

The CISA has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution.

Newman Regional Health notifies 52,224 patients after long-running breach of employee email accounts

Newman Regional Health (NRH) is notifying more than 52,000 patients after an investigation revealed unauthorized access to a limited number of their employee e-mail accounts.

T-Mobile customers warned of unblockable SMS phishing attacks

The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issued a warning after multiple customers have filed reports of being targeted by this new SMS phishing (smishing) campaign.

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including npm.

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples.

Karakurt revealed as data extortion arm of Conti cybercrime syndicate

After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortion group, showing that the two gangs are part of the same operation.

Spanish FA report cyber attack to police after email accounts, private texts stolen

Documents and information from email accounts, private texts, and audio conversations from top executives of the federation, including president Luis Rubiales, have been stolen in recent months.

Attack on Panasonic Canada Shows Conti is Still Dangerous

While the details remain sparse, Panasonic suffered another breach just six months after a high-profile attack—this time at Panasonic Canada. The Conti gang said it was behind the February attack that resulted in the theft of more than 2.8GB of data.

Critical Vulnerability in Elementor Plugin Impacts Millions of WordPress Sites

A critical vulnerability addressed in the Elementor WordPress plugin could allow authenticated users to upload arbitrary files to affected websites, potentially leading to code execution.

Analysis of the SunnyDay ransomware

Segurança-Informatica published an analysis of a recent sample of SunnyDay ransomware. As a result of the work, some similarities between other ransomware samples such as Ever101, Medusa Locker, Curator, and Payment45 were found.

April 15, 2022

North Korea’s Lazarus Group Stole More than $600 Million in a Single Hack Targeting Axie Infinity

The FBI has blamed hackers associated with the North Korean government for stealing more than $600 million in cryptocurrency last month from a video gaming company — the latest in a string of audacious cyber heists tied to Pyongyang.

Cisco’s Webex phoned home audio telemetry even when muted

Researchers at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones – and that these apps have the ability to access audio data when muted, or actually do so.

Google Chrome emergency update fixes zero-day used in attacks

Google has released a Chrome update for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability, tracked as CVE-2022-1364, actively used by threat actors in attacks.

Pipedream, an extremely versatile malware toolkit, could be used for targeting power grids, refineries, and other ICS systems

The United States government has issued an advisory for the malware toolkit dubbed Pipedream that cybercriminal groups could use to potentially target all critical infrastructure owners worldwide.

A Vulnerability in Apache Struts Could Allow for Remote Code Execution

A vulnerability has been discovered in Apache Struts, which could allow for remote code execution. Apache Struts is an open-source framework used for building Java web applications.

Wind turbine firm Nordex hit by Conti ransomware attack

The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month.

Hackers target Ukrainian govt with IcedID malware, Zimbra exploits

The CERT-UA detected the new campaigns and attributed the IcedID phishing attack to the UAC-0041 threat cluster, previously connected with AgentTesla distribution, and the second to UAC-0097, a currently unknown actor.

Several Vulnerabilities Allow Disabling of Palo Alto Networks Products

The researcher discovered that the agent can be disabled by a local attacker with administrator privileges simply by modifying a registry key, leaving the endpoint exposed to attacks.

April 14, 2022

U.S. ties North Korean hacker group to Axie Infinity crypto theft

The United States has linked the North Korean hackers to the theft of hundreds of millions of dollars’ worth of cryptocurrency tied to the popular online game Axie Infinity.

Obsidian Security Raises $90 Million Series C Round to Cement its Leadership in SaaS Security

The funding was led by Menlo Ventures, Norwest Venture Partners, and IVP, with participation from existing investors Greylock, Wing, and GV. Obsidian will add Menlo Ventures Partner Venky Ganesan to its board of directors.

Experts warn of concerns around Microsoft RPC bug

Windows hosts running the Server Message Block protocol (SMB protocol) are vulnerable to this bug. SMB protocols allow users to share access to files and tools on remote servers.

CISA Issues Warning About Malicious Tools Targeting ICS/SCADA Devices

The advisory highlights that OPC Unified Architecture (OPC UA) servers and multiple versions of Programmable Logic Controllers (PLCs) from Schneider Electric, and OMRON are vulnerable to such attacks. 

Campaign Similar to Operation Kitty Phishing Found Targeting South Koreans

According to researchers, the campaign was first observed in April and aims to steal data from individuals in South Korea. They are targeted via spear-phishing emails that include malicious Word documents.

Hafnium’s New Malware Hides Behind Scheduled Tasks

Microsoft linked the Chinese-backed Hafnium group to a defense evasion malware Tarrask used by cybercriminals to attain persistence on compromised Windows environments. Researchers uncovered a recent malicious activity wherein hackers abused an unpatched zero-day vulnerability for their initia … Read More

Cloud Security Startup DoControl Raises $30 Million

The startup said it plans to use the money to scale its SaaS data security product offerings, fuel global growth through aggressive hiring, and build strategic partner programs.

Lazarus Targets Chemical Sector

The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. In the past, it targeted the defense, government, and engineering sectors.

OldGremlin Ransomware Deploys New Malware on Russian Mining Organization

Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims.

FBI Memphis Field Office Warns of Increase in Sextortion Schemes Targeting Teenage Boys

The FBI is receiving an increasing number of reports of adults posing as age-appropriate females coercing young boys through social media to produce sexual images and videos and then extorting money from them.

Haskers Gang Introduces New ZingoStealer Malware for Free to Target Gamers

This information stealer, first introduced to the wild in March 2022, is currently undergoing active development and multiple releases of new versions have been observed recently.

DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii

John Tobon, HSI’s special agent in charge in Hawaii, told a local news station that investigators found that the attackers had obtained credentials that allowed access to an unnamed company’s systems.

2021 average ransoms paid by quarter was $167K, down 44.2%

While the Q3 2021 average ransom paid was atypically high, the entire 2021 ransoms paid by quarter average was ~$167k, 44.2% less than the Q3 figure, according to a report by Corvus Insurance.

Cisco Patches Critical Vulnerability in Wireless LAN Controller

Cisco announced on Wednesday that updates released for its Wireless LAN Controller (WLC) software address a critical vulnerability that could allow an attacker to bypass authentication.