Recent Cyber News Feed Spot

Welcome to our Recent Cyber News Feed:

• All
• Threats
• Hacks
  • Hacker's Den
• ID Theft
• Cyber Attacks
• Cyber News
• Cyber Attack and Hacks
• Cyber Defense

Threats

• Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security VulnerabilityOn Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the…Krebs on SecurityOct 14 2021
• How Coinbase Phishers Steal One-Time PasswordsA recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active…Krebs on SecurityOct 13 2021
• Patch Tuesday, October 2021 EditionMicrosoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month's Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.Krebs on SecurityOct 12 2021

Hacks

• Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now! Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco SD-WAN is a cloud-delivered overlay WAN architecture…Security Affairs by Pierluigi PaganiniOct 23 2021
• Supply-chain attack on NPM Package UAParser, which has millions of daily downloads The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular library has million of weekly downloads. “Versions of a popular…Security Affairs by Pierluigi PaganiniOct 23 2021
• Facebook SSRF Dashboard allows hunting SSRF vulnerabilities Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search for Server-Side Request Forgery (SSRF) vulnerabilities. Server-side request forgery is a web security vulnerability that allows an attacker…Security Affairs by Pierluigi PaganiniOct 22 2021
• Groove ransomware group calls on other ransomware gangs to hit US public sector Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil…Security Affairs by Pierluigi PaganiniOct 22 2021
• DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil’s infrastructure. The gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million) after the news of the recent shutdown of REvil’s infrastructure by law enforcement agencies. “The ransomware group REvil was…Security Affairs by Pierluigi PaganiniOct 22 2021
• FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to…Security Affairs by Pierluigi PaganiniOct 22 2021
• FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts Bitdefender researchers discovered a new Rootkit named FiveSys that abuses Microsoft-Issued Digital Signature signature to evade detection. FiveSys is a new rootkit discovered by researchers from Bitdefender, it is able to evade detection by abusing a Microsoft-issued digital signature. Driver packages that pass Windows Hardware Lab Kit (HLK) testing can be digitally-signed by Microsoft WHQL (Windows Hardware Quality…Security Affairs by Pierluigi PaganiniOct 22 2021
• Evil Corp rebrands their ransomware, this time is the Macaw Locker Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw…Security Affairs by Pierluigi PaganiniOct 21 2021
• A flaw in WinRAR could lead to remote code execution A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked as CVE-2021-35052, in the popular WinRAR trialware file archiver utility for Windows. The vulnerability affects the trial version of…Security Affairs by Pierluigi PaganiniOct 21 2021
• Administrators of bulletproof hosting sentenced to prison in the US The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof hosting to various malware operations, including Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The two individuals, Aleksandr Skorodumov (33) of Lithuania,…Security Affairs by Pierluigi PaganiniOct 21 2021
• US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes.  The rule announced by the BIS…Security Affairs by Pierluigi PaganiniOct 21 2021
• Top 5 Attack Vectors to Look Out For in 2022 Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty of…Security Affairs by Pierluigi PaganiniOct 21 2021
• YouTube creators’ accounts hijacked with cookie-stealing malwareA Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire…Security Affairs by Pierluigi PaganiniOct 20 2021
• PurpleFox botnet variant uses WebSockets for more secure C2 communicationResearchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers from TrendMicro have documented a recent evolution of the PurpleFox botnet, the experts discovered a new .NET backdoor, dubbed FoxSocket, that is highly associated with the PurpleFox operation. Its operators have added new exploits and…Security Affairs by Pierluigi PaganiniOct 20 2021
• Acer suffers a second data breach in a weekTech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors also breached some of its systems in Taiwan. Tech giant Acer was hacked twice in a week, the same threat actor (Desorden) initially breached some of its servers in India, now it is claiming to…Security Affairs by Pierluigi PaganiniOct 20 2021

Hacker's Den

• Active Directory Penetration Testing Checklist This article covers Active directory penetration testing that can help for penetration testers and security experts who want to secure their network. “Active Directory” Called as “AD” is a directory service that Microsoft developed for the Windows domain network. Using it you can to control domain computers and services that are running on every node…Hacker's DenOct 24 2021
• BazarLoader Windows Malware Let Hackers Allow Backdoor Access & Network Reconnaissance A BazarLoader Windows malware campaign has been detected recently by the security firm, Unit42 of Plaalto Networks that was hosting one of their malicious files on Microsoft’s OneDrive service. This BazarLoader Windows malware enables the threat actors backdoor access and network reconnaissance. After the revelation of this incident, a former senior threat intelligence analyst of…Hacker's DenOct 23 2021
• Ransomware Rise Pushes Organizations to Prepare for Attack Ransomware attacks continue to grow in number and severity, data shows, but organizations are stepping up to prepare for the threat.Hacker's DenOct 23 2021
• aDolus Raises $2.5M to Secure Critical Infrastructure and Grow Sales and Marketing Team Software supply chain security experts to drive aggressive go-to-market strategyHacker's DenOct 22 2021
• 'TodayZoo' Phishing Kit Cobbled Together From Other Malware Microsoft's analysis of a recent phishing attack shows how cybercriminals are mixing and matching to efficiently develop their attack frameworks.Hacker's DenOct 22 2021
• 7 Ways to Lock Down Enterprise Printers Following the PrintNightmare case, printer security has become a hot issue for security teams. Here are seven ways to keep printers secure on enterprise networks.Hacker's DenOct 22 2021
• What Does Better Insider Risk Management Look Like? Conventional data security tools do not address insider risk — a growing problem in today's remote-hybrid world. We need a better way to manage insider risk.Hacker's DenOct 22 2021
• What Squid Game Teaches Us About Cybersecurity When life inside the security operations center feels treacherous, here are some suggestions for getting out alive.Hacker's DenOct 22 2021
• Lyceum Hackers Stealing Credentials Windows By Deploy Keylogger Using PowerShell Scripts & .NET RAT The Lyceum threat group (aka Hexane) again initiated an attack, but this time they have a weird variant of a remote-access trojan (RAT). This time they are using the PowerShell scripts and .NET RAT to deploy keylogger on the targeted Windows system and steal credentials. Since this trojan doesn’t have any specific method to communicate…Hacker's DenOct 22 2021
• Google Buckles Down on Android Enterprise Security The launch of Android 12 brings several new default security features, along with new security efforts for Android Enterprise.Hacker's DenOct 21 2021
• Malware Abuses Core Features of Discord Researchers warn that Discord's bot framework can be easily weaponized.Hacker's DenOct 21 2021
• Cybrary Launches New Partnership with Check Point Software to Make Cybersecurity Training Accessible to All Online cybersecurity professional development platform bolsters the Check Point Education Initiative.Hacker's DenOct 21 2021
• Security Teams Still Favor Prevention Over Detection Security leaders are adopting a multilayered approach to address new security threats and risks.Hacker's DenOct 21 2021
• Akamai Technologies Completes Acquisition of Guardicore to Extend Its Zero Trust Solutions to Help Stop Ransomware Guardicore's micro-segmentation products will be added to Akamai's portfolio of Zero Trust solutions.Hacker's DenOct 21 2021
• Plurilock to Acquire Assets of CloudCodes Software Transaction marks Plurilock’s second acquisition in 2021.Hacker's DenOct 21 2021

ID Theft

Cyber Attacks

Cyber News

Cyber Attack and Hacks

Cyber Defense

• Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now! Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco SD-WAN is a cloud-delivered overlay WAN architecture…Security DefenseOct 23 2021
• Supply-chain attack on NPM Package UAParser, which has millions of daily downloads The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular library has million of weekly downloads. “Versions of a popular…Security DefenseOct 23 2021
• Facebook SSRF Dashboard allows hunting SSRF vulnerabilities Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search for Server-Side Request Forgery (SSRF) vulnerabilities. Server-side request forgery is a web security vulnerability that allows an attacker…Security DefenseOct 22 2021
• Groove ransomware group calls on other ransomware gangs to hit US public sector Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil…Security DefenseOct 22 2021
• DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil’s infrastructure. The gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million) after the news of the recent shutdown of REvil’s infrastructure by law enforcement agencies. “The ransomware group REvil was…Security DefenseOct 22 2021
• FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to…Security DefenseOct 22 2021
• FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts Bitdefender researchers discovered a new Rootkit named FiveSys that abuses Microsoft-Issued Digital Signature signature to evade detection. FiveSys is a new rootkit discovered by researchers from Bitdefender, it is able to evade detection by abusing a Microsoft-issued digital signature. Driver packages that pass Windows Hardware Lab Kit (HLK) testing can be digitally-signed by Microsoft WHQL (Windows Hardware Quality…Security DefenseOct 22 2021
• Evil Corp rebrands their ransomware, this time is the Macaw Locker Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw…Security DefenseOct 21 2021
• A flaw in WinRAR could lead to remote code execution A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked as CVE-2021-35052, in the popular WinRAR trialware file archiver utility for Windows. The vulnerability affects the trial version of…Security DefenseOct 21 2021
• Administrators of bulletproof hosting sentenced to prison in the US The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof hosting to various malware operations, including Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The two individuals, Aleksandr Skorodumov (33) of Lithuania,…Security DefenseOct 21 2021
• US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes.  The rule announced by the BIS…Security DefenseOct 21 2021
• Top 5 Attack Vectors to Look Out For in 2022 Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty of…Security DefenseOct 21 2021
• YouTube creators’ accounts hijacked with cookie-stealing malwareA Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire…Security DefenseOct 20 2021
• PurpleFox botnet variant uses WebSockets for more secure C2 communicationResearchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers from TrendMicro have documented a recent evolution of the PurpleFox botnet, the experts discovered a new .NET backdoor, dubbed FoxSocket, that is highly associated with the PurpleFox operation. Its operators have added new exploits and…Security DefenseOct 20 2021
• Acer suffers a second data breach in a weekTech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors also breached some of its systems in Taiwan. Tech giant Acer was hacked twice in a week, the same threat actor (Desorden) initially breached some of its servers in India, now it is claiming to…Security DefenseOct 20 2021