10 January 2023
2022
How to detect phishing images in emails
Uzair Amir
https://www.hackread.com/how-to-detect-phishing-images-in-emails/
Excerpt:
“Phishing has long been a common way to induce a receiver to unveil personal data. Primarily, it works this way: You receive an email from a purportedly reputable source–say, your employer–asking you to click the link and get familiar with new regulations effective in the following week.”
Hackers fool major tech companies into handing over data of women and minors to abuse
Jovi Umawing
Excerpt:
“Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. This finding came from four federal law enforcement agencies and a couple of industry investigators.”
Hospitals taken offline after cyberattack
Pieter Arntz
https://blog.malwarebytes.com/reports/2022/04/hospitals-taken-offline-after-cyberattack/
Excerpt:
“The GHT Coeur Grand Est has become a victim of a cyberattack on the hospital centers of Vitry-le-François and Saint-Dizier. The hospital’s administration has warned [French] that data have been exfiltrated and might be used for phishing in the future.”
Iran announced to have foiled massive cyberattacks on public services
Pierluigi Paganini
https://securityaffairs.co/wordpress/130592/hacking/iran-foiled-cyberattacks-public-services.html
Excerpt:
“According to the Iran state television, the attack attempts took place in recent days and aimed at the infrastructure of more than 100 public sector agencies. The report did not name entities that were targeted by the cyberattacks.”
Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
Threat Hunter Team
Excerpt:
“The Russian-linked Shuckworm espionage group (aka Gamaredon, Armageddon) is continuing to mount an intense cyber campaign against organizations in Ukraine.”
Financial leaders grappling with more aggressive and sophisticated attack methods
https://www.helpnetsecurity.com/2022/04/21/cybercriminal-cartels-financial-sector/
Excerpt:
“VMware released a report which takes the pulse of the financial industry’s top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift of the financial sector.”
How ready are organizations to manage and recover from a ransomware attack?
https://www.helpnetsecurity.com/2022/04/20/attacks-recover-ability/
Excerpt:
“Zerto announced the findings of a ransomware study, revealing that gaps in readiness are seriously impacting the ability of many organizations to manage and recover from attacks.”
New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt
Ravie Lakshmanan
https://thehackernews.com/2022/04/new-enemybot-ddos-botnet-borrows.html
Excerpt:
“A threat group that pursues crypto mining and distributed denial-of-service (DDoS) attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things (IoT) devices since last month.”
FBI: Payment app users targeted in social engineering attacks
Sergiu Gatlan
Excerpt:
“Cybercriminals are attempting to trick American users of digital payment apps into making instant money transfers in social engineering attacks using text messages with fake bank fraud alerts.’
Life Sciences students facing mass data breach
Asbah Ahmad
Excerpt:
“Confidential student information in the Life Sciences department was disseminated via email on Apr. 7. The information included student GPAs, student names, student numbers, academic plans, and years of study as of Sept. 2021. Students' sexes and email addresses were also compromised.”
APT group has developed custom-made tools for targeting ICS/SCADA devices
Zeljka Zorz
https://www.helpnetsecurity.com/2022/04/14/apt-ics-scada/
Excerpt:
“Just a few days after news of attempted use of a new variant of the Industroyer malware comes a warning from the US Cybersecurity and Infrastructure Security Agency (CISA): Certain APT actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices.”
Russia-Linked Pipedream/Incontroller ICS Malware Designed to Target Energy Facilities
Eduard Kovacs
Excerpt:
“The US government and cybersecurity firms on Wednesday released details about a new piece of malware designed to manipulate and disrupt industrial processes by hacking industrial control systems (ICS).”
DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii
AJ Vicens
https://www.cyberscoop.com/undersea-cable-operator-hacked-hawaii/
Excerpt:
“Federal agents in Honolulu last week “disrupted” an apparent cyberattack on an unnamed telecommunication company’s servers associated with an underwater cable responsible for internet, cable service and cell connections in Hawaii and the region, the agency said in a statement Tuesday.”
Cybersecurity is getting harder: More threats, more complexity, fewer people
https://www.helpnetsecurity.com/2022/04/13/modern-enterprise-security-issues/
Excerpt:
“Splunk and Enterprise Strategy Group released a global research report that examines the security issues facing the modern enterprise. More than 1,200 security leaders participated in the survey, revealing they’ve seen an increase in cyberattacks while their teams are facing widening talent gaps.”
Sandworm hackers tried (and failed) to disrupt Ukraine’s power grid
Zeljka Zorz
https://www.helpnetsecurity.com/2022/04/12/sandworm-ukraine/
Excerpt:
“The Computer Emergency Response Team of Ukraine (CERT-UA), with the help of ESET and Microsoft security experts, has thwarted a cyber attack by the Sandworm hackers, who tried to shut down electrical substations run by an energy provider in Ukraine.”
Snap-on Tools Hit by Cyberattack Claimed by Conti Ransomware Gang
Ionut Arghire
https://www.securityweek.com/high-end-tools-manufacturer-snap-discloses-data-breach
Excerpt:
“High-end tools manufacturer Snap-on is notifying employees that some of their personal information might have been compromised in a recent data breach.”
Finnish govt websites knocked down as Ukraine President addresses MPs
Jessica Lyons Hardcastle
https://www.theregister.com/2022/04/09/dos_attacks_finland_russia/
Excerpt:
“Cyberattacks took down Finnish government websites on Friday while Ukrainian President Volodymyr Zelenskyy addressed Finland's members of parliament (MPs).”
Fraudsters Steal £58m in 2021 Via Remote Access Tools
Phil Muncaster
https://www.infosecurity-magazine.com/news/fraudster-steal-58m-2021-via/
Excerpt:
” Scammers who tricked victims into handing them control of their PCs managed to steal nearly £58m last year, according to official UK police figures.”
Network intrusion detections skyrocketing
https://www.helpnetsecurity.com/2022/04/08/network-malware-detections/
Excerpt:
“A WatchGuard report shows a record number of evasive network malware detections with advanced threats increasing by 33%, indicating a higher level of zero day threats than ever before.”
How many steps does it take for attackers to compromise critical assets?
https://www.helpnetsecurity.com/2022/04/07/attack-critical-assets/
Excerpt:
“The XM Cyber research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-prem, multi-cloud and hybrid environments.”
Employee Info Among 13 Million Records Leaked by Fox
Phil Muncaster
https://www.infosecurity-magazine.com/news/employee-info-13-million-records/
Excerpt:
“A configuration error exposed millions of internal records traced back to Fox News, including personally identifiable information on employees, researchers have claimed.”
FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks
Ravie Lakshmanan
https://thehackernews.com/2022/04/fin7-hackers-leveraging-password-reuse.html
Excerpt:
“The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed.”
US Justice Department shuts down Russian dark web marketplace Hydra
Campbell Kwan
https://www.zdnet.com/article/us-justice-department-shuts-down-russian-dark-web-marketplace-hydra/
Excerpt:
“The US Department of Justice (DOJ) has shut down Hydra Market, one of the world's largest darknet marketplaces. On Tuesday, the DOJ and German federal police seized Hydra's servers and cryptocurrency wallets containing $25 million worth of bitcoin.”
Russian attempts to phish Ukrainian targets with 'war crimes' lures unsuccessful so far, official says
AJ Vicens
https://www.cyberscoop.com/war-crimes-phishing-attempts-russia-ukraine/
Excerpt:
“Phishing attempts sent by Russian hackers to Ukrainian entities in late March with documents purportedly about Russian “war criminals” were not successful, a top Ukrainian cybersecurity official told reporters Tuesday.”
WhatsApp 'Voice Message' Is an Info-Stealing Phishing Attack
Phil Muncaster
https://www.infosecurity-magazine.com/news/whatsapp-voice-message-phishing/
Excerpt:
“Tens of thousands of victims have been tricked into clicking on an email claiming to contain a WhatsApp voicemail message, according to researchers.”