A week in security (Nov 29 – Dec 5)
Last week on Malwarebytes Labs: CronRAT targets Linux servers with e-commerce attacksHackers all over the world are targeting Tasmania’s emergency...
News
Hackers are sending receipts with anti-work messages to businesses’ printers
Hackers are targeting printers of businesses around the world to print ‘anti-work’ slogans pushing workers to demand better pay. Multiple...
Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers
Experts spotted a series of malvertising campaigns using fake installers of popular apps and games to deliver a backdoor and...
Security Affairs newsletter Round 343
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users
Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Security researchers and...
German BSI agency warns of ransomware attacks over Christmas holidays
German BSI warns of ransomware attacks over the Christmas and end-of-year holidays, fearing Emotet return and attacks on Microsoft Exchange...
Cuba ransomware gang hacked 49 US critical infrastructure organizations
The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations....
CISA warns of vulnerabilities in Hitachi Energy products
CISA has released six advisories to warn organizations about security vulnerabilities affecting Hitachi Energy products The U.S. Cybersecurity and Infrastructure...
NSO Group spyware used to compromise iPhones of 9 US State Dept officials
Apple warns that the mobile devices of at least nine US Department of State employees were compromised with NSO Group ‘s...
Emotet’s back and it isn’t wasting any time
Emotet is one of the best known, and most dangerous, malware threats of the past several years. On several occasions...
Attacker unmasked by VPN flubs charged with Ubiquiti hack
A veritable barn-stormer of an insider threat story has recently come to light. A former employee of Ubiquiti Networks, Nickolas...
KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays
Since 2017, an unknown threat actor has run thousands of malicious Tor relay servers in the attempt to unmask Tor...
Threat actors stole $120 M in crypto from BadgerDAO DeFi platform
Threat actors stole $120 million in cryptocurrencies from multiple wallets connected to the decentralized finance platform BadgerDAO. Threat actors this...
Watch out for Omicron COVID-19-themed phishing messages!
Threat actors have started to exploit the interest in the Omicron COVID-19 variant and are using it as a lure...
CISA adds Zoho, Apache, Qualcomm, Mikrotik flaws to the list of actively exploited issues
U.S. CISA urges to address vulnerabilities Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software. U.S. Cybersecurity and Infrastructure Security...
Emotet being spread via malicious Windows App Installer packages
As reported by Cryptolaemus on Twitter, and demonstrated step by step by BleepingComputer, Emotet is now being distributed through malicious...
Russian internet watchdog Roskomnadzor bans six more VPN services
Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia...
NginRAT – A stealth malware targets e-store hiding on Nginx servers
Threat actors are targeting e-stores with remote access malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Researchers...
SideCopy APT: Connecting lures to victims, payloads to infrastructure
This blog post was authored by Hossein Jazi and the Threat Intelligence Team. Last week, Facebook announced that back in...
Europol arrested 1800 money mules as part of an anti-money-laundering operation
Europol identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7....
Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library
Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has...
VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)
VirusTotal announced VirusTotal Collections, a new service that allows security researchers to share sets of Indicators of Compromise (IoCs). VirusTotal...
Capcom Arcade Stadium’s record player numbers blamed on card mining
Some of my favourite retro video games are making waves on Steam, but not in the way you might think....
New RTF Template Inject technique used by APT groups in recent attacks
Nation-state actors from China, India, and Russia, were spotted using a novel RTF template injection technique in recent attacks. APT...
