CyberSecure Specialist

28 Feb

New SCARLETEEL Threat Group Attacks Cloud Data via Cryptomining

Attacks, Malware

To minimize the traces left behind, the attacker attempted to disable CloudTrail logs in the compromised AWS account. Additionally, Sysdig’s report indicates that the attacker retrieved Terraform state files from the S3 buckets containing IAM user access keys and a secret key for a second AWS account. This account was eventually used for lateral movement within the organization’s cloud network. In order to effectively address the risks introduced by cloud facing threats, organizations are highly…

Read More
28 Feb

Link Found Between Exfiltrator-22 Post-Exploitation Framework And LockBit Ransomware

Attacks, Malware

The CYFIRMA team has discovered evidence that EX-22 was created by LockBit 3.0 associates or members of the ransomware operation’s development staff. Firstly, they discovered that the framework used the same “domain fronting” method used by the LockBit and the TOR obfuscation plugin Meek, which assists in concealing malicious traffic inside normal HTTPS connections to legitimate platforms. Further research by CYFIRMA revealed that EX-22 makes use of the identical C2 infrastructure that was previously disclosed…

Read More
28 Feb

Critical Flaws in WordPress Houzez Theme Exploited to Hijack Websites

Attacks, Malware

The company that has developed the theme was made aware of attacks that were being carried out in the wild and has provided updates to the theme and login register. The theme that is not vulnerable to this bug is version 2.7.2 and later, which will prevent the first vulnerability. The second vulnerability can be mitigated by ensuring the login register is running version 2.6.4 or later. Anyone running the Houzez theme and plugin should…

Read More
28 Feb

Malicious package flood on PyPI might be sign of new attacks to come

Data Breaches, Malware, Social Engineering

Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository. If executed on a Windows system, these packages will download and install a Trojan program hosted on Dropbox. Flooding public package repositories with malicious packages is not entirely new. Last year researchers detected a group of 186 packages from the same account on the JavaScript npm repository that were designed to install cryptomining…

Read More
28 Feb

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Data Breaches, Information, Insights

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. The conclusions above…

Read More
28 Feb

Well-funded security systems fail to prevent cyberattacks in US and Europe: Report

Data Breaches, Malware, Social Engineering

Multilayered, well-funded cybersecurity systems are unable to protect enterprises in the US and Europe from cyberattacks, according to a report by automated security validation firm Pentera. The report, which was based on a survey of 300 CIOs, CISOs and security executives to get insights on their current IT and security budgets and cybersecurity validation practices, noted that the financial slowdown has had a minimal impact on cybersecurity budgets. “We’re seeing more organizations increase the cadence…

Read More
28 Feb

Top seven hacks and cyber security threats in APAC

Attacks, Data Breaches

In 2022, 59 percent of business in the Asia-Pacific region reported being the victim of a cyber attack, 32 percent reported being the victim of multiple cyber attacks and the region suffered a shortage of 2.1 million cyber security professionals. This has culminated in the Asia-Pacific region being victim to a number of high-profile cyber attacks within the last 12 months. In this article, Cyber Security Hub explores seven of these attacks. Contents New Zealand…

Read More
28 Feb

How to de-risk your digital ecosystem

Data Breaches, Malware, Social Engineering

Companies rightly see much promise for future revenues and productivity by building and participating in emerging digital ecosystems — but most have not given enough consideration to the risks and threats inherent in such ecosystems. According to the TCS Risk & Cybersecurity Study, cyber threats within digital ecosystems may be an enterprise blind spot. TCS Santha Subramoni, global head, cybersecurity business unit at Tata Consultancy Services Digital ecosystems are dynamic, agile, interactive, borderless, multimodal, and…

Read More
28 Feb

LastPass: The crooks used a keylogger to crack a corporatre password vault

Information, Malware

by Paul Ducklin There’s no date on the update, but as far as we can make out, LastPass just [2023-02-27] published a short document entitled Incident 2 – Additional details of the attack. As you probably remember, because the bad news broke just before the Christmas holiday season in December 2022, LastPass suffered what’s known in the jargon as a lateral movement attack. Simply put, lateral movement is just a fancy way of saying, “Once…

Read More
28 Feb

Dutch police arrest three cyberextortion suspects who allegedly earned millions

Information

by Naked Security writer Dutch police announced late last week that they’d arrested three young men, aged between 18 and 21, suspected of cybercrimes involving breaking in, stealing data, and then demanding hush money. The charges include: computer intrusion, data theft, extortion, blackmail, and money laundering. The trio were actually arrested a month earlier, back in January 2023, but the details of the arrest were kept secret until now, presumably to allow undercover investigations to…

Read More