Attacks

15 Dec

Federal Prosecutors Charge Six Defendants Linked to Denial-of-Service Attacks

Attacks, Malware

A DDoS attack is an attempt to disrupt the traffic of a targeted server, service, or network by overwhelming it with a flood of Internet traffic. Threat actors send a massive number of requests for information to a server, site, or network, effectively shutting down a server and disrupting normal operations. To protect from such attacks, the Cybersecurity and Infrastructure Security Agency recommends the following. • Enroll in a DoS protection service that detects abnormal…

Read More
15 Dec

California Hospital Suffers Data Breach

Attacks, Malware

The ever-increasing trend of threat actors targeting healthcare organizations will likely unfortunately continue into 2023. It is unclear if this instance is a ransomware attack, but data theft is a common tactic used by ransomware operators to force victims into paying a data extortion ransom. Any impacted patients should ensure that they follow mitigation steps to protect themselves. This includes setting up credit monitoring to ensure that if data gets leaked, fraudulent accounts can not…

Read More
15 Dec

IOTW: Over 77,000 Uber employee details leaked in data breach

Attacks, Data Breaches

Rideshare company Uber has suffered a data breach after Teqtivity, a software company which provides asset management and tracking service for Uber, was targeted in a cyber attack.   The malicious party responsible for the breach posted confidential company information they claimed to have stolen in the breach to hacking forum BreachForums under the pseudonym ‘UberLeaks’. According to cyber security news site BleepingComputer, the leaked information includes “source code, IT asset management reports, data destruction…

Read More
15 Dec

Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths

Attacks, Insights, Malware

Original release date: December 15, 2022 Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
15 Dec

CISA Consolidates Twitter Accounts

Attacks, Insights, Malware

Original release date: December 15, 2022 CISA has consolidated its social media presence on Twitter. Three accounts — @ICSCERT, @Cyber, and @CISAInfraSec — are no longer active. Additionally, the @USCERT_gov Twitter account is now renamed @CISACyber. The following current active Twitter accounts will include posts on content previously covered on the now-inactive accounts. @CISACyber will cover updates relevant to the industrial control systems community along with the latest vulnerability management info, threat analysis, and other…

Read More
14 Dec

Go-based Botnet GoTrim Targeting WordPress Sites

Attacks, Malware

GoTrim employs several anti-bot checks to avoid some of the less complex botnet mitigations. It uses a Mozilla Firefox user-agent with the same gzip, deflate, and Brotil content encoding algorithms. The malware also attempts to detect CAPTCHA security plugins and has the capability of solving the challenges for some of them. If it cannot bypass a security plugin, the botnet is globally updated with a “skip” for that domain. Interestingly, any website containing “1gb.ru” in…

Read More
14 Dec

Apple Security Update Fixes New iOS Zero-Day

Attacks, Malware

Even though this zero-day flaw was likely used in highly-targeted attacks, it is still suggested to install the security updates as soon as possible. https://www.bleepingcomputer.com/news/apple/apple-security-update-fixes-new-ios-zero-day-used-to-hack-iphones/

Read More
14 Dec

Open-Source Repositories Flooded by +144,000 Phishing Packages

Attacks, Malware

This campaign highlights two problems for the cybersecurity space – the increase in the frequency and sophistication of phishing as well as the increase in automated attacks. As time has gone on, the sophistication of phishing campaigns has increased significantly, with the interactive chat dialogue being an example from this campaign. This sophistication has allowed phishing campaigns to be much more successful, and in turn has led to an increase in the frequency of phishing…

Read More
13 Dec

Microsoft Releases December 2022 Security Updates

Attacks, Insights, Malware

Original release date: December 13, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s December 2022 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
13 Dec

New Python Backdoor for ESXi Servers Discovered

Attacks, Malware

It is recommended that administrators of ESXi servers monitor the existence of the files listed above, as well as any content added to the local.sh file. The local.sh file could also be a good candidate for file integrity monitoring.In addition, it would be valuable to monitor for changes to any ESXi configuration files or maintain the state of the configuration files with a configuration management platform like SaltStack, Ansible, or Puppet.Of course, proper restrictions on…

Read More