Attacks

Apple and Google allow micro-loan apps on their app stores but have stringent policies regulating their operation. The guidelines dictate that the minimum repayment period should be 60 days, and the maximum annual percentage rate of charge should be 36%. The above apps claimed terms that complied with these guidelines, but in practice, they followed a very different, much more aggressive approach, so the app stores removed them for term violations. Unfortunately, there needs to…

Read More

Nvidia has not released any detail rich information of the specifics of these security flaws in order to allow users time to update their drivers before proof-of-concept exploitation tools are developed.Nvidia users can reference Nvidia’s security bulletin to identify their GPU or other product and the appropriate driver version to patch these vulnerabilities here: https://nvidia.custhelp.com/app/answers/detail/a_id/5415Users can then download the appropriate driver for their device from Nvidia’s download center here: https://www.nvidia.com/download/index.aspxUsers of Nvidia’s GeForce Experience software…

Read More

The report released by Checkmarx in regards to this attack states: “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.”When installing any software from open-source resources such as PyPI or GitHub, it is crucial to be skeptical and to perform due diligence by doing things like reviewing the code base, ensuring proper spelling of packages to avoid…

Read More

Most websites have adopted a mandatory verification through SMS message for account creation and authentication. Because of these requirements, threat groups have had to become crafty, deploying new methods in order to bypass these security features. At first, criminal actors primarily relied upon Google Voice numbers and “burner phone” numbers. However, with websites also advancing, most of those options are no longer valid when setting up an account. Due to the current situation, the only…

Read More

A proof-of-concept (PoC) has existed as early as March 2022, so companies running vulnerable versions of OAM should patch as soon as their patch management program allows. Additionally, since the exploit has existed for so long, it is reasonable to assume active exploitation has been taking place since then, and all vulnerable OAM systems should be treated as such. https://thehackernews.com/2022/11/cisa-warns-of-actively-exploited.html

Read More

According to ESET, the most recent cyberattacks have common indicators with attacks launched by Sandworm previously, including the use of PowerShell to distribute ransomware that is “almost identical to the one seen last April during the Industroyer2 attacks against the energy sector.” PowerShell, also known as PowerGap by Ukrainian cyber authorities, was used to introduce the CaddyWiper malware against Ukrainian infrastructure in April 2022, shortly after the Russian invasion. https://cybernews.com/news/sandworm-spawns-monstrous-offspring/ https://thehackernews.com/2022/11/russia-based-ransomboggs-ransomware.html

Read More

The threat group Black Reward has taken credit for the breach of the Islamic Revolutionary Guard Corps (IRGC) managed Fars News Agency out of Iran. The group stated that they deleted nearly 250 terabytes of data and accessed confidential bulletins and directives sent by the news agency to the office of Supreme Leader Ali Khamenei. Additional compromised data includes recorded calls, information on internal portals related to administrative conversations and news folders, image archives, and financial…

Read More

This is not the first time the U.S. government has been at odds with Chinese telecommunications companies. In February of 2020, after an FBI investigation, Huawei was charged with racketeering conspiracy and with conspiracy to steal trade secrets. Additionally, in 2019, a U.S. affiliate of Huawei was indicted for theft of trade secrets, wire fraud, and obstruction of justice. Earlier this year, in an address to business leaders from across the U.S., FBI director Christopher…

Read More