In the wake of the recent Iranian government crackdown on dissent after Mahsa Amini’s death, the international hacktivist group Anonymous has launched a new operation against the country’s online infrastructure. Dubbed OpIran (Operation Iran) by Anonymous; the hacktivists have taken down a number of top government websites and hacked over 300 security cameras in different parts of the country. Image: Anonymous   What Happened to Mahsa Amini? It is worth noting that on September 16th, 2022, a 22-year-old Iranian woman named Mahsa Amini died in Tehran, Iran, under Police custody. Amini was arrested for failure to follow government-mandated forms of the Hijab. On the other hand, authorities claim Amini died of natural causes after suffering heart failure at the police station. However, Iranians have rejected the official explanation and have taken their protests (Mahsa Amini protests (aka September 2022 Iranian protests) to the streets. Anonymous Stands with Prot

According to Gcore, in 2022, the number and volume of DDoS attacks will roughly double compared to 2021. The average attack power will grow from 150–300 Gbps to 500–700 Gbps.   Image: Mask According to Gcore, in 2022, the number and volume of DDoS attacks will roughly double compared to 2021. The average attack power will grow from 150–300 Gbps to 500–700 Gbps. Both ordinary users and businesses in any industry—fintech, gaming, e-commerce, and others—are being targeted. Andrew Slastenov, Head of Web Security at Gcore, talks to his colleagues about trends in the cybersecurity market: which business sectors are being attacked more often than others in 2022? — Fintech, gaming, and e-commerce are suffering the most. We recently covered this in our study DDoS attack trends in Q1-Q2 2022 . For example, in March of this year, we resisted a powerful UDP flood attack on a gaming company, and in April, we countered an over 24-hour TCP flood attack on a fintech service. New cases are

Threat actor Lapsus$ is now seemingly responsible for hacking gaming giant Rockstar Games after targeting mega-brands like Microsoft, Cisco, Samsung, Nvidia, Okta and probably Uber. An account operating name ‘teapotuberhacker’ posted on GTAForums around 90 videos of what appeared to be in-development footage of the upcoming Rockstar Games installment, Grand Theft Auto 6 – that the publisher confirmed it was working on earlier this year.   Image: GTA The videos, which totaled around 50 minutes of footage, included short clips of animation tests to more detailed animation scenes. They were then widely shared on social media. After posting the alleged in-development footage on September 18, 2022, teapotuberhacker left a message claiming they wanted to “negotiate a deal” with the game publisher to return unreleased data, including the source code for Grand Theft Auto 5 and the in-development version of Grand Theft Auto 6. “This is not the first case where a cyber-crimina

A smishing attack on Thursday led to a wide range of Uber's internal systems being breached by a seemingly unaffiliated teenage hacker, it has been claimed.   Image: UberCards_shutterstock A report first emerged in The New York Times that the ride-sharing company had been hacked, with the threat actor themselves getting in touch with the publication to allege that he had gained access to internal systems such as Uber’s internal email, cloud storage systems and code repositories through a simple social engineering attack. In a text message sent to an Uber employee, the hacker impersonated an IT worker and convinced them that it was necessary to share an internal password. As a variant of phishing in which SMS is used to mine targets for sensitive information, smishing is often combined with social engineering tricks for increased effectiveness.  Victims may be more easily persuaded to hand over credentials to a supposedly trustworthy source if the attacker makes the s

Image: Gamer Threat actors have conducted a campaign relying on the RedLine stealer and targeting YouTube users. The news comes from cybersecurity researchers at Kaspersky, who published an advisory about the campaign earlier today. “Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords and credentials from browsers, FTP clients and desktop messengers,” wrote Oleg Kupreev in the technical write–up. “It is openly available on underground hacker forums for just a few hundred dollars, a relatively small price tag for malware." According to the security expert, RedLine can steal usernames, passwords, cookies, bank card details and autofill data from Chromium– and Gecko–based browsers. It is also capable of obtaining data from crypto wallets, instant messengers and FTP/SSH/VPN clients and files with particular extensions from devices.  The malware can reportedly download and run third–party software tools, execute comma

Security firm WordFence has warned of an actively exploited vulnerability in a widely-used WordPress plugin that could leave websites totally exposed to hackers. WPGateway is a paid plugin that gives WordPress users the ability to manage their website from a centralised dashboard. The flaw, designated CVE-2022-3180 , allows for threat actors to add their own profile with administrator access to the dashboard, and completely take over a victim’s website. Image: WordPress WordFence, which provides a firewall service for WordPress websites, released a rule to block the exploit for paying customers on its Premium, Care and Response packages ($99, $490 and $950 per year respectively). However, customers using its free package will not receive protection against attacks until October 8, which could leave small or medium businesses exposed. For a business, total website takoever could lead to the exfiltration of sensitive financial information or simply lead to the destruction of

Cisco has confirmed data Yanluowang ransomware gang published on its leak site was indeed stolen from the firm during the May cyberattack. The firm’s network was breached after hackers compromised an employee's VPN account. Even so, the tech giant affirms the leak has no impact on its business, as originally assessed. Image: Cisco   According to the company, the stolen records comprised non-sensitive files from the employee’s Box folder. However, the attack was contained before Yanluowang ransomware could start encrypting systems. “On September 11, 2022, the bad actors who previously published a list of file names from this security incident to the dark web, posted the actual contents of the same files to the same location on the dark web. The content of these files match what we already identified and disclosed,” explained Cisco. “Our previous analysis of this incident remains unchanged-we continue to see no impact to our business, including Cisco products or services

Various companies in Bangladesh are also being attacked by ransomware . Big commercial companies like Beximco , Akiz and Digicon Technologies have been attacked. By attacking these companies, hackers have taken away a lot of sensitive information. BTCL, Grameenphone Limited, Axiata Limited, Link3 Technologies, Systems Solutions and Development Technologies Limited, Bandhu Network Limited, Aamra Network Limited, Banglalink Digital Communications Limited and Teletalk Bangladesh Limited are at the top of the attack risk list. Image: Google These data have been obtained from the research report ‘ Ransomware Landscape Bangladesh 2022’ published on the cyber situation and ransomware situation in Bangladesh. The report was published by BGD e-GOV CIRT, the government’s cyber security agency. BGD e-GOV CIRT, a cyber-security agency under the government’s ICT Division, has researched the cyber situation and ransomware situation in Bangladesh. They released a report titled ‘Ransomware Landscap

Security researchers have linked multiple ransomware campaigns to DEV–0270 (also known as Nemesis Kitten). The threat actor, widely considered a sub–group of Iranian actor PHOSPHORUS, conducts various malicious network operations on behalf of the Iranian government, according to a new write–up by Microsoft. However, judging from the threat actor’s geographic and sectoral targeting (which often lacked a strategic value for the regime), Microsoft also speculated that some of DEV–0270’s attacks might be a form of moonlighting for personal or company–specific revenue generation. From a technical standpoint, the tech giant said DEV–0270 leverages exploits, particularly for newly disclosed high–severity vulnerabilities, to gain access to devices. “DEV–0270 also extensively uses living–off–the–land binaries (LOLBins) throughout the attack chain for discovery and credential access. This extends to its abuse of the built–in BitLocker tool to encrypt files on compromised devices,” the Microsoft

An upgraded version of the SharkBot mobile malware has been spotted on Google's Play Store, suggested a new blog post by Fox-IT, part of the NCC Group. The new version of SharkBot reportedly targets the banking credentials of Android users via apps that have collectively counted 60,000 installations. These apps, which have now been removed by the Play Store, are 'Mister Phone Cleaner' and 'Kylhavy Mobile Security'. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," warned the Fox-IT researchers.    "Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats." And while the method makes it more difficult for the malware to get installed (as it depends on the user interaction), it is now more challenging to detect before being published in Google Play Store since it doesn't require a

A warning has been issued by Checkmarx security experts about a new supply chain attack method in which the hackers utilize fake commit metadata to legitimize malicious GitHub archives. {jistoc} $title={Table of Contents} What are Commits? Commits are essential components in the GitHub system and have a unique hash or ID. They record every change made to the documents, the timeline of change, and who made the change.  Deceiving the developers As per Checkmarx researchers, threat actors could tamper with the commit metadata to make the repositories look relevant and updated. It is possible to spoof the committer and link the commit to a legitimate GitHub account. Fake commits can be automatically generated and added to the user’s GitHub activity graph, pretending as if they have been active on the code hosting platform for a very long time. Here, the developers get deceived as they believe that the repository comes from a trustworthy source. According to Checkmarx, the threat actors ca

Multiple flaws in FileWave mobile device management (MDM) product exposed organizations to cyberattacks. Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks. FIleWave MDM is used by organizations to view and manage device configurations, locations, security settings, and other device data. An organization may use the MDM platform to push mandatory software and updates to devices, change device settings, lock, and, when necessary, remotely wipe devices. The now patched vulnerabilities are an authentication bypass issue tracked as CVE-2022-34907 and a hardcoded cryptographic key tracked as CVE-2022-34906. Both issues reside in FileWave MDM before version 14.6.3 and 14.7.x, prior to 14.7.2. FileWave addressed the vulnerabilitied in version 14.7.2 earlier this month. A remote attacker can trigger the vulnerabilities to bypass authentication and gain full control over the MDM platform and its manag

Global ransomware volumes shrunk by 23% year-on-year (YoY) in the first half of 2022, but overall malware surged by 11% over the period, according to new data from SonicWall. The mid-year update to the firm’s 2022 SonicWall Cyber Threat Report is based on analysis of one million security sensors in over 200 countries, as well as third-party sources. The 2.8 billion malware attacks detected in the first half of 2022 represent the first recorded growth in global malware volumes in three years, according to SonicWall. Although ransomware volumes dipped to 236 million, they surged in Europe (63%), which also saw a 29% YoY increase in overall malware attacks. “As bad actors diversify their tactics, and look to expand their attack vectors, we expect global ransomware volume to climb – not only in the next six months, but in the years to come,” said SonicWall CEO and president, Bill Conner. “With so much turmoil in the geopolitical landscape, cybercrime is increasingly becoming more sophistic

T-Mobile US Inc agreed on Friday to pay $350 million and spend an additional $150 million to upgrade data security to settle litigation over a cyberattack last year that compromised information belonging to an estimated 76.6 million people. The preliminary settlement was filed with the federal court in Kansas City, Missouri. It requires a judge's approval, which the second-largest U.S. wireless  carrier said could come by December. T-Mobile denied wrongdoing, specifically, including accusations that it breached its duties to protect customers' personal information and had inadequate data security. The Bellevue, Washington-based company expects an approximately $400 million pre-tax charge in this year's second quarter for the settlement. It said it contemplated the charge and $150 million of spending in prior financial guidance. T-Mobile disclosed the data breach last August, saying at the time it affected more than 47 million current, former and prospective customers. The n

Uber Technologies on Friday (Jul 22) accepted responsibility for covering up a 2016 data breach that affected 57 million passengers and drivers, as part of a settlement with US prosecutors to avoid criminal charges. In entering a non-prosecution agreement, Uber admitted that its personnel failed to report the November 2016 hacking to the US Federal Trade Commission, even though the agency had been investigating the ride-sharing company's data security. US Attorney Stephanie Hinds in San Francisco said Uber waited about a year to report the breach, after installing new executive leadership who "established a strong tone from the top" regarding ethics and compliance. Hinds said the decision not to criminally charge Uber reflected new management's prompt investigation and disclosures, and Uber's 2018 agreement with the FTC to maintain a comprehensive privacy programme for 20 years. The San Francisco-based company is also cooperating with the prosecution of a former s

The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fixed CVE-2022-2294 Chrome zero-day. The flaw, which was fixed by Google on July 4, 2022, is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by Google in 2022. Most of the attacks uncovered by Avast researchers took place in Lebanon and threat actors used multiple attack chains to target the journalists. Other infections were observed in Turkey, Yemen, and Palestine since March 2022. In one case the threat actors conducted a watering hole attack by compromising a website used by employees of a news agency. The researchers noticed that the website contained artif

Ukrainian radio stations were hacked this week by threat actors to spread fake news about President Volodymyr Zelensky’s health, according to Ukraine’s security officials. A music program on “at least one” out of TAVR Media’s stations – one of Ukraine’s largest radio networks – was interrupted by the false reports just after midday on July 21. The so-far unidentified hackers broadcasted reports that Zelensky was hospitalized “in an intensive care ward” and that he was temporarily deputizing his presidential responsibilities to Ruslan Stefanchuk, Chairman of the Ukrainian parliament.  Following the hack, Zelensky addressed the false information, stating: “I am in the office and I have never felt as healthy as I do now” and accusing Russia of orchestrating the attack.   TAVR Media announced that it is working “to solve the problem.” Yet, it remains unclear which hacker group is behind the transmission, with Ukraine’s cyber-attack response unit CERT-UA first having to investigate the

Neopets, a site that allows users to collect digital pets and trade pet-related items, has been hit by a data breach that's thought to have affected around 69 million users. Sensitive information such as email addresses, passwords, country, zip code, gender, and birthdays are all included in the leaked database. A hacking forum user named ‘TarTarX’ was spotted advertising the entire database in exchange for 4 bitcoins (approximately $90,000 at time of writing), as first reported by BleepingComputer. The owner of the hacking forum Breached.co, a user named ‘pompompurin’, verified the claims by creating a new account and asking for its details, which TarTarX was able to produce, according to the report. The hacker indicated that they have not sought a ransom from Neopet owner JumpStart Games, instead seeking to sell to interested parties through their forum post. The precise methodology of the breach is still unknown. “Neopets recently became aware that customer data may have been s

A man suspected of providing the IT infrastructure behind the Gozi banking trojan has been extradited to the US to face a string of computer fraud charges. Mihai Ionut Paunescu, 37, allegedly known as "Virus," is a dual Romanian and Latvian national. The Feds claim he's one of the creators of Gozi, which apparently infected more than one million computers worldwide — at least 40,000 of which were in the US and some belonged to NASA — and caused "tens of millions of dollars in losses" to individuals, businesses, and government agencies. In addition to compromising US computers, the Windows software nasty is said to have infected PCs in Germany, Great Britain, Poland, France, Finland, Italy, Turkey, and other countries. Once on a system, the code can log the victim's keypresses and inspect the computer's HTTPS web traffic to steal login credentials, all seemingly to obtain access to the user's online bank accounts. Its masters used this information to

US Cyber Command has disclosed 20 new strains of malware among the numerous software nasties and cyberattacks being used against Ukrainian targets over the last few months. In an alert this week, the Pentagon's cyberspace wing made public indicators of compromise (IOC) associated with various malware strains that were found in Ukrainian networks by the country's security service. "Our Ukrainian partners are actively sharing malicious activity they find with us to bolster collective cyber security, just as we are sharing with them," US Cyber Command said in a statement on Wednesday. The Feds' alert comes as multiple private security researchers this week issued their own threat research related to the Russian invasion.  Meanwhile, we're also told that Cisco Talos' security researchers in March discovered a "fairly uncommon" type of malware targeting a "large software development company" whose software is used by several Ukrainian state