7 vulnerabilities that federal agencies MUST address by Nov 29
Four of the vulnerabilities are Windows zero-day bugs that Microsoft disclosed in its November security update; three affect Samsung mobile devices. The US Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive 22-01 issued in Nov. 2021 requires all federal civilian executive branch agencies to address software bugs that are listed in CISA’s Known Exploited […]
Read MoreAustralian Federal Police say Russian threat actor behind Medibank breach
“We will be holding talks with Russian law enforcement about these individuals,” AFP Commissioner says [300 words]. What: The Australian Federal Police (AFP) has identified the threat actor behind the catastrophic attack on health-insurer Medibank as being a Russia-based group. In a statement Friday, AFP Commissioner Reece Kershaw said that investigators had managed to trace […]
Read MoreRussia’s Iridium group deploying new ransomware payload
Prestige ransomware marks dangerous shift in strategy for threat actor Microsoft says [299 words]. What: Security researchers at Microsoft have spotted Russia-based threat group Iridium dropping a new ransomware payload dubbed “Prestige” on systems belonging to organizations in Ukraine and Poland. The Prestige campaign marks a broadening of focus for Iridium from its usual destructive […]
Read MoreHere’s what you need to know of the 4 zero-days in Microsoft’s Nov. update
Microsoft issued patches for of 62 vulnerabilities, nine of which are “Critical” severity and 53 “Important”. Four of the vulnerabilities in Microsoft November 2022 security update are zero-day flaws that are being actively exploited [300 words]. Here’s what you need to know about them: Windows MoTW Bypass Vulnerability (CVE-2022-41091) • Impacts multiple Windows versions including […]
Read MoreFeds seize over 50K Bitcoin from underground vault and circuit board hidden in popcorn tin
Nov. 2021 seizure was valued at staggering $3.36 billion at the time [300 words]. What: James Zhong, of Gainesville, Georgia on Nov. 4th, 2022, pleaded guilty to illegally obtaining 50,000 Bitcoin from the Silk Road dark web marketplace in 2012. He faces upto 20 years in prison. Zhong’s plea before federal court in the Southern […]
Read MoreBlack Basta ransomware operators are exploiting “PrintNightMare”, “ZeroLogon” and “NoPac” Flaws
New data that researchers at SentinelOne uncovered show that the notorious, financially-motivated FIN7 threat group may be behind—or has strong ties—to the Black Basta ransomware operation [300 words]. Why that matters: FIN7 has a record going back to at least 2012. The threat actor has looted more than $1.2 billion from victims around the world […]
Read MoreRomCom threat actor using spoofed SolarWinds, KeePass apps to distribute RAT
Targets have been Ukraine-based but IT companies, food brokers, and food manufacturers in the U.S., Brazil, and the Philippines are also in its crosshairs, BlackBerry says [300 words]. What: The operators of RomCom, a remote access trojan used in recent attacks against the Ukrainian military have now begun spoofing products from SolarWinds and KeePass to […]
Read MoreAttackers actively exploiting VMware flaw that CISA deemed as posing “unacceptable risk” in May
Multiple campaigns are using CVE-2022-22954 to drop ransomware, coin miners and Mirai [299 words]. What: Multiple malicious campaigns are actively targeting a previously disclosed and now patched remote code execution vulnerability in VMware Workspace ONE Access and Identity Manager (CVE-2022-22954). Researchers from Fortinet’s FortiGuard Labs on Thursday said they had observed threat actors exploiting the […]
Read MoreMicrosoft leaked business transaction data on more than 65K prospective customers via misconfigured Azure storage bucket, threat intel vendor claims
Misconfigured and insecure cloud storage buckets—particularly AWS S3 buckets—pose a major data leak risk for organizations. In recent years hundreds of companies have had sensitive data exposed via this vector [292 words]. What: Threat intelligence firm SOCRadar on Wednesday claimed that its researchers had discovered sensitive business transaction data belonging to over 65,000 entities from […]
Read MoreZscaler releases technical details—and PoC—for now-patched Windows 0-day
Microsoft has rated the previously exploited CVE-2022-37969 as being of high-severity, so now might be a good time to patch (264 words). What: New technical details and proof-of-concept code have become available on a zero-day bug in the Windows Common Log File System Driver (CLFS.sys) that Microsoft addressed in its September 2022 security update (CVE-2022-37969) […]
Read More