Title: Phishing Actors Start Exploiting the Omicron COVID-19 Variant
Date Published:ย December 2, 2021
Excerpt:ย โPhishing actors have quickly started to exploit the emergence of the Omicron COVID-19 variant and now use it as a lure in their malicious email campaigns.ย Threat actors are quick to adjust to the latest trends and hot topics, and increasing peopleโs fears is an excellent way to cause people to rush to open an email without first thinking it through.ย In this case, the Omicron variant is an emerging strain of COVID-19 that has scientists concerned over its high transmissibility and the potential ineffectiveness of existing vaccines against its mutations.”
Title: Hackers Use In-house Zoho ServiceDesk Exploit to Drop Webshells
Date Published:ย December 2, 2021
Excerpt:ย โAn advanced persistent threat (APT) group that had been exploiting a flaw in the Zoho ManageEngine ADSelfService Plus software has pivoted to leveraging a different vulnerability in another Zoho product.ย The actor has been seen exploiting an unauthenticated remote code execution issue in Zoho ServiceDesk Plus versions 11305 and older, currently tracked as CVE-2021-44077.ย Zoho addressed the RCE flaw on September 16, 2021, and on November 22, 2021, the company published a security advisory to alert customers of active exploitation. Users were slow to update, though, and remained vulnerable to attacks.ย According to a report from Palo Alto Networksโ Unit42, there is no public proof-of-concept exploit for CVE-2021-44077, which suggests that the APT group leveraging it developed the exploit code itself and are using it exclusively for now.โ
Title: NginRAT โ A Stealth Malware Targets E-store Hiding on Nginx Servers
Date Published:ย December 2, 2021
https://securityaffairs.co/wordpress/125216/malware/nginrat-magecart-attack.html
Excerpt: ย โResearchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st.ย CronRAT is employed in Magecart attacks against online stores web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers.ย While investigating CronRAT infections in North America and Europe the researchers spotted a new malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Like CronRAT, also NginRAT works as a โserver-side Magecart,โ it injects itself into an Nginx process.ย Experts pointed out that a rogue Nginx process could not be distinguished from the original.โ
Title: Colorado Energy Company Loses 25 Years of Data after Cyberattack While Still Rebuilding Network
Date Published:ย December 2, 2021
Excerpt:ย โColorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost.ย In an update sent to customers this week, the company said it expects to be able to begin accepting payments through its SmartHub platform and other payment kiosks during the week of December 6.ย “We also tentatively estimate we will be able to resume member billing the week of December 6 – 10. We recognize this will result in members receiving multiple energy bills close together. As a reminder, we will not disconnect services for non-payment or assess any penalties through January 31, 2022,” the company said on a page that has been updated repeatedly over the last month.โ
Title: Password-stealing and Keylogging Malware is Being Spread Through Fake Downloads
Date Published:ย December 3, 2021
Excerpt:ย โCyber criminals are using online adverts for fake versions of popular software to trick users into downloading three forms of malware โ including a malicious browser extension with the same capabilites as trojan malware โ that provide attackers with usernames and passwords, as well as backdoor remote access to infected Windows PCs.ย The attacks, which distribute two forms of seemingly undocumented custom-developed malware, have been detailed by cybersecurity researchers at Cisco Talos who’ve named the campaign ‘magnat’. It appears the campaign has been operating in some capacity since 2018 and the malware has been in continuous development.ย Over half of the victims are in Canada, but there have also been victims around the world, including in the United States, Europe, Australia and Nigeria.โ
Title: There’s Been a Big Jump in Crooks Selling Access to Hacked Networks. Ransomware Gangs Are Their Best Customers
Date Published:ย December 3, 2021
Excerpt:ย โThere’s been a surge in cyber criminals selling access to compromised corporate networks as hackers look to cash in on the demand for vulnerable networks from gangs looking to initiate ransomware attacks.ย Researchers at cybersecurity company Group-IB analysed activity on underground forums and said there’s been a sharp increase in the number of offers to sell access to compromised corporate networks, with the number of posts offering access tripling between 2020 and 2021.ย Crooks are claiming to offer access to compromised Virtual Private Network (VPN) and Remote Desktop Protocol (RDP) login credentials, as well as web shells, reverse shells, Cobalt Strike penetration testing tools and more.ย With this access, cyber criminals can access a company’s networks and attempt to gain access to usernames and passwords or administrator rights which allow them to gain further control over the network.ย โ
Title: Phishing Scam Targets Military Families
Date Published:ย December 2, 2021
https://www.infosecurity-magazine.com/news/phishing-scam-targets-military/
Excerpt:ย โThreat researchers at Lookout are helping to take down a phishing campaign that has been targeting members of the United States military and their families.ย The scammers behind the long-running campaign impersonate military support organizations and personnel to commit advance fee fraud, stealing sensitive personal and financial information for monetary gain.ย โBased on our analysis, itโs clear that the threat actor is looking to steal sensitive data from victims such as their photo identification, bank account information, name, address and phone number,โ wrote Lookoutโs researchers in a blog post on the scam published today.ย โWith this information, the actor could easily steal the victimโs identity, empty their bank account and impersonate the individual online.โย The campaignโs backbone is a series of websites that have been designed to appear as though they are affiliated with the military. To bring an added touch of authenticity to the sites, the operators add advertisements for Department of Defense services to their malicious content.โ
Title: IoT Devices Must โProtect Consumers from Cyberharmโ, Says UK Government
Date Published:ย December 2, 2021
Excerpt: ย โVery simply put, the UK government wants to set some basic, minimum standards for at least the following:ย Default passwords. If Parliament gets its way, there wonโt be any. You wonโt be allowed to have pre-configured passwords in your devices, so that you canโt flood the market with products that every crook already knows how to get into.ย Vulnerability disclosures. Youโll need a reliable way for security researchers who believe in responsible disclosure to contact you, and (we hope) some visible commitment to closing off security holes that you already know about before the crooks figure them out.ย Update commitments. Youโll need to tell buyers in advance how long you are going to provide security fixes for the product theyโre buying today.ย Presumably, the third item in this list will be used hand-in-hand with the second one to stop you unilaterally disowning a tricky security problem by simply abandoning support as soon as it suits you, leaving your users โ and the environment! โ with a landfill device that became useless long before they might reasonably have expected.โ
Title: Key Characteristics of Malicious Domains: Report
Date Published:ย December 2, 2021
Excerpt: ย โThe newness of top-level domains as well as infrastructure located in certain countries continue to be reliable signs of whether network traffic could be malicious, while the use of self-signed Secure Sockets Layer (SSL) certificates โ or those issued by the free Let’s Encrypt service โ are not abnormally risky, according to new research.ย Internet security service DomainTools, in a new report released today, focused on active domains that exceeded certain thresholds in terms of the size of the infrastructure and found that top-level domains, IP autonomous system numbers, and IP geolocations are consistent indicators of risky content, compared with the average domain.ย Domains that use name servers maintained by Internap Japan and HostKey in the US, for example, were far more likely to be the source of risky traffic than average, according to the “DomainTools Report for Fall 2021.”ย On the other hand, SSL certificates that are self-signed or from free services, such as Let’s Encrypt, were not any more likely to be malicious than average, says Tim Helming, security evangelist with DomainTools.โ
Title: Phishing Kitsโ Favorite Brand? Amazon
Date Published:ย December 3, 2021
https://www.helpnetsecurity.com/2021/12/03/phishing-kits-imitating-brands/
Excerpt:ย โResearch conducted by Egress and Orpheus Cyber has revealed a surge in phishing kits imitating major brands in the lead up to Black Friday, as security experts warn that cybercriminals are stepping up their phishing attacks over the holiday shopping season.ย The research has lifted the lid on how cybercriminals prepare to take advantage of the retail event, reporting a 397% increase in typo squatting domains explicitly tied to phishing kits. Amazon was a popular choice for cybercriminals, with a 334.1% increase in phishing kits impersonating the brand ahead of its anticipated Black Friday promotions.ย Amazon was the top brand for fraudulent webpages linked to phishing kits, with researchers observing almost 4,000 pages imitating the brand โ three times as many as those detected for than the popular online auction site eBay and over four times as many as for retail giant Walmart.โ