Title: Malicious Emails Can Crash Cisco Email Security Appliances
Date Published: February 17, 2022
https://www.securityweek.com/malicious-emails-can-crash-cisco-email-security-appliances
Excerpt: “Cisco this week informed customers that its Email Security Appliance (ESA) product is affected by a high-severity denial of service (DoS) vulnerability that can be exploited using specially crafted emails.
The flaw, tracked as CVE-2022-20653, affects the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA. It can be exploited remotely without authentication.”;
Title: DoJ Announces New Cyber Initiatives, Including New Cryptocurrency Unit
Date Published: February 17, 2022
Excerpt: “Deputy Attorney General Lisa Monaco announced a series of new Department of Justice cybercrime initiatives Thursday at the Munich Cyber Security Conference, including a new, centralized FBI unit to combat cryptocurrency-dependent crime.”
Title: Microsoft Teams Targeted With Takeover Trojans
Date Published: February 17, 2022
https://threatpost.com/microsoft-teams-targeted-takeover-trojans/178497/
Excerpt: “Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.”
Title: MFA Fatigue Attacks: Users Tricked Into Allowing Device Access Due to Overload of Push Notifications
Date Published: February 16, 2022
Excerpt: “Malicious hackers are targeting Office 365 users with a spare of ‘MFA fatigue attacks’, bombarding victims with 2FA push notifications to trick them into authenticating their login attempts.”
Title: Global Hybrid Warfare Introduces Cyber Threats to Companies Amid the Russia-Ukraine Crisis
Date Published: February 17, 2022
Excerpt: “Rhetoric from leaders around the world has signaled that it is no longer a question of if Russia will invade Ukraine, but when and how. Geopolitical tensions are palpably high, which has introduced the potential for a longtime cold war between the U.S. and Russia (and their respective allies) to turn hot.”
Title: Stop Vaping: Major e-Cigarette Store Hacked to Steal Credit Cards
Date Published: February 18, 2022
Excerpt: “BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits is serving a credit card skimmer on its live site, likely after getting hacked.”
Title: Aviation Attacks Tied To Single APT – TA2541
Date Published: February 17, 2022
https://www.bankinfosecurity.com/aviation-attacks-tied-to-single-apt-ta2541-a-18536
Excerpt: “Cyberattacks in the aviation sector over the past several years have been tied to a single advanced persistent threat group named TA2541, which – since at least 2017 – has used more than a dozen remote access Trojans to control compromised machines, according to a report from cybersecurity firm Proofpoint.”
Title: NSA Issues Guidance for Selecting Strong Cisco Password Types
Date Published: February 17, 2022
Excerpt: “The US National Security Agency (NSA) has issued fresh guidance for organizations on selecting strong passwords for Cisco devices, citing an increase in the number of compromises involving poorly protected network infrastructure.”
Title: Severe WordPress Plug-In UpdraftPlus Bug Threatens Backups
Date Published: February 18, 2022
https://threatpost.com/severe-wordpress-plug-in-updraftplus-bug-threatens-backups/178528/
Excerpt: “The WordPress plug-in “UpdraftPlus” was patched on Wednesday to correct a vulnerability that left sensitive backups at risk, potentially exposing personal information and authentication data.
UpdraftPlus is a tool for creating, restoring and migrating backups for WordPress files, databases, plug-ins and themes. According to its website, UpdraftPlus is used by more than three million WordPress websites, including those from organizations like Microsoft, Cisco and NASA.”
Title: Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware
Date Published: February 17, 2022
https://thehackernews.com/2022/02/iranian-hackers-targeting-vmware.html
Excerpt: “A “potentially destructive actor” aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware.
Cybersecurity firm SentinelOne dubbed the group “TunnelVision” owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus as well as Charming Kitten and Nemesis Kitten.”