Title: Chinese State-Backed Hackers now Target Russian State Officers
Date Published: April 27, 2022
Excerpt: “Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President). The threat group was previously seen orchestrating intelligence collection campaigns against European targets, employing phishing lures inspired by the Russian invasion of Ukraine.”
Title: Linux Nimbuspwn Flaws Could Allow Attackers to Deploy Sophisticated Threats
Date Published: April 27, 2022
https://securityaffairs.co/wordpress/130662/hacking/nimbuspwn-linux-flaws.html
Excerpt: “The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware. “The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.” reads the advisory published by Microsoft. The flaws can be exploited by attackers to achieve root access to the target systems and deploy by more sophisticated threats, such as ransomware.”
Title: Millions of Java Apps Remain Vulnerable to Log4Shell
Date Published: April 27, 2022
https://threatpost.com/java-apps-vulnerable-log4shell/179397/
Excerpt: “Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Researchers at security firm Rezilion analyzed the current potential attack surface for the vulnerability in the popular open-source Apache Struts framework that threatened to break the internet when it was discovered in December. The flaw in the ubiquitous Java logging library Apache Log is easily exploitable and can allow unauthenticated remote code execution (RCE) and complete server takeover.”
Title: Multi-vector DDoS Attacks on the Rise, Attackers Indiscriminate and Persistent
Date Published: April 27, 2022
https://www.helpnetsecurity.com/2022/04/27/multi-vector-ddos-attacks/
Excerpt: “Comcast Business published results from a report which provides an overview of the distributed denial of service (DDoS) attack landscape, trends experienced by its customers and insights for measuring and mitigating risks. The report found that multi-vector DDoS attacks targeting Layers 3, 4, and 7 simultaneously represent a 47 percent increase from the record number set in 2020.”
Title: Ransom Payments: Monero Promises Privacy; Bitcoin Dominates
Date Published: April 26, 2022
https://www.bankinfosecurity.com/ransom-payments-monero-promises-privacy-bitcoin-dominates-a-18966
Excerpt: “While almost all ransomware-wielding attackers accept Bitcoin for ransom payments, many continue to prefer Monero, thanks to the privacy-preserving coin being tougher for law enforcement officials to track. As police increasingly crack down on Bitcoin-using criminals, however, experts say this could push more ransomware operations to demand Monero, or to rapidly convert received funds into that virtual currency.”
Title: Google’s New Safety Section Shows What Data Android Apps Collect About Users
Date Published: April 27, 2022
https://thehackernews.com/2022/04/googles-new-safety-section-shows-what.html
Excerpt: “Google on Tuesday officially began rolling out a new “Data safety” section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. “Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties,” Suzanne Frey, Vice President of product for Android security and privacy, said. “In addition, users want to understand how app developers are securing user data after an app is downloaded.” The transparency measure, which is built along the lines of Apple’s “Privacy Nutrition Labels,” was first announced by Google nearly a year ago, in May 2021.”
Title: Strategic Competition firm Strider nabs $45 million Series B
Date Published: April 27, 2022
Excerpt: “Utah-based strategic competition intelligence platform Strider announced a $45 million Series B investment Monday. The new investment was led by new investor Valor Equity Partners, and increases the stakes of existing investors DataTribe, Koch Disruptive Technologies, and One9 Ventures.”
Title: RIG Exploit Kit Drops RedLine Malware via Internet Explorer Bug
Date Published: April 27, 2022
Excerpt: “Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware. Exploit kits (EKs) have dropped drastically in popularity as they targeted vulnerabilities in web browsers introduced by plug-in software such as the now-defunct Flash Player and Microsoft Sillverlight.”
Title: Wind Turbine Giant Deutsche Windtechnik Hit by a Professional Cyberattack
Date Published: April 27, 2022
Excerpt: “German wind turbine giant Deutsche Windtechnik announced that some of its systems were hit by a targeted professional cyberattack earlier this month. The attack took place during the night between April 11 and 12, the company switched off remote data monitoring connections to the wind turbines for security reasons. The connections were resumed two days later, the company pointed out that wind turbines did not suffer any damage and were never in danger.”
Title: NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
Date Published: April 26, 2022
https://thehackernews.com/2022/04/npm-bug-allowed-attackers-to-distribute.html
Excerpt: “A “logical flaw” has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed “Package Planting” by researchers from cloud security firm Aqua. Following responsible disclosure on February 10, the underlying issue was remediated by NPM on April 26.”