New Saitama backdoor Targeted Official from Jordan’s Foreign Ministry

New Saitama backdoor Targeted Official from Jordan’s Foreign Ministry

,

A spear-phishing campaign targeting Jordan’s foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama.
Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group.
« Like many of these attacks, the email contained a

,

A spear-phishing campaign targeting Jordan’s foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama.
Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group.
« Like many of these attacks, the email contained a

, ,
https://thehackernews.com/2022/05/new-saitama-backdoor-targeted-official.html

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability,

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution.
« A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device, » the company said in an advisory

,

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution.
« A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device, » the company said in an advisory

, ,
https://thehackernews.com/2022/05/zyxel-releases-patch-for-critical.html

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks,

A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia.
Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35,

,

A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia.
Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35,

, ,
https://thehackernews.com/2022/05/iranian-hackers-leveraging-bitlocker.html

E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse,

The European Commission on Wednesday proposed new regulation that would require tech companies to scan for child sexual abuse material (CSAM) and grooming behavior, raising worries that it could undermine end-to-end encryption (E2EE).
To that end, online service providers, including hosting services and communication apps, are expected to proactively scan their platforms for CSAM as well as

,

The European Commission on Wednesday proposed new regulation that would require tech companies to scan for child sexual abuse material (CSAM) and grooming behavior, raising worries that it could undermine end-to-end encryption (E2EE).
To that end, online service providers, including hosting services and communication apps, are expected to proactively scan their platforms for CSAM as well as

, ,
https://thehackernews.com/2022/05/eu-proposes-new-rules-for-tech.html

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites,

Cybersecurity researchers have disclosed a massive campaign that’s responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.
« The websites all shared a common issue — malicious JavaScript had been injected within their website’s files and the database, including

,

Cybersecurity researchers have disclosed a massive campaign that’s responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.
« The websites all shared a common issue — malicious JavaScript had been injected within their website’s files and the database, including

, ,
https://thehackernews.com/2022/05/thousands-of-wordpress-sites-hacked-to.html

Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones,

Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome.
« When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number, » Google’s Jen Fitzpatrick 

,

Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome.
« When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number, » Google’s Jen Fitzpatrick 

, ,
https://thehackernews.com/2022/05/blog-post.html

Everything We Learned From the LAPSUS$ Attacks

Everything We Learned From the LAPSUS$ Attacks,

In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including:

T-Mobile (April 23, 2022)
Globant 
Okta
Ubisoft
Samsung
Nvidia
Microsoft
Vodafone

In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the Brazilian Ministry of Health.
While

,

In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including:

T-Mobile (April 23, 2022)
Globant 
Okta
Ubisoft
Samsung
Nvidia
Microsoft
Vodafone

In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the Brazilian Ministry of Health.
While

, ,
https://thehackernews.com/2022/05/everything-we-learned-from-lapsus.html

Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

Government Agencies Warn of Increase in Cyberattacks Targeting MSPs,

Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers.
Key among the recommendations include identifying and disabling accounts that are no longer in use, enforcing multi-factor authentication (MFA) on MSP accounts that access customer

,

Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers.
Key among the recommendations include identifying and disabling accounts that are no longer in use, enforcing multi-factor authentication (MFA) on MSP accounts that access customer

, ,
https://thehackernews.com/2022/05/government-agencies-warned-of-increase.html

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers,

Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration.
« Suspected to be the work of a state-nexus adversary, IceApple remains under active development, with 18 modules observed in use across a number of enterprise environments, as

,

Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration.
« Suspected to be the work of a state-nexus adversary, IceApple remains under active development, with 18 modules observed in use across a number of enterprise environments, as

, ,
https://thehackernews.com/2022/05/hackers-deploy-iceapple-exploitation.html

L’anti-malware de Gmail, bientôt activé dans Docs, Sheets et Slides

L’anti-malware de Gmail, bientôt activé dans Docs, Sheets et Slides,

Avec l’augmentation du télétravail, les pirates ont multiplié les scénarios d’attaque fondés sur les documents partagés. Une tendance que Google veut étouffer dans l’œuf.

,

Avec l’augmentation du télétravail, les pirates ont multiplié les scénarios d’attaque fondés sur les documents partagés. Une tendance que Google veut étouffer dans l’œuf.

, ,
https://www.01net.com/actualites/l-anti-malware-de-gmail-bientot-active-dans-docs-sheets-et-slides-2056216.html