Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts

hackers-using-fake-circleci-notifications-to-hack-github-accounts

GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted “many victim organizations.” The fraudulent […]

Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities

researchers-uncover-new-metador-apt-targeting-telcos,-isps,-and-universities

A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. “The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions,” researchers […]

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

cisa-warns-of-hackers-exploiting-recent-zoho-manageengine-vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. “Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution,” the agency said in […]

Firing Your Entire Cybersecurity Team? Are You Sure?

firing-your-entire-cybersecurity-team?-are-you-sure?

What on earth were they thinking? That’s what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services. Of course, we don’t know the true motivations for this move. But, as outsiders looking in, we can guess the cybersecurity implications […]

Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

void-balaur-hackers-for-hire-targeting-russian-businesses-and-politics-entities

A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as […]

Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware

fake-indian-banking-rewards-apps-targeting-android-users-with-info-stealing-malware

An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. “The malware’s RAT capabilities […]

Hackers Using Malicious OAuth Apps to Take Over Email Servers

hackers-using-malicious-oauth-apps-to-take-over-email-servers

Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. “The threat actor launched credential stuffing attacks against high-risk accounts that didn’t have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain […]

Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs

researchers-uncover-years-long-mobile-spyware-campaign-targeting-uyghurs

A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in January 2016, is said to have encompassed 20 different variants of […]

Malicious NPM Package Caught Mimicking Material Tailwind CSS Package

malicious-npm-package-caught-mimicking-material-tailwind-css-package

A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its maintainers as an “easy to use components library for Tailwind CSS […]

IT Security Takeaways from the Wiseasy Hack

it-security-takeaways-from-the-wiseasy-hack

Last month Tech Crunch reported that payment terminal manufacturer Wiseasy had been hacked. Although Wiseasy might not be well known in North America, their Android-based payment terminals are widely used in the Asia Pacific region and hackers managed to steal passwords for 140,000 payment terminals. How Did the Wiseasy Hack Happen? Wiseasy employees use a […]