Hawaii Cybersecurity Journal

Sunday, April 2, 2023

BleepingComputer.com

"Fake ransomware gang targets U.S. orgs with empty data leak threats."

Views expressed in this cybersecurity, cybercrime update are those of the reportes and correspondents. Accessed on 02 April 2023, 1340 UTC. Content supplied by "BleepingComputer.com."

Source: https://www.bleepingcomputer.com/ (Latest cybersecurity, cybercrime news from "BleepingComputer.com").

Please click link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts

https://www.hawaiicybersecurityjournal.net

https://paper.li/RussellRoberts

LATEST ARTICLES

SECURITY

Fake ransomware gang targets U.S. orgs with empty data leak threats

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.
IONUT ILASCU

APRIL 01, 2023

11:59 AM

0

SECURITY, LEGAL

DISH slapped with multiple lawsuits after ransomware cyber attack

Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day "network outage." The legal actions aim to recover losses faced by DISH investors who were adversely affected by what has been dubbed a "securities fraud."
AX SHARMA

APRIL 01, 2023

06:39 AM

1

TECHNOLOGY

Twitter open-sources recommendation algorithm code

Twitter announced on Friday that it's open-sourcing the code behind the recommendation algorithm the platform uses to select the contents of the users' For You timeline.
SERGIU GATLAN

MARCH 31, 2023

04:02 PM

0

SECURITY

15 million public-facing services vulnerable to CISA KEV flaws

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalog.
BILL TOULAS

MARCH 31, 2023

03:23 PM

0

SECURITY

Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs

Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites.
BILL TOULAS

MARCH 31, 2023

11:52 AM

1

MICROSOFT, SECURITY

10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack

A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.
LAWRENCE ABRAMS

MARCH 31, 2023

10:38 AM

7

SECURITY

Consumer lender TMX discloses data breach impacting 4.8 million people

TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data of 4,822,580 customers.
BILL TOULAS

MARCH 31, 2023

10:18 AM

0

SECURITY

Winter Vivern hackers exploit Zimbra flaw to steal NATO emails

A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats.
BILL TOULAS

MARCH 30, 2023

05:56 PM

0

SECURITY, MICROSOFT

Microsoft OneNote will block 120 dangerous file extensions

Microsoft has shared more information on what types of malicious embedded files OneNote will soon block to defend users against ongoing phishing attacks pushing malware.
SERGIU GATLAN

MARCH 30, 2023

05:40 PM

5

SECURITY

Ukrainian cyberpolice busts fraud gang that stole $4.3 million

Ukraine's cyberpolice has arrested members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the EU.
BILL TOULAS

MARCH 30, 2023

04:29 PM

0

SECURITY

CISA orders agencies to patch bugs exploited to drop spyware

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies today to patch a set of security vulnerabilities exploited as zero-days in recent attacks to install commercial spyware on mobile devices.
SERGIU GATLAN

MARCH 30, 2023

03:52 PM

0

SECURITY

Realtek and Cacti flaws now actively exploited by malware botnets

Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware.
BILL TOULAS

MARCH 30, 2023

02:44 PM

0

MICROSOFT

Microsoft testing adaptive brightness on more Windows 11 devices

Microsoft says the new Windows 11 preview build rolling out today will allow Insiders to test the company's adaptive brightness feature on more systems.
SERGIU GATLAN

MARCH 30, 2023

02:13 PM

2

SECURITY, MICROSOFT

Bing search results hijacked via misconfigured Microsoft app

A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users.
BILL TOULAS

MARCH 30, 2023

01:05 PM

0

SECURITY, CLOUD

New AlienFox toolkit steals credentials for 18 cloud services

A new modular toolkit called 'AlienFox' allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services.
BILL TOULAS

MARCH 30, 2023

06:00 AM

0
1

2

3

4

5

VIEW MORE

Saturday, April 1, 2023

The Hacker News Daily Updates

"Microsoft fixes new Azure AD vulnerability impacting Bing Search and major apps."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents. Accessed on 01 April 2023, 1328 UTC. Content provided by email subscription to "The Hacker News Daily Updates."

Source: https://mail.google.com/mail/u/0/#inbox/FMfcgzGslkrfWfnDwklZPtVSqpVKrdNq ("The Hacker News Daily Updates").

Please click link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates
7 Key Takeaways to Passwordless Authentication
Moving Past Passwords (At Last!)
Download Now Sponsored
LATEST NEWS Apr 1, 2023
Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps
Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud ...
Read More
Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a ...
Read More
Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!
Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. "Improved code security enforcement in WooCommerce components," the ...
Read More
Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. "TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes of government entities in Europe," ...
Read More
Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam
The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other territories across the European Union. The suspects are alleged to have created more than 100 ...
Read More
Deep Dive Into 6 Key Steps to Accelerate Your Incident Response
Organizations rely on Incident response to ensure they are immediately aware of security incidents, allowing for quick action to minimize damage. They also aim to avoid follow on attacks or future related incidents. The SANS Institute provides research and education on information security. In the upcoming webinar, we’ll outline, in detail, six components of a SANS incident response ...
Read More
3CX Supply Chain Attack — Here's What We Know So Far
Enterprise communications software maker 3CX on Thursday confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. The version numbers include 18.12.407 and 18.12.416 for Windows and 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 for macOS. The issue has been assigned the CVE identifier CVE-2023-29059. The company said it's engaging ...
Read More
Researchers Detail Severe "Super FabriXss" Vulnerability in Microsoft Azure SFX
Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022. "The Super FabriXss ...
Read More
7 Key Takeaways to Passwordless Authentication
Moving Past Passwords (At Last!)
Download Now Sponsored

Subscribe to: Posts (Atom)