Security News > 2022 > January

Lazarus Group is using Windows Update to spray malware in a campaign powered by a GitHub command-and-control server, researchers have found. Lazarus did the same thing last July: At that time, the APT was identified as being behind a campaign that was spreading malicious documents to job-seeking engineers, impersonating defense contractors who were purportedly seeking job candidates at Airbus, General Motors and Rheinmetall.

We're going to say it anyway: "Happy Data Privacy Day!". GET TO KNOW YOUR PRIVACY CONTROLS. Take the time to learn what privacy controls are available in all the apps and online services you use.

Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. "We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward." -Zerodium.

The Federal Communications Commission has revoked China Unicom Americas' license, one of the world's largest mobile service providers, over "Serious national security concerns." China Unicom Americas is the largest foreign subsidiary of China Unicom, a Chinese state-owned telecom company.

Cybersecurity company Kaspersky said it logged and blocked 30,562 attempts by hackers to use the Log4Shell exploit that was discovered in December 2021. Log4Shell is an exploit that targets Apache's Log4j library, which is used to log requests for Java applications.

The UK's National Cyber Security Centre is urging organizations to bolster security and prepare for a potential wave of destructive cyberattacks after recent breaches of Ukrainian entities. The NCSC openly warns that Russian state-sponsored threat actors will likely conduct the attacks and reminds of the damage done in previous destructive cyberattacks, like NotPetya in 2017 and the GRU campaign against Georgia in 2019.

The European Systemic Risk Board proposed a new systemic cyber incident coordination framework that would allow EU relevant authorities to coordinate better when responding to major cross-border cyber incidents impacting the Union's financial sector. ESRB is an independent EU body established in 2010 that oversees the European Union's financial system to prevent and mitigate systemic risk.

Threat analysts have observed a new campaign named 'OiVaVoii', targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts. OAuth is a standard for token-based authentication and authorization, removing the need to enter account passwords.

Delta Electronics, an electronics company that provides products for Apple, Tesla, HP and Dell, disclosed Friday that "Non-critical systems" were attacked by "Overseas hackers" - an attack that's been attributed to the Conti Group. Taiwanese storage and networking equipment provider QNAP Systems forced out an update to its customers' network attached storage devices after warning them earlier this week that the DeadBolt ransomware was in offensive mode against them.

Adware strains Shlayer and Bundlore are the most common malware in macOS - although they have slight variations, they have long invaded and bypassed Xprotect, Notarization, Gatekeeper, and File Quarantine, all security features pre-built into macOS. The Uptycs threat research team has tracked these threats, along with 90% of macOS malware in routine analysis and customer telemetry alerts using shell scripts. In this post, we break down the variations of malicious shell scripts in Shlayer and Bundlore, review the macOS utilities used by these malware strains, and show how Uptycs EDR detection can help.