Security News > 2022 > January

New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020. Attacks involving Abcbot, first disclosed by Qihoo 360's Netlab security team in November 2021, are triggered via a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet, but not before terminating processes from competing threat actors and establishing persistence.

After infecting themselves with their own custom remote access trojan, an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers. During PatchWork's most recent campaign, between late November to early December 2021, Malwarebytes Labs observed the threat actors using malicious RTF documents impersonating Pakistani authorities to infect targets with a new variant of the BADNEWS RAT, known as Ragnatela.

Germany-based security biz Avira's antivirus has enabled a new feature: "Avira Crypto". As NortonLifeLock also bought Avast last year, it will be interesting to see if its owner's new-found fondness for imaginary internet money will soften Avast's strong anti-cryptocurrency-mining stance.

Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service conditions, information leaks and remote code execution in various web applications, researchers are warning. Multiple Parsers in Use: Whether by design or an oversight, developers sometimes use more than one URL parsing library in projects.

Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control technology to access users' protected data. The Microsoft 365 Defender Research Team has reported the vulnerability dubbed powerdir to Apple on July 15, 2021, via the Microsoft Security Vulnerability Research.

Check Point Research said Africa had the highest amount with an average of 1,582 per week per organization. For 2021 as a whole, the number of cyberattacks against corporate networks soared by 50% from the previous year, cyber threat intelligence provider Check Point Research said in a report released on Monday.

Linux Mint has released version 20.3, codenamed 'Una,' as a long-term support version that will receive security updates until 2025. Long-term support releases are for those who favor stability over bleeding-edge software and experimental features, so Linux Mint 20.3 is ideal for those who want to keep the same system without significant changes for years.

With millions of Log4j-targeted attacks clocking in per hour since the flaw's discovery last month, there's been a record-breaking peak of 925 cyberattacks a week per organization, globally. The number comes out of a Monday report from Check Point Research, which found Log4Shell attacks to be a major contributor to a 50-percent increase year-over-year in overall attacks per week on corporate networks for 2021.

The European Data Protection Supervisor, an EU privacy and data protection independent supervisory authority, has ordered Europol to erase personal data on individuals that haven't been linked to criminal activity. The decision follows an own-initiative inquiry started on April 30, 2019, regarding the EU police body's use of Big Data Analytics for personal data processing activities.

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. The set includes an SQL injection on WP Query, a blind SQL injection via the WP Meta Query, an XSS attack via the post slugs, and an admin object injection.