Security News > 2022 > February

A politically motivated hacker group tied to a series of espionage and sabotage attacks on Israeli entities in 2021 incorporated a previously undocumented remote access trojan that masquerades as the Windows Calculator app as part of a conscious effort to stay under the radar. "The StrifeWater RAT appears to be used in the initial stage of the attack and this stealthy RAT has the ability to remove itself from the system to cover the Iranian group's tracks," Tom Fakterman, Cybereason security analyst, said in a report.

A number of India-based call centers and their directors have been indicted for their alleged role in placing tens of millions of scam calls aimed at defrauding thousands of American consumers. The indictment charged Manu Chawla, Sushil Sachdeva, Nitin Kumar Wadwani, Swarndeep Singh, Dinesh Manohar Sachdev, Gaje Singh Rathore, Sanket Modi, Rajiv Solanki and their respective call centers for conspiring with previously indicted VoIP provider E Sampark and its director, Guarav Gupta, to forward the calls to U.S. citizens.

The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries. Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it "Mapped out three large clusters of their infrastructure used to support different phishing and malware purposes."

"The wormhole network was exploited for 120k wETH," the DeFi biz said via Twitter on Wednesday. Those organizations behind Wormhole said they would add more ETH in the hours to come to ensure wETH is backed with ETH. And on Thursday, as if by magic, Wormhole proclaimed, "All funds have been restored and Wormhole is back up."

Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications.

Customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the "Real pain in the rear end" of manual inputting, inaccurate wages & more. It turns out that dragging its Kronos Private Cloud systems back has taken nearly two months.

More and more phishing kits are focusing on bypassing multi-factor authentication methods, researchers have warned - typically by stealing authentication tokens via a man-in-the-middle attack. According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, "Ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers."

A cross-site scripting vulnerability in the Zimbra email platform is currently actively exploited in attacks targeting European media and government organizations. Zimbra is an email and collaboration platform that also includes instant messaging, contacts, video conferencing, file sharing, and cloud storage capabilities.

Officials from the EU and US are nearing a solution in long-running negotiations over transatlantic data sharing. Previous legal arrangements for sharing data between the two jurisdictions, the so-called Privacy Shield, were struck down by the EU Court of Justice in what became known as the Schrems II ruling in 2020.

Kaspersky: Many wearables and healthcare devices are open to attack due to vulnerable data transfer protocol. Kaspersky security researchers announced this week that a popular data transfer protocol used by healthcare devices is full of critical vulnerabilities.