Security News > 2022 > April

Hackers have created custom tools to control a range of industrial control system and supervisory control and data acquisition devices, marking the latest threat to a range of critical infrastructure in the United States, according to several government agencies. The tools enable threat groups to scan for, compromise, and eventually control affected device after gaining initial access to an organization's operational technology networks.

A platform for everyone to seamlessly share their best moments online, Instagram is slowly turning into a mecca for the undesirables-from sexual harassers to crypto "Investors" helping you "Get rich fast." American investor and hedge fund manager, Mark W. Yusko is one such person whose identity is being misused by not one-several Instagram scammers.

A platform for everyone to seamlessly share their best moments online, Instagram is slowly turning into a mecca for the undesirables-from sexual harassers to crypto "Investors" helping you "Get rich fast." Whenever Shibby120 is approached by an Instagram scammer, he decides to "Have fun with them" over DMs:. Two days ago, Carrington J. Tatum, a reporter with MLK50 announced his Instagram account getting hacked to promote crypto scams.

A security flaw in the Rarible NFT marketplace allowed threat actors to use a relatively simple trick to steal digital assets and transfer them directly into their wallets. Rarible is a community-centric NFT marketplace that offers up to 50% in royalties, having 2.1 million registered users, hundreds of millions U.S. dollars in annual trading volumes, and support for three blockchains.

A security flaw in the Rarible NFT marketplace allowed threat actors to use a relatively simple trick to steal digital assets and transfer them directly into their wallets. Rarible is a community-centric NFT marketplace that offers up to 50% in royalties, having 2.1 million registered users, hundreds of millions U.S. dollars in annual trading volumes, and support for three blockchains.

Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims. Security researchers at Singapore-based cybersecurity company Group-IB say that this time OldGremlin impersonated a senior accountant at a Russian financial organization warning that the recent sanctions imposed on Russia would suspend the operations of the Visa and Mastercard payment processing systems.

Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims. Security researchers at Singapore-based cybersecurity company Group-IB say that this time OldGremlin impersonated a senior accountant at a Russian financial organization warning that the recent sanctions imposed on Russia would suspend the operations of the Visa and Mastercard payment processing systems.

Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. CVE-2022-22954 is, in effect, a server-side template injection vulnerability that can be triggered by a malicious actor with network access to achieve remote code execution.

Imperva has published findings from a global study on?consumer?perceptions of data privacy and trust in digital service providers. The results suggest that consumers feel trapped: sharing personal data is a requirement to use digital services but a majority do not trust organizations to protect their data.

The China-linked Hafnium cyber-gang is using a strain of malware to maintain a persistent presence in compromised Windows systems by creating hidden tasks that maintain backdoor access even after reboots. Researchers within Microsoft's Detection and Response Team and Threat Intelligence Center spotted the software nasty, dubbed Tarrask, creating undesirable scheduled tasks via Windows Task Scheduler, which is typically used by IT administrators to automate such chores as updating programs, tidying up file systems, and starting certain applications.