Security News > 2022 > April

Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that "These subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure." TA410 - said to share behavioral and tooling overlaps with APT10 - has a history of targeting U.S-based organizations in the utilities sector as well as diplomatic entities in the Middle East and Africa.

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Threat actors using Bumblebee are associated with malware payloads that have been linked to follow-on ransomware campaigns," the researchers said.

WhatsApp is down according to user reports mentioning issues connecting to the messaging platform and the inability to send messages although still connected. Outage site DownDetector shows thousands of user reports that started streaming in around 4:15 PM EST, with affected WhatsApp users reporting the same issues from Europe, North and South America, and Asia.

The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. Emotet is one of the most actively distributed malware spread through emails using phishing emails with malicious attachments, including Word/Excel documents, Windows shortcuts, ISO files, and password-protected zip files.

Two of the most popular IAM tools are Okta and Ping Identity. We'll take a look at how Okta and Ping are similar and different to help you decide which solution may be right for your business.

Synology has warned customers that some of its network-attached storage appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities. "Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager and Synology Router Manager," Synology said.

Microsoft has addressed a chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," the Microsoft Security Response Center team explained today.

The French data protection authority fined medical software vendor Dedalus Biology with EUR 1.5 million for violating three articles of the GDPR. Dedalus Biology provides services to thousands of medical laboratories in the country and the fine is for exposing sensitive details of of 491,939 patients from 28 laboratories. More specifically, during migration from the software of a different vendor, at the request of two medical laboratories, Dedalus extracted more information than required.

Ukraine's computer emergency response team has published an announcement warning of ongoing DDoS attacks targeting pro-Ukraine sites and the government web portal. The threat actors, who at this time remain unknown, are compromising WordPress sites and injecting malicious JavaScript code to perform the attacks.

At 15.3 million requests-per-second, the DDoS bombardment was one of the largest that the internet infrastructure company has seen, and the largest HTTPS attack on record. Other countries generating the most traffic included Russia, Brazil, India, Colombia and the US. Cloudflare researchers didn't name the botnet but said it was one that they've been watching and had seen attacks as large as 10 million rps that matched the same fingerprint.