Security News > 2022 > April

Security researchers have discovered the first malware specifically developed to target Amazon Web Services Lambda cloud environments with cryptominers. AWS Lambda is a serverless computing platform for running code from hundreds of AWS services and software as a service apps without managing servers.

A first-of-its-kind malware targeting Amazon Web Services' Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "The malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said.

How many times have you been working on a Linux server and wished you had the means to safely store passwords? Having such a feature available to your headless servers would be such a time saver. SEE: Password breach: Why pop culture and passwords don't mix.

Parrot's use is for malicious campaigns to redirect potential victims matching a specific profile to online resources such as phishing and malware-dropping sites. Threat actors running malicious campaigns buy TDS services to filter incoming traffic and send it to a final destination serving malicious content.

Adobe Creative Cloud Experience, a service installed via the Creative Cloud installer for Windows, includes a Node.js executable that can be abused to infect and compromise a victim's PC. Michael Taggart, a security researcher, recently demonstrated that the node. "I have confirmed that the node.exe packaged with the Adobe Customer Experience service can run any JavaScript you point it to," he explained to The Register.

Salt Security spotted a vulnerability in a large fintech company's digital platform that would have granted attackers admin access to banking systems in addition to allowing them to transfer funds to their own accounts. "This vulnerability is a critical flaw, one that completely compromises every bank user," Yaniv Balmas, vice president of research at Salt, an API security firm, told The Register.

The Hamas-backed hacking group tracked as 'APT-C-23' was found catfishing Israeli officials working in defense, law, enforcement, and government agencies, ultimately leading to the deployment of new malware. According to analysts at Cybereason, who named this new campaign 'Operation Bearded Barbie,' APT-C-23 is also deploying new custom backdoors for Windows and Android devices geared towards espionage.

The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control of the underlying botnet.

While ransomware was involved in 37 percent of 1,270 incidents the firm handled during 2021, up 10 percent on 2020, today's Data Security Incident Response Report [PDF] suggests that growing uptake of mitigation techniques like multifactor authentication and backups are driving the price of ransoms down. "More organizations have invested in improving their data backup capabilities and are able to continue at least partial operations after a ransomware incident, which puts them in a better position to negotiate for a longer period of time and reach a greater discount for the ransom demand, if the need to pay arises," the firm claims.

Mobile malware analysts warn about a set of applications available on the Google Play Store, which collected sensitive user data from over 45 million installs of the apps. The apps collected this data through a third-party SDK that includes the ability to capture clipboard content, GPS data, email addresses, phone numbers, and even the user's modem router MAC address and network SSID. This sensitive data could lead to significant privacy risks for the users if misused or leaked due to poor server/database security.