Security News > 2022 > April

A prolific Middle East team with links to Hamas is said to be using malware and infrastructure to target high-ranking Israeli officials and steal sensitive data from Windows and Android devices. The advanced persistent threat group - known by some as APT-C-23, Arid Viper, Desert Falcon, and FrozenCell, among other names - set up an elaborate cyberespionage campaign, spending months rolling out fake Facebook accounts to target specific potential Israeli victims, according to Cybereason's Nocturnus threat intelligence team.

A new information stealer named FFDroider has emerged, stealing credentials and cookies stored in browsers to hijack victims' social media accounts. Like many malware, FFDroider is spread through software cracks, free software, games, and other files downloaded from torrent sites.

FBI investing millions in software to monitor social media platforms. The FBI has invested millions of dollars into social media tracking software, according to a report from the Washington Post.

The US Justice Department today revealed details of a court-authorized take-down of command-and-control systems the Sandworm cyber-crime ring used to direct network devices infected by its Cyclops Blink malware. The move follows a joint security alert in February from US and UK law enforcement that warned of WatchGuard firewalls and ASUS routers being compromised to run Cyclops Blink.

German police have located and closed down the servers of Hydra, allegedly one of the world's biggest underground online stores. According to a report from the BBC, locating the actual servers used to run Hydra was not an easy task, but German police said they started following up on a tip in the middle of 2021 that suggested the servers were actually hosted in Germany.

UK retail chain The Works announced it was forced to shut down several stores due to till issues caused by a cyber-security incident involving unauthorized access to its computer systems. The Works has since switched to new third-party credit and debit card payment processors to address this last problem, which the company claims are safe.

VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks. "This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious," VMware warned on Wednesday.

An ongoing outage affects numerous Atlassian customers, causing their Jira and Confluence instances to not be accessible for over twenty-four hours. The outage started at approximately 5 AM EST yesterday, with Jira and Confluence customers no longer able to access their cloud instances.

Credit agency warns weak cybersecurity defenses could hurt a company's credit rating, even before an attack. As cyberattacks and data breaches grow bigger and more frequent, companies that don't build strong cybersecurity defenses may feel a direct financial hit even before hackers show up.

Hackers employ voicemail phishing attacks on WhatsApp users. Hackers are continuing to get more creative when it comes to stealing personal information, and WhatsApp users should be on alert for any suspicious looking emails.