Security News > 2022 > May

Hackers steal WhatsApp accounts using call forwarding trick
2022-05-31 23:10

Sasi says that an attacker first needs to convince the victim to make a call to a number that starts with a Man Machine Interface code that the mobile carrier set up to enable call forwarding. "First, you receive a call from the attacker who will convince you to make a call to the following number **67* or *405*. Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account" - Rahul Sasi.

Windows MSDT zero-day now exploited by Chinese APT hackers
2022-05-31 22:00

Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability to execute malicious code remotely on Windows systems. This Microsoft Windows Support Diagnostic Tool remote code execution flaw impacts all Windows client and server platforms still receiving security updates.

Cops' Killer Bee stings credential-stealing scammer
2022-05-31 20:50

An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan to reroute financial transactions and steal corporate credentials. Interpol linked the suspects to a syndicate of Nigerian fraudsters using a RAT known as Agent Tesla to access business computers and divert monetary transactions to their own accounts.

Over 3.6 million MySQL servers found exposed on the Internet
2022-05-31 20:02

Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists. Of these accessible MySQL servers, 2.3 million are connected over IPv4, with 1.3 million devices over IPv6.

FBI warns of Ukrainian charities impersonated to steal donations
2022-05-31 19:43

Scammers are claiming to be collecting donations to help Ukrainian refugees and war victims while impersonating legitimate Ukrainian humanitarian aid organizations, according to the Federal Bureau of Investigation. "The FBI warns the public of fraudulent schemes seeking donations or other financial assistance related to the crisis in Ukraine," the US law enforcement agency said this week in a public service announcement.

Mysterious “Follina” zero-day hole in Office – here’s what to do!
2022-05-31 18:01

More precisely, perhaps, it's a code execution security hole hole that can be exploited by way of Office files, though for all we know there may be other ways to trigger or abuse this vulnerability. On Windows, ms-msdt: is a proprietary URL type that launches the MSDT software toolkit.

Why small businesses may want to pursue virtual CISO
2022-05-31 17:45

Why small businesses may want to pursue virtual CISO. While a Chief Information Security Officer can be invaluable to a company with regards to safety and cybersecurity, some smaller enterprises may want to look into a Virtual CISO to assist with cutting down on expenses. A virtual CISO is that of an independent or contracted employee, who fills the role of a CISO but is not employed full time.

Microsoft's identity services huddle under Entra umbrella
2022-05-31 17:45

Microsoft has whipped out the rebranding team once more, and chosen the name "Entra" as a catch-all for the company's identity and access capabilities. Sadly nothing to do with the sometimes-missed Encarta, the encyclopaedia launched by Microsoft back in the 1990s and eventually killed off in the first decade of the twenty-first century, Entra is not so much about squinting at postage stamp-sized bits of video and more about Azure Active Directory and Cloud Infrastructure Entitlement Management.

Costa Rica’s public health agency hit by Hive ransomware
2022-05-31 17:34

All computer systems on the network of Costa Rica's public health service are now offline following a Hive ransomware attack that hit them this morning. The incident comes after Costa Rica declared a national emergency following Conti ransomware attacks that hit multiple government bodies, including the Costa Rican Social Security Fund.

Best cryptocurrency exchanges of 2022
2022-05-31 17:07

What is cryptocurrency, and what is a crypto exchange? A crypto exchange is a digital transaction mechanism - essentially an online market - which allows you to buy and sell cryptocurrency.