Security News > 2022 > June

Microsoft said it blocked a Lebanon-based hacking group it tracks as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israelian organizations. Throughout the attacks that mainly targeted Israel's critical manufacturing, IT, and defense industry sectors since February 2022, Polonium operators have also likely coordinated their hacking attempts with multiple Iran-linked threat actors, according to Redmond's analysis.

A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. LuoYu has switched to abusing the automatic update mechanism of their victims' apps after previously pushing malware in easier to pull-off watering-hole attacks where they would use compromised local news sites as infection vectors.

Follina abuses Microsoft Office to execute remote code. CVE-2022-30190, also known as "Follina", is a remote code execution vulnerability that affects Microsoft Office, reported on May 27, 2022.

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. It is important to note that contrary to TrickBot's module that targeted UEFI firmware flaws, aiding Conti infections and later undertaken by the ransomware group, the new findings indicate that the malicious engineers were striving to discover new, unknown vulnerabilities in the ME. Firmware attacks in ransomware.

Rather than the typical ransom request for data restoration that has become commonplace, criminals are increasingly expanding their radius. Secondhand victims, including dental practices and insurance providers, could be potential targets based on the data obtained in the primary ransomware attack.

Modern threat detection software addresses the challenges of identifying threats, finding the legitimate alerts out of all the noise, and locating bad actors by using Indicators of Compromise. Today's threat detection software works across the entire security stack to give security teams the visibility they need to take appropriate steps and actions.

Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. According to researchers from Symantec, a Broadcom company, Clipminer is based on the KryptoCibule malware.

Attackers are targeting the Discord servers of several popular nonfungible token projects. According to Fraser, Discord API leaks "The name, description, members list, and activity data for every private channel on every server." He explained he stumbled on the issue while setting up an automated script to notify him anytime a user enters a certain keyword.

In an ArXiv paper titled "YASM," Kaspar Rosager Ludvigsen and Shishir Nagaraja, of the University of Strathclyde, and Angela Daly, of the Leverhulme Research Center for Forensic Science and Dundee Law School, in Scotland, revisit CSS as a way to ferret out CSAM and conclude the technology is both ineffective and unjustified. Client-side scanning in this context involves running software on people's devices to identify unlawful images - generally those related to the exploitation of children but EU lawmakers have also discussed using CSS to flag content related to terrorism and organized crime.

International law enforcement has taken down the infrastructure behind Flubot, a nasty piece of malware which had been spreading with unprecedented speed across Android devices globally since December 2020. Europol revealed Wednesday that a collaboration between law enforcement in 11 countries led to the disruption of the Flubot network in early May by Dutch Police, or Politie, "Rendering this strain of malware inactive," according to the agency.