Security News > 2022 > June

Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need. "The ransomware group propagates very unusual demands in exchange for the decryption key," researchers from CloudSEK said in a report published last week.

An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud. "Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines."

An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot. "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement.

As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the Georgia Institute of Technology.

A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a report shared with The Hacker News.

Nathaniel Chastain, a former product manager at OpenSea, the largest online non-fungible token marketplace, has been arrested and charged by the U.S. Department of Justice with NFT insider trading. This is the first time someone was charged for their involvement in what the DOJ describes as a "Digital Asset Insider Trading Scheme."

Hackers have targeted poorly secured Elasticsearch databases and replaced 450 indexes with ransom notes asking for $620 to restore contents, amounting to a total demand of $279,000. This campaign is not new, and we have seen similar opportunistic attacks numerous times before, and against other database management systems, too [1, 2, 3]. Restoring the database contents by paying the hackers is an unlikely scenario, as the practical and financial challenge for the attacker to store the data of so many databases is unfeasible.

The Federal Bureau of Investigation and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and provide DDoS attack services. To was selling subscriptions allowing its users to search a database containing information stolen in more than 10,000 data breaches.

Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Here’s the advisory, which includes a work-around until a patch is available.

Several U.S. federal agencies warned organizations today against paying ransom demands made by the Karakurt gang since that will not prevent their stolen data from being sold to others. Karakurt, the data extortion arm of the Conti ransomware gang and cybercrime syndicate, is focused on stealing data from companies since at least June 2021 and forcing them into paying ransoms under the threat of publishing the information online.