Security News > 2022 > July

SHI International, a New Jersey-based provider of Information Technology products and services, has confirmed that a malware attack hit its network over the weekend. "Over the Fourth of July holiday weekend, SHI was the target of a coordinated and professional malware attack," SHI said in a statement.

Amazon Prime Day is one such seasonal event in which the retail giant kicks off a series of tempting sales for consumers looking to save money. In advance of this year's Amazon Prime Day set for July 12 and 13, Check Point said it has seen a 37% jump in Amazon-related phishing attacks at the start of July compared with the daily average for June.

A security advisory for a vulnerability published by MITRE has accidentally been exposing links to remote admin consoles of over a dozen vulnerable IP devices since at least April 2022. A vulnerability advisory published by MITRE for a high-severity information disclosure vulnerability in April ironically disclosed links to over a dozen live IoT devices vulnerable to the flaw.

The Department of Commerce's National Institute of Standards and Technology has chosen four encryption algorithms that are designed to withstand the hacking of a future quantum computer and protect digital information. NIST said all four of the algorithms were created by experts collaborating from multiple countries and institutions.

Heartbleed can probably be considered a prime early example of what Naked Security jokingly refer to as the BWAIN process, short for Bug With An Impressive Name. We don't think these latest bugs reach that level of exploitability or immediate danger.

Apple announced that a new security feature known as Lockdown Mode will roll out with iOS 16, iPadOS 16, and macOS Ventura to protect high-risk individuals like human rights defenders, journalists, and dissidents against targeted spyware attacks. Once enabled, the Lockdown Mode will provide Apple customers with messaging, web browsing, and connectivity protections designed to block mercenary spyware used by government-backed hackers to monitor their Apple devices after infecting them with malware.

The Hive group, which has become one of the most prolific ransomware-as-a-service operators, has significantly overhauled its malware, including migrating the code to the Rust programming language and using a more complex file encryption process. "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," the researchers said in a write-up this week.

Cyberattacks interrupt unemployment benefits in multiple states. AP News found that several states are dealing with a disruption of unemployment benefits caused by cyberattacks, leading to missed payments for those still out of work.

APT hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. In 2020, Chetan Nayak, an ex-red teamer at Mandiant and CrowdStrike, released Brute Ratel Command and Control Center as an alternative to Cobalt Strike for red team penetration testing engagements.

APT hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. In 2020, Chetan Nayak, an ex-red teamer at Mandiant and CrowdStrike, released Brute Ratel Command and Control Center as an alternative to Cobalt Strike for red team penetration testing engagements.