Security News > 2022 > August

In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks. Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user's typed activity on the infected watering hole website.

Microsoft Azure customers' virtual machines running Ubuntu 18.04 have been taken offline by an ongoing outage caused by a faulty systemd update. Microsoft says in an incident report published on the Azure status page that these DNS issues only affect VMs running Ubuntu 18.04.

Threat analysts at McAfee found five Google Chrome extensions that steal track users' browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times.

As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell,.NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRat, to enable various stages of their operations," Cisco Talos researcher Vanja Svajcer said in a report shared with The Hacker News.

Stellar Cyber currently counts 20+ of the top MSSP providers as customers, providing security for over 3 million assets. We recently took a closer look at the Stellar Cyber Security Operations Platform.

To find out how current CISOs landed in that role, their aspirations, the compensation they receive, and which risks they face and responsibilities they shoulder, analysts with international executive search firm Heidrick & Struggles have asked 327 CISOs to participate in their 2022 Global CISO Survey. Who reports to CISOs and to whom do the CISOs report?

The Federal Trade Commission has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. "Defendant's violations are in connection with acquiring consumers' precise geolocation data and selling the data in a format that allows entities to track the consumers' movements to and from sensitive locations, including, among others, locations associated with medical care, reproductive health, religious worship, mental health temporary shelters, such as shelters for the homeless, domestic violence survivors, or other at risk populations, and addiction recovery," the lawsuit reads.

Google will now pay security researchers to find and report bugs in the latest versions of Google-released open-source software.The company's newly announced Vulnerability Reward Program focuses on Google software and repository settings.

Watch out: someone is spreading cryptocurrency-mining malware disguised as legitimate-looking applications, such as Google Translate, on free software download sites and through Google searches. "The malware is dropped from applications that are popular, but don't have an actual desktop version, such as Google Translate, keeping the malware versions in demand and exclusive," Check Point malware analyst Moshe Marelus wrote in a report Monday.

Radware released a report revealing that the number of malicious DDoS attacks climbed by 203% compared to the first six months of 2021. This Help Net Security video provides information about the rise of DDoS activity launched by patriotic hacktivists.