Security News > 2022 > December
Russia's second-largest financial institution VTB Bank says it is facing the worse cyberattack in its history after its website and mobile apps were taken offline due to an ongoing DDoS...
Russia's second-largest financial institution VTB Bank says it is facing the worse cyberattack in its history after its website and mobile apps were taken offline due to an ongoing DDoS attack. "At present, the VTB technological infrastructure is under unprecedented cyberattack from abroad," stated a VTB spokesperson to TASS. "It is not only the largest cyberattack recorded this year, but in the entire history of the bank."
Regular password resets mean a stolen password is suitable for a limited time. When a breached password is found, forcing a password reset ensures users do not continue to use insecure passwords.
Attackers have taken over at least one expired domain that used to host a popular JavaScript library and used it to deliver web skimming scripts to a number of e-commerce sites. "The victim websites had years to remove the dead link that was leveraged by attackers but didn't - likely due to a lack of visibility about third-party scripts running on their websites and poor security hygiene," Jscrambler researchers noted.
A botnet operator is kicking themselves and probably hoping no one noticed the typo they transmitted in a command that crashed their whole operation. Even worse for the operator(s), their Golang-coded KmsdBot lacked persistence, meaning the whole botnet is toast thanks to the apparent decision to forgo error handling.
Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that's designed to specifically cater to mobile malware operators. "The automation allows other bad actors to create orders to receive the most up to date web injects for further implementation into mobile malware," Resecurity said.
OpenAI's newly unveiled ChatGPT bot is making waves when it comes to all the amazing things it can do-from writing music to coding to generating vulnerability exploits, and what not. Yesterday, BleepingComputer ran a piece listing 10 coolest things you can do with ChatGPT. And, that doesn't even begin to cover all use cases like having the AI compose music for you [1, 2]. Within six days of its launch, ChatGPT surpassed a million users to the extent its servers couldn't keep up.
Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable...
Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks. The Trojan corrupts any data that's not vital for the functioning of the operating system.
Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome, which is being exploited by attackers in the wild. "Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Srinivas Sista, Technical program manager for Google Chrome, explained.