Security News > 2022

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]
2022-12-29 18:20

DUCK. Today's topic is: Incident response - A day in the life of a cyberthreat responder. PETER. Typically, we're brought in either just after an attack or while one is still unfolding.

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
2022-12-29 09:43

Thousands of Citrix Application Delivery Controller and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. Citrix and the U.S. National Security Agency, earlier this month, warned that CVE-2022-27518 is being actively exploited in the wild by threat actors, including the China-linked APT5 state-sponsored group.

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
2022-12-29 07:48

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced on top of Google search results in the form of malicious ads by hijacking searches for specific keywords.

Twitter data of “+400 million unique users” up for sale – what to do?
2022-12-28 19:59

I'm selling data of +400 million unique Twitter users that was scraped via a vulnerability, this data is completely private. Although the crooks behind this data sell-off wrote that the information "Includes emails and phone numbers", it seems likely that's the only truly private data in the dump, given that it seems to have been acquired back in 2021, using a vulnerability that Twitter says it fixed back in January 2022.

QR Code Scam
2022-12-28 18:14

The number of eggs you get from a laying bird their size and quality changes significantly. Such birds are not considered "Cosmetically viable" or "Not worth the feed" you can by these hens at livestock markets for eating or pets, make sure you make clear what you want it for, othereise they might wring the birds neck as a service.

How to deploy a self-hosted instance of the Passbolt password manager
2022-12-28 17:23

Passbolt is a password manager you can use for team collaboration, and it offers plenty of the features you've grown accustomed to having at your fingertips, such as a random password generator, team collaboration, folders, tags and user access control. This password manager is designed specifically for Agile and DevOps teams, and it's application programming interface-centric and developer-first.

BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies
2022-12-28 10:16

Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies. "With maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds," BitKeep CEO Kevin Como said, describing it as a "Large-scale hacking incident."

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
2022-12-28 07:12

Now according to Cisco Talos, advanced persistent threat actors and commodity malware families alike are increasingly using Excel add-in files as an initial intrusion vector. One such method turns out to be XLL files, which is described by Microsoft as a "Type of dynamic link library file that can only be opened by Excel."

US House boots TikTok from government phones
2022-12-28 00:12

The US government's New Year's resolution for 2023: no more TikTok at work. In an email to members and staff Tuesday, the Committee on House Administration banned the use of TikTok from House-managed mobile devices.

Stolen info on 400m+ Twitter accounts seemingly up for sale
2022-12-27 20:01

A miscreant this Christmas weekend said they are willing to sell public and private info on more than 400 million Twitter accounts. The records were apparently scraped in 2021 via a security flaw fixed earlier this year in a backend API that the Twitter Android app used.