Security News > 2023 > February

Mounting cybersecurity pressure is creating headaches in railway boardroomsIn this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways, and co-chair to the Dutch and European Rail ISAC, talks about cyber attacks on railway systems, build a practical cybersecurity approach, as well as cyber legislation. Attackers used malicious "Verified" OAuth apps to infiltrate organizations' O365 email accountsMalicious third-party OAuth apps with an evident "Publisher identity verified" badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared.

The New York attorney general's office has announced a $410,000 fine for a stalkerware developer who used 16 companies to promote surveillance tools illegally. Patrick Hinchy, the spyware vendor, also agreed to alert his customers' victims that their phones are being secretly monitored using one of his multiple apps, including Auto Forward, Easy Spy, DDI Utilities, Highster Mobile, PhoneSpector, Surepoint, or TurboSpy.

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. "PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS, enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks," researchers Francesco Iubatti and Alessandro Strino said.

Microsoft believes the gang who boasted it had stolen and leaked more than 200,000 Charlie Hebdo subscribers' personal information is none other than a Tehran-backed gang. On January 4, a previously unknown cyber-crime group that called itself Holy Souls claimed to have stolen a Charlie Hebdo database containing 230,000 customers' names, email addresses, phone numbers, addresses, and financial information, and offered it for sale for about $340,000.

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution," the virtualization services provider noted.

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. The vulnerability is a case of remote code injection that requires access to the administrative console of the application, making it imperative that the systems are not exposed to the public internet.

Bermuda experienced a widespread power outage since Friday evening which impacted the island's internet and phone service availability. Reports suggest the massive power outage across the British Overseas Territory also hit much of the region's internet connectivity with some customers additionally losing their telephone connection.

Bermuda experienced a widespread power outage since Friday evening which impacted the island's internet and phone service availability. Power surges that often follow a power cut can be damaging to voltage-sensitive devices like laptop computers, mobile phones, medical equipment, etc.

While the week started slowly, it turned into a big ransomware mess, with attacks striking a big blow at businesses running VMware ESXi servers. The attacks started Friday morning, with threat actors targeting unpatched VMware ESXi servers with a new ransomware variant dubbed ESXiArgs.

A sneaky botnet dubbed HeadCrab that uses bespoke malware to mine for Monero has infected at least 1,200 Redis servers in the last 18 months. "The victims seem to have little in common, but the attacker seems to mainly target Redis servers and has a deep understanding and expertise in Redis modules and APIs as demonstrated by the malware," Asaf Eitani and Nitzan Yaakov reported.