Security News

Admins, hosting providers, and the French Computer Emergency Response Team warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. "As current investigations, these attack campaigns appear to be exploiting the vulnerability CVE-2021-21974, for which a patch has been available since 23 February 2021," CERT-FR said.

The U.S. Cybersecurity and Infrastructure Security Agency on February 2 added two security flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587, a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product.

NET loaders that are highly obfuscated and dropping info-stealer malware. The loaders are distributing the Formbook info-stealing malware collection as part of an ongoing campaign, the researchers write in a report out this week.

The LockBit ransomware gang has claimed responsibility for the cyberattack on ION Group, a UK-based software company whose products are used by financial institutions, banks, and corporations for trading, investment management, and market analytics.On January 31, 2023, the firm disclosed the incident in a short statement saying that it impacted ION Cleared Derivatives, a division of ION Markets.

During the first half of 2022, we saw the emergence of the first trinity attack that used three TTPs from the OWASP list. While our tracking revealed these attacks only represented a small proportion of the attacks monitored - 100 million - the rate of trinity attacks was consistent throughout the year, indicating that it must be paying off as a technique.

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. Google sent notices of a data breach to Google Fi customers this week, informing them that the incident exposed their phone numbers, SIM card serial numbers, account status, account activation date, and mobile service plan details.

The firm previously identified four kinds of financial supply chain compromise, which dispense with impersonation of internal executives at the target company and instead wear the garb of one of the company's vendors. Abnormal Security says Firebrick Ostrich has used one of these types of financial supply chain compromises - third-party reconnaissance attacks - to commit 346 BEC campaigns dating back to April 2021, impersonating 151 organizations and using 212 maliciously registered domains, nearly all in the U.S. Crane Hassold, director of threat intelligence at Abnormal Security, said the amount of money that can be gotten from external, third-party impersonation is three times higher than traditional BEC exploits, and that their success stems from awareness deficit, as companies and their employees are trained to look for emails impersonating an internal executive, not a vendor.

Arnold Clark, self-described as Europe's largest independent car retailer, is notifying some customers that their personal information was stolen in a December 23 cyberattack claimed by the Play ransomware group. The company said in emails sent to affected clients on Tuesday that the stolen data includes ID information and banking details.

A new DDoS-as-a-Service platform named 'Passion' was seen used in recent attacks by pro-Russian hacktivists against medical institutions in the United States and Europe. "The Passion Botnet was leveraged during the attacks on January 27th, targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom as retaliation for sending tanks in support of Ukraine," said Radware researchers.

Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting Internet-exposed and unpatched QNAP devices. While QNAP hasn't tagged this flaw as being actively exploited in the wild, customers are advised to update to the latest available software version as soon as possible since NAS devices have a long history of being targeted in ransomware attacks.