Security News

Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half of 2022. Unit 42 logged activity leveraging CVE-2021-35394 from all over the world but almost half of the attacks originated from the United States.

A new Python-based malware has been spotted in the wild featuring remote access trojan capabilities to give its operators control over the breached systems. The PY#RATION malware is distributed via a phishing campaign that uses password-protected ZIP file attachments containing two shortcut.

In surprisingly sharp contrast, ransomware attacks accounted for only $50 million of those losses. In this Help Net Security video, Dror Liwer, Co-Founder of Coro, talks about what makes small and medium-sized businesses especially vulnerable to this form of attack and why BEC's contribution to the country's annual cyber losses not only makes sense but is likely underreported.

The researchers explain that attackers using search engine optimization poisoning are generally more successful "When they SEO poison the results of popular downloads associated with organizations that do not have extensive internal brand protection resources." SEO poisoning attacks consist of altering search engines results so that the first advertised links actually lead to attacker controlled sites, generally to infect visitors with malware or to attract more people on ad fraud.

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation," SentinelOne said in an analysis published today.

Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain. By chaining two security flaws disclosed last week, threat actors can bypass authentication and execute arbitrary commands on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.

The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company's customers this week. PayPal attributed this privacy breach to "Unauthorized parties," who accessed accounts using customer login credentials.

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data. Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.

A new critical remote code execution flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "By abusing the vulnerability, attackers can deploy malicious ZIP files containing a payload to the victim's Azure application."

An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents. Security researchers at email security provider Avanan named it "Blank Image." They explain that the attack allows phishing actors to evade detection of redirect URLs.