Security News
Identity-management-as-a-service outfit Okta has acknowledged that it made an important mistake in its handling of the attack on a supplier by extortion gang Lapsus$. In an FAQ published last Friday, Okta offered a full timeline of the incident, starting from January 20 when the company learned "a new factor was added to a Sitel customer support engineer's Okta account."
The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers said in a report published on March 25, 2022.
The Cybersecurity and Infrastructure Security Agency has added a massive set of 66 actively exploited vulnerabilities to its catalog of 'Known Exploited Vulnerabilities. The new set of 66 actively exploited vulnerabilities published by CISA spans disclosure dates between 2005 and 2022, covering a broad spectrum of software and hardware types and versions.
Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild. This update was available immediately when BleepingComputer checked for new updates by going into Chrome menu > Help > About Google Chrome.
These are examples of supply chain compromises that infiltrate a company's software directly, but there's another common attack vector; email. How can you filter it from the herd of legitimate emails entering your systems? Darktrace argues that it's time for a new approach.
Researchers have disclosed a 'replay attack' vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance. Honda owners may be able to take some action to protect themselves against this attack.
The United States Department of Justice has unsealed a pair of indictments that detail alleged Russian government hackers' efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure around the world - including at least one nuclear power plant. The trio allegedly spent 2012 to 2014 working on a project code-named "Dragonfly" during which a supply chain attack targeted updates of industrial control systems and supervisory control and data acquisition systems.
Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks. The company said in a notice sent to affected clients that, "On or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.
The attacks are not just growing in number, but also in scale, as the telecommunications company says IoT botnet and amplifier attack capacity exceeds 10Tbps, a significant increase of three-to-four times the size of attacks previously reported. Last year, Nokia shared its findings as part of its DDoS 2021 report, showing that by mid-year the most impactful DDoS were originating from high-bandwidth, high packet-rate, volumetric DDoS attacks.
In the past, cybercriminals didn't focus so much on the left side of the attack kill chain-let's call it "The pre-attack framework." But now, we are starting to see more and more cases of cybercriminal empires focusing on that pre-attack framework and hopping on fresh zero-day vulnerabilities. It hasn't been the typical behavior of cybercriminals to use sophisticated attack methods.