Security News

The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication, thereby making it possible for the adversary to take advantage of the target's bring-your-own-device policy and introduce their own rogue devices using the pilfered credentials. "Stolen credentials were then leveraged in the second phase, in which attackers used compromised accounts to expand their foothold within the organization via lateral phishing as well as beyond the network via outbound spam."

Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second distributed denial of service attack targeting an Azure customer from Asia in November. Two more large size attacks followed this in December, also targeting Asian Azure customers, a 3.25 Tbps UDP attack on ports 80 and 443 and a 2.55 Tbps UDP flood on port 443.

The consequence of a Log4Shell attack is that the exploited server tries to download code from an internet site owned by the attacker. Even if a Log4Shell vulnerability is exploited in the server, it cannot download and later run any malicious code, as the outgoing traffic from the DMZ to the internet would have been prohibited.

Digital identification is the focus of two reports by the European Union Agency for Cybersecurity: an analysis of self-sovereign identity and a study of major face presentation attacks. The technologies falling under the name of self-sovereign identity consist in giving identity holders greater control over their identity.

A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. "The exploit used to gain code execution in the browser is quite complex and had more than 1,000 lines of code once formatted nicely," ESET researchers said.

Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks. A recent blog post from security firm Barracuda Networks looks at the rise in phishing campaigns that exploit the concerns over such testing.

In late 2021, a never before seen macOS backdoor was delivered to pro-democracy individuals in Hong Kong via fake and compromised sites by exploiting vulnerabilities in Webkit, the browser engine powering Safari, and XNU, the macOS and iOS kernel. On Tuesday, ESET researchers shared their knowledge about the attacks and the results of the analysis of that final malicious payload: a macOS backdoor with many capabilities, including collecting and exfiltrating system information, executing files, starting a remote screen session, dumping the contents of the victims' iCloud Keychain, and more.

The Nobel Foundation and the Norwegian Nobel Institute have disclosed a cyber-attack that unfolded during the award ceremony on December 10, 2021. The Nobel prize ceremony is being live-streamed from Oslo and Stockholm, and as such, DDoS attacks can interrupt the video feed and possibly even blemish the prestige of the institution.

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. TrickBot has proven to be impervious to takedown attempts, what with the operators quickly adjusting their techniques to propagate multi-stage malware through phishing and malspam attacks, not to mention expand their distribution channels by partnering with other affiliates like Shathak to increase scale and drive profits.

VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. Microsoft also warned two weeks ago of a Chinese-speaking threat actor tracked as DEV-0401 who deploys Night Sky ransomware on Internet-exposed VMware Horizon servers using Log4Shell exploits.