Security News

A research from Arkose Labs has revealed that there were over two billion credential stuffing attacks during the last 12 months, growing exponentially during the period from October 2020 to September 2021. According to the research analysts, last year credential stuffing rose 56% during the Christmas and New Year shopping period, with predictions that this same period in 2021 will see up to eight million attacks on consumers every day.

Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal. The spotlight in November was stolen by the PYSA ransomware group, which had an explosive rise in infections, recording an increase of 50%. Other dominant ransomware groups are Lockbit and Conti, which launched attacks against critical entities, albeit fewer than in previous months.

Another Zoho ManageEngine zero-day vulnerability is under active attack from an APT group, this time looking to override legitimate functions of servers running ManageEngine Desktop Central and elevate privileges - with an ultimate goal of dropping malware onto organizations' networks, the FBI has warned. There is also evidence to support that it's being used in an attack chain with two other Zoho bugs that researchers have observed under attack since September, according to the alert.

Facebook's parent company Meta Platforms on Monday said it has filed a federal lawsuit in the U.S. state of California against bad actors who operated more than 39,000 phishing websites that impersonated its digital properties to mislead unsuspecting users into divulging their login credentials. The attacks were carried out using a relay service, Ngrok, that redirected internet traffic to the phishing websites in a manner that concealed the true location of the fraudulent infrastructure.

The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. As of today, Monday, Dec. 20, the attack chain has taken the following form, AdvIntel's Yelisey Boguslavskiy told Threatpost: Emotet -> Cobalt Strike -> Human Exploitation -> -> Kerberoast -> brute -> vCenter ESXi with log4shell scan for vCenter.

Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims. In a new report by INKY, researchers explain that threat actors are impersonating Phizer in a phishing email campaign that started around August 15, 2021.

The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell was fixed by releasing Log4j v2.15.0. There is going to be continued focus on log4j vulns for some time.

22% of employees are likely to expose their organization to the risk of cyber attack via a successful phishing attempt, a Phished report reveals. Analysis of the broad and diverse data set reveals how vulnerable the average employee is to phishing attacks and offers insight into key trends, including which topics lead to the most successful phishing attacks and which message formats are most likely to trick employees.

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability," Matthew Warner, CTO of Blumira, said.

The Log4j JNDI attack and how to prevent itThe disclosure of the critical Log4Shell vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the entire information security community, but most of all those who are tasked with keeping enterprise systems and network secure. Ransomware hits HR solutions provider Kronos, locking customers out of vital servicesThe end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group, one of the biggest HR and workforce management solutions providers in the US. Microsoft patches spoofing vulnerability exploited by EmotetMicrosoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability actively exploited to deliver Emotet/Trickbot/Bazaloader malware family.