Security News

The North Korea-linked ScarCruft advanced persistent threat group has developed a fresh, multiplatform malware family for attacking North Korean defectors, journalists and government organizations involved in Korean Peninsula affairs. ScarCruft specifically controls the malware using a PHP script on a compromised web server, directing the binaries based on HTTP parameters.

Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last week after suffering a debilitating distributed denial of service attack. The admins posted that message on November 23, 2021, and today, Cannazon went offline, allegedly forever.

An APWG's report reveals that it saw 260,642 phishing attacks in July 2021 - the highest monthly total observed since APWG began its reporting program in 2004. Overall, the number of phishing attacks has doubled from early 2020.

Firstly, crooks show up fast: occasionally, it takes them days to find newly-started, insecure cloud instances and break in, but Google wrote that discover-break-and-enter times were "As little as 30 minutes." Importantly, in our research, the cloud instances we used weren't the sort of cloud server that a typical company would set up, given that they were never actually named via DNS, advertised, linked to, or used for any real-world purpose.

Twenty percent of America's largest 100 defense contractors are highly susceptible to a ransomware attack, according to a research from Black Kite. Nearly 43% of federal defense contractors have out-of-date systems, contributing to a "D+" rating in patch management.

The Security Service of Ukraine has arrested five members of the international 'Phoenix' hacking group who specialize in the remote hacking of mobile devices. The goal of 'Phoenix' was to gain remote access to the accounts of mobile device users and then monetize them by hijacking their e-payment or bank accounts or selling their private information to third parties.

Cymulate announced the results of a survey, revealing that despite the increase in the number of ransomware attacks this past year, overall victims suffered limited damage in both severity and duration. Key highlights More than half - whether previously hit by ransomware or not - don't feel confident they can fend off a ransomware attack.

A team of Italian researchers has compiled a set of three attacks called 'Printjack,' warning users of the significant consequences of over-trusting their printer. The first type of Printjack attack is to recruit the printer in a DDoS swarm, and threat actors can do this by exploiting a known RCE vulnerability with a publicly available PoC. The researchers use CVE-2014-3741 as an example but underline that at least a few dozen other vulnerabilities are available in the MITRE database.

Threat actors can launch DCSync attacks using tools like Mimikatz or the Get-ADReplAccount cmdlet from DSInternals. Stopping DCSync attacks is not as easy.

"Based on intelligence garnered from the Arkose Labs Network, we predict a 60 percent increase in attacks for the upcoming 2021 holiday shopping season. No digital business is immune to this threat." It is estimated that eight million attacks will occur daily during the 2021 holiday shopping season that is now underway.