Security News

The Securities and Exchange Commission has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. The alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues warnings to inform investors about the latest developments in investment frauds and scams.

Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails. TrendMicro researchers have discovered an interesting tactic used of distributing malicious email to a company's internal users using the victim's compromised Microsoft exchange servers.

Sky, a U.K. broadband provider, left about 6 million customers' underbellies exposed to attackers who could remotely sink their fangs into their home networks: a nice, soft attack surface left that way for nearly 18 months as the company tried to fix a DNS rebinding vulnerability in customers' routers. Pen Test Partners reported the problem to Sky Broadband - a broadband service offered by Sky UK in the United Kingdom - on May 11, 2020 and then chased Sky for a repeatedly postponed update, the security firm said in a post.

Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers. DNS rebinding attacks are used to bypass a browser security measure called Same Origin Policy, which blocks a site from sending requests to websites other than its own origin.

Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. From Kaminsky Attack to SAD DNS. DNS cache poisoning, also called DNS spoofing, is a technique in which corrupt data is introduced into a DNS resolver's cache, so that DNS queries return an incorrect response for a trusted domain and users are directed to malicious websites.

Phishing emails are now skating past traditional defenses. Even with the most sophisticated email scanning and phishing detection system available, phishing emails are still a very common intrusion vector for cybercriminals to use to introduce malware, including ransomware, to a business' network.

A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia. Active since 2018, RedCurl is responsible for at least 30 attacks against businesses in Russia, Ukraine, Canada, Norway, the UK, and Germany, the latest four of them occurring this year.

A quarter of security pros polled by Cybereason said they lack a plan to deal with a ransomware attack during a weekend or holiday. Polled in September of 2021, the respondents all worked for organizations that had been hit by a ransomware attack during a holiday or weekend over the past 12 months.

Israeli spyware vendor Candiru, which was added to an economic blocklist by the U.S. government this month, is said to have reportedly waged "Watering hole" attacks against high-profile entities in the U.K. and the Middle East, new findings reveal. The strategic web compromises are believed to have occurred in two waves, the first commencing as early as March 2020 before ending in August 2020, and the second string of attacks beginning in January 2021 and lasting until early August 2021, when the targeted websites were stripped clean off the malicious scripts.

A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or negotiate a ransom. "The group openly states that their motivation in attacking Israeli companies is to cause damage by leaking the stolen sensitive data and encrypting the victim's networks, with no ransom demand," Check Point Research said in a report published Monday.