Security News

Google's Threat Analysis Group has blocked dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide. Hack-for-hire groups target individuals and organizations in data theft and corporate espionage campaigns, with past victims including politicians, journalists, human rights and political activists, and various other high-risk users from all over the world.

A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.

Semiconductor giant AMD says they are investigating a cyberattack after the RansomHouse gang claimed to have stolen 450 GB of data from the company last year. RansomHouse is a data extortion group that breaches corporate networks, steals data, and then demands a ransom payment to not publicly leak the data or sell it to other threat actors.

Credential stuffing is a technique by which attackers try likely username and password combinations until they gain access to one or more accounts. A 2021 study by Specops Software found that users often use the name of their favorite band as their password AC/DC, Metallica, and KISS were all popular password choices.

A Chinese-speaking threat actor has hacked into the building automation systems of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks. The APT group, whose activity was spotted by Kaspersky ICS CERT researchers, focused on devices unpatched against CVE-2021-26855, one of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon.

The U.S. Cybersecurity and Infrastructure Security Agency, along with the Coast Guard Cyber Command, on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and servers," the agencies said.

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway servers using the Log4Shell remote code execution vulnerability. Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks until they gain access to internal systems containing sensitive data.

From Radware, a hacktivist group called DragonForce Malaysia, "With the assistance of several other threat groups, has begun indiscriminately scanning, defacing and launching denial-of-service attacks against numerous websites in India." In addition to DDoS, their targeted campaign - dubbed "OpsPatuk" - involves advanced threat actors "Leveraging current exploits, breaching networks and leaking data." DragonForce Malaysia - best known for their hacktivism in support of the Palestinian cause - have turned their attention on India this time, in response to a controversial comment made by a Hindu political spokesperson about the Prophet Mohammed.

Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab's Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam. Earlier this morning, the Discord account for a Yuga Labs community manager was allegedly hacked to post a phishing scam on the company's Discord servers.

Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon's 15th annual Data Breach Investigations Report. In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware - up 13% this year - and the inescapability of the "Human element", which was tied to 82% of all breaches.