Security News

Microsoft says attackers increasingly use malicious Internet Information Services web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells. Microsoft previously saw custom IIS backdoors installed after threat actors exploited ZOHO ManageEngine ADSelfService Plus and SolarWinds Orion vulnerabilities.

Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk," the State Service of Special Communications and Information Protection of Ukraine said in an update.

Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack's precision and the speed of moving from initial access to the final stage of encrypting devices. The Conti ransomware operation launched in 2020 to replace Ryuk and quickly grew to infamy after attacking victims in both the private and the public sector, including local governments in the U.S., schools, and national healthcare systems.

Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Security researchers at Palo Alto Networks' Unit 42 say that the attackers' goal was to plant a PHP web shell that could run arbitrary commands on the compromised communications server.

A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos. The kit is hosted on legitimate WordPress websites that have been hacked, which allows it to evade detection to a certain degree.

Hotel giant Marriott International confirmed it was hit by another data breach after an unknown threat actor breached one of its properties and stole 20GB of files. "The threat actor used social engineering to trick one associate at a single Marriott hotel into providing access to the associate's computer. The threat actor did not impersonate any Marriott vendor."

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.

The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals. On Thursday, Israel's The Privacy Protection Authority on Thursday confirmed the cyberattack, which is believed to be the work of an Iranian threat actor, The Times of Israel reports.

Threat actors are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other verified users' credentials. Twitter verifies accounts if they are considered notable influencers, celebrities, politicians, journalists, activists, and government and private organizations.

We wish to provide the suspect an opportunity to communicate with the Harmony Foundation and return all funds. The Harmony team is interested in communicating and negotiating.