Security News

The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals. On Thursday, Israel's The Privacy Protection Authority on Thursday confirmed the cyberattack, which is believed to be the work of an Iranian threat actor, The Times of Israel reports.

Threat actors are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other verified users' credentials. Twitter verifies accounts if they are considered notable influencers, celebrities, politicians, journalists, activists, and government and private organizations.

We wish to provide the suspect an opportunity to communicate with the Harmony Foundation and return all funds. The Harmony team is interested in communicating and negotiating.

An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.

The U.S. Department of Justice on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things devices, Android phones, and computers for use as a proxy service. "The RSOCKS botnet offered its clients access to IP addresses assigned to devices that had been hacked," the DoJ said in a press release.

Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. Two weeks after the initial compromise using an unpatched Exchange server as an entry vector, the threat actor deployed BlackCat ransomware payloads across the network via PsExec.

Ransomware gangs are now targeting a recently patched and actively exploited remote code execution vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. Ransomware starts circling unpatched Confluence servers.

Microsoft has announced a new feature for Microsoft Defender for Endpoint to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network.There's a catch: the new MDE capability works only with onboarded devices running Windows 10 and later or Windows Server 2019 and later.

Two two American gun shops, Rainier Arms and Numrich Gun Parts, that operate e-commerce sites have disclosed data breaches resulting from card skimmer infections on their sites. Credit card skimmers are malicious JavaScript code either embedded on the sites or fetched from a remote resource by a seemingly innocuous element, such as a favicon.

American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data. The ransomware group published a new page on its data leak website earlier today, saying that the 356,841 files they allegedly stole from Mandiant will be leaked online.