Security News

As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network. Over 200,000 devices from the Taiwanese manufacturer are said to have the vulnerable service currently exposed on the internet and would require no user interaction to be exploited.

Hackers attempted to extort the online survey platform QuestionPro after claiming to have stolen the company's database containing respondents' personal information. QuestionPro said that customers will be alerted of a data theft incident if it is determined that a data breach occurred.

Security researchers found a new service called Dark Utilities that provides an easy and inexpensive way for cybercriminals to set up a command and control center for their malicious operations. The Dark Utilities service provides threat actors a platform that supports Windows, Linux, and Python-based payloads, and eliminates the effort associated with implementing a C2 communication channel.

Hackers steal almost $200 million from crypto firm Nomad. U.S. crypto firm Nomad has been the victim of a digital theft that saw hackers make off with $190 million of cryptocurrencies owned by users of the service. On August 1, Nomad confirmed the theft in a tweet that said: "We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them."

Researchers have observed a new post-exploitation attack framework used in the wild, named Manjusaka, which can be deployed as an alternative to the widely abused Cobalt Strike toolset or parallel to it for redundancy. Its RAT implants support command execution, file access, network reconnaissance, and more, so hackers can use it for the same operational goals as Cobalt Strike.

A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. "The Frankston man engaged with a network of individuals and sold the spyware, named Imminent Monitor, to more than 14,500 individuals across 128 countries," the Australian Federal Police alleged in a press release over the weekend.

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name Kimsuky. SharpTongue has a history of singling out individuals working for organizations in the U.S., Europe, and South Korea who "Work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea," researchers Paul Rascagneres and Thomas Lancaster said.

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via infected USB devices containing malicious a.LNK files to other devices in the target network.

With Microsoft taking steps to block Excel 4.0 and Visual Basic for Applications macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures. In its place, adversaries are increasingly pivoting away from macro-enabled documents to other alternatives, including container files such as ISO and RAR as well as Windows Shortcut files in campaigns to distribute malware.

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward," the department said in a tweet.