Security News

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile.

The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking."On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "He remains in police custody."

Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product.The issue, tracked as CVE-2022-3236, impacts Sophos Firewall v19.0 MR1 and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution.

GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication codes by impersonating the CircleCI DevOps platform. The fraudulent messages claim to notify users that their CircleCI sessions have expired and that they should log in using GitHub credentials by clicking on a link.

The cyber department of Ukraine's Security Service has taken down a group of hackers that stole accounts of about 30 million individuals and sold them on the dark web. The SSU says that the threat actor offered data packs, which were purchased in bulk by pro-Kremlin propagandists, who then used the accounts to spread fake news on social media, instill panic, and cause destabilization in Ukraine and other countries.

Cyber security is one of the fastest growing sectors in the tech industry. Want to train for a career that offers a ton of upside? Then start your education now with the convenient and affordable 2023 Complete Cyber Security Ethical Hacking Certification Bundle, offered to readers at a discounted price of just $34.99.

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency said in a notice.

Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. "Void Balaur primarily dabbles in cyber espionage and data theft, selling the stolen information to anyone willing to pay," Trend Micro noted at the time.

Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. The unauthorized access to the cloud tenant permitted the adversary to register a malicious OAuth application and grant it elevated permissions, and eventually modify Exchange Server settings to allow inbound emails from specific IP addresses to be routed through the compromised email server.

GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform. "While GitHub itself was not affected, the campaign has impacted many victim organizations," GitHub informs in an advisory on Wednesday.