Security News

As we all know, there are many ways that attackers with time, patience and the gift of the gab can persuade even a well-informed and well-meaning user to help them bypass the security processes that are supposed to keep them out. Typically, attackers will deliberately look for and use known security vulnerabilities internally, even though they couldn't find a way to exploit them from the outside because the defenders had taken the trouble to protect against them at the network perimeter.

The Singapore division of Starbucks, the popular American coffeehouse chain, has admitted that it suffered a data breach incident impacting over 219,000 of its customers. This breach concerns only customers who have used the Starbucks mobile app to make orders or used the chain's online store to purchase goods from one of the 125 shops the chain operates in Singapore.

A threat with a North Korea nexus has been found leveraging a "Novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. "UNC4034 established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility," Mandiant researchers said.

Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. The Kinsing actors have also been involved in campaigns against container environments via misconfigured open Docker Daemon API ports to launch a crypto miner and subsequently spread the malware to other containers and hosts.

North Korean hackers are using trojanized versions of the PuTTY SSH client to deploy backdoors on targets' devices as part of a fake Amazon job assessment. A novel element in this campaign is the use of a trojanized version of the PuTTY and KiTTY SSH utility to deploy a backdoor, which in this case, is 'AIRDRY.V2'.

Russian hackers have been targeting Ukrainian entities with previously unseen info-stealing malware during a new espionage campaign that is still active. Security researchers at Cisco Talos attribute the campaign to Gamaredon, a Russian state-backed threat group with a long history of targeting mainly organizations in the Ukrainian government, critical infrastructure, defense, security, and law enforcement.

An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a technical write-up shared with The Hacker News.

A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans, including Trochilus RAT, Gh0st RAT, and 9002 RAT," the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.

The Chinese 'Webworm' hacking group is experimenting with customizing old malware in new attacks, likely to evade attribution and reduce operations costs. Using older RATs that are in wide circulation and deployed by various random hackers helps Webworm disguise their operations and blend with the activities of others, making the work of security analysts much harder.

The U.S. Treasury Department's Office of Foreign Assets Control on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps for their involvement in ransomware attacks at least since October 2020. What's more, independent analyses from the two cybersecurity firms as well as Google-owned Mandiant has revealed the group's connections to two companies Najee Technology and Afkar System, both of which have been subjected to U.S. sanctions.