Security News

More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers. The flaw, CVE-2022-3236, had already been exploited as a zero-day when Sophos published a security advisory about the vulnerability in September 2022.

Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Included among those fired were contractors who worked as security guards at the social media firm's facilities and were given access to an internal tool that allowed employees to help "Users they know" gain access to accounts after forgetting their passwords, or had their accounts locked out.

The holidays are just around the corner, and the competition for consumer attention and dollars promises to be fierce. According to Akamai research, up to 20% of potential online retail customers have their shopping experience disrupted - or worse, diverted to malicious websites - through audience hijacking.

A newly discovered evasive malware leverages the Secure Shell cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team, the Golang-based malware has been found targeting a variety of companies ranging from gaming to luxury car brands to security firms.

A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions, the latest version also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information, etc.," Zscaler ThreatLabz researchers Tarun Dewan and Stuti Chaturvedi said.

For those who don't know, the internet is a network of connected networks. More specifically, the internet consists of networks called autonomous systems that advertise their IP address prefixes via routers to neighboring networks using BGP, again to ultimately construct this routing map.

The FBI and the US government's Cybersecurity and Infrastructure Security Agency claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity, or manipulate votes at scale. The agencies also took the time to explain how US election systems are secured using "a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity" that could affect "Election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting."

The recent attacks bear various signatures linked to TeamTNT and rely on tools previously deployed by the gang, indicating that the threat actor is likely making a comeback. The researchers observed three attack types being used in the allegedly new TeamTNT attacks, with the most interesting one being to use the computational power of hijacked servers to run Bitcoin encryption solvers.

Google Workspace now has stronger protections for risky account actions, automatically blocking hijacking attempts with identity verification prompts and logging them for further investigation. The enhanced account protection capabilities are available to all Google Workspace customers, including legacy G Suite Basic and Business customers.

Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter and free gaming sites.