Security News

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group, the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known sample dating back to 2020.

Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data. The cyberattack occurred on April 19th and affected the CHs of Vitry-le-François and Saint-Dizier, causing GHT to disconnect Internet connections to the hospitals to prevent the attack's spread and further data theft.

A newly discovered data exfiltration mechanism employs Ethernet cables as a "Transmitting antenna" to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research. Dubbed "LANtenna Attack," the novel technique enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas.

A threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 100 million customers. The alleged data breach first surfaced on a hacking forum yesterday after the threat actor claimed to be selling a database for six bitcoin containing birth dates, driver's license numbers, and social security numbers for 30 million people.

Academics from three German universities have found a vulnerability in the Transport Layer Security protocol that under limited circumstances allows the theft of session cookies and enables cross-site scripting attacks. Because TLS does not bind TCP connections to the desired application layer protocol, there's an opportunity for a miscreant-in-the-middle attack to redirect TLS traffic to a different endpoint at another IP address or port.

Polish game developer CD Projekt Red has been hit by hackers, who breached its internal network, stole data, encrypted some devices, and asked for a ransom to not sell of leak online sensitive company documents and the source code of some of their more popular games. The company categorized the attack as targeted, and admitted that the attacker managed to access the company's internal network and "Collected certain data belonging to CD PROJEKT capital group."

A recently discovered Mobile Remote Access Trojan can take control of the infected Android devices and exfiltrate a trove of user data, Check Point security researchers warn. Dubbed Rogue, the Trojan is the work of Triangulum and HeXaGoN Dev, known Android malware authors that have been selling their malicious products on underground markets for several years.

The findings form the basis of a new "5G Standalone core security research" published by London-based cybersecurity firm Positive Technologies today, exactly six months after the company released its "Vulnerabilities in LTE and 5G Networks 2020" report in June detailing high impact flaws in LTE and 5G protocols. Deployed either in standalone or non-standalone modes depending on their reliance on 4G Evolved Packet Core technology, the 5G mobile network is a framework consisting of as many as nine network functions that are responsible for registering subscribers, managing sessions and subscriber profiles, storing subscriber data, and connecting the users to the internet via a base station.

The National Security Agency warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers. VMware released security updates to address the security bug on December 3rd after publicly disclosing the vulnerability two weeks ago and providing a temporary workaround that fully removes the attack vector and prevents exploitation.

At least a dozen bogus "Contact tracing" apps designed to look like official software to track coronavirus infections have been deployed globally to spread malware and steal user data, security researchers said Wednesday. Anomali said the fake COVID-19 apps do not appear to be distributed through official channels like the Google Play Store but rather are being spread through other apps, third-party stores, and websites that encourage downloads.