Security News

Parrot's use is for malicious campaigns to redirect potential victims matching a specific profile to online resources such as phishing and malware-dropping sites. Threat actors running malicious campaigns buy TDS services to filter incoming traffic and send it to a final destination serving malicious content.

First, German federal police in coordination with US law enforcement seized Hydra servers and cryptocurrency wallets containing $25 million in Bitcoin, thus shutting down the online souk. Later on Tuesday, the US Justice Department announced criminal charges against one of the alleged Hydra operators and system administrators, 30-year-old Dmitry Olegovich Pavlov of Russia.

Researchers have disclosed what they say is the first-ever Python-based ransomware strain specifically designed to target exposed Jupyter notebooks, a web-based interactive computing platform that allows editing and running programs via a browser. "The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal the attack," Assaf Morag, a data analyst at Aqua Security, said in a report.

Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.

A zero-day remote code execution vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit versions 9 and later and is a bypass for another vulnerability tracked as CVE-2010-1622, enabling an unauthenticated attacker to execute arbitrary code on the target system.

Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to dark web leak sites where they pressured victims to pay up by threatening to release sensitive data, according to a research released from Unit 42 by Palo Alto Networks. The Conti ransomware group was responsible for the most activity, accounting for more than 1 in 5 of cases worked by Unit 42 consultants in 2021.

The breach, says the FTC, saw hackers make off with more than 20,000,000 plaintext email addresses and weakly-hashed passwords; millions of unencrypted names, physical addresses, and security questions-and-answers; more than 180,000 unencrypted SSNs; and, for tens of thousands of payment cards, the last four digits of the card plus the expiry date. Misrepresenting the steps it took to secure consumer accounts following security incidents.

SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk instances and advised removing them from publicly accessible infrastructure. "A SolarWinds customer reported an external attempted attack on their instance of Web Help Desk 12.7.5. The customer's endpoint detection and response system blocked the attack and alerted the customer to the issue," SolarWinds said.

Radware released report findings which underscore 2021 as the year of the web application attack. Between 2020 and 2021, the number of malicious web application requests climbed 88%, more than double the year-over-year growth rate in distributed denial-of-service attacks, which were up 37% over 2020.

Meta Platforms' WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service's web app on desktop computers. Available in the form of a Chrome and Edge browser extension, the open-source add-on is designed to "Automatically verif[y] the authenticity of the WhatsApp Web code being served to your browser," Facebook said in a statement.