Avast recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East in a highly targeted way. Specifically, the Avast Threat Intelligence team found out that in Lebanon, journalists were among the targeted parties, and further targets were located in Turkey, Yemen, and Palestine. The Avast Threat Intelligence team reported this vulnerability to Google, who patched it on July 4, 2022. Based on the malware and tactics used to carry out the attack, the Avast researchers attributed it to a secretive spyware vendor most…
ISBuzz Team
As reported by The Times, US authorities have offered a $15 million (€14.7 million) reward for information leading to the arrest or conviction of members of the Conti group, the criminals blamed for last year’s crippling ransomware attack on the HSE. The US State Department has also offered a bounty of up to $5 million for information on anyone who has conspired with the collective of Russian and Ukrainian hackers. The Conti group is being investigated by the Garda National Cyber Crime Bureau (GNCCB), working alongside Britain’s National Crime Agency and the Federal Bureau of Investigation in the United States.
According to CyberNews, Microsoft Teams has over 270 million active monthly users, with government institutions using the software in the US, UK, Netherlands, Germany, Lithuania, and other countries at varying levels. Cybersecurity researcher Darius Povilaitis has discovered that relying on default MS Teams settings can leave high-value users vulnerable to social engineering attacks. Attackers could create group chats with state officials, masquerading as their bosses and observing whether they are online.
Exactly as predicted in January on HackerOne, a Twitter vuln that allows attackers to access phone numbers and email address associated with Twitter accounts has been used and the data is for sale on Breach Forums. Source – RestorePrivacy.com: Earlier today we noticed a new user selling the Twitter database on Breach Forums… The post is still live now with the Twitter database allegedly consisting of 5.4 million users being for sale. The seller on the hacking forum goes by the username “devil” and claims that the dataset includes “Celebrities, to Companies, randoms, OGs, etc.” … the owner of Breach Forums verified the authenticity of the…
It has been reported that flaws discovered in a GPS device used in fleet management could allow attackers to remotely disrupt operations and surveil vehicle movements, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and security firm BitSight warned Tuesday. The full story can be found here: https://therecord.media/unpatched-flaws-in-popular-gps-devices-could-let-hackers-disrupt-and-track-vehicles/
Following the news that: Minecraft DOWN: Server status update, as fans hit with authentication issues Minecraft DOWN – Server status update, as fans hit with authentication issues | Gaming | Entertainment | Express.co.uk
Following the news that: Thailand admits to using phone spyware, cites national security Thailand admits to using phone spyware, cites national security | 93.3 The Drive (933thedrive.com)
A new Recorded Future threat analysis reveals that 300 restaurants and at least 50,000 payment cards have been compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services. “The online ordering platforms MenuDrive and Harbortouch were targeted by the same Magecart campaign, resulting in e-skimmer infections on 80 restaurants using MenuDrive and 74 using Harbortouch. “We have identified more than 50,000 payment card records that were skimmed from these 311 restaurants and posted for sale on the dark web. As the current MenuDrive and Harbortouch infections exist within a subdirectory on the platforms’ domains, many public website security scanners…
The Cyberspace Administration of China said it fined Didi 8.026 billion yuan ($1.19 billion) after deciding the company violated China’s network security law, data security law, and personal information protection law.
It has been reported that the virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members. Neopets is a popular website where members can own, raise, and play games with their virtual pets. Neopets recently launched NFTs that will be used as part of an online Metaverse game. On Tuesday, a hacker known as ‘TarTarX’ began selling the source code and database for the Neopets.com website for four bitcoins, worth approximately $94,000 at today’s prices.