CyberArk researchers discovered a Windows Remote Desktop Protocol (RDP) vuln tracked as CVE-2022-21893. Simply put, they point out that “This vulnerability enables any standard unprivileged user connected to a remote machine via remote desktop to gain file system access to the client machines of other connected users, to view and modify clipboard data of other connected users, and to impersonate the identity of other users logged on to the machine using smart cards. This could lead to data privacy issues, lateral movement and privilege escalation.” They say that the current versions of Windows all have this vuln, which dates back to Windows…
ISBuzz Team
As reported by the BBC, the administrators of the largest illegal marketplace on the darknet for stolen credit cards are retiring after making an estimated $358m (£260m). The anonymous owners of UniCC thanked the criminal fraternity for their business, citing age and health for the closure. Many other illegal darknet marketplaces have also shut down voluntarily over the winter for unknown reasons. Police say the trend leaves them with mixed feelings. The darknet is a part of the internet only accessible through special browsing software. Cryptocurrency experts at analysts Elliptic traced hundreds of millions of dollars in crypto-payments made to…
Security researcher Jeremiah Fowler together with the Website Planet research team discovered a non-password protected database that contained 822,789 records. The dataset had detailed information on trucking, transport companies, and individual drivers. The data appeared to be connected to credit accounts, loans, repayment, and debt collections. This included banking information and tax ID numbers. Many of the Tax IDs were consistent with what appeared to be SSN (Social Security Numbers) and stored in plain text. Source: https://www.websiteplanet.com/blog/transcredit-leak-report/
Following plans for the EU to stage cyberattack simulation exercises on supply chains, information security experts reacted below.
Cisco Talos discover Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure. Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user’s information.… the victims of this campaign are primarily distributed across the United States, Italy and Singapore.The actor used complex obfuscation techniques in the downloader script. Each stage of the deobfuscation process results with the decryption methods for the subsequent stages to finally arrive at the actual malicious downloader method.… the latest example of threat actors abusing cloud services like Microsoft Azure and Amazon Web Services and are actively misusing…
The USG just shared some information regarding the Iranian MOIS hacker group MuddyWater. Mandiant calls this group TEMP.Zagros, which they’ve been tracking since 2017. We have directly observed TEMP.Zagros conduct operations against dozens of organizations spanning the government, media, energy, technology, utilities, transportation, academia, financial services, telecommunications, and construction and engineering sectors in North America, Europe, Northern Africa, the Caucasus, South Asia, West Asia, and Southeast Asia.While Mandiant is unable to independently confirm the attribution of TEMP.Zagros to the Iranian Ministry of Intelligence, known and suspected targets indicate that TEMP.Zagros is likely tasked to conduct reconnaissance and collect strategic information, including geopolitical, diplomatic,…
News has broken that Panasonic has confirmed that hackers accessed personal information belonging to job candidates and interns during a November cyberattack. At the time of the initial breach, which began June 22nd and ended November 3rd, and went undetected until November 11th, the tech giant was unable to say whether hackers had accessed any sensitive information. However, in an update published late last week, Panasonic confirmed personal information was accessed. The update also confirmed that the adversaries obtained files containing unspecified “business-related information” provided by business partners, as well as information about business partner personnel.
Following the news that some cities in the US have experienced QR-code phishing scams, Information Security experts commented below on how the use of this technology by cyber criminals will only increase in the coming year and we can expect more businesses and consumers alike to experience QR-code phishing scams.
It has been reported that global weekly cyber-attacks hit an all-time high in Q4 2021 of 925 attempts per organization, according to new data from Check Point. The security vendor analyzed information collected by hundreds of millions of global sensors from its Threat Prevention products across networks, endpoints and mobiles. It claimed attempted attacks have been continuously increasing since Q2 2020, with 50% more attacks seen per week on corporate networks in 2021 compared to 2020. The education and research sector experienced the highest volume of attacks during 2021, amounting to an average of 1605 per organization every week, a…
Netskope has released the Netskope Cloud and Threat Spotlight: January 2022, disclosing new research highlighting the growth of malware and malicious payloads delivered by cloud apps. The analysis identified trends in cloud attacker activities and data risks from 2021 compared to 2020. Report Highlights: Google Drive emerges as the top app for malware downloads, taking over that spot from Microsoft OneDrive, while the percentage of malware downloads from cloud apps increased from 46%, peaked at 73% and plateaued at 66%.Emotet copycats continue to abuse Microsoft Office documents, which continue to represent one-third of all malware downloads, compared to one-fifth of all…