25 Jan 2022

Trellix finds OneDrive malware campaign targeting gov’t officials in Western Asia

Hackers are leveraging Microsoft OneDrive in a multi-stage espionage campaign that aims to target high-ranking government officials in Western Asia. Researchers at Trellix released a report detailing the campaign. The cybercriminals are using a malware named “Graphite” by researchers because it uses Microsoft’s Graph API to leverage OneDrive as a

Read More
24 Jan 2022

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

McAfee has recently patched two different high-severity bugs in its Agent component that could be used by attackers to escalate privileges, including up to SYSTEM. The bugs could also allow attackers to achieve arbitrary code execution and perform other malicious actions. The bug lies in the McAfee Enterprise product for

Read More
24 Jan 2022

20K WordPress Sites Exposed by Insecure Plugin REST-API

More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams, and other cyber threats due to a high-severity cross-site scripting (XSS) bug affecting the WordPress Email Template Designer. The template designer is WP HTML Mail, a plugin that allowed users to design custom emails. Wordfence researcher Chloe

Read More
24 Jan 2022

What’s Really Behind WhisperGate Attacks Against Ukraine?

Recently, Ukraine suffered two sets of cyber-attacks in response to the geopolitical situation with Russia. The second round of attacks executed WhisperGate, a destructive wiper malware disguised as ransomware, that impacted dozens of Ukrainian entities associated with government, non-profit, and technology companies. While many first believed Russia to be behind or directing the cyber-attack, Ukrainian authorities stated their belief that a group linked to Belarussian intelligence (using Russian-linked malware) was responsible for the WhisperGate attacks.

Read More
20 Jan 2022

Cloned Dept. of Labor Site Hawks Fake Government Contracts

A convincing yet illegitimate government procurement portal is advertising the opportunity to submit a bid for government projects. However, the site harvests credentials from unassuming victims instead. The phishing campaign is targeting aspiring government vendors with an invitation to bid on fake federal projects within the US Department of Labor.

Read More
20 Jan 2022

Ransomware Attack on Moncler

Italian luxury brand Moncler has suffered a cyberattack in which cybercriminals stole data and published it on the dark web. The company confirmed the attack on Tuesday, stating that it had suffered from a data breach after being attacked by the AlphV/BlackCat ransomware operation in December. The attack caused a

Read More
19 Jan 2022

Man Charged with Smuggling Tech Exports to Iran

Kambiz Attar Kashani, a 44 year-old with dual citizenship to the US and Iran, has been charged with violating sanctions by exporting IT goods and services to the latter country. Kashani was arrested last Friday on charges of conspiring to illegal export to the Central Bank of Iran. Kashani reportedly

Read More
19 Jan 2022

Zoom vulnerabilities impact clients, MMR servers

Project Zero researcher Natalie Silvanovich published a new analysis of security flaws present in the Zoom video chat platform. The vulnerabilities were uncovered as part of an investigation after a zero-click attack was demonstrated at Pwn2Own. Silvanovich, inspired by the demonstration, located two different bugs. The first is a buffer

Read More
17 Jan 2022

Fighting fraud in the supply chain with blockchain

Every enterprise has a supply chain. They can’t exist without them and effective management of the supply chain is at the heart of any successful business. Controlling the flow of data and funds related to suppliers and partners for components, parts, raw materials, work in progress and finished goods from

Read More
14 Jan 2022

North Korean hackers stole a record-breaking amount of cryptocurrency last year

Hackers from North Korea stole nearly $400 million worth of cryptocurrency in 2021 through at least seven attacks and most of it was Ether or ETH rather than Bitcoin, according to blockchain analysis firm, Cainalysis. 2021 was a record year for North Korea’s military hackers, the most notorious of which is

Read More