01 Feb 2023

30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability

Censys, an attack surface management firm, has identified roughly 30,000 internet-exposed QNAP network attacked storage appliances that have been affected by a critical vulnerability. The vulnerability is a critical-severity code injection vulnerability that is described as an SQL injection bug. It allows remote attackers to inject malicious code into vulnerable

Read More
01 Feb 2023

GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them

On Monday, GitHub confirmed that threat actors stole digital certificates used for applications such as Desktop and Atom in a cyberattack that occurred in December 2022. GitHub stated that it investigated the incident and determined that there was no risk to GitHub’s services and that it detected no unauthorized changes

Read More
01 Feb 2023

BEC Group Uses Open Source Tactics in Hundreds of Attacks

Security researchers have identified a highly successful new business email compromise (BEC) group. The group has been named Firebrick Ostrich and has conducted at least 347 campaigns since April 2021. Firebrick Ostrich uses relatively unsophisticated techniques to target organizations, such as open source research to identify existing contracts and vendors,

Read More
01 Feb 2023

Microsoft’s Verified Publisher Status Abused in Email Theft Campaign

On Tuesday, Microsoft and cybersecurity firm Proofpoint warned that a threat actor had recently abused Microsoft’s verified publisher status to launch a campaign involving malicious OAuth applications. The warning stated that organizations using cloud services should be aware of the campaign, especially those in Ireland and the UK. Microsoft has

Read More
31 Jan 2023

Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware

TrickGate, a malicious live software service, has been deployed by threat actors in recent attacks to bypass endpoint detection. The malware is not new, and has been deployed against detection measures and response protection software for six years. Check Point Research recently released a report detailing TrickGate and its usage

Read More
31 Jan 2023

Killnet Attackers DDoS US and Dutch Hospitals

According to recent reports, Russian hactivists targeted several hospitals across the US and the Netherlands with DDoS attacks. The campaign targeted facilities including the University of Michigan Hospital and Stanford Health Care Center. The recent attacks may be in response to President Biden’s recent decision to send dozens of Abrams

Read More
31 Jan 2023

JD Sports Confirms Breach Affected 10 Million Customers

JD Sports has advised its customers to change their passwords after the discovery of a cyberattack that may have resulted in the exposure of data belonging to 10 million customers. JD Sports notified its users of the breach via email, stating that the attack impacts customers who placed orders between

Read More
25 Jan 2023

Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery

Microsoft has confirmed that it plans to change its software to automatically block all XLL add-in files that have been downloaded from the internet. The reasoning behind the update is to prevent phishing attacks and malware downloads that rely on these types of lures. Microsoft stated that the plans will

Read More
24 Jan 2023

Most Federal Agencies Ignored GAO’s Cybersecurity Recommendations

The US Government Accountability Office (GAO) released a report last Thursday highlighting federal agencies’ failure to implement cybersecurity recommendations. The GAO found that 60% of the cybersecurity recommendations made by the office since 2010 have not been implemented. The GAO stated that the failure to follow the recommendations results in

Read More
24 Jan 2023

FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist

The FBI has announced that it confirmed a link between North Korean hackers and the $100 million Horizon Bridge Heist that occurred in June 2022. Horizon bridge is a platform designed to enable cryptocurrency holders to transfer assets between networks such as the Ethereum Network, Binance Chain, Bitcoin, and Harmony’s

Read More