Rudimentary malware hidden inside fake photo editors, VPNs and even horoscope and flashlight apps has affected a large number of Facebook users, says a new report released by Meta.
A new Android malware dubbed “RatMilad” has been observed targeting Middle Eastern enterprise mobile devices by posing as VPNs and spoofing apps.
Avast has released a decryptor for variants of the Hades ransomware known as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ allowing victims to recover their files for free.
The security company says it discovered a flaw in the encryption scheme of the Hades strain, allowing some of the variants to be unlocked. However, this may not apply to newer or unknown samples that use a different encryption system.
Utilizing Avast’s tool, victims of the supported ransomware variants can decrypt and access their files again without paying a ransom to the attackers, which ranges between $50 and $300. However, ransom demands reached tens of thousands in some cases.
Security researchers have found a new piece of malware targeting Microsoft SQL servers. Named Maggie, the backdoor has already infected hundreds of machines all over the world.
Maggie is controlled through SQL queries that instruct it to run commands and interact with files. Its capabilities extend to brute-forcing administrator logins to other Microsoft SQL servers and doubling as a bridge head into the server’s network environment.
The backdoor was discovered by German analysts Johann Aydinbas and Axel Wauer of the DCSO CyTec. Telemetry data shows that Maggie is more prevalent in South Korea, India, Vietnam, China, Russia, Thailand, Germany, and the United States.
Millions of people could suddenly lose electricity if a ransomware attack just slightly tweaked energy flow onto the U.S. power grid.
No single power utility company has enough resources to protect the entire grid, but maybe all 3,000 of the grid’s utilities could fill in the most crucial security gaps if there were a map showing where to prioritize their security investments.
Purdue University researchers have developed an algorithm to create that map. Using this tool, regulatory authorities or cyber insurance companies could establish a framework that guides the security investments of power utility companies to parts of the grid at greatest risk of causing a blackout if hacked.
A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser.
Kaspersky dubbed the campaign OnionPoison, with all of the victims located in China. The scale of the attack remains unclear, but the Russian cybersecurity company said it detected victims appearing in its telemetry in March 2022.
The malicious version of the Tor Browser installer is being distributed via a link present in the description of a video that was uploaded to YouTube on January 9, 2022. It has been viewed over 64,500 times to date.
Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks.
“This vulnerability allows gaining control of Packagist,” SonarSource researcher Thomas Chauchefoin said in a report shared with The Hacker News. Packagist is used by the PHP package manager Composer to determine and download software dependencies that are included by developers in their projects.
Continue reading “Researchers Report Supply Chain Vulnerability in Packagist PHP Repository” »
This post is also available in: 
עברית (Hebrew)
As everyday technologies get more and more advanced, cyber security must be at the forefront of every customer. Cyber security services have become common and are often used by private companies and the public sector in order to protect themselves from potential cyber attacks.
One of these services goes under the name Darktrace and has recently been acquired by Cybersprint, a Dutch provider of advanced cyber security services and a manufacturer of special tools that use machine learning algorithms to detect cyber vulnerabilities. Based on attack path modeling and graph theory, Darktrace’s platform represents organizational networks as directional, weighted graphs with nodes where multi-line segments meet and edges where they join. In order to estimate the probability that an attacker will be able to successfully move from node A to node B, a weighted graph can be used. Understanding the insights gained will make it easier for Darktrace to simulate future attacks.
Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Cybercriminals are growing ever more relentless and deft with their attacks, with data breaches and system disruptions due to cyberattacks rising every year. Therefore, finding and strengthening cybersecurity weak spots, or vulnerabilities, is key to thwarting these attacks.
A key vulnerability is apps. Many organizations rely on productivity software and apps built in-house or from IT service providers to be competitive in today’s market. However, while these solutions boost productivity and employee and customer experiences, many of them have weak security measures that can expose the organization to cyberattackers.
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet.
“Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through stealing and brute-forcing SSH private keys, as well as launch DDoS attacks,” researchers from Lumen’s Black Lotus Labs said in a write-up shared with The Hacker News.
A majority of the bots are located in Europe, specifically Italy, with other infections reported in China and the U.S., collectively representing “hundreds of unique IP addresses” over a one-month time period from mid-June through mid-July 2022.
