The FBI this week issued a private industry notification to warn organizations about the malicious activities conducted by an Iranian cyber company named Emennet Pasargad. The agency has described their tactics, techniques and procedures (TTPs) and it has shared several recommendations for preventing and detecting attacks. In November 2021, the U.S Treasury Department announced sanctions against six Iranian nationals and a company involved in a campaign whose goal was to influence the 2020 presidential election. READ MORE...
North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems. The new malware deployment method was discovered by the Malwarebytes Threat Intelligence team while analyzing a January spearphishing campaign impersonating the American security and aerospace company Lockheed Martin. READ MORE...
QNAP force-updated customer's Network Attached Storage (NAS) devices with firmware containing the latest security updates to protect against the DeadBolt ransomware, which has already encrypted over 3,600 devices. On Tuesday, BleepingComputer reported on a new ransomware operation named DeadBolt that was encrypting Internet-exposed QNAP NAS devices worldwide. READ MORE...
Xerox patched a device-bricking vulnerability in certain printer models more than a year and a half ago, but said nothing until this week, when information on the bug became public. The security defect - now tracked as CVE-2022-23968 - was reported to Xerox in September 2019. In January 2020, the vendor had confirmed impact on at least one series of printer models, but said nothing else of the bug for two more years. READ MORE...
A fake two-factor-authentication app that has been downloaded some 10,000 times from Google Play surreptitiously installed a known banking-fraud trojan that scoured infected phones for financial data and other personal information, security firm Pradeo said. 2FA Authenticator went live on Google Play two weeks ago, posing as an alternative to legitimate 2FA apps from Google, Twilio, and other trusted companies. READ MORE...
Finland's Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign. "Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group Technologies, which has received wide publicity," the Ministry said in a statement published today. READ MORE...