No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache's Log4j logging library. "We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks," according to Microsoft. READ MORE...
A supply-chain campaign infecting Sotheby's real-estate websites with data-stealing skimmers was recently observed being distributed via a cloud-video platform. According to Palo Alto Networks' Unit 42 division, researchers noticed that most of the activity affected real-estate-related sites. At least 100 of them were successfully infected (the full list of affected websites can be found here). Upon closer inspection, all of the compromised sites belonged to one parent company, Sotheby's. READ MORE...
McMenamins, an Oregon-based operator of restaurants, hotels, movie theaters, concert venues, and other events, has confirmed a December 2021 ransomware attack that compromised employee data going back to Jan. 1, 1998. Stolen data potentially included names, addresses, phone numbers, email addresses, birthdates, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security numbers, health insurance plan elections, income amounts, etc. READ MORE...
Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection. Historically, when malware infects an iOS device, it can be removed simply by restarting the device, which clears the malware from memory. READ MORE...
Threat actors are exploiting Microsoft's digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found. Researchers at Check Point Research (CPR) discovered the cybercriminal group Malsmoke delivering the campaign, which they traced back to November 2021, according to a report posted online Wednesday. READ MORE...