Microsoft has warned Europe to be on alert for cyber attacks from Russia this winter, just as a series of attacks hit Russian organizations - including the country's second-largest bank. The government-controlled St Petersburg-based VTB finaincial institution announced on Tuesday it was facing an "unprecedented cyber attack from abroad," and added that the DDoS flood was the largest in the bank's history. READ MORE...
The city of Antwerp, Belgium, is working to restore its digital services that were disrupted last night by a cyberattack on its digital provider. The disruption has affected services used by citizens, schools, daycare centers, and the police, which have been working intermittently today. An investigation is ongoing, but the little information available points to a ransomware attack from a threat actor that has yet to be disclosed. READ MORE...
The New Zealand government this week confirmed being impacted by a ransomware attack on managed service provider (MSP) Mercury IT, which has disrupted businesses and public authorities in the country. A small business with only 25 employees, Mercury IT provides cybersecurity, IT, telecoms, and support services for multiple organizations in the country. READ MORE...
Russia-affiliated threat actors have compromised systems belonging to multiple organizations in the US, the UK, France, and other countries and are using them to launch attacks against targets in Ukraine. Among those whose networks the threat actors have hijacked are at least 15 healthcare organizations, one Fortune 500 company, and one dam-monitoring system, according to a study by threat intelligence and cyber-deception company Lupovis published Dec. 6. READ MORE...
A threat actor tracked as 'Scattered Spider' is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile carrier networks and perform SIM swapping, cybersecurity firm CrowdStrike warns. A financially-motivated threat actor, Scattered Spider has been observed increasingly targeting the telecoms industry since June 2022, setting up persistence mechanisms and even reverting implemented mitigations to regain access to the compromised networks. READ MORE...
Cybersecurity solutions provider Fortinet this week announced patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy. Tracked as CVE-2022-35843 (CVSS score of 7.7), the authentication bypass was identified in the SSH login component of FortiOS. The bug can only be triggered when Radius authentication is used. READ MORE...
A ransomware incident at Rackspace Technology discovered on Dec. 2, has caused service disruptions to customers of its Hosted Exchange business and could result in a loss of revenue, the company said Tuesday. Rackspace took immediate steps to contain the ransomware to its Hosted Exchange environment and hired a leading cyber defense firm to investigate the incident, the company said. READ MORE...
A new botnet is attacking organizations through various vulnerabilities in Internet of Things (IoT) devices from D-Link, Huawei, RealTek, TOTOLink, Zyxel, and more, posing a critical threat that allows attackers to take over vulnerable systems, researchers have found. The botnet, dubbed Zerobot and written in the Go programming language, includes modules capable of self-replication and self-propagation, as well as attacks for different protocols, a researcher from Fortinet shared in a blog post published Dec. 6. READ MORE...
Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks' Unit 42 threat intelligence unit. Cobalt Strike is possibly the best-known example of legitimate commercial security software - it was designed to help red teams test their organizations' cyber defenses - that has been co-opted by threat groups that use it to get around those defenses. READ MORE...
Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event. The STAR Labs team was the first to successfully exploit a zero-day on Samsung's flagship device by executing their improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points. READ MORE...