North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team. While the Korean crew's recent, and highly profitable, thefts of cryptocurrency have been in the headlines, the group still keeps its spying hand in. Fresh evidence has been found linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec. READ MORE...
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the address that received the cryptocurrency stolen in the largest cryptocurrency hack ever, the hack of Axie Infinity's Ronin network bridge. The Federal Bureau of Investigation (FBI) said two North Korean hacking groups, Lazarus and BlueNorOff (aka APT38), were behind last month's Ronin hack. READ MORE...
Three days have passed since Microsoft's latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It's easy to see why: it may be exploited by unauthenticated, remote attackers to breach systems and by attackers that already have access to a system and want to hop on others on the same network. It can also be exploited without the vulnerable system's user doing anything at all (aka "zero-click" exploitation). READ MORE...
Juniper Networks this week announced the release of patches for more than 30 vulnerabilities across its portfolio, including severe flaws in Contrail Networking and Junos OS. Two advisories describing a total of 13 security holes in the Contrail Networking software-defined networking (SDN) solution were published this week, with seven of the bugs carrying a CVSS score above 9.0. READ MORE...
Malware designed to target industrial control systems like power grids, factories, water utilities, and oil refineries represents a rare species of digital badness. So when the United States government warns of a piece of code built to target not just one of those industries, but potentially all of them, critical infrastructure owners worldwide should take notice. READ MORE...
A new information stealer - dubbed "ZingoStealer" by the Cisco Talos researchers who identified the malware last month - is now being shared prolifically on Telegram by the Haskers Gang, a collective of cybercriminals. The gang has been targeting Russian speakers and gamers, Nick Biasini, the head of outreach for Cisco Talos told CyberScoop. Victims think they're receiving a file with game cheats, pirated software or some other useful item, but it's the malware instead. READ MORE...
A recently identified DDoS botnet has targeted several router models and various types of web servers by exploiting known vulnerabilities, Fortinet warns. Dubbed Enemybot, the botnet appears to be the work of Keksec, an established cybercrime group that specializes in DDoS attacks and cryptocurrency mining. The malware was built using the source code of the Gafgyt (Bashlite) botnet with some modules borrowed from the infamous Mirai botnet, including the scanner module and a bot killer module. READ MORE...