The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development (USAID) to distribute malware and gain access to internal networks. The two domains seized by the DOJ are theyardservice[.]com and worldhomeoutlet[.]com and were used to receive data exfiltrated from victims of the targeted phishing attacks and send further commands malware to execute on infected machines. READ MORE...
An ex-U.S. ambassador to Russia, anti-corruption activists in Ukraine and election observers in other parts of Eastern Europe were among the apparent targets of a suspected Russian state-sponsored hacking effort, according to data linked to the spying operation that a researcher shared with CyberScoop. The list offers classic examples of organizations that Russian spies might want to infiltrate, including those working to expose graft, combat disinformation and promote secure elections. READ MORE...
The Department of Justice (DoJ) has charged a woman in Rhode Island in a phishing campaign against candidates for political office and related associates that impersonated various individuals-including campaign workers and the Microsoft security team-in an attempt to trick victims into providing account credentials. The U.S. Attorney's Office for the District of Massachusetts has charged Diana Lebeau, 21, of Cranston, R.I., with "attempted unauthorized access to a protected computer." READ MORE...
OpenPGP project RNP has patched its flagship product after Mozilla Thunderbird, a major user, was found to be saving users' private keys in plain text. The newest version of RNP, 0.15.1, saw a fix for the vulnerability which led to a Thunderbird patch last week after confused users wondered why the email client's master password wasn't protecting their private keys. READ MORE...
If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking. Metasploit-probably the best known project for penetration testing-is an exploit framework, designed to make it easy for someone to launch an exploit against a particular vulnerable target. Cobalt Strike is in the same basket. READ MORE...
Threat actors are scanning for sites running the Fancy Product Designer plugin to exploit a zero-day bug allowing them to upload malware. Fancy Product Designer is a visual product configurator plugin for WordPress, WooCommerce, and Shopify, and it allows customers to customize products using their own graphics and content. According to sales statistics for the plugin, Fancy Product Designer has been sold and installed on more than 17,000 websites. READ MORE...
Industrial switches provided by several vendors are affected by the same vulnerabilities due to the fact that they share firmware made by Taiwan-based industrial networking solutions provider Korenix Technology. The vulnerabilities were discovered by Austria-based cybersecurity consultancy SEC Consult. The Atos-owned company has been trying to get the security holes fixed since mid-April 2020, but it took nearly one year for Korenix to release patches. READ MORE...
A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions. Lasso - an acronym for Liberty Alliance Single Sign On - is a C library that implements Liberty Alliance and SAML (Security Assertion Markup Language) standards. It defines processes for federated identities, single sign-on (SSO) and other protocols. READ MORE...