Meta says it has disrupted a misinformation network targeting US political discourse ahead of the 2022 midterm elections - and one that sought to influence public opinion in Europe about the conflict in Ukraine. The internet giant says this is the first instance it has found of a Chinese-based source using its platforms for such purposes, although it was careful to point out that while the posts came from China, the acts are not necessarily part of a government-led program. READ MORE...
Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company's systems. In a notification to the Maine Attorney General's office, the Fort Worth, Texas-based company said the breach occurred on June 8 and it was discovered the same day. It said only 369 people are affected. READ MORE...
A sprawling disinformation network originating in Russia sought to use hundreds of fake social media accounts and dozens of sham news websites to spread Kremlin talking points about the invasion of Ukraine, Meta revealed Tuesday. The company, which owns Facebook and Instagram, said it identified and disabled the operation before it was able to gain a large audience. Nonetheless, Facebook said it was the largest and most complex Russian propaganda effort that it has found since the invasion began. READ MORE...
Australian authorities have asked the United States Federal Bureau of Investigation (FBI) to assist with investigations into the data breach at local telco Optus. Attorney general Mark Dreyfus yesterday revealed the FBI was asked to help identify the entities involved in the attack, which saw Optus leak data describing over ten million account holders. Data suspected to have been accessed included drivers licence details, passport numbers, email addresses and phone numbers. READ MORE...
A critical code-injection vulnerability in Sophos Firewall has been fixed - but not before miscreants found and exploited the bug. The flaw, tracked as CVE-2022-3236, exists in the User Portal and Webadmin components of the firewall in versions 19.0 and older. While it hasn't been issued a CVSS severity score, Sophos deemed it "critical" and noted that it allowed for remote code execution. READ MORE...
A new malware dropper named 'NullMixer' is infecting Windows devices with a dozen different malware families simultaneously through fake software cracks promoted on malicious sites in Google Search results. NullMixer acts as an infection funnel, using a single Windows executable to launch a dozen different malware families, leading to over two dozen infections running a single device. READ MORE...
Researchers are warning that Lazarus has expanded its campaign using fake jobs with cryptocurrency exchanges to trick macOS users into downloading malware. Just last month, researchers observed Lazarus using Coinbase job openings to trick macOS users into downloading malware. Now, SentinelOne says the same threat group has expanded its phishing campaign to include fraud job postings at another cryptocurrency exchange, Crypto[.]com. READ MORE...
For the last day or two, our news feed has been buzzing with warnings about WhatsApp. We saw many reports linking to two tweets that claimed the existence of two zero-day security holes in WhatsApp, giving their bug IDs as CVE-2022-36934 and CVE-2022-27492. One article, apparently based on those tweets, breathlessly insisted not only that these were zero-day bugs, but also that they'd been discovered internally and fixed by the WhatsApp team itself. READ MORE...
Microsoft has published a security blog about an investigation into an attack in which threat actors used malicious OAuth applications to abuse Exchange servers for their spam campaign. The threat actor behind this attack has been active for many years, and has been running spam campaigns using various methods that provided them with high volume spamming opportunities. READ MORE...
CISA (the Cybersecurity and Infrastructure Security Agency) recently added CVE-2022-35405-a remote code execution(RCE) vulnerability affecting Zoho ManageEngine PAM360 (versions 5500 and earlier), Password Manager Pro (versions 12100 and earlier), and Access Manager Plus (versions 4302 and earlier)-to its Known Exploited Vulnerabilities (KEV) Catalog, a list of known CVEs that carry significant risk to the federal enterprise. READ MORE...