CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)

Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant

Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks, which took place during 2020 and 2021 and likely went as far back as 2015, involved a revamped variant of a malware called Janicab that leverages a number of public services like WordPress

3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an

Ducktail Malware Operation Evolves with New Malicious Capabilities

The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account," WithSecure researcher Mohammad Kazem

U.S. Authorities Seize Domains Used in 'Pig butchering' Cryptocurrency Scams

The U.S. Justice Department (DoJ) on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five victims, the DoJ said. Pig butchering, also called Sha Zhu Pan, is a type of scam in which swindlers lure unsuspecting investors into sending

Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan

Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware. "Xenomorph is a trojan that steals credentials from banking applications on users' devices," Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday.

Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022. The

Researchers Detail New Malware Campaign Targeting Indian Government Employees

The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh said 

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. "Given the geography of the targets and the current

Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military

The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022.  The development marks a shift in the attacker's modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on

New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts

A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the latest version (PHP) also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information,

Eternity Group Hackers Offering New LilithBot Malware-as-a-Service to Cybercriminals

The threat actor behind the malware-as-a-service (MaaS) known as Eternity Group has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing the malware,

19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam

The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. The suspect is said to have carried out a text message blackmail scam, demanding that the recipients transfer $2,000 to a bank account or risk getting their personal information misused for

BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million

A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after

Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe

Why Vulnerability Scanning is Critical for SOC 2

SOC 2 may be a voluntary standard, but for today's security-conscious business, it's a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like Intruder makes it easy to tick the vulnerability management box. Security is critical for all organisations, including those that outsource key business operations to third parties like

Prynt Stealer Contains a Backdoor to Steal Victims' Data Stolen by Other Cybercriminals

Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims' exfiltrated data when used by other cybercriminals. "While this untrustworthy behavior is nothing new in the world of cybercrime, the victims' data end up in the hands of multiple threat

New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers

Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan.  "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute '

Penetration Testing or Vulnerability Scanning? What's the Difference?

Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an

Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore

A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after expanding to Europe. "Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data," Group-IB said in a report shared with The Hacker News. The cybersecurity firm called the

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10

Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot," Zscaler Threatlabz