The Israel Postal Company detected and prevented a cyber attack from a “hostile party” targeting their computer servers. The company shut down part of its computer systems in response to the attack on Wednesday evening.
Sucuri uncovered details about a massive WordPress infection campaign, Balada Injector, that is active since 2017. The attackers are known to leverage all known and recently discovered theme and plugin vulnerabilities. The campaign has infected over one million WordPress websites over a duration of around five years.
The standard uses digital certificates to secure the Border Gateway Protocol (BGP) used for exchanging routing information and ensure that the traffic comes through the legitimate network operator controlling the IP addresses on the destination path.
Google’s TAG identified a new campaign by the North Korean ARCHIPELAGO threat cluster (aka APT43) targeting U.S. and South Korean governments, think tanks, military personnel, academics, policymakers, and researchers. Most notably, ARCHIPELAGO used fraudulent Google Chrome extensions in combination with phishing and malware to harvest sensitive data.
The attackers use a bot called uhQCCSpB that installs and launches a Monero miner on the infected machine. After killing all other miners on the device, the attacker uses two different strategies to maximize access to the compromised Linux machine.
While these for-profit companies offer to send and charge for cease and desist orders to the criminals behind the schemes, the FBI says these “services” are not legally enforceable.
The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode.
Details about the two vulnerabilities have been withheld in light of active exploitation and to prevent more threat actors from abusing them. The updates are available in version iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1.
The application allows both internal and external account logins and uses for authentication a JSON Web Token (JWT) that specifies an email address cleared for manually defined user accounts, security researcher Evan Connelly explains.
The cyberattack was detected on Friday evening (07-04-2023), and security measures were immediately heightened. Currently, experts are combing through the municipality’s servers to determine whether any sensitive information has been accessed.