Mandiant suspects that Chinese hackers may have abused the FortiOS SSL-VPN flaw to target the European government and an African MSP with Boldmove, a Linux and Windows malware. Hackers exploited a previously patched flaw, CVE-2022-42475, in FortiOS as a zero-day. The exploitation occurred as early as October 2022 and the patch was out in December.
Cyber adversaries were found leveraging OneNote attachments to infect victims with remote access malware to harvest their credentials or even cryptocurrency wallets. Researchers spotted criminals installing malware, such as Quasar RAT, AsyncRAT, and XWorm RAT, on infected machines via OneNote files. For this infection, the computer does warn users with a pop-up.
New telemetry from SecurityScorecard reflects a 38% rise in high-severity flaws in manufacturing organizations. Almost half of the critical manufacturing organizations, 48%, received poor security ratings on SecurityScorecard’s platform. It is crucial for policymakers and business leaders to have a clear understanding of the security measures in place for their manufacturing environments.
The Russian advanced persistent threat (APT) group Gamaredon has also put LNK files to work, including a campaign that started in August 2022 against organizations in Ukraine.
A security lapse in a mobile app operated by India’s Education Ministry exposed the personally identifying information of millions of students and teachers for over a year.
Organizations need to strike the balance of carrying out enough due diligence before patching, and then patching as quickly as possible to defend themselves against emerging threats.
According to the email received by cryptocurrency trading platform Coinigy, Zendesk learned on October 25, 2022, that several employees were targeted in a “sophisticated SMS phishing campaign”.
Uber’s recent data breach, which exposed sensitive employee and customer data to the BreachForums hacking forum, was the latest in a string of security incidents to hit the company in the last few years.
In a blog post dated January 17, Datadog Security Labs senior researcher Nick Frichette said the vulnerability impacts the CloudTrail event logging service, a data source for defenders examining API activities.
The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber operations.