Google’s Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.
In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.
They camouflaged it as a DDoS attack tool and hosted it on cyberazov[.]com, a domain spoofing the Ukrainian Azov Regiment.
A new air-gap cyberattack technique has entered the frame. The researchers are referring to it as “SATAn” and it basically involves using ordinary SATA cables to transmit data wirelessly.
Researchers at Rice University have shown how they can hack the brains of fruit flies to make them remote controlled. The flies performed a specific action within a second of a command being sent to certain neurons in their brain.
The team started by genetically engineering the flies so that they expressed a certain heat-sensitive ion channel in some of their neurons. When this channel sensed heat, it would activate the neuron – in this case, that neuron caused the fly to spread its wings, which is a gesture they often use during mating.
The heat trigger came in the form of iron oxide nanoparticles injected into the insects’ brains. When a magnetic field is switched on nearby, those particles heat up, causing the neurons to fire and the fly to adopt the spread-wing pose.
Flipkart-owned Cleartrip, a flight booking platform, said that it suffered a major data breach in its internal systems.
In an email to customers, the company stated, “This is to inform you that there has been a security anomaly that entailed illegal and unauthorised access to a part of Cleartrip’s internal systems.”
However, the travel company assured them that no sensitive information pertaining to a user’s account had been compromised due to this incident, apart from a few personal details.
An innovative new collaboration between EPFL’s HexHive Laboratory and Oracle has developed automated, far-reaching technology in the ongoing battle between IT security managers and attackers, hoping to find bugs before the hackers do.
On the 9th of December 2021 the world of IT security went into a state of shock. Before its developers even knew it, the log4j application—part of the Apache suite used on most web servers—was being exploited by hackers, allowing them to take control of servers and data centers all over the world.
The Wall Street Journal reported news that nobody wanted to hear: “U.S. officials say hundreds of millions of devices are at risk. Hackers could use the bug to steal data, install malware or take control.”
The number of ransomware attacks on healthcare organizations increased 94% from 2021 to 2022, according to a report from the cybersecurity firm Sophos. More than two-thirds of healthcare organizations in the US said they had experienced a ransomware attack in 2021, the study said, up from 34% in 2020.
Ransomware attacks on healthcare are particularly common in the US, with 41% of such attacks globally having been carried out against US-based firms in 2021.
“The current outlook is terrible,” said Israel Barak, CISO of Cybereason. “We are seeing the industry experience an extremely sharp increase in both the quantity and level of sophistication of these attacks.”
Check Point Research, the Threat Intelligence division of the company, a leading global cybersecurity specialist provider, has released its Global Threat Index for the month of June 2022. Researchers have found that Emotet continues to be the number one malware and has also increased its global incidence by around 6%. Continuing with its climb of the last month, Snake Keylogger sneaks into the top three positions, taking the Formbook position, both still far from Emotet.
Emotet, has affected 14% of organizations around the world in June, an increase that is almost double compared to the previous month. This malware is highly profitable thanks to its ability to go unnoticed. Its persistence also makes it difficult to remove once a device is infected, making it the perfect tool in a cybercriminal’s arsenal. Conceived as a banking Trojan, it is often distributed via phishing emails and has the ability to embed other malware, increasing its ability to cause widespread damage.
There are other malwares that have increased their presence such as Raspaberry Robin, GuLoader and Wacatac. The first one was discovered a few months ago (September 2021) and is distributed via infected USB drives, uses various legitimate Windows functionalities to communicate with its C&C servers and execute malicious payloads. GuLoader first appeared in December 2019 and was used to download Parallax RAT, but has been applied to other remote access Trojans such as Netwire, FormBook, and Agent Tesla. Lastly, Wacatac is a Trojan threat that locks files but does not encrypt them like typical ransomware. When Wactac infiltrates a user’s system, it changes the names of the target files by appending a “”.wctw” extension. The lack of data encryption capability makes this threat reversible. Wactac is normally spread using spam email campaigns and rogue software.
Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple’s operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware.
“An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads,” Jonathan Bar Or of the Microsoft 365 Defender Research Team said in a write-up.
Tracked as CVE-2022–26706 (CVSS score: 5.5), the security vulnerability impacts iOS, iPadOS, macOS, tvOS, and watchOS and was fixed by Apple in May 2022.
