Feed aggregator

An Easier Way to Keep Old Python Code Healthy and Secure

The Hacker News - Fri, 07/22/2022 - 05:28
Python has its pros and cons, but it's nonetheless used extensively. For example, Python is frequently used in data crunching tasks even when there are more appropriate languages to choose from. Why? Well, Python is relatively easy to learn. Someone with a science background can pick up Python much more quickly than, say, C. However, Python's inherent approachability also creates a couple of
Categories: Cyber Security News

Google Bringing the Android App Permissions Section Back to the Play Store

The Hacker News - Fri, 07/22/2022 - 05:19
Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of tweets. "We heard your feedback that you find the app permissions section in Google Play useful, and
Categories: Cyber Security News

Kilka 0-dayów wpuszczonych do akcji przez konkurenta Pegasusa. Zaczęło się od infekcji serwisu informacyjnego…

Sekurak.pl - Fri, 07/22/2022 - 04:33

Chodzi o mało znaną ekipę o kryptonimie Candiru. Swoja drogą oczywiście dla samych atakujących wygodniej jest pozostawać w cieniu, niż być na świeczniku jak choćby NSO – producent Pegasusa. Ale przechodząc do konkretów – Avast donosi o wykrytej przez siebie celowanej kampanii hackerskiej wykorzystującej kilka naprawdę ciekawych technik. Technika pierwsza...

Artykuł Kilka 0-dayów wpuszczonych do akcji przez konkurenta Pegasusa. Zaczęło się od infekcji serwisu informacyjnego… pochodzi z serwisu Sekurak.

Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists

Security Affairs - Fri, 07/22/2022 - 04:32
The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists.

Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fixed CVE-2022-2294 Chrome zero-day.

The flaw, which was fixed by Google on July 4, 2022, is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by Google in 2022.

Most of the attacks uncovered by Avast researchers took place in Lebanon and threat actors used multiple attack chains to target the journalists. Other infections were observed in Turkey, Yemen, and Palestine since March 2022.

In one case the threat actors conducted a watering hole attack by compromising a website used by employees of a news agency.

The researchers noticed that the website contained artifacts associated with the attempts of exploitation for an XSS flaw. The pages contained calls to the Javascript function “alert” along with keywords like “test”, a circumstance that suggests the attackers were testing the XSS vulnerability, before ultimately exploiting it to inject the loader for a malicious Javascript from an attacker-controlled domain (i.e. stylishblock[.]com).

This injected code was used to route the victims to the exploit server, through a chain of domains under the control of the attacker.

Once the victim lands on the exploit server, the code developed by Candiru gathers more information the target system, and only if the collected data satisfies the exploit server the exploit is used to deliver the spyware.

“While the exploit was specifically designed for Chrome on Windows, the vulnerability’s potential was much wider. Since the root cause was located in WebRTC, the vulnerability affected not only other Chromium-based browsers (like Microsoft Edge) but also different browsers like Apple’s Safari.” reads the analysis published by Avast. “We do not know if Candiru developed exploits other than the one targeting Chrome on Windows, but it’s possible that they did.”

The zero-day was chained with a sandbox escape exploit, but experts were not able to recover it due to the protection implemented by the malware.

After getting a foothold on the victim’s machine, the DevilsTongue spyware attempts to elevate its privileges by exploiting another zero-day exploit. The malicious software targets a legitimate signed kernel driver in a BYOVD (Bring Your Own Vulnerable Driver) fashion. In order to exploit the the driver, it has to be first dropped to the filesystem (Candiru used the path C:\Windows\System32\drivers\HW.sys), experts pointed out that this could be used as an indicator of compromise. 

“While there is no way for us to know for certain whether or not the WebRTC vulnerability was exploited by other groups as well, it is a possibility. Sometimes zero-days get independently discovered by multiple groups, sometimes someone sells the same vulnerability/exploit to multiple groups, etc. But we have no indication that there is another group exploiting this same zero-day.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, Candiru)

The post Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists appeared first on Security Affairs.

Categories: Cyber Security News

Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy's Health

The Hacker News - Fri, 07/22/2022 - 04:25
Ukrainian radio operator TAVR Media on Thursday became the latest victim of a cyberattack, resulting in the broadcast of a fake message that President Volodymyr Zelenskyy was seriously ill. "Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk,"
Categories: Cyber Security News

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

The Hacker News - Fri, 07/22/2022 - 04:13
The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed
Categories: Cyber Security News

Zhackowali największą kompanię radiową na Ukrainie i rozgłaszali radiem fake newsa o krytycznym stanie zdrowia prezydenta Zełeńskiego.

Sekurak.pl - Fri, 07/22/2022 - 04:01

O jeszcze świeżym temacie donosi Kijów Independent: 21 lipca hakerzy zaatakowali jedną z największych ukraińskich sieci radiowych, TavrMedia, nadając fałszywe wiadomości o rzekomych problemach zdrowotnych prezydenta Wołodymira Zełeńskiego. Niezidentyfikowani hakerzy przekazali doniesienia, że Zełeński przebywał na oddziale intensywnej terapii, a jego obowiązki tymczasowo pełnił przewodniczący ukraińskiego parlamentu Rusłan Stefańczuk Hackers...

Artykuł Zhackowali największą kompanię radiową na Ukrainie i rozgłaszali radiem fake newsa o krytycznym stanie zdrowia prezydenta Zełeńskiego. pochodzi z serwisu Sekurak.

TA4563 group leverages EvilNum malware to target European financial and investment entities

Security Affairs - Fri, 07/22/2022 - 01:45
A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities.

A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi).

The EvilNum is a backdoor that can allow attackers to steal data and load additional payloads, it implements multiple components to evade detection.

The TA4563 group is targeting various entities in Europe since late 2021.

Proofpoint researchers state their analysis has some overlap with EvilNum activity publicly reported by Zscaler in June 2022.  

The analysis of a campaign that started in December 2021 revealed that the attackers used messages purported to be related to financial trading platform registration or related documents. The attackers also used weaponized Microsoft Word documents used to install an updated version of the EvilNum backdoor.

“These messages used a remote template document that analysts observed attempting to communicate with domains to install several LNK loader components, leveraging wscript to load the EvilNum payload, and a JavaScript payload that was ultimately installed on the user’s host.” reads the analysis published by Proofpoint. “These lures contained a financial theme, suggesting on one occasion that the intended victim needed to submit “proof of ownership of missing documents”.”

In early 2022, the threat actors continued to target European financial entities but used different techniques. The malspam messages attempted to deliver multiple OneDrive URLs that contained either an ISO or .LNK attachment.

In other campaigns, the messages were delivering a compressed .LNK file.

In Mid 2022, threat actors changed again its technique and started delivering Microsoft Word documents to attempt to download a remote template to start EvilNum infection.

“EvilNum malware and the TA4563 group poses a risk to financial organizations. Based on Proofpoint analysis, TA4563’s malware is under active development. Although Proofpoint did not observe follow-on payloads deployed in identified campaigns, third-party reporting indicates EvilNum malware may be leveraged to distribute additional malware including tools available via the Golden Chickens malware-as-a-service.” concludes the report. “TA4563 has adjusted their attempts to compromise the victims using various methods of delivery, whilst Proofpoint observed this activity and provided detection updates to thwart this activity, it should be noted that a persistent adversary will continue to adjust their posture in their compromise attempts.”

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, TA4563)

The post TA4563 group leverages EvilNum malware to target European financial and investment entities appeared first on Security Affairs.

Categories: Cyber Security News

Threat actors target software firm in Ukraine using GoMet backdoor

Security Affairs - Thu, 07/21/2022 - 16:20
Threat actors targeted a large software development company in Ukraine using the GoMet backdoor.

Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company.

The software development company produces software that is used by various state organizations in Ukraine.

Researchers believe that the attackers could be linked to Russia and targeted the firm in an attempt to conduct a supply chain attack. At this time it is not clear if the attack was successful. The analysis of the malicious code revealed that it is a slightly modified version of the “GoMet” open-source backdoor.

Talos researchers pointed out that there are only two documented cases of usage of this backdoor by advanced threat actors. The first one took place in 2020, threat actors were dropping this backdoor after the compromise of a network by exploiting the CVE-2020-5902 vulnerability in F5 BIG-IP. The second time the backdoor was involved took place recently, the attackers deployed the malware after successful exploitation of the CVE-2022-1040 vulnerability in Sophos Firewall.

The original GoMet was published on GitHub on March 31, 2019, it had commits until April 2, 2019, but the author has not added any features since its first appearance.

“The backdoor itself is a rather simple piece of software written in the Go programming language. It contains nearly all the usual functions an attacker might want in a remotely controlled agent. Agents can be deployed on a variety of operating systems (OS) or architectures (amd64, arm, etc.). GoMet supports job scheduling (via Cron or task scheduler depending on the OS), single command execution, file download, file upload or opening a shell.” reads the analysis published by Talos. “An additional notable feature of GoMet lies in its ability to daisy chain — whereby the attackers gain access to a network or machine and then use that same information to gain access to multiple networks and computers — connections from one implanted host to another. Such a feature could allow for communication out to the internet from otherwise completely “isolated” hosts.”

The researchers noticed that the version employed in the attack was changed by the attackers, in particular, the cronjob was configured to run every two seconds instead of every hour. The change prevents an hour-long sleep if the connection fails.

Another change is related to the action that the malware does in case C2 is unreachable, it will sleep for a random amount of time between five and 10 minutes.

Talos researchers found two samples of this backdoor that have minor differences, but that likely use the same source code.

“The malicious activity we detected included a fake Windows update scheduled tasks created by the GoMet dropper. Additionally, the malware used a somewhat novel approach to persistence. It enumerated the autorun values and, instead of creating a new one, replaced one of the existing goodware autorun executables with the malware. This potentially could avoid detection or hinder forensic analysis.” continues the report.

The samples detected by Talos have the IP address of the C2 hardcoded (111.90.139[.]122) and contact it via HTTPS on the default port.

The server uses a self-signed certificate that was issued on April 4, 2021.

“In this instance, we saw a software company targeted with a backdoor designed for additional persistent access. We also observed the threat actor take active steps to prevent detection of their tooling by obfuscating samples and utilizing novel persistence techniques. This access could be leveraged in a variety of ways, including deeper access or launching additional attacks, including the potential for software supply chain compromise.” concludes the report. “It’s a reminder that although the cyber activities haven’t necessarily risen to the level many have expected, Ukraine is still facing a well-funded, determined adversary that can inflict damage in a variety of ways — this is just the latest example of those attempts.”

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, Ukraine)

The post Threat actors target software firm in Ukraine using GoMet backdoor appeared first on Security Affairs.

Categories: Cyber Security News

Lightning Framework, a previously undetected malware that targets Linux systems

Security Affairs - Thu, 07/21/2022 - 13:37
Researchers discovered a previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems.

Researchers from Intezer discovered a previously undetected malware, tracked as Lightning Framework, which targets Linux systems. The malicious code has a modular structure and is able to install rootkits.

Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has modular plugins and the ability to install rootkits.” reads the report published by the experts. “It is rare to see such an intricate framework developed for targeting Linux systems.”

The Lightning framework could install multiple types of rootkit and run different plugins. The framework is able to open SSH on an infected machine.

The framework is composed of a downloader and a core module, it could expand its capabilities using a number of plugins, some of them are open-source tools.

The main function of the downloader is to fetch the other components and execute the core module. The core module was designed to receive commands from the Commend and Control and execute the plugins.

This malware is yet to be spotted in the wild, and some of its components (referenced in the source code) are yet to be found and analyzed.

The malware uses typosquatting to avoid detection, for example, the downloader masquerades as the Seahorse GNOME password and encryption key manager to evade detection.

Both Core and Downloader modules communicate with C2 over TCP sockets while data are in JSON structures.

“The C2 is stored in a polymorphic encoded configuration file that is unique for every single creation. This means that configuration files will not be able to be detected through techniques such as hashes. The key is built into the start of the encoded file.” reads the analysis.

The framework can also uses a passive mode of communication if the operators executes the RunShellPure command. This starts an SSH service on the infected machine using the Linux.Plugin.Lightning.Sshd plugin, which is an OpenSSH daemon that has hardcoded private and host keys. The operators can open up SSH into the infected machine using their own SSH key. 

Experts noticed that the malware also hides its presence by modifying malicious artifacts’ timestamps using timestomping. The files have their last modified time edited to match that of either whoami, find, or su. The framework also hides its Process ID (PID) and any related network ports using one of the rootkits it can deploy.

The core module achieves persistence by creating a script, named elastisearch, under at /etc/rc.d/init.d/ that is executed upon system boot. The name seems typosquat elasticsearch.

“The Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux. Although we do not have all the files, we can infer some of the missing functionality based on strings and code of the modules that we do possess.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, Zyxel)

The post Lightning Framework, a previously undetected malware that targets Linux systems appeared first on Security Affairs.

Categories: Cyber Security News

Atlassian patched a critical Confluence vulnerability

Security Affairs - Thu, 07/21/2022 - 09:49
Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center.

Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138.

A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers.

Once installed the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2), a Confluence user account with the username “disabledsystemuser” is created.

According to Atlassian, the account allows administrators to migrate data from the app to Confluence Cloud. The bad news is that the account is created with a hard-coded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default.

“When the Questions for Confluence app is enabled on Confluence Server or Data Center, it creates a Confluence user account with the username disabledsystemuser. This account is intended to aid administrators that are migrating data from the app to Confluence Cloud. The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default.”  reads the advisory published by Atlassian. “A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the group has access to.”

The affected versions are:

Questions for Confluence 2.7.x2.7.34
2.7.35Questions for Confluence 3.0.x3.0.2

The company pointed out that uninstalling the Questions for Confluence app does not solve this vulnerability because the disabledsystemuser account is not removed after the app has been uninstalled. Admins of impacted Confluence Server or Data Center instances can remediate this vulnerability with the following actions:

  • Option 1: Update to a non-vulnerable version of Questions for Confluence
  • Option 2: Disable or delete the disabledsystemuser account

The good news is that Atlassian is not aware of attacks in the wild exploiting this vulnerability.

To determine if someone has used the hardcoded password to log into the disabledsystemuser account, admins can get a list of users’ last logon times and if the last authentication time for the hardcoded account is null, that means the account was never used to access the device.

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, Atlassian)

The post Atlassian patched a critical Confluence vulnerability appeared first on Security Affairs.

Categories: Cyber Security News

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

The Hacker News - Thu, 07/21/2022 - 09:23
A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. "The framework has both passive and active
Categories: Cyber Security News

Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms

The Hacker News - Thu, 07/21/2022 - 08:20
The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News. "The malware includes multiple interesting components to evade
Categories: Cyber Security News

Hackers Target Ukrainian Software Company Using GoMet Backdoor

The Hacker News - Thu, 07/21/2022 - 08:02
A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network. "This access could be
Categories: Cyber Security News

The New Weak Link in SaaS Security: Devices

The Hacker News - Thu, 07/21/2022 - 08:01
Typically, when threat actors look to infiltrate an organization's SaaS apps, they look to SaaS app misconfigurations as a means of entry. However, employees now use their personal devices, whether their phones or laptops, etc., to get their jobs done. If the device's hygiene is not up to par, it increases the risk for the organization and widens the attack surface for bad actors. And so,
Categories: Cyber Security News

Microsoft (jednak) już za chwilę zablokuje makra pakietu Office [pliki pochodzące z Internetu]

Sekurak.pl - Thu, 07/21/2022 - 05:45

Makra pakietu MS Office, to chyba jedna częściej wykorzystywanych funkcji w atakach phishingowych. Złośliwe makra w dość łatwy sposób są w stanie zapewnić atakującym przyczółek w sieci ofiary. A później już z górki – może być infekowana cała sieć. O planowanym, domyślnym wyłączeniu makr informowaliśmy w lutym, ale nie wszystko poszło całkiem gładko. Microsoft ogłosił...

Artykuł Microsoft (jednak) już za chwilę zablokuje makra pakietu Office [pliki pochodzące z Internetu] pochodzi z serwisu Sekurak.

Apple fixes multiple flaws in iOS, iPadOS, macOS, tvOS, and watchOS devices

Security Affairs - Thu, 07/21/2022 - 05:22
Apple released security updates to address multiple vulnerabilities that affect iOS, iPadOS, macOS, tvOS, and watchOS devices.

Apple released security updates to fix 37 vulnerabilities impacting iOS, iPadOS, macOS, tvOS, and watchOS devices. The flaws addressed by Apple lead to arbitrary code execution, privilege escalation, denial-of-service (DoS), and information disclosure.

Below is the list of Apple security updates:

Name and information linkAvailable forRelease dateSafari 15.6macOS Big Sur and macOS Catalina20 Jul 2022watchOS 8.7Apple Watch Series 3 and later20 Jul 2022Security Update 2022-005 CatalinamacOS Catalina20 Jul 2022macOS Big Sur 11.6.8macOS Big Sur20 Jul 2022macOS Monterey 12.5macOS Monterey20 Jul 2022tvOS 15.6Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD20 Jul 2022

One of the most severe issues addressed by the IT giant is a heap buffer overflow tracked as CVE-2022-2294. The vulnerability resides in the Web Real-Time Communications (WebRTC) component and was discovered by Google researchers who confirmed it is actively exploited in the wild in attacks aimed at Chrome users.

The vulnerability was reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01.

Another arbitrary code execution issue that was addressed by the company with the release of Safari 15.6 are:

  • CVE-2022-32792 – An out-of-bounds write issue was addressed with improved input validation.

The company also addressed several arbitrary code execution flaws impacting Neural Engine, Audio, GPU Drivers, ImageIO, and Kernel.

Users should upgrade their devices by installing iOS 15.6, iPadOS 15.6, macOS (Monterey 12.5, Big Sur 11.6.8, and 2022-005 Catalina), tvOS 15.6, and watchOS 8.7.

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, arbitrary code execution)

The post Apple fixes multiple flaws in iOS, iPadOS, macOS, tvOS, and watchOS devices appeared first on Security Affairs.

Categories: Cyber Security News

Zahardkodowane hasło w jednym z pluginów do Confluence. Daje nieuwierzytelniony dostęp do wszystkich danych. CVE-2022-26138

Sekurak.pl - Thu, 07/21/2022 - 04:48

Wygląda to trochę jak backdoor: Problem występuje w pluginie Questions for Confluence, a Atlassian pisze o temacie w ten sposób:  The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default. A remote, unauthenticated attacker with knowledge of the hardcoded password...

Artykuł Zahardkodowane hasło w jednym z pluginów do Confluence. Daje nieuwierzytelniony dostęp do wszystkich danych. CVE-2022-26138 pochodzi z serwisu Sekurak.

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

The Hacker News - Thu, 07/21/2022 - 04:46
Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "
Categories: Cyber Security News

FBI Seizes $500,000 Ransomware Payments and Crypto from North Korean Hackers

The Hacker News - Thu, 07/21/2022 - 04:25
The U.S. Department of Justice (DoJ) has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. "The seized funds include ransoms paid by healthcare providers in Kansas and Colorado," the DoJ said in a press release issued Tuesday. The recovery of the bitcoin ransoms
Categories: Cyber Security News

Pages