Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT
The behavior of the actors was reportedly identical to what was described by Minerva Labs in 2021
Cyber NewsSolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates
The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.
Cyber NewsLazarus-Associated Hackers Weaponize Open-Source Tools Against Several Countries
The advisory suggests Zinc has targeted media, defense and aerospace, and IT services
Cyber NewsWatchfinder warns customers that hackers stole their data
Luxury pre-owned watch website Watchfinder has warned its user base that their personal data has been accessed after an employee’s account was broken into and a customer list accessed.
Cyber NewsNew Malware Families Found Targeting VMware ESXi Hypervisors
Threat actors have been found deploying never-before-seen post-compromise implants in VMware’s virtualization software to seize control of infected systems and evade detection. Google’s Mandiant threat intelligence division referred to it as a “novel malware ecosystem” that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access
Cyber NewsMicrosoft Confirms Two Exchange Zero-Day Vulnerabilities
The vulnerabilities were first discovered by Vietnamese cybersecurity firm GTSC
Cyber NewsThe cost of a short code for SMS using AWS Pinpoint
$650 on time fee and a charge of $995 per month I wrote about how I was trying to get a short code for AWS Pinpoint here: Sending an SMS Message from a Lambda Function I have requested a pinpoint short code a few times on AWS and had issues getting through the process. This is the […]
Cyber NewsSecurity Vulnerabilities in Covert CIA Websites
Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by—at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.” Citizen Lab did the research: […]
Cyber NewsWith the Software Supply Chain, You Can’t Secure What You Don’t Measure
Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.
Cyber News