Daily Cyber Brief

4/5/22

Cybersecurity

State Department formally launches new cyber bureau

The State Department launched its new Bureau of Cyberspace and Digital Policy on Monday in what it says is a modernization of the agency aimed at emerging technology issues in diplomacy. A statement issued by the department said the bureau will address “the national…

Hackers breached Mailchimp to target crypto holders

Hackers used internal tools from Mailchimp to target customers from a total of 102 users, including hardware cryptocurrency wallet Trezor, reported The Verge. Trezor users over the weekend received emails claiming that their accounts were compromised in a data breach…

Russians bypass website blocks to access Western news sources

Cloudflare sees signs of Russians increasingly turning to Western news sources to get accurate information about the situation in Ukraine. A new blog post published today by Cloudflare presents statistical evidence that the netizens of Russia are adopting blockage circumvention…

VMware patches Spring4Shell RCE flaw in multiple products

VMware has published security updates for the critical remote code execution vulnerability known as Spring4Shell, which impacts several of its cloud computing and virtualization products. A list of VMware products affected by Spring4Shell is available in an advisory…

German wind turbine maker shut down after cyberattack

A German wind turbine maker was forced to shut down its IT systems across multiple locations and business units after it was hit with a cyberattack on March 31. Nordex designs, sells and manufactures wind turbines, reporting nearly $6 billion in sales in 2021…

More than $15 million stolen after hackers exploit DeFi platform Inverse Finance

An attack on decentralized finance (DeFi) protocol Inverse Finance led to the theft of more than $15 million in cryptocurrency, the company said on Saturday. The company wrote on Twitter that a hacker managed to manipulate its money market, Anchor, and increased…

Millions of Installations Potentially Vulnerable to Spring Framework Flaw

Security firms produced two data points on Monday to estimate the number of Spring Framework installations that are vulnerable to the most recent flaw — CVE-2022-22965, also known as Spring4Shell or SpringShell — suggesting anywhere from hundreds of thousands to…

FIN7 hackers evolve toolset, work with multiple ransomware gangs

Threat analysts have compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods. FIN7 (a.k.a. Carbanak) is a Russian-speaking, financially motivated…

New Borat remote access malware is no laughing matter

A new remote access trojan (RAT) named Borat has appeared on darknet markets, offering easy-to-use features to conduct DDoS attacks, UAC bypass, and ransomware deployment. As a RAT, Borat enables remote threat actors to take complete control of their victim’s mouse…

TOTOLINK Routers, Other Device Exploits Added to Beastmode Botnet

The Mirai-based DDoS botnet known as Beastmode continues to expand its arsenal with at least five new exploits added over the last two months. The new exploits include three targeting TOTOLINK routers, one targeting the discontinued D-Link routers DIR-810L…

Daily Cyber Brief

4/5/22

Cybersecurity

Join the conversation

Overt Operator