Daily Cyber Brief
A new 0-day allows RCE using .zip files, Google blocked the largest HTTPS DDoS ever, and a Janet Jackson music video has been found to freeze certain hard drives...
Cybersecurity
A known security researcher has discovered a new zero-day vulnerability in Windows, which allows for remote code execution by opening .zip files in Windows. Zip archives are able to hold internet shortcuts and, when using the Windows file system, can call CMD to execute…
Estonian officials said the country successfully thwarted a cyberattack on Wednesday that targeted both its public and private institutions. Estonia’s undersecretary for digital transformation, Luukas Ilves, said on Twitter that the country was able to disrupt one of…
The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. Last month, BleepingComputer broke the story that Entrust suffered a ransomware attack on June 18th, 2022. While Entrust confirmed to…
U.S. Cyber Command recently sent a team of “elite defensive cyber operators” to Croatia for the first time as part of its hunt forward operations aimed at collecting information on adversary activity and strengthening partner cyber defenses. The effort, which brought…
Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers. Assigned CVE-2022-38392, the vulnerability we are talking about is a Denial of Service (DoS), specifically…
The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct…
A Google Cloud Armor customer was hit with a distributed denial-of-service (DDoS) attack over the HTTPS protocol that reached 46 million requests per second (RPS), making it the largest ever recorded of its kind. In just two minutes, the attack escalated from 100…
Another threat actor targeting hospitality, hotel, and travel organizations has re-emerged during the busy summer travel season: a smaller, financially motivated player named TA558. According to new research from Proofpoint, the group has been around since 2018 but is…
The Chinese Winnti hacking group, also known as 'APT41' or 'Wicked Spider,' targeted at least 80 organizations last year and successfully breached the networks of at least thirteen. This is according to Group-IB's researchers, who have been following Wintti's activities…
Amazon has fixed a high-severity vulnerability in the Amazon Ring app for Android that could have allowed hackers to download customers' saved camera recordings. The vulnerability was discovered by security researchers at application security testing company…