Daily Cyber Brief
Microsoft warns of Russian cyberattacks this winter, Google releases Chrome emergency fix for ninth zero-day this year, and hackers reverse defense mitigations when detected in telecom networks...
Cybersecurity
Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. Redmond said in a report published over the weekend that it observed a pattern of targeted attacks on infrastructure in…
Google developers released an urgent fix for Chrome 108.0.5359.94 on Friday. The update addresses a novel, zero-day vulnerability (tracked CVE-2022-4262). The flaw reportedly affects all versions of the browser, and according to Mike Walters, VP of vulnerability…
A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. The campaign was spotted by Crowdstrike, who says the attacks started…
Companies infected with purported ransomware may no longer have an option to pay a ransom. A new malicious program acts exactly like crypto-ransomware — overwriting and renaming files, then dropping a text file with a ransom note and a Bitcoin address for…
Dubbed Redigo, the malware is written in Go and was seen being deployed in an attack that exploited a known Redis vulnerability (CVE-2022-0543, CVSS score of 10) for initial access. Leading to remote code execution (RCE), the bug made headlines in April, when security…
A threat actor group named “Team Mysterious Bangladesh” has claimed to have compromised the Indian Central Board of Higher Education (CBHE) systems. According to a new advisory by cybersecurity experts at CloudSEK, the hackers would have stolen personally identifiable…
As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Today, Palo Alto Networks…
Two developers going by the name 'Mysk' claimed last month that Apple was tracking users' every tap on the App Store, with no way of disabling the function. A class action lawsuit was subsequently filed in California, claiming that Apple's "promises regarding privacy are utterly…
Cloud company Rackspace has revealed it experienced a cybersecurity incident causing it to temporarily suspend its Hosted Exchange environment, which has now been restored. “On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange…
Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions. A Bring Your Own Filesystem attack is when threat actors create a…