Daily Cyber Brief
A phishing attack leads to millions stolen from Uniswap users, CISA orders agencies to patch Windows 0-days, and the head of the European Central Bank was targeted in a hacking attempt...
Cybersecurity
Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet
The global internet—a vast matrix of telecommunications, fiber optics, and satellite networks—is in large part a creation of the United States. The technologies that underpin the internet grew out of federal research projects, and U.S. companies innovated, commercialized…
ChromeLoader: New Stubborn Malware Campaign
In January 2022, a new browser hijacker/adware campaign named ChromeLoader (also known as Choziosi Loader and ChromeBack) was discovered. Despite using simple malicious advertisements, the malware became widespread, potentially leaking data from thousands…
New ‘Luna Moth’ hackers breach orgs via fake subscription renewals
A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom. The gang received the name Luna Moth and has been active since at least March in phishing…
Millions in cryptocurrency stolen in phishing attacks on Uniswap users
A phishing attack on users of Uniswap, a decentralized cryptocurrency exchange, has caused millions of dollars in losses. The incident first came to light on Monday when Binance CEO Changpeng Zhao said his threat intelligence team “detected a potential exploit on Uniswap…
Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now
Microsoft today released patches for 84 vulnerabilities across its product categories, including one bug now actively exploited and four that the company rated as critical severity. The July security update also includes fixes for four elevation of privilege vulnerabilities in the…
CISA orders agencies to patch new Windows zero-day used in attacks
CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild. This high severity security flaw (tracked as CVE-2022-22047) impacts both server and client Windows…
‘Callback’ Phishing Campaign Impersonates Security Firms
Victims instructed to make a phone call that will direct them to a link for downloading malware. A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download…
Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs
Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise (BEC) attacks. The threat actors used landing pages…
European Central Bank Head Targeted in Hacking Attempt
The European Central Bank said Tuesday that its president, Christine Lagarde, was targeted in a hacking attempt but no information was compromised. The attempt took place “recently,” the Frankfurt-based central bank for the 19 countries that use the euro said in an…
Aerojet Rocketdyne Pays $9m Settlement Over Whistleblower Allegations
US government contractor Aerojet Rocketdyne has paid a $9m settlement after allegations that it misrepresented its compliance with US government security requirements. The El Segundo, California, company violated the False Claims Act, according to allegations…
Create your profile
Only paid subscribers can comment on this post
Check your email
For your security, we need to re-authenticate you.
Click the link we sent to , or click here to sign in.