Cybersecurity

Government agencies warn of increase in cyberattacks targeting MSPs

Today, multiple government agencies worldwide including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and NSA in partnership with the U.K.’s National Cyber Security Center (NCSC-UK), as well as the Australian Cyber Security Center…

Pro-Russian hackers target Italy institutional websites -ANSA news agency

Pro-Russian hackers have attacked the websites of several Italian institutions, including the senate, ANSA news agency reported on Wednesday. The hacker group "Killnet" claimed the attack, ANSA said, which also targeted the National Health Institute (ISS) and the…

HP fixes bug letting attackers overwrite firmware in over 200 models

HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges. Kernel-level privileges are the highest rights in Windows, allowing threat actors to execute any…

Alleged Iranian hackers caught targeting Jordan’s foreign ministry

Cybersecurity researchers with Malwarebytes said they discovered a malicious email targeting a government official at Jordan’s foreign ministry, and it appeared to originate from a prolific threat group allegedly based in Iran. The company’s threat intelligence team said Tuesday it…

Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia

An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed…

Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K

A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages…

Vanity URLs Could be Spoofed for Social Engineering Attacks

Vanity links created by companies to add their brand to well-known cloud services could become a useful vector for phishing attacks and a way to better fool victims, researchers warn. Cloud services that don't check whether subdomains have been modified could allow links…

CISA tells federal agencies to fix actively exploited F5 BIG-IP bug

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices. F5 customers using BIG-IP solutions include…

British Man Charged With Hacking US Bank Computers, Stealing Millions

A British man has been charged in New York with unauthorized computer intrusion, securities fraud, wire fraud and other crimes, causing more than $5m of losses. According to a 10-count complaint made public yesterday, Idris Dayo Mustapha, 32, a UK citizen, and others used…

Microsoft Fixes Three Zero-Days in May Patch Tuesday

Microsoft has issued fixes for three zero-day vulnerabilities, including one being actively exploited in the wild, as part of its May monthly update round. Publicly disclosed flaw CVE-2022-26925 is a spoofing vulnerability in Windows LSA marked as “exploitation detected.”…