Daily Cyber Brief

The emergent threat H0lyGh0st tied to North Korea, Sandworm APT taunts security researchers, and crypto mixer use is at an all-time high...

Cybersecurity

CISA adds Windows bug to exploited list, urges agencies to patch by August 2

The Cybersecurity and Infrastructure Security Agency ordered all federal civilian agencies to patch a Windows vulnerability by August 2 after Microsoft said it had detected exploitation of the bug. The issue – tagged as CVE-2022-22047 – carries a vulnerability score (CVSS) of 7.8…

Emerging H0lyGh0st Ransomware Tied to North Korea

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530. Microsoft researchers have linked an emerging ransomware threat that already has compromised a number of small-to-mid…

Password recovery tool infects industrial systems with Sality malware

A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs). Advertised on various social media platforms, the password recovery tools promise to unlock PLC and HMI…

LendingTree denies connection to data breach affecting 200,000, but confirms a different one

The financial services giant LendingTree has denied any connection to a reported data breach involving 200,000 loan applications found on the dark web, although the company did confirm that the information of tens of thousands of customers was exposed in a separate…

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web…

Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine

The infamous Sandworm threat group operating out of Russia's military GRU unit has no qualms about taunting researchers when it finds it is being watched. Just ask Robert Lipovsky and his fellow researchers at ESET, who got the message loud and clear when they dissected…

Attackers scan 1.6 million WordPress sites for vulnerable plugin

Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication. The attackers are targeting the Kaswara Modern WPBakery Page Builder…

Cryptocurrency sent to mixers reaches an all-time high thanks to illicit activity

The amount of cryptocurrency sent to mixing services reached an all-time monthly high in April of $51.8 million, according to data published by blockchain research company Chainalysis. Mixing services are used for both legitimate and illicit reasons, allowing…

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active…

Langevin amendment to boost cyber defenses for critical infrastructure wins House approval

An amendment that includes cyber protections to defend “systemically important” critical infrastructure — such as large energy utilities, telecom providers and major financial institutions — won adoption in the U.S. House of Representatives Thursday…

Daily Cyber Brief

The emergent threat H0lyGh0st tied to North Korea, Sandworm APT taunts security researchers, and crypto mixer use is at an all-time high...

Cybersecurity

Join the conversation

Overt Operator