Cyber edition

The tech firm has observed that many known attackers are adding and creating exploits of Log4Shell CVE and CVE in their malware kits and tactics, such as hands-on keyboard attacks and coin miners. Microsoft noted that the exploitation attempts and testing stayed high during the last weeks of December Organisations should widen their scanning capabilities to stay protected and identify threats to their environments.

They should use scripts and scanning tools to better assess potential risks. Moreover, the FTC warning has advised companies to follow the official guidance on fixing the Log4j flaws. A Zloader campaign has been discovered exploiting the digital signature verification process of Microsoft to deploy malware payloads. The campaign, run by Malsmoke hacker group, steals user credentials and has already targeted thousands of victims across countries.

According to researchers from Check Point , the campaign has been ongoing since at least November The infection starts via a modified Atera installer Java[. It is suspected that attackers used spear-phishing emails or pirated software resources, although researchers could not confirm the same. After execution, Atera creates an agent that assigns an endpoint with an email address managed by the threat actor. Then, the attackers gain full remote access to the target system.

Hackers exploit known flaws CVE , CVE , and CVE in the campaign, and Microsoft has tried to fix the security gaps by releasing more rigid file verification policies. However, they were disabled by default, helping adversaries abuse it for their gain.

These attacks seem to be highly targeted in nature and may cause severe damage. The use of valid code signatures to stay undetected from security tools makes it harder for victim organisations to detect the threat. However, organisations can check out the indicators of compromise for proactive detection and prevention. The threat of supply chain attacks keeps getting more real by the day. This time, real estate websites were under a supply chain attack via a unique attack vector.

A cloud video platform was leveraged to propagate a web skimmer campaign. While the attack was conducted last year, it has come to light only recently. The attackers added the skimmer scripts in a video, meaning that whenever others would import the video, their websites would get infected.

The malicious JavaScript code was highly obfuscated and was made to identify credit card patterns, verify credit card numbers, collect the data, and send it across to the operators. Palo Alto Networks stated that the skimmer is highly polymorphic, evasive, and continuously evolving.

When brought together with cloud distribution platforms, this kind of skimmer can cause grave consequences. As per Malwarebytes , the campaign began as early as January and the data collected was transferred to a remote server that also acted as a collection domain for a Magecart attack against Amazon CloudFront CDN in June In order to detect and impede the injection of malicious codes into online platforms, organisations are advised to perform web content integrity checks on a regular basis.

It is, furthermore, recommended that they defend accounts from takeover attempts and keep an eye out for possible social engineering schemes. See Jake Tapper's plea to Republicans. Lawmaker shares a 'defining memory' from the January 6th insurrection. Pediatrician to FL governor: 'Listen to science' now more than ever. What to expect on the first anniversary of the January 6th Capitol riot. Twitter suspends Marjorie Taylor Greene account over Covid misinformation.

The Cyber Ninjas, which faced months of criticism over the audit's shoddy practices and partisan roots , has encountered a new round of headaches recently. Although detecting DGA activity is still challenging, defenders can achieve a lot by monitoring DNS data like queries, responses, and IP addresses and focusing on identifying patterns.

T-Mobile has suffered another cyberattack after being rocked by a massive data breach in August. According to the report, customers either fell victim to a SIM swapping attack, which could allow someone to bypass SMS-powered two-factor authentication, had personal plan information exposed, or both. The company said it is unclear whether personal information has been compromised — the subscription system affected by the attack contains names, addresses, phone numbers, and subscription history of customers.

Data such as passwords, read history, and financial information are not affected, the company said. Amedia publishes more than 90 newspapers and other publications that reach more than 2. A sophisticated cyberattack that hit the UK's Defence Academy last year caused "significant" damage, a retired high-level official has revealed.

Air Marshal Edward Stringer, who was officer in charge at the time, told Sky News that the Academy uncovered the incident in March , following which it decided to rebuild its network. The attack has still not been attributed to an organisation or state. Contractors working for outsourcing firm Serco were the first to notice unusual activity on the Academy's network in March.

The Academy's IT staff soon identified the presence of external agents on the network, who it appeared were there for "nefarious reasons. The Ministry of Defence's digital branch launched an investigation into the incident after it was discovered, and the National Cyber Security Centre was also made aware of the hack.

According to Sky News, no sensitive data was stored on the compromised systems, and there were no breaches beyond the Academy, although there were some concerns that the attackers could have used the academy's network as a backdoor to other MoD systems. Interested in learning more about cyber security? QA's Cyber Security practice offers training, labs, certifications and qualifications in a wide range of subjects, including attack and defence , data privacy , security operations , digital forensics and incident response , secure engineering , cyber governance, risk and compliance , cyber intelligence , and cloud security.

In this edition: Compromised cloud accounts lead to cryptomining, critical ManageEngine ServiceDesk vulnerability, new Omicro…. In this edition: Admins urged to urgently patch Microsoft email systems, GoDaddy 1.

In this edition: Flaws in automated application security testing uncovered, hackers gained access to Australian Gov accounts,…. In this edition: Global electric utility sector is facing an increasing cyberthreat, QR codes quishing bypass defences, sig….

In this edition of Cyber Pulse: Kaseya releases patches for vulnerabilities exploited in ransomware attack, US government res…. In this edition of Cyber Pulse: Majority of web apps in 11 industries are vulnerable all the time, researchers identify a lac…. Certified Information Security Manager. How do you protect your cloud? Into the Breach. Subscribe to our monthly Learning Matters newsletter and stay up to date with QA's latest news, views, offers, must-go-to events and more. And if you want to keep up with the latest cyber news, why not subscribe to our weekly Cyber Pulse newsletter.

In this edition: Continuous attacks target Log4j flaw, Zloader campaign abuses Microsoft's security checks, cloud video distr…. In this edition: Sources of trusted guidance for the Log4j vulnerability, Apache releases new 2.

In this edition: Zero-day in Log4j tool poses a grave threat, banking trojan now spreading ransomware payloads, attacker almo….