Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process … [Read more...] about Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability
information security
Prynt Stealer Contains a Backdoor to Steal Victims’ Data Stolen by Other Cybercriminals
Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims' exfiltrated data when used by other cybercriminals. "While this untrustworthy behavior is nothing new in the world of cybercrime, the victims' data end up in the hands of … [Read more...] about Prynt Stealer Contains a Backdoor to Steal Victims’ Data Stolen by Other Cybercriminals
Stop Worrying About Passwords Forever
So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time. Think about it, internal apps that you do not want to integrate with third-party identity providers, government services, … [Read more...] about Stop Worrying About Passwords Forever
Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit of retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and … [Read more...] about Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the … [Read more...] about Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
New Golang-based ‘Agenda Ransomware’ Can Be Customized For Each Victim
A new ransomware strain written in Golang dubbed "Agenda" has been spotted in the wild, targeting healthcare and education entities in Indonesia, Saudi Arabia, South Africa, and Thailand. "Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and has multiple modes to run," Trend Micro researchers said in an analysis last … [Read more...] about New Golang-based ‘Agenda Ransomware’ Can Be Customized For Each Victim
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian … [Read more...] about Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. "An … [Read more...] about Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
Hackers Breach LastPass Developer System to Steal Source Code
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed, although the company provided no further details regarding the hack and what … [Read more...] about Hackers Breach LastPass Developer System to Steal Source Code
Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "obtain Okta identity credentials and two-factor authentication … [Read more...] about Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations