Month: January 2022

Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers

28 January 2022

Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps). One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. […]

Read More

Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?

27 January 2022

There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn’t take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of […]

Read More

Chaes Banking Trojan Hijacks Chrome Browser with Malicious Extensions

27 January 2022

A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. First documented by Cybereason in November 2020, the info-stealing malware is delivered via a sophisticated infection chain that’s engineered to harvest sensitive […]

Read More

Widespread FluBot and TeaBot Malware Campaigns Targeting Android Devices

27 January 2022

Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December. “Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click,” the Romanian cybersecurity firm detailed in a report published […]

Read More

Hackers Using New Evasive Technique to Deliver AsyncRAT Malware

27 January 2022

A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that’s believed to have commenced in September 2021. “Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through […]

Read More

Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability

27 January 2022

Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer […]

Read More

Webinar: How to See More, But Respond Less with Enhanced Threat Visibility

26 January 2022

The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond challenging. This especially rings true for small to medium-sized enterprises with […]

Read More

Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

26 January 2022

An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download […]

Read More

Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads

26 January 2022

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users’ browsing habits into approximately 350 topics. Thee new framework, which takes the place of FLoC (short for Federated Learning of Cohorts), slots users’ browsing history for a […]

Read More

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

26 January 2022

A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed “PwnKit” by cybersecurity firm Qualys, the weakness impacts a component in polkit […]

Read More