Börzel IT
Updates
- Zyxel Issues Critical Security Patches for Firewall and VPN Products
- Sicherheitslücke in Samsung-Smartphones wird angegriffen
- Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
- GitLab 'strongly recommends' patching max severity flaw ASAP
- Hackers target 1.5M WordPress sites with cookie consent plugin exploit
- D-Link fixes two critical flaws in D-View 8 network management suite
Threats
- Ads for lucrative jobs in Asia may be tech slavery scams
- Credential harvesting tool Legion targets additional cloud services
- New hyperactive phishing campaign uses SuperMailer templates: Report
- SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups
- Microsoft reports jump in business email compromise activity
- New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government
- Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry
- Probes for recent ABUS Security Camera Vulnerability: Attackers keep an eye on everything., (Mon, May 22nd)
- BrutePrint - Bruteforce Attack to Bypass User Authentication on Smartphones
- Microsoft 365 phishing attacks use encrypted RPMSG messages
- Android phones are vulnerable to fingerprint brute-force attacks
- PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks
- BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer
Incidents
- Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data
- Suzuki motorcycle plant shut down by cyber attack
- Microsoft 365 hit by new outage causing connectivity issues
- China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
- German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack
- PyPI Shuts Down Over the Weekend, Says Incident Was Overblown
- US govt contractor ABB confirms ransomware attack, data theft
Cyber Crime
- Infosec analyst pleads guilty to blackmailing employer
- IT employee impersonates ransomware gang to extort employer
- Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code
- North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware
- N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware
- Meet the GoldenJackal APT group. Don’t expect any howls
- U.K. Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes
Malware
- New AhRat Android malware hidden in app with 50,000 installs
- Hunting Lazarus Group’s TTPs
- DocuSign-themed email leads to script-based infection, (Sat, May 27th)
- Data Stealing Malware Discovered in Popular Android Screen Recorder App
- Malicious Windows kernel drivers used in BlackCat ransomware attacks
- QBot malware abuses Windows WordPad EXE to infect devices
- CosmicEnergy Malware Emerges, Capable of Electric Grid Shutdown
- Predator: Looking under the hood of Intellexa’s Android spyware
Misc.
- Google announced its Mobile VRP (vulnerability rewards program)
- Google will delete accounts inactive for more than 2 years
- Google launches bug bounty program for its Android applications
- Windows 11 getting native support for 7-Zip, RAR, and GZ archives
- Microsoft: Windows issue causes file copying, saving failures
- New Microsoft PowerToy lets you control 4 PCs with one mouse, keyboard
- Windows Copilot: Your new AI assistant for Windows 11
- China Bans U.S. Chip Giant Micron, Citing "Serious Cybersecurity Problems"
- An AI-based Chrome Extension Against Phishing, Malware, and Ransomware
- WSJ News Exclusive | Meta Fined $1.3 Billion Over Data Transfers to U.S.
- Red Hat Pushes New Tools to Secure Software Supply Chain
- The Power of Unity: Fueling Cyber Defense through Threat Intel Sharing Communities and Protocols
- Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints
- Infecting SSH Public Keys with backdoors
