Latest Cybersecurity News and Articles

---

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,

---

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks

---

Recognizing National Cybersecurity Awareness Month in 2024

During National Cybersecurity Awareness Month, cybersecurity experts are reflecting on prominent threats and how they can be mitigated. 

---

U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails

The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court

---

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the man's alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.

---

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)

Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news – Kaspersky's forced exit from the US market left users with more

---

Facebook retains consumer data for 180 days post account deletion

A study found that Meta (Facebook, Instagram and Facebook Messenger), YouTube and Discord keep users’ data for 180 days after they have deleted their accounts.

---

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher

---

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique – so

---

Storm-0501 Expands Ransomware Attacks to Hybrid Cloud Environments

Microsoft has detected Storm-0501 using Cobalt Strike for lateral movement across networks and deploying Embargo ransomware on victim organizations in hybrid cloud setups.

---

Critical WatchGuard Vulnerabilities Discovered: CVE-2024-6592 and CVE-2024-6593

Two critical vulnerabilities, CVE-2024-6592 and CVE-2024-6593, have been found in WatchGuard’s Authentication Gateway and Single Sign-On Client software by cybersecurity firm RedTeam Pentesting GmbH.

---

A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock

---

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

KLogEXE is a C++ keylogger while FPSpy is a backdoor designed to collect system information and exfiltrate data from compromised devices. Both malware strains are primarily being distributed through spear-phishing emails.

---

Unpatched SQLi Flaw in TI WooCommerce Wishlist Threatens 100,000+ Sites

A critical security flaw, CVE-2024-43917, with a CVSS score of 9. 3, has been found in the popular WordPress plugin TI WooCommerce Wishlist, putting over 100,000 sites at risk of SQL injection attacks.

---

DCRat Targets Users with HTML Smuggling

A new HTML smuggling campaign is targeting Russian-speaking users, distributing DCRat malware. This marks the first time the malware has been deployed using this method, unlike common delivery methods like compromised sites or phishing emails.

---

First Mobile Crypto Drainer Found on Google Play

The malicious app, called WalletConnect, amassed over 10,000 downloads and stole around $70,000 in cryptocurrency from Android users before being removed from the Google Play Store.

---

NIST Proposes Barring Some of the Most Nonsensical Password Rules

NIST is seeking public feedback on the draft guidelines, which can be submitted via email until October 7. The goal is to promote sensible password practices that enhance security without burdening users or compromising their online identity.

---

Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

A watering hole attack targeted Kurdish websites, distributing malicious APKs and spyware, compromising 25 sites for over a year. French cybersecurity firm Sekoia uncovered the campaign called SilentSelfie, delivering various info-stealers.

---

Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's

---

In tackling Vladimir Putin’s web of troll farms and hackers, we have one advantage: democracy | Peter Pomarantsev

By focusing on its strengths and pooling information, the west can disrupt Russia’s war machine – but there’s no time to loseRussia is a “mafia state” trying to expand into a “mafia empire”, the foreign secretary, David Lammy, told the UN, nailing the dual nature of Vladimir Putin’s political model. On one hand Russia represents something very old – a world of bullying empires that invade smaller countries, grab their resources and indoctrinate their people into thinking they are inferior. But it is also something very new, weaponising corruption, criminal networks, assassinations and tech-driven psy-ops to subvert open societies. And if democracies don’t act to stop it, this malign model will be imitated across the globe.Ukraine is resisting the older, zombie imperialism every day on the battlefield, and democracies will have to arm Ukraine and ourselves to constrain Russia properly. But how should we fight the more contemporary tools of political warfare that Russia pioneers? These are becoming ever more prevalent. Globalisation was meant to make us all so integrated that it would diminish the risk of wars. Instead, the free flow of information, money and people across borders also made subversion easier than ever. At the Labour party conference, Lammy indicated that democracies need to work together to stop Russia: “Exposing their agents, building joint capability and working with the global south to take on Putin’s lies.”Do you have an opinion on the issues raised in this article? If you would like to submit a letter of up to 250 words to be considered for publication, email it to us at observer.letters@observer.co.uk Continue reading...