Nastiest Malware 2023
News, Announcements, Tech Discussions
A couple months ago my scanner stopped sending wirelessly to my computer. I don’t scan all that much which is why I haven’t dealt with the problem before. The scanner works fine when a cable is connected to the computer. It is definitely a wireless communication problem. I have no trouble sending a print document wirelessly. The printer is an HP so I ran their fixit utility. It claimed to have solved the problem (it didn’t) and that the problem was a device protection was enabled that needed to be switched off. Running Windows 10. As mentioned before, all was working well up until a couple of months ago. About this time I replaced my WiFi router so there may be some relation there, but I don’t think that’s the problem. I am running Webroot Secure Anywhere and Webroot WiFi security. In searching the web for solutions, one person who had the same problem was running Bitdefender and the problem was traced to needing to allow an exception to a MAC address or something. Hence my
by: Ali Khan Zoom lovers and Zoom telecommuters rejoice, you can now join and start Zoom meetings directly from your Apple TV. That’s right, Zoom now has an Apple TV app, allowing you to participate in Zoom meetings from your couch and put your videoconferencing on the big screen.All the standard Zoom features are included, including the ability to start and join Zoom meetings, calendar integration, ability to send invites, you can read the in-meeting chats, join breakout rooms, and all the other major Zoom essentials.Requirements to use Zoom on Apple TV are fairly straightforward; you will need an Apple TV 4K 2nd generation or newer with tvOS 17 or later, and an iPhone or iPad running the latest iOS 17/iPadOS 17 or a newer release. ⇨⇨ Full Article ⇦⇦
December 2, 2023 By Pierluigi Paganini WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms’ users.Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The content platform WeMystic is a good example of this, with the Cybernews research team discovering that it exposed its users’ sensitive data. >> Full Article <<
by: Jamie Cuevas This is a cool little convenience feature that is not widely known; the Messages app on iPhone and iPad will prompt you to send photos if someone asks for them. The Messages app has become significantly more intelligent in the latest versions of iOS and iPadOS for iPhone and iPad, and now, alongside the usual QuickType text suggestions, emoji suggestions, and auto-correct suggestions, your iPhone will also prompt you to ‘Choose Photos’ if someone sends you a message requesting photos or pictures. ⇨⇨ Full Article ⇦⇦
Recently, the threat actors behind the Qilin ransomware group added a significant amount of sensitive data belonging to the automotive parts supplier, Yanfeng, to their dark web leak site. It was reported that a disruption occurred at their North American manufacturing facilities on November 13th, but the company was not forthcoming with any additional information on the incident and has yet to release a statement regarding the disruptions. It is unclear how long Yanfeng officials will have to negotiate the release of their stolen data, but the Qilin leak site states that they will publish the data shortly.ALPHV/BlackCat ransomware targets Fidelity National FinancialEarly last week, officials for Fidelity National Financial (FNF) confirmed that they had fallen victim to a cybersecurity attack and were forced to take several of their internal systems offline. It is believed that the ALPHV/BlackCat ransomware group are responsible for the intrusion and the group has added FNF to their da
I have a five device license for Webroot SecureAnywhere Antivirus. In the My Devices list at https://myaccount.carbonite.com/security, I don’t own two of the devices shown anymore. How do I remove those devices from the list so I can install Webroot on additional devices?Thanks!
December 1, 2023 By Jonathan Greig About 60 credit unions are dealing with outages due to a ransomware attack on a widely-used technology provider.National Credit Union Administration (NCUA) spokesperson Joseph Adamoli said the ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.Adamoli said the NCUA, which regulates credit unions at the federal level, received incident reports indicating that several credit unions were sent a message from Ongoing Operations saying the company was hit with ransomware on November 26.“Upon discovery, we took immediate action to address and investigate the incident, which included engaging third-party specialists to assist with determining the nature and scope of the event. We also notified federal law enforcement,” Ongoing Operations told affected credit unions. >> Full Article <<
CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it:CVE-2022-28958 DIR-816L Remote Code Execution VulnerabilityBinding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabiliti
Exploits bypass most secure boot solutions from the biggest chip vendors December 1, 2023 By Connor Jones Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers.Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver malicious payloads that bypass Secure Boot, Intel Boot Guard, AMD Hardware-Validated Boot, and others.Dubbed "LogoFail," we're told the set of vulnerabilities allows attackers to use malicious image files that are loaded by the firmware during the boot phase as a means of quietly delivering payloads such as bootkits.The vulnerabilities affect the image parsing libraries used by various firmware vendors, most of which are exposed to the flaws, according to the researchers at Binarly. >> Full Article <<
Office supply retail giant confirms security incident disrupted online orders, communications channels and customer service lines. December 1, 2023 By Ryan Naraine Office supply retail superstore Staples on Friday confirmed some of its IT systems had to be taken offline after a “cybersecurity risk” was identified and partially contained.The incident, which experts believe is a data-extortion ransomware attack, caused temporary disruption to the staples.com processing and delivering capabilities and the company’s communications channels and customer service lines. >> Full Article <<
December 1, 2023 By Sergiu Gatlan VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th.Cloud Director is a VMware platform that enables admins to manage data centers spread across multiple locations as Virtual Data Centers (VDC).The auth bypass security flaw (CVE-2023-34060) only impacts appliances running VCD Appliance 10.5 that were previously upgraded from an older release. However, VMware says it doesn't affect fresh VCD Appliance 10.5 installs, Linux deployments, and other appliances.Remote attackers can remotely exploit the CVE-2023-34060 bug in low-complexity attacks that don't require user interaction. >> Full Article <<
December 1, 2023 By Bill Toulas A novel malware named 'Agent Raccoon' (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa.The attackers are believed to be nation-state threat actors discovered by Palo Alto Network's Unit 42, which reports seeing victims spanning various sectors, including government, telecommunications, education, real estate, retail, and non-profit organizations."We assess with medium confidence that this threat activity cluster aligns to nation-state related threat actors due to the nature of the organizations that were compromised, the TTPs observed and the customization of the tool set," explains the Unit 42 researchers."We have not confirmed a particular nation-state or threat group." >> Full Article <<
Hello,I’ve got a question. I started my PC and this message poped up. Is it something I should worry about? I tried to remove a potential threat but it was impossible. It got stuck. I restarted my PC, scanned again and there was no such message anymore. I checked the console and it was fine. Could someone explain it? Is it false or sth?Thank you in advance
November 30, 2023 The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals.OFAC has also sanctioned eight North Korean agents for facilitating sanctions evasion and supporting their country's weapons of mass destruction (WMD) programs.Today's measures come as a direct response to the Democratic People's Republic of Korea's (DPRK) alleged launch of a military reconnaissance satellite on November 21 to impede DPRK's capacity to generate income, acquire resources, and gather intelligence supporting the advancement of its WMD program."Active since 2012, Kimsuky is subordinate to the UN- and U.S. designated Reconnaissance General Bureau (RGB), the DPRK's primary foreign intelligence service," the Department of Treasury said today."Malicious cyber activity associated with the Kimsuky advanced persistent threat is also known in the cybersecurity industry
November 30, 2023 By Bill Toulas FjordPhantom's virtualization attackSource: Promon A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection.The malware was discovered by Promon, whose analysts report that it currently spreads via emails, SMS, and messaging apps targeting banking apps in Indonesia, Thailand, Vietnam, Singapore, and Malaysia.Victims are tricked into downloading what appear to be legitimate banking apps but contain malicious code running in a virtual environment to attack the real banking app.FjordPhantom aims to steal online bank account credentials and manipulate transactions by performing on-device fraud. >> Full Article <<