Each week Zacco tracks the latest cyber security threats, current industry news or trends and insights into the latest protection best practice. The Cyber Security Digest is a weekly compilation of the most significant developments within both cybersecurity and digital protection space, with links to further information on how it might affect you, your company or your clients.
Essential reading for cyber security professionals, as well as the general public, to keep you informed of current events and emerging threats.
Security researchers from Check Point Research have identified a new spy campaign dubbed “Twisted Panda”. The main target of this APT gang is two Russian defence institutes and a research facility in Belarus.
The Maintainers of the Talis project have issued a warning that the Tor browser bundled with the operating system is unsafe for accessing or entering sensitive information. This issue comes out after Mozilla issued fixes for two critical Zero-day flaws in its Firefox browser, a modified version of this acts as the base for the Tor browser.
Security researchers from Microsoft have identified a high severity vulnerability in a framework used in Android apps. Multiple large mobile service providers have been observed to have security flaws in their apps. All the involved parties have taken the necessary steps to fix it.
A Bluetooth relay attack can let cybercriminals easily unlock and operate cars, break open residential smart locks and breach secure access. The vulnerability resides in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices.
VMware has released patches for two security flaws impacting ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The vulnerability has a CVSS score of 9.8.
Nikkei Japanese-based media company disclosed a ransomware attack on Thursday. Unauthorised access to servers was detected on 13th May and it was immediately shut down to minimize the impact. The compromised servers likely contained customer data but the company is not aware of the data leak.
Google addressed a high severity bug in the OAuth client library for Java. The vulnerability tracked as CVE-2021-22573 has a severity point of 8.7 out of 10. The vulnerability if compromised would have allowed threat actors to compromise tokens and deploy arbitrary payloads.
The user information database worth 10GB of VPN services such as ChatVPN, SuperVPN, and GeckoVPN was leaked in the Telegram group, 21 million user’s data were leaked online exposing their details and login credentials.
The” Bitter APT” group has been targeting the Bangladesh government. Bitter APT mainly focuses on cyberespionage, it has developed a new malware which enables it to download and execute remote files.
Cyber security researchers from Go-daddy owned security companies, have disclosed a massive campaign that’s responsible for injecting malicious Java code into a compromised website. These malicious codes redirect visitors to scam pages and websites.
Microsoft released security patches for 74 vulnerabilities for the month of March 2022. Out of these 71 vulnerabilities, 66 are classified as important, 7 as critical and 1 as low.
Google on its monthly security patches has issued fixes for 37 flaws across different components and it also has fixed an actively exploited Linux Kernel vulnerability which has a CVSS score of 7.8.
Conti Ransomware gang has claimed to have hacked Peru MOF – Dirección General de Inteligencia (DIGIMIN) and added that to their list of victims on its Tor leak site.
On Friday QNAP released security patches for Nine vulnerabilities that includes a critical vulnerability which could take over affected systems.
A common passwordless sign-in standard created by the FIDO Alliance and the world wide web consortium, gains support from Apple, Google, and Microsoft. A passwordless login offers consistent, secure, and easy sign-in to consumers across all devices and platforms.
Hackers conducted a phishing campaign which had a malicious zip file with “more-eggs” malware that targeted job hunting professionals on Linkedln. The malware steals credentials like usernames and passwords for corporate bank accounts, email accounts, and IT admin accounts.
