- 1. Cobalt Strike Usage Explodes Among Cybercrooks
Researchers say that between 2019 and 2020, they witnessed a 161 percent year-over-year increase in the number of real-world attacks leveraging the commercially available, legitimate pen testing tool "Cobalt Strike" and that use of the tool has become "fully mainstream in the crimeware world."
- 2. Over 200,000 Students Data Leaked in Cyberattack
The Malaysian pro-Palestinian hacking group "DragonForce" revealed June 20 via Telegram that it hacked job placement firm AcadeME, which serves various colleges and universities throughout Israel, and stole PII belonging to more than 200,000 Israeli students who have used the site since 2014.
- 3. PoC exploit accidentally leaks for dangerous Windows PrintNightmare bug – The Record by Recorded Future
Proof-of-concept exploit code has been published online today for a vulnerability in the windows print spooler dubbed "PrintNightmare"
- 4. PJobRAT Disguised as Android Dating App Steals contacts and GPS data
The cybersecurity experts of Cyble along with 360 Core Security Lab have recently detected the PJobRAT spyware in dating and instant messaging apps. Not only that even, the analysts have also claimed that the spyware samples disguised themselves as Android dating apps.
- 5. Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware
Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with a command-and-control (C&C) server as part of an attack targeting gaming environments in China.
- 6. FBI director Chris Wray urges companies stop paying ransoms to hackers
His message before the U.S. Senate last week was simple: companies that choose to pay ransom to malware authors is only inspiring the criminal groups to broaden their attacks against vulnerable and/or high-value computer networks.
- 7. Credential Phishing Campaign Exploits Housing Boom
Exceptionally high demand in the housing market has created the opportunity for a timely new lure in a credential phishing campaign. Emails in this campaign reached users in a variety of sectors and arrived in environments protected by several different secure email gateways (SEGs).
- 8. Malware author made $2 million after infecting 222,000 Windows systems – The Record by Recorded Future
The malware known as “Crackonosh”, which gained recent notoriety for infecting highly popular games, has reportedly infected over 222,000 computers since 2018 and “earned” over $2 million to its author(s).
- 9. Pakistan-linked hackers targeted Indian power company with ReverseRat
A threat actor has been spotted targeting government and energy organizations in the South and Central Asia regions since at least January 2021 in spear-phishing attacks designed to infect targeted Windows systems with the "ReverseRAT" .NET backdoor and steal sensitive data.
- 10. Malware blamed for remotely wiping WD My Book Live users’ disks
Hard disk maker Western Digital said Thursday that some users of its My Book Live cloud storage devices were suddenly losing all their data due to "malicious software" and recommended all users disconnect the devices from the internet.
- 11. NFC Flaws Let Researchers Hack ATMs by Waving a Phone
Flaws in card reader technology let a security firm consultant wreak havoc with point-of-sale systems and more.
- 12. LinkedIn breach reportedly exposes data of 92% of users – 9to5Mac
A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web. Not as much a breach, more of a collection of things scraped contrary to the TOS per LinkedIn.
- 13. Fix for PrintNightmare CVE-2021-1675 exploit to keep your Print Servers running while a patch is not available
The exploit works by dropping a DLL in a subdirectory under C:WindowsSystem32spooldrivers
By restricting the ACLs on this directory (and subdirectories) we can prevent malicious DLLs to be introduced by the print spooler service.
- 14. $6 Billion NCR Opens Bitcoin Purchases To 650 Banks And Credit Unions
650 U.S. banks will soon be able to offer bitcoin purchases to an estimated 24 million total customers. As part of the deal between enterprise payments giant NCR and digital-asset management firm NYDIG, community banks, including North Carolina-based First Citizens Bank, and credit unions, including Bay Federal Credit Union in California, will be able to offer their clients cryptocurrency trading through mobile applications built by the payments provider.