Darkworldhacker Daily Cybersecurity Roundup, March 09, 2022
Updated: Jul 16, 2022
Believe it or not, a cattle-counting app led Beijing cyberspies to break into the infrastructures of six U.S. state governments. In other news, hackers leveraged the products of a U.S.-based telecom firm to launch destructive DDoS attacks. Meanwhile, a new malware has been reported that wipes off data from systems belonging to Russian targets. With this, join in for the top headlines from the last 24 hours.
Mandiant claimed to have spotted Chinese APT41 targeting government networks in at least six U.S states by exploiting a vulnerability in an app called USAHerds and the Log4Shell flaw.
Researchers from a number of organizations confirmed that attackers have been exploiting Mitel enterprise collaboration products to amplify DDoS attacks by 4 billion times from a single packet.
Binarly reported 16 critical zero-days in UEFI firmware impacting millions of HP enterprise devices, including desktops, laptops, edge computing nodes, and POS systems.
Some Intel and ARM processors are impacted by a new attack called Spectre-BHI. It can lead to the leak of sensitive data from the privileged kernel memory space.
Trend Micro laid bare a new malware threat, dubbed RURansom, targeting Russian entities. It is not ransomware but a wiper essentially because it can’t reverse the encryption.
CERT-UA uncovered a cyberattack campaign targeting Ukrainian government agencies with MicroBackdoor malware. According to experts, the backdoor and loader were created in January.
The Pentagon has announced plans to launch the Cybersecurity Maturity Model Certification 2.0 program to promote compliance while easing regulations for contractors and sub-contractors.
A study revealed that European businesses spent nearly $7.7 billion on fraud detection and prevention in 2021, which is three times the actual value lost in frauds in that year.
Alphabet acquired Mandiant in an all-cash transaction worth approximately $5.4 billion. Upon the close of the acquisition, Mandiant will join Google Cloud.
Quantum cybersecurity solution provider QuintessenceLabs raised additional capital in its latest round led by Chevron Technology Ventures. The round follows the previous $25 million funding by Main Sequence Ventures and Telus Ventures.