Holiday seasons become more popular among cybercriminals Happy Black Friday shopping! while everyone shops like a pro and make the best use of the season offers. Scammers have added a new twist to gift card scams that ultimately result in the download of dangerous malware. Malicious fake gift cards are distributed via malicious websites that pretend to offer gift cards for brands such as Amazon, Roblox, Google, and PS. Unfortunately, it's not the end up scammers also will emptying your cryptocurrency wallets.
After the success of Iranian hacking groups in cybercrime, the world is no surprise. Researchers have disclosed a new Iran-Based malicious threat actor has been actively targeting an MSHTML RCE flaw to spy on Farsi speakers. For online shoppers, the FBI has released an advisory that details bran impersonation attacks can be delivered via spam, phishing email, text messages, and mobiles apps.
Top Breaches Reported in the Last 7 days
Swire Pacific Offshore attacked
The Cl0p ransomware gang is believed to be behind an attack on Swire Pacific Offshore (SPO). The company claims that personal and classified proprietary information might have been exposed in the incident.
Pfizer reveals data breach incident
Pharmaceutical giant Pfizer alleges that an employee stole COVID 19 vaccine secrets that contain more than 12, 000 confidential files related to the COVID-9 vaccine. The stolen files also included info on the development of new drugs.
True Health suffers a cyberattack
New Mexico-based True Health has disclosed more than 62,000 US citizens have compromised personal information. The hacking incident occurred after the hacker gained unauthorized access to the organization's IT systems in October.
Cronin Data Hacked
Now a day cybercriminals targeting digital Marketing Agencies. The Cronin agency suffered a major data lead due to an unprotected database. The dataBase contained approx 92 million records that included Google analytics data, session ID, Client ID, and other identifying information of users. Usernames, email addresses, and hashed passwords of Cronin employees were also part of the exposed data.
North Korean hackers target Samsung
North Korean cybercriminal hackers posted as Samsung recruiters in a bid to target employees at south Korean security companies that offer anti-malware solutions. The hacker made fake job offers that were sent over phishing emails. The main purpose of the phishing attack was to install a backdoor trojan on the victim's computer.
Top Malware Reported in the Last 7 days
A New Linux Malware Cybersecurity found a new remote access trojan RAT for Linux. The malware employs a never-before-seen obfuscation technique, that involves hiding in the Linux task scheduling system (cron) on February 31st, to avoid detection. As per researchers the malware basically used to inject payment skimmers in server-side magecart data theft to bypass browser-based security solutions.
Top Vulnerabilities Reported Last 7 days
Windows faulty patch
Cybercriminals are targetting Microsoft windows installer flaws, say security researchers. Hackers have started creating malware in a bid to bypass the patch meant for a privilege escalation flaw (CVE-2021-41379). The new loophole can allow attackers to gain administrator-level privileges. It affects every version of Windows systems, including fully patched Windows 11 and Server 2022.
Flawed plugin patched
One of the most popular WordPress security plugins Hide My WP addresses SQL, deactivations flaws Hide My WP contained a serious SQL injection vulnerability and security flaw that enabled unauthorized attackers to deactivate the software.