Google patched an actively exploited vulnerability in Chrome browser
The tech giant issued a fix for a critical vulnerability in Chrome browser which is already exploited by hackers. A remote code execution bug (CVE-2022-2294) enabled an attacker to fully compromise a target system.
The bug affects both Android and Windows versions of Google’s browser. The issue was addressed in Chrome 103.0.5060.114 for Windows and Chrome 103 (103.0.5060.71) for Android.
As always, Google haven’t shared any details about this zero-day except the fact that it is exploited by hackers. Any information about the attacks is not available either.
Russian Cozy Bear is using new pentesting tool to evade detection by almost all antiviruses
State-sponsored hacking group has found a novel way to evade detection by using a new pentesting tool called Brute Ratel C4 (BRC4). Thanks to BRC4, the hackers can evade 56 antivirus products.
The researchers suggest that technic used in these attacks closely resembles that of an APT29. This threat actor also known as Cozy Bear is believed to be linked to the Russia’s intelligence services.
Cybercriminals sell data of over a billion Chinese citizens
Hackers claim that they’ve managed to compromise Shanghai Police computer systems and steal a database containing 750,000 records of over a billion Chinese citizens. The Breached.to forum user who goes by moniker ChinaDan posted a message saying that earlier this year, the Shanghai National Police (SHGA) database was leaked.
According to ChinaDan, database contains personal information of Chinese national residents, including names, addresses, birthplaces, national ID numbers, and phone numbers. Furthermore, it contains crime cases details. There are incidents of petty theft, cyber fraud, domestic violence, etc.
Raspberry Robin worm found in networks of hundreds of organizations
Microsoft has warned subscribers of its Microsoft Defender for Endpoint product about a Windows worm in the networks of hundreds of organizations including those in the technology and manufacturing sectors.
Allegedly created in 2019 and first spotted in September 2021, Raspberry Robin worm spreads via infected USB devices in a form of .LNK file. As per Microsoft, the malware was connecting to addresses on the Tor network, but the threat actors haven’t exploited the access to their victims' networks yet.
New ransomware operation RedAlert is getting in the groove
A new ransomware operation called RedAlert (N13V) targets corporate networks and encrypt both Windows and Linux VMWare ESXi servers.
At this point, only one victim is listed on the operation’s data leak website titled "Board of shame". According to the gang’s post, they “have easily hacked corporate network” and syphoned more than 300GB of data, including employee information, social security numbers, driving licenses, financial documents, payrolls, banking statements, etc.
New Checkmate ransomware hunts for QNAP NAS devices
QNAP is advising its customers to secure their devices against attacks using new Checkmate ransomware.
The threat actors target QNAP Internet-exposed NAS with the SMB service enabled and weak passwords that can easily be guessed using brute-force attacks.
Checkmate was first deployed in attacks around May 28, 2022. The ransomware adds a .checkmate extension to encrypted files and drops a ransom note named !CHECKMATE_DECRYPTION_README.
Maui ransomware is targeting healthcare organizations
North Korean state-sponsored hackers encrypt servers responsible for healthcare services using Maui ransomware.
FBI, CISA, and the US Department of the Treasury issued a joint advisory warning about the potential risks.
“Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services. In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods. The initial access vector(s) for these incidents is unknown,” reads the advisory.
Professional hackers attacked SHI International, one of the largest IT services providers in North America
Over the 4th of July holiday weekend, SHI fell a victim of a “coordinated and professional malware attack”. The company took preventative measures, including taking some systems, including SHI’s public websites and email, offline while the attack was investigated and the integrity of those systems was assessed.
Anonymous extortionists hacked Marriott International
Previously unknown cybercriminal gang has breached one of Marriott’s properties and allegedly stole 20GB of files. The hotel giant did confirm the incident but didn’t share any details about it. The hackers used social engineering to trick one of the hotel employees into providing access to his computer. Once the hackers got the acсes to the employee’s computer which, according to Marriott, lasted six hours, they stole internal business files and some credit card information.