Cyber Security

Home News Computing (Image credit: Unsplash / Fly:D) VSCode Marketplace, a repository for Visual Studio Code (VSC) externsions, has poor security defenses, allowing threat actors to abuse it and distribute malicious code among the millions of its users, experts have warned. A report from AquaSec tested the platform and concluded that abusing it to distribute malware (opens in new tab) was ridiculously easy.  Furthermore, the researchers claim they weren’t the first to spot the flaws - some threat actors were already active.  Spoofing important detailsIn a blog post (opens in new tab), AquaSec's team outlined how it tried to upload a typosquatted, malicious version of a popular extension with 27 million downloads.  It realized that the malware ne...

Home News Computing (Image credit: Shutterstock / XanderSt) Just when you thought the various controversies surrounding Twitter were winding down, a hacker claims to be selling the data of 400 million users. The data is said to have been captured in 2021, and was obtained using an API vulnerability that has since been fixed. The threat actor, who calls themself ‘Ryushi’, has advised Elon Musk and Twitter to buy the data for the asking price of $200,000, or face an even larger GDPR fine. Twitter data leak 2022The threat actor, who appears to have joined the Breached hacking forum in December 2022, wrote: “Your best option to avoid paying $276 million USD in GDPR breach fines like facebook did (due to 533m users being scraped) is to buy this data ...

Home News Computing (Image credit: Pixels Hunter/Shutterstock) The US National Security Agency (NSA) is warning that a hacking collective backed by the Chinese state is exploiting a zero-day security flaw in two common Citrix products to gain access to networks. The critical vulnerability, CVE-2022-27518 (opens in new tab), affects the application delivery controller Citrix ADC and remote access tool Citrix Gateway, with both popular in business tech stacks. In an official blog post (opens in new tab), Peter Lefkowitz, chief security and trust officer at Citrix claimed that “limited exploits of this vulnerability have been reported,” but did not elaborate on the number of attacks or the industries involved. Citrix emergency patchDespite its opaque ...

Home News Computing (Image credit: Milan_Jovic) HR and payroll giant Sequoia has said that a data breach exposed critically sensitive information on its users, including salary and benefit information, SSNs and other government-issued IDs, and even COVID-19 data such as vaccination status. In a data breach notice (opens in new tab) to the California attorney general’s office, the company, which has proven popular with SMEs and startups, explained it, “recently became aware that an unauthorized party may have accessed a cloud storage system that contained personal information provided in connection with the Company’s services to its clients, including your employer or, if you are a dependent, your family member’s employer.” Other data that could be at ...

Home News Computing (Image credit: eToro) VIP customers of cryptocurrency exchanges, particularly cryptocurrency investment companies, have become targets of a highly sophisticated phishing attack, Microsoft is warning.  In a recent report (opens in new tab), Microsoft said it observed an unknown threat actor, labeled as DEV-0139, moving into Telegram groups “used to facilitate communication between VIP clients and cryptocurrency exchange platforms”. After identifying potential victims, the group would then approach these users, assuming the identity of a peer - another cryptocurrency investment company - and ask for feedback on the fee structure different cryptocurrency exchange platforms use. One such incident was observed on October 19 2022. Att...

Home News Computing (Image credit: Pixabay) The remainder of the customer data stolen in the Medibank ransomware attack appear to have been published online. REvil, the group behind the attack on the Australian health insurer, posted an update on its blog earlier this week, stating “Happy Cyber Security Day!!! Added folder full. Case closed”, TechCrunch reported.  Since publishing the post, the blog has been unavailable, making it impossible to independently confirm the authenticity of the files that were posted. However, Medibank said the folder hosted six raw data files, zipped to an archive. In total, six gigabytes of data were posted, making this the single biggest Medibank leak so far.  No financial data takenIt said it was analyzing the data ...

Home News Computing (Image credit: Shutterstock) Russian hackers have attacked the website of the European Union’s Parliament and managed to take it offline for several hours. Anonymous Russia, an arm of the pro-Russian hacktivist group Killnet, reportedly launched a Distributed Denial of Service (DDoS (opens in new tab)) attack against the website of the European Parliament. European Parliament President Roberta Metsola confirmed (opens in new tab) the incident on Twitter, adding that its, "IT experts are pushing back against it & protecting our systems." EU Parliament resolution"The availability of Europarl_EN website is currently impacted from outside due to high levels of external network traffic," Dauche was cited saying. "This traffic is rela...

Home News Computing (Image credit: Solen Feyissa/Unsplash) Cybercriminals are hacking Google Looker Studio to place their malicious websites high on the search engine’s results pages, promoting spam, pirated content, and torrents.  The campaign uses a technique known as SEO poisoning. This method uses legitimate website copy and fills it with links leading to these malicious sites. In the eyes of Google’s search engine algorithm, the links give the spam sites enough credibility for the tool to rank them high for specific keywords. This specific attack uses Google’s datastudio.google.com subdomain.  Fake blockbuster movie downloadsBleepingComputer says it found multiple pages of Google search results “flooded with datastudio.google.com links”, after...

Home News Computing (Image credit: Shutterstock / Kanoktuch) A Chinese state-sponsored threat actor known as Mustang Panda is targeting government organizations and researchers around the world with three malware variants hosted on Google Drive, Dropbox, and similar cloud storage (opens in new tab) solutions. Trend Micro researchers recently spotted the new malware campaign, targeting mostly organizations located in Australia, Japan, Taiwan, Myanmar, and the Philippines.  Mustang Panda was initiated in March 2022 and has lasted until at least October. The attackers would create a phishing email, send it to a bogus address, while keeping the actual victim in CC. That way, the researchers assume, the attackers wanted to minimize the chances of being pic...

Home News Computing (Image credit: Shutterstock.com) Cybersecurity researchers from Cisco Talos recently discovered a high-severity vulnerability in Microsoft Office that would allow potential threat actors to remotely execute malicious code on the target endpoint.  Announcing the news in a short blog post published earlier this week, the office software developer said its researcher Marcin 'Icewall’ Noga uncovered a class attribute double-free vulnerability affecting Microsoft Excel. By running a weaponized Excel file, the victim would allow the attacker to execute arbitrary code on their device. The vulnerability is now being tracked as CVE-2022-41106, and other than that, details are scarce.  What we do know is that Microsoft was notified and ha...