US Military families targeted by Phishing Cyber Attacks

From cybersecurity-insiders.com

Some military personnel and their families(say about 23) in United States are being constantly targeted by phishing campaigns launched by a notorious online criminal gang from Nigeria that is habituated to ignore the Digital Millennium Copyrights Act and such.

Reports are now in that they have gained monetary benefits from the attacks to a certain extent.

Threat Researchers from LookOut where the first to discover these cyber incidents and warned the military personnel and agencies to improve their cybersecurity posture and follow a better cyber hygiene to avoid falling prey to phishing attacks.

Read more…

New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers

From thehackernews.com

E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions.

“This novel code injects itself into a host Nginx application and is nearly invisible,” Sansec Threat Research team said in a new report. “The parasite is used to steal data from eCommerce servers, also known as ‘server-side Magecart.'”

Read more…

Widespread Threats Target Automotive Companies

From securityboulevard.com

automotive risks Transportation and Security Software Glitches

The technology footprint of today’s automobiles surpasses that of our laptops and other devices: The typical personal computer operating system runs on 20 million to 50 million lines of code. But each car requires an estimated 100 million lines of code to support the more than 125 electronic control units (ECUs) in every vehicle, and that number is expected to need to rise to 500 million in the near future. By 2025, 470 million connected vehicles driven worldwide will each produce 25 gigabytes of data per hour.

Read more…

Watch out for Omicron COVID-19-themed phishing messages!

From securityaffairs.co

Crooks have already started exploiting the interest in the Omicron COVID-19 variant and are using it as a lure in phishing attacks.

People are interested in the spreading of the new variant, the efficiency of the vaccines and the measures that will adopt the states to prevent its spreading, and threat actors are attempting to take advantage of this situation.

An Omicron COVID-19 campaign was spotted by UK authorities and the National Health Service (NHS) is warning about the Omicron COVID-19-themed phishing attacks.

Read more…

What is Lukchit.com ads?

From 2-spyware.com

Lukchit.com ads

Lukchit.com ads can appear out of nowhere and mainly show related content, but redirects and push notifications cause users to call the program a potentially unwanted app. Pop-ups, banners, redirects to other sites and commercial material delivery are the main symptoms of this intruder, but there are additional issues caused by the PUP. Once the program finds its way on the computer, it can cause speed issues and diminish the performance significantly due to the constant redirects, pop-ups, advertisements, and similar content related to online browsing.

Read more…

SMS firewall revenue to reach $4.1 billion in 2026

From helpnetsecurity.com

SMS firewall revenue 2026

Total SMS firewall revenue will increase from $911 million in 2021 to $4.1 billion in 2026; representing an absolute growth of 346%, a Juniper Research study has found.

SMS firewalls are third-party solutions that sit within operator networks; enabling the real-time monitoring of network traffic, enhancing operator capabilities to block fraudulent traffic and minimise revenue loss.

Read more…

Mozilla properly fuzzed NSS and still ended up with a simple memory corruption hole

From zdnet.com

Mozilla logo

When it comes to fuzzing, Mozilla has plenty of cred, and has been doing so for some time, and yet, its prized Network Security Services (NSS) library was busted by Google Project Zero’s Tavis Ormandy quite easily.

In a blog post well worth your time, entitled This shouldn’t have happened, Ormandy found that if NSS was made to create an ASN.1 signature bigger than the maximum 16384 bits it expected, overwriting of memory would occur.

“What happens if you just … make a signature that’s bigger than that? Well, it turns out the answer is memory corruption. Yes, really,” Ormandy wrote.

“The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data. The bug is simple to reproduce and affects multiple algorithms.”

Read more…