Category: News

From theregister.com

Just days after releasing the second – and supposedly more stable and secure – version of its decentralized finance (DeFi) app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million.

The developers behind the Arbitrum-based app were the apparent victims of a flash loan attack and now are scrambling to track down the light-fingered coders and retrieve the lost funds.

The biz acknowledged the May 28 attack and initially offered to let the attackers keep 10 percent of the loot if they returned the other 90 percent. However, after receiving no response, they are now turning to law enforcement to find the culprits and claw back the money.

“Over the past 24 hours, we’ve been working with security experts, bridges and exchanges,” the Jimbos Protocol developers wrote on Twitter. “Thanks to their help, we’ve identified promising leads, and one in particular. We hope the attacker will *voluntarily* cooperate – before they have no choice but to once we pass their info.”

The attack occurred three days after Jimbos Protocol launched the second version (V2) of its software. According to the developers behind it, the protocol – which launched about a month ago – is designed to address issues around volatility and liquidity, with a semi-stable floor price.

Read more…

From helpnetsecurity.com

Organizations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat, according to Veeam.

One in seven organizations will see almost all (>80%) data affected as a result of a ransomware attack – pointing to a significant gap in protection.

Attackers almost always target backups

Veeam found that attackers almost always (93%+) target backups during cyberattacks and are successful in debilitating their victims’ ability to recover in 75% of those events, reinforcing the criticality of immutability and air gapping to ensure backup repositories are protected.

“The report shows that today it’s not about IF your organization will be the target of a cyberattack, but how often. Although security and prevention remain important, it’s critical that every organization focuses on how rapidly they can recover by making their organization more resilient,” said Danny Allan, CTO at Veeam.

Read more…

From securityaffairs.com

A new phishing technique called “file archiver in the browser” can be used by phishers to “emulate” a file archiver software in a web browser when a victim visits a .ZIP domain. The security researcher mr.d0x detailed the new attack technique.

In May 2023, Google launched eight new top-level domains (TLDs) that included .zip and .mov. Security experts are warning of malicious uses of these domains.

Read more…

From en.secnews.gr

Unit 42 , Palo Alto Networks ‘ threat research team , discovered a new malicious campaign targeting IoT devices , using a variant of the well-known mirai botnet (IZ1H9). It is a malware that turns devices running Linux (usually small IoT devices) into bots that can be controlled remotely and used in large-scale attacks .

The variant is called IZ1H9 and was first discovered in August 2018. Since then it has become one of the most active Mirai variants.

Researchers discovered on April 10 a new wave of malicious campaigns, from the same threat actor, using the IZ1H9 variant. This has been happening since at least November 2021.

Read more…

From csoonline.com

A screen recorder app with over 50,000 downloads on Google Play Store was found to be discreetly recording audio using the device’s microphone and stealing files, suggesting it might be part of an espionage campaign, according to researchers at ESET.

iRecorder was a legitimate app made available in September 2021 and a remote access trojan (RAT) AhRat was most likely added to it in 2022. The app is currently unavailable on the app store.

Read more…

From blog.cyble.com

Bl00dy Ransomware Group, after targeting several universities and colleges in the US with PaperCut NG critical vulnerability in April-May 2023, has claimed its first victim in India on May 28, 2023, and demanded a ransom of USD 90,000. Cyble Research & Intelligence Labs (CRIL) elaborately covered the criticality of this vulnerability and exposed worldwide assets in a blog on April 25, 2023.

Details of the Incident

On May 28, 2023, the Bl00dy ransomware group claimed to compromise an India-based institute offering various undergraduate and graduate courses. The group posted multiple screenshots as proof of compromise, demonstrating administrative access to the organization via RDP.

One of the screenshots shared by the group demonstrates PaperCut MF/NG print management software installed on the machine.

Read more…

From securitymagazine.com

A new report reveals that 68% of organizations suffered a cyberattack within the last 12 months.

Netwrix, a cybersecurity vendor, recently announced additional findings for the enterprise sector (organizations with more than 1,000 employees) from its annual global 2023 Hybrid Security Trends Report.

For the report, 1,610 IT professionals from 106 countries were surveyed via an online questionnaire, and results were compared to Netwrix’s Cloud Data Security Reports from 2022, 2020 and 2019 and IT Trends Report from 2020.

According to the survey, 65% of organizations in the enterprise sector suffered a cyberattack within the last 12 months, which is similar to the results among companies of all sizes (68%). The most common security incidents are also the same: phishing, ransomware and user account compromise.

However, larger organizations are a more frequent target for ransomware or other malware attacks: 48% of enterprises experienced this type of security incident on premises, compared to 37% among organizations of all sizes. Malware attacks are less common in the cloud: just 21% of respondents in the enterprise sector experienced one within the last 12 months.

Read more…