InfoSecBulletin Cybersecurity for mankind
The ever-increasing influence of Chinese threat actors in the cyber landscape is causing significant concern. As per the latest revelations, a Chinese state-linked group successfully stole data from a U.S. federal agency and targeted several European nations too. Today, we also have a Delaware county facing temporary outages due to a cyberattack from a few days back. In other news, with all these scams going around, you might think that there are lots of scammers associated with the business. However, that’s not the case. To know more about this and other highlights, read along.
The CISA and FBI issued a warning together that the Storm-0558 threat group, which is associated with China, accessed and stole unclassified Exchange Online Outlook data from an undisclosed U.S. source FCEB agency.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
Kent County in Delaware is experiencing a cyberattack that has disrupted municipal services, leading to a temporary offline status of internet-based services and phone numbers.
ALSO READ:
The Cl0p ransomware group put the data of 62 clients of Ernst & Young, including Air Canada and United Parcel Service Canada Ltd., on their leak sites. The group had exploited the MOVEit vulnerability and leaked 3TB of information belonging to the accounting firm.
Ransomware attacks have seen a significant increase in 2023, with cybercriminals extorting nearly $175.8 million more than the previous year, revealed Chainalysis.
Barracuda Networks and Columbia University studied 300,000 extortion emails and discovered that fewer than 100 scammers worldwide are behind them.
USB-delivered malware campaigns have seen a threefold increase in malware attacks in the first half of 2023, with two notable campaigns delivering Sogu and Snowydrive malware to various industries worldwide – reported Mandiant.
The hacker group Nobelium, supported by the Russian government, used fake BMW car listings to deceive Ukrainian diplomats into clicking on harmful links that install malware. The campaign has targeted at least 22 of the 80 foreign missions in Kyiv.
ZooTampa, a popular U.S. zoo, experienced a cyberattack resulting in the theft of employee and vendor information, with an affiliate of the Royal ransomware gang claiming responsibility.
Vietnamese threat actors are actively targeting Facebook business accounts using fake Ads Manager software and malicious Chrome extensions, resulting in over 800 victims worldwide losing more than $180,000 in compromised ad budgets.
In a recent finding, FortiGuard Labs uncovered a malicious operation that capitalizes on a pair of well-known vulnerabilities, including Follina, to implant the perilous LokiBot trojan on targeted devices. The campaign first came to light in May.
