Cybersecurity firms warn of 3CX desktop app supply chain attack - @serghei
bleepingcomputer.com/news/security/… @serghei While CrowdStrike suspects a North Korean state-backed hacking group it tracks as Labyrinth Collima is behind this attack, Sophos researchers said they "cannot verify this attribution with high confidence."

New ESXiArgs ransomware version prevents VMware ESXi recovery - @LawrenceAbrams
bleepingcomputer.com/news/security/… A new version of ESXiArgs ransomware attacks was seen today, with changes to the encryption process that are preventing existing VMware ESXi recovery methods from working.

Ransomware gang uses new Microsoft Exchange exploit to breach servers - @serghei
bleepingcomputer.com/news/security/… The Play ransomware operation is using a new PoC exploit for a relatively new exploit chain patched in November.

This new exploit chain appears to be using the CVE-2022-41082 (also used by ProxyNotShell) and CVE-2022-41080 vulnerabilities.
msrc.microsoft.com/update-guide/e…

5.4 million Twitter users' stolen data leaked online — more shared privately - @LawrenceAbrams
bleepingcomputer.com/news/security/… This data was stolen in December 2021 using a flaw in a Twitter API.

This flaw allowed users to feed email addresses and phone numbers into an API and retrieve associated Twitter IDs.

This ID was used to scrape public information associated with the number and email address.

Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen - @serghei
bleepingcomputer.com/news/security/… Last week, the threat actors sent BleepingComputer a directory listing of allegedly stolen files.

This listing consists of mostly NDAs, business agreements, data dumps, and schematics.

A redacted NDA was also shared as a "hint," or proof-of-breach, of who they attacked.

Fake Windows exploits targets infosec community with Cobalt Strike - @LawrenceAbrams
bleepingcomputer.com/news/security/… Last week, a threat actor published alleged PoC exploits for the Windows CVE-2022-24500 and CVE-2022-26809 vulnerability on GitHub.

These respositories are now down, but an archived GitHub page can be seen below.

Elon Musk deep fakes promote new cryptocurrency scam - @LawrenceAbrams
bleepingcomputer.com/news/security/… Starting this month, threat actors began hacking YouTube channels to promote a fake crypto trading site called BitVex.

To promote the platform, deep fakes of Elon Musk, Cathie Wood, Brad Garlinghouse, Michael Saylor, and Charles Hoskinson were posted as YouTube videos or Shorts.

BPFdoor: Stealthy Linux malware bypasses firewalls for remote access - @Ionut_Ilascu
bleepingcomputer.com/news/security/… @Ionut_Ilascu The malware has been used in attacks for years but it kept such a low profile that it became known only recently.

A report from PwC notes that BFPdoor was used by Red Menshen in attacks against telcos, govs, edu, logistics orgs.

Critical F5 BIG-IP vulnerability targeted by destructive attacks - @LawrenceAbrams
bleepingcomputer.com/news/security/… Threat actors are now exploiting the F5 BIG-IP CVE-2022-1388 vulnerability to erase devices' file systems, essentially bricking them so they cannot be used.

This was first discovered by @sans_isc who saw the exploit executing 'rm -rf /*' on devices.

https://twitter.com/sans_isc/status/1523741896707043328

Microsoft fixes new NTLM relay zero-day in all Windows versions - @serghei
bleepingcomputer.com/news/microsoft… This new NTLM Relay attack is possible by making an unauthenticated request to LSARPC that forces a device, including domain controllers, to perform NTLM authentication against a threat actor's servers.

Hackers exploiting critical F5 BIG-IP flaw to drop backdoors - @Ionut_Ilascu
bleepingcomputer.com/news/security/… @Ionut_Ilascu Less than a week after F5 patched the critical CVE-2022-1388 bug in BIG-IP products, exploits emerged publicly and hackers started to scan and breach networks.

The flaw is now exploited by remote attackers on systems exposed on the web to install backdoors for later access.

Hackers use Conti's leaked ransomware to attack Russian companies - @LawrenceAbrams
bleepingcomputer.com/news/security/… When the source code for the Conti ransomware encryptor was leaked, it was only a matter of time until it was adapted by another group to be used in their own attacks.
bleepingcomputer.com/news/security/…

Snap-on discloses data breach claimed by Conti ransomware gang - @LawrenceAbrams
bleepingcomputer.com/news/security/… Snap-on, a leading tool manufacturer and services provider for the transportion industry, disclosed yesterday that they suffered a data breach exposing the personal information of their employees.

Microsoft tests new cloud-based Microsoft Defender for home users - @serghei
bleepingcomputer.com/news/microsoft… Microsoft is testing the new Microsoft Defender Preview for home users that offers a cloud-based dashboard to monitor up to 5 devices, including the main computer.

The new service support Windows 10, Windows 11, iOS, and Android. Macs are coming later.
microsoft.com/en-us/microsof…

Twitter launches Tor website to tackle Russian censorship - @LawrenceAbrams
bleepingcomputer.com/news/technolog… Today, with the assistance of @AlecMuffett, Twitter is now accessible over Tor at …zg5vztmjuricljdp2c5kshju4avyoid.onion.

Samsung confirms hackers stole Galaxy devices source code - @Ionut_Ilascu
bleepingcomputer.com/news/security/… @Ionut_Ilascu Samsung said that hackers had access to "certain internal company data," which included "source code relating to the operation of Galaxy devices."

Personal information of employees or consumers was not compromised, the company added.

Rompetrol gas station network hit by Hive ransomware - @Ax_Sharma
bleepingcomputer.com/news/security/… @Ax_Sharma Rompetrol is one of the largest gas station chains in Romania and the operator of Petromidia Navodari, Romania's largest oil refinery.

Rompetrol gas stations are still open and operating normally. Operations at the Petromidia refinery were not affected by the attack.

Ransomware gangs, hackers pick sides over Russia invading Ukraine - @Ionut_Ilascu
bleepingcomputer.com/news/security/… @Ionut_Ilascu As the Russian aggression continues in Ukraine, hackers are now picking sides

Two ransomware gangs, Conti and CoomingProject, stated that they would retaliate if Russia becomes the target of cyberattacks

Meet HermeticWiper targeting Ukraine networks More info about HermeticWiper, the related ransomware decoy, and DDoS attacks targeting Ukraine over the last two days can be found in these stories/threads.

https://twitter.com/BleepinComputer/status/1496613839160422404

Ransomware used as decoy in data-wiping attacks on Ukraine - @serghei
bleepingcomputer.com/news/security/… The decoy ransomware used in Ukraine data-wiping cyberattacks has some interesting political comments in both the ransom notes and the GoLang project/function names.

New data-wiping malware used in destructive attacks on Ukraine - @LawrenceAbrams
bleepingcomputer.com/news/security/… Today, cybersecurity firms ESET and Symantec have warned that new destructive data wiping attacks targeted Ukrainian networks.