2022, Hacking, Information Security and Security Intelligence

2022

Hacking

Information Security

Security Intelligence

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. SecurityAffairs – hacking, Log4Shell). trendmrcio[.]com,

Ransomware

Ransomware Hacking Internet Internet

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Security Affairs

MAY 18, 2022

Microsoft warns of a new hacking campaign aimed at MSSQL servers, threat actors are launching brute-forcing attacks against poorly protected instances. pic.twitter.com/Tro0NfMD0j — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022.

Security Intelligence

Security Intelligence Hacking Accountability Malware

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Security Affairs

JULY 1, 2022

Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. — Microsoft Security Intelligence (@MsftSecIntel) June 29, 2022. SecurityAffairs – hacking, 8220).

Security Intelligence

Security Intelligence Malware Hacking Information Security

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022. SecurityAffairs – hacking, Sysrv botnet).

Security Intelligence

Security Intelligence Malware Architecture Backups

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. On December 6, The Akamai Security Intelligence Response Team (SIRT) published the first update to the InfectedSlurs advisory series. and earlier. .

Firmware

Firmware Wireless DDOS IoT

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

In part one of our Black Hat Asia 2022 NOC blog , we discussed building the network with Meraki: . NetWitness PCAP file carving and submission to Cisco Secure Malware Analytics (formerly Threat Grid) for analysis. New Integrations Created at Black Hat Asia 2022. Meraki MR, MS, MX and Systems Manager by Paul Fidler .

Malware

Malware Accountability DNS Technology

Finnish intelligence warns of Russia’s cyberespionage activities

Security Affairs

OCTOBER 3, 2022

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter.

Security Intelligence

Security Intelligence Manufacturing Cyber threats Accountability

Microsoft blocked Polonium attacks against Israeli organizations

Security Affairs

JUNE 3, 2022

Microsoft blocked an attack activity aimed at Israeli organizations attributed to a previously unknown Lebanon-based hacking group tracked as POLONIUM. Microsoft announced to have blocked a series of attacks targeting Israeli organizations that have been conducted by a previously unknown Lebanon-based hacking group tracked as POLONIUM.

Security Intelligence

Security Intelligence Antivirus Hacking Authentication

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port.

DDOS

DDOS Wireless Security Intelligence Authentication

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Security Affairs

AUGUST 7, 2023

In October 2022, the Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warned of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter. reads the unclassified National Security Overview 2022 published last week by the Finnish agency.

Ransomware

Ransomware Government Cyber threats Security Intelligence

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ). ” reads one of the tweets published by the experts. We are in the final!

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. From August 2022, Recorded Future researchers observed a rise in command and control (C2) infrastructure used by Sandworm (tracked by Ukraine’s CERT-UA as UAC-0113). Pierluigi Paganini.

Ransomware

Ransomware Telecommunications DNS Hacking

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

Throughout 2022, both groups targeted sectors included academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists and activists. SEABORGIUM’s campaigns begin with a reconnaissance activity of target individuals, with a focus on identifying their contacts on social networks or the sphere of influence.

Phishing

Phishing Media Hacking Education

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. SecurityAffairs – hacking, NATO).

Phishing

Phishing Accountability Hacking Surveillance

SolarWinds Serv-U bug exploited for Log4j attacks

Security Affairs

JANUARY 19, 2022

We reported our discovery to SolarWinds, and security updates have been released. More info: [link] — Microsoft Security Intelligence (@MsftSecIntel) January 19, 2022. SecurityAffairs – hacking, SolarWinds). The post SolarWinds Serv-U bug exploited for Log4j attacks appeared first on Security Affairs.

Authentication

Authentication Hacking Ransomware Security Intelligence

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

pic.twitter.com/v6sexKgDSg — Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022. SecurityAffairs – hacking, malware). The post IT giants warn of ongoing Chromeloader malware campaigns appeared first on Security Affairs. Microsoft attributes the attack to a threat actor tracked as DEV-0796.

Malware

Malware Adware Ransomware Security Intelligence

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Security Affairs

JANUARY 26, 2022

link] — Kevin Beaumont (@GossiTheDog) January 20, 2022. link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. reads the security advisory published by NHS. . SecurityAffairs – hacking, VMware Horizon). to add a shell. Pierluigi Paganini.

Internet

Internet Internet Ransomware Hacking

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The DSIRF website states the provide services “to multinational corporations in the technology, retail, energy and financial sectors ” and that they have “ a set of highly sophisticated techniques in gathering and analyzing information. Confirm that Microsoft Defender Antivirus is updated to security intelligence update 1.371.503.0

Surveillance

Surveillance Malware Authentication DNS

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Security Affairs

OCTOBER 16, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. SecurityAffairs – hacking, DEV-0960). The post Mysterious Prestige ransomware targets organizations in Ukraine and Poland appeared first on Security Affairs. ” concludes the report.

Ransomware

Ransomware Encryption Backups Security Intelligence

Cyber Security Informer

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Webinars

Trending Sources

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Webinars

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Finnish intelligence warns of Russia’s cyberespionage activities

Microsoft blocked Polonium attacks against Israeli organizations

New InfectedSlurs Mirai-based botnet exploits two zero-days

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Updated Kmsdx botnet targets IoT devices

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

SolarWinds Serv-U bug exploited for Log4j attacks

IT giants warn of ongoing Chromeloader malware campaigns

VMware urges customers to patch VMware Horizon servers against Log4j attacks

European firm DSIRF behind the attacks with Subzero surveillance malware

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Stay Connected