New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices
Most devices infected by Chaos malware are located in Europe, particularly Italy but infections were also observed in Asia Pacific, South America, and North America.
‘Important Notification’ Phishing Scam Targeting American Express Customers
In this phishing scam, the email is designed to appear as an authentic American Express notification. The email subject reads: “Important Notification About Your Account.”
Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers
The latest attack against Exchange servers utilizes at least two new flaws (CVE-2022-41040, CVE-2022-41082) that have been assigned CVSS scores of 6.3 and 8.8.
Fancy Bear Hackers Distributing Graphite Malware using PowerPoint Files
APT28 or Fancy Bear is linked with the Russian military intelligence unit called GRU.
UK Teen Arrested Amid Uber and GTA 6 Hacking Saga
The teen was arrested from Oxfordshire and is still in police custody but his involvement in Uber and GTA hacks is unconfirmed.
Data of millions of users exposed in Australia’s 2nd-largest telecom firm breach
Optus has denied any inside job or human error as the cause of the hack.
New Spam Attack Abusing OAuth Apps to Target Microsoft Exchange Servers
According to Microsoft 365 Defender Research Team, in an incident they analyzed, malicious OAuth applications were deployed on compromised cloud tenants, and eventually, attackers took over Exchange servers to carry out spam campaigns.
Fake Banking Rewards Apps Install Info-stealing RAT on Android Phones
The malware campaign is ongoing and one of its targets was ICICI bank in India.
Crypto Market Maker Wintermute Hacked, $160 Million Stolen
According to Certik blockchain cybersecurity firm, a vulnerable private key generated by the Profanity vanity address generator is responsible for this attack.
Critical Vulnerabilities Found in Devices That Provide WiFi on Airplanes
The Flexlan FXA3000 and FXA2000 series LAN devices made by the Japan-based firm contain two critical vulnerabilities tracked as CVE–2022–36158 and CVE–2022–36159.