National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware.

It’s one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it’s an entirely different matter when they are used as “hackers for hire” by competing private companies to make away with confidential information.

The Lemon_Duck cryptomining malware has been updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances.

North Korean hackers tracked as BeagleBoyz have been using malicious remote access tools as part of ongoing attacks to steal millions from international banks according to a joint advisory issued today by several U.S. Government agencies.

North Korean hackers tracked as the Lazarus Group have been observed while using LinkedIn lures in an ongoing spear-phishing campaign targeting the cryptocurrency vertical in the United States, the United Kingdom, Germany, Singapore, the Netherlands, Japan, and other countries.

Google addressed a use-after-free bug in the WebGL (Web Graphics Library) component of the Google Chrome web browser that could lead to arbitrary code execution in the context of the browser’s process following successful exploitation.

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.

Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity.

Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company’s Flaticon website.