JuanPara- News

New PoC exploit for PaperCut flaw bypasses all known detections: A critical flaw has been discovered in PaperCut servers that could allow an unauthenticated attacker 🔓 to execute arbitrary code 🤖 with SYSTEM privileges. Although the Australian company has already patched the issue, multiple threat groups, including ransomware actors 💰, have weaponized the vulnerability.

PHP software package repository hijacked: 📦 Packagist, a PHP software package repository, was attacked on May 1, 2023 . An anonymous penetration tester with the pseudonym "neskafe3v1" hijacked over a dozen packages with more than 500 million installs. Multiple Doctrine packages were impacted. Fortunately, the attacker did not make any malicious changes to the packages, but replaced the package description with their own message.

Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints: Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.

Lazarus Group Striking Vulnerable Windows IIS Web Servers: The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.

Feds Take Down 13 More DDoS-for-Hire Services: The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “booter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022: Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

Contis Ransomware Toll on the Healthcare Industry: Conti one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “Ryuk.”

EU hits Meta with record €1.2B privacy fine: U.S. tech giant Meta has been hit with a record €1.2 billion fine for not complying with the EU’s privacy rulebook. The Irish Data Protection Commission announced on Monday that Meta violated the General Data Protection Regulation (GDPR) when it shuttled troves of personal data of European Facebook users to the United States without sufficiently protecting them from Washington's data surveillance practices.

Rogue IT security worker failed to cover his tracks: Bad enough for your company to be held to ransom after a cyber attack.Worse still to then have one of your own employees exploit the attack in an attempt to steal the ransom for themselves.That's the situation gene and cell therapy firm Oxford BioMedica found itself in. On 27 February 2018, the Oxford-based firm discovered that it had suffered a cyber attack after it received a ransom demand from a malicious hacker explaining that they had broken into the company's systems. The company did the right thing - it informed the police, and it assigned its own IT security staff to investigate the attack, find out how it had occurred, and mitigate any damage which had been caused. Oxford BioMedica, however, had no intention of paying the ransom and its staff assisted the police with its investigation - unaware that one of their number was also attempting to defraud the company.

QBot hackers tap WordPad text editor to spread malware: Hackers are distributing the QBot malware by exploiting a WordPad text editor bug, Cryptolaemus reports, one of many methods that the threat group has tried in the past months. WordPad will run any .DLL files that are in its folder, so the hackers are attaching QBot to a file and distributing it with WordPad.

Hackers steal credentials with encrypted email: A new phishing campaign tricks Microsoft 365 users into accessing encrypted email files from compromised accounts, then steals their account credentials. Trustwave warns that identifying these attacks may be difficult due to their targeted nature, low volume and use of legitimate cloud services.