Cyber Bites

More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses. Several U.S. universities have been targeted in a widespread spear-phishing attack that uses adult dating as a lure. In reality, the emails spread the Hupigon remote access trojan (RAT), known to be leveraged by state-sponsored threat actors. Researchers from Proofpoint warned that the ongoing spear-phishing...

Hackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts. The campaign has been going since the start of the month, and it's still underway. The vulnerability is a cross-site scripting (XSS) bug in OneTone, a popular but now deprecated WordPress theme developed by Magee WP, available in both free and paid versions. Source

U.S. pharmaceutical giant ExecuPharm has become the latest victim of data-stealing ransomware. ExecuPharm said in a letter to the Vermont attorney general’s office that it was hit by a ransomware attack on March 13, and warned that Social Security numbers, financial information, driver licenses, passport numbers and other sensitive data may have been accessed. But TechCrunch has now learned that the ransomware group behind the attack has published the data stolen from the company’s servers....

The Israeli government says that hackers have targeted its water supply and treatment facilities last week. In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can't be changed, the agency recommended taking systems offline until proper security systems can be put in place. The INCD alert, issued on April 23,...

Hackers accessed the University of Warwick's administrative network last year in an attack which has been kept secret from the affected individuals and organisations, Sky News has learnt. The security incident occurred when a staff member installed remote-viewing software enabling hackers to steal sensitive personal information on students, staff and even volunteers taking part in research studies. Because cyber security protections at the university were so poor, as per the findings of an internal report...

The World Health Organization (WHO) said the recent leak of 450 active WHO email addresses and passwords along with credentials of thousands working on the response to the coronavirus pandemic didn’t put the organization’s systems at risk. Explaining that its systems were largely spared because “the data was not recent,” WHO said in a release that “the attack did impact an older extranet system, used by current and retired staff as well as partners.” Credentials...

Mozilla is raising payouts for the highest impact security flaws found in Firefox and related projects as part of a bug bounty revamp guided by its “more hardened security stance”. In an effort to make the policy “more friendly”, the open source browser developer has also clarified payout criteria, and abandoned a “first reporter wins” approach to payouts in favor of sharing the spoils among duplicate reporters. The non-profit said it would also continue publishing...

After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked. Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system. Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were logging into victims’ accounts and abusing the payment cards connected to the accounts to buy...

Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, Twitter posts or messages within various apps containing them. Apple devices are vulnerable to a “text bomb” attack where simply looking at messages or posts containing characters in the Sindhi language can crash devices. Sindhi is an official language used in Pakistan. The bug affects iPhone, iPad, Macs and Apple Watches, and arises from macOS and iOS failing to properly render...

Cyber-security firm Sophos has published an emergency security update on Saturday to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers. Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The customer reported seeing "a suspicious field value visible in the management interface." After investigating the report, Sophos determined this was...