Cyber Bites

Moobot botnet is leveraging a known remote code execution (RCE) vulnerability in Hikvision products (CVE-2021-36260) to spread a Moobot, which carries out distributed denial of service (DDoS) attacks. The attack surface could be significant: China-based Hikvision touted itself as the “world’s leading video-surveillance products supplier” on the company site.   Although a patch was released in September, any still-vulnerable Hikvision IP Network Video Recorder (NVR) products are being actively targeted by the Mirai-based botnet known as Moobot.   Source:...

A new phishing attack, discovered by Proofpoint, is using the Omicron variant of COVID-19 to steal students' credentials and gain access to accounts. The threat-actors targeting US universities are leveraging the concern around the new virus strain to trick students into opening attachments that lead students to spoofed university login portals. This isn't an entirely new tactic, as attackers have been using the virus as an attack vector since the pandemic began. Threat-actors are using...

Earlier this week, Nordic Choice Hotels announced an attack on its IT systems, which they believed to be a “computer virus”. However it has since been revealed that it was the target of Conti ransomware, leading to hotel guests being locked out of their rooms. As IoT becomes more connected the threat of home and corporate security systems being targeted will only increase. Commenting on this story was Javvad Malik lead security awareness advocate at KnowBe4:...

Microsoft has seized a number of malicious sites which were targeting organisations based in 29  countries worldwide. The sites were used by the Nickle hacking group. Nickle is a China-based group also tracked as Playful Dragon, Royal APT, APT15, KE3CHANG and Vixen Panda. The group compromised serves belonging to diplomatic entities, government organisations and NGOs based in 29 countries, but mainly organizations from Latin America and Europe. Microsoft's Digital Crimes Unit (DCU) spotted the group...

Fraudsters use bots to monitor Tweets requesting support to MetaMask, TrustWallet, and other crypto wallets to respond with scams within seconds, BleepingComputer reports. To launch these targeted attacks, scammers monitor all public Tweets fro specific keywords and phrases, such as "support", "assistance" and "help", paired with "MetaMask", "Phantom", "Yoro" and "TrustWallet". Twitter bots are used to respond to these Tweets automatically, posing as a fake customer service representative offering a malicious link that steals the...

Earlier this week, Nordic Choice Hotels announced an attack on its IT systems, which they believed to be a "computer virus". It has now been confirmed that they were, in fact, hit by Conti ransomware, which has affected the hotel's guest reservation and room key card systems. Fortunately, there is no indications that passwords or payment information was affected or accessed, however guest booking information was potentially leaked. As a result of the attack, hotel...

Some of the world’s largest companies have exposed large amounts of sensitive information from the cloud, researchers said – thanks to misconfigured Kafdrop services. Kafdrop is the management interface for Apache Kafka, an open-source, cloud-native platform for managing data streams. Kafka has several common use cases; for instance, in the finance sector it’s often used for real-time data processing in order to catch and block fraudulent transactions as they occur. It the internet of things...

A phishing email suggesting that people can order a PCR test specific to the new Omicron COVID-19 variant has been found doing the rounds in the UK. It purports to be from the NHS and directs unsuspecting victims to a website that asks for their full name, DOB, home address, mobile number and email. It also asks for a small payment of £1.24 to cover the delivery and test result costs.   Alarmingly, it also...

The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors, an alert posted last Thursday by the agency stated. "Cuba ransomware is distributed through Hancitor malware, a loader known for dropping or executing stealers, such as Remote Access Trojans (RATs) and other types of ransomware, onto victims’...

BitMart, a trusted cryptocurrency trading platform has been the latest to suffer a breach, resulting in the loss of approximately $150 million. The hack was confirmed on Saturday, when BitMart confirmed in a statement that hackers had withdrawn a large amount in assets. The company added that withdrawals had been temporarily suspended and that a security review was underway. The hackers stole more than 20 tokens, including binance coin, safemoon, and shiba inu. It is...