Welcome to another Afternoon Dessert breakout:
Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor
A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan
Read more....
Ukraine warns allies of Russian plans to escalate cyberattacks
The Ukrainian military intelligence service warned today that Russia is planning to escalate cyber-attacks targeting the critical infrastructure of Ukraine and its allies. [...]
Read more....
New hacking group ‘Metador’ lurking in ISP networks for months
A previously unknown threat actor that researchers have named 'Metador' has been breaching telecommunications, internet services providers (ISPs), and universities for about two years. [...]
Read more....
Ransomware data theft tool may show a shift in extortion tactics
Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future. [...]
Read more....
Researchers Identify 3 Hacktivist Groups Supporting Russian Interests
At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn
Read more....
Adware on Google Play and Apple Store installed 13 million times
Security researchers have discovered 75 applications on Google Play and another ten on Apple's App Store engaged in ad fraud. Collectively, they add to 13 million installations. [...]
Read more....
NVIDIA GeForce Experience beta fixes Windows 11 22H2 gaming issues
NVIDIA has acknowledged performance issues affecting systems with NVIDIA GPUs after installing the Windows 11 22H2 Update. [...]
Read more....
Hackers use PowerPoint files for 'mouseover' malware delivery
Hackers believed to work for Russia have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script. [...]
Read more....
Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor
A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan
Read more....
Ukraine warns allies of Russian plans to escalate cyberattacks
The Ukrainian military intelligence service warned today that Russia is planning to escalate cyber-attacks targeting the critical infrastructure of Ukraine and its allies. [...]
Read more....
New hacking group ‘Metador’ lurking in ISP networks for months
A previously unknown threat actor that researchers have named 'Metador' has been breaching telecommunications, internet services providers (ISPs), and universities for about two years. [...]
Read more....
Ransomware data theft tool may show a shift in extortion tactics
Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future. [...]
Read more....
Researchers Identify 3 Hacktivist Groups Supporting Russian Interests
At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn
Read more....
Adware on Google Play and Apple Store installed 13 million times
Security researchers have discovered 75 applications on Google Play and another ten on Apple's App Store engaged in ad fraud. Collectively, they add to 13 million installations. [...]
Read more....
NVIDIA GeForce Experience beta fixes Windows 11 22H2 gaming issues
NVIDIA has acknowledged performance issues affecting systems with NVIDIA GPUs after installing the Windows 11 22H2 Update. [...]
Read more....
Hackers use PowerPoint files for 'mouseover' malware delivery
Hackers believed to work for Russia have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script. [...]
Read more....