The Hacker News Daily Updates

"New Russian-based Gamaredon's spyware variant targeting Ukrainian authorities."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 02 February 2023, 1438 UTC.  Content provided by email subscription to "The Hacker News Daily Updates."

Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGrcPPGNZdBqlprbtTRtltPjjWT (Latest cybersecurity news from "The Hacker News Daily Updates").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates

The 3 Approaches to Breach & Attack Simulation Technologies Demand for the latest and most comprehensive testing solutions continues to grow to counter the ever-increasing wave of cybercrime. Find out what methods organizations are using to meet this demand. Download Now Sponsored

LATEST NEWS Feb 2, 2023

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a track ... Read More

Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down? Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it’s no wonder that cybersecurity is top of mind for leaders across all industries and regions. However, despite growing attention and budgets for cybersecurity in recent years, attacks have only ... Read More

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple in reference to an error message that's used in one of the backdoors. Targets ... Read More

New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf ... Read More

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022. ... Read More

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a ... Read More

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users. "Each enrolled device complies with the policies you set until you wipe or deprovision it," ... Read More

Auditing Kubernetes with Open Source SIEM and XDR Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role ... Read More

The 3 Approaches to Breach & Attack Simulation Technologies Demand for the latest and most comprehensive testing solutions continues to grow to counter the ever-increasing wave of cybercrime. Find out what methods organizations are using to meet this demand. Download Now Sponsored