May 7, 2022

NIST Updates Guidance for Defending Against Supply-chain Attacks The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks. Since 2020, NIST has released two draft documents on how the enterprise can better defend itself from supply-chain attacks. Today, in response to Executive Read more…

FTC to Force ISP to Deploy Fiber for 60K Users to Match Speed Claims The Federal Trade Commission (FTC) today proposed an order requiring Connecticut-based internet service provider Frontier Communications to stop “lying” to its customers and support its high-speed internet claims. According to the proposed order filed today in Read more…

New NetDooka Malware Spreads via Poisoned Search Results A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device. This previously undocumented malware fram The first samples of NetDooka were discovered by Read more…

Tor Project Upgrades Network Speed Performance with New System The Tor Project has published details about a newly introduced system called Congestion Control that promises to eliminate speed limits on the network. This new system is up and running in the Tor protocol version 0.4.7.7, the latest stable release available Read more…

Heroku Admits that Customer Credentials were Stolen in Cyberattack Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers’ hashed and salted passwords from Read more…

F5 Warns of Critical BIG-IP RCE Bug Allowing Device Takeover F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. The vulnerability is tracked as CVE-2022-1388 and has a Read more…

Cisco Fixes NFVIS Bugs that Help Gain Root and Hijack Hosts Cisco has addressed several security flaws found in the Enterprise NFV Infrastructure Software (NFVIS), a solution that helps virtualize network services for easier management of virtual network functions (VNFs). Two of them, rated critical and high severity, can be exploited by Read more…

Pixiv, DeviantArt Artists Hit by NFT Job Offers Pushing Malware Users on Pixiv, DeviantArt, and other creator-oriented online platforms report receiving multiple messages from people claiming to be from the “Cyberpunk Ape Executives” NFT project, with the main goal to infect artists’ devices with information-stealing malware. “Cyberpunk Ape Executives” is Read more…

Attackers Hijack UK NHS Email Accounts to Steal Microsoft Logins For about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. Attackers started using legitimate NHS email Read more…