Russian authorities say members of REvil hack group arrested at US request

The Federal Security Service of the Russian Federation reported that members of the cybercriminal hack group REvil were arrested at the request of the United States. message says that, together with the Investigation Department of the Ministry of Internal Affairs, searches were carried out at 25 addresses in Moscow, St. Petersburg, Leningrad and Lipetsk regions. Law enforcement officers became interested in 14 people associated with the REvil hack group. As a result of the searches, funds were seized: over 426,000,000 rubles, including in cryptocurrency, 600,000 US dollars, 500,000 euros, as...

Apple Fixes Vulnerability in HomeKit that Allowed DoS Attacks on iPhones and iPads

Apple has fixed the vulnerability in HomeKit by releasing updates for iOS and iPadOS that addresses the Denial of Service (DoS) issue. The bug affects the infrastructure of the HomeKit smart home framework. is Apple’s eponymous protocol and platform that allows iOS and iPadOS users to discover and control smart home appliances on their network. The vulnerability is called doorLock and has the identifier CVE-2022-22588. As Apple explains, the bug is related to a “resource exhaustion problem” that can manifest itself when processing a maliciously crafted device name (a string...

Palo Alto Networks Warns of Massive Web Skimmer Attacks

Researchers from cybersecurity company Palo Alto Networks warn that cyberattacks are launched on the supply chain of software to hack sites with high traffic. real estate websites, cybercriminals place a malicious script (skimmer) that steals data entered by visitors. In cyberattacks on supply chains, cybercriminals use cloud-based video hosting. Experts at Unit 42, a research arm of Palo Alto Networks, reported in a blog post that attackers are injecting malicious JavaScript code into videos. Then, when the video is imported to other sites, the skimmer codes are embedded in those sites...

Elephant Beetle Steals Millions of Dollars from Organizations Around the World

The financially profitable cybercriminal group Elephant Beetle is stealing millions of dollars from organizations around the world using more than 80 unique tools and scripts. group is distinguished by high technical skills and great patience – it carefully studies the attacked environment and the victim’s financial transactions for several months and only then proceeds to exploit vulnerabilities. According to information security company Sygnia, cybercriminals introduce fraudulent transactions into the network and steal small amounts over a long period of time. As a result, they...

Skype captcha stops the users from creating accounts

New Skype users face a mad captcha stopping them from finishing their registration. It appears, again and again, each time when you try to log in for the first time with your Microsoft account. The corporation does not comment if it is a bug or a feature that is designed to decrease the flow of the fake account. Skype captcha problem: what is going on?How to solve Skype captcha?Why did this bug appear?What is captcha? Skype captcha problem: what is going on? On Monday, 01/04, a lot of messages about the Skype captcha madness appeared. This thing is pretty familiar for old users of this...

22% of outdated domains are dangerous or contain malware

The number of inactive malicious domains is growing, and 22.3% of outdated domains may be dangerous or contain malware. These conclusions were drawn by experts from Palo Alto Networks, who in September monitored tens of thousands of domains every day. say they got the idea for this research after the attack on SolarWinds, when it was revealed that attackers relied on domains registered several years before the actual start of malicious activity. The rationale behind this proactive domain registration is to create a “clean record” that will prevent security systems from undermining the success...

AvosLocker ransomware gave up the decryptor

AvosLocker ransomware, a rising star on the ransomware market, conducted another attack at the edge of 2022. However, they soon discovered that their target is one of the US police depts. After such news, they quickly gave up the decryptor and vanished. AvosLocker ransomware – the newbieAvosLocker operators gave up the decryptorThe characteristics of one of the AvosLocker samplesWhat is ransomware? AvosLocker ransomware – the newbie The first mentions of AvosLocker ransomware group appeared in July, 2021. Almost immediately after their first attacks, cybersecurity experts...

Old bug in Azure leaked client source code

Microsoft has notified a small group of customers that they were affected by an old Azure bug that has been in the code since 2017 but was only recently discovered. Due to a bug, the source code was leaked from the repositories and was available to outsiders. vulnerability was discovered back in September by the information security company Wiz, which deals with cloud security. The hotfix was released in November, and Microsoft has spent the last weeks figuring out exactly how many customers were affected by the bug. The vulnerability is dubbed NotLegit and is related to Azure App Service, an...