cyberattack Archives

Tech Optimizer

July 7, 2025

Atlassian moved 4 million Postgres databases to AWS Aurora

Atlassian has migrated its database infrastructure to Amazon Web Services’ Aurora, transferring four million Postgres databases that support Jira implementations. The migration involved approximately 3,000 PostgreSQL servers across 13 AWS regions. The move aims to reduce costs, enhance reliability, and improve performance, upgrading the service level agreement from 99.95% uptime on RDS to 99.99% on Aurora. Samsung has postponed the completion of its chip manufacturing plant in Texas due to difficulties in securing customers. Infosys has advised its employees against exceeding nine hours and 15 minutes of work daily to combat burnout. Qantas has acknowledged a cyberattack affecting six million customers and will provide details on the incident's impact. Xerox has acquired Lexmark from Ninestar Corporation for .5 billion. India and Australia are collaborating on a research initiative to improve tracking of submarines and underwater vehicles. JPMorgan Chase has requested to terminate its custom top-level domains, ".CHASE" and ".JPMORGAN." China’s National Space Administration has released images of Earth and the Moon taken by its Tianwen 2 probe.

TrendTechie

June 27, 2025

В Греции администратора торрент-трекера приговорили к пяти годам тюрьмы

The Piraeus Court of Appeals has upheld a five-year prison sentence for a 59-year-old Greek man who operated the torrent tracker P2PLanet from 2011 to 2014, along with a €10,000 fine. The platform had over 44,000 users and 14,000 torrent files available before it ceased operations in 2014 after a cyberattack and the administrator's arrest. The Greek cybercrime unit raided the suspect's residence in 2014, seizing a computer hard drive. The domain name p2planet.net has been inactive for a decade. Legal actions against torrent site operators in Greece are rare, indicating a potential shift towards stricter enforcement of copyright laws. In 2019, a Greek court sentenced another individual to five years in prison for managing multiple pirate sites. Global trends show a decline in piracy, with visits to illegal sites projected to drop from 229 billion in 2023 to 216 billion in 2024.

Winsage

June 11, 2025

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

On June 2025 Patch Tuesday, Microsoft released security updates for 66 vulnerabilities, including one actively exploited and one publicly disclosed zero-day vulnerability. The updates addressed ten "Critical" vulnerabilities, with eight being remote code execution vulnerabilities and two related to elevation of privileges. The breakdown of vulnerabilities includes 13 Elevation of Privilege, 3 Security Feature Bypass, 25 Remote Code Execution, 17 Information Disclosure, 6 Denial of Service, and 2 Spoofing vulnerabilities. The actively exploited zero-day vulnerability is CVE-2025-33053, a WebDAV Remote Code Execution vulnerability, while the publicly disclosed zero-day is CVE-2025-33073, a Windows SMB Client Elevation of Privilege vulnerability. Other companies also released updates in June 2025, including Adobe, Cisco, Fortinet, Google, HPE, Ivanti, Qualcomm, Roundcube, and SAP, addressing various vulnerabilities across their products.

AppWizard

June 11, 2025

Experts warn GTA and Minecraft being used to lure in cyberattack victims – here’s how to stay safe

Cybersecurity experts have reported a significant increase in game-themed malware targeting the gaming community, especially younger players. From April 1, 2024, to March 31, 2025, there were over 19 million attempts to download malicious files disguised as popular games, affecting around 400,000 individuals globally. Grand Theft Auto V (GTA V) was the most targeted game, with nearly 4.5 million attack attempts, followed by Minecraft with 4.1 million, Call of Duty (CoD) with 2.6 million, and The Sims with 2.4 million. Cybercriminals exploit established games and lure victims with fake offers, often leading to infostealers, cryptocurrency hijackers, backdoors, and Trojans. Kaspersky advises gamers to avoid pirated content and be cautious of suspicious offers.

Winsage

June 10, 2025

APT Hackers Exploited WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware

A cyberattack campaign by the advanced persistent threat group Stealth Falcon targeted a prominent Turkish defense company using a zero-day vulnerability identified as CVE-2025-33053. This vulnerability allowed attackers to manipulate the working directory of legitimate Windows tools to execute malware from their WebDAV servers. The attack was initiated through a spear-phishing email containing a malicious .url file that directed the system to a legitimate Internet Explorer utility, which was then exploited to execute malicious files. The attackers employed process hollowing to bypass traditional defenses. Stealth Falcon, also known as FruityArmor, has been conducting cyber espionage since at least 2012, targeting government and defense sectors in Turkey, Qatar, Egypt, and Yemen. The attack involved a multi-stage infection chain leading to the deployment of "Horus Agent," a custom implant designed for advanced reconnaissance and equipped with anti-analysis techniques. Researchers identified additional custom tools used by Stealth Falcon, including a DC Credential Dumper and a custom keylogger. The group utilizes repurposed legitimate domains to blend their infrastructure with legitimate traffic, complicating detection efforts.

Tech Optimizer

June 4, 2025

Do I need an antivirus and a VPN?

Reliance on antivirus software for device protection is common, but certain threats, especially ransomware, can bypass even the best solutions. Cybercriminals have shifted tactics from encrypting data for ransom to exfiltrating sensitive information and threatening to leak it. The availability of ransomware kits and the use of AI by attackers have made cybercrime more accessible and targeted. Remote work environments increase vulnerabilities, as hackers exploit unsecured networks and personal devices. Antivirus software can help protect against malware and viruses, but built-in solutions often lack comprehensive security. A high-quality antivirus program can enhance protection through advanced features and AI. A Virtual Private Network (VPN) encrypts data and secures internet traffic, making it a valuable tool for cybersecurity. Implementing a VPN is cost-effective compared to potential data breach costs. Using both a VPN and antivirus software is essential for comprehensive coverage, as they address different security aspects. Businesses may need advanced endpoint protection solutions for heightened security, which continuously scans for suspicious behavior and integrates multiple security features. Despite these tools, proper personal practices and cybersecurity awareness are crucial to minimize vulnerabilities and human error, which is a leading cause of cyberattacks.

Tech Optimizer

May 31, 2025

Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections

ClickFix attacks have evolved from targeting Windows systems to also affecting macOS, iOS, and Android devices. The new version starts with a compromised website where cybercriminals inject JavaScript code that redirects users to a fake URL shortener. This action leads to a download page serving malware. On macOS, the attack executes a malicious shell script via a terminal command, while on Android and iOS, it can occur without user interaction, allowing malware to be downloaded simply by visiting the compromised site. The malware is packaged in a .TAR archive and has been flagged by multiple antivirus programs.

AppWizard

May 11, 2025

Scrutinizing the security of messaging apps continues.

Customs and Border Protection (CBP) and the White House are facing scrutiny over security vulnerabilities in their messaging application. Hacktivists breached GlobalX, the airline handling U.S. deportation flights, exposing sensitive flight manifests. The FBI warned about threats exploiting outdated routers. Pearson confirmed a cyberattack compromising customer data. Research shows cybercriminals are using Windows Remote Management (WinRM) for lateral movements in Active Directory environments. A new email attack campaign is delivering a Remote Access Trojan (RAT) via malicious PDF invoices. A zero-day vulnerability in SAP NetWeaver allows remote code execution, affecting multiple sectors. An Indiana health system reported a data breach affecting nearly 263,000 individuals.

Winsage

May 7, 2025

Play ransomware affiliate leveraged zero-day to deploy malware

The Play ransomware gang exploited a critical vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, which has a CVSS score of 7.8 and is categorized as a "Use after free" vulnerability. This flaw allows an authorized attacker to elevate privileges locally and has been confirmed to be exploited in real-world attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities catalog in April. Microsoft addressed this vulnerability during its April Patch Tuesday security updates, acknowledging its exploitation in limited attacks targeting various sectors in the U.S. and Saudi Arabia. Researchers from Symantec reported that the Play ransomware gang used the CVE-2025-29824 exploit in an attack against a U.S. organization before the public disclosure and patching of the vulnerability. The attackers utilized the Grixba infostealer tool and initially exploited a public-facing Cisco ASA firewall to gain entry. They deployed tools to gather information, escalated privileges using the CVE-2025-29824 exploit, and executed malicious scripts to steal credentials. The exploit took advantage of race conditions in driver memory handling, allowing kernel access and manipulation of files. Before the patch was released, the exploit was reportedly used by multiple threat actors, and Microsoft linked it to other malware.

AppWizard

March 21, 2025

Get Rid of These 12 Android Apps That Secretly Record Your Conversations

Security researchers have identified malicious Android applications that invade user privacy by recording audio, intercepting messages, and stealing sensitive data without user consent. A cybersecurity firm, ESET, uncovered a cyber espionage operation that infiltrated Android devices through the Google Play Store and alternative app sources, initially involving six apps on the Play Store with over 1,400 downloads each before their removal. These deceptive apps, which masquerade as messaging services, embed malware capable of tracking user locations and harvesting personal information. Hackers employ tactics like “romance baiting” to trick users into downloading infected apps, such as those containing VajraSpy malware. Experts categorize these malicious apps into three groups: fake messaging apps that steal data, apps exploiting Android’s accessibility features, and a fake news app that harvests user data. A list of twelve flagged apps includes Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat, which should be removed immediately. To protect against spyware apps, users are advised to uninstall suspicious apps, change passwords, enable two-factor authentication, run security scans, and stay informed about cybersecurity updates. Caution is recommended when downloading apps, including verifying developers, checking reviews, and avoiding third-party app stores.