Trend Micro’s Zero Day Initiative (ZDI) announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.On the third day of the event, participants earned a total of $253,500 for hacking NAS devices, printers, smart speakers, routers, and smartphones. ZDI said $681,000 was paid out in the first t

A series of data wiper assaults targeting the diamond industry in South Africa, Israel, and Hong Kong have been ascribed to the Iranian advanced persistent threat (APT) actor Agrius.The wiper, known as Fantasy, is said to have been distributed through a supply-chain attack that was launched in February 2022 and targeted an Israeli software suite developer. V

MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets.The group adopted the new tactic in a campaign that might have started in September but wasn’t observed until October and combined the use of a legitimate remote a

Contestants hacked the Samsung Galaxy S22 again during the second day of the consumer-focused Pwn2Own 2022 competition in Toronto, Canada.They also demoed exploits targeting zero-day vulnerabilities in routers, printers, smart speakers, and Network Attached Storage (NAS) devices from HP, NETGEAR, Synology, Sonos, TP-Link, Canon, Lexmark, and Western Digital.

An Iran-linked advanced persistent threat (APT) actor named Agrius is using a new wiper in attacks targeting entities in South Africa, Israel and Hong Kong, cybersecurity firm ESET reports.Mainly focused on victims in Israel and the United Arab Emirates, Agrius is a threat actor active since at least 2020, exploiting known vulnerabilities for initial access.

Digital risk protection company CloudSEK claims that another cybersecurity firm is behind a recent data breach resulting from the compromise of an employee’s Jira account.As part of the targeted cyberattack, an unknown party used session cookies for the employee’s Jira account to gain access to various types of internal data.Because the user never used a pas

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.Tracked as CVE-2022-41128 (CVSS score of 8.8), the vulnerability was identified in the browser’s ‘JScript9’ JavaScript engine and can be exploited by remote attackers to execute arbitrary co

Google's Threat Analysis Group (TAG) revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability (known as a zero-day) to infect South Korean targets with malware.Google TAG was made aware of this recent attack on October 31 when multiple VirusTotal submitters from South Korea uploaded a

The Iranian Agrius APT hacking group is using a new 'Fantasy' data wiper in supply-chain attacks impacting organizations in Israel, Hong Kong, and South Africa.The campaign started in February and unfolded at full scale in March 2022, breaching an IT support services firm, a diamond wholesaler, a jeweler, and an HR consulting company.In this campaign, Agrius

Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts.While some internal information, including screenshots of product dashboards and three customers' names and purchase orders, was exfiltrated from its Confluence wiki, CloudSEK says the attackers didn't

Human rights activists, reporters, researchers, professors, diplomats, and politicians working in the Middle East are being targeted in an ongoing social engineering and credential phishing effort.These attacks have been linked to Iranian state hackers, APT42, which has been shown to have similarities with Charming Kitten (also known as APT35 or Phosphorus).

Cyber researchers’ study proves that Russian threat actors use vulnerable networks from countries around the world to attack Ukrainian organizations. Even though those countries support Ukraine, like the UK, US, or France, Russian cybercriminals managed to take advantage of them, while trying to meet their goals. Until now, a dam monitoring system, a Fortune

Four Nigerians arrested recently in Europe have been charged in the United States over their alleged role in a scheme that involved computer hacking and filing false tax returns.According to the US Justice Department, the suspects are Akinola Taylor, Olakunle Oyebanjo, Kazeem Olanrewaju Runsewe, and Olayemi Adafin, who is a UK citizen. They were arrested in

On the first day of the Pwn2Own Toronto 2022 hacking competition, participants earned a total of $400,000 for new exploits targeting phones, printers, routers and NAS devices.The competition organized by Trend Micro’s Zero Day Initiative (ZDI) offers significant prizes for hacking mobile phones, wireless routers, home automation hubs, printers, smart speaker

The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers that participated in the competition hacked the Samsung Galaxy S22 smartphone twice during the first day