August, 2021
August 31, 2021 – Solution
Microsoft 365 Usage Analytics now anonymizes user info by default Full Text
Abstract
Microsoft has announced that it will start anonymizing user-level info by default Microsoft 365 Usage Analytics beginning with September 1, 2021.BleepingComputer
August 31, 2021 – Breach
Update: Leaked Guntrader firearms data file with UK gun owners’ home addresses shared online Full Text
Abstract
Names, home addresses, postcodes, phone numbers, email addresses, and IP addresses are included in the CSV file – along with geographic coordinates for many of the 111,295 people listed in the breach.The Register
August 31, 2021 – Government
Agencies warn of ransomware threats ahead of Labor Day weekend Full Text
Abstract
Federal agencies are warning of potential ransomware attacks targeted at U.S. organizations ahead of Labor Day weekend following cyberattacks during previous holidays this year.The Hill
August 31, 2021 – Vulnerabilities
Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms Full Text
Abstract
New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS score: 5.7), were discovered and reported by cybersecurity firm Rapid7 in May 2021 with a 60-day deadline to fix the weaknesses. The Fortress S03 Wi-Fi Home Security System is a do-it-yourself (DIY) alarm system that enables users to secure their homes and small businesses from burglars, fires, gas leaks, and water leaks by leveraging Wi-Fi and RFID technology for keyless entry. The company's security and surveillance systems are used by "thousands of clients and continued customers," according to its website. Calling the vulnerabilities "trivially easy to exploit," Rapid7 reThe Hacker News
August 31, 2021 – Government
How Congress and NIST Can Help Organizations Better Manage Cyber Risk Full Text
Abstract
Requiring NIST to clarify how organizations should use existing and future cybersecurity guidance would be a timely and overdue action to improve the nation’s cyber defenses that should attract broad support.Lawfare
August 31, 2021 – Ransomware
LockFile Ransomware uses a new intermittent encryption technique Full Text
Abstract
Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. LockFile ransomware gang started its operations last month, recently it was spotted targeting Microsoft Exchange...Security Affairs
August 31, 2021 – Vulnerabilities
Proxyware Services Open Orgs to Abuse – Report Full Text
Abstract
Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.Threatpost
August 31, 2021 – Government
FBI, CISA: Ransomware attack risk increases on holidays, weekends Full Text
Abstract
The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays to released a joint cybersecurity advisory issued earlier today.BleepingComputer
August 31, 2021 – General
Coin Miners Pose Biggest Threat to Linux Cloud Environments Full Text
Abstract
Trend Micro found that around 13 million malware attacks targeted Linux-based cloud environments, with ransomware and coin miners accounting for 54% of attacks in the first half of 2021. Web shells accounted for around 20% of malware families. It is recommended to have additional and adequate layer ... Read MoreCyware Alerts - Hacker News
August 31, 2021 – Solution
Researchers Propose Machine Learning-based Bluetooth Authentication Scheme Full Text
Abstract
A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called " Verification of Interaction Authenticity " (aka VIA), the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once two devices are paired with one another, which remain authenticated until an explicit deauthentication action is taken, or the authenticated session expires. "Consider devices that pair via Bluetooth, which commonly follow the pattern of pair once, trust indefinitely. After two devices connect, those devices are bonded until a user explicitly removes the bond. This bond is likely to remain intact as long as the devices exist, or until they transfer ownership," Travis Peters, one of the co-authors of the study, said . "The increased adoption of (Bluetooth-enabled)The Hacker News
August 31, 2021 – Hacker
Threat actors can remotely disable Fortress S03 Wi-Fi Home Security System Full Text
Abstract
Rapid7 researchers discovered two flaws that can be exploited by attackers to remotely disable one of the home security systems offered by Fortress Security Store. Researchers at cybersecurity firm Rapid7 discovered two vulnerabilities that can be exploited...Security Affairs
August 31, 2021 – Vulnerabilities
WooCommerce Pricing Plugin Allows Malicious Code-Injection Full Text
Abstract
The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.Threatpost
August 31, 2021 – Cryptocurrency
Coinbase seeds panic among users with erroneous 2FA change alerts Full Text
Abstract
Coinbase, the world's second largest cryptocurrency exchange with approximately 68 million users from over 100 countries, has scared a significant amount of its users with erroneous 2FA warnings.BleepingComputer
August 31, 2021 – Government
FBI Alert: Hive Ransomware is Actively Targeting Healthcare Full Text
Abstract
The FBI cautioned against the Hive ransomware that recently halted operations at Memorial Health System in a cyberattack. The group’s deadline ranges between two to six days, normally. Hive actors use RDP to move laterally inside the network. A response plan in the event of ransomware attacks sho ... Read MoreCyware Alerts - Hacker News
August 31, 2021 – Vulnerabilities
HPE wars customers of Sudo flaw in Aruba AirWave Management Platform Full Text
Abstract
Hewlett Packard Enterprise (HPE) warns of a vulnerability in Sudo open-source program used in its Aruba AirWave management platform. Hewlett Packard Enterprise (HPE) is warning of a high-severity privilege escalation vulnerability in Sudo open-source...Security Affairs
August 31, 2021 – Vulnerabilities
QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout Full Text
Abstract
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.Threatpost
August 31, 2021 – Criminals
Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs Full Text
Abstract
Cybercriminals are making strides towards attacks with malware that executes code from the graphics processing unit (GPU) of a compromised system.BleepingComputer
August 31, 2021 – General
An Extensive Look into Gaming-related Cyberthreats Full Text
Abstract
According to Kaspersky, between July 2020 and June 2021, around 303,827 users were faced with gaming-related malware and other unwanted software, while 69,224 files were propagated under the pretense of 24 most played PC games.Cyware Alerts - Hacker News
August 31, 2021 – Cryptocurrency
Threat actors stole $29 million worth of crypto assets from Cream Finance Full Text
Abstract
Crooks have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. Threat actors have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi)...Security Affairs
August 31, 2021 – Breach
Canada accepted 7,300 more immigration applications due to technical bug Full Text
Abstract
A bug in the Canadian immigration system led to the government accepting an additional 7,307 immigration applications, surpassing the imposed limit. This comprised files from international graduate stream applicants aspiring to change their temporary visa status to permanent residency.BleepingComputer
August 31, 2021 – Malware
Joker Malware is Back - Yet Again! Full Text
Abstract
The Belgian Police issued a warning about the return of the Joker virus that is attacking Android devices - once more. The virus has been detected in eight apps in the Google Play Store; however, the apps have been removed by Google.Cyware Alerts - Hacker News
August 31, 2021 – Vulnerabilities
Microsoft Exchange ProxyToken flaw can allow attackers to read your emails Full Text
Abstract
ProxyToken is a serious vulnerability in Microsoft Exchange Server that could allow unauthentication attackers to access emails from a target account. Technical details of a serious vulnerability in the Microsoft Exchange Server, dubbed ProxyToken...Security Affairs
August 31, 2021 – Malware
Evil WhatsApp Mod Spotted Infecting Android Users with Malware Full Text
Abstract
A version of FMWhatsApp, a popular WhatsApp mod, was found to carry a trojan. Dubbed Triada, the trojan downloads malicious apps on victims’ devices and is found in version 16.80.0 of FMWhatsApp.Cyware Alerts - Hacker News
August 31, 2021 – Vulnerabilities
Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems Full Text
Abstract
Rapid7 researchers discovered that the product is affected by two vulnerabilities — both rated medium severity based on their CVSS score — that can be exploited remotely.Security Week
August 31, 2021 – Criminals
Cybercriminals buy up admin credentials to sharpen attacks on cloud deployments Full Text
Abstract
One of the most interesting trends over the past few months, according to a new report, is the rising demand for access to cloud accounts in the sale of admin credentials from Initial Access Brokers.Tech Republic
August 31, 2021 – Vulnerabilities
Deserialization bug in TensorFlow machine learning framework allowed arbitrary code execution Full Text
Abstract
According to an advisory on GitHub, both TensorFlow and Keras, a wrapper library for TensorFlow, used an unsafe function to deserialize YAML-encoded machine learning models.The Daily Swig
August 30, 2021 – Privacy
Normalizing Surveillance Full Text
Abstract
In developing a system for preventing the spread of child sexual abuse material that involves scanning the material of all those using certain apps, Apple is acclimatizing the idea of bulk surveillance.Lawfare
August 30, 2021 – Government
CISA Adds Single-Factor Authentication to the List of Bad Practices Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. Single-factor authentication is a method of signing in users to websites and remote systems by using only one way of verifying their identity, typically a combination of username and password. It's considered to be of low-security, since it heavily relies on "matching one factor — such as a password — to a username to gain access to a system." But with weak, reused, and common passwords posing a grave threat and emerging a lucrative attack vector, the use of single-factor authentication can lead to unnecessary risk of compromise and increase the possibility of account takeover by cybercriminals. With the latest development, the list of bad practices now eThe Hacker News
August 30, 2021 – Vulnerabilities
New Microsoft Exchange ‘ProxyToken’ Flaw Lets Attackers Reconfigure Mailboxes Full Text
Abstract
Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII). The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and coined " ProxyToken ," was discovered by Le Xuan Tuyen, a researcher at the Information Security Center of Vietnam Posts and Telecommunications Group (VNPT-ISC), and reported through the Zero-Day Initiative (ZDI) program in March 2021. "With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users," the ZDI said Monday. "As an illustration of the impact, this can be used to copy all emails addressed to a target and account and forward them to an account controlled by the attacker." Microsoft addressed the issue as part of its Patch Tuesday updates for July 2021The Hacker News
August 30, 2021 – Privacy
Army Testing Facial Recognition in Child-Care Centers Full Text
Abstract
Army looking for AI to layer over daycare CCTV to boost ‘family quality of life.’Threatpost
August 30, 2021 – Vulnerabilities
QNAP works on patches for OpenSSL bugs impacting its NAS devices Full Text
Abstract
Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week.BleepingComputer
August 30, 2021 – Criminals
Ragnarok Quits, Universal Decryption Keys Out Full Text
Abstract
The operators of Ragnarok ransomware have called quits and released decryption keys in a recent announcement. Active since 2019, the group had claimed several victims globally. Ragnarok’s sudden disappearance doesn't look like a planned one. A universal decryptor for Ragnarok ransomware has been ... Read MoreCyware Alerts - Hacker News
August 30, 2021 – Government
Biden administration establishes program to recruit tech professionals to serve in government Full Text
Abstract
The Biden administration on Monday announced it was establishing a program to recruit and train people to serve in digital positions within the federal government and address issues related to the COVID-19 pandemic and cybersecurity concerns.The Hill
August 30, 2021 – Government
US DoJ announces the creation of Cyber Fellowship Program Full Text
Abstract
The US DoJ announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity. The US DoJ announced a new Cyber Fellowship program for training selected prosecutors and attorneys on cyber threat and threat actors. The...Security Affairs
August 30, 2021 – Vulnerabilities
HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform Full Text
Abstract
HPE joins Apple in warning customers of a high-severity Sudo vulnerability.Threatpost
August 30, 2021 – Government
CISA: Don’t use single-factor auth on Internet-exposed systems Full Text
Abstract
Single-factor authentication (SFA) has been added today by the US Cybersecurity and Infrastructure Security Agency (CISA) to a very short list of cybersecurity bad practices it advises against.BleepingComputer
August 30, 2021 – Phishing
Various Online Scams are Gaining Traction in the Crypto and Financial Space Full Text
Abstract
OpenSea was targeted by an aggressive phishing attack. The attackers hid in the crypto platform’s Discord server and impersonated legit OpenSea employees to steal NFTs and cryptocurrency.Cyware Alerts - Hacker News
August 30, 2021 – Hacker
ISRAELI FIRM ‘BRIGHT DATA’ (LUMINATI NETWORKS) ENABLED THE ATTACKS AGAINST KARAPATAN Full Text
Abstract
Who is behind the massive and prolonged Distributed Denial of Service (DDoS) attack that hit the Philippine human rights alliance Karapatan? The 25 days long DDoS attack against the website of Karapatan was launched by almost 30.000 IP addresses,...Security Affairs
August 30, 2021 – Vulnerabilities
Microsoft Exchange ProxyToken bug can let hackers steal user email Full Text
Abstract
Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account.BleepingComputer
August 30, 2021 – Malware
Konni RAT Targets Russian Users Full Text
Abstract
In late July, an ongoing spear-phishing campaign was discovered abusing two Russian language documents, which were laced with the same malicious macro to deliver Konni RAT.Cyware Alerts - Hacker News
August 30, 2021 – Criminals
Cybercriminals Steal $29 Million in Crypto Assets from Decentralized Finance Platform Cream Finance Full Text
Abstract
Hackers are estimated to have stolen more than $29 million in cryptocurrency assets from Cream Finance, a DeFi platform that allows users to loan and speculate on cryptocurrency price variations.The Record
August 30, 2021 – Business
Check Point To Acquire Email Security Startup Avanan Full Text
Abstract
Check Point Software Technologies has agreed to buy email security solutions provider Avanan to deliver best-of-breed cloud email malware protection and expand security to SaaS collaboration suites.CRN
August 30, 2021 – Vulnerabilities
New Mirai Variant Targets WebSVN Command Injection Vulnerability Full Text
Abstract
The critical command injection vulnerability was discovered and patched in May 2021. A PoC was released and within a week, attackers exploited the vulnerability to deploy variants of Mirai.Palo Alto Networks
August 30, 2021 – Government
The first national cyber director has big plans to toughen U.S. digital defenses Full Text
Abstract
America’s first-ever national cyber director Chris Inglis says he has a strategy to get government agencies to toughen up their digital defenses in the face of increasing cyber threats.Politico
August 30, 2021 – General
Singapore touts need for security, use cases as 5G rollouts gather steam Full Text
Abstract
Government urges need to ensure 5G networks remain secured and resilient, as Singtel says it has attained 180,000 5G subscribers and added new business use cases running on its 5G standalone network.ZDNet
August 30, 2021 – Vulnerabilities
ProxyToken vulnerability can modify Exchange server configs Full Text
Abstract
Nicknamed ProxyToken, the security vulnerability allows a remote attacker to bypass authentication and make changes to a Microsoft Exchange email server’s backend configuration.The Record
August 30, 2021 – Education
Florida Southern College receives $250,000 cybersecurity grant Full Text
Abstract
The grant will create a laboratory that includes a virtual cyber range for customized training environments in the soon-to-be-opened Carole and Marcus Weinstein Computer Sciences Center.The Ledger
August 30, 2021 – Criminals
Deciphering ShinyHunters’ Data Breach Tactics Full Text
Abstract
The gang has claimed responsibility for a string of data breaches involving Pixlr, ChqBook, Tokopedia, BigBasket, Microsoft’s GitHub account, and MeetMindful among others.Cyware Alerts - Hacker News
August 30, 2021 – Solution
How Does MTA-STS Improve Your Email Security? Full Text
Abstract
Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now), and therefore security was not an important consideration. As a result, in most email systems encryption is still opportunistic, which implies that if the opposite connection does not support TLS, it gets rolled back to an unencrypted one delivering messages in plaintext. To mitigate SMTP security problems, MTA-STS (Mail Transfer Agent Strict Transport Security) is the recommended email authentication standard. It enforces TLS in order to allow MTAs to send emails securely. This means that it will only allow mail from MTAs that support TLS encryption, and it will only allow mail to go to MX hosts that support TLS encryption. In case an encrypted connection cannot be negotiated between communicating SMTP servers, theThe Hacker News
August 30, 2021 – Government
CISA urges enterprises to fix Microsoft Azure Cosmos DB flaw Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging enterprises to address the recently disclosed vulnerability in Microsoft Azure Cosmos DB. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued...Security Affairs
August 30, 2021 – Attack
T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks Full Text
Abstract
Mike Sievert, CEO of T-Mobile, said that while the company’s investigation into the incident was “substantially complete,” he could not share too many technical details due to ongoing criminal probe.Security Week
August 30, 2021 – Attack
Boston Public Library discloses cyberattack Full Text
Abstract
The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network....Security Affairs
August 30, 2021 – Outage
Envision Credit Union Faces Technical Difficulties Following Alleged Attack by LockBit 2.0 Ransomware Group Full Text
Abstract
Initial signs of a potential attack surfaced this week on social media and indicated the LockBit 2.0 ransomware group threatened to publish stolen data on August 30, according to Dataminr.Tallahassee
August 30, 2021 – Attack
New variant of Konni RAT used in a campaign that targeted Russia Full Text
Abstract
So far, Konni RAT has managed to evade detection as only 3 security solutions on VirusTotal were able to detect the malware. Researchers from Malwarebytes Labs spotted an ongoing malware campaign that is targeing Russia with the Konni RAT. Security...Security Affairs
August 30, 2021 – Government
U.S. Justice Department adds fellowship program to boost legal efforts against cybercrime Full Text
Abstract
“We need to develop the next generation of prosecutors with the training and experience necessary to combat the next generation of cyber threats,” Deputy Attorney General Lisa Monaco said.Cyberscoop
August 30, 2021 – Botnet
Phorpiex botnet shuts down, source code goes up for sale Full Text
Abstract
The ad, posted by an individual earlier linked to the botnet’s operation, claims that none of its two authors are involved in running the botnet, hence the reason they decided to sell its source code.The Record
August 30, 2021 – Policy and Law
Parents of teens who stole $1 million in Bitcoin sued by alleged victim Full Text
Abstract
According to court documents obtained by Brian Krebs, Andrew Schober lost 16.4552 BTC in 2018 after his PC was infected with malware, allegedly the creation of two teenagers in the United Kingdom.ZDNet
August 30, 2021 – General
Challenges organizations face when implementing zero trust architecture Full Text
Abstract
98 percent of UK business leaders and IT decision-makers either plan to or have already started implementing zero trust strategies at their organizations, according to Illumio.Help Net Security
August 30, 2021 – Hacker
A new wave of Hacktivists is turning the surveillance state against itself Full Text
Abstract
Images and videos stolen from oppressive regimes’ surveillance systems are being leaked in a new surge of suspected hacktivism that uses states’ own panopticons against them.The Record
August 29, 2021 – APT
SparklingGoblin’s SideWalk Hints Toward the Maker of CrossWalk Full Text
Abstract
The new SideWalk backdoor in a recent campaign by a Chinese APT found sharing multiple similarities with CrossWalk, another backdoor used by the group. SideWalk and CrossWalk share a resemblance in anti-tampering techniques, threading model, data layout, and the way data is managed during the ... Read MoreCyware Alerts - Hacker News
August 29, 2021 – Education
Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses Full Text
Abstract
Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers. Sounds like an exciting career, right? If the comic-book comparisons aren't working for you, perhaps some figures will. According to ZipRecruiter, the average salary of a cybersecurity professional is just over $100,000 a year. The Complete 2021 CyberSecurity Super Bundle can help you get started in this niche, with 24 courses working towards top certification exams. If you went and bought these courses separately, you would pay a total of $7,080. To bring the price down, The Hacker News has teamed up with iCollege to offer all the training for just $69.99 . That is 99% off the full value! You don't need a college education to get a job in cybersecurity, but you do need to pass some exams. This bundle gives you full prep for important tests, including CISSP, and CompTIA Security+, PenTest+, CySA+, and CASP+. Picking up these certificaThe Hacker News
August 29, 2021 – Breach
1 GB of data belonging to Puma available on Marketo Full Text
Abstract
The name of the sportswear manufacturer Puma appeared on the dark web marketplace of stolen data Marketo, threat actors claim to have stolen 1 GB of data from the company. The emerging underground marketplace of stolen data ‘Marketo’ available...Security Affairs
August 29, 2021 – Botnet
DirtyMoe Botnet Returns with New Tricks Full Text
Abstract
A new DirtyMoe botnet variant was discovered with major modifications in the form of anti-forensic, anti-debugging, and anti-tracking capabilities. The attackers use VMProtect and their own encryption algorithm to evade detection. Besides vulnerability management solutions, enterprises must en ... Read MoreCyware Alerts - Hacker News
August 29, 2021 – General
Security Affairs newsletter Round 329 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. EskyFun...Security Affairs
August 29, 2021 – Malware
FIN8 Returns with New Sardonic Backdoor Full Text
Abstract
Financially motivated FIN8 group attempted to compromise the networks of a U.S. financial organization using a new malware - Sardonic. Sardonic can establish persistence on the infected machine and collects system info, executes arbitrary commands, loads/executes extra plugins, and the results are ... Read MoreCyware Alerts - Hacker News
August 29, 2021 – Denial Of Service
DDoS attacks target the Philippine human rights alliance Karapatan Full Text
Abstract
The Philippine human rights alliance Karapatan has suffered a massive and prolonged Distributed Denial of Service (DDoS) attack, Qurium organizations linked it to the local government. For the past three weeks, the Philippine human rights alliance Karapatan has...Security Affairs
August 29, 2021 – Botnet
LokiBot Uses Old-but-Tested Tricks to Lure Victims Full Text
Abstract
Trend Micro has identified a new malware distribution campaign delivering LokiBot banking trojan using multiple old yet effective tactics. The customers were being targeted via emails masquerading as an order invoice, with a PDF file attached. Its critical that organizations patch vulnera ... Read MoreCyware Alerts - Hacker News
August 29, 2021 – Vulnerabilities
Some Synology products impacted by recently disclosed OpenSSL flaws Full Text
Abstract
Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the OpenSSL impact some of its products. Taiwanese company Synology revealed that the recently disclosed remote code execution (RCE) and denial-of-service...Security Affairs
August 28, 2021 – Government
White House rallies private industry in cyber battle Full Text
Abstract
A meeting between President Biden and more than two dozen key leaders from a variety of industries this week has increased momentum for plans to quickly address rising cyber threats.The Hill
August 28, 2021 – Ransomware
LockFile Ransomware Bypasses Protection Using Intermittent File Encryption Full Text
Abstract
A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption." Called LockFile , the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only every alternate 16 bytes of a file, thereby giving it the ability to evade ransomware defences. "Partial encryption is generally used by ransomware operators to speed up the encryption process and we've seen it implemented by BlackMatter, DarkSide and LockBit 2.0 ransomware," Mark Loman, Sophos director of engineering, said in a statement. "What sets LockFile apart is that, unlike the others, it doesn't encrypt the first few blocks. Instead, LockFile encrypts every other 16 bytes of a document." "This means that a file such as a text documenThe Hacker News
August 28, 2021 – Attack
Microsoft Warns of Widespread Phishing Attacks Using Open Redirects Full Text
Abstract
Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week. "Doing so leads to a series of redirections — including a CAPTCHA verification page that adds a sense of legitimacy and attempts to evade some automated analysis systems — before taking the user to a fake sign-in page. This ultimately leads to credential compromise, which opens the user and their organization to other attacks." Although redirect links in email messages serve a vital tool to take recipients to third-party websites or track click rates and measure the success of sales and marketinThe Hacker News
August 28, 2021 – Breach
EskyFun data leak, over 1 million Android gamers impacted Full Text
Abstract
vpnMentor’s researchers reported that the Chinese mobile gaming company EskyFun suffered a data breach, over 1 million gamers impacted. vpnMentor’s researchers discovered that the Chinese mobile gaming company EskyFun suffered a data breach,...Security Affairs
August 28, 2021 – Attack
Boffins show PIN bypass attack Mastercard and Maestro contactless payments Full Text
Abstract
Boffins from the Swiss ETH Zurich university demonstrated PIN bypass attack on contactless cards from Mastercard and Maestro. A group of researchers from the Swiss ETH Zurich university has discovered a vulnerability that allowed them to bypass...Security Affairs
August 28, 2021 – Business
Google to train 100,000 Americans to boost cybersecurity in the US Full Text
Abstract
Google, which has announced to invest $10 billion over the next five years to strengthen cybersecurity in the US, said that the governments and businesses are at a watershed moment in addressing cybersecurity.The Times Of India
August 28, 2021 – Business
Amazon disables website used for ISIS propaganda Full Text
Abstract
Amazon Web Services (AWS) has disabled a website that had reportedly been used since April by a wing of the Islamic State to promote propaganda, including praise of the deadly suicide attack Thursday at the airport in Kabul, Afghanistan.The Hill
August 28, 2021 – Botnet
Phorpiex botnet shuts down and authors put source code for sale Full Text
Abstract
Crooks behind the Phorpiex botnet have shut down their operations and put the source code for sale on the dark web. The criminal organization behind the Phorpiex botnet have shut down their operations and put the source code of the bot for sale on a cybercrime...Security Affairs
August 28, 2021 – Vulnerabilities
Cisco says it will not release software update for critical 0-day in EOL VPN routers Full Text
Abstract
Cisco announced recently that it will not be releasing software updates for a vulnerability with its Universal Plug-and-Play (UPnP) service in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers.ZDNet
August 28, 2021 – Vulnerabilities
Atlassian released security patches to fix a critical flaw in Confluence Full Text
Abstract
Atlassian released patches to fix a critical flaw, tracked as CVE-2021-26084, affecting the Confluence enterprise collaboration product. Atlassian released security patches to address a critical vulnerability, tracked as CVE-2021-26084, affecting...Security Affairs
August 28, 2021 – Vulnerabilities
Azure Cosmos DB alert: This critical vulnerability puts users at risk Full Text
Abstract
Microsoft has recently become aware of a vulnerability in Azure Cosmos DB that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key.ZDNet
August 28, 2021 – Government
The FBI issued a flash alert for Hive ransomware operations Full Text
Abstract
The Federal Bureau of Investigation (FBI) has released a flaw alert on the Hive ransomware attacks that includes technical details and indicators of compromise associated with the operations of the gang.Security Affairs
August 27, 2021 – Hacker
T-Mobile CEO: Hacker brute-forced his way through our network Full Text
Abstract
Today, T-Mobile's CEO Mike Sievert said that the hacker behind the carrier's latest massive data breach brute forced his way through T-Mobile's network after gaining access to testing environments.BleepingComputer
August 27, 2021 – General
Winning the Cyber-Defense Race: Understand the Finish Line Full Text
Abstract
Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It’s not achieving visibility.Threatpost
August 27, 2021 – Outage
Boston Public Library discloses cyberattack, system-wide technical outage Full Text
Abstract
The Boston Public Library (BPL) has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage.BleepingComputer
August 27, 2021 – General
Hillicon Valley: House panel probing Jan. 6 requests records from tech giants Full Text
Abstract
Wrapping up the last full week of August, major tech companies are being further pulled into the investigation into the Jan. 6 attack on the U.S. Capitol, with the House committee investigating the day requesting records from Facebook, Twitter, YouTube and several other major companies.The Hill
August 27, 2021 – APT
FIN8 Targets US Bank With New ‘Sardonic’ Backdoor Full Text
Abstract
The latest refinement of the APT’s BadHatch backdoor can leverage new malware on the fly without redeployment, making it potent and nimble.Threatpost
August 27, 2021 – Policy and Law
Justice Department establishes program to train prosecutors to handle cyber cases Full Text
Abstract
Deputy Attorney General Lisa Monaco on Friday announced the establishment of a fellowship program at the Justice Department to help train future prosecutors and attorneys in how to handle cases involving cybersecurity concerns.The Hill
August 27, 2021 – Vulnerabilities
An RCE in Annke video surveillance product allows hacking the device Full Text
Abstract
Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting...Security Affairs
August 27, 2021 – General
‘Pay Ransom’ Screen? Too Late, Humpty Dumpty – Podcast Full Text
Abstract
Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells.Threatpost
August 27, 2021 – Business
T-Mobile CEO apologizes for breach that compromised data of 50 million people Full Text
Abstract
T-Mobile CEO Mike Sievert on Friday announced that the hacker behind the recent breach of the company that compromised the information of around 50 million individuals had used “brute force” in the attack and apologized for the impact of the breach.The Hill
August 27, 2021 – Vulnerabilities
ChaosDB, a Critical Cosmos DB flaw affected thousands of Microsoft Azure Customers Full Text
Abstract
Microsoft has fixed a critical flaw in Cosmos DB that allowed any Azure user to remotely take over other users' databases without any authorization. Researchers from Cloud security company Wiz disclosed technical details of a now-fixed Azure Cosmos...Security Affairs
August 27, 2021 – Outage
Palantir glitch allegedly granted some FBI staff unauthorized access to a crypto hacker’s data Full Text
Abstract
According to The New York Post, the mishap was revealed in a letter by prosecutors in the Manhattan federal court case against accused hacker Virgil Griffith. Palantir denied the claims.TechCrunch
August 27, 2021 – Ransomware
The FBI issued a flash alert for Hive ransomware operations Full Text
Abstract
The Federal Bureau of Investigation (FBI) published a flash alert related to the operations of the Hive ransomware gang. The Federal Bureau of Investigation (FBI) has released a flaw alert on the Hive ransomware attacks that includes technical details...Security Affairs
August 27, 2021 – Business
Amazon to Offer Free Cybersecurity Training Materials, MFA Devices Full Text
Abstract
The training materials, which focus on security awareness and particularly the threat posed by social engineering, will be offered for free to both individuals and organizations starting in October.Security Week
August 27, 2021 – Vulnerabilities
Annke network video recorder vulnerability could see attackers seize control of security cameras Full Text
Abstract
The critical flaw (CVE-2021-32941) was discovered in the playback functionality of NVR model N48PBB, which captures and records live streams from up to eight IP security cameras.The Daily Swig
August 27, 2021 – Business
IronNet Completes Business Combination with LGL Systems Acquisition Corp. Full Text
Abstract
The ticker symbols for the previously outstanding common stock and warrants of LGL will change from DFNS and DFNS.WS to IRNT and IRNT.WS and will begin trading as such on NYSE on August 27, 2021Yahoo! Finance
August 27, 2021 – Denial Of Service
Fake DMCA complaints, DDoS threats lead to BazaLoader malware Full Text
Abstract
Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service (DDoS) attacks.BleepingComputer
August 27, 2021 – General
Securing the digital future with Cyber Innovation Full Text
Abstract
Today, the extensive library of tools, technologies, and processes available to protect an organization from cyber threats are overwhelming and, at the same time, offer underwhelming results.Dynamic CISO
August 27, 2021 – Business
Microsoft, Google to Invest $30 Billion in Cybersecurity Over Next 5 Years Full Text
Abstract
Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments worldwide. The White House cybersecurity meeting, which brought together executives from the education, energy, finance, insurance, and tech sectors, included companies like ADP, Amazon, Apple, Bank of America, Code.org, Girls Who Code, Google, IBM, JPMorgan Chase, Microsoft, and Vantage Group, among others. To that end, the U.S. government on Wednesday announced a collaboration between the National Institute of Standards and Technology (NIST) and industry partners to develop a new framework to improve the security and integrity of the technology supply chain, alongside plans to expand theThe Hacker News
August 27, 2021 – Attack
Victims of Ragnarok ransomware can decrypt their files for free Full Text
Abstract
Ragnarok ransomware operators are ceasing their operations and released the master key that can allow their victims to decrypt files for free. The Ragnarok ransomware group has been active since at least January 2020 and hit dozens of organizations...Security Affairs
August 27, 2021 – Vulnerabilities
Top Strategies That Define the Success of a Modern Vulnerability Management Program Full Text
Abstract
Modern vulnerability management programs require a strategy that defines what success means for your organization’s cybersecurity goals. By incorporating a few simple cyber hygiene routines to your daily security routine, you’ll set up your IT teams to be better equipped to steer off cyberattacks.Threatpost
August 27, 2021 – Vulnerabilities
Microsoft warns Azure customers of critical Cosmos DB vulnerability Full Text
Abstract
Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization.BleepingComputer
August 27, 2021 – Vulnerabilities
Researchers Bypass Security PINs for Mastercard and Maestro Contactless Payments Full Text
Abstract
The now-patched vulnerability would have allowed cybercriminals to use stolen Mastercard and Maestro cards to pay for expensive products without needing to provide PINs on contactless payments.The Record
August 27, 2021 – Vulnerabilities
Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers Full Text
Abstract
U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The IT infrastructure management solution provider has addressed the issues in server software version 10.5.5-2 released on August 12, DIVD said. An as-yet-undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched, but the company has published firewall rules that can be applied to filter traffic to and from the client and mitigate any risk associated with the flaw. As an additional precaution, it's recommended not to leave the servers accessible over the internet. Although specifics related to the vulnerabilities are sparse, the shortcominThe Hacker News
August 27, 2021 – Vulnerabilities
B. Braun Infusomat pumps could be hacked to alter medication doses Full Text
Abstract
Researchers disclosed five vulnerabilities in B. Braun 's Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. Cybersecurity researchers from McAfee disclosed five vulnerabilities in B. Braun's Infusomat Space Large...Security Affairs
August 27, 2021 – Business
Monad emerges from stealth with $17M to solve the cybersecurity big data problem Full Text
Abstract
Cloud security firm Monad, which offers a platform for extracting and connecting data from various security tools, has launched from stealth with $17 million in Series A funding led by Index Ventures.TechCrunch
August 27, 2021 – Vulnerabilities
Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers Full Text
Abstract
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. The flaw, which grants read, write, and delete privileges, has been dubbed " ChaosDB ," with Wiz researchers noting that "the vulnerability has a trivial exploit that doesn't require any previous access to the target environment, and impacts thousands of organizations, including numerous Fortune 500 companies." Cosmos DB is Microsoft's proprietary NoSQL database that's advertised as "a fully managed service" that "takes database administration off your hands with automatic management, updates and patching." The Wiz Research Team reported the issue to Microsoft on August 12, after which the Windows maker took steps to mitigate the issue within 48 hours of rThe Hacker News
August 27, 2021 – Business
Updates on our continued collaboration with NIST to secure the Software Supply Chain Full Text
Abstract
Google will collaborate with the National Institute of Standards and Technology to support and develop a new framework that will help improve the security and integrity of the technology supply chain.Chrome Releases
August 27, 2021 – Criminals
Belgian Police Warns of Cybercriminals Impersonating Europol’s Executive Director to Steal Payment Credentials Full Text
Abstract
Scammers are impersonating the head of Europol, the European Union’s law enforcement agency, in an attempt to spook victims into handing over their financial information.Cyberscoop
August 27, 2021 – Business
Elastic acquisition spree continues as it acquires security startup CMD Full Text
Abstract
Elastic CEO and co-founder Shay Banon told TechCrunch that his company will be welcoming the employees of CMD into his company, but did not disclose precisely how many would be coming over.TechCrunch
August 27, 2021 – Breach
Microsoft Warns Thousands of Azure Cloud Customers of Exposed Databases Full Text
Abstract
The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases.Reuters
August 27, 2021 – Attack
China’s Microsoft Hack May Have Had A Bigger Purpose Than Just Spying Full Text
Abstract
The China-linked cyber intruders broke into Exchange by finding a handful of coding errors that gave them entry into Exchange servers and then allowed them to take control.NPR
August 27, 2021 – Breach
US National from Virginia Admits to Orchestrating the Massive T-Mobile Breach Full Text
Abstract
A 21-year-old Virginia native living in Turkey has admitted to being the main force behind the massive T-Mobile hack that exposed the sensitive information of more than 50 million people.ZDNet
August 26, 2021 – Attack
Microsoft Breaks Silence on Barrage of ProxyShell Attacks Full Text
Abstract
versions of the software are affected by a spate of bugs under active exploitations.Threatpost
August 26, 2021 – Ransomware
Ragnarok ransomware releases master decryptor after shutdown Full Text
Abstract
Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware.BleepingComputer
August 26, 2021 – Breach
Chinese developers expose data belonging to Android gamers Full Text
Abstract
In a report shared with ZDNet, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, revealed EskyFun as the owner of a 134GB server exposed and made public online.ZDNet
August 26, 2021 – General
Hillicon Valley: Coronavirus content moderation complaints come to Reddit Full Text
Abstract
Amid a surge in new coronavirus cases driven by the delta variant, the role of internet platforms in spreading potentially harmful misinformation about vaccines and other mitigation strategies. At Reddit, which has been praised for its community driven approach to moderation, several users are demanding the company take a firmer stance on certain groups that they say are maliciously spreading bad information. Read more about the letter and Facebook’s latest stab at moderation below.The Hill
August 26, 2021 – Government
CISA publishes malware analysis reports on samples targeting Pulse Secure devices Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. The U.S. CISA published five malware analysis reports (MARs) related to samples...Security Affairs
August 26, 2021 – Policy and Law
Man Sues Parents of Teens Who Hijacked Nearly $1M in Bitcoin Full Text
Abstract
Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin.Threatpost
August 26, 2021 – Vulnerabilities
Synology: Multiple products impacted by OpenSSL RCE vulnerability Full Text
Abstract
Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products.BleepingComputer
August 26, 2021 – APT
Earth Baku (APT41) Active Target Victims in Indo-Pacific Region Full Text
Abstract
Trend Micro researchers stumbled across a cyberespionage campaign by Earth Baku, or APT41, compromising public and private entities alike located in the Indo-Pacific region. The group deploys previously unknown shellcode loaders, now known as StealthVector and StealthMutant, along with a backdoor i ... Read MoreCyware Alerts - Hacker News
August 26, 2021 – Vulnerabilities
Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches Full Text
Abstract
Cisco addressed a critical security vulnerability in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. Cisco has released security updates to address a critical security vulnerability, tracked...Security Affairs
August 26, 2021 – Vulnerabilities
F5 Bug Could Lead to Complete System Takeover Full Text
Abstract
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.Threatpost
August 26, 2021 – Government
FBI shares technical details for Hive ransomware Full Text
Abstract
The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks.BleepingComputer
August 26, 2021 – Malware
Pysa is Using Keyword-based Scripts to Target Data Full Text
Abstract
A PowerShell script has disclosed details about different types of data that are stolen by the Pysa ransomware group. It has a list of 123 keywords. Some of the keywords are aimed at stealing data from folders related to investigations, crime, fraud, federal, hidden, bureau, illegal, terror, and se ... Read MoreCyware Alerts - Hacker News
August 26, 2021 – Vulnerabilities
Kaseya fixed two of the three Kaseya Unitrends zero-days found in July Full Text
Abstract
Software firm Kaseya addressed Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). Kaseya released security updates address server-side Kaseya Unitrends...Security Affairs
August 26, 2021 – Business
Microsoft and Google to invest billions to bolster US cybersecurity Full Text
Abstract
Executives and leaders from big tech, education, the finance sector, and infrastructure have committed to bolstering US interests' security during yesterday's White House cybersecurity summit.BleepingComputer
August 26, 2021 – Solution
ShadowPad: A High in Demand Chinese Espionage Tool Full Text
Abstract
A new report has disclosed that ShadowPad backdoor malware has been actively used by different Chinese espionage groups since 2017. The Windows malware platform greatly reduces the development and maintenance cost for the attackers. The availability of such advanced malware as a commodity might emp ... Read MoreCyware Alerts - Hacker News
August 26, 2021 – Vulnerabilities
Kaseya patches Unitrends server zero-days, issues client mitigations Full Text
Abstract
American software company Kaseya has issued a security updates to patch server side Kaseya Unitrends vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD).BleepingComputer
August 26, 2021 – Vulnerabilities
‘Trilateration’ vulnerability in dating app Bumble leaked users’ exact location Full Text
Abstract
Robert Heaton, software engineer at payments processor Stripe, said his find could have empowered attackers to discover victims’ home addresses or, to some degree, track their movements.The Daily Swig
August 26, 2021 – Insider Threat
ULA email leak: internal emails allege smear campaign against SpaceX and Elon Musk Full Text
Abstract
Six internal emails, allegedly involving correspondence between a union lobbyist and a senior official of American spacecraft launch service provider ULA, have been leaked on a popular hacker forum.Cyber News
August 26, 2021 – Breach
Breach at Deep South Allergy Clinic Group Exposed 9,800 Patients’ Health Information Full Text
Abstract
Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that a January data breach involved protected health information.The Daily Swig
August 26, 2021 – Attack
Singapore Eye Clinic Suffers Ransomware Attack Impacting Patients’ Personal Information Full Text
Abstract
A ransomware attack earlier this month has affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic, the third such reported incident in a month.Straits Times
August 26, 2021 – Vulnerabilities
The Increased Liability of Local In-home Propagation Full Text
Abstract
Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home. In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the reasons this type of spread is problematic for employees and corporations alike. Finally, I offer simple solutions to mitigate the risk of such tactics. Why Should IT and Security Stakeholders Care? Today's long cycle attacks are often reconnoitering the victim environment for weeks, if not months. In this time, the attacker gains a tremendous amount of knowledge about systems in the victim's footprint. This additional loiter time in the victim's environment, coupled with ad-hoc maintained work-from-home environments, presents both an ingress avenue for attacks into their netThe Hacker News
August 26, 2021 – Breach
Personal Data and docs of Swiss town Rolle available on the dark web Full Text
Abstract
Documents and personal details of residents of the small Swiss town Rolle, on the shores of Lake Geneva, were stolen in a ransomware attack. The Swiss town Rolle disclosed the data breach after a ransomware attack, personal details of all its 6,200...Security Affairs
August 26, 2021 – General
Podcast: Ransomware Up x10: Disrupting Cybercrime Suppy Chains an Opportunity Full Text
Abstract
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.Threatpost
August 26, 2021 – Phishing
Kanye’s upcoming album is a scam magnet, Kaspersky finds Full Text
Abstract
In the case of Kanye's latest release, Kaspersky found fake downloads linking to scam websites just like those found in the days immediately preceding the release of "Black Widow."Tech Republic
August 26, 2021 – Vulnerabilities
F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices Full Text
Abstract
Enterprise security and network appliance vendor F5 has released patches for more than two dozen security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malicious actions, including accessing arbitrary files, escalating privileges, and executing JavaScript code. Of the 29 bugs addressed, 13 are high-severity flaws, 15 are rated medium, and one is rated low in severity. Chief among them is CVE-2021-23031 (CVSS score: 8.8), a vulnerability affecting BIG-IP Advanced Web Application Firewall and BIG-IP Application Security Manager that allows an authenticated user to perform a privilege escalation. "When this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services. This vulnerability may result in complete system compromise," F5 said in its advisory. It&The Hacker News
August 26, 2021 – Vulnerabilities
VMware addressed 4 High-Severity flaws in vRealize Operations Full Text
Abstract
VMware released security patches to address multiple vulnerabilities in vRealize Operations, including four high severity flaws. VMware addressed multiple vulnerabilities in vRealize Operations, including four high severity flaws. The most severe...Security Affairs
August 26, 2021 – Phishing
DeFi scams go from zero to $129 million in a year to become top financial hack Full Text
Abstract
Atlas VPN analyzed financial hacks over the last two-and-a-half years and found that DeFi hacks represent 76% of all major hacks for the first half of 2021 as compared to 25% of the total in 2020.Tech Republic
August 26, 2021 – Solution
New Passwordless Verification API Uses SIM Security for Zero Trust Remote Access Full Text
Abstract
Forget watercooler conspiracies or boardroom battles. There's a new war in the office. As companies nudge their staff to return to communal workspaces, many workers don't actually want to – more than 50 percent of employees would rather quit, according to research by EY . While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft – how to make the new normal of the hybrid workplace secure. The Trade-off Between Usability and Security A company's biggest vulnerability continues to be its people. In a hybrid workplace, a Zero Trust strategy means ever-tightening security. The MFA a company chooses affects the difficulty of logging into email, dashboards, workflow tools, client documentation, and so on. Or, conversely, how porous access security is. Now imagine this scenario. An employee opens a company portal, confirms a prompt on a company app on her phone, and that's it. She has been authenticated sThe Hacker News
August 26, 2021 – Breach
Personal Data and Documents of Swiss Town of Rolle Released on the Dark Web Full Text
Abstract
The Swiss town Rolle disclosed the data breach after a ransomware attack compromised some administrative servers, personal details of all its 6,200 inhabitants were stolen by threat actors.Security Affairs
August 26, 2021 – Vulnerabilities
VMware Issues Patches to Fix New Flaws Affecting Multiple Products Full Text
Abstract
VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses (from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 - 8.6) affect VMware vRealize Operations (prior to version 8.5.0), VMware Cloud Foundation (versions 3.x and 4.x), and vRealize Suite Lifecycle Manager (version 8.x), as listed below - CVE-2021-22022 (CVSS score: 4.4) - Arbitrary file read vulnerability in vRealize Operations Manager API, leading to information disclosure CVE-2021-22023 (CVSS score: 6.6) - Insecure direct object reference vulnerability in vRealize Operations Manager API, enabling an attacker with administrative access to alter other users' information and seize control of an account CVE-2021-22024 (CVSS score: 7.5) - Arbitrary log-file read vulnerability in vRealize Operations Manager API, resulting in sensitive information disclosureThe Hacker News
August 26, 2021 – Vulnerabilities
Top Vulnerabilities exploited to Hack Linux Systems Full Text
Abstract
According to Trend Micro, which identified around 15 million malware events targeting Linux-based cloud, coin miners and ransomware make up 54% of all malware, and web shells account for 29% of them.voiceofciso
August 26, 2021 – Government
CISA Details Additional Malware Targeting Pulse Secure Appliances Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released five new analysis reports detailing malware discovered on compromised Pulse Secure devices.Security Week
August 26, 2021 – General
Phishing Attacks Ramped Up At the Peak of Working From Home Full Text
Abstract
Organizations must rethink how to protect their workforces moving forward, which starts by making digital security an integral part of their hybrid and remote work plans.Palo Alto Networks
August 26, 2021 – Vulnerabilities
F5 addressed a flaw in BIG-IP devices rated as critical severity under specific conditions Full Text
Abstract
The flaw, tracked as CVE-2021-23031, is a privilege escalation issue on BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) Traffic Management User Interface (TMUI).Security Affairs
August 25, 2021 – Hacker
California Man Hacked iCloud Accounts to Steal Nude Photos Full Text
Abstract
Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials.Threatpost
August 25, 2021 – Vulnerabilities
Critical Flaw Discovered in Cisco APIC for Switches — Patch Released Full Text
Abstract
Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system. Tracked as CVE-2021-1577 (CVSS score: 9.1), the issue — which is due to improper access control — could enable an unauthenticated, remote attacker to upload a file to the appliances. " A successful exploit could allow the attacker to read or write arbitrary files on an affected device," the company said in an advisory. The APIC appliance is a centralized, clustered controller that programmatically automates network provisioning and control based on the application requirements and policies across physical and virtual environments. Cisco said it discovered the vulnerability during internal security testing by the Cisco Advanced Security Initiatives Group (ASIG). Additionally, theThe Hacker News
August 25, 2021 – Vulnerabilities
Microsoft: ProxyShell bugs “might be exploited,” patch servers now! Full Text
Abstract
Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions.BleepingComputer
August 25, 2021 – Malware
RiskIQ Analysis Links EITest and Gootloader Campaigns, Once Thought to Be Disparate Full Text
Abstract
EITest was first identified in 2014 and historically used large numbers of compromised WordPress sites and social engineering techniques to trick users into downloading malware.Risk IQ
August 25, 2021 – General
Hillicon Valley: Tech groups pledge action on cybersecurity Full Text
Abstract
A major federal spotlight shone on cybersecurity Wednesday, with President BidenJoe BidenUS intel report on COVID-19 origins inconclusive: WaPo NBC correspondent: History will remember Afghan withdrawal as 'very dark period' Overnight Defense & National Security: Outcry over Biden's Afghanistan deadline MORE meeting with the leaders of more than two dozen major tech, banking, insurance, energy, and education groups to discuss ways to better secure against cyberattacks, which have ramped up over the last year. Following the meeting, groups including Google, IBM and Microsoft announced major initiatives to fund cybersecurity and enhance the cyber workforce, taking action in the face of escalating threats.The Hill
August 25, 2021 – Solution
Preventing your Cloud ‘Secrets’ from Public Exposure: An IDE plugin solution Full Text
Abstract
I'm sure you would agree that, in today's digital world, the majority of applications we work on require some type of credentials – to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials, or sometimes just referred to as 'Secrets,' are pieces of user or system-level confidential information that ought to be carefully protected and accessible to legitimate users only. We all know how important it is to keep these assets secure to prevent account misuse and breaches. A reality check: How often do you make proactive efforts to protect these assets? Rarely, I'd say. Among the worst mistakes a developer can make when it comes to application security is to accidentally commit confidential information publicly on the Internet. Surprisingly, secrets and credentials are accidentally leaked more often than you might expect, and there are intelligent tools that sThe Hacker News
August 25, 2021 – Education
SolarWinds and the Holiday Bear Campaign: A Case Study for the Classroom Full Text
Abstract
Interested in a detailed-but-accessible case study of the Russian cyberespionage campaign that targeted SolarWinds (among others)? I’ve got you covered.Lawfare
August 25, 2021 – Vulnerabilities
F5 addressed a flaw in BIG-IP devices rated as critical severity under specific conditions Full Text
Abstract
F5 has addressed more than a dozen severe vulnerabilities in its BIG-IP networking device, including one rated as critical severity under specific conditions. Security vendor F5 has addressed more than a dozen high-severity vulnerabilities in its BIG-IP...Security Affairs
August 25, 2021 – Vulnerabilities
Cisco Issues Critical Fixes for High-End Nexus Gear Full Text
Abstract
Networking giant issues two critical patches and six high-severity patches.Threatpost
August 25, 2021 – Solution
Microsoft will add secure preview for Office 365 quarantined emails Full Text
Abstract
Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails.BleepingComputer
August 25, 2021 – Botnet
Mirai Botnet Variant Targeting Vulnerabilities in Realtek Devices Full Text
Abstract
Mirai-based botnet operators were found exploiting a new security flaw in the Realtek SDK, impacting hundreds of thousands of devices worldwide. The vulnerabilities were spotted in Realtek chipsets just two days ago. Vulnerable device owners are recommended to apply the patch as soon as possible.Cyware Alerts - Hacker News
August 25, 2021 – Business
Major tech groups commit to array of cybersecurity actions following White House meeting Full Text
Abstract
The federal government and several major technology companies on Wednesday announced they are taking a host of steps to enhance the nation’s cybersecurity, specifically focused on growing the cyber workforce and investing billions of dollars in the field.The Hill
August 25, 2021 – Vulnerabilities
Researchers Uncover FIN8’s New Backdoor Targeting Financial Institutions Full Text
Abstract
A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed " Sardonic " by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News. Since emerging on the scene in January 2016, FIN8 hasThe Hacker News
August 25, 2021 – Criminals
FIN8 group used a previously undetected Sardonic backdoor in a recent attack Full Text
Abstract
Financially motivated threat actor FIN8 employed a previously undocumented backdoor, tracked as 'Sardonic,' in recent attacks. The financially motivated threat actor FIN8 has been observed employing a previously undetected backdoor, dubbed Sardonic,...Security Affairs
August 25, 2021 – Vulnerabilities
Critical F5 BIG-IP bug impacts customers in sensitive sectors Full Text
Abstract
BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions.BleepingComputer
August 25, 2021 – Malware
Attackers Drop Commodity RATs to Target Latin Americans Full Text
Abstract
A set of malware campaigns have been discovered spreading commodity RATs and using a .NET-based crypter service 3losh to target travel and hospitality businesses in Latin America. These campaigns use either compromised or attacker-controlled websites to host their tools and payloads. Furthermore, ... Read MoreCyware Alerts - Hacker News
August 25, 2021 – Government
White House gathers tech, education, banking leaders for cyber meeting Full Text
Abstract
The Biden administration will convene more than two dozen leaders of key groups across a variety of fields at the White House for a cybersecurity meeting on Wednesday intended to serve as a “call to action” to address escalating cyber threats.The Hill
August 25, 2021 – Vulnerabilities
B.Braun Infusomat Pumps Could Let Attackers Remotely Alter Medication Dosages Full Text
Abstract
Cybersecurity researchers have disclosed five previously unreported security vulnerabilities affecting B. Braun's Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication. McAfee, which discovered and reported the flaws to the German medical and pharmaceutical device company on January 11, 2021, said the "modification could appear as a device malfunction and be noticed only after a substantial amount of drug has been dispensed to a patient, since the infusion pump displays exactly what was prescribed, all while dispensing potentially lethal doses of medication." The issues have been addressed by B. Braun in SpaceCom L82 or later, Battery Pack SP with WiFi:L82 or later, and DataModule compactplus version A12 or later. Infusion pumps are medical devices used to deliver intravenous fluids, such as nutrients and medications, into a patient's body in controlled amounThe Hacker News
August 25, 2021 – Criminals
ShinyHunters group claims to have data of 70M AT&T customers Full Text
Abstract
Threat actors claim to have a database containing private information on roughly 70 million AT&T customers, but the company denies any security breach. ShinyHunters group claims to have a database containing private information on roughly 70 million...Security Affairs
August 25, 2021 – Phishing
New Hampshire town loses $2.3 million to overseas scammers Full Text
Abstract
Peterborough, a small New Hampshire town, has lost $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town's Finance Department staff in multiple email exchanges.BleepingComputer
August 25, 2021 – Botnet
Network Gateways are on the Radar of Mozi Full Text
Abstract
Mozi, a P2P botnet known to target IoT products, has gained new capabilities to aim at network gateways created by Huawei, Netgear, and ZTE. Mozi propagates by exploiting weak and default remote access passwords and unpatched vulnerabilities. The key security recommendation is always to use a stron ... Read MoreCyware Alerts - Hacker News
August 25, 2021 – Malware
New SideWalk Backdoor Targets U.S.-based Computer Retail Business Full Text
Abstract
A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia. Slovak cybersecurity firm ESET attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin, an adversary believed to be connected to the Winnti umbrella group, noting its similarities to another backdoor dubbed Crosswalk that was put to use by the same threat actor in 2019. "SideWalk is a modular backdoor that can dynamically load additional modules sent from its C&C [command-and-control] server, makes use of Google Docs as a dead drop resolver , and Cloudflare workers as a C&C server," ESET researchers Thibaut Passilly and Mathieu Tartare said in a report published Tuesday. "It can also properly handle communication behind a proxy." Since firThe Hacker News
August 25, 2021 – Malware
Modified version of Android WhatsApp installs Triada Trojan Full Text
Abstract
Experts spotted a modified version of WhatsApp for Android, which offers extra features, but that installs the Triada Trojan on the devices. Researchers from Kaspersky spotted a modified version of WhatsApp for Android, which offers extra features,...Security Affairs
August 25, 2021 – Vulnerabilities
Ethereum urges Go devs to fix severe chain-split vulnerability Full Text
Abstract
Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability. The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol.BleepingComputer
August 25, 2021 – Covid-19
As Delta Variant Spreads, COVID-19 Themes Make Resurgence In Email Threats Full Text
Abstract
Proofpoint researchers observed an increase in COVID-19 related threats since late June 2021. They observed high-volume COVID-19 related campaigns from RustyBuer, Formbook, and Ave Maria malware.Proofpoint
August 25, 2021 – Business
Samsung could use a TV Block feature to disable any of its TVs worldwide Full Text
Abstract
The South Korean multinational Samsung revealed that it can disable its Samsung TV sets remotely using the TV Block feature. Samsung TV sets can be remotely disabled by the vendor using a built-in feature dubbed TV Block. The company revealed...Security Affairs
August 25, 2021 – Criminals
FIN8 cybercrime gang backdoors US orgs with new Sardonic malware Full Text
Abstract
A financially motivated cybercrime gang has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic by Bitdefender researchers who first spotted it.BleepingComputer
August 25, 2021 – Malware
The ‘Joker’ Virus Has Returned to Android Apps in the Google Play Store Full Text
Abstract
"This malicious program has been detected in eight Play Store applications that Google has suppressed," say the Belgian authorities in a statement published this Friday on their website.Entrepreneur
August 25, 2021 – Botnet
DirtyMoe Botnet Returns With Undetectable Threat Profile Full Text
Abstract
DirtyMoe’s attack chain begins with the attackers attempting to gain admin privileges on a target’s Windows machine. It often relies on the PurpleFox exploit kit to misuse EternalBlue.Security Intelligence
August 25, 2021 – Vulnerabilities
Vulnerability in OpenSSL can allow attackers to change an application’s behavior Full Text
Abstract
The vulnerability ties the decryption of SM2 encrypted data, the changes depend on the targeted application and data it maintains (i.e. credentials) in the heap while the issue is exploited.Security Affairs
August 24, 2021 – Breach
Poly Network Recoups $610M Stolen from DeFi Platform Full Text
Abstract
The attacker returned the loot after being offered a gig as chief security advisor with Poly Network.Threatpost
August 24, 2021 – Malware
Custom WhatsApp Build Delivers Triada Malware Full Text
Abstract
Researchers have spotted the latest version of the Triada trojan targeting mobile devices via an advertising SDK.Threatpost
August 24, 2021 – Cryptocurrency
Fake OpenSea support staff are stealing cryptowallets and NFTs Full Text
Abstract
OpenSea users are being targeted in an ongoing and aggressive Discord phishing attack to steal cryptocurrency funds and NFTs.BleepingComputer
August 24, 2021 – Breach
Phishing attack exposes medical information for 12,000 patients at Revere Health Full Text
Abstract
The company doesn’t think it was the intent of the hacker to release patients’ medical information but rather as a way to launch more sophisticated phishing email attacks on other Revere employees.thespectrum
August 24, 2021 – General
Hillicon Valley: Tech leaders to tackle cybersecurity at White House meeting Full Text
Abstract
Leaders of the nation's biggest tech companies, including Amazon’s new chief, will head to the White House Wednesday to meet with President BidenJoe BidenHouse Democrats punt key vote on budget to Tuesday Biden envoy calls on North Korea to restart nuclear talks Biden to decide on Afghanistan troop withdrawal extension in next 24 hours: report MORE in the wake of a string of cybersecurity attacks. Apple CEO Tim Cook is reportedly on the list to attend, but the Silicon Valley giant is facing struggles of its own after workers launched an organizing effort for better workplace conditions.The Hill
August 24, 2021 – Malware
Modified Version of WhatsApp for Android Spotted Installing Triada Trojan Full Text
Abstract
A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge. "The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK)," researchers from Russian cybersecurity firm Kaspersky said in a technical write-up published Tuesday. "This is similar to what happened with APKPure , where the only malicious code that was embedded in the app was a payload downloader." Modified versions of legitimate Android apps — aka Modding — are designed to perform functions not originally conceived or intended by the app developers, and FMWhatsApp allows users to customize the app with different themes, personalize icons, and hide features like last seen, and even deactivate video calling features. The tampered variant ofThe Hacker News
August 24, 2021 – Privacy
The Apple Client-Side Scanning System Full Text
Abstract
Apple’s efforts, though commendable, raise as many questions as they answer.Lawfare
August 24, 2021 – Vulnerabilities
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior Full Text
Abstract
The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711, that can allow an attacker to change an application’s behavior or cause the app to crash. The OpenSSL Project released the OpenSSL 1.1.1l version that addresses...Security Affairs
August 24, 2021 – Solution
Effective Threat-Hunting Queries in a Redacted World Full Text
Abstract
Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers’ infrastructure.Threatpost
August 24, 2021 – Vulnerabilities
Samsung can remotely disable their TVs worldwide using TV Block Full Text
Abstract
Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide.BleepingComputer
August 24, 2021 – Attack
The Proliferation of LockBit 2.0 Attacks Full Text
Abstract
According to the latest telemetry by Trend Micro, researchers revealed that they had detected multiple LockBit 2.0 attack attempts in Chile, Italy, Taiwan, and the U.K.Cyware Alerts - Hacker News
August 24, 2021 – Business
Amazon, IBM leaders among those convening at White House for cyber meeting Wednesday Full Text
Abstract
The CEOs of Amazon and IBM will be among a group of leaders from a wide spectrum of tech companies and organizations set to meet with President Biden at the White House on Wednesday.The Hill
August 24, 2021 – Privacy
Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group Full Text
Abstract
A previously undisclosed "zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (a Shiite Bahraini political society)," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain. Citizen Lab called the new exploit chain "FORCEDENTRY." The development comes a little over a month after an extensive investigation undertaken by a consortium of 17 media organizations revealed the widespread use of NSO Group's Pegasus "military-grade spyware" by authoritarian regimes to facilitate huThe Hacker News
August 24, 2021 – Vulnerabilities
New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware Full Text
Abstract
Citizen Lab uncovered a new zero-click iMessage exploit that was used to deploy the NSO Group's Pegasus spyware on devices belonging to Bahraini activists. Researchers from Citizen Lab spotted a zero-click iMessage exploit that was used to deploy...Security Affairs
August 24, 2021 – Vulnerabilities
SteelSeries bug gives Windows 10 admin rights by plugging in a device Full Text
Abstract
The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found.BleepingComputer
August 24, 2021 – Attack
Resurgence in FluBot Malware Attacks Full Text
Abstract
Recent studies on the FluBot banking malware confirmed that there has been a spike in the number of malicious distribution pages affecting a number of Australian, Polish, and German banks.Cyware Alerts - Hacker News
August 24, 2021 – Criminals
Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc Full Text
Abstract
Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims. "While the ransomware crisis appears poised to get worse before it gets better, the cast of cybercrime groups that cause the most damage is constantly changing," Palo Alto Networks' Unit 42 threat intelligence team said in a report shared with The Hacker News. "Groups sometimes go quiet when they've achieved so much notoriety that they become a priority for law enforcement. Others reboot their operations to make them more lucrative by revising their tactics, techniques and procedures, updating their software and launching marketing campaigns to recruit new affiliates." The development comes as ransomware attacks are gThe Hacker News
August 24, 2021 – Government
FBI flash alert warns on OnePercent Group Ransomware attacks Full Text
Abstract
The FBI shared info about OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. The Federal Bureau of Investigation (FBI) has published a flash alert about a threat actor known...Security Affairs
August 24, 2021 – Criminals
Ransomware gang’s script shows exactly the files they’re after Full Text
Abstract
A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack.BleepingComputer
August 24, 2021 – General
Phishing and Crypto Attacks Soared in First Half of 2021 Full Text
Abstract
According to a report published by PhishLabs, 54% of attacks in the cryptocurrency industry came from threat actors impersonating brands, employees, and executives on social media.Cyware Alerts - Hacker News
August 24, 2021 – Breach
38 Million Records Exposed from Microsoft Power Apps of Dozens of Organisations Full Text
Abstract
More than 38 million records from 47 different entities that rely on Microsoft's Power Apps portals platform were inadvertently left exposed online, bringing into sharp focus a "new vector of data exposure." "The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses," UpGuard Research team said in a disclosure made public on Monday. Governmental bodies like Indiana, Maryland, and New York City, and private companies such as American Airlines, Ford, J.B. Hunt, and Microsoft are said to have been impacted. Among the most sensitive information that was left in the open were 332,000 email addresses and employee IDs used by Microsoft's own global payroll services, as well as more than 85,000 records related to Business Tools Support and Mixed Reality portals. Power Apps isThe Hacker News
August 24, 2021 – Botnet
Realtek SDK flaws exploited to deliver Mirai bot variant Full Text
Abstract
Researchers warn that threat actors are actively exploiting Realtek SDK vulnerabilities since their technical details were publicly disclosed. Researchers from SAM Seamless Network warn that threat actors are actively exploiting Realtek SDK vulnerabilities since...Security Affairs
August 24, 2021 – Malware
Malicious WhatsApp mod infects Android devices with malware Full Text
Abstract
A malicious version of the FMWhatsappWhatsApp mod delivers a Triadatrojan payload, a nasty surprise that infects their devices with additional malware, including the very hard-to-remove xHelper trojan.BleepingComputer
August 24, 2021 – Attack
A Year-Long Spear-Phishing Campaign Ensnares Office 365 Users Full Text
Abstract
The hackers changed their obfuscation and encryption techniques every 37 days. This implies that the gang is highly motivated and possesses sophisticated detection evasion mechanisms.Cyware Alerts - Hacker News
August 24, 2021 – Vulnerabilities
New zero-click iPhone exploit used to deploy NSO spyware Full Text
Abstract
Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists.BleepingComputer
August 24, 2021 – Hacker
Hackers Could Increase Medication Doses by Exploiting Security Flaws in Infusion Pumps Full Text
Abstract
Researchers found that an attacker with access to a health care facility's network could take control of B. Braun SpaceStation by exploiting a common connectivity vulnerability.Wired
August 24, 2021 – Business
Automotive startup Upstream raises $62M Series C to scale cloud-based security Full Text
Abstract
Upstream's Series C funding was led by Mitsui Sumitomo Insurance and was joined by new investors I.D.I. Insurance, 57 Stars’ NextGen Mobility Fund, and La Maison Partners.TechCrunch
August 24, 2021 – Attack
DLL side-loading Attack Takes Advantage of Windows Search Order Full Text
Abstract
Threat actors can evade detection using filename matching by renaming the binary executable, as the side-loading technique will remain viable regardless of the name of the executable.GB Hackers
August 23, 2021 – Attack
ProxyShell Attacks Pummel Unpatched Exchange Servers Full Text
Abstract
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.Threatpost
August 23, 2021 – Vulnerabilities
Windows 10 Admin Rights Gobbled by Razer Devices Full Text
Abstract
So much for Windows 10’s security: A zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. UPDATE: Microsoft is investigating.Threatpost
August 23, 2021 – Covid-19
Managing Privileged Access to Secure the Post-COVID Perimeter Full Text
Abstract
Joseph Carson, chief security scientist & advisory CISO at ThycoticCentrify, discusses how to implement advanced privileged-access practices.Threatpost
August 23, 2021 – Hacker
Attackers Actively Exploiting Realtek SDK Flaws Full Text
Abstract
Multiple vulnerabilities in software used by 65 vendors under active attack.Threatpost
August 23, 2021 – Criminals
FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020 Full Text
Abstract
The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020.BleepingComputer
August 23, 2021 – Attack
Ransomware Hits Lojas Renner, Brazil’s Largest Clothing Store Chain Full Text
Abstract
Lojas Renner, Brazil’s largest clothing department store chain, said it suffered a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including its official web store.The Record
August 23, 2021 – Breach
Hillicon Valley: Millions exposed due to Microsoft misconfiguration Full Text
Abstract
Cybersecurity group UpGuard started out the week on a bang by revealing its findings that 38 million records were exposed online earlier this year due to a misconfiguration in a Microsoft application, including COVID-contact tracing information.The Hill
August 23, 2021 – General
Navigating Vendor Risk Management as IT Professionals Full Text
Abstract
One of the great resources available to businesses today is the large ecosystem of value-added services and solutions. Especially in technology solutions, there is no end to the services of which organizations can avail themselves. In addition, if a business needs a particular solution or service they don't handle in-house, there is most likely a third-party vendor that can take care of that for them. It is highly beneficial for businesses today to access these large pools of third-party resources. However, there can be security challenges for companies using third-party vendors and their services despite the benefits. Let's look at navigating vendor risk management as IT professionals and see how businesses can accomplish this in a highly complex cybersecurity world. How can third-party vendors introduce cybersecurity risks? As mentioned, third-party vendors can be highly beneficial to organizations doing business today. They allow companies to avoid building out technoloThe Hacker News
August 23, 2021 – Breach
Data Brokers Are Advertising Data on U.S. Military Personnel Full Text
Abstract
The trend underscores the broader threats posed by the unregulated data brokerage ecosystem to civil rights and national security.Lawfare
August 23, 2021 – Government
CISA recommends immediately patch Exchange ProxyShell flaws Full Text
Abstract
US CISA issued an urgent alert to warn admins to address ProxyShell vulnerabilities on-premises Microsoft Exchange servers. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn admins to address actively exploited...Security Affairs
August 23, 2021 – Breach
Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs Full Text
Abstract
Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.Threatpost
August 23, 2021 – Phishing
Phishing campaign uses UPS.com XSS vuln to distribute malware Full Text
Abstract
A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents.BleepingComputer
August 23, 2021 – Attack
Post Office is new prime target in UK parcel delivery phishing attacks Full Text
Abstract
Along with this increased volume of online shopping, a new trend of phishing attacks is doing rounds where cybercriminals impersonate parcel delivery companies in an attempt to steal financial details from their victims.Netcraft
August 23, 2021 – Breach
New research finds 38 million records exposed online earlier this year Full Text
Abstract
Thirty-eight million records from dozens of organizations, including COVID-19 contact tracing information, were exposed online earlier this year due to a misconfiguration in a Microsoft product, according to research published Monday.The Hill
August 23, 2021 – Criminals
Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group Full Text
Abstract
ShinyHunters, a notorious cybercriminal underground group that's been on a data breach spree since last year, has been observed searching companies' GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers' modus operandi has revealed. "Primarily operating on Raid Forums, the collective's moniker and motivation can partly be derived from their avatar on social media and other forums: a shiny Umbreon Pokémon," Intel 471 researchers said in a report shared with The Hacker News. "As Pokémon players hunt and collect "shiny" characters in the game, ShinyHunters collects and resells user data." The revelation comes as the average cost of a data breach rose from $3.86 million to $4.24 million, making it the highest average cost in 17 years, with compromised credentials responsible for 20% of the breaches reported by over 500 organizations. Since rising to prominence in AThe Hacker News
August 23, 2021 – Vulnerabilities
Are you using a Sophos UTM appliance? Be sure it is up to date! Full Text
Abstract
A researcher disclosed technical details of a critical remote code execution vulnerability, tracked as CVE-2020-25223, patched last year. In September, Sophos addressed a remote code execution vulnerability (CVE-2020-25223) in the WebAdmin of SG UTM that...Security Affairs
August 23, 2021 – Botnet
Botnet targets hundreds of thousands of devices using Realtek SDK Full Text
Abstract
A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel.BleepingComputer
August 23, 2021 – Breach
38M Records Exposed Online Including COVID-19 Contact-Tracing Info Full Text
Abstract
More than a thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases.Wired
August 23, 2021 – Vulnerabilities
Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems Full Text
Abstract
Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro , detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry. The company, which detected nearly 15 million malware events aimed at Linux-based cloud environments, found coin miners and ransomware to make up 54% of all malware, with web shells accounting for a 29% share. In addition, by dissecting over 50 million events reported from 100,000 unique Linux hosts during the same time period, the researchers found 15 different security weaknesses that are known to be actively exploited in the wild oThe Hacker News
August 23, 2021 – Vulnerabilities
LPE zero-day flaw in Razer Synapse allows attackers to take over Windows PCs Full Text
Abstract
A zero-day vulnerability in Razer Synapse could allow threat actors to gain Windows admin privileges by plugging in a Razer mouse or keyboard. Razer is a popular manufacturer of computer accessories, including gaming mouses and keyboards. A local...Security Affairs
August 23, 2021 – Hacker
Hacker gets 500K reward for returning stolen cryptocurrency Full Text
Abstract
The saga of what has been dubbed the biggest hack in the world of decentralized finance appears to be over as Poly Network recovered more than $610 million in cryptocurrency assets it lost two weeks ago and the hacker received a $500,000 bounty for returning the money.BleepingComputer
August 23, 2021 – Vulnerabilities
Details Disclosed for Critical Vulnerability in Sophos Appliances Full Text
Abstract
Organizations using security appliances from Sophos have been advised to make sure their devices are up to date after a researcher disclosed the details of a critical vulnerability patched last year.Security Week
August 23, 2021 – Outage
Memorial Health System forced to cancel surgeries after ransomware attack Full Text
Abstract
Health organization Memorial Health System was hit by a disruptive cyber attack that forced it to cancel surgeries and divert patients last week. The Memorial Health System announced that was hit by a disruptive cyber attack that forced it to suspend...Security Affairs
August 23, 2021 – Breach
Nokia subsidiary discloses data breach after Conti ransomware attack Full Text
Abstract
SAC Wireless, a US-based and independently-operating Nokia company subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems.BleepingComputer
August 23, 2021 – Hacker
Poly Network claims a hacker returned stolen $600 million Full Text
Abstract
A colossal, as well as bizarre crypto heist story seems to have reached its end. Poly Network, a DeFi platform, announced the hacker that stole over $600 million in one of the largest crypto heists had returned control of the money.Cyber News
August 23, 2021 – Vulnerabilities
CISA warns admins to urgently patch Exchange ProxyShell bugs Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as "urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities.BleepingComputer
August 23, 2021 – Attack
PRISM attacks fly under the radar Full Text
Abstract
AT&T Alien Labs has recently discovered a cluster of Linux ELF executables that have low or zero anti-virus detections in VirusTotal though their internal threat analysis systems have flagged them as malicious.AT&T Cybersecurity
August 23, 2021 – Ransomware
ProxyShell vulnerabilities actively exploited to deliver web shells and ransomware Full Text
Abstract
Three so-called “ProxyShell” vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency (CISA) warned over the weekend.Help Net Security
August 23, 2021 – Government
Singapore, US pledge deeper collaboration in cybersecurity Full Text
Abstract
Singapore and the US have inked a series of Memorandums of Understanding (MOUs) to widen their collaboration in cybersecurity across defense, financial, and research and development.ZDNet
August 23, 2021 – Phishing
US military personnel defrauded into losing $822m through scams Full Text
Abstract
The researchers examined data compiled by the US FTC. They discovered that $484.4 million was lost by military families and reservists, followed by veterans and retirees whose financial damages account for 35% of all losses ($290.1 million).Hackread
August 23, 2021 – Botnet
Report Shows Even More Similarities Between Diavol Ransomware and TrickBot Full Text
Abstract
The new ransomware family is called Diavol and it is believed to have connections to the Wizard Spider threat actor as the researchers discovered a few similarities in the operation mode employed by the malware.Heimdal Security
August 22, 2021 – Vulnerabilities
Razer bug lets you become a Windows 10 admin by plugging in a mouse Full Text
Abstract
A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard.BleepingComputer
August 22, 2021 – Attack
U.S. State Department reportedly hit by a cyberattack in recent weeks Full Text
Abstract
As per reports, the U.S. State Department was hit by a cyberattack, and notifications of a potentially serious breach were made by the Department of Defense Cyber Command.CNBC
August 22, 2021 – Government
State Department recently hit by cyberattack: report Full Text
Abstract
The State Department was reportedly hit by a cyberattack in recent weeks, prompting the Department of Defense's Cyber Command to send out notifications warning of a possible serious breach.The Hill
August 22, 2021 – Attack
WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of " ProxyShell " Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker's May Patch Tuesday updates. "An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine," CISA said . The development comes a little over a week after cybersecurity researchers sounded the alarm on opportunistic scanning and exploitation of unpatThe Hacker News
August 22, 2021 – Vulnerabilities
Google discloses unpatched Microsoft WFP Default Rules AppContainer Bypass EoP Full Text
Abstract
Google disclosed the details of a Windows AppContainer vulnerability because Microsoft initially had no plans to fix it. Google Project Zero experts disclosed the details of a Windows AppContainer flaw after Microsoft announced it had no plans...Security Affairs
August 22, 2021 – Business
Microsoft shares guidance on securing Windows 365 Cloud PCs Full Text
Abstract
Microsoft has shared guidance on securing Windows 365 Cloud PCs and more info on their built-in security capabilities.BleepingComputer
August 22, 2021 – Education
Schools, colleges brace for cyberattacks as students return Full Text
Abstract
Hackers are ready to pounce on schools and universities as they attempt to restart classes 18 months into the coronavirus pandemic while already dealing with controversial subjects such as mask mandates and hybrid learning.The Hill
August 22, 2021 – General
Security Affairs newsletter Round 328 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. U.S. State...Security Affairs
August 22, 2021 – Breach
T-Mobile data breach could be worse than initially thought, 54 million customers impacted Full Text
Abstract
T-Mobile data breach could be worse than initially thought, an update to the investigation reveals that over 54 million individuals were impacted. T-Mobile data breach could be worse than initially thought, according to an update to the investigation...Security Affairs
August 21, 2021 – Attack
Microsoft Exchange servers being hacked by new LockFile ransomware Full Text
Abstract
A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.BleepingComputer
August 21, 2021 – Attack
U.S. State Department was recently hit by a cyber attack Full Text
Abstract
The U.S. State Department was recently hit by a cyber attack, the Department of Defense Cyber Command might have suffered a serious breach. The U.S. State Department was recently hit by a cyber attack, the Department of Defense Cyber Command is notifying...Security Affairs
August 21, 2021 – Criminals
New LockFile ransomware gang uses ProxyShell and PetitPotam exploits Full Text
Abstract
A new ransomware gang named LockFile targets Microsoft Exchange servers exploiting the recently disclosed ProxyShell vulnerabilities. A new ransomware gang named LockFile targets Microsoft Exchange servers using the recently disclosed ProxyShell...Security Affairs
August 21, 2021 – Attack
OPAD: A New Adversarial Attack Targeting Artificial Intelligence Full Text
Abstract
Researchers discovered a new adversarial attack, OPAD, that can gull AI technologies to modify the appearance of real 3D objects. One of the critical factors of such an attack is that no physical access is required for the objects. The successful demonstration of OPAD shows the possibility of ... Read MoreCyware Alerts - Hacker News
August 21, 2021 – Government
US CISA releases guidance on how to prevent ransomware data breaches Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) released guidance on how to prevent data breaches resulting from ransomware attacks. Most of the recent ransomware attack resulted in data breaches for the victims, threat actors implemented...Security Affairs
August 21, 2021 – Breach
Singapore real estate firm breached by ALTDOS Full Text
Abstract
The stolen data reportedly includes 969 databases from ACSystem, NewOrangeTee, OT_Analytics, OT_Leave, and ProjInfoListing, ranging from corporate/financial records to customer private personal and financial information.Data Breaches
August 21, 2021 – Attack
Lojas Renner, Brazilian largest clothing store chain, was hit by ransomware Full Text
Abstract
Lojas Renner, the largest Brazilian department stores clothing company, suffered a ransomware attack that impacted its IT infrastructure. Lojas Renner, the largest Brazilian department stores clothing company, announced to have suffered a ransomware...Security Affairs
August 21, 2021 – Criminals
New analysis of Diavol ransomware reinforces the link to TrickBot gang Full Text
Abstract
In July, researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider, the cybercrime gang behind the TrickBot botnet.Cyber Defense Magazine
August 21, 2021 – Hacker
North Korean Hacker Group Uses Browser Exploits Full Text
Abstract
The security experts of the cybersecurity firm, Volexity have recently reported an attack through which the North Korean Hacker Group using browser exploits to deploy the customer malware on the website.GB Hackers
August 21, 2021 – Phishing
Google Docs Scams Still Pose a Threat Full Text
Abstract
In research presented at the Defcon security conference this month, a researcher found workarounds that attackers could potentially use to get past Google's enhanced Workspace protections.Wired
August 21, 2021 – Vulnerabilities
Google shares details of unpatched Windows AppContainer vulnerability Full Text
Abstract
Google Project Zero researcher James Forshaw shared details of a Windows AppContainer vulnerability after Microsoft backtracked on its previous stance of not fixing the flaw and announcing to address it soon.Hackread
August 21, 2021 – Vulnerabilities
Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software Full Text
Abstract
The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218, that affects its BIND DNS software.Security Affairs
August 20, 2021 – Ransomware
The Week in Ransomware - August 20th 2021 - Exploiting Windows Full Text
Abstract
Ransomware gangs continue to attack schools, companies, and even hospitals worldwide with little sign of letting up. Below we have tracked some of the ransomware stories that we are following this week.BleepingComputer
August 20, 2021 – Vulnerabilities
Cloud load balancer snafu leads to 3D printer user printing on a stranger’s kit Full Text
Abstract
Just over 70 of The Spaghetti Detective's users were able to control others' 3D printing devices as a result – something the service said it doesn't normally allow to happen.The Register
August 20, 2021 – General
Hillicon Valley: Key QAnon influencer ‘GhostEzra’ identified Full Text
Abstract
At the end of a busy news week, a key member of the QAnon community has potentially been identified.The Hill
August 20, 2021 – Denial Of Service
Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps Full Text
Abstract
Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests," the company noted , at one point reaching a record high of 17.2 million requests-per-second (rps), making it three times bigger than previously reported HTTP DDoS attacks. Volumetric DDoS attacks are designed to target a specific network with an intention to overwhelm its bandwidth capacity and often utilize reflective amplification techniques to scale their attack and cause as much operational disruption as possible. They also typically originate from a network of malware-infected systems — consisting of computers, servers, and IoT devices — enabling threat actorsThe Hacker News
August 20, 2021 – Solution
Emsisoft releases free SynAck ransomware decryptor Full Text
Abstract
Emsisoft researchers have released a decryptor for the SynAck Ransomware that could allow victims of the gang to decrypt their files for free Emsisoft has released a free decryptor for SynAck Ransomware that can allow victims of the gang to decrypt...Security Affairs
August 20, 2021 – Denial Of Service
Web Censorship Systems Can Facilitate Massive DDoS Attacks Full Text
Abstract
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.Threatpost
August 20, 2021 – Ransomware
LockFile ransomware uses PetitPotam attack to hijack Windows domains Full Text
Abstract
At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide.BleepingComputer
August 20, 2021 – Denial Of Service
Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack Full Text
Abstract
Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previously reported volumetric DDoS attack.The Record
August 20, 2021 – Privacy
China passes strict data privacy law protecting personal data Full Text
Abstract
China’s top legislative body on Friday passed a new data privacy law that places limits on companies’ collection of personal user data, the latest action in the government’s ongoing efforts to tighten restrictions on tech giants operating in the country.The Hill
August 20, 2021 – Malware
ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups Full Text
Abstract
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, adding "some threat groups stopped developing their own backdoors after they gained access to ShadowPad." The American cybersecurity firm dubbed ShadowPad a "masterpiece of privately sold malware in Chinese espionage." A successor to PlugX and a modular malware platform since 2015, ShadowPad catapulted to widespread attention in the wake of supply chain incidents targeting NetSarang , CCleaner , and ASUS , leading the operators to shift tactics and update their defensive measures with advanced anti-detection and persistence techniques. More recently, attaThe Hacker News
August 20, 2021 – Attack
Cloudflare mitigated the largest ever volumetric DDoS attack to date Full Text
Abstract
Web infrastructure and website security company Cloudflare announced to have mitigated the largest ever volumetric DDoS attack to date. Cloudflare, the web infrastructure and website security company, announced that it has mitigated the largest ever...Security Affairs
August 20, 2021 – Ransomware
SynAck ransomware decryptor lets victims recover files for free Full Text
Abstract
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free.BleepingComputer
August 20, 2021 – Denial Of Service
High-Severity DoS Vulnerability Patched in BIND DNS Software Full Text
Abstract
The Internet Systems Consortium (ISC) this week publicly announced the availability of patches for a high-severity denial-of-service (DoS) vulnerability affecting its BIND DNS software.Security Week
August 20, 2021 – Criminals
Cybercrime Group Asking Insiders for Help in Planting Ransomware Full Text
Abstract
A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme. "The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom," Abnormal Security said in a report published Thursday. "The employee is told they can launch the ransomware physically or remotely. The sender provided two methods to contact them if the employee is interested—an Outlook email account and a Telegram username." Black Kingdom, also known as DemonWare and DEMON, attracted attention earlier this March when threat actors were found exploiting ProxyLogon flaws impacting Microsoft Exchange Servers to infect unpatched systems with the ransomware strain. Abnormal Security, which detected and blThe Hacker News
August 20, 2021 – Denial Of Service
Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software Full Text
Abstract
The Internet Systems Consortium (ISC) addressed a high-severity denial-of-service (DoS) flaw (CVE-2021-25218) affecting the BIND DNS software. The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service...Security Affairs
August 20, 2021 – Denial Of Service
HTTP DDoS attacks reach unprecedented 17 million requests per second Full Text
Abstract
A distributed denial-of-service (DDoS) attack earlier this year takes the top spot for the largest such incident, peaking at 17.2 million requests per second (rps).BleepingComputer
August 20, 2021 – Malware
After Europe, Flubot Malware Campaign Hits Australians via Scam Text Messages Full Text
Abstract
FluBot is a type of malware targeting Android users, but iPhone users can also receive messages. It tells the receiver they missed a call or have a new voicemail, providing a fake link to listen.The Guardian
August 20, 2021 – Botnet
Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways Full Text
Abstract
Mozi, a peer-to-peer (P2P) botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings. "Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT said in a technical write-up. "By infecting routers, they can perform man-in-the-middle (MITM) attacks—via HTTP hijacking and DNS spoofing—to compromise endpoints and deploy ransomware or cause safety incidents in OT facilities." First documented by Netlab 360 in December 2019, Mozi has a history of infecting routers and digital video recorders in order to assemble them into an IoT botnet, which could be abused for launching distributed denial-of-service (DDoS) attacks, data exfiltration, and payload executionThe Hacker News
August 20, 2021 – Botnet
Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices Full Text
Abstract
Mozi botnet continues to evolve, its authors implemented new capabilities to target Netgear, Huawei, and ZTE network gateways. Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways...Security Affairs
August 20, 2021 – Breach
T-Mobile data breach just got worse — now at 54 million customers Full Text
Abstract
The T-Mobile data breach keeps getting worse as an update to their investigation now reveals that cyberattack exposed over 54 million individuals' data.BleepingComputer
August 20, 2021 – Breach
Update: T-Mobile probe into breach finds more customers hit, tally now at 53 mln Full Text
Abstract
T-Mobile said on Friday that an ongoing investigation revealed that hackers accessed information of an additional 5.3 million customers, bringing the total number to more than 53 million.Reuters
August 20, 2021 – Vulnerabilities
Cisco warns of Server Name Identification data exfiltration flaw in multiple products Full Text
Abstract
Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns. Cisco warns of a vulnerability in Server Name Identification (SNI) request filtering...Security Affairs
August 20, 2021 – Vulnerabilities
Pegasus iPhone hacks used as lure in extortion scheme Full Text
Abstract
A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand.BleepingComputer
August 20, 2021 – Denial Of Service
Human Rights Alliance Karapatan Faces Weeks-long DDOS Attacks Full Text
Abstract
Qurium reported that the attackers launched billions of “malicious web requests” comprising application-layer web floods, which is a form of DDoS (Distributed Denial of Service) attack.Hackread
August 20, 2021 – Vulnerabilities
637 flaws in industrial control system (ICS) products were published in H1 2021 Full Text
Abstract
During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors. Industrial cybersecurity firm Claroty published its third Biannual ICS Risk & Vulnerability...Security Affairs
August 20, 2021 – Breach
AT&T denies data breach after hacker auctions 70 million user database Full Text
Abstract
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.BleepingComputer
August 20, 2021 – Policy and Law
Social account thief goes to prison for stealing, trading nude photos Full Text
Abstract
A New York man received a three year sentence in federal prison for hacking social media accounts of dozens of female college students and stealing nude photos and videos of them.BleepingComputer
August 19, 2021 – Breach
COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate Full Text
Abstract
COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors.Threatpost
August 19, 2021 – Breach
Postmortem on U.S. Census Hack Exposes Cybersecurity Failures Full Text
Abstract
Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems.Threatpost
August 19, 2021 – Vulnerabilities
Critical Flaw Found in Older Cisco Small Business Routers Won’t Be Fixed Full Text
Abstract
A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019. Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability, which the company said is due to improper validation of incoming UPnP traffic, could be abused to send a specially-crafted UPnP request to an affected device, resulting in remote code execution as the root user on the underlying operating system. "Cisco has not released and will not release software updates to address the vulnerability," the company noted in an advisory published Wednesday. "The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process .The Hacker News
August 19, 2021 – Hacker
You can post LinkedIn jobs as almost ANY employer — so can attackers Full Text
Abstract
Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer—no verification needed. And worse, the employer cannot easily take these down.BleepingComputer
August 19, 2021 – Hacker
CEO tried funding his startup by asking insiders to deploy ransomware Full Text
Abstract
Likely inspired by the LockBit ransomware gang, a Nigerian threat actor tried their luck with a $1 million payment lure to recruit an insider to detonate a ransomware payload on the company servers.BleepingComputer
August 19, 2021 – Denial Of Service
The Looming Threat of TCP-based DDoS Reflection Amplification Attack Full Text
Abstract
A group of academics stated that network middleboxes such as firewalls, Network Address Translators (NATs), load balancers, and Deep Packet Inspection (DPI) boxes can be weaponized to launch more sophisticated DDoS reflection amplification attacks.Cyware Alerts - Hacker News
August 19, 2021 – General
Hillicon Valley: Feds lay down marker in Facebook fight Full Text
Abstract
Facebook dominated much of the tech discussion Thursday, beginning with CEO Mark ZuckerbergMark Elliot ZuckerbergHillicon Valley: Cryptocurrency clash complicate's infrastructure bill's path forward | FTC hits Facebook over 'inaccurate' explanation for banning researchers | Yelp to allow filtering for business requiring vaccination FTC hits Facebook over 'inaccurate' explanation for banning researchers Hillicon Valley: Senators highlight security threats from China during rare public hearing | Facebook suspends accounts of NYU researchers who've criticized platform MORE appearing on "CBS This Morning" to preview a new virtual reality workspace.The Hill
August 19, 2021 – Criminals
Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang Full Text
Abstract
Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer connection between the two. In early July, Fortinet revealed specifics of an unsuccessful ransomware attack involving Diavol payload targeting one of its customers, highlighting the payload's source code overlaps with that of Conti and its technique of reusing some language from Egregor ransomware in its ransom note. "As part of a rather unique encryption procedure, Diavol operates using user-mode Asynchronous Procedure Calls (APCs) without a symmetric encryption algorithm," Fortinet researchers previously said. "Usually, ransomware authors aim to complete the encryption operThe Hacker News
August 19, 2021 – Criminals
Threat actors stole $97 million from Liquid cryptocurency exchange Full Text
Abstract
Japanese cryptocurrency exchange Liquid was hit by a cyber attack, threat actors stole $97 Million worth of crypto-currency assets from the company. Japan-based cryptocurrency exchange Liquid was hit by a cyber attack that resulted in the theft of $97 Million...Security Affairs
August 19, 2021 – Business
What’s Next for T-Mobile and Its Customers? – Podcast Full Text
Abstract
Hopefully not a hacked-up hairball of a “no can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.Threatpost
August 19, 2021 – Vulnerabilities
New unofficial Windows patch fixes more PetitPotam attack vectors Full Text
Abstract
A second unofficial patch for the Windows PetitPotam NTLM relay attack has been released to fix further issues not addressed by Microsoft's official security update.BleepingComputer
August 19, 2021 – Malware
FluBot Malware is on the Fly Again with New Overlay Attacks Full Text
Abstract
FluBot was found targeting finance apps belonging to Polish and German banks by impersonating the app's login form in a new overlay attack. Earlier, in the month of June, this malware was seen imitating postal and logistic service apps to lure its victims. While smartphone users must restrict ... Read MoreCyware Alerts - Hacker News
August 19, 2021 – Vulnerabilities
Cisco will not patch critical flaw CVE-2021-34730 in EoF routers Full Text
Abstract
Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W routers Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small...Security Affairs
August 19, 2021 – General
How Ready Are You for a Ransomware Attack? Full Text
Abstract
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.Threatpost
August 19, 2021 – Vulnerabilities
Hackers can bypass Cisco security products in data theft attacks Full Text
Abstract
Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks.BleepingComputer
August 19, 2021 – Malware
How Diavol and TrickBot are Connected? Full Text
Abstract
IBM X-Force Threat Intelligence studied different versions of the Diavol ransomware whose code configuration hinted at a possible link to the TrickBot group. TrickBot has been observed using group and campaign IDs, which are used by Diavol as well. Experts say, sharing threat intelligence between o ... Read MoreCyware Alerts - Hacker News
August 19, 2021 – Attack
Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw Full Text
Abstract
Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed. A report published by the US Office of Inspector General (OIG) revealed that threat actors breached...Security Affairs
August 19, 2021 – Vulnerabilities
Critical Cisco Bug in Small Business Routers to Remain Unpatched Full Text
Abstract
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.Threatpost
August 19, 2021 – Hacker
You can post LinkedIn jobs as ANY employer — so can attackers Full Text
Abstract
Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer—no verification needed. And worse, the employer cannot easily take these down.BleepingComputer
August 19, 2021 – Criminals
Indra Group Associated with Attacks on Iran Full Text
Abstract
Check Point Research said the Indra APT group was behind crippling Iran’s transport ministry and national train system in a cyberattack recently. Attackers disseminated three different versions of Meteor, Stardust, and Comet wipers into the victim's network. Even though the group has not ... Read MoreCyware Alerts - Hacker News
August 19, 2021 – APT
NK-linked InkySquid APT leverages IE exploits in recent attacks Full Text
Abstract
North Korea-linked InkySquid group leverages two Internet Explorer exploits to deliver a custom implant in attacks aimed at a South Korean online newspaper. Experts from cybersecurity firm Volexity reported that North Korea-linked InkySquid group...Security Affairs
August 19, 2021 – Government
InkySquid State Actor Exploiting Known IE Bugs Full Text
Abstract
The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.Threatpost
August 19, 2021 – Government
CISA shares guidance on how to prevent ransomware data breaches Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes.BleepingComputer
August 19, 2021 – Phishing
Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer Full Text
Abstract
The incident, which occurred in mid-August, marks another tactical swerve in the ever-shifting world of ransomware techniques and at least three companies have fallen victim to it.Cyberscoop
August 19, 2021 – Vulnerabilities
Windows EoP Bug Detailed by Google Project Zero Full Text
Abstract
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.Threatpost
August 19, 2021 – Cryptocurrency
Liquid cryptocurency exchange loses over $90 million following hack Full Text
Abstract
Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets.BleepingComputer
August 19, 2021 – Covid-19
Health authorities in 40 countries targeted by COVID‑19 vaccine scammers Full Text
Abstract
The warning on COVID-19 vaccine scams was issued to all of INTERPOL’s 194 member countries after the international law enforcement agency registered roughly 60 cases from 40 countries.ESET Security
August 19, 2021 – Vulnerabilities
Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers Full Text
Abstract
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life.BleepingComputer
August 19, 2021 – General
World Bank and Partners Announce New Global Fund for Cybersecurity Full Text
Abstract
The World Bank, along with its partners, announced today the launch of a new Cybersecurity Multi-Donor Trust Fund under the broader Digital Development Partnership (DDP) umbrella program.worldbank
August 19, 2021 – General
Tokyo Olympics Leveraged in Cybercrime Attack Full Text
Abstract
Cybercriminals use SEO poisoning to ensure that links to phishing sites and other malicious sites are displayed at the top of search results pages when searching for Olympic-related keywords.Trend Micro
August 18, 2021 – Attack
US Census Bureau hacked in January 2020 using Citrix exploit Full Text
Abstract
US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report.BleepingComputer
August 18, 2021 – Vulnerabilities
STARTTLS Flaws Affecting Major Email Clients and Servers Full Text
Abstract
Security researchers have identified around 40 different vulnerabilities in a TLS encryption mechanism that could lead to targeted Man-in-the-Middle (MitM) attacks. Upgrading email communication protocols connections via STARTTLS is insecure and exposes the system to a number of security vuln ... Read MoreCyware Alerts - Hacker News
August 18, 2021 – Government
Census Bureau computer servers target of January 2020 cyberattack Full Text
Abstract
U.S. Census Bureau computer servers were targeted during a cyberattack last year, but the hackers' attempts to retain access to the system were unsuccessful, according to a watchdog report released Wednesday.The Hill
August 18, 2021 – Vulnerabilities
Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices Full Text
Abstract
A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw in ThroughTek point-to-point (P2P) products, successful exploitation of which could result in the "ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality." "Successful exploitation of this vulnerability could permit remote code execution and unauthorized access to sensitive information, such as to camera audio/video feeds," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted in an advisory. There are believed to be 83 million active devices on the KalaThe Hacker News
August 18, 2021 – Government
What Is Cyber Command’s Role in Combating Ransomware? Full Text
Abstract
Recent ransomware attacks against the United States are raising questions about whether and how the military, specifically U.S. Cyber Command, might counter this type of malicious cyber activity. Here, we provide a road map for policymakers to help guide their decision-making on this critical policy challenge.Lawfare
August 18, 2021 – Criminals
New analysis of Diavol ransomware reinforces the link to TrickBot gang Full Text
Abstract
Researchers conducted a new analysis of the Diavol ransomware and found new evidence of the link with the gang behind the TrickBot botnet. In July, researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been...Security Affairs
August 18, 2021 – Vulnerabilities
Kerberos Authentication Spoofing: Don’t Bypass the Spec Full Text
Abstract
Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.Threatpost
August 18, 2021 – Policy and Law
Bitcoin mixer owner pleads guilty to laundering over $300 million Full Text
Abstract
Larry Dean Harmon, the owner of a dark web cryptocurrency laundering service known as Helix, pleaded guilty today of laundering over $300 million worth of bitcoins between 2014 and 2017.BleepingComputer
August 18, 2021 – Cryptocurrency
Docker Images Harnessed to Harvest Cryptocurrency Full Text
Abstract
A crypto mining scheme deployed five malicious Docker images on Docker Hub to hijack computing resources to mine cryptocurrency. These containers are not being managed by an attacker directly, although there's a script at the entry point that runs an automated attack. Organizations are recomme ... Read MoreCyware Alerts - Hacker News
August 18, 2021 – General
Hillicon Valley: Feds expected to reveal new strategy in Facebook antitrust fight Full Text
Abstract
The Federal Trade Commission is running up on its deadline to file an amended complaint in its antitrust lawsuit against Facebook, and whatever choice the commission makes could offer some insight into how Chair Lina KhanLina KhanBiden's gambit to lock in the youth vote for Democrats Overnight Energy: White House calls for probe of 'divergences' between oil price and gasoline costs | Rail advocates say infrastructure bill falls short | 34 states dealing with heat advisories as Pacific northwest faces new heatwave White House calls for probe of 'divergences' between oil price and gasoline costs MORE will push forward in cracking down on other tech giants.The Hill
August 18, 2021 – Vulnerabilities
BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices Full Text
Abstract
A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc , that was originally disclosed by Microsoft in April 2021, which could open a backdoor into many of these devices, allowing attackers to commandeer them or disrupt their operations. "A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a Tuesday bulletin. As of writing, there is no evidence of active exploitation of the vulnerability. BlackBerry QNX technology is used worldwide by over 195 million vehicles and embedded systems across a wide range of industries,The Hacker News
August 18, 2021 – Breach
T-Mobile data breach has impacted 48.6 million customers Full Text
Abstract
T-Mobile has confirmed that hackers have stolen records belonging to 48.6 million of current and former customers. Recently T-Mobile has launched an investigation into a possible security breach after a threat actor started offering for sale 100 million...Security Affairs
August 18, 2021 – Solution
GitHub urges users to enable 2FA after going passwordless Full Text
Abstract
GitHub is urging its user base to toggle on two-factor authentication (2FA) after deprecating password-based authentication for Git operations.BleepingComputer
August 18, 2021 – Attack
Japan’s Tokio Marine is the latest insurer to be victimized by ransomware Full Text
Abstract
Ransomware struck Japan’s largest property and casualty insurer, Tokio Marine Holdings, at its Singapore branch. It’s the third major insurer to disclose a ransomware attack in recent months.Cyberscoop
August 18, 2021 – Criminals
T-Mobile: Hackers stole data of 40 million people Full Text
Abstract
T-Mobile said Wednesday that data from 40 million former and prospective customers was compromised by hackers as part of a recent breach of the telecom giant.The Hill
August 18, 2021 – Policy and Law
US Banking Groups Object to Breach Notification Bill Provisions Full Text
Abstract
Three banking trade groups wrote to the U.S. Senate Intelligence Committee recommending that the Cyber Incident Notification Act of 2021 be amended to include a 72-hour notification requirement.Gov Info Security
August 18, 2021 – Attack
New ‘Optical Adversarial Attack’ uses low-cost projector to trick AI Full Text
Abstract
The new attack has been dubbed as an OPtical ADversarial attack (OPAD) and involves using three objects: a low-cost projector, a camera, and a computer in order to execute the attack.Hackread
August 18, 2021 – General
Collaboration is the key to protecting critical national infrastructure Full Text
Abstract
Attacks on critical infrastructure entities often target OT and ICS and range from modifying various industrial processes to disrupting and even shutting them down entirely.Help Net Security
August 18, 2021 – Business
Blumira raises $10.3M Series A to bring cloud-based SIEM to mid-market companies Full Text
Abstract
With the new funding, the firm has raised $12.9 million since its founding in 2018. New investor Mercury led the round with Managing Director Aziz Gilani joining Blumira’s board as a director.TechCrunch
August 18, 2021 – Attack
Japanese insurer Tokio Marine discloses ransomware attack Full Text
Abstract
Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack.BleepingComputer
August 18, 2021 – Malware
Houdini malware returns, enterprise risk assessment compromised by Amazon Sidewalk Full Text
Abstract
The research suggests that device identity spoofing threatens to become far more prevalent. Houdini is a well-known remote access trojan (RAT), but the research shows this particular use is novel.Help Net Security
August 18, 2021 – Hacker
Iranian Hackers Target Several Israeli Organizations With Supply-Chain Attacks Full Text
Abstract
IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients. The attacks, which occurred in two waves in May and July 2021, have been linked to a hacker group called Siamesekitten (aka Lyceum or Hexane) that has primarily singled out oil, gas, and telecom providers in the Middle East and in Africa at least since 2018, researchers from ClearSky said in a report published Tuesday. Infections undertaken by the adversary commenced with identifying potential victims, who were then enticed with "alluring" job offers in well-known companies like ChipPc and Software AG by posing as human resources department employees from the impersonated firms, only to lead the victims to a phishing website containing weaponized files tThe Hacker News
August 18, 2021 – Vulnerabilities
Adobe addresses two critical vulnerabilities in Photoshop Full Text
Abstract
Adobe has addressed two critical security vulnerabilities affecting its Photoshop image manipulation software. Adobe released security updates to address two critical security vulnerabilities, tracked as CVE-2021-36065 and CVE-2021-36066, affecting...Security Affairs
August 18, 2021 – Vulnerabilities
Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks Full Text
Abstract
The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.Threatpost
August 18, 2021 – Ransomware
Diavol ransomware sample shows stronger connection to TrickBot gang Full Text
Abstract
A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware.BleepingComputer
August 18, 2021 – General
Healthcare provider expected to lose $106.8 million following ransomware attack Full Text
Abstract
The bulk of the losses for Scripps Health, representing $91.6 million, came from lost revenues during the four weeks the organization needed to recover from the May ransomware attack.The Record
August 18, 2021 – General
Does a VPN Protect You from Hackers? Full Text
Abstract
A virtual private network (VPN) is the perfect solution for a lot of issues you might experience online- accessing blocked sites, hiding your browsing activity, getting rid of internet throttling, finding better deals, and much more. But does a VPN protect you from hackers? Is your private information and files safer on the internet with a VPN? How much of a difference does it make in terms of data protection? The answer to these questions isn't as simple as Yes or No. So, keep reading to find out. Does a VPN Prevent Hacking? You should definitely use a VPN on a public network or your home wi-fi because it significantly protects your privacy. But a VPN can't simply protect you from every single type of cyber attack. Some attacks are very sophisticated and complex, which even a VPN can't prevent. But let's look at some of the cyber attacks that a VPN can stop. 1 — MITM (Man-in-the-Middle) Attack A MITM attack is when a hacker comes in between you and the pThe Hacker News
August 18, 2021 – Privacy
Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR Full Text
Abstract
The German state's data protection agency (DPA) warns that the use of the videoconferencing platform Zoom violates the European Union's GDPR. The German state's data protection agency (DPA) warns that the Senate Chancellory's use of the popular...Security Affairs
August 18, 2021 – Breach
T-Mobile says hackers stole records belonging to 48.6 million individuals Full Text
Abstract
T-Mobile has confirmed that attackers who recently breached its servers stole files containing the personal information of tens of millions of individuals.BleepingComputer
August 18, 2021 – Government
FBI Warns of Credential Stuffing Attacks Against Grocery and Food Delivery Services Full Text
Abstract
With billions of user credentials having been leaked online following security breaches over the past decade, credential stuffing attacks are now common across a wide spectrum of industry verticals.The Record
August 18, 2021 – Malware
NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware Full Text
Abstract
A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper. Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the publication in question, is said to have hosted the malicious code from at least late March 2021 until early June 2021. The "clever disguise of exploit code amongst legitimate code" and the use of custom malware enables the attackers to avoid detection, Volexity researchers said. The attacks involved tampering with the jQuery JavaScript libraries hosted on the website to serve additional obfuscated JavaScript code from a remote URL, using it to leverage exploits for two Internet Explorer flaws that were patched by Microsoft in August 2020 and March 2021 . Successful exploitationThe Hacker News
August 18, 2021 – Business
Periscope Equity invests in CyberMaxx to accelerate growth and product innovation Full Text
Abstract
Periscope Equity announced that it has invested in CyberMaxx through a recapitalization in partnership with management. CyberMaxx provides services to prevent, detect, and respond to cyberattacks.Help Net Security
August 18, 2021 – Hacker
T-Mobile Says Hackers Stole Personal Information on Over 40 Million Current and Prospective Customers Full Text
Abstract
The telco said that the stolen data included first and last names, birth dates, Social Security numbers, and driver’s license information from a subset of current and potential customers.Reuters
August 18, 2021 – Business
Microsoft, Rubrik Strike Deal To Expand Ransomware Protection Full Text
Abstract
Along with an equity investment into Rubrik by Microsoft, the deal will include co-engineering projects aimed at battling ransomware and promoting zero-trust data protection, the companies say.CRN
August 18, 2021 – General
Access Brokers: Just 10 Vendors List 46% of All Offers Full Text
Abstract
Given the reliance that many ransomware operations, in particular, appear to place on such "accesses," one surprise might be just how few individuals appear to be serving as initial access brokers.Gov Info Security
August 17, 2021 – Vulnerabilities
Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop Full Text
Abstract
A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.Threatpost
August 17, 2021 – Malware
Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope Full Text
Abstract
Computing giant tries to reassure users that the tool won’t be used for mass surveillance.Threatpost
August 17, 2021 – Vulnerabilities
Unpatched Remote Hacking Flaw Disclosed in Fortinet’s FortiWeb WAF Full Text
Abstract
Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page," cybersecurity firm Rapid7 said in an advisory published Tuesday. "This vulnerability appears to be related to CVE-2021-22123 , which was addressed in FG-IR-20-120 ." Rapid7 said it discovered and reported the issue in June 2021. Fortinet is expected to release a patch at the end of August with version Fortiweb 6.4.1. The command injection flaw is yet to be assigned a CVE identifier, but it has a severity rating of 8.7 on the CVSS scoring system. Successful exploitation of the vulnerability can allow authThe Hacker News
August 17, 2021 – Attack
Govt hackers impersonate HR employees to hit Israeli targets Full Text
Abstract
Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets.BleepingComputer
August 17, 2021 – Vulnerabilities
Memory corruption vulnerability found in Daemon Tools Pro Full Text
Abstract
CVE-2021-21832 can cause memory corruption in the application if the user opens an adversary-created ISO file that causes an integer overflow. This flaw exists in the way the application parses ISOs.Cisco Talos
August 17, 2021 – General
Hillicon Valley: Facebook says it will keep ban on Taliban content | Rubio reiterates calls for Tik Tok ban after China’s reported ownership stake | Pharmacist sold COVID-19 vaccination cards online, prosecutors allege Full Text
Abstract
Social media platforms are grappling with how to moderate content that supports the Taliban after the group’s rise back to power in Afghanistan over the weekend. The decisions have not been consistent across the industry. Twitter will not impose an overarching ban on such content, diverging from Facebook and YouTube.The Hill
August 17, 2021 – Vulnerabilities
Kalay cloud platform flaw exposes millions of IoT devices to hack Full Text
Abstract
FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372,...Security Affairs
August 17, 2021 – General
The Overlooked Security Risks of The Cloud Full Text
Abstract
Nate Warfield, CTO of Prevaliion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working.Threatpost
August 17, 2021 – Ransomware
Conti ransomware prioritizes revenue and cyberinsurance data theft Full Text
Abstract
Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software seek out cyber insurance policies.BleepingComputer
August 17, 2021 – Government
FFIEC Updates Authentication Guidance Full Text
Abstract
The Federal Financial Institutions Examination Council (FFIEC) has issued updated its security guidance advising banks to use stronger access controls and multifactor authentication.Gov Info Security
August 17, 2021 – Vulnerabilities
Fortinet FortiWeb OS Command Injection allows takeover servers remotely Full Text
Abstract
Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF installs. An authenticated attacker could execute arbitrary commands as the root user on the underlying...Security Affairs
August 17, 2021 – Breach
Terrorist Watchlist Exposed Online with Nearly 1.9M Records Full Text
Abstract
A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement.Threatpost
August 17, 2021 – Vulnerabilities
CISA: BadAlloc impacts critical infrastructure using BlackBerry QNX Full Text
Abstract
CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System (RTOS) used by critical infrastructure organizations.BleepingComputer
August 17, 2021 – Criminals
Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang Full Text
Abstract
The code itself is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. Additionally, it can terminate processes and services as needed.Security Intelligence
August 17, 2021 – Policy and Law
Pharmacist faces 120 years in prison for selling vaccination cards on eBay Full Text
Abstract
An Illinois pharmacist arrested today faces 120 years in prison for allegedly selling dozens of authentic COVID-19 vaccination record cards issued by the Center for Disease Control and Prevention (CDC).BleepingComputer
August 17, 2021 – Malware
Resurgent FluBot malware targets German and Polish banks Full Text
Abstract
Netcraft’s research into the FluBot malware confirms that its operations are expanding rapidly, with a spike in the number of malware distribution pages deployed and finance apps affected.kkhacklabs
August 17, 2021 – Attack
Malware campaign uses clever ‘captcha’ to bypass browser warning Full Text
Abstract
A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif (aka Gozi) banking trojan.BleepingComputer
August 17, 2021 – Vulnerabilities
Google Awards $42,000 for Two Serious Chrome Vulnerabilities Full Text
Abstract
The most severe of these are CVE-2021-30598 and CVE-2021-30599, two type confusion issues in the V8 JavaScript engine that were identified and reported in July by Manfred Paul.Security Week
August 17, 2021 – Vulnerabilities
Fortinet delays patching zero-day allowing remote server takeover Full Text
Abstract
Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (WAF) until the end of August.BleepingComputer
August 17, 2021 – Attack
Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military Full Text
Abstract
The campaign involves a two-step attack. During the first phase, an email without a malicious payload containing content copied from a legitimate Pakistani newspaper’s article is sent to the target.Trend Micro
August 17, 2021 – Malware
Neurevt Trojan Updated with Backdoor and Information Stealing Capabilities to Target Mexican Organizations Full Text
Abstract
This trojan appears to target Mexican organizations. Cisco Talos is tracking these campaigns embedding URLs in the associated droppers, which belong to many major banks in Mexico.Cisco Talos
August 17, 2021 – Government
CISA Warns ThroughTrek Customers of Software Flaw in Millions of Baby Monitors, Cameras Full Text
Abstract
The vulnerability is in a software protocol made by Taiwanese internet of things (IoT) vendor ThroughTek, which has many customers including the Chinese electronics giant Xiaomi.Cyberscoop
August 17, 2021 – Attack
Brazilian government discloses National Treasury ransomware attack Full Text
Abstract
The Brazilian Ministry of Economy has disclosed a ransomware attack that hit some of National Treasury's computing systems on Friday night, right before the start of the weekend.BleepingComputer
August 17, 2021 – Vulnerabilities
Multiple integer overflow vulnerabilities in GPAC Project on Advanced Content Full Text
Abstract
An attacker could exploit these flaws by sending a specially crafted MP4 file. This could cause an integer overflow eventually resulting in a heap-based buffer overflow that causes memory corruption.Cisco Talos
August 17, 2021 – Malware
Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan Full Text
Abstract
A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts. The application masquerades as an animated porn game, a reward points application, or a video streaming application, Trend Micro researchers Jaromir Horejsi and Joseph C Chen said in an analysis published last week, attributing the operation to a threat actor it tracks as Water Kappa, which was previously found targeting Japanese online banking users with the Cinobi trojan by leveraging exploits in Internet Explorer browser. The switch in tactics is an indicator that the adversary is singling out users of web browsers other than Internet Explorer, the researchers added. Water Kappa's latest infection routine commences with malvertisements for either Japanese animated porn games, reward points apps, or video streaming services, with tThe Hacker News
August 17, 2021 – Breach
1.9 million+ records from the FBI’s terrorist watchlist available online Full Text
Abstract
A security researcher discovered that a secret FBI’s terrorist watchlist was accidentally exposed on the internet for three weeks between July 19 and August 9, 2021. A security researcher Bob Diachenko discovered a secret terrorist watchlist with 1.9...Security Affairs
August 17, 2021 – General
How to Reduce Exchange Server Downtime in Case of a Disaster? Full Text
Abstract
Exchange downtime can have serious implications on businesses. Thus, it’s important to maintain backups and implement best practices for Exchange servers that can help restore the Exchange server when a disaster strikes with minimal impact and downtime.Threatpost
August 17, 2021 – IOT
Critical bug impacting millions of IoT devices lets hackers spy on you Full Text
Abstract
Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform.BleepingComputer
August 17, 2021 – Business
Cisco to acquire observability company Epsagon Full Text
Abstract
Cisco announced on Friday that it has signed a deal to acquire observability company Epsagon. Cisco said the deal will play a key role in helping it ramp up its full-stack observability strategy.ZDNet
August 17, 2021 – Business
Solution Providers Can Now Add Incident Response to Their Services Portfolio For Free Full Text
Abstract
The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house. Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security Integrator (SI) to add Incident Response to its services portfolio, without building an in-house team of incident responders, by using Cynet's IR team and technology at no cost. Managed Service providers interested to add Incident Response to their service portfolio with no investment in people or technology can apply here . As cyber threats grow in sophistication and volume, there is an increasing number of cases in which attackers succeed in compromising the environments they target. This, in turn, fuels a rapidly growing demand for IR technologies and services. Since in most casesThe Hacker News
August 17, 2021 – Breach
Colonial Pipeline discloses data breach after May ransomware attack Full Text
Abstract
Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took place in May 2021. Colonial Pipeline has started notifying more than 5000 people that had their personal information...Security Affairs
August 17, 2021 – Vulnerabilities
Fortinet patches bug letting attackers takeover servers remotely Full Text
Abstract
Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations.BleepingComputer
August 17, 2021 – Attack
Brazilian National Treasury Hit with Ransomware Attack Impacting IT Systems Full Text
Abstract
The first assessments so far have found there was no damage to the structuring systems of the National Treasury, such as the platforms relating to public debt administration.ZDNet
August 17, 2021 – Breach
Chase bank accidentally leaked customer info to other customers Full Text
Abstract
Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers.BleepingComputer
August 17, 2021 – Business
Baffle raises $20M to secure cloud data Full Text
Abstract
Baffle announced that it has raised $20 million in Series B funding led by new investor Celesta Capital, with contributions and follow-on investments from multiple investors.Help Net Security
August 17, 2021 – Attack
Memorial Health System in Ohio Latest to be Hit With Ransomware Attack Full Text
Abstract
Memorial Health System detected a security incident early on Sunday morning that prompted the organization to divert emergency care patients from three of its hospitals to other area facilities.Gov Info Security
August 17, 2021 – Policy and Law
Binance Ordered to Freeze Attackers’ Accounts Full Text
Abstract
The London High Court has ordered the cryptocurrency exchange Binance to attempt to identify and freeze accounts belonging to the attackers who allegedly stole about $2.6 million from Fetch.ai.Cuinfosecurity
August 16, 2021 – Vulnerabilities
XSS Bug in SEOPress WordPress Plugin Allows Site Takeover Full Text
Abstract
The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites.Threatpost
August 16, 2021 – Vulnerabilities
Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices Full Text
Abstract
Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek "Luna" SDK up to version 1.3.2, could be abused by attackers to fully compromise the target device and execute arbitrary code with the highest level of privilege — CVE-2021-35392 (CVSS score: 8.1) - Heap buffer overflow vulnerability in 'WiFi Simple Config' server due to unsafe crafting of SSDP NOTIFY messages CVE-2021-35393 (CVSS score: 8.1) - Stack buffer overflow vulnerability in 'WiFi Simple Config' server due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header CVE-2021-35394 (CVSS score: 9.8) - Multiple buffer overflow vulnerabilities and an arbitrary command injection vulnerability in 'UDThe Hacker News
August 16, 2021 – Breach
100m T-Mobile Customer Records Purportedly Up for Sale Full Text
Abstract
UPDATE: T-Mobile confirmed the breach, but hasn’t confirmed whether customer data was involved. The offer: 30m records for ~1 penny each, with the rest being sold privately.Threatpost
August 16, 2021 – Attack
Hive ransomware attacks Memorial Health System, steals patient data Full Text
Abstract
In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts.BleepingComputer
August 16, 2021 – Vulnerabilities
65 vendors affected by severe vulnerabilities in Realtek chips Full Text
Abstract
A security vulnerability within the Realtek RTL819xD module allows attackers to gain complete access to the device, installed operating systems, and other network devices.Help Net Security
August 16, 2021 – General
Hillicon Valley: Federal regulators investigating Tesla Autopilot crashes | Afghan broadcasters for US government radio fear Taliban backlash | Anonymous messaging app Yik Yak returns Full Text
Abstract
Tesla is in deep water after a series of crashes with emergency vehicles. The National Highway Traffic Safety Administration officially launched a probe into the electric car company on Monday.The Hill
August 16, 2021 – Denial Of Service
Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks Full Text
Abstract
Weaknesses in the implementation of TCP protocol in middleboxes and censorship infrastructure could be weaponized as a vector to stage reflected denial of service (DoS) amplification attacks, surpassing many of the existing UDP-based amplification factors to date. Detailed by a group of academics from the University of Maryland and the University of Colorado Boulder at the USENIX Security Symposium, the volumetric attacks take advantage of TCP-non-compliance in-network middleboxes — such as firewalls, intrusion prevention systems, and deep packet inspection (DPI) boxes — to amplify network traffic, with hundreds of thousands of IP addresses offering amplification factors exceeding those from DNS, NTP, and Memcached. Reflected amplification attacks are a type of DoS attacks in which an adversary leverages the connectionless nature of UDP protocol with spoofed requests to misconfigured open servers in order to overwhelm a target server or network with a flood of packets, causingThe Hacker News
August 16, 2021 – Breach
T-Mobile confirms data breach that exposed customer personal info Full Text
Abstract
T-Mobile confirms a breach after threat actors claimed to have obtained records of 100 million of its customers and offered them for sale. T-Mobile has confirmed a data breach that exposed personal information from over 100 million of its US customers. Yesterday...Security Affairs
August 16, 2021 – Vulnerabilities
Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets Full Text
Abstract
Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets.Threatpost
August 16, 2021 – Attack
T-Mobile confirms servers were hacked, investigates data breach Full Text
Abstract
T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen.BleepingComputer
August 16, 2021 – Ransomware
SynAck Ransomware Rebrands, Releases Old Decryption Keys Full Text
Abstract
El_Cometa ransomware group, formerly known as SynAck, released master decryption keys for the victims they targeted between July 2017 and early 2021. Emsisoft would be creating its own decryption tool that will be easy to use and safe. The tool will be released for public use within a few days.Cyware Alerts - Hacker News
August 16, 2021 – Criminals
Recent attacks on Iran were orchestrated by the Indra group Full Text
Abstract
The recent attacks that targeted Iran's transport ministry and national train system were conducted by a threat actor dubbed Indra. In July, Iran’s railroad system was hit by a cyberattack, threat actors published fake messages about delays or cancellations...Security Affairs
August 16, 2021 – Malware
Malware dev infects own PC and data ends up on intel platform Full Text
Abstract
A malware developer unleashed their creation on their system to try out new features and the data ended up on a cybercrime intelligence platform, exposing a glimpse of the cybercriminal endeavor.BleepingComputer
August 16, 2021 – Breach
Cyberattack hits Israel’s Bar Ilan University: ‘Data is being erased right now’ Full Text
Abstract
A cyberattack targeted Israel’s Bar Ilan University Sunday, the school reported. An internal email by the IT department said the attack was ongoing and urged staff to shut down their computers.Haaretz
August 16, 2021 – Breach
Education giant Pearson fined $1M for downplaying data breach Full Text
Abstract
The US Securities and Exchange Commission (SEC) announced today that Pearson, a British multinational educational publishing and services company, has settled charges of mishandling the disclosure process for a 2018 data breach discovered in March 2019.BleepingComputer
August 16, 2021 – Vulnerabilities
Magniber and Vice Society Actors Exploiting PrintNightmare Flaws Full Text
Abstract
Ransomware operators, including Magniber and Vice Society, were found exploiting flaws in Windows Print Spooler to compromise systems and spread laterally across networks.Cyware Alerts - Hacker News
August 16, 2021 – Breach
Secret terrorist watchlist with 2 million records exposed online Full Text
Abstract
A secret terrorist watchlist with 1.9 million records, including "no-fly" records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it.BleepingComputer
August 16, 2021 – Attack
New Code-poisoning Attack could Corrupt Your ML Models Full Text
Abstract
A group of researchers discovered a new type of code-poisoning attack that can manipulate natural-language modeling systems via a backdoor. By nature, this is a blind attack, in which the attacker does not require to observe the execution of their code or the weights of the backdoored model during ... Read MoreCyware Alerts - Hacker News
August 16, 2021 – Policy and Law
SIM swap scammer pleads guilty to Instagram account hijacks, crypto theft Full Text
Abstract
Declan Harrington, a Massachusetts man charged two years ago for his alleged involvement in a series of SIM swapping attacks, pleaded guilty to stealing cryptocurrency from multiple victims and hijacking the Instagram account of others.BleepingComputer
August 16, 2021 – Breach
Data breach at New York university potentially affects 47,000 citizens Full Text
Abstract
The incident was discovered on July 14, and reportedly involved Social Security numbers. A total of more than 46,700 individuals are said to be impacted by the data breach.The Daily Swig
August 16, 2021 – Vulnerabilities
Research: Hundreds of high-traffic web domains vulnerable to same-site attacks Full Text
Abstract
The underrated threat of related-domain attacks can enable malicious actors to circumvent many advanced website protection mechanisms, according to researchers from TU Wien and Ca’ Foscari University.The Daily Swig
August 16, 2021 – Solution
UNISOC joins Google’s Android Ready SE Alliance to deliver secure solutions to the Android ecosystem Full Text
Abstract
UNISOC has joined Google’s Android Ready SE Alliance, a collaboration between Google and Secure Element (SE) vendors, to offer a growing list of open-source, validated, and ready-to-use SE Applets.Help Net Security
August 16, 2021 – Hacker
Hackers behind Iranian wiper attacks linked to Syrian breaches Full Text
Abstract
Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra who previously deployed wiper malware on the networks of multiple Syrian organizations.BleepingComputer
August 16, 2021 – Government
Maine’s Department of Environmental Protection Warns of Ransomware Intrusions at Two Public Wastewater Plants Full Text
Abstract
The Department of Environmental Protection has warned municipalities and water-sector professionals to be on alert after two recent ransomware intrusions, believed to be the first incidents in Maine.bangordailynews
August 16, 2021 – Vulnerabilities
Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients Full Text
Abstract
Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were detailed by a group of researchers Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel at the 30th USENIX Security Symposium. In an Internet-wide scan conducted during the study, 320,000 email servers were found vulnerable to what's called a command injection attack. Some of the popular clients affected by the bugs include Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Samsung Email, Yandex, and KMail. The attacks require that the malicious party can tamper connections established between an email client and the email server of a provider and has login crThe Hacker News
August 16, 2021 – Government
US FINRA warns US brokerage firms and brokers of ongoing phishing attacks Full Text
Abstract
The US FINRA warns US brokerage firms and brokers of an ongoing phishing campaign impersonating its representatives to steal sensitive info. The US Financial Industry Regulatory Authority (FINRA) is warning US brokerage firms and brokers of an ongoing...Security Affairs
August 16, 2021 – Breach
Colonial Pipeline reports data breach after May ransomware attack Full Text
Abstract
Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May.BleepingComputer
August 16, 2021 – General
Most employees reusing personal passwords to protect corporate data Full Text
Abstract
Nearly two-thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue, according to study by My1Login.Help Net Security
August 16, 2021 – Malware
New AdLoad Variant Bypasses Apple’s Security Defenses to Target macOS Systems Full Text
Abstract
A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection. "AdLoad," as the malware is known, is one of several widespread adware and bundleware loaders targeting macOS since at least 2017. It's capable of backdooring an affected system to download and install adware or potentially unwanted programs (PUPs), as well as amass and transmit information about victim machines. The new iteration "continues to impact Mac users who rely solely on Apple's built-in security control XProtect for malware detection," SentinelOne threat researcher Phil Stokes said in an analysis published last week. "As of today, however, XProtect arguably has around 11 different signatures for AdLoaThe Hacker News
August 16, 2021 – Criminals
Threat actor claims to be selling data of more than 100 million T-Mobile customers Full Text
Abstract
T-Mobile is investigating a possible data breach after a threat actor published a post on a forum claiming to be selling the personal data of its customers. New problems for T-Mobile, the company is investigating a possible data breach after that...Security Affairs
August 16, 2021 – Denial Of Service
Firewalls and Middleboxes Can be Weaponized for Massive DDoS Attacks Using New Technique Full Text
Abstract
Academics discovered a novel DDoS attack vector abusing the TCP protocol. The new DDoS technique can be used to launch attacks with amplification factors in the realm of 1000x and more.The Record
August 16, 2021 – Solution
Google Releases Tool to Help Developers Enforce Security Full Text
Abstract
Google this week announced its latest aid for developers, a tool that automates security tasks and checks project attributes to ensure that the security of an open-source project has not changed.Dark Reading
August 16, 2021 – Hacker
Hacker Claims to Sell Personal Data of More Than 100 Million T-Mobile Customers Full Text
Abstract
A cybercriminal is claiming to have data related to more than 100 million T-Mobile customers in the U.S. and is selling access to part of the information for roughly $277,000.Gizmodo
August 16, 2021 – Attack
AMD Secure Encrypted Virtualization undone by electrical attack Full Text
Abstract
The attack was inspired by a separate attack, dubbed Voltpillager, used to defeat Intel's Software Guard Extensions (SGX), a similar secure enclave system for x86 microarchitecture.The Register
August 16, 2021 – Vulnerabilities
Valve promptly resolves Steam ‘unlimited funds’ gaming wallet cheat Full Text
Abstract
In a write-up published after the bug was resolved, the researcher describes how an attacker would first have to modify their Steam account email to an address that includes the term “amount100”.The Daily Swig
August 16, 2021 – Government
United Nations calls for moratorium on sale of surveillance tech like NSO Group’s Pegasus Full Text
Abstract
"It is highly dangerous and irresponsible to allow the surveillance technology and trade sector to operate as a human rights-free zone," warned eight UN experts on human rights.The Register
August 15, 2021 – Breach
Hacker claims to steal data of 100 million T-mobile customers Full Text
Abstract
T-Mobile is actively investigating a data breach after a threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 100 million customers.BleepingComputer
August 15, 2021 – Government
A job ad published by the UK’s Ministry of Defence revealed a secret hacking squad Full Text
Abstract
A job ad published by the UK's Ministry of Defence has revealed the existence of a previously undisclosed secret SAS mobile hacker team. The existence of a secret SAS mobile hacker squad, named MAB5 and under the control of the Computer Network Operations...Security Affairs
August 15, 2021 – Breach
Ford bug exposed customer and employee records from internal systems Full Text
Abstract
A bug on Ford's website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega customer engagement system running on Ford's servers.BleepingComputer
August 15, 2021 – General
Security Affairs newsletter Round 327 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Four years...Security Affairs
August 15, 2021 – Attack
Glowworm Attack allows sound recovery via a device’s power indicator LED Full Text
Abstract
The Glowworm attack leverages optical emanations from a device's power indicator LED to recover sounds from connected peripherals and spy on electronic conversations. Boffins from the Ben-Gurion University of the Negev devised a new attack technique,...Security Affairs
August 14, 2021 – General
US brokers warned of ongoing phishing attacks impersonating FINRA Full Text
Abstract
The US Financial Industry Regulatory Authority (FINRA) warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties.BleepingComputer
August 14, 2021 – Criminals
Four years after its takedown, AlphaBay marketplace revamped Full Text
Abstract
The popular black marketplace AlphaBay is back, four years after law enforcement agencies took down the popular hidden service. The darknet marketplace AlphaBay resurfaced four years after an international operation conducted by law enforcement...Security Affairs
August 14, 2021 – Breach
Classified documents from Lithuanian Ministry of Foreign Affairs are available for sale Full Text
Abstract
Emails allegedly stolen from the Lithuanian Ministry of Foreign Affairs are available for sale in a cybercrime forum, some emails include high-sensitive info. An archive containing 1.6 million emails containing highly sensitive messages allegedly...Security Affairs
August 14, 2021 – Attack
New Glowworm Attack Recovers Device’s Sound from Its LED Power Indicator Full Text
Abstract
A novel technique leverages optical emanations from a device's power indicator LED to recover sounds from connected peripherals and spy on electronic conversations from a distance of as much as 35 meters. Dubbed the " Glowworm attack ," the findings were published by a group of academics from the Ben-Gurion University of the Negev earlier this week, describing the method as "an optical TEMPEST attack that can be used by eavesdroppers to recover sound by analysing optical measurements obtained via an electro-optical sensor directed at the power indicator LED of various devices." Accompanying the experimental setup is an optical-audio transformation (OAT) that allows for retrieving sound by isolating the speech from the optical measurements obtained by directing an electro-optical sensor at the device's power indicator LED. TEMPEST is the codename for unintentional intelligence-bearing emanations produced by electronic and electromechanical information-The Hacker News
August 14, 2021 – Education
Learn Ethical Hacking From Scratch — 18 Online Courses for Just $43 Full Text
Abstract
If you're reading this post, there is a pretty good chance you're interested in hacking. Ever thought about turning it into a career? The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches. It's open to anyone with the right skills. Featuring 18 courses from top-rated instructors, The All-In-One 2021 Super-Sized Ethical Hacking Bundle helps you acquire those skills. If you went on a shopping spree, these courses would normally set you back $3,284 in total. However, The Hacker News has teamed up with several education partners to offer the full bundle for just $42.99 . That means you're paying less than $3 per course! Ethical hacking is all about finding the weaknesses in systems before they can be exploited by malicious hackers. Many people who work in this field earn six figures, and top experts often work for themselves. There are two things you need for building a career in ethical hacking: practical knowThe Hacker News
August 14, 2021 – Solution
Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger Full Text
Abstract
Facebook on Friday said it's extending end-to-end encryption (E2EE) for voice and video calls in Messenger, along with testing a new opt-in setting that will turn on end-to-end encryption for Instagram DMs. "The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver's device," Messenger's Ruth Kricheli said in a post. "This means that nobody else, including Facebook, can see or listen to what's sent or said. Keep in mind, you can report an end-to-end encrypted message to us if something's wrong." The social media behemoth said E2EE is becoming the industry standard for improved privacy and security. It's worth noting that the company's flagship messaging service gained support for E2EE in text chats in 2016, when it added a " secret conversation " option to its app, while communications on its sister platform WhatThe Hacker News
August 14, 2021 – Vulnerabilities
Dumping user’s Microsoft Azure credentials in plaintext from Windows 365 Full Text
Abstract
A security expert devised a method to retrieve a user's Microsoft Azure credentials in plaintext from Microsoft's new Windows 365 Cloud PC service using Mimikatz. Benjamin Delpy, the popular security researcher and author of the Mimikatz tool, has devised...Security Affairs
August 14, 2021 – Criminals
Cybercriminals Reportedly Created Blockchain Analytics Tool Full Text
Abstract
The tool was created by one of the same developers behind Incognito Market, a darknet marketplace specializing in the sale of narcotics. Incognito was launched in late 2020, and the marketplace accepts payments in both bitcoin and monero.DataBreach Today
August 14, 2021 – Solution
The Rise of Deep Learning for Detection and Classification of Malware Full Text
Abstract
Different types of deep learning algorithms, such as convolutional neural networks (CNN), recurrent neural networks and Feed-Forward networks, have been applied to a variety of use cases in malware analysis.McAfee
August 14, 2021 – Government
Russian cyberspies targeted the Slovak government for months Full Text
Abstract
A Russian cyber-espionage group linked to one of Russia’s intelligence forces has targeted the Slovak government for months, Slovak security firms ESET and IstroSec said this week.The Record
August 14, 2021 – Policy and Law
London court orders Binance to trace cryptocurrency hackers Full Text
Abstract
London's High Court has ordered Binance, one of the world's largest cryptocurrency exchanges, to identify hackers and freeze their accounts after one user said it was the victim of a $2.6 million hack.Reuters
August 14, 2021 – Malware
Malicious Docker Images Used to Mine Monero Full Text
Abstract
A recently uncovered cryptomining scheme used malicious Docker images to hijack organizations’ computing resources to mine cryptocurrency, according to cybersecurity firm Aqua Security.Info Risk Today
August 14, 2021 – Attack
Scripps Health Reports Financial Toll of Ransomware Attack Full Text
Abstract
The recent ransomware attack that disrupted Scripps Health's IT systems and patient care for nearly a month has so far cost the San Diego-based organization nearly $113 million, including $91.6 million in lost revenue.Gov Info Security
August 14, 2021 – Vulnerabilities
Microsoft confirms another Windows Print Spooler bug, offers workaround Full Text
Abstract
A day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability (CVE-2021-36958).Help Net Security
August 13, 2021 – General
Hillicon Valley: Senators want answers about Amazon’s biometric data collection | House members release companion bill targeting app stores | Google files to dismiss Ohio lawsuit Full Text
Abstract
Senators from both sides of the aisle joined together to press Amazon for details about its palm print scanners program, which lets shoppers pay in Amazon stores without ever taking out cash or cards. The senators said the program raises questions about the e-commerce giant’s plans for using the biometric data.The Hill
August 13, 2021 – Criminals
Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware Full Text
Abstract
CAPTCHA-protected malicious URLs are snowballing lately, researchers said.Threatpost
August 13, 2021 – General
SolarWinds 2.0 Could Ignite Financial Crisis – Podcast Full Text
Abstract
That’s what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it?Threatpost
August 13, 2021 – Business
Facebook rolls out end-to-end encryption for Messenger calls Full Text
Abstract
Facebook has announced the roll-out of end-to-end encrypted Messenger voice and video calls five years after making it available in one-on-one text chats.BleepingComputer
August 13, 2021 – Ransomware
The Week in Ransomware - August 13th 2021 - The rise of LockBit Full Text
Abstract
This week we saw an existing operation rise in attacks while existing ransomware operations turn to Windows vulnerabilities to elevate their privileges.BleepingComputer
August 13, 2021 – Breach
Emails from Lithuanian Ministry of Foreign Affairs for sale on data-trading forum Full Text
Abstract
The Lithuanian Ministry of Foreign Affairs has declined to comment about the authenticity of email files allegedly stolen from its network and offered for sale on a data-trading forum.LithBleepingComputer
August 13, 2021 – Malware
New InfoStealer Malware Spread Via Russian Underground Forum Full Text
Abstract
Researchers uncovered a new info-stealer malware “Ficker” and is distributed via a Russian underground forum by threat actors as Malware-as-a-Service (MaaS) model to attack Windows users.GB Hackers
August 13, 2021 – Attack
Exchange Servers Under Active Attack via ProxyShell Bugs Full Text
Abstract
There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs.Threatpost
August 13, 2021 – Vulnerabilities
Windows 365 exposes Microsoft Azure credentials in plaintext Full Text
Abstract
A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz.BleepingComputer
August 13, 2021 – General
Windows 365 exposes Microsoft Azure credentials in plain-text Full Text
Abstract
A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz.BleepingComputer
August 13, 2021 – Criminals
SynAck ransomware gang releases decryption keys for old victims Full Text
Abstract
The El_Cometa ransomware gang, formerly known as SynAck, has released today master decryption keys (verified by Michael Gillespie) for the victims they infected between July 2017 and early 2021.The Record
August 13, 2021 – Ransomware
SynAck ransomware gang releases master decryption keys for old victims Full Text
Abstract
The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow...Security Affairs
August 13, 2021 – Solution
Microsoft Teams will alert users of incoming spam calls Full Text
Abstract
Microsoft is working on adding a spam call notification feature to the Microsoft 365 Teams collaboration platform.BleepingComputer
August 13, 2021 – Hacker
UNC215 Impersonated an Iranian Group to Target Israeli Organizations Full Text
Abstract
According to Mandiant, Chinese cyberespionage group UNC215 impersonated Iranian threat actors to target Israeli organizations in a campaign that began in January 2019.Cyware Alerts - Hacker News
August 13, 2021 – Vulnerabilities
‘Unpatched’ vulnerabilities in Wodify fitness management platform allow attackers to steal gym payments, extract member data Full Text
Abstract
Security researchers have uncovered three vulnerabilities in Wodify app that could allow an authenticated user to modify production data and extract sensitive personal information.The Daily Swig
August 13, 2021 – Malware
Updated AdLoad Malware Capable of Bypassing Apple’s Defenses Full Text
Abstract
SentinelOne warned against a new AdLoad malware variant that bypasses Apple's YARA signature-based XProtect built-in antivirus tech to infect macOS. Hundreds of unique samples of AdLoad adware were found circulating in the wild that remained undetected for almost ten months. Researchers emphasize t ... Read MoreCyware Alerts - Hacker News
August 13, 2021 – Ransomware
Vice Society ransomware also exploits PrintNightmare flaws in its attack Full Text
Abstract
Another ransomware gang, the Vice Society ransomware operators, is using Windows print spooler PrintNightmare exploits in its attacks. The Vice Society ransomware operators are actively exploiting Windows print spooler PrintNightmare vulnerability...Security Affairs
August 13, 2021 – Attack
Cyberattack hits vaccine records for thousands of Canada’s Durham Region children Full Text
Abstract
The personal information of more than 3000 children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known.CTV News
August 13, 2021 – Malware
eCh0raix Combo: Targeting Both QNAP and Synology Full Text
Abstract
Palo Alto disclosed that a new eCh0raix variant is now capable of encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. Therefore, researchers recommend updating device firmware as the first step of defense. Also, it is recommended to create complex passwords and limit connectio ... Read MoreCyware Alerts - Hacker News
August 13, 2021 – Malware
Chaos: Ransomware or Wiper? Full Text
Abstract
A new malware named Chaos has been discovered on an underground forum claiming to be a ransomware but, an analysis by researchers suggests it is a wiper under development. It has been in development since June and could become a serious and dangerous threat for organizations in near future.Cyware Alerts - Hacker News
August 13, 2021 – Business
Huawei stole our tech and created a ‘backdoor’ to spy on Pakistan, claims IT biz Full Text
Abstract
The filing claims, among other things, that Huawei used BES’s Data Exchange System "to create a backdoor and obtain data important to Pakistan’s national security and to spy on Pakistani citizens."The Register
August 13, 2021 – General
SynAck ransomware releases decryption keys after El_Cometa rebrand Full Text
Abstract
The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group.BleepingComputer
August 13, 2021 – Hacker
Bugs in gym management software let hackers wipe fitness history Full Text
Abstract
Security researchers found vulnerabilities in the Wodify fitness platform that allows an attacker to view and modify user workouts from any of the more than 5,000 gyms that use the solution worldwide.BleepingComputer
August 13, 2021 – General
Hospitals still not protected from dangerous vulnerabilities Full Text
Abstract
Ransomware is impacting the bottom line, with 48% of hospital executives reporting either a forced or proactive shutdown in the last 6 months as a result of external attacks, as per an Ipsos survey.Help Net Security
August 13, 2021 – Hacker
Bugs in gym management software let hackers change user workout results Full Text
Abstract
Security researchers found vulnerabilities in the Wodify fitness platform that allows an attacker to view and modify user workouts from any of the more than 5,000 gyms that use the solution worldwide.BleepingComputer
August 13, 2021 – Attack
Cornell University Researchers Uncover Backdoor Attack to Evade Any Known Defense Full Text
Abstract
A team of researchers have uncovered a new type of backdoor attack that they showed can "manipulate natural-language modeling systems to produce incorrect outputs and evade any known defense."ZDNet
August 13, 2021 – Ransomware
Vice Society ransomware joins ongoing PrintNightmare attacks Full Text
Abstract
The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims' networks.BleepingComputer
August 13, 2021 – Breach
Update: Months after the Accellion breach, more victims emerge Full Text
Abstract
The Accellion breach occurred last December, but more victims have come to light in recent weeks as investigations, notifications and disclosures stretch on through the summer.Tech Target
August 13, 2021 – Hacker
Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection Full Text
Abstract
Microsoft has disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average, including relying on Morse code, in an attempt to cover their tracks and surreptitiously harvest user credentials. The phishing attacks take the form of invoice-themed lures mimicking financial-related business transactions, with the emails containing an HTML file ("XLS.HTML"). The ultimate objective is to harvest usernames and passwords, which are subsequently used as an initial entry point for later infiltration attempts. Microsoft likened the attachment to a "jigsaw puzzle," noting that individual parts of the HTML file are designed to appear innocuous and slip past endpoint security software, only to reveal its true colors when these segments are decoded and assembled together. The company did not identify the hackers behind the operation. "This phishing campaign exThe Hacker News
August 13, 2021 – Solution
Google open-sourced Allstar tool to secure GitHub repositories Full Text
Abstract
Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations. Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security...Security Affairs
August 13, 2021 – Hacker
WordPress Sites Abused in Aggah Spear-Phishing Campaign Full Text
Abstract
The Pakistan-linked threat group’s campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea.Threatpost
August 13, 2021 – Ransomware
New DeepBlueMagic Ransomware Strain Ransomware Discovered Using Third-party Disk Encryption Tool Full Text
Abstract
By cleverly making use of a legitimate third-party disk encryption tool, the DeepBlueMagic ransomware encryption process targets the different disk drives on the endpoint.Heimdal Security
August 13, 2021 – Attack
Why Is There A Surge In Ransomware Attacks? Full Text
Abstract
The U.S. is presently combating two pandemics--coronavirus and ransomware attacks. Both have partially shut down parts of the economy. However, in the case of cybersecurity, lax security measures allow hackers to have an easy way to rake in millions. It's pretty simple for hackers to gain financially, using malicious software to access and encrypt data and hold it hostage until the victim pays the ransom. Cyber attacks are more frequent now because it is effortless for hackers to execute them. Further, the payment methods are now friendlier to them. In addition, businesses are willing to pay a ransom because of the growing reliance on digital infrastructure, giving hackers more incentives to attempt more breaches. Bolder cybercriminals A few years back, cybercriminals played psychological games before getting bank passwords and using their technical know-how to steal money from people's accounts. They are bolder now because it is easy for them to buy ransomware softwareThe Hacker News
August 13, 2021 – Attack
Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users Full Text
Abstract
Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks...Security Affairs
August 13, 2021 – Solution
One-click Microsoft Outlook button makes it a breeze for workers to report phishing emails Full Text
Abstract
This week, the U.K. NCSC has published a guide on how IT administrators can add the new button to Outlook on Microsoft Office 365 suites across their organizations to report phishing emails.Cyber News
August 13, 2021 – Hacker
Hackers Actively Searching for Unpatched Microsoft Exchange Servers Full Text
Abstract
Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year. The remote code execution flaws have been collectively dubbed "ProxyShell." At least 30,000 machines are affected by the vulnerabilities, according to a Shodan scan performed by Jan Kopriva of SANS Internet Storm Center. "Started to see in the wild exploit attempts against our honeypot infrastructure for the Exchange ProxyShell vulnerabilities," NCC Group's Richard Warren tweeted , noting that one of the intrusions resulted in the deployment of a "C# aspx webshell in the /aspnet_client/ directory." Patched in early March 2021, ProxyLogon is the moniker for CVE-2021-26855, a server-side request forgery vulnerability in Exchange Server thaThe Hacker News
August 13, 2021 – General
IT threat evolution in Q2 2021 Full Text
Abstract
While ransomware has been around for a long time, it has evolved over time as attackers have improved and refined their tactics. We have seen a shift away from random, speculative attacks.Kaspersky Labs
August 13, 2021 – Criminals
Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities Full Text
Abstract
Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems. "Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will continue to see more widespread adoption and incorporation by various adversaries moving forward," Cisco Talos said in a report published Thursday, corroborating an independent analysis from CrowdStrike, which observed instances of Magniber ransomware infections targeting entities in South Korea. While Magniber ransomware was first spotted in late 2017 singling out victims in South Korea through malvertising campaigns, Vice Society is a new entrant that emerged on the ransomware landscape in mid-2021, primarily targeting public school districts and other educational institutions.The Hacker News
August 13, 2021 – Criminals
Microsoft Discovers Cybercriminals Using Morse Code to Evade Detection Full Text
Abstract
It’s not very often, though, that cyberattackers turn to Morse Code for operational security. But that's what played a part in a year-long phishing campaign that Microsoft researchers outlined.Cyberscoop
August 13, 2021 – General
Stealth is never enough, or Revealing Formbook successor’s C&C infrastructure Full Text
Abstract
As opposed to Formbook, its successor XLoader comes without C&C panel source code and is sold only by subscription. Instead, it uses the centralized C2 infrastructure provided by the XLoader creators.Check Point Research
August 13, 2021 – General
50% of cybersecurity attacks are from repeat offenders Full Text
Abstract
Lack of awareness and knowledge gaps are a weak link for leadership who are responsible for strategic planning of cyber defenses, leaving organizations exposed to risks, a Ponemon survey reveals.Help Net Security
August 12, 2021 – Vulnerabilities
Microsoft Exchange servers are getting hacked via ProxyShell exploits Full Text
Abstract
Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access.BleepingComputer
August 12, 2021 – General
GitHub deprecates account passwords for authenticating Git operations Full Text
Abstract
GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow.BleepingComputer
August 12, 2021 – General
Hillicon Valley: US has made progress on cyber but more needed, report says | Democrat urges changes for ‘problematic’ crypto language in infrastructure bill | Facebook may be forced to unwind Giphy acquisition Full Text
Abstract
In the wake of a string of cybersecurity attacks, a report issued Thursday found the federal government is making progress against threats. But the committee behind the report said there is still work to be done.The Hill
August 12, 2021 – Hacker
Hackers now backdoor Microsoft Exchange using ProxyShell exploits Full Text
Abstract
Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access.BleepingComputer
August 12, 2021 – Vulnerabilities
Trend Micro warns customers of zero-day attacks against its products Full Text
Abstract
Security firms Trend Micro is warning its customers of attacks exploiting zero-day vulnerabilities in its Apex One and Apex One as a Service products. On July 28, Trend Micro released security patches for multiple incorrect permission assignment...Security Affairs
August 12, 2021 – Criminals
Rogue Marketplace AlphaBay Reboots Full Text
Abstract
Illicit underground marketplace relaunches years after takedown.Threatpost
August 12, 2021 – Phishing
QR Code Scammers Get Creative with Bitcoin ATMs Full Text
Abstract
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology’s trust relationship with users.Threatpost
August 12, 2021 – Phishing
Microsoft: Evasive Office 365 phishing campaign active since July 2020 Full Text
Abstract
Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020.BleepingComputer
August 12, 2021 – Business
Arctic Wolf appoints Nick Schneider as CEO Full Text
Abstract
Arctic Wolf announced that Nick Schneider, president and chief revenue officer, has been appointed as CEO, succeeding Brian NeSmith who will serve as executive chairman of the Board of Directors.Help Net Security
August 12, 2021 – Malware
Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT Full Text
Abstract
Although ServHelper has existed since at least early 2019, we detected the use of other malware families to install it. The installation comes as a GoLang dropper, .NET dropper, or PowerShell script.Cisco Talos
August 12, 2021 – Malware
July 2021’s Most Wanted Malware: Snake Keylogger Enters Top 10 for First Time - Check Point Software Full Text
Abstract
Check Point Research reports that Trickbot is the most prevalent malware for the third month running, while Snake Keylogger enters the index for the first time taking second place.Check Point Research
August 12, 2021 – Malware
AdLoad Malware 2021 Samples Skate Past Apple XProtect Full Text
Abstract
A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren’t recognized by Apple’s built-in security controls.Threatpost
August 12, 2021 – Solution
CobaltSpam tool can flood Cobalt Strike malware servers Full Text
Abstract
A security researcher has published this week a tool to flood Cobalt Strike servers—often used by malware gangs—with fake beacons in order to corrupt their internal databases of infected systems.The Record
August 12, 2021 – Vulnerabilities
Node.js developers fix high-risk vulnerability that could allow remote domain hijacking Full Text
Abstract
The maintainers of the JavaScript runtime environment have released a security advisory today (August 12) warning users to update to the latest version to protect against a series of bugs.The Daily Swig
August 12, 2021 – Criminals
Notorious AlphaBay darknet market comes back to life Full Text
Abstract
The AlphaBay darkweb market has come back to life after an administrator of the original project relaunched it over the weekend.BleepingComputer
August 12, 2021 – General
Report finds US government has made progress on cybersecurity, more work remains Full Text
Abstract
The federal government has made “significant” progress on strengthening the United States against cyber threats over the past year, but more work remains, a congressionally-established bipartisan committee concluded in a report published Thursday.The Hill
August 12, 2021 – Vulnerabilities
August 2021 ICS Patch Tuesday: Siemens, Schneider Address Over 50 Flaws Full Text
Abstract
Siemens and Schneider Electric on Tuesday released 18 security advisories addressing a total of more than 50 vulnerabilities affecting their products used in industrial settings.Security Week
August 12, 2021 – Solution
A Simple Software Fix Could Limit Location Data Sharing Full Text
Abstract
Security researchers Paul Schmitt and Barath Raghavan have created a scheme called Pretty Good Phone Privacy that can mask wireless users' locations from carriers with a simple software upgrade.Wired
August 12, 2021 – Cryptocurrency
Ukraine shuts down money laundering cryptocurrency exchanges Full Text
Abstract
The Security Service of Ukraine (SBU) took down a network of cryptocurrency exchanges used to anonymize transactions since the beginning of 2021.BleepingComputer
August 12, 2021 – Criminals
Cybercrime victims lose an estimated $318 billion annually Full Text
Abstract
According to the estimates by Comparitech researchers, 71.1 million people fall victim to cybercrimes globally each year which equates to nearly 900 victims per 100,000 people.Comparitech
August 12, 2021 – Breach
Data Breach at US Waste Management Firm Exposes Employees’ Healthcare Information Full Text
Abstract
A data breach at US waste management firm Waste Management Resources has apparently exposed the healthcare information of current and former employees, as well as their dependents.The Daily Swig
August 12, 2021 – Criminals
Magniber Ransomware operators use PrintNightmare exploits to infect Windows servers Full Text
Abstract
Threat actors behind the Magniber Ransomware are using PrintNightmare exploits in attacks aimed at Windows servers. Threat actors behind the Magniber Ransomware are exploiting the PrintNightmare flaws (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958)...Security Affairs
August 12, 2021 – General
Ransomware Payments Explode Amid ‘Quadruple Extortion’ Full Text
Abstract
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.Threatpost
August 12, 2021 – Hacker
Hacker claims cryptocurrency site was targeted ‘for fun,’ Full Text
Abstract
A person claiming to be behind the massive $600 million cryptocurrency breach said on Thursday they stole the digital tokens "for fun."The Hill
August 12, 2021 – Phishing
Malicious Actors Employ Impersonation Scams to Infect Users with Flubot Malware Full Text
Abstract
Malicious hackers are impersonating delivery services and sending phishing text messages to Britons to trick them into downloading Flubot malware, according to UK mobile network Three.Cyber News
August 12, 2021 – Malware
Experts Shed Light On New Russian Malware-as-a-Service Written in Rust Full Text
Abstract
A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts. Dubbed " Ficker Stealer ," it's notable for being propagated via Trojanized web links and compromised websites, luring in victims to scam landing pages purportedly offering free downloads of legitimate paid services like Spotify Music, YouTube Premium, and other Microsoft Store applications. "Ficker is sold and distributed as Malware-as-a-Service (MaaS), via underground Russian online forums," BlackBerry's research and intelligence team said in a report published today. "Its creator, whose alias is @ficker, offers several paid packages, with different levels of subscription fees to use their malicious program." First seen in the wiThe Hacker News
August 12, 2021 – General
OMB Spells Out Federal Agencies’ Cybersecurity Timelines Full Text
Abstract
The Office of Management and Budget is ordering federal agencies to begin identifying "critical software" that needs protection as part of the effort to fulfill President Joe Biden's cybersecurity executive order issued in May.Gov Info Security
August 12, 2021 – Criminals
Ransomware gang uses PrintNightmare to breach Windows servers Full Text
Abstract
Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads.BleepingComputer
August 12, 2021 – Phishing
If a QR code leads you to a Bitcoin ATM at a gas station, it’s a scam Full Text
Abstract
Whether by QR code and bogus website or plain old unsolicited telephone call, the outcome is typically the same. Monthly fees going out of the victim’s bank account until they notice something amiss.Malwarebytes Labs
August 12, 2021 – General
How Companies Can Protect Themselves from Password Spraying Attacks Full Text
Abstract
Attackers are using many types of attacks to compromise business-critical data. These can include zero-day attacks, supply chain attacks, and others. However, one of the most common ways that hackers get into your environment is by compromising passwords. The password spraying attack is a special kind of password attack that can prove effective in compromising your environment. Let's look closer at the password spraying attack and how organizations can prevent it. Beware of compromised credentials Are compromised credentials dangerous to your environment? Yes! Compromised credentials allow an attacker to "walk in the front door" of your environment with legitimate credentials. They assume all the rights and permissions to systems, data, and resources the compromised account can access. The compromise of a privileged account is even worse. Privileged accounts are accounts that have high levels of access, such as an administrator user account. These types of accounts rThe Hacker News
August 12, 2021 – Vulnerabilities
Microsoft warns of a new unpatched Windows Print Spooler RCE zero-day Full Text
Abstract
Microsoft is warning of another zero-day Windows print spooler vulnerability, tracked as CVE-2021-36958, that could allow local attackers to gain SYSTEM privileges. Microsoft published a security advisory to warn its customers of another remote code...Security Affairs
August 12, 2021 – Criminals
European police round up 23 suspected scammers accused of $1.2 million fraud Full Text
Abstract
An international police operation resulted in 23 arrests of suspects behind a BEC scheme that last year turned to capitalizing on COVID-19 fears, Europol announced on Wednesday.Cyberscoop
August 12, 2021 – Attack
IT Giant Accenture Hit by LockBit Ransomware; Hackers Threaten to Leak Data Full Text
Abstract
Global IT consultancy giant Accenture has become the latest company to be hit by the LockBit ransomware gang, according to a post made by the operators on their dark web portal, likely filling a void left in the wake of DarkSide and REvil shutdown. "These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider," read a message posted on the data leak website. Accenture said it has since restored the affected systems from backups. LockBit, like its now-defunct DarkSide and REvil counterparts, operates using a ransomware-as-a-service (RaaS) model, roping in other cybercriminals (aka affiliates) to carry out the intrusion using its platform, with the payments often divided between the criminal entity directing the attack and the core developers of the malware. The ransomware group emerged on the threat landscape in September 2019, and in June 2021 launched LockBit 2.0 along with an advertising campaign to recruitThe Hacker News
August 12, 2021 – Hacker
Threat actors behind the Poly Network hack are returning stolen funds Full Text
Abstract
The threat actor who hacked Poly Network cross-chain protocol stealing $611 million worth of cryptocurrency assets returns the stolen funds. The threat actor behind the hack of the Poly Network cross-chain protocol is now returning the stolen funds....Security Affairs
August 12, 2021 – Hacker
Chinese Hacker Group Targets Israel, Pretends to be Iranian Full Text
Abstract
UNC215 used new TTPs to evade detection and attribution, implement false flags, and exploit trusted relationships for lateral propagation. As per Mandiant, the threat actor is still active.Cyware Alerts - Hacker News
August 12, 2021 – Covid-19
Fake COVID vaccine card sales ramp up on Dark Web Full Text
Abstract
Even as the COVID-19 delta variant spreads, many people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.Tech Republic
August 12, 2021 – Criminals
AlphaBay Dark Web Marketplace Claims to be Back in Business Four Years After FBI Seizure Full Text
Abstract
The alleged resurrection of AlphaBay, dubbed the Amazon of the dark web, shows how difficult it can be for law enforcement agencies to keep some cybercrime venues shuttered.Cyberscoop
August 12, 2021 – Government
Australia: Labor tries the Senate after ransomware payments Bill flops in the House of Reps Full Text
Abstract
The Bill that would require entities to inform the Australian government before they make a ransomware payment has been introduced to the Senate by the federal opposition.ZDNet
August 12, 2021 – Business
Mandiant’s Advantage Platform To Get A Boost With Intrigue Acquisition Full Text
Abstract
FireEye-owned Mandiant on Tuesday announced it has acquired attack surface management startup Intrigue in a move to bolster the Mandiant Advantage software-as-a-service platform.CRN
August 12, 2021 – Criminals
Cybercriminals Use IISerpent Server-side Malware to Manipulate Search Engine Results and Conduct Fraud Full Text
Abstract
Contrary to IISpy and IIStealer, IISerpent affects neither the compromised server nor the server’s users. In fact, it ignores all requests coming from legitimate visitors of the compromised sites.ESET Security
August 11, 2021 – Breach
Kaseya’s ‘Master Key’ to REvil Attack Leaked Online Full Text
Abstract
The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said.Threatpost
August 11, 2021 – Vulnerabilities
Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability Full Text
Abstract
A day after releasing Patch Tuesday updates , Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. Tracked as CVE-2021-36958 (CVSS score: 7.3), the unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the printer service and come to light in recent months. Victor Mata of FusionX, Accenture Security, who has been credited with reporting the flaw, said the issue was disclosed to Microsoft in December 2020. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," the company said in its out-of-band bulletin, echoing the vulnerability details for CVE-2021-34481 . "An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could thenThe Hacker News
August 11, 2021 – Vulnerabilities
Microsoft confirms another Windows print spooler zero-day bug Full Text
Abstract
Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer.BleepingComputer
August 11, 2021 – General
Hillicon Valley: Rand Paul suspended one week by YouTube over COVID-19 mask claims | Crypto industry seeks to build momentum after losing Senate fight | Senators introduce bill to promote app store competition Full Text
Abstract
A busy mid-week work day saw a well-known Republican member of the Senate get temporarily suspended from YouTube due to allegations he was spreading incorrect information on the COVID-19 pandemic. Meanwhile, cryptocurrency leaders are gathering their strength and preparing to weigh in on the upcoming House debate on the infrastructure package, and legislation was introduced to promote app store competition.The Hill
August 11, 2021 – Disinformation
‘Friends’ Reunion Anchors Video Swindle Full Text
Abstract
Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix.Threatpost
August 11, 2021 – Cryptocurrency
Hacker behind biggest cryptocurrency heist ever returns stolen funds Full Text
Abstract
The threat actor who hacked Poly Network's cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds.BleepingComputer
August 11, 2021 – Attack
Consulting group Accenture hit by cyberattack Full Text
Abstract
Global consulting group Accenture confirmed Wednesday that it had been hit by a cyberattack, becoming the latest in a string of organizations in recent months to be targeted.The Hill
August 11, 2021 – Criminals
Hacker behind biggest cryptocurrency heist ever returns stolen funds Full Text
Abstract
The threat actor who hacked Poly Network's cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds.BleepingComputer
August 11, 2021 – Policy and Law
Lawmakers raise concerns over federal division of cybersecurity responsibilities Full Text
Abstract
The bipartisan leaders of the House Homeland Security Committee on Wednesday raised concerns about the division of responsibilities among key federal cybersecurity officials, noting that without clarification, the situation could “stunt” the response to cybersecurity challenges.The Hill
August 11, 2021 – Attack
Accenture has been hit by a LockBit 2.0 ransomware attack Full Text
Abstract
Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 ransomware operators,...Security Affairs
August 11, 2021 – Government
NSA Watchdog Will Review Tucker Carlson Spying Claims Full Text
Abstract
Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted.Threatpost
August 11, 2021 – Hacker
Hackers return portion of $600 million stolen from cryptocurrency site Full Text
Abstract
Hackers behind the breach of cryptocurrency company Poly Network on Wednesday returned almost half of the $600 million in digital tokens they stole following a plea from the company to do so.The Hill
August 11, 2021 – Vulnerabilities
Nine Critical and High-Severity Vulnerabilities Patched in SAP Products Full Text
Abstract
German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity.Security Week
August 11, 2021 – Botnet
The cost of unwanted bot traffic - up to $250M a year Full Text
Abstract
During the pandemic, online presence has become crucial for retail businesses. It has also led to the challenge of evasive malicious bots that are now leaching off of already vulnerable businesses.Cyber News
August 11, 2021 – Attack
DBREACH: A New Attack Against Databases Full Text
Abstract
Researchers have detailed a new type of attack called Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics (DBREACH) against databases at the Black Hat US 2021 hybrid event. It could result in information disclosure and loss. Attackers can further monitor the database us ... Read MoreCyware Alerts - Hacker News
August 11, 2021 – APT
UNC215, an alleged China-linked APT group targets Israel orgs Full Text
Abstract
China-linked threat actors UNC215 targeted Israeli organizations in a long-running campaign and used false flags to trick victims into believing the attacks was from Iran. A China-linked cyber-espionage group has targeted Israeli organizations and government...Security Affairs
August 11, 2021 – Vulnerabilities
Intel Addresses High-Severity Flaws in NUC 9 Extreme Laptops, Ethernet Linux Drivers Full Text
Abstract
Intel on Tuesday released six new security advisories to inform customers about the availability of firmware and software updates that address a total of 15 vulnerabilities across several products.Security Week
August 11, 2021 – Business
Norton and Avast are merging into an $8 billion antivirus empire Full Text
Abstract
NortonLifeLock and Avast are merging in a deal worth more than $8 billion. The deal will see NortonLifelock acquire all of Avast’s shares, and create a much larger cybersecurity firm.The Verge
August 11, 2021 – Vulnerabilities
ProxyShell - Another MS Exchange Flaw Gaining Traction Among Attackers Full Text
Abstract
A cybersecurity researcher recently spotted threat actors actively trying to exploit Microsoft Exchange servers by targeting ProxyShell vulnerabilities. The newly discovered vulnerabilities could be exploited via the Client Access Service (CAS), which runs in IIS on port 443. Experts recommend appl ... Read MoreCyware Alerts - Hacker News
August 11, 2021 – Breach
Accenture confirms hack after LockBit ransomware data leak threats Full Text
Abstract
Accenture, a global IT consultancy giant has likely been hit by a ransomware cyberattack. The ransomware group LockBit is threatening to publish data on its leak site within hours, as seen by BleepingComputer.BleepingComputer
August 11, 2021 – Business
OwnBackup Raises $240 Million at $3.35 Billion Valuation Full Text
Abstract
Data protection solutions provider OwnBackup on Tuesday announced raising $240 million in a Series E funding round led by Alkeon Capital and B Capital Group at a valuation of $3.35 billion.Security Week
August 11, 2021 – Cryptocurrency
XMRig-based Cryptomining Worm with 15% Speed Boost Full Text
Abstract
A new variant of the Golang crypto-worm has been found dropping Monero-mining malware on targeted machines. The crypto-worm is based on XMRig and abuses known web server vulnerabilities. It has the ability to speed up the mining process by 15%.Cyware Alerts - Hacker News
August 11, 2021 – Phishing
Online Scammers Impersonate the Australian Taxation Office for Tax Season Full Text
Abstract
With the government sending out tax communications, stimulus checks and more in the wake of COVID-19, scammers are taking advantage of the fact that an email from the ATO would not seem out of place.Cofense
August 11, 2021 – Vulnerabilities
SAP Patches Nine Critical & High-Severity Bugs Full Text
Abstract
Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours.Threatpost
August 11, 2021 – Cryptocurrency
Crypto Hack Earned Crooks $600 Million Full Text
Abstract
In one of the largest cryptocurrency hacks to date, cyberattackers reportedly stole millions from the decentralized finance (DeFi) platform Poly Network.Threatpost
August 11, 2021 – Criminals
Unhappy Affiliate Spills Conti’s Attack Secrets Full Text
Abstract
An affiliate of Conti ransomware leaked the manuals and technical guides—used by the gang to train new members—on a cybercrime forum owing to financial conflicts. The leaked information is said to be the holy grail of the penetration testing team working behind the Conti gang. The files were upl ... Read MoreCyware Alerts - Hacker News
August 11, 2021 – Malware
New AdLoad malware variant slips through Apple’s XProtect defenses Full Text
Abstract
A new AdLoad malware variant is slipping through Apple's YARA signature-based XProtect built-in antivirus tech to infect Macs.BleepingComputer
August 11, 2021 – Vulnerabilities
Multiple vulnerabilities discovered in AT&T Labs’ Xmill utility Full Text
Abstract
An attacker could take advantage of these issues to carry out a variety of malicious actions, including corrupting the application’s memory and gaining the ability to execute remote code.Cisco Talos
August 11, 2021 – Cryptocurrency
$600M in digital tokens lost in hack of cryptocurrency site Full Text
Abstract
A cryptocurrency platform has lost around $600 million in digital tokens in a hacking attack believed to be one the largest ever thefts in the cryptocurrency market.The Hill
August 11, 2021 – Vulnerabilities
Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic Full Text
Abstract
Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to exfiltrate sensitive information from corporate networks. "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz said . Calling it a "bottomless well of valuable intel," the treasure trove of information contains internal and external IP addresses, computer names, employee names and locations, and details about organizations' web domains. The findings were presented at the Black Hat USA 2021 security conference last week. "The traffic that leaked to us from internal network traffic provides malicious actors all the intel they would ever need to launch a successful attack," the researchers added. "More than tThe Hacker News
August 11, 2021 – Vulnerabilities
Adobe fixes critical flaws in Magento, patch it immediately Full Text
Abstract
Adobe security updates for August 2021 have addressed critical vulnerabilities in Magento and important bugs in Adobe Connect. Adobe security updates for August 2021 address a total of 29 flaws, including critical vulnerabilities in Magento and important...Security Affairs
August 11, 2021 – Breach
Kaseya’s universal REvil decryption key leaked on a hacking forum Full Text
Abstract
The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key.BleepingComputer
August 11, 2021 – Vulnerabilities
A Flaw with DNSaaS Providers Exploited for Intelligence Gathering Full Text
Abstract
A set of DNS vulnerabilities was found impacting DNS-as-a-Service (DNSaaS) providers. It enables cybercriminals to rip off sensitive corporate data. The flaws could allow intelligence harvesting simply by using a domain registration technique. There are mitigation steps available that can be f ... Read MoreCyware Alerts - Hacker News
August 11, 2021 – General
MSPs and MSSPs Can Increase Profit Margins With Cynet 360 Platform Full Text
Abstract
As cyber threats keep on increasing in volume and sophistication, more and more organizations acknowledge that outsourcing their security operations to a 3rd-party service provider is a practice that makes the most sense. To address this demand, managed security services providers (MSSPs) and managed service providers (MSPs) continuously search for the right products that would empower their teams to deliver high-quality and scalable services. Cynet 360 Autonomous Breach Protection platform offers a multitenant security solution for MSSP/MSP, providing automated, all-in-one products that include a robust SOAR layer, on top of attack prevention and detection. (Learn more about Cynet's partner program for MSPs and MSSPs here). Service providers typically have a skilled security team at their disposal. The challenge is how to leverage this skill to serve as many customers as possible without compromising on the quality of the service. That makes each minute of each team member aThe Hacker News
August 11, 2021 – Vulnerabilities
Microsoft patch Tuesday security updates fix PrintNightmare flaws Full Text
Abstract
Microsoft released patch Tuesday security updates for August that address 120 CVEs in Microsoft products including a zero-day actively exploited in the wild. Microsoft released patch Tuesday security updates for August that address 120 CVEs in multiple...Security Affairs
August 11, 2021 – General
10 Initial Access Broker Trends: Cybercrime Service Evolves Full Text
Abstract
Instead of trying to identify victims and gain remote access, they can select from a menu of options, picking victims based on their revenue, country and sector, and the type of access being offered.Gov Info Security
August 11, 2021 – Breach
Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network Full Text
Abstract
Hackers have siphoned $611 million worth of cryptocurrencies from a blockchain-based financial network in what's believed to be one of the largest heists targeting the digital asset industry, putting it ahead of breaches targeting exchanges Coincheck and Mt. Gox in recent years. Poly Network, a China-based cross-chain decentralized finance (DeFi) platform for swapping tokens across multiple blockchains such as Bitcoin and Ethereum, on Tuesday disclosed unidentified actors had exploited a vulnerability in its system to plunder thousands of digital tokens such as Ether. "The hacker exploited a vulnerability between contract calls," Poly Network said. The stolen Binance Chain, Ethereum, and Polygon assets are said to have been transferred to three different wallets, with the company urging miners of affected blockchain and centralized crypto exchanges to blocklist tokens coming from the addresses. The three wallet addresses are as follows - Ethereum: 0xC8a65FadfThe Hacker News
August 11, 2021 – Insider Threat
LockBit 2.0 is Now Hiring Corporate Insiders Full Text
Abstract
LockBit 2.0 ransomware group is hiring and promising corporate insiders millions of dollars if they assist attackers in infiltrating and encrypting corporate networks. The recent finding indicates the LockBit gang probably wants to remove the middleman hackers for companies’ login credentials. Such ... Read MoreCyware Alerts - Hacker News
August 11, 2021 – Criminals
Conti Ransomware Group Takes Advantage of Vulnerable Exchange Servers Full Text
Abstract
Some patched on-premises Microsoft Exchange email servers are still proving to be vulnerable. Conti ransomware group is now leveraging backdoors that persist, cybersecurity firm Pondurance reports.Gov Info Security
August 10, 2021 – Vulnerabilities
Magento Update Released to Fix Critical Flaws Affecting E-Commerce Sites Full Text
Abstract
Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition. Of the 26 flaws addressed, 20 are rated critical, and six are rated Important in severity. None of the vulnerabilities fixed this month by Adobe are listed as publicly known or under active attack at the time of release. The most concerning of the bugs are as follows - CVE-2021-36021, CVE-2021-36024, CVE-2021-36025, CVE-2021-36034, CVE-2021-36035, CVE-2021-36040, CVE-2021-36041, and CVE-2021-36042 (CVSS score: 9.1) - Arbitrary code execution due to improper input validation CVE-2021-36022 and CVE-2021-36023 (CVSS score: 9.1) - Arbitrary code execution due to OS command injection CVE-2021-3602The Hacker News
August 10, 2021 – Vulnerabilities
Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability Full Text
Abstract
Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. The update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core & Visual Studio, Azure, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows Codecs Library, Remote Desktop Client, among others. This is in addition to seven security flaws it patched in the Microsoft Edge browser on August 5. Chief among the patched issues is CVE-2021-36948 (CVSS score: 7.8), an elevation of privilege flaw affecting Windows Update Medic Service — a service that enables remediation and protection of Windows Update components — which could be abused to run malicious programs with escalated permissions. Microsoft's Threat Intelligence Center has been credited with reporting the flawThe Hacker News
August 10, 2021 – Vulnerabilities
Microsoft revives deprecated RDCMan after fixing security flaw Full Text
Abstract
Microsoft has revived the Remote Desktop Connection Manager (RDCMan) app that was deprecated last year due to an important severity information disclosure bug the company decided not to fix.BleepingComputer
August 10, 2021 – Attack
LockBit Ransomware Attacks Rise, Warns ACSC Full Text
Abstract
The Australian Cyber Security Centre (ACSC) issued an alert warning of increasing attacks on Australian organizations across multiple industry sectors by the LockBit 2.0 ransomware.Cyware Alerts - Hacker News
August 10, 2021 – General
Hillicon Valley: Senate package brings cybersecurity billions | Twitter suspends Taylor Greene, again | Amazon gets NSA contract Full Text
Abstract
What an avalanche of a news day! Albany aside, the Senate has finally approved the roughly $1 trillion bipartisan infrastructure package. Democrats also started debate over their multi-trillion spending plan, with cybersecurity and tech investments included in both.The Hill
August 10, 2021 – Hacker
Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel Full Text
Abstract
A Chinese cyber espionage group has been linked to a string of intrusion activities targeting Israeli government institutions, IT providers, and telecommunications companies at least since 2019. FireEye's Mandiant threat intelligence arm attributed the campaign to an operator it tracks as "UNC215", a Chinese espionage operation that's believed to have singled out organizations around the world dating back as far as 2014, linking the group with "low confidence" to an advanced persistent threat (APT) widely known as APT27 , Emissary Panda, or Iron Tiger. "UNC215 has compromised organizations in the government, technology, telecommunications, defense, finance, entertainment, and health care sectors," FireEye's Israel and U.S. threat intel teams said in a report published today. "The group targets data and organizations which are of great interest to Beijing's financial, diplomatic, and strategic objectives," the findings reflThe Hacker News
August 10, 2021 – Breach
$611 million stolen in Poly Network cross-chain hack Full Text
Abstract
The cross-chain protocol Poly Network has been hacked, threat actors stole $611 million making this hack the largest DeFi hack to date. $611 million has reportedly been stolen in one of the largest cryptocurrency hacks. The cross-chain protocol...Security Affairs
August 10, 2021 – General
Connected Farms Easy Pickings for Global Food Supply-Chain Hack Full Text
Abstract
John Deere security bugs could allow cyberattackers to damage crops, surrounding property or even people; impact harvests; or destroy farmland for years.Threatpost
August 10, 2021 – Vulnerabilities
Adobe fixes critical preauth vulnerabilities in Magento Full Text
Abstract
Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect.BleepingComputer
August 10, 2021 – Criminals
Cybercriminals Attack Cross-Chain DeFi Platform Poly Network and Steal Hundreds of Millions Worth of Crypto Assets Full Text
Abstract
Poly Network, a protocol launched by the founder of Chinese blockchain project Neo, operates on the Binance Smart Chain, Ethereum, and Polygon blockchains. This attack struck each chain consecutively.Coin Desk
August 10, 2021 – Government
Senate includes over $1.9 billion for cybersecurity in infrastructure bill Full Text
Abstract
The Senate included more than $1.9 billion in cybersecurity funds as part of the roughly $1 trillion bipartisan infrastructure package approved Tuesday.The Hill
August 10, 2021 – Hacker
Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers Full Text
Abstract
Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication. Disclosed by Tenable on August 3, the issue is believed to have existed for at least 10 years, affecting at least 20 models across 17 different vendors, including Asus, Beeline, British Telecom, Buffalo, Deutsche Telekom, Orange, Telstra, Telus, Verizon, and Vodafone. Successful exploitation of the could enable an attacker to circumvent authentication barriers and potentially gain access to sensitive information, including valid request tokens, which could be used to make requests to alteThe Hacker News
August 10, 2021 – Ransomware
New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors Full Text
Abstract
A new variant of the eCh0raix ransomware is able to target Network-Attached Storage (NAS) devices from both QNAP and Synology vendors. A newly variant of the eCh0raix ransomware is able to infect Network-Attached Storage (NAS) devices from...Security Affairs
August 10, 2021 – General
Fuzz Off: How to Shake Up Code to Get It Right – Podcast Full Text
Abstract
Is fuzzing for the cybersec elite, or should it be accessible to all software developers? FuzzCon panelists say join the party as they share fuzzing wins & fails.Threatpost
August 10, 2021 – Breach
Crytek confirms Egregor ransomware attack, customer data theft Full Text
Abstract
Game developer and publisher Crytek has confirmed that the Egregor ransomware gang breached its network in October 2020, encrypting systems and stealing files containing customers' personal info later leaked on the gang's dark web leak site.BleepingComputer
August 10, 2021 – General
Retail became a top target for ransomware and data-theft Full Text
Abstract
According to Sophos, retail and education sector faced the highest level of ransomware attacks during 2020, with 44% of organizations hit (compared to 37% across all industry sectors).Cyber News
August 10, 2021 – Solution
Microsoft Azure Sentinel uses Fusion ML to detect ransomware attacks Full Text
Abstract
Microsoft Azure Sentinel cloud-native SIEM (Security Information and Event Management) platform used the Fusion machine learning model to detect ransomware attack. Microsoft Azure Sentinel cloud-native SIEM is using the Fusion machine learning model...Security Affairs
August 10, 2021 – Solution
Windows security update blocks PetitPotam NTLM relay attacks Full Text
Abstract
Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain.BleepingComputer
August 10, 2021 – Attack
Illinois’ FOID Card System Hit By Cyber Attack Full Text
Abstract
On the heels of cyber attacks on the Illinois Attorney General's Office and the Illinois Department of Employment Security, comes word of trouble for the Illinois State Police (ISP).1440wrok
August 10, 2021 – Breach
FlyTrap, a new Android Trojan compromised thousands of Facebook accounts Full Text
Abstract
Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. Zimperium's zLabs researchers spotted a new Android trojan, dubbed FlyTrap, that already compromised...Security Affairs
August 10, 2021 – Vulnerabilities
Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws Full Text
Abstract
Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches.BleepingComputer
August 10, 2021 – Business
Google discontinues Bluetooth security keys to focus on NFC versions Full Text
Abstract
Only two security key models will be available from tomorrow, namely Titan keys with USB-A and USB-C connectors, both of which also support NFC (Near Field Communication) for mobile connectivity.The Record
August 10, 2021 – Vulnerabilities
Microsoft fixes Windows Print Spooler PrintNightmare vulnerability Full Text
Abstract
Microsoft has fixed the PrintNightmare vulnerability in the Windows Print Spooler by requiring users to have administrative privileges when using the Point and Print feature to install printer drivers.BleepingComputer
August 10, 2021 – Breach
Companies Still Exposing Sensitive Data via Known Salesforce Misconfiguration Full Text
Abstract
While the misconfiguration has been known since at least last year and Salesforce has taken steps to prevent incidents, security company Varonis says it’s still seeing many affected organizations.Security Week
August 10, 2021 – Cryptocurrency
Over $600 million reportedly stolen in cryptocurrency hack Full Text
Abstract
Over $611 million have reportedly been stolen in one of the largest cryptocurrency hacks. Decentralized cross-chain protocol and network, Poly Network announced today that it was attacked with cryptocurrency assets having successfully been transferred into the attackers' wallets.BleepingComputer
August 10, 2021 – Attack
RansomEXX Hackers Threaten to Leak Data of Intel, AMD After Attack on Gigabyte Full Text
Abstract
The RansomExx gang is threatening to release more than 112 GB of data that may include confidential documents from chip makers Intel and AMD and American firm Megatrends.The Times Of India
August 10, 2021 – Solution
Firefox adds enhanced cookie clearing, HTTPS by default in private browsing Full Text
Abstract
Mozilla says that, starting in Firefox 91 released today, users will be able to fully erase the browser history for all visited websites which prevents privacy violations due to "sneaky third-party cookies sticking around."BleepingComputer
August 10, 2021 – General
The challenges healthcare CISOs face in an evolving threat landscape Full Text
Abstract
Organizations in the healthcare sector – and especially those engaged in delivering healthcare services – have always been juicy targets for cyberattackers. The pandemic further boosted this trend.Help Net Security
August 10, 2021 – Ransomware
eCh0raix ransomware now targets both QNAP and Synology NAS devices Full Text
Abstract
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.BleepingComputer
August 9, 2021 – Disinformation
Black Hat: Scaling Automated Disinformation for Misery and Profit Full Text
Abstract
Researchers demonstrated the power deep neural networks enlisted to create a bot army with the firepower to shape public opinion and spark QAnon 2.0.Threatpost
August 9, 2021 – Vulnerabilities
Auth Bypass Bug Exploited, Affecting Millions of Routers Full Text
Abstract
A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks.Threatpost
August 09, 2021 – Breach
One million stolen credit cards leaked to promote carding market Full Text
Abstract
A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums.BleepingComputer
August 9, 2021 – Breach
Chanel Korea apologizes for personal data leak Full Text
Abstract
The company said it had learned that the personal information of some customers from its database -- including names, birth dates, phone numbers, and shopping histories -- had been breached last week.Korea Herald
August 09, 2021 – General
Hillicon Valley: Cryptocurrency amendment blocked in Senate | Dems press Facebook over suspension of researchers’ accounts | Thousands push back against Apple plan to scan US iPhones for child sexual abuse images Full Text
Abstract
MORE CRYPTO COMPLICATIONS: A bipartisan amendment to redefine who would be subject to new cryptocurrency regulation requirements under the Senate infrastructure bill was blocked Monday after Sen. Richard ShelbyRichard Craig ShelbyGOP senator vows to slow-walk T infrastructure bill, sparking standoff The Hill's Morning Report - Presented by Facebook - Infrastructure bill poised for Senate weekend vote On The Money: Trump asks court to block release of tax returns to Congress | Private sector adds 330K jobs in July, well short of expectations MORE (R-Ala.) tried to attach his untreated proposal to boost military spending by $50 billion.The Hill
August 09, 2021 – Vulnerabilities
A Critical Random Number Generator Flaw Affects Billions of IoT Devices Full Text
Abstract
A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week. "In fact, in many cases, devices are choosing encryption keys of 0 or worse. This can lead to a catastrophic collapse of security for any upstream use." Random number generation ( RNG ) is a crucial process that undergirds several cryptographic applications, including key generation, nonces, and salting. On traditional operating systems, it's derived from a cryptographically secure pseudorandom number generator (CSPRNG) that uses entropy obtained from a high-quality seed source.The Hacker News
August 9, 2021 – Botnet
StealthWorker botnet targets Synology NAS devices to drop ransomware Full Text
Abstract
Taiwanese vendor Synology has warned customers that the StealthWorker botnet is targeting their NAS devices to deliver ransomware. Taiwan-based vendor Synology has warned customers that the StealthWorker botnet is conducting brute-force attacks in an attempt...Security Affairs
August 9, 2021 – Attack
‘Glowworm’ Attack Turns Power Light Flickers into Audio Full Text
Abstract
Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings.Threatpost
August 09, 2021 – Malware
FlyTrap malware hijacks thousands of Facebook accounts Full Text
Abstract
A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies.BleepingComputer
August 9, 2021 – Outage
Joplin: City Computer Shutdown Was Ransomware Attack Full Text
Abstract
The insurer for Joplin paid $320,00 to an unknown person after a ransomware attack shut down the city’s government’s computer system last month, Joplin City Manager Nick Edwards said Thursday.Security Week
August 09, 2021 – Privacy
Thousands sign open letter arguing against Apple plan to scan US iPhones for child sexual abuse images Full Text
Abstract
A group of security and privacy tech advocates are pushing back against Apple’s recently announced plan to scan iPhones and iPads for images of child sexual abuse stored in the cloud, citing concerns around privacy and surveillance.The Hill
August 09, 2021 – General
Users Can Be Just As Dangerous As Hackers Full Text
Abstract
Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat. But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad. Most organizations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding. However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce. All of these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens ofThe Hacker News
August 9, 2021 – Attack
City of Joplin paid a 320K ransom after a ransomware Attack Full Text
Abstract
A ransomware attack hit City of Joplin forcing the IT staff to shutdown the City computer. Finally the insurer for Joplin paid $320,000 to threat actors. A ransomware attack last month hit the City of Joplin forcing the IT staff to shut down the city’s...Security Affairs
August 9, 2021 – General
Cutting Through the Noise from Daily Alerts Full Text
Abstract
The biggest challenge for security teams today is the quality of the threat intelligence platforms and feeds. How much of the intel is garbage and unusable? Threat intelligence process itself spans and feeds into many external and internal systems and applications. Without actionable data, it is impossible to understand the relevance and potential impact of a threat. Learn how Threat Intelligence management plays a role to help prioritize and act fast.Threatpost
August 09, 2021 – Solution
Microsoft adds Fusion ransomware attack detection to Azure Sentinel Full Text
Abstract
Microsoft says that the Azure Sentinel cloud-native SIEM (Security Information and Event Management) platform is now able to detect potential ransomware activity using the Fusion machine learning model.BleepingComputer
August 9, 2021 – Breach
Data leak affects about 3,000 NYC students and 100 employees, officials confirm Full Text
Abstract
At least one student within the public school system managed to access a Google Drive that contained the private information of students and department employees across the city.districtadministration
August 09, 2021 – Cryptocurrency
Senators reach bipartisan deal on cryptocurrency amendment Full Text
Abstract
Republican Sens. Pat Toomey (Pa.) and Cynthia LummisCynthia Marie LummisThe Senate should support innovation and pass the Lummis-Wyden-Toomey amendment The "compromise" crypto amendment is no compromise at all Hillicon Valley: Cryptocurrency clash complicate's infrastructure bill's path forward | FTC hits Facebook over 'inaccurate' explanation for banning researchers | Yelp to allow filtering for business requiring vaccination MORE (Wyo.) said an amendment to the infrastructure bill that would redefine who falls subject to cryptocurrency regulation requirements will be brought for a unanimous consent vote on Monday afternoon after a group of bipartisan senators and the Treasury Department came to an agreement.The Hill
August 09, 2021 – Malware
Beware! New Android Malware Hacks Thousands of Facebook Accounts Full Text
Abstract
A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces. Dubbed " FlyTrap ," the previously undocumented malware is believed to be part of a family of trojans that employ social engineering tricks to breach Facebook accounts as part of a session hijacking campaign orchestrated by malicious actors operating out of Vietnam, according to a report published by Zimperium's zLabs today and shared with The Hacker News. Although the offending nine applications have since been pulled from Google Play, they continue to be available in third-party app stores, "highlighting the risk of sideloaded applications to mobile endpoints and user data," Zimperium malware researcher Aazim Yaswant said. The list of apps is as follows - GG Voucher (com.luxcarad.cardid) Vote European Football (com.gardenguThe Hacker News
August 9, 2021 – Government
Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks Full Text
Abstract
The Australian Cyber Security Centre (ACSC) warns of a surge of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 ransomware...Security Affairs
August 09, 2021 – Business
Google drops Bluetooth Titan Security Keys in favor of NFC versions Full Text
Abstract
Google is discontinuing the Bluetooth Titan Security Key to focus on security keys with Near Field Communication (NFC) functionality.BleepingComputer
August 9, 2021 – Business
Checkmarx’s Dustico acquisition bolsters the open source software supply chain Full Text
Abstract
Application security testing (AST) company Checkmarx has acquired Dustico, a platform for detecting backdoors and other malicious activity in the open source software supply chain.Venture Beat
August 09, 2021 – Vulnerabilities
Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw Full Text
Abstract
Pulse Secure has shipped a fix for a critical post-authentication remote code execution (RCE) vulnerability in its Connect Secure virtual private network (VPN) appliances to address an incomplete patch for an actively exploited flaw it previously resolved in October 2020. "The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in Remote Code Execution as root," NCC Group's Richard Warren disclosed on Friday. "This vulnerability is a bypass of the patch for CVE-2020-8260 ." "An attacker with such access will be able to circumvent any restrictions enforced via the web application, as well as remount the filesystem, allowing them to create a persistent backdoor, extract and decrypt credentials, compromise VPN clients, or pivot into the internal network," Warren added. The disclosure comes days after Ivanti, the company behind Pulse Secure, pThe Hacker News
August 9, 2021 – Hacker
Threat actors are probing Microsoft Exchange servers for ProxyShell flaws Full Text
Abstract
Threat actors are actively scanning for the Microsoft Exchange ProxyShell RCE flaws after technical details were released at the Black Hat conference. Threat actors started actively scanning for the Microsoft Exchange ProxyShell remote...Security Affairs
August 09, 2021 – Business
Google drops Bluetooth Titan Security Keys in favor of NFC versions Full Text
Abstract
Google is discontinuing the Bluetooth Titan Security Key to focus on security keys with Near Field Communication (NFC) functionality.BleepingComputer
August 9, 2021 – Cryptocurrency
Cinobi Banking Trojan Targets Japanese Cryptocurrency Exchange Users via Malvertising Campaign Full Text
Abstract
The malicious app abused sideloading flaws to load and start the Cinobi banking trojan. This is a new campaign from Water Kappa that is aimed at users of web browsers other than Internet Explorer.Trend Micro
August 09, 2021 – Malware
Synology warns of malware infecting NAS devices with ransomware Full Text
Abstract
Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks.BleepingComputer
August 9, 2021 – Solution
Enfilade: Open source tool flags ransomware and bot infections in MongoDB instances Full Text
Abstract
Researchers Aditya Sood and Rohit Bansal created an open-source tool that detects internet-facing MongoDB instances and whether they’ve been infected with ransomware or Meow malware has been launched.The Daily Swig
August 9, 2021 – General
Flaws in John Deere Systems Show Agriculture’s Cyber Risk Full Text
Abstract
Numerous vulnerabilities uncovered in tractor manufacturer John Deere's systems underscore the cyber risks that come in tandem with the productivity gains from high-tech farming.Bank Info Security
August 08, 2021 – Government
Australian govt warns of escalating LockBit ransomware attacks Full Text
Abstract
The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021.BleepingComputer
August 8, 2021 – Malware
FatalRAT: Another Trojan Exploiting Telegram Full Text
Abstract
Telegram channels have become quite the hot seat for threat actors. Lately, a new Remote Access Trojan (RAT) has entered the landscape, propagating via Telegram channels.Cyware Alerts - Hacker News
August 8, 2021 – Breach
1M compromised cards available for free in the underground market Full Text
Abstract
Group-IB detected an unconventional post on several carding forums containing links to a file containing 1 million compromised cards. On August 2, Group-IB Threat Intelligence & Attribution system detected an unconventional post on several carding...Security Affairs
August 8, 2021 – Vulnerabilities
PwnedPiper: Serious Flaws in Pneumatic Tubing System Full Text
Abstract
Security experts discovered a set of nine vulnerabilities, aka PwnedPiper, in the TransLogic Pneumatic Tube Systems from Swisslog Healthcare. The flaws impact around 80% of U.S. hospitals, with a possibility of complete system takeover. The vendor urged institutions to patch flaws and also provided ... Read MoreCyware Alerts - Hacker News
August 8, 2021 – General
Security Affairs newsletter Round 326 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. GhostEmperor,...Security Affairs
August 8, 2021 – Vulnerabilities
A zero-day RCE in Cisco ADSM has yet to be fixed Full Text
Abstract
A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ADSM) Launcher disclosed in July has yet to be addressed. Cisco provided an update on a remote code execution (RCE) vulnerability (CVE-2021-1585) in the Adaptive...Security Affairs
August 07, 2021 – Vulnerabilities
Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now Full Text
Abstract
Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference.BleepingComputer
August 07, 2021 – Vulnerabilities
Actively exploited bug bypasses authentication on millions of routers Full Text
Abstract
Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads.BleepingComputer
August 7, 2021 – General
Trend Micro: 80% of global orgs anticipate customer data breach in the next year Full Text
Abstract
A staggering 86% of global organizations believe they will suffer serious cyber attacks in the next year and 80% reported they are likely to experience a data breach, according to a new report by Trend Micro and the Ponemon Institute.Venture Beat
August 07, 2021 – Vulnerabilities
Go, Rust “net” library affected by critical IP address validation vulnerability Full Text
Abstract
The commonly used "net" library in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The bug has to do with how "net" treats IP addresses as decimal, even when they are provided in a mixed (octal-decimal) format, and therefore making applications vulnerable to SSRF and RFI.BleepingComputer
August 7, 2021 – General
Password of three random words better than complex variation, experts say Full Text
Abstract
The National Cyber Security Centre (NCSC), part of the U.K Government's Communications Headquarters, highlighted its “three random words” recommendation in a new blog post.The Guardian
August 7, 2021 – Vulnerabilities
CVE-2021-20090 actively exploited to target millions of IoT devices worldwide Full Text
Abstract
Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090,...Security Affairs
August 7, 2021 – Hacker
Hackers attempt to breach Illinois State Police FOID website Full Text
Abstract
The Illinois State Police have said that they have added additional online security requirements to FOID online application system after hackers attempted to breach the site.Yahoo! Finance
August 7, 2021 – Attack
RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE Full Text
Abstract
Taiwanese manufacturer and distributor of computer hardware GIGABYTE was a victim of the RansomEXX ransomware gang. RansomEXX ransomware gang hit the Taiwanese manufacturer and distributor of computer hardware GIGABYTE and claims to have stolen...Security Affairs
August 7, 2021 – Breach
University of Kentucky discovers data breach during scheduled pen-test Full Text
Abstract
The University of Kentucky said it discovered a security breach of one of its test-taking platforms during a scheduled security penetration test carried out by a third party in early June.The Record
August 7, 2021 – Business
Checkmarx acquires open-source supply chain security startup Dustico Full Text
Abstract
Founded in 2020, Dustico provides a dynamic source-code analysis platform that employs machine learning to detect malicious attacks and backdoors in software supply chains.TechCrunch
August 7, 2021 – General
Collective Intelligence: Realities and Hardships of Crowdsourced Threat Intel Full Text
Abstract
As technology has advanced and converged to support sharing in more recent times, there has been a stronger desire to leverage these new technical capabilities for greater sharing at higher volumes and faster speeds.Security Week
August 06, 2021 – General
Hillicon Valley: Cryptocurrency clash complicate’s infrastructure bill’s path forward | FTC hits Facebook over ‘inaccurate’ explanation for banning researchers | Yelp to allow filtering for business requiring vaccination Full Text
Abstract
As the Senate looks to wrap up the $1.2 trillion bipartisan infrastructure bill, competing amendments on cryptocurrency regulation are emerging as another challenge. The White House came out in support of an amendment put forward by a trio of bipartisan senators, but Senate Finance Committee Chairman Ron WydenRonald (Ron) Lee WydenGOP senator vows to slow-walk T infrastructure bill, sparking standoff The Senate should support innovation and pass the Lummis-Wyden-Toomey amendment The "compromise" crypto amendment is no compromise at all MORE (D-Ore.) and two Republicans who offered an amendment of their own, argued the administration-backed amendment could stifle innovation.The Hill
August 06, 2021 – Privacy
Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy Full Text
Abstract
Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material (CSAM) in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos, in addition to leveraging on-device machine learning to vet all iMessage images sent or received by minor accounts (aged under 13) to warn parents of sexually explicit photos shared over the messaging platform. Furthermore, Apple also plans to update Siri and Search to stage an intervention when users try to perform searches for CSAM-related topics, alerting that the "interest in this topic is harmful and problematic." "Messages uses on-device machine learning to analyze image attachments and determine if a photo is sexually explicit," Apple noted . "The feature is desiThe Hacker News
August 6, 2021 – General
Making the Joint Cyber Defense Collaborative Work Full Text
Abstract
As the Joint Cyber Defense Collaborative gets off the ground, CISA and Congress will need to take key steps to consolidate its functions and powers and work with ongoing initiatives within the federal government.Lawfare
August 6, 2021 – Cryptocurrency
Golang Cryptomining Worm Offers 15% Speed Boost Full Text
Abstract
The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process.Threatpost
August 06, 2021 – Vulnerabilities
New Amazon Kindle Bug Could’ve Let Attackers Hijack Your eBook Reader Full Text
Abstract
Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book. "By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information," Yaniv Balmas, head of cyber research at Check Point, said in an emailed statement. "The security vulnerabilities allow an attacker to target a very specific audience." In other words, if a threat actor wanted to single out a specific group of people or demographic, it's possible for the adversary to choose a popular e-book in a language or dialect that's widely spoken among the group to tailor and orchestrate a highly targeted cyber attack. Upon responsibly disclosing the issue to Amazon in February 2021, tThe Hacker News
August 06, 2021 – Ransomware
The Week in Ransomware - August 6th 2021 - Insider threat edition Full Text
Abstract
If there is one thing we learned this week, it's that not only are corporations vulnerable to insider threats but so are ransomware operations.BleepingComputer
August 06, 2021 – Vulnerabilities
Windows PetitPotam vulnerability gets an unofficial free patch Full Text
Abstract
A free unofficial patch is now available to block attackers from taking over domain controllers and compromising entire Windows domains via PetitPotam NTLM relay attacks.BleepingComputer
August 6, 2021 – Ransomware
RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna Full Text
Abstract
RansomEXX ransomware operators hit the popular Italian luxury fashion house Ermenegildo Zegna Holding and started leaking stolen files. Zegna is one of the most famous Italian luxury fashion houses. It was founded in 1910 by Ermenegildo Zegna in Trivero, Biella...Security Affairs
August 06, 2021 – Vulnerabilities
Cisco: Firewall manager RCE bug is a zero-day, patch incoming Full Text
Abstract
In a Thursday security advisory update, Cisco revealed that a remote code execution (RCE) vulnerability in the Adaptive Security Device Manager (ADSM) Launcher disclosed last month is a zero-day bug that has yet to receive a security update.BleepingComputer
August 6, 2021 – Vulnerabilities
Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN Full Text
Abstract
Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities...Security Affairs
August 06, 2021 – Attack
Computer hardware giant GIGABYTE hit by RansomEXX ransomware Full Text
Abstract
Taiwanese motherboard maker Gigabyte has suffered a RansomEXX ransomware attack where threat actors threaten to release 112 GB of data if a ransom is not paid.BleepingComputer
August 6, 2021 – Breach
Conti Leak Indicators – What to block, in your SOC…. Full Text
Abstract
Security expert provided leak indicators for Conti ransomware operations that were recently disclosed by a disgruntled affiliate. An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS,...Security Affairs
August 6, 2021 – Vulnerabilities
VMware addresses critical flaws in its products Full Text
Abstract
VMware has addressed a critical vulnerability that affects multiple products that could be exploited to gain access to confidential information. VMware has released security updates to address multiple flaws in its products, including a critical...Security Affairs
August 6, 2021 – Solution
Open source tool WARCannon simplifies web-wide vulnerability research Full Text
Abstract
Security researchers and bug bounty hunters can use WARCannon to non-invasively test regex patterns across the entire internet for corresponding vulnerability indicators.The Daily Swig
August 06, 2021 – Vulnerabilities
India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks Full Text
Abstract
Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a stored cross-site scripting flaw (also known as persistent XSS) in Koo's web application that allows malicious scripts to be embedded directly into the affected web application. To carry out the attack, all a malicious actor had to do was log into the service via the web application and post an XSS-encoded payload to its timeline, which automatically gets executed on behalf of all users who saw the post. The issue was discovered by security researcher Rahul Kankrale in July, following which a fix was rolled out by Koo on July 3. Using cross-site scripting, an attacker can perform actions on behalf of users with the same privileges as the user and steal web browser's secrets, such as authenticationThe Hacker News
August 6, 2021 – Ransomware
BlackMatter ransomware also targets VMware ESXi servers Full Text
Abstract
BlackMatter gang rapidly evolves, the group has developed a Linux version that allows operators to targets VMware's ESXi VM platform. The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform....Security Affairs
August 6, 2021 – Government
CISA Extends ICT SCRM Task Force Until 2023 Full Text
Abstract
On August 2, the CISA announced that it would be extending the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force to July 31, 2023.Meritalk
August 06, 2021 – Vulnerabilities
VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products Full Text
Abstract
VMware has released security updates for multiple products to address a critical vulnerability that could be exploited to gain access to confidential information. Tracked as CVE-2021-22002 (CVSS score: 8.6) and CVE-2021-22003 (CVSS score: 3.7), the flaws affect VMware Workspace One Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. CVE-2021-22002 concerns an issue with how VMware Workspace One Access and Identity Manager allow the "/cfg" web app and diagnostic endpoints to be accessed via port 443 by tampering with a host header, resulting in a server-side request. "A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication," the company said in its advisory. Suleyman Bayir of Trendyol has been credited withThe Hacker News
August 05, 2021 – Ransomware
Linux version of BlackMatter ransomware targets VMware ESXi servers Full Text
Abstract
The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform.BleepingComputer
August 05, 2021 – General
Hillicon Valley: Federal cyber agency kicks off effort to defend US against cyberattacks | Senators introduce bill to sanction nations tied to ransomware attacks | Amazon pushes back corporate reopening Full Text
Abstract
A new program kicked off Thursday aimed at defending the U.S. against cyberattacks, and a bipartisan group of lawmakers introduced legislation to help the federal government better track and analyze cyber crime.The Hill
August 5, 2021 – Malware
Black Hat: Charming Kitten Leaves More Paw Prints Full Text
Abstract
IBM X-Force detailed the custom-made “LittleLooter” data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof.Threatpost
August 05, 2021 – Government
CISA teams up with Microsoft, Google, Amazon to fight ransomware Full Text
Abstract
CISA has announced the launch of Joint Cyber Defense Collaborative (JCDC), a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats.BleepingComputer
August 05, 2021 – Government
Senators introduce bipartisan bill to sanction nations involved in ransomware attacks Full Text
Abstract
Senate Intelligence Committee Vice Chairman Marco Rubio (R-Fla.) and Sen. Dianne FeinsteinDianne Emiel FeinsteinNearly 140 Democrats urge EPA to 'promptly' allow California to set its own vehicle pollution standards Biden signs bill to bolster crime victims fund Stripping opportunity from DC's children MORE (D-Calif.) on Thursday introduced legislation that would sanction countries involved in state-sponsored ransomware attacks.The Hill
August 5, 2021 – Breach
Conti ransomware affiliate leaked gang’s training material and tools Full Text
Abstract
An affiliate of the Conti RaaS has leaked the training material shared by the group with its network along with the info about one of the operators. An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers...Security Affairs
August 05, 2021 – Vulnerabilities
New DNS vulnerability allows ‘nation-state level spying’ on companies Full Text
Abstract
Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.BleepingComputer
August 5, 2021 – Hacker
ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group Full Text
Abstract
IBM Security X-Force researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s TTPs overlap with Charming Kitten, Phosphorus, and TA453.Security Intelligence
August 05, 2021 – Government
Federal cyber agency kicks off collaborative to defend the U.S. against cyberattacks Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday kicked off a new effort to help defend the U.S. against cyberattacks, which have multiplied in recent months.The Hill
August 5, 2021 – Cryptocurrency
Cryptominer ELFs Using MSR to Boost Mining Process Full Text
Abstract
The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver. By UPTYCS THREAT RESEARCH Original research by Siddarth Sharma The Uptycs Threat Research...Security Affairs
August 05, 2021 – Breach
Angry Conti ransomware affiliate leaks gang’s attack playbook Full Text
Abstract
A disgruntled Conti affiliate has leaked the gang's training material when conducting attacks, including information about one of the ransomware's operators.BleepingComputer
August 5, 2021 – Criminals
Researchers Uncover Prometheus Traffic Distribution System Used to Propagate Multiple Malware Campaigns Full Text
Abstract
A recently discovered Prometheus traffic distribution system is helping malware and cybercrime gangs distribute their malicious payloads to unsuspecting users using hacked websites.The Record
August 05, 2021 – Government
Lawmakers roll out bipartisan bill to help track cyber crimes Full Text
Abstract
A group of bipartisan House and Senate lawmakers on Thursday introduced legislation intended to help the federal government better track and analyze cyber crime following a sharp increase in cyberattacks over the past year.The Hill
August 05, 2021 – Vulnerabilities
New Windows PrintNightmare zero-days get free unofficial patch Full Text
Abstract
A free unofficial patch has been released to protect Windows users from all new PrintNightmare zero-day vulnerabilities discovered since June.BleepingComputer
August 5, 2021 – Solution
Credential leak detection tool Scrapesy aims to reduce incident response times Full Text
Abstract
The tool, which scrapes both the clear web and dark web for exposed credentials, is designed for use by workers in security operations, incident response, threat intelligence, and pen testing roles.The Daily Swig
August 05, 2021 – Criminals
Prometheus TDS: The $250 service behind recent malware attacks Full Text
Abstract
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks.BleepingComputer
August 5, 2021 – Vulnerabilities
Twelve Year-old Vulnerability Impacting at Least 20 Router Models Could Allow Network Compromise Full Text
Abstract
Discovered by Evan Grant of Tenable, the critical path traversal flaw is tracked as CVE-2021–20090, with a CVSS of 9.8, and is exploitable by unauthenticated, remote attackers.The Daily Swig
August 5, 2021 – Government
Beware Free Wi-Fi: Government Urges Workers to Avoid Public Networks Full Text
Abstract
The NSA warned all federal employees, leading defense contractors, and civilian personnel that hackers could take advantage of the public Wi-Fi in coffee shops, airports, and hotel rooms.New York Times
August 5, 2021 – Breach
Reindeer Leaked the Sensitive Data of Over 300,000 People Due to Misconfigured Amazon S3 Bucket Full Text
Abstract
The misconfigured S3 bucket compromised the details of over 300,000 customers from various Reindeer clients. Patrón was the client firm with the most customers’ PIIs exposed.Security Magazine
August 5, 2021 – Solution
Spotting brand impersonation with Swin transformers and Siamese neural networks Full Text
Abstract
Using a combination of ML techniques, Microsoft developed a detection system that outperforms all visual fingerprint-based benchmarks on all metrics while maintaining a 90% hit rate.Microsoft
August 05, 2021 – Attack
Prometheus: The $250 service behind recent malware attacks Full Text
Abstract
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks.BleepingComputer
August 5, 2021 – Malware
Examining Unique Magento Backdoors Full Text
Abstract
These backdoors are intentionally hidden from public view, rendering any remote or external scanners futile, and the dynamic nature of these backdoors makes signature-based detection less reliable.Sucuri
August 05, 2021 – General
Salesforce Release Updates — A Cautionary Tale for Security Teams Full Text
Abstract
On the surface, Salesforce seems like a classic Software-as-a-Service (SaaS) platform. Someone might even argue that Salesforce invented the SaaS market. However, the more people work with the full offering of Salesforce, the more they realize that it goes beyond a traditional SaaS platform's capabilities. For example, few people talk about managing the security aspects of Salesforce Release Updates. By understanding what Release Updates are, why they pose a security risk, and how security teams can mitigate risk, Salesforce customers can better protect sensitive information. How to ensure the right configurations for your Salesforce security What are Salesforce Release Updates? Since Salesforce does not automatically update its platform, it does not follow the traditional SaaS model. For example, most SaaS platforms have two types of releases, security, and product improvements. Urgent security updates are released as soon as a security vulnerability is known, and product iThe Hacker News
August 5, 2021 – Attack
Italian energy company ERG hit by LockBit 2.0 ransomware gang Full Text
Abstract
ERG SPA, an Italian energy company, reports a minor impact on its operations after the recent ransomware attack conducted by LockBit 2.0 gang. Recently the Italian energy company ERG was hit by the LockBit 2.0 ransomware gang, now the company reported...Security Affairs
August 05, 2021 – Business
Google expects delays in enforcing 2FA for Chrome extension devs Full Text
Abstract
Google says that enforcing two-step verification on Google accounts of Chrome Web Store developers will take longer than expected.BleepingComputer
August 5, 2021 – Hacker
Watch a Hacker Hijack a Capsule Hotel’s Lights, Fans, and Beds Full Text
Abstract
A security researcher exploited IoT flaws that allowed him to hijack the controls for any room at the hotel to mess with its lights, ventilation, and the beds in each room that convert to a couch.Wired
August 05, 2021 – Attack
A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service Full Text
Abstract
Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID , QBot , Buer Loader , and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S. Dubbed " Prometheus TDS " (short for Traffic Direction System) and available for sale on underground platforms for $250 a month since August 2020, the service is designed to distribute malware-laced Word and Excel documents and divert users to phishing and malicious sites, according to a Group-IB report shared with The Hacker News. More than 3,000 email addresses are said to have been singled out via malicious campaigns in which Prometheus TDS was used to send malicious emails, with banking and finance, retail, energy and mining, cybersecurity, healthcare, IT, and insurance emerging the prominentThe Hacker News
August 05, 2021 – Vulnerabilities
Telegram for Mac bug lets you save self-destructing messages forever Full Text
Abstract
Researchers have discovered a way for users on Telegram for Mac to keep specific self-destructing messages forever or view them without the sender ever knowing.BleepingComputer
August 5, 2021 – Government
A US official explains why the White House decided not to ban ransomware payments Full Text
Abstract
The Biden administration backed away from the idea of banning ransomware payments after meetings with the private sector and cybersecurity experts, a top cybersecurity official said Wednesday.Cyberscoop
August 05, 2021 – Vulnerabilities
Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks Full Text
Abstract
Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorized login to the CPU module, and even cause a denial-of-service (DoS) condition. The security weaknesses, disclosed by Nozomi Networks , concern the implementation of an authentication mechanism in the MELSEC communication protocol that's used to exchange data with the target devices that is used for communication with target devices by reading and writing data to the CPU module. A quick summary of the flaws is listed below - Username Brute-force (CVE-2021-20594, CVSS score: 5.9) - Usernames used during authentication are effectively brute-forceable Anti-password Brute-force Functionality Leads to Overly Restrictive Account Lockout Mechanism (CVE-2021-20598, CVSS score: 3.7) - The implementation to thwart brute-force atThe Hacker News
August 05, 2021 – Business
Microsoft Edge just got a ‘Super Duper Secure Mode’ upgrade Full Text
Abstract
Microsoft has announced that the Edge Vulnerability Research team is experimenting with a new feature dubbed "Super Duper Secure Mode" and designed to bring security improvements without significant performance losses.BleepingComputer
August 5, 2021 – Criminals
Cybercriminals are manipulating reality to reshape the modern threat landscape Full Text
Abstract
Defenders are struggling to counter these complex attacks and gain visibility into new environments, such as the cloud, containers, and business communication applications.Help Net Security
August 5, 2021 – Vulnerabilities
Security company warns of Mitsubishi industrial control vulnerabilities Full Text
Abstract
Industrial cybersecurity company Nozomi Networks Labs has warned the industrial control system (ICS) security community about five vulnerabilities affecting Mitsubishi safety PLCs.ZDNet
August 5, 2021 – General
The Graph Foundation launches bug bounty program Full Text
Abstract
On Wednesday, the project said a new bug bounty program has been launched on Immunefi, a DeFi-based bug bounty platform that has paid out over $3 million in rewards to date.ZDNet
August 5, 2021 – Solution
Edge Super Duper Secure Mode turns off the JavaScript JIT compiler for extra security Full Text
Abstract
The lead of Microsoft Edge Vulnerability Research Johnathan Norman has detailed an experiment in Edge that disabled the JavaScript JIT compiler to enable some extra security protections.ZDNet
August 5, 2021 – General
Volume of cyber intrusion activity globally jumped 125%: Accenture Full Text
Abstract
A new report by the security division at Accenture found that 54% of all ransomware or extortion victims were companies with annual revenues between $1 billion and $9.9 billion.ZDNet
August 5, 2021 – Ransomware
Ransomware Evolution Full Text
Abstract
Ransomware attacks have evolved and the ransomware-as-a-service (RaaS) model became popular because the use of affiliates enables ransomware operators to attack more victims with little effort.Secure Works
August 5, 2021 – Vulnerabilities
Cisco fixes critical, high severity vulnerabilities in VPN routers Full Text
Abstract
Cisco fixed critical, high severity pre-auth security vulnerabilities impacting multiple Small Business VPN routers. Cisco addressed critical and high severity pre-auth security vulnerabilities that impact multiple Small Business VPN routers. An...Security Affairs
August 04, 2021 – Vulnerabilities
Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs Full Text
Abstract
Networking equipment major Cisco has rolled out patches to address critical vulnerabilities impacting its Small Business VPN routers that could be abused by a remote attacker to execute arbitrary code and even cause a denial-of-service (DoS) condition. The issues, tracked as CVE-2021-1609 (CVSS score: 9.8) and CVE-2021-1610 (CVSS score: 7.2), reside in the web-based management interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers running a firmware release prior to version 1.0.03.22. Both the issues stem from a lack of proper validation of HTTP requests, thus permitting a bad actor to send a specially-crafted HTTP request to a vulnerable device. Successful exploitation of CVE-2021-1609 could allow an unauthenticated, remote attacker to execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition. CVE-2021-1610, concerns a command injection vulnerability that, if exploited, could permit an authenticated adveThe Hacker News
August 04, 2021 – General
Hillicon Valley: Senators highlight security threats from China during rare public hearing | Facebook suspends accounts of NYU researchers who’ve criticized platform Full Text
Abstract
The leaders of the Senate Intelligence Committee and other officials warned Wednesday of increasing threats from China on a number of fronts, including the stealing of intellectual property, malign influence and cyberattacks.The Hill
August 04, 2021 – Government
Senators highlight national security threats from China during rare public hearing Full Text
Abstract
The Senate Intelligence Committee held a rare public hearing Wednesday afternoon to stress increasing threats posed by China to U.S. national security, with one top senator describing the situation as a “horror-show.”The Hill
August 4, 2021 – Covid-19
We COVID-Clicked on Garbage, Report Finds: Podcast Full Text
Abstract
Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020.Threatpost
August 04, 2021 – Outage
Energy group ERG reports minor disruptions after ransomware attack Full Text
Abstract
Italian energy company ERG reports "only a few minor disruptions" affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems.BleepingComputer
August 4, 2021 – Breach
Advanced Technology Ventures discloses ransomware attack and data breach Full Text
Abstract
The American venture capital firm Advanced Technology Ventures (ATV) disclosed a ransomware attack, crooks also stole data of some private investors. Advanced Technology Ventures (ATV) is an American venture capital firm with...Security Affairs
August 4, 2021 – Hacker
‘I’m Calling About Your Car Warranty’, aka PII Hijinx Full Text
Abstract
Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.Threatpost
August 04, 2021 – Malware
Several Malware Families Targeting IIS Web Servers With Malicious Modules Full Text
Abstract
A systematic analysis of attacks against Microsoft's Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years. The findings were presented today by ESET malware researcher Zuzana Hromcova at the Black Hat USA security conference . "The various kinds of native IIS malware identified are server-side malware and the two things it can do best is, first, see and intercept all communications to the server, and second, affect how the requests are processed," Hromcova told in an interview with The Hacker News. "Their motivations range from cybercrime to espionage, and a technique called SEO fraud." IIS is an extensible web server software developed by Microsoft, enabling developers to take advantage of its modular architecture and use additional IIS modules to expand onThe Hacker News
August 04, 2021 – Vulnerabilities
Cisco fixes critical, high severity pre-auth flaws in VPN routers Full Text
Abstract
Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices.BleepingComputer
August 4, 2021 – Malware
Python Packages Stealing Discord Tokens and Much More Full Text
Abstract
Eight libraries contained malicious code and were removed by the officials. While two of the eight enabled an attacker to remotely run commands on the target’s device, the other six were stealers.Cyware Alerts - Hacker News
August 4, 2021 – Cryptocurrency
Misconfigured Apache Hadoop YARN Exploited for Cryptomining Full Text
Abstract
A recent report has revealed that cybercriminals are taking advantage of misconfigured Apache Hadoop YARN. The report includes details about payload delivery, attack tactics, and basic security advice. Experts highlight that disabling the targeted system’s protection offered by cloud services has b ... Read MoreCyware Alerts - Hacker News
August 4, 2021 – APT
New Infrastructure Linked to APT29’s WellMess Malware Full Text
Abstract
RiskIQ laid bare more than 30 active C&C servers delivering WellMess and WellMail malware, allegedly owned by Russian-speaking attack group APT29. It is infamous for targeted attacks aimed at U.S. organizations. Federal agencies and organizations are suggested to stay vigilant, focus on pr ... Read MoreCyware Alerts - Hacker News
August 4, 2021 – Vulnerabilities
Vulnerability in dating site OkCupid could be used to trick users into ‘liking’ or messaging other profiles Full Text
Abstract
A security vulnerability in popular dating site OkCupid meant an attacker could dupe users into unknowingly ‘liking’ or sending messages to other profiles. The flaw has now been patched.The Daily Swig
August 4, 2021 – Phishing
A Unique Paypal Credential Phishing Scam Full Text
Abstract
The threat actor sends an email, which does not raise any suspicions, with the subject line stating to initiate a live chat regarding a service notice related to the target’s PayPal account.Cyware Alerts - Hacker News
August 4, 2021 – Attack
Kaseya ransomware attack sets off race to hack service providers -researchers Full Text
Abstract
Now that criminals see how powerful MSP attacks can be, “they are already busy, they have already moved on and we don’t know where,” said Victor Gevers, head of the Dutch institute that warned Kaseya.Reuters
August 4, 2021 – Vulnerabilities
AWS S3 can be a security risk for your business Full Text
Abstract
As the use of AWS S3 increases, so have the content types that are stored and shared on it. AWS S3 buckets are now exposed via additional channels and APIs, which create new security blind spots thatHelp Net Security
August 4, 2021 – Phishing
Office 365: Phishing Variant Bypasses Microsoft’s Own Secure Email Gateway Full Text
Abstract
The body of the email explains that Microsoft service has expired; in this case, it's their “Business Basic package.” The threat actor ensured their campaign looked similar to Microsoft-themed emails.Cofense
August 4, 2021 – Government
Russia tells UN it wants vast expansion of cybercrime offenses, plus network backdoors, online censorship Full Text
Abstract
The proposal put forward by Russia to the UN calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize.The Register
August 4, 2021 – Vulnerabilities
Use-after-free discovered vulnerability in Tinyobjloader Full Text
Abstract
A use-after-free vulnerability exists in the LoadObj() functionality of tinyobjloader v0.9.25 and v1.0.6. A specially crafted file can cause a use-after-free, leading to code execution.Cisco Talos
August 04, 2021 – Ransomware
LockBit ransomware recruiting insiders to breach corporate networks Full Text
Abstract
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts.BleepingComputer
August 4, 2021 – Government
US CISA and NSA publish guidance to secure Kubernetes deployments Full Text
Abstract
US CISA and NSA released new guidance that provides recommendations on how to harden Kubernetes deployments and minimize the risk of hack. US CISA and NSA released new guidance that provides recommendations to harden Kubernetes deployments. Kubernetes...Security Affairs
August 4, 2021 – Attack
Isle of Wight schools hit by ransomware Full Text
Abstract
The attack, which encrypted data, hit the schools and their umbrella organization the Isle of Wight of Education Federation between July 28th and 29th, according to the Federation.Computing
August 4, 2021 – APT
China-linked APT31 targets Russia for the first time Full Text
Abstract
China-linked APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia. Researchers from Positive Technologies reported that China-linked APT31 group has been using a new piece of malware...Security Affairs
August 4, 2021 – General
India: Cyber-terror cases went down to 12 in 2019 from 21 in 2018, as per NCRB data Full Text
Abstract
Cyber-terror cases – or cases registered under Section 66F of the IT Act across the country - went down to 12 in 2019 from 21 in 2018, according to NCRB data cited by the Home Ministry.The Times Of India
August 04, 2021 – Vulnerabilities
INFRA:HALT security bugs impact critical industrial control devices Full Text
Abstract
High-severity and critical vulnerabilities collectively referred to as INFRA:HALT are affecting all versions of NicheStack below 4.3, a proprietary TCP/IP stack used by at least 200 industrial automation vendors, many in the leading segment of the market.BleepingComputer
August 4, 2021 – Botnet
LemonDuck Botnet Evolves to Allow Hands-on-Keyboard Attacks Full Text
Abstract
A relatively new term in the cybersecurity world, hands-on-keyboard attacks are when threat actors stop using automated scripts and manually log into an infected system to execute commands themselves.The Record
August 04, 2021 – Attack
Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus Full Text
Abstract
An amalgam of multiple state-sponsored threat groups from China may have been behind a string of targeted attacks against Russian federal executive authorities in 2020. The latest research, published by Singapore-headquartered company Group-IB, delves into a piece of computer virus called " Webdav-O " that was detected in the intrusions, with the cybersecurity firm observing similarities between the tool and that of popular Trojan called " BlueTraveller ," that's known to be connected to a Chinese threat group called TaskMasters and deployed in malicious activities with the aim of espionage and plundering confidential documents. "Chinese APTs are one of the most numerous and aggressive hacker communities," researchers Anastasia Tikhonova and Dmitry Kupin said . "Hackers mostly target state agencies, industrial facilities, military contractors, and research institutes. The main objective is espionage: attackers gain access to confidential dataThe Hacker News
August 4, 2021 – General
Why Van Buren Is Good News for Cybersecurity Full Text
Abstract
One reason why Van Buren is good news for cybersecurity is that companies will actually need to improve the security of their systems, instead of hoping the threat of CFAA lawsuits or prosecutions will rescue them from their mistakes.Lawfare
August 4, 2021 – Vulnerabilities
INFRA:HALT flaws impact OT devices from hundreds of vendors Full Text
Abstract
INFRA:HALT is a set of vulnerabilities affecting a popular TCP/IP library commonly OT devices manufactured by more than 200 vendors. Security researchers from security teams at Forescout and JFrog have disclosed today 14 vulnerabilities that impact...Security Affairs
August 4, 2021 – Phishing
Phishing Campaign Dangles SharePoint File-Shares Full Text
Abstract
Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.Threatpost
August 04, 2021 – Vulnerabilities
New Cobalt Strike bugs allow takedown of attackers’ servers Full Text
Abstract
Security researchers have discovered Cobalt Strike denial of service (DoS) vulnerabilities that allow blocking beacon command-and-control (C2) communication channels and new deployments.BleepingComputer
August 4, 2021 – Attack
Advanced Technology Ventures Suffers Ransomware Attack Impacting Personal Information of Limited Partners Full Text
Abstract
In its letter to the Maine AG’s office, ATV said it believes the names, email addresses, phone numbers, and Social Security numbers of the individual investors in its funds were stolen in the attack.TechCrunch
August 04, 2021 – Attack
New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks Full Text
Abstract
A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan (RAT) on infected systems, according to new research. The intrusions have been attributed to an advanced persistent threat named APT31 (FireEye), which is tracked by the cybersecurity community under the monikers Zirconium (Microsoft), Judgement Panda (CrowdStrike), and Bronze Vinewood (Secureworks). The group is a "China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages," according to FireEye. Positive Technologies, in a write-up published Tuesday, revealed a new malware dropper that was used to facilitate the attacks, including the retrieval of next-stage encrypted payloads from a remote command-and-control server,The Hacker News
August 4, 2021 – Business
SolarWinds says shareholders’ cyber disclosure lawsuit fails Full Text
Abstract
SolarWinds urged a Texas federal judge to dismiss a lawsuit alleging the software company that was targeted by hackers misled shareholders about its cybersecurity measures ahead of a massive breach.Reuters
August 4, 2021 – Government
NSA, CISA Publish Technical Report with Guidance on Hardening Kubernetes Clusters Full Text
Abstract
Through this guidance, CISA and NSA officials hope to provide system administrators with a secure baseline for future Kubernetes configurations that will avoid intrusions by hackers.The Record
August 4, 2021 – Business
Telos acquires Diamond Fortress Technologies to expand into the touchless biometrics services market Full Text
Abstract
Telos announced that it has acquired the assets of Diamond Fortress Technologies, including all patents, and will integrate the ONYX touchless fingerprinting software with its IDTrust360 platform.Help Net Security
August 4, 2021 – Breach
92% of pharmaceutical companies have at least one exposed database Full Text
Abstract
According to Reposify, 46% of pharmaceutical companies had an exposed SMB service. SMB exposures were previously exploited in other infamous attacks, like WannaCry, NotPetya, Nachi, and Blaster worms.Help Net Security
August 4, 2021 – Botnet
Social engineering goes automatic: New robocall bot on Telegram can trick you into giving up your password Full Text
Abstract
The so-called OTP Bot can trick victims into sending criminals passwords to their bank accounts, email, and other online services – all without any direct interaction with the victim.Cyber News
August 04, 2021 – General
NSA and CISA share Kubernetes security recommendations Full Text
Abstract
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system.BleepingComputer
August 3, 2021 – General
Cyber Defense Magazine – August 2021 has arrived. Enjoy it! Full Text
Abstract
Cyber Defense Magazine August 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 148 pages of excellent content. Cyber Defense eMagazine August Edition for 2021Grab this PDF version and help fund our operations:https://cyberdefensemagazine.tradepub.com/free/w_cyba125/Here's...Security Affairs
August 3, 2021 – APT
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam Full Text
Abstract
Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.Threatpost
August 03, 2021 – General
Hillicon Valley: Senate report finds major cyber shortcomings in federal agencies | Gig firms seek Mass. ballot question to classify workers as contractors | Blizzard’s president steps down after workplace protests Full Text
Abstract
A new Senate report is casting further doubt on U.S. cybersecurity, detailing “stark” shortcomings in the federal government's posture. Bipartisan leaders of the panel behind the report are pushing for more action following recent major cyber incidents, including the SolarWinds hack and vulnerabilities in Microsoft’s Exchange Server.The Hill
August 3, 2021 – APT
China-linked APT groups target telecom companies in Southeast Asia Full Text
Abstract
China linked APT groups have targeted networks of at least five major telecommunications companies operating in Southeast Asia since 2017. Cybereason researchers identified three clusters of activity associated with China-linked threat actors...Security Affairs
August 03, 2021 – Attack
Ransomware attack hits Italy’s Lazio region, affects COVID-19 site Full Text
Abstract
The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal.BleepingComputer
August 3, 2021 – General
Ransomware Volumes Hit Record Highs as 2021 Wears On Full Text
Abstract
The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.Threatpost
August 3, 2021 – APT
GhostEmperor - Another Chinese APT Group Targeting Southeast Asia Full Text
Abstract
Kaspersky documented a new Chinese-speaking threat actor—GhostEmperor—targeting Microsoft Exchange flaws in high-profile attacks in Southeast Asia. The group uses a formerly unknown Windows kernel-mode rootkit to gain remote control over targeted servers. Recently, several Chinese APT groups have b ... Read MoreCyware Alerts - Hacker News
August 03, 2021 – Covid-19
RansomEXX ransomware hits Italy’s Lazio region, affects COVID-19 site Full Text
Abstract
The Lazio region in Italy has suffered a RansomEXX ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal.BleepingComputer
August 3, 2021 – Government
NIST Works to Create AI Risk Management Framework Full Text
Abstract
The National Institute of Standards and Technology is working to develop risk management guidance around the use of artificial intelligence and machine learning, the agency has announced.Careers Info Security
August 3, 2021 – Criminals
BazaCall Spreading BazaLoader and Ransomware Payloads Again Full Text
Abstract
Experts uncovered an attack campaign by BazaLoader operators. These attacks are tricking users into calling a particular phone number, an actual human at a fake call center, to persuade them into downloading malware. The inclusion of the human element has made this threat even more serious.Cyware Alerts - Hacker News
August 3, 2021 – General
Ransom demands reaching $1.2M, smaller companies increasingly targeted Full Text
Abstract
While the average ransom demand steadily increased, the average payout made for ransomware claims decreased slightly from the first half of 2020 to the first half of 2021, according to Coalition.Help Net Security
August 3, 2021 – Criminals
With Crime-as-a-Service, anyone can be an attacker Full Text
Abstract
Crime-as-a-Service is the practice of experienced cybercriminals selling access to the tools and knowledge needed to execute cybercrime – in particular, it’s often used to create phishing attacks.Help Net Security
August 3, 2021 – General
Four-fold increase in software supply chain attacks predicted in 2021 – ENISA report Full Text
Abstract
Among the findings, ENISA revealed that around 50% of the supply chain attacks studied were attributed to known APT groups, while 42% were not attributed to a particular source.The Daily Swig
August 3, 2021 – Business
Cisco, Sonatype and Others Join Open Source Security Foundation Full Text
Abstract
With open source software (OSS) becoming a central pillar of the application development lifecycle, ensuring the security of open source code is essential to securing modern software.Security Week
August 03, 2021 – Government
Senate report finds major cybersecurity shortcomings among federal agencies Full Text
Abstract
A bipartisan report released by the Senate Homeland Security and Governmental Affairs Committee on Tuesday found “stark” shortcomings in the cybersecurity posture of many major federal agencies in the midst of escalating cyberattacks against both the U.S. government and private sector.The Hill
August 3, 2021 – General
Constant review of third-party security critical as ransomware threat climbs Full Text
Abstract
If they are complacent, businesses will face risks of supply chain attacks even after doing due diligence in assessing their third-party suppliers' security posture before establishing a partnership.ZDNet
August 3, 2021 – Business
Finite State Raises $30 Million in Series B Funding Full Text
Abstract
Founded in 2017, the Columbus, Ohio-based company provides cybersecurity controls at the firmware layer, in an attempt to secure the device supply chain and mitigate risks to OT and IT environments.Security Week
August 3, 2021 – Government
Federal agencies are failing to protect sensitive data, Senate report finds Full Text
Abstract
Released by the panel on Tuesday, the report expresses concerns about the state of federal agencies’ cyber posture during an overall 8% rise in security incidents across agencies.Cyberscoop
August 3, 2021 – Criminals
Raccoon Stealer Bundles Malware, Propagates Via Google SEO Full Text
Abstract
An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.Threatpost
August 3, 2021 – Criminals
‘DeadRinger’ Targeted Exchange Servers Long Before Discovery Full Text
Abstract
Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.Threatpost
August 3, 2021 – Malware
New Raccoon Stealer-as-a-Service Aims to Steal Cookies, Cryptocurrencies Full Text
Abstract
In a new campaign tracked by Sophos researchers, the malware was spread not through spam emails but, instead, droppers disguised as installers for cracked and pirated software.ZDNet
August 3, 2021 – Business
Ivanti acquires cybersecurity startup RiskSense Full Text
Abstract
Ivanti announced it has acquired vulnerability management software provider RiskSense to drive the next evolution of patch management. The terms of the RiskSense transaction were not disclosed.Silicon Angle
August 3, 2021 – Vulnerabilities
Cisco fixed Remote Code Execution issue in Firepower Device Manager On-Box software Full Text
Abstract
Cisco addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that allows attackers to execute arbitrary code on vulnerable devices. Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software,...Security Affairs
August 3, 2021 – Government
UAE Cybersecurity Council launches ‘National Bug Bounty Programme’ Full Text
Abstract
The initiative aims to promote the culture of cybersecurity and protect the country’s digital transformation and overall achievements in line with the country's leadership directives.Khaleej Times
August 3, 2021 – Vulnerabilities
Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software Full Text
Abstract
Networking giant Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices.Security Week
August 03, 2021 – Hacker
Chinese Hackers Target Major Southeast Asian Telecom Companies Full Text
Abstract
Three distinct clusters of malicious activities operating on behalf of Chinese state interests have staged a series of attacks to target networks belonging to at least five major telecommunications companies located in Southeast Asian countries since 2017. "The goal of the attackers behind these intrusions was to gain and maintain continuous access to telecommunication providers and to facilitate cyber espionage by collecting sensitive information, compromising high-profile business assets such as the billing servers that contain Call Detail Record (CDR) data, as well as key network components such as the Domain Controllers, Web Servers and Microsoft Exchange servers," Cybereason's Lior Rochberger, Tom Fakterman, Daniel Frank, and Assaf Dahan revealed in a technical analysis published Tuesday. The Boston-based cybersecurity firm linked the campaigns to three different Chinese threat actors, namely Gallium (aka Soft Cell), Naikon APT (aka APT30 or Lotus Panda), aThe Hacker News
August 3, 2021 – Vulnerabilities
Experts found potential remote code execution in PyPI Full Text
Abstract
A flaw in the GitHub Actions workflow for PyPI ’s source repository could be exploited to potentially execute arbitrary code on pypi.org. Security researcher RyotaK disclosed three flaws in PyPI, the most severe one could potentially lead to the compromise...Security Affairs
August 3, 2021 – Business
CDW acquires Focal Point to enhance its identity management and data protection services Full Text
Abstract
CDW announced that it has acquired Focal Point Data Risk, a U.S-based provider of cybersecurity services with customers across a diverse set of industries. Terms of the transaction were not disclosed.Help Net Security
August 03, 2021 – Business
Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs Full Text
Abstract
As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven't participated in the growing and profitable MSSP market as it entailed massive investments in building an in-house skilled security team. However, this is beginning to change as a result of certain security vendors, like Cynet, that provide a purpose-built partner offering that enables IT integrators, VARs, and MSPs to provide managed security service with zero investment in hardware or personnel. Their offering includes a 24/7 SOC that trains and supports the partner's existing team and a security platform that consolidates and automates breach protection (including endpoint, user, and network security), making it simple to operate by any IT professional. To learn more about thThe Hacker News
August 3, 2021 – Breach
Household Data of 35 Million US Residents Exposed in Database Misconfiguration Full Text
Abstract
The Elasticsearch database was left exposed without any security authentication which means it could have been accessed by anyone with access to a web browser, and a valid URL.Hackread
August 3, 2021 – Policy and Law
Regulations against ransomware payment not ideal solution Full Text
Abstract
Paying the ransoms not only encourages threat actors to engage in future ransomware attacks, but also provides funds for these groups to act against nations, governments, and foreign policy interests.ZDNet
August 3, 2021 – APT
China-linked APTs Launched DeadRinger Campaign to Strike Major Telecommunications Companies in Southeast Asia Full Text
Abstract
Cybereason believes the attacks are the work of advanced persistent threat (APT) groups linked to Chinese state-sponsorship due to overlaps in tactics and techniques with other known Chinese APTs.ZDNet
August 3, 2021 – General
Ransomware Continues its Marathon to New Records: Report Full Text
Abstract
Cybercriminals always aim high when targeting organizations and demanding ransom. The pandemic has given opportunistic hackers time to come up with innovative phishing attacks and extortion schemes.EC Council
August 3, 2021 – Outage
Vaccination Registration System of Italy’s Lazio Region Goes Down in Apparent Ransomware Attack Full Text
Abstract
Hackers have attacked the vaccination registration system in one of Italy’s largest regions, temporarily blocking residents from booking new vaccination appointments, officials said.NBC News
August 3, 2021 – General
The Record by Recorded Future Full Text
Abstract
The bipartisan physical infrastructure deal unveiled on Sunday contains several cybersecurity provisions, including some meant to bolster state and local digital efforts.The Record
August 02, 2021 – General
Google Chrome to no longer show secure website indicators Full Text
Abstract
Google Chrome will no longer show whether a site you are visiting is secure and only show when you visit an insecure website.BleepingComputer
August 2, 2021 – Phishing
This new phishing attack is ‘sneakier than usual’, Microsoft warns Full Text
Abstract
Microsoft's Security Intelligence team has issued an alert to Office 365 users and admins to be on the lookout for a "crafty" phishing email with spoofed sender addresses.ZDNet
August 02, 2021 – General
Hillicon Valley: Social media giants fail to block 84 percent of antisemitic content: report | White House cyber chief backs new federal bureau to track threats Full Text
Abstract
A new report published Monday found that social media platforms are failing to block the vast majority of reported antisemitic content, with Facebook and Twitter in particular showing the “poorest rate of enforcement action.”The Hill
August 02, 2021 – Vulnerabilities
PwnedPiper PTS Security Flaws Threaten 80% of Hospitals in the U.S. Full Text
Abstract
Cybersecurity researchers on Monday disclosed a set of nine vulnerabilities known as " PwnedPiper " that left a widely-used pneumatic tube system (PTS) vulnerable to critical attacks, including a possibility of complete takeover. The security weaknesses, disclosed by American cybersecurity firm Armis, impact the Translogic PTS system by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and in no fewer than 3,000 hospitals worldwide. "These vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital," Armis researchers Ben Seri and Barak Hadad said. "This type of control could enable sophisticated and worrisome ransomware attacks, as well as allow attackers to leak sensitive hospital information." Pneumatic tube systems are internal logistics and transport solutions that are used to transport blood sThe Hacker News
August 2, 2021 – Government
Responsible Cyber Offense Full Text
Abstract
Offensive operations will continue apace in the foreseeable future—conducted by the United States, its allies and its adversaries. The choice is whether and how to engage in them responsibly and minimize cost to societies.Lawfare
August 2, 2021 – General
Do You Trust Your Smart TV? Full Text
Abstract
Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy? In our latest video, we demonstrate an attack scenario that can occur within any organization...Security Affairs
August 2, 2021 – Vulnerabilities
‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics Full Text
Abstract
Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware.Threatpost
August 02, 2021 – Solution
Windows PetitPotam attacks can be blocked using new method Full Text
Abstract
Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily.BleepingComputer
August 2, 2021 – Malware
Six Ways Malicious Linux Shell Scripts Evade Defenses Full Text
Abstract
Cybercriminals are using shell scripts in various sophisticated evasion techniques. Security analysts published a report describing six ways hackers use malicious Linux shell scripts to hide their attacks. They strongly recommend the use of EDR systems for monitoring suspicious events, processes, a ... Read MoreCyware Alerts - Hacker News
August 02, 2021 – Government
White House cyber chief backs new federal bureau to track threats Full Text
Abstract
National Cyber Director Chris Inglis on Monday made the case for establishing an office within the Department of Homeland Security (DHS) to track and analyze cybersecurity incidents in order to ensure the nation has an early warning system to understand adversary efforts to target U.S. organizations.The Hill
August 02, 2021 – APT
New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits Full Text
Abstract
A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services ( IIS ) servers to infiltrate their networks. Israeli cybersecurity firm Sygnia, which identified the campaign, is tracking the advanced, stealthy adversary under the moniker "Praying Mantis" or "TG2021." "TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is completely volatile, reflectively loaded into an affected machine's memory and leaves little-to-no trace on infected targets," the researchers said . "The threat actor also uses an additional stealthy backdoor and several post-exploitations modules to perform network reconnaissance, elevate privileges, and move laterally within networks." Besides exhibiting capabilitiesThe Hacker News
August 2, 2021 – Vulnerabilities
PwnedPiper flaws in PTS systems affect 80% of major US hospitals Full Text
Abstract
Cybersecurity researchers disclosed multiple flaws, dubbed PwnedPiper, that left a widely-used pneumatic tube system (PTS) vulnerable to attacks. Researchers from cybersecurity Armis disclosed a set of nine vulnerabilities collectively tracked as PwnedPiper...Security Affairs
August 02, 2021 – Breach
PwnedPiper critical bug set impacts major hospitals in North America Full Text
Abstract
Pneumatic tube system (PTS) stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper.BleepingComputer
August 2, 2021 – General
Organizations still rely on weak security for remote workers Full Text
Abstract
A new survey of IT security leaders showed almost 80 percent believe remote workers are at more risk for phishing attacks now because they’re isolated from their organizations’ security teams.Help Net Security
August 02, 2021 – Vulnerabilities
PyPI Python Package Repository Patches Critical Supply Chain Flaw Full Text
Abstract
The maintainers of Python Package Index (PyPI) last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanese security researcher RyotaK, who in the past has disclosed critical vulnerabilities in the Homebrew Cask repository and Cloudflare's CDNJS library . He was awarded a total of $3,000 as part of the bug bounty program. The list of three vulnerabilities is as follows - Vulnerability in Legacy Document Deletion on PyPI - An exploitable vulnerability in the mechanisms for deleting legacy documentation hosting deployment tooling on PyPI, which would allow an attacker to remove documentation for projects not under their control. Vulnerability in Role Deletion on PyPI - An exploitable vulnerability in the mechanisms for deleting roles on PyPI was discovered by a security researcherThe Hacker News
August 2, 2021 – Criminals
More evidence suggests that DarkSide and BlackMatter are the same group Full Text
Abstract
Researchers found evidence that the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. BleepingComputer found evidence that after the clamorous Colonia Pipeline attack, the DarkSide ransomware gang has rebranded as a new BlackMatter...Security Affairs
August 2, 2021 – Ransomware
DoppelPaymer’s Rebranding as Grief Full Text
Abstract
The DoppelPaymer ransomware operation was rebranded as Grief with identical encryption algorithms, i.e. 2048-bit RSA and 256-bit AES and other minor code changes. The new effort by DoppelPaymer appears to be more about staying low profile than going sophisticated in nature.Cyware Alerts - Hacker News
August 02, 2021 – Malware
Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild Full Text
Abstract
Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar. Dubbed " Solarmarker ," the malware campaign is believed to be active since September 2020, with telemetry data pointing to malicious actions as early as April 2020, according to Cisco Talos. "At its core, the Solarmarker campaign appears to be conducted by a fairly sophisticated actor largely focused on credential and residual information theft," Talos researchers Andrew Windsor and Chris Neal said in a technical write-up published last week. Infections consist of multiple moving parts, chief among them being a .NET assembly module that serves as a system profiler and staging ground on the victim host for command-and-control (C2) communications and furThe Hacker News
August 2, 2021 – Vulnerabilities
WordPress Download Manager Plugin was affected by two flaws Full Text
Abstract
An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations. Researchers from Wordfence team discovered a vulnerability, tracked as CVE-2021-34639,...Security Affairs
August 2, 2021 – IOT
UK universities awarded funding for research into IoT, smart home security Full Text
Abstract
A number of British universities have been awarded a grant to explore the security issues surrounding IoT and smart home devices, as well as to determine ways to warn consumers of the risks.The Daily Swig
August 2, 2021 – Breach
Thailand’s Vaccine Appointment Registration Platform Leaks Over 20,000 Applicants’ Emails and Personal Details Full Text
Abstract
Screenshots of publicly accessible backdoors that revealed the emails and personal details of over 20,000 applicants started appearing online raising safety and privacy concerns.Thaiger
August 2, 2021 – General
New GhostEmperor Chinese-speaking Threat Actor Targets Southeast Asian Countries Full Text
Abstract
Kaspersky spotted a new Chinese-speaking threat actor, tracked as GhostEmperor, that is targeting Microsoft Exchange vulnerabilities in attacks aimed at high-profile victims.Security Affairs
August 2, 2021 – Business
Zoom Agrees to Settle Lawsuit Over ‘Zoombombing’ Full Text
Abstract
The videoconferencing company said it would pay $85 million to settle the suit, which claimed that it violated users’ privacy, in part by allowing hackers to interrupt online meetings.New York Times
August 2, 2021 – Phishing
New WeTransfer phishing attack spoofs file-sharing to steal credential Full Text
Abstract
The phishing email appears to be sent by WeTransfer as it bears the sender name Wetransfer and has the title View Files Sent Via WeTransfer. The similarity is enough to come across as a genuine email.Hackread
August 2, 2021 – Criminals
Cybercriminals Leak 751GB Data Stolen from Electronic Arts Including Game Source Code, Internal Tools Full Text
Abstract
According to a copy of the dump obtained by The Record, the leaked files contain the source code of the FIFA 21 soccer game, including tools to support the company’s server-side services.The Record
August 01, 2021 – Solution
Bot protection now generally available in Azure Web Application Firewall Full Text
Abstract
Microsoft has announced that the Web Application Firewall (WAF) bot protection feature has reached general availability on Azure on Application Gateway starting this week.BleepingComputer
August 1, 2021 – Hacker
GhostEmperor, a new Chinese-speaking threat actor targets Southeast Asia Full Text
Abstract
Kaspersky experts spotted a previously undocumented Chinese-speaking threat actor, tracked as GhostEmperor, that is targeting Microsoft Exchange flaws in attacks on high-profile victims. Kaspersky spotted a new Chinese-speaking threat actor, tracked...Security Affairs
August 01, 2021 – Botnet
Bot protection now generally available in Azure Web Application Firewall Full Text
Abstract
Microsoft has announced that the Web Application Firewall (WAF) bot protection feature has reached general availability on Azure on Application Gateway starting this week.BleepingComputer
August 1, 2021 – General
Security Affairs newsletter Round 325 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Crooks...Security Affairs