February, 2021
February 28, 2021 – Phishing
Beware: AOL phishing email states your account will be closed Full Text
Abstract
An AOL mail phishing campaign is underway to steal users' login name and password by warning recipients that their account is about to be closed.BleepingComputer
February 28, 2021 – General
As the Pandemic Tails off, Attacks on Healthcare Institutions Remain Unchanged Full Text
Abstract
Targeted entities include hospitals, medical companies, pharmaceutical manufacturers, and energy firms involved in the COVID-19 supply chain.Cyware Alerts - Hacker News
February 28, 2021 – Government
Foreign perpetrators among fraudsters shamming state’s unemployment systems Full Text
Abstract
State governments plan to update their security systems as they prepare for a new round of enhanced unemployment payments in an attempt to barr fraudsters from around the world believed to have already obtained billions of dollars from pandemic jobless aid.The Hill
February 28, 2021 – Policy and Law
EU leaders aim at boosting defense and security, including cybersecurity Full Text
Abstract
During a video conference of the members of the European Council, EU leaders agreed on a new strategy aimed at boosting defense and security. During the recent video conference of the members of the European Council (25-26 February 2021),...Security Affairs
February 28, 2021 – Malware
What are these suspicious Google GVT1.com URLs? Full Text
Abstract
These Google-owned domains have confused even the most skilled researchers and security products time and time again if these are malicious. The domains in question are redirector.gvt1.com and gvt1/gvt2 subdomains that have spun many threads on the internet. BleepingComputer has dug deeper into the origin of these domains.BleepingComputer
February 28, 2021 – Attack
New Zealand-based cryptocurrency exchange Cryptopia hacked again Full Text
Abstract
The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019 security breach. In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place...Security Affairs
February 28, 2021 – General
Security Affairs newsletter Round 303 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Bug bounty hacker...Security Affairs
February 27, 2021 {: .fs-4 .fw-700 .lh-0 } – Malware
LazyScripter Hackers Using Multiple RATs to Target Airlines Full Text
Abstract
Malwarebytes spots a new threat group dubbed LazyScripter that targets the International Air Transport Association (IATA) members, airlines, and refugees to Canada.Cyware Alerts - Hacker News
February 27, 2021 – General
NSA, Microsoft promote a Zero Trust approach to cybersecurity Full Text
Abstract
The National Security Agency (NSA) and Microsoft are advocating for the Zero Trust security model as a more efficient way for enterprises to defend against today's increasingly sophisticated threats.BleepingComputer
February 27, 2021 – Botnet
A Botnet Campaign that Uses Blockchain Transactions to Stay Hidden Full Text
Abstract
Akamai finds a long-running cryptomining botnet campaign wherein hackers exploit BTC blockchain transactions to evade detection by the security systems in place.Cyware Alerts - Hacker News
February 27, 2021 – Vulnerabilities
Microsoft fixes Windows 10 drive corruption bug — what you need to know Full Text
Abstract
Microsoft has fixed a Windows 10 bug that could cause NTFS volumes to become corrupted by merely accessing a particular path or viewing a specially crafted file.BleepingComputer
February 27, 2021 – Malware
A New Malware Shares Similarities With WaterBear Full Text
Abstract
Palo Alto Networks found a highly sophisticated malware potentially linked to the BlackTech hacking group. It has features and behavior that strongly resembles the WaterBear malware family.Cyware Alerts - Hacker News
February 27, 2021 – Vulnerabilities
Experts found a critical authentication bypass flaw in Rockwell Automation software Full Text
Abstract
A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). A critical authentication bypass vulnerability, tracked as CVE-2021-22681, can be exploited by remote...Security Affairs
February 27, 2021 – Hacker
Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha Full Text
Abstract
'Hotarus Corp' Ransomware operators hacked Ecuador's largest private bank, Banco Pichincha, and the country's Ministry of Finance. A cybercrime group called 'Hotarus Corp' has breached the Ecuador's largest private bank, Banco Pichincha, and the local...Security Affairs
February 27, 2021 – Vulnerabilities
Google shares PoC exploit for critical Windows 10 Graphics RCE bug Full Text
Abstract
Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept (PoC) exploit code for a critical remote code execution (RCE) bug affecting a Windows graphics component.BleepingComputer
February 27, 2021 – Malware
Go malware is now common, having been adopted by both APTs and e-crime groups Full Text
Abstract
The number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years, since 2017, cybersecurity firm Intezer said in a report published this week.ZDNet
February 27, 2021 – Attack
T-Mobile customers were hit with SIM swapping attacks Full Text
Abstract
The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers...Security Affairs
February 26, 2021 – Vulnerabilities
Critical Vulnerability in Cisco Systems allows a Remote Attacker to Bypass Authentication Full Text
Abstract
A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. Three critical flaws fixed...Cyber Security News
February 26, 2021 – Ransomware
The Week in Ransomware - February 26th 2021 - Back from the Holidays Full Text
Abstract
The number of attacks had slowed down after the winter holidays, but after the past two weeks, it's evident that the ransomware attacks are back at full speed.BleepingComputer
February 26, 2021 – Ransomware
New Ryuk ransomware implements self-spreading capabilities Full Text
Abstract
French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims' local networks. Experts from French national cyber-security agency ANSSI have spotted a new Ryuk ransomware variant...Security Affairs
February 26, 2021 – Solution
Microsoft makes CodeQL queries public so security pros can better understand SolarWinds attack Full Text
Abstract
Microsoft won praise from security researchers by making its CodeQL queries public so any organization could use the open source tools to analyze if they experienced any vulnerabilities from the SolarWinds hack or similar supply chain attacks.SCMagazine
February 26, 2021 – General
New data could help CISOs quantify the value of a strong security culture Full Text
Abstract
Companies with a good security culture are 52x less likely to practice risky credential sharing than orgs with a poor security culture.SCMagazine
February 26, 2021 – Policy and Law
At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill Full Text
Abstract
Continuing a discussion kicked off earlier this week in the Senate, House lawmakers confirmed that legislation is in the works, pushing for answers on the balance between liability protection and the duty to protect consumers.SCMagazine
February 26, 2021 – General
Hillicon Valley: Second SolarWinds hack hearing | TikTok to settle privacy lawsuit | Facebook apologizes for removing lawmaker post Full Text
Abstract
Two House committees held the second major hearing this week on the Russian cyber espionage attack that has become known as the SolarWinds hack, and lawmakers are pushing for breach notification legislation. TikTok agreed to pay millions in a settlement over allegations it collected users’ private data, and Facebook apologized to a lawmaker for accidentally labeling and removing a post as "hate speech.” Here’s a behind the scenes draft of early versions of Hillicon Valley.The Hill
February 26, 2021 – Phishing
Twitter scammers earned over $145k this week in Bitcoin, Ethereum, Doge Full Text
Abstract
Cryptocurrency scammers have made at least $145,000 this week by promoting fake giveaways through hacked verified Twitter accounts.BleepingComputer
February 26, 2021 – Vulnerabilities
Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process Full Text
Abstract
Researchers found a number of privacy and security issues in Amazon’s Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.Threatpost
February 26, 2021 – Malware
Stalkerware Volumes Remain Concerningly High, Despite Bans Full Text
Abstract
COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware.Threatpost
February 26, 2021 – Breach
T-Mobile discloses data breach after SIM swapping attacks Full Text
Abstract
American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks.BleepingComputer
February 26, 2021 – Ransomware
Ransomware gang hacks Ecuador’s largest private bank, Ministry of Finance Full Text
Abstract
A hacking group called 'Hotarus Corp' has hacked Ecuador's Ministry of Finance and the country's largest bank, Banco Pichincha, where they claim to have stolen internal data.BleepingComputer
February 26, 2021 – Policy and Law
Lawmakers line up behind potential cyber breach notification legislation Full Text
Abstract
House lawmakers on both sides of the aisle expressed strong support Friday for legislation to put in place national breach notification requirements in the wake of a massive foreign cyber espionage attack.The Hill
February 26, 2021 – General
USA Third Most Affected by Stalkerware Full Text
Abstract
USA had third-highest number of malicious surveillance software victims in 2020Infosecurity Magazine
February 26, 2021 – Botnet
Yeezy Fans Face Sneaker-Bot Armies for Boost ‘Sun’ Release Full Text
Abstract
Sneaker bots ready to scoop up the new Yeezy Boost 700 “Sun” shoes to resell at a huge markup.Threatpost
February 26, 2021 – Ransomware
Ryuk ransomware now self-spreads to other Windows LAN devices Full Text
Abstract
A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021.BleepingComputer
February 26, 2021 – Solution
Microsoft releases open-source CodeQL queries to assess Solorigate compromise Full Text
Abstract
Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during...Security Affairs
February 26, 2021 – APT
Chinese Group APT31 Used NSA Exploit Three Years Before Shadow Brokers Leak Full Text
Abstract
A report revealed that a Chinese APT has been abusing a Windows zero-day exploit, stolen from the NSA’s Equation Group even before The Shadow Brokers group leaked it.Cyware Alerts - Hacker News
February 26, 2021 – Attack
Cryptocurrency exchange in liquidation due to hack, hacked again Full Text
Abstract
The same cryptocurrency exchange has been hacked again, and this time the attackers stole USD 45,000 (NZD 62,000) worth of crypto, reported local news network Stuff.co.NZ.Hackread
February 26, 2021 – Business
Atos Acquires Two Cybersecurity Companies Full Text
Abstract
Global cybersecurity company completes acquisitions of In Fidem and MotivInfosecurity Magazine
February 26, 2021 – Attack
FBI Investigating Michigan School District Hack Full Text
Abstract
Saginaw Township Community Schools targeted in ransomware attackInfosecurity Magazine
February 26, 2021 – Malware
Malware Gangs Partner Up in Double-Punch Security Threat Full Text
Abstract
From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.Threatpost
February 26, 2021 – Vulnerabilities
Unprotected Private Key Allows Remote Hacking of Rockwell Controllers Full Text
Abstract
The vulnerability, tracked as CVE-2021-22681 with a CVSS score of 10, was independently reported to Rockwell by researchers at the Soonchunhyang University, Kaspersky, and Claroty.Security Week
February 26, 2021 – Malware
Malicious Firefox extension allowed hackers to hijack Gmail accounts Full Text
Abstract
Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with malware.BleepingComputer
February 26, 2021 – General
ENISA releases guidelines for healthcare services cloud security Full Text
Abstract
ENISA issued a study to help IT professionals in healthcare security to establish and maintain cloud security while selecting and deploying appropriate technical and organizational measures.Tripwire
February 26, 2021 – Government
Lawmakers blame SolarWinds on ‘collective failure’ to prioritize cybersecurity Full Text
Abstract
The leaders of the House Homeland Security Committee on Friday will call for immediate changes to how Congress handles cybersecurity in the wake of a massive hack of the federal government, blaming the breach on a “collective failure" to prioritize cybersecurity.The Hill
February 26, 2021 – Hacker
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware Full Text
Abstract
A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group , the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated crimes to fund the cash-strapped regime. This broadening of its strategic interests happened in early 2020 by leveraging a tool called ThreatNeedle , researchers Vyacheslav Kopeytsev and Seongsu Park said in a Thursday write-up. At a high level, the campaign leverages a multi-step approach that begins with a carefully crafted spear-phishing attack leading eventually to the attackers gaining remote control over the devices. ThreatNeedle is delivered to targets via COVID-themed emails with malicious Microsoft Word attachments as initial infection vectors that, when opened, run a macro coThe Hacker News
February 26, 2021 – General
Winners of Inaugural SBRC Cyber Community Awards Announced Full Text
Abstract
Cyber-champions recognized by the Scottish Business Resilience CenterInfosecurity Magazine
February 26, 2021 – Breach
Data Breach: Turkish legal advising company exposed over 15,000 clients Full Text
Abstract
Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds...Security Affairs
February 26, 2021 – Ransomware
Podcast: Ransomware Attacks Exploded in Q4 2020 Full Text
Abstract
Researchers said they saw a seven-times increase in ransomware activity in the fourth quarter of 2020, across various families – from Ryuk to Egregor.Threatpost
February 26, 2021 – General
H2C smuggling named top web hacking technique of 2020 Full Text
Abstract
A novel alternative to traditional HTTP request smuggling that spotlighted an obsolete, hitherto obscure protocol has been recognized as 2020’s top web hacking technique.The Daily Swig
February 26, 2021 – Business
Learning Tree International Named First (ISC)² Global Premier Partner Full Text
Abstract
Companies will collaborate to help close the cyber-skills gap through cybersecurity trainingInfosecurity Magazine
February 26, 2021 – Hacker
Hackers are selling access to Biochemical systems at Oxford University Lab Full Text
Abstract
Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19. Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved...Security Affairs
February 26, 2021 – General
Protecting Sensitive Cardholder Data in Today’s Hyper-Connected World Full Text
Abstract
Retailers that lacked significant digital presence pre-COVID are now reaching new audiences through e-commerce sites that are accessible anytime, from anywhere, on any device.Threatpost
February 26, 2021 – Ransomware
DarkWorld Ransomware Disguises as Commonly Used Software Full Text
Abstract
Recently, 360 Security Center detected a ransomware that disguised as commonly used software and appeared on the network. The virus called itself DarkWorld in the ransom letter.360 Total Security
February 26, 2021 – Privacy
TikTok Set for Massive $92m Payout Over Privacy Suit Full Text
Abstract
Proposed settlement will be one of largest everInfosecurity Magazine
February 26, 2021 – Attack
Poland’s CD Projekt delays Cyberpunk 2077 fix due to cyber attack Full Text
Abstract
Polish video games maker CD Projekt is delaying the release of a patch for its Cyberpunk 2077 game until the second half of March, after a cyberattack slowed down work on fixes for the troubled game.Reuters
February 26, 2021 – Hacker
Chinese Hackers Target Tibetans with Malicious Firefox Extension Full Text
Abstract
FriarFox allows intruders to monitor emails and browser dataInfosecurity Magazine
February 26, 2021 – Solution
Analyzing the Security of eBPF Maps Full Text
Abstract
eBPF enables auditing and filtering of high-volume events, such as network packets or system calls, without the security or the stability overhead of a custom kernel module.Crowdstrike
February 26, 2021 – Attack
Npower Ditches App After Credential Stuffing Attacks Full Text
Abstract
Energy giant has informed affected customersInfosecurity Magazine
February 26, 2021 – Malware
SQL Triggers in Website Backdoors Full Text
Abstract
Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases to infiltrate them.Sucuri
February 26, 2021 – Business
David Birch Appointed Honorary President of EEMA Full Text
Abstract
Birch joins Kim Cameron as honorary president of the EEMAInfosecurity Magazine
February 26, 2021 – Policy and Law
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit Full Text
Abstract
The settlement, if approved, would lay to rest claims that the video sharing app, owned by ByteDance, wrongfully collected the private and biometric data of users including teenagers and minors.ZDNet
February 26, 2021 – Attack
Oxford University Research Lab Studying the Coronavirus Becomes Victim of Cyberattack Full Text
Abstract
Oxford reported on Thursday that one of its research labs dedicated to studying COVID-19 suffered a cyberattack, following a Forbes investigation indicating external access to a number of its systems.The Verge
February 26, 2021 – Breach
French Regulator Lambasts Health Firms Over Mass Data Leak Full Text
Abstract
The extensive document was published on Feb. 12 under the mention “500,000 French hospital records” and it was shortly after posted on other dark web sites, including a Russian forum.Bloomberg
February 26, 2021 – Vulnerabilities
ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process Full Text
Abstract
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the Network and Distributed System Security Symposium (NDSS) conference by a group of academics from Ruhr-Universität Bochum and the North Carolina State University, who analyzed 90,194 skills available in seven countries, including the US, the UK, Australia, Canada, Germany, Japan, and France. Amazon Alexa allows third-party developers to create additional functionality for devices such as Echo smart speakers by configuring "skills" that run on top of the voice assistant, thereby making it easy for users to initiate a conversation with the skill and complete a specific task. Chief among the findings is the concern thatThe Hacker News
February 26, 2021 – Ransomware
Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack Full Text
Abstract
Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang. On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network...Security Affairs
February 26, 2021 – Business
Google funds Linux kernel developers to work exclusively on security Full Text
Abstract
Linux is more secure than most OSes, but that doesn't mean it can take security for granted. So, Google and the Linux Foundation are funding a pair of top Linux kernel developers to focus on security.ZDNet
February 26, 2021 – Vulnerabilities
Cisco Releases Security Patches for Critical Flaws Affecting its Products Full Text
Abstract
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company said in an advisory published yesterday. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices." The bug, tracked as CVE-2021-1388, ranks 10 (out of 10) on the CVSS vulnerability scoring system and stems from an improper token validation in an API endpoint of Cisco ACI MSO installed the Application Services Engine. It affects ACI MSO versions running a 3.0 release of the software. The ACI Multi-Site Orchestrator lets customers monitor and mThe Hacker News
February 26, 2021 – Hacker
These four new hacking groups are targeting critical infrastructure, warns security company Full Text
Abstract
According to cybersecurity researchers at Dragos, four new hacking groups, dubbed Stibnite, Talonite, Kamacite, and Vanadinite, targeting industrial systems have been detected over the past year.ZDNet
February 26, 2021 – Government
Senate SolarWinds Hearing: 4 Key Issues Raised Full Text
Abstract
The Senate Intelligence Committee's hearing Tuesday about the SolarWinds supply chain attack answered some questions about what went wrong but also raised four key issues.Bank Info Security
February 26, 2021 – Vulnerabilities
Cybersecurity Agencies Warn of Accellion Vulnerability Exploits Full Text
Abstract
On Wednesday, the U.S. CISA along with its counterparts in the U.K., Australia, New Zealand, and Singapore warned that hackers are exploiting unpatched vulnerabilities in Accellion FTA.Bank Info Security
February 26, 2021 – Hacker
China-linked TA413 group target Tibetan organizations Full Text
Abstract
The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked cyberespionage group TA413 targeted Tibetan organizations across the world using a malicious Firefox add-on,...Security Affairs
February 25, 2021 – Business
Huawei backs supply chain security standards in wake of SolarWinds breach Full Text
Abstract
Chinese telecommunications giant Huawei is backing the idea of tough global cybersecurity standards of critical supply chains, in particular following a recently uncovered major breach of many U.S. federal agencies.The Hill
February 25, 2021 – APT
Old foe or new enemy? Here’s how researchers handle APT attribution Full Text
Abstract
Identifying a new actor is the first step in creating a defense, but attribution is hard to confirm due to use of common toolsets.SCMagazine
February 25, 2021 – General
Hillicon Valley: Privacy, immigrant rights groups slam ‘smart wall’ proposal | New DHS policies aim to fight cyber ‘epidemic’ | Twitter exploring allowing users to charge for content Full Text
Abstract
A coalition of privacy and immigration groups are slamming a Biden administration proposal to create a “smart wall” on the southern border. Newly-confirmed Homeland Security Secretary Alejandro MayorkasAlejandro MayorkasSenate confirms Vilsack as Agriculture secretary Biden to detail 'roadmap' for partnership with Canada in meeting with Trudeau Hillicon Valley: Google lifting ban on political ads | DHS taking steps on cybersecurity | Controversy over TV 'misinformation rumor mills' MORE laid out a range of responses to the “epidemic” of cyberattacks on critical U.S. groups. And Twitter is looking into a feature that would allow users to charge followers for content. And here’s a tweet for in case you forget about Hillicon Valley.The Hill
February 25, 2021 – Ransomware
So far, ransomware attacks way down at schools, hospitals in 2021 Full Text
Abstract
Ramsonware incidents against healthcare and government organizations have been few and far between in 2021, but experts say that could change as the year goes on.SCMagazine
February 25, 2021 – Malware
ThreatNeedle malware tied to year-long North Korean espionage campaign against global defense industry Full Text
Abstract
Researchers at Kasperksy have tied a piece of malware used by Lazarus Group last seen targeting security vulnerability researchers earlier this year to another campaign by the North Korean hacking group focused on pilfering sensitive data from defense contractors.SCMagazine
February 25, 2021 – Vulnerabilities
Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS Full Text
Abstract
Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting...Security Affairs
February 25, 2021 – Attack
Cyberattacks Launch Against Vietnamese Human-Rights Activists Full Text
Abstract
Vietnam joins the ranks of governments using spyware to crack down on human-rights defenders.Threatpost
February 25, 2021 – Government
DHS Secretary Mayorkas announces new initiative to fight ‘epidemic’ of cyberattacks Full Text
Abstract
Homeland Security Secretary Alejandro Mayorkas on Thursday announced new funding and initiatives to prioritize the nation’s cybersecurity, particularly in order to confront what he described as an “epidemic” of ransomware attacks.The Hill
February 25, 2021 – Policy and Law
6 Alabamans Charged in $7m Virtual Schools Fraud Full Text
Abstract
School officials accused of falsifying enrollment figures to get more state fundingInfosecurity Magazine
February 25, 2021 – Ransomware
Dutch Research Council (NWO) confirms ransomware attack, data leak Full Text
Abstract
The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang.BleepingComputer
February 25, 2021 – Phishing
It’s Time to Talk More About Crypto Scams Full Text
Abstract
BTS fans are the target of a massive crypto scam on Twitter. For a little more than two weeks, cryptocurrency-related posts started appearing on timelines of BTS fans, also known as ARMY.Cyware Alerts - Hacker News
February 25, 2021 – Ransomware
Steris Touted as Latest Accellion Hack Victim Full Text
Abstract
Data of Accellion client advertised for sale online by Clop ransomware groupInfosecurity Magazine
February 25, 2021 – Hacker
Hackers Abusing Google Apps Script Full Text
Abstract
Attackers are exploiting the Google App Script domain—script.google.com—to evade Content Security Policy (CSP) controls and malware scan engines.Cyware Alerts - Hacker News
February 25, 2021 – Government
Vietnam Spying on its Dissenters Full Text
Abstract
Vietnam-linked Ocean Lotus was found involved in a cyberespionage campaign on the country’s human rights defenders and a nonprofit organization that continued for roughly three years.Cyware Alerts - Hacker News
February 25, 2021 – Solution
Microsoft shares CodeQL queries to scan code for SolarWinds-like implants Full Text
Abstract
Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack.BleepingComputer
February 25, 2021 – APT
North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor Full Text
Abstract
North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early...Security Affairs
February 25, 2021 – Attack
Credential Stuffing Attack on Energy Firm Npower’s App Exposed Customers’ Personal and Banking Details Full Text
Abstract
Contact details, birth dates, addresses, and partial bank account numbers are among the details believed stolen. But the affected accounts had been locked, Npower told the BBC.BBC
February 25, 2021 – Breach
Health Website Leaks 8 Million COVID-19 Test Results Full Text
Abstract
A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results.Threatpost
February 25, 2021 – Government
Iraqi MP Suffers Online Extortion Full Text
Abstract
Intimidation campaign against senior Iraqi MP leads to arrests in Australia and CanadaInfosecurity Magazine
February 25, 2021 – Malware
Malicious Mozilla Firefox Extension Allows Gmail Takeover Full Text
Abstract
The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data.Threatpost
February 25, 2021 – Hacker
North Korean hackers target defense industry with custom malware Full Text
Abstract
A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020 with the end goal of collecting highly sensitive information.BleepingComputer
February 25, 2021 – Breach
VC giant Sequoia Capital discloses data breach after failed BEC attack Full Text
Abstract
American VC firm Sequoia Capital has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January.BleepingComputer
February 25, 2021 – Vulnerabilities
Google discloses technical details of Windows CVE-2021-24093 RCE flaw Full Text
Abstract
Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability,...Security Affairs
February 25, 2021 – Vulnerabilities
Out-of-bounds read vulnerability in Slic3r could lead to information disclosure Full Text
Abstract
Cisco Talos recently discovered an out-of-bounds read vulnerability in Slic3r's library. An adversary could send a target a specially crafted obj file to cause an out-of-bounds condition.Cisco Talos
February 25, 2021 – Attack
U.S. Senators: AWS Infrastructure Used In SolarWinds Attack Full Text
Abstract
US Senators slammed Amazon Web Services for refusing to testify at a hearing about the SolarWinds intrusion given the public cloud giant’s infrastructure was used in the attack.CRN
February 25, 2021 – Education
Educational Adaptation Required to Close the Cyber-Skills Gap Full Text
Abstract
Developing cyber-skills has to start from a young ageInfosecurity Magazine
February 25, 2021 – Business
Startup that maps adversaries’ IT infrastructure lands $16 million in funding Full Text
Abstract
HYAS offers threat intelligence services, but the company’s calling card revolves around two tools, called Insight and Protect, that pull around 3 billion data points about adversary infrastructure every day from various sources on the internet and third-party data brokers.SCMagazine
February 25, 2021 – Breach
VC giant Sequoia discloses data breach after failed BEC attack Full Text
Abstract
American venture capital firm Sequoia has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January.BleepingComputer
February 25, 2021 – Vulnerabilities
CVSS as a Framework, Not a Score Full Text
Abstract
Vulnerabilities are graded on factors such as how the vulnerable component is exposed, how difficult and reliable an attack could be, and the impact on confidentiality, integrity, and/or availability.Dark Reading
February 25, 2021 – Privacy
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations Full Text
Abstract
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said in an analysis. The Sunnyvale-based enterprise security company pinned the phishing operation on a Chinese advanced persistent threat (APT) it tracks as TA413 , which has been previously attributed to attacks against the Tibetan diaspora by leveraging COVID-themed lures to deliver the Sepulcher malware with the strategic goal of espionage and civil dissident surveillance. The researchers said the attacks were detected in January and February 2021, a pattern that has continued since March 2020. The infection chain begins with a phishing email impersonating the "TibThe Hacker News
February 25, 2021 – Business
Startup that maps adversaries’ IT infrastructure lands $16 million in funding Full Text
Abstract
HYAS offers threat intelligence services, but the company’s calling card revolves around two tools, called Insight and Protect, that pull around 3 billion data points about adversary infrastructure every day from various sources on the internet and third-party data brokers.SCMagazine
February 25, 2021 – Ransomware
As ransomware inches from economic burden to national security threat, policies may follow Full Text
Abstract
Historically, ransomware was not seen as government’s problem any more than shoplifting: a crime against businesses that federal law enforcement saw as beyond its domain. But that may be changing.SCMagazine
February 25, 2021 – Attack
Attackers scan for vulnerable VMware servers after PoC exploit release Full Text
Abstract
After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers.BleepingComputer
February 25, 2021 – Privacy
‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security Full Text
Abstract
The warnings about privacy and compliance failures at Amazon come from three former high-level information security employees — one EU-based and two from the U.S., as reported by Politico.Politico
February 25, 2021 – Vulnerabilities
Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw Full Text
Abstract
A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972...Security Affairs
February 25, 2021 – Malware
Researchers Uncovered a New Office Malware Builder Dubbed APOMacroSploit Full Text
Abstract
Security researchers at Check Point have recently discovered a new Office malware builder that is named as APOMacroSploit. This malware has been...Cyber Security News
February 25, 2021 – Education
Nominet Announces Expansion of Initiative to Educate Online Users on Cybercrime Full Text
Abstract
The MHRA, FCE and NCA will join the initiative to direct users to information pagesInfosecurity Magazine
February 25, 2021 – Malware
Turkey Dog Campaign Targets Turkish Speakers with Trojanized Apps via COVID Lures Full Text
Abstract
The current Turkey Dog-related campaigns use lure pages that promise cash payments of thousands of Turkish Lira, purporting to be tied to the Turkish government to steal information or plant malware.Risk IQ
February 25, 2021 – Ransomware
As ransomware inches from economic burden to national security threat, policies may follow Full Text
Abstract
Historically, ransomware was not seen as government’s problem any more than shoplifting: a crime against businesses that federal law enforcement saw as beyond its domain. But that may be changing.SCMagazine
February 25, 2021 – Business
GitHub Hires Mike Hanley as Chief Security Officer Full Text
Abstract
Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer (CISO) for less than a year. He arrived at Cisco via its $2.3 billion acquisition of Duo Security in 2018.Security Week
February 25, 2021 – Solution
The Top Free Tools for Sysadmins in 2021 Full Text
Abstract
It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a sysadmin seeking to simplify your workflows, you're in luck. We've gathered some excellent software picks to help tackle different duties more efficiently. Thankfully, these free tools are also respectful of tight budgets—without sacrificing core functionality. Best for Permissions Management: SolarWinds Permissions Analyzer for Active Directory Whether you are part of an organization with many members or numerous resources, keeping track of permissions can be challenging. Changes in responsibilities, titles, or even employment statuses can influence one's access to proprietary data. Each user has unique privileges. We not only need to visualize these but manage them onThe Hacker News
February 25, 2021 – Insider Threat<br
Insider Cloud Data Theft Plagues Healthcare Sector Full Text
Abstract
Netwrix finds a third of HCOs suffered internal breaches in 2020Infosecurity Magazine
February 25, 2021 – Breach
Michigan-based Covenant HealthCare Discloses Data Breach Impacting Personal Data of 45,000 People Full Text
Abstract
Covenant said an unauthorized party gained access to two Covenant employee email accounts. Around 45,000 people's information could have potentially been compromised in the data breach.WNEM
February 25, 2021 – Hacker
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack Full Text
Abstract
Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities. "The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities," the National Security and Defense Council of Ukraine (NSDC) said in a statement published on Wednesday. The NSDC's National Coordination Center for Cybersecurity (NCCC) termed it a supply chain attack aimed at the System of Electronic Interaction of Executive Bodies (SEI EB), which is used to distribute documents to officials. Calling it a work of threat actors with ties to Russia, the NSDC said the malicious documents came embedded with a macro that, when opened, stealthily downloaded malicious code to control the compromised system remotely. "The mThe Hacker News
February 25, 2021 – Ransomware
One Ransomware Victim Every 10 Seconds in 2020 Full Text
Abstract
Check Point sees double extortion attacks surgeInfosecurity Magazine
February 25, 2021 – Business
PerimeterX Banks $57 Million for Bot Protection Expansion Full Text
Abstract
Looking to take advantage of a growing global market for its bot protection technologies, PerimeterX has banked a new $57 million round of venture capital funding led by AllianceBernstein.Security Week
February 25, 2021 – Government
Facebook Takes Out Myanmar Military After Bloody Coup Full Text
Abstract
Tatmadaw-incited violence and disinformation force social network’s handInfosecurity Magazine
February 25, 2021 – Government
The big takeaway from the Senate’s SolarWinds hearing Full Text
Abstract
Intel sharing on malicious actors is a key component of fighting the bad guys, with both Microsoft and FireEye calling for the government to consider mandatory disclosure of significant breaches.Axios
February 25, 2021 – Government
Government Handling of Zero-Days: More Sunlight, Fewer Shadows Full Text
Abstract
Governments require carefully structured, transparent, and holistic decision-making frameworks tailored to their respective institutional contexts to handle high-value vulnerabilities with care.cyber Threat Alliance
February 25, 2021 – Vulnerabilities
Google Discloses Details of Remote Code Execution Vulnerability in Windows Full Text
Abstract
An 8.8 CVSS score has been assigned to the vulnerability, but Microsoft has rated it critical for all affected operating systems including Windows 10, Windows Server 2016 and 2019, and Windows Server.Security Week
February 25, 2021 – Government
U.S. municipalities are the perfect target for cybercriminals in 2021 Full Text
Abstract
For cybercriminals looking for vulnerable targets, local governments and municipalities with lax remote work security protocols are perfect targets for ransomware and other malicious actions.Help Net Security
February 25, 2021 – Covid-19
COVID pandemic causes spike in cyberattacks against hospitals, medical companies Full Text
Abstract
According to IBM researchers, attacks against organizations crucial to coronavirus research, treatment, and supply chain experienced double the 'usual' rate of attacks in 2020.ZDNet
February 24, 2021 – Covid-19
Over 8 million COVID-19 test results leaked online Full Text
Abstract
Millions of COVID-19 test reports were found to be publicly accessible due to flawed online system implementation.BleepingComputer
February 24, 2021 – General
78% of top security leaders say their organizations are unprepared for a cyberattack Full Text
Abstract
The high level of concern expressed by these leaders resulted in 91 percent of organizations increasing their cybersecurity budgets in 2021 — a figure that nearly matches the 96 percent that boosted IT security spending in 2020.SCMagazine
February 24, 2021 – General
Hillicon Valley: Biden signs order on chips | Hearing on media misinformation | Facebook’s deal with Australia | CIA nominee on SolarWinds Full Text
Abstract
President BidenJoe BidenHoyer: House will vote on COVID-19 relief bill Friday Pence huddles with senior members of Republican Study Committee Powell pushes back on GOP inflation fears MORE on Wednesday signed an executive order to improve supply chains for critical materials, including chips. Biden’s CIA director nominee William BurnsWilliam BurnsOvernight Defense: Law enforcement officials blame Pentagon 'reluctance' to deploy National Guard in first hearing on Capitol attack | Watchdog report finds Pentagon didn't fully evaluate border deployment requests | Biden's UN ambassador confirmed The Hill's 12:30 Report - Presented by Facebook - Supreme Court's blow to Trump This week: House to vote on Biden's .9 trillion coronavirus bill MORE told senators that pushing back against China would be a major priority if confirmed, and that the CIA would enhance its cybersecurity. Plus, House Energy and Commerce Committee members debated concerns over misinformation in the media. Take a moment.The Hill
February 24, 2021 – APT
Ukraine: nation-state hackers hit government document management system Full Text
Abstract
Ukraine 's government attributes a cyberattack on the government document management system to a Russia-linked APT group. The Ukraine 's government blames a Russia-linked APT group for an attack on a government document management system, the System...Security Affairs
February 24, 2021 – General
Tax Season Ushers in Quickbooks Data-Theft Spike Full Text
Abstract
Quickbooks malware targets tax data for attackers to sell and use in phishing scams.Threatpost
February 24, 2021 – Ransomware
Reality or just entertaining TV? Cyber experts dig into the Good Doctor’s ransomware episode Full Text
Abstract
Here’s what the television show got right, and what it got wrong, from the role of cyber insurance, to response and recovery timelines.SCMagazine
February 24, 2021 – Vulnerabilities
Cisco fixes maximum severity MSO auth bypass vulnerability Full Text
Abstract
Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine.BleepingComputer
February 24, 2021 – Botnet
A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism Full Text
Abstract
Crooks are exploiting BTC blockchain transactions to hide backup command-and-control (C2) server addresses for a cryptomining botnet. Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing...Security Affairs
February 24, 2021 – Vulnerabilities
Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking Full Text
Abstract
Mozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking.Threatpost
February 24, 2021 – Business
Google funds Linux maintainers to boost Linux kernel security Full Text
Abstract
Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security.BleepingComputer
February 24, 2021 – Malware
Masslogger Malware Adopts New Initial Attack Technique Full Text
Abstract
A variant of Masslogger Trojan is being used by criminals to steal Microsoft Outlook, Google Chrome, and Messenger account credentials.Cyware Alerts - Hacker News
February 24, 2021 – Denial Of Service
TDoS: A Phenomenon in DDoS Attacks Emerges From the Shadows Full Text
Abstract
An automated TDoS attack makes use of VoIP software and Session Initiation Protocol (SIP) to make tens or hundreds of calls, simultaneously or in rapid succession to jam targeted services.Cyware Alerts - Hacker News
February 24, 2021 – Ransomware
Cyberpunk 2077 patch 1.2 delayed by CD Projekt ransomware attack Full Text
Abstract
CD Projekt Red announced today that they are delaying the anticipated Cyberpunk 2077 Patch 1.2 to the second half of March 2021 due to their recent cyberattack.BleepingComputer
February 24, 2021 – Malware
Mac and Windows Devices Pelted with New Threats Full Text
Abstract
Researchers discovered two pieces of malware in a span of two weeks that appear to run natively on Apple’s recently introduced M1 System-on-Chip (SoC).Cyware Alerts - Hacker News
February 24, 2021 – Government
Biden CIA pick pledges to confront China if confirmed, speak ‘truth to power’ Full Text
Abstract
William Burns, President BidenJoe BidenHoyer: House will vote on COVID-19 relief bill Friday Pence huddles with senior members of Republican Study Committee Powell pushes back on GOP inflation fears MORE’s pick to lead the Central Intelligence Agency (CIA), had his first appearance before lawmakers Wednesday, where he pledged to ramp up the agency’s response to China while tackling a wide range of ongoing threats.The Hill
February 24, 2021 – Attack
CrowdStrike Slams Microsoft Over SolarWinds Hack Full Text
Abstract
Tech companies point fingers at customers and one another in SolarWinds Senate hearingInfosecurity Magazine
February 24, 2021 – Vulnerabilities
Nginx: Server misconfigurations found in the wild that expose websites to attacks Full Text
Abstract
Security researchers at Detectify have discovered a series of middleware misconfigurations in Nginx config files from GitHub that could leave web applications vulnerable to attack.The Daily Swig
February 24, 2021 – Attack
Five Eyes members warn of Accellion FTA extortion attacks Full Text
Abstract
Four members of Five Eyes, in collaboration with Singapore as an active contributor, have issued a joint security advisory about ongoing attacks and extortion attempts targeting organizations using the Accellion File Transfer Appliance (FTA).BleepingComputer
February 24, 2021 – Hacker
Hackers have eye on 6 Bangladeshi organisations Full Text
Abstract
Kasablanca, a hacker group, has targeted cyberattacks on at least six well-known Bangladeshi financial and government organizations, says the e-Government Computer Incident Response Team (e-Gov CIRT).Dhaka Tribune
February 24, 2021 – Hacker
Russian hackers linked to attack targeting Ukrainian government Full Text
Abstract
The National Security and Defense Council of Ukraine (NSDC) has linked Russian-backed hackers to attempts to compromise state agencies after breaching the government's document management system.BleepingComputer
February 24, 2021 – Vulnerabilities
VMWare Patches Critical RCE Flaw in vCenter Server Full Text
Abstract
The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.Threatpost
February 24, 2021 – Government
SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack - U.S. Senate hearing Full Text
Abstract
One of the worst hacks yet discovered had an impact on all four. SolarWinds and Microsoft programs were used to attack others and the hack struck at about 100 U.S. companies and nine federal agencies.Reuters
February 24, 2021 – Government
How the National Cyber Director Position Is Going to Work: Frequently Asked Questions Full Text
Abstract
Two members of the Cyberspace Solarium Commission answer questions about the new position.Lawfare
February 24, 2021 – Solution
Firefox’s Total Cookie Protection aims to stop tracking between multiple sites Full Text
Abstract
The feature is included in the web browser's latest release — alongside multiple picture-in-picture views — and essentially works by keeping cookies isolated between each site you visit.Engadget
February 24, 2021 – General
Infosecurity Europe 2021 Postponed with New Event Dates TBA Full Text
Abstract
New event dates to be announced as soon as possibleInfosecurity Magazine
February 24, 2021 – Policy and Law
Former Power Company Boss to Admit Wire Fraud Full Text
Abstract
SCANA Corporation’s ex-CEO to plead guilty to charges linked to Nukegate scandalInfosecurity Magazine
February 24, 2021 – Ransomware
Sharp rise in ransomware attacks against universities as learning goes online Full Text
Abstract
The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks.ZDNet
February 24, 2021 – Botnet
Operators of Cryptomining Botnet Hide Their Backup Communication Behind Bitcoin Blockchain Transactions Full Text
Abstract
The attack chain begins with the exploit of remote code execution (RCE) vulnerabilities impacting software including Hadoop Yarn and Elasticsearch, such as CVE-2015-1427 and CVE-2019-9082.ZDNet
February 24, 2021 – Privacy
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique Full Text
Abstract
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking , the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without users' knowledge and consent but also "increases [the] web security threat surface," said a group of researchers Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, and Tom Van Goethem in the latest research. "This tracking scheme takes advantage of a CNAME record on a subdomain such that it is same-site to the including web site," the researchers said in the paper. "As such, defenses that block third-party cookies are rendered ineffective." The findings are expected to be presented in July at the 21st Privacy Enhancing Technologies Symposium (PETS 2021The Hacker News
February 24, 2021 – Business
Google funds two Linux Foundation security roles Full Text
Abstract
The effort support Google’s strategy “to help support the critical open source projects that we’re relying on,” Google software engineer Dan Lorenc told SC Media.SCMagazine
February 24, 2021 – Breach
Medical Data of 500,000 French Residents Leaked Online Full Text
Abstract
Stolen data that hackers planned to sell was allegedly leaked following a disagreementInfosecurity Magazine
February 24, 2021 – General
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer Full Text
Abstract
The ATT&CK framework (ATT&CK stands for Adversarial Tactics, Techniques, & Common Knowledge) is a public knowledge base of threat attack techniques based on real-world observations.Dark Reading
February 24, 2021 – General
Poor Remote Working Behaviors and Procedures Putting Orgs at Risk Full Text
Abstract
One in five UK workers recycle work login credentials to access consumers websites and appsInfosecurity Magazine
February 24, 2021 – Attack
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks Full Text
Abstract
New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software. "A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The Hacker News. QuickBooks is an accounting software package developed and marketed by Intuit. The spear-phishing attacks take the form of a PowerShell command that's capable of running inside of the email, the researchers said, adding, a second attack vector involves decoy documents sent via email messages that, when opened, runs a macro to download malicious code which uploads QuickBooks files to an attacker-controlled server. Alternatively, bad actors have also been spotted running a PowerShell command called Invoke-WebRequests on target systems to upload relevant data toThe Hacker News
February 24, 2021 – Attack
Five Eyes warns of Accellion FTA attacks leading to extortion Full Text
Abstract
Five Eyes members have issued a joint security advisory regarding ongoing attacks and extortion attempts targeting organizations using the out-of-support Accellion File Transfer Appliance (FTA).BleepingComputer
February 24, 2021 – Ransomware
Ransomware gang extorts jet maker Bombardier after Accellion breach Full Text
Abstract
Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data.BleepingComputer
February 24, 2021 – Vulnerabilities
Popular Node.js package vulnerable to command injection attacks Full Text
Abstract
The maintainers of systeminformation, a Node.js package used for getting hardware, system, and OS information, have patched a bug that left applications vulnerable to command injection attacks.The Daily Swig
February 24, 2021 – Ransomware
Everything You Need to Know About Evolving Threat of Ransomware Full Text
Abstract
The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down. Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and reputational damage. In this story, we have covered everything you need to know about ransomware and how it works. What is ransomware? Ransomware is a malicious program that gains control over the infected device, encrypts files, and blocks user access to the data or a system until a sum of money, or ransom, is paid. Crooks' scheme includes a ransom note—with amount and instructions on how to pay a ransom in return for the decryption key—or direct communication with the victim. While ransomware impacts businesses and institutions of every size and type, attackers often target healthcare, eThe Hacker News
February 24, 2021 – Business
IT Security Firm Kaseya Acquires SOC Platform RocketCyber Full Text
Abstract
Kaseya strengthens its security offering with RocketCyber dealInfosecurity Magazine
February 24, 2021 – APT
APT32 state hackers target human rights defenders with spyware Full Text
Abstract
Vietnam-linked APT32 group targeted Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. Vietnam-linked APT32 (aka Ocean Lotus) group has conducted a cyberespionage campaign targeting Vietnamese human rights defenders...Security Affairs
February 24, 2021 – Business
Data protection companies Arcserve and StorageCraft to merge Full Text
Abstract
The move will allow the companies to combine their intellectual property, pool research and development budgets as executives look to expand their respective market footprints.SCMagazine
February 24, 2021 – Hacker
LazyScripter hackers target airlines with remote access trojans Full Text
Abstract
Security researchers analyzing multiple sets of malicious emails believe they uncovered activity belonging to a previously unidentified actor that fits the description of an advanced persistent threat (APT).BleepingComputer
February 24, 2021 – Skimming
Checkout Skimmers Powered by Chip Cards — Krebs on Security Full Text
Abstract
Skimming devices used to hack terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot.Krebs on Security
February 24, 2021 – Business
Bill Bozeman Appointed to Netwatch Group’s Executive Board Full Text
Abstract
Bozeman is leaving his role as CEO at PSA Security NetworkInfosecurity Magazine
February 24, 2021 – Hacker
New hacker group targets airlines, refugees with well worn tools Full Text
Abstract
The group used job and IATA related lures, as well as fake updates; immigration, tourism and visa related documents; and COVID-19 information to infect victims.SCMagazine
February 24, 2021 – Breach
NASA and the FAA were also breached by the SolarWinds hackers Full Text
Abstract
NASA and the US Federal Aviation Administration (FAA) have also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack, according to a& Washington Post report.BleepingComputer
February 24, 2021 – Criminals
France Warns of Cybercriminals Selling 50,000 Stolen Credentials of Hospital Agents Full Text
Abstract
The alert notes that the credential list appears to have been sold on February 4, and that so far "only a few establishment domain names have been identified, which have been notified directly."Gov Info Security
February 24, 2021 – Breach
Legal Firm Leaks 15,000 Cases Via the Cloud Full Text
Abstract
Misconfiguration of AWS S3 bucket to blameInfosecurity Magazine
February 24, 2021 – Vulnerabilities
Heavily used Node.js package has a code injection vulnerability Full Text
Abstract
The heavily downloaded Node.js library "systeminformation" has a severe command injection vulnerability tracked as CVE-2021-21315.BleepingComputer
February 24, 2021 – Ransomware
Clop Ransomware Gang Claims to Steal Sensitive Documents From Aerospace Giant Bombardier Full Text
Abstract
The Clop ransomware gang claims to have stolen documents from aerospace giant Bombardier’s defense division – and has leaked what appears to be a CAD drawing of one of its military aircraft products.The Register
February 24, 2021 – Ransomware
Ransomware Attacks Double Against Global Universities Full Text
Abstract
BlueVoyant report reveals poor security practice is widespreadInfosecurity Magazine
February 24, 2021 – General
8 in 10 businesses worried about state-sponsored cyberattacks: Survey Full Text
Abstract
Most businesses globally feel that the pandemic has increased the likelihood of state-sponsored attacks, revealed a survey by the Economist Intelligence Unit (EIU) and the Cybersecurity Tech Accord.The Times Of India
February 24, 2021 – Business
Flash version distributed in China after EOL is installing adware Full Text
Abstract
The Chinese version of Flash Player is available only via flash.cn, a website managed by a company named Zhong Cheng Network, the only entity authorized by Adobe to distribute Flash inside China.ZDNet
February 24, 2021 – General
Twitter discloses networks of state-linked information operations Full Text
Abstract
The networks Twitter disclosed relate to independent, state-affiliated information operations that it has attributed to Armenia, Russia, and a previously disclosed network from Iran.February 24, 2021 – Vulnerabilities
SonicWall Releases Second Set of February Firmware Patches Full Text
Abstract
Network security firm SonicWall today released a new set of firmware patches for its SMA 100 series products, which provide workers with remote access to internal resources.Dark Reading
February 24, 2021 – Breach
Aircraft-Maker Bombardier Breached by Accellion FTA Hackers Full Text
Abstract
Data on customers, employees and suppliers compromisedInfosecurity Magazine
February 24, 2021 – Breach
Airplane manufacturer Bombardier has disclosed a security breach, data leaked online Full Text
Abstract
Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker...Security Affairs
February 24, 2021 – Ransomware
These hackers sell network logins to the highest bidder. And ransomware gangs are buying Full Text
Abstract
Stealing and selling RDP credentials has risen over the last year - and cyber criminal middlemen are making a profit by putting businesses at risk from ransomware and other attacks.ZDNet
February 24, 2021 – Ransomware
Clop targets execs, ransomware tactics get another new twist Full Text
Abstract
After interviewing several victims of the Clop ransomware, ZDNet discovered that its operators appear to be systematically targeting the workstations of corporate executives.Malwarebytes Labs
February 24, 2021 – Vulnerabilities
VMware warns of critical remote code execution flaw in vSphere HTML5 client Full Text
Abstract
VMware has revealed a critical-severity vulnerability, which is rated 9.8 on the CVSS scale and tracked as CVE-2021-21972, in the HTML5 client for its flagship vSphere hybrid cloud suite.The Register
February 24, 2021 – Attack
SonicWall Was Hacked. Was It Also Extorted? Full Text
Abstract
Cybersecurity companies advise their clients not to pay ransoms for good reasons: Pay once and the attackers may come back with their hand out again. It also promotes a cybercrime business model.Gov Info Security
February 23, 2021 – Vulnerabilities
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now Full Text
Abstract
VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," the company said in its advisory. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity. "In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix (CVE-2019-19781)," said Positive Technologies' Mikhail Klyuchnikov, who discovered and reported the flaw to VMware. "The error allows an unauthorized user to send a specially crafted request, which will later give them the opportunityThe Hacker News
February 23, 2021 – APT
APT32 state hackers target human rights defenders with spyware Full Text
Abstract
Vietnam-backed hacking group APT32 has coordinated several spyware attacks targeting Vietnamese human rights defenders (HRDs) between February 2018 and November 2020.BleepingComputer
February 23, 2021 – General
Hillicon Valley: Companies urge action at SolarWinds hearing | Facebook lifts Australian news ban | Biden to take action against Russia in ‘weeks’ Full Text
Abstract
The Senate Intelligence Committee today kicked off the first hearing of the week on the fallout from the SolarWinds breach...meanwhile, an update on when President BidenJoe BidenTikTok users spread conspiracy that Texas snow was manufactured by the government The problem with a one-size-fits-all federal minimum wage hike Throwing money at Central America will not curb illegal migration MORE is expected to respond to Russia's alleged role in the hack.The Hill
February 23, 2021 – Breach
FireEye and Microsoft execs, senators dissect mandatory breach disclosure in wake of SolarWinds Full Text
Abstract
There is no rule mandating a company to disclose a breach to the federal government, even when national security is a concern. That could change, however. In the words of Microsoft President Brad Smith, “this is about moving information fast, to the right place, so it can be put to good use.”SCMagazine
February 23, 2021 – Breach
Microsoft, FireEye push for breach reporting rules after SolarWinds hack Full Text
Abstract
Top executives from Microsoft and FireEye on Tuesday urged Congress to create mandatory breach reporting requirements for companies following the massive Russian hack of the federal government that extended to the private sector.The Hill
February 23, 2021 – Phishing
Hackers hit 10,000 mailboxes in phishing attacks on FedEx and DHL Express Full Text
Abstract
The two email attacks employed a broad range of techniques to get past traditional email security filters and pass the “eye tests” of unsuspecting end users.SCMagazine
February 23, 2021 – Ransomware
Ransomware attack or not, Kia’s resilience is under the microscope Full Text
Abstract
A days-long outage affecting mobile and web-based service calls into question Kia’s contingency planning for cybersecurity incidents, even as the company remains defiant about claims that a ransomware attack is to blame.SCMagazine
February 23, 2021 – Vulnerabilities
VMware addresses a critical RCE issue in vCenter Server Full Text
Abstract
VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual...Security Affairs
February 23, 2021 – Disinformation
Twitter removes 100 accounts linked to Russia disseminating disinformation Full Text
Abstract
Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation...Security Affairs
February 23, 2021 – Vulnerabilities
Zero-day flaws in virtual event platforms provide access to personal, corporate data Full Text
Abstract
Huntress uncovered software flaws and misconfigurations – from information disclosure or PII leakage to direct access to databases and potential remote code execution – in two of the top five virtual event platforms.SCMagazine
February 23, 2021 – Breach
Daycare Webcam Service Exposes 12,000 User Accounts Full Text
Abstract
NurseryCam suspends service across 40 daycare centers until a security fix is in place.Threatpost
February 23, 2021 – Ransomware
Finnish IT services giant TietoEVRY discloses ransomware attack Full Text
Abstract
Finnish IT services giant TietoEVRY has suffered a ransomware attack that forced them to disconnect clients' services.BleepingComputer
February 23, 2021 – Policy and Law
Louisiana College Cyber-Thief Sentenced Full Text
Abstract
US imprisons college comptroller who faked refunds to steal over a quarter of a million dollarsInfosecurity Magazine
February 23, 2021 – Vulnerabilities
VMware fixes critical RCE bug in all default vCenter installs Full Text
Abstract
VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems.BleepingComputer
February 23, 2021 – General
119k Threats Per Minute Detected in 2020 Full Text
Abstract
Trend Micro found and blocked more than 62.6 billion cyber-threats last yearInfosecurity Magazine
February 23, 2021 – Ransomware
Finnish IT giant TietoEVRY discloses ransomware attack Full Text
Abstract
Finnish IT services giant TietoEVRY has suffered a ransomware attack that forced them to disconnect clients' services.BleepingComputer
February 23, 2021 – Business
Aston Martin Partners with SentinelOne Full Text
Abstract
SentinelOne named official cybersecurity partner of Aston Martin Cognizant F1 TeamInfosecurity Magazine
February 23, 2021 – Hacker
Twitter removes accounts of Russian government-backed actors Full Text
Abstract
Twitter has removed dozens of accounts connected to Russian government-backed actors disseminating disinformation and targeting the European Union, the United States, and the NATO alliance.BleepingComputer
February 23, 2021 – Government
Biden administration to respond to Russian hacking, poisoning in ‘weeks not months’ Full Text
Abstract
The Biden administration is preparing to take action against Russia for actions including a massive hack of the federal government and the poisoning of a Russian opposition leader in “weeks, not months," White House press secretary Jen Psaki said Tuesday.The Hill
February 23, 2021 – Malware
Lazarus Group Using AppleJeus Malware for Cryptocurrency Theft Full Text
Abstract
A joint cybersecurity advisory from the U.S. government is warning against AppleJeus malware, the Lazarus group's new development, that masquerades as crypto trading software.Cyware Alerts - Hacker News
February 23, 2021 – General
Cyber Threats Afflicting Online Gaming Sector Full Text
Abstract
Gamers worldwide are being directly targeted with cyberattacks, mostly through credential stuffing and phishing, to pilfer account credentials and card data.Cyware Alerts - Hacker News
February 23, 2021 – Business
Kaseya acquires RocketCyber to bring SOC solutions to more Full Text
Abstract
Kaseya has acquired RocketCyber with the intention of further developing its complete security suite. RocketCyber will continue to operate as an independent business within Kaseya, led by Banzhof.Security Brief
February 23, 2021 – Malware
Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures Full Text
Abstract
Once triggered, MINEBRIDGE buries itself into the vulnerable TeamViewer, enabling attackers to take a wide array of remote follow-on actions such as spying on users or deploying additional malware.Zscaler
February 23, 2021 – Vulnerabilities
IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS Full Text
Abstract
IBM has released security patches to address high- and medium-severity vulnerabilities impacting some of its enterprise solutions. IBM has released security updates to address several high- and medium-severity flaws affecting some of its enterprise...Security Affairs
February 23, 2021 – Ransomware
Finnish IT Giant Hit with Ransomware Cyberattack Full Text
Abstract
A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a […]Threatpost
February 23, 2021 – Solution
Google adds Password Checkup support to Android autofill Full Text
Abstract
Google is adding support for the Password Checkup service to Android applications through the passwords autofill feature to warn users if their saved passwords have been compromised or leaked in data breaches.BleepingComputer
February 23, 2021 – Vulnerabilities
Keybase patches bug that kept pictures in cleartext storage on Mac, Windows clients Full Text
Abstract
Tracked as CVE-2021-23827, the bug is described as an issue which "allows an attacker to obtain potentially sensitive media (such as private pictures) in the cache and uploadtemps directories."ZDNet
February 23, 2021 – Government
Senate Intelligence Holds Hearing on the SolarWinds Breach Full Text
Abstract
On Tuesday, February 23, 2020, at 2:30 p.m., the Senate Intelligence Committee will hold a hearing on the recent hack of U.S. networks by a foreign adversary. The committee will hear testimony from Kevin Mandia, CEO of Fireye; Sudhakar Ramakrishna, CEO of SolarWinds; Brad Smith, president of Microsoft; and George Kurtz, president and CEO of Crowdstrike.You can watch a livestream of the hearing here or below:Lawfare
February 23, 2021 – Government
Federal Laws and Grants Are Insufficient to Combat Against Cyber Threats Full Text
Abstract
The coronavirus pandemic has been a boon for malicious cyber actors who engage in criminal activity.Lawfare
February 23, 2021 – Breach
Transport for NSW confirms data taken in Accellion breach Full Text
Abstract
The Accellion system was widely used to share and store files by organizations around the world, including Transport for NSW, the government entity said on Tuesday afternoon.ZDNet
February 23, 2021 – General
84% of CNI Orgs Experienced Cyber-Attacks in the Last Year Full Text
Abstract
93% of orgs that experienced attacks admitted at least one was successfulInfosecurity Magazine
February 23, 2021 – APT
Cisco points to new tier of APT actors that behave more like cybercriminals Full Text
Abstract
New Cisco research shows that the Gamaredon group, traditionally associated with attacks against Ukraine, is willing to target anybody, unlike the traditional model of espionage focusing on a few defined regions or industries at a time.SCMagazine
February 23, 2021 – Breach
Filipino Credit App Cashalo Hit by Data Breach Impacting Users’ Personally Identifiable Information Full Text
Abstract
Cashalo, which offers cash loans and other financial services in the Philippines, confirmed that “illegal access” of a database has resulted in the leak of some personally identifiable information.The Daily Swig
February 23, 2021 – Vulnerabilities
IBM issues patches for Java Runtime, Planning Analytics Workspace, Kenexa LMS Full Text
Abstract
This week, the tech giant published a set of security advisories laying out fixes for vulnerabilities that impact IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise.ZDNet
February 23, 2021 – General
The Cyberlaw Podcast: NSA’s Pre-History is a Love Story Full Text
Abstract
This episode features an interview with Jason Fagone,Lawfare
February 23, 2021 – General
How a CISO’s Executive Role Has Changed Full Text
Abstract
Many CISOs will have an engineering or IT background, which is important for the architecture and infrastructure side of the job, but good defense is also about building partnerships.Security Intelligence
February 23, 2021 – Denial Of Service
Ukraine: DDoS attacks on govt sites originated from Russia Full Text
Abstract
The National Security and Defense Council (NSDC) of Ukraine is accusing threat actors located on Russia networks of performing DDoS attacks on Ukrainian government websites since February 18th.BleepingComputer
February 23, 2021 – Hacker
Hackers Can Bypass Mastercard PIN by Using them as a Visa Card Full Text
Abstract
The cybersecurity researchers have recently detected a threat attack that could easily enable the threat actors to trick a point of sale...Cyber Security News
February 23, 2021 – Attack
Ukraine Government Reports Massive Attacks on Security and Defense Websites by Russian Threat Actors Full Text
Abstract
The massive attacks began on February 18, wherein hackers targeted the websites of local institutions, including Ukraine’s Security Service and the council in an attempt to deploy a DDoS bot.Security Affairs
February 23, 2021 – Government
Hearings examine consequences of massive SolarWinds breach Full Text
Abstract
The massive Russian hacking incident that has become known as the SolarWinds breach will be in the spotlight on Capitol Hill this week as multiple House and Senate panels examine the extent of what is likely the largest cyber breach in U.S. history.The Hill
February 23, 2021 – Privacy
Experts Find a Way to Learn What You’re Typing During Video Calls Full Text
Abstract
A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed. The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, who say the attack can be extended beyond live video feeds to those streamed on YouTube and Twitch as long as a webcam's field-of-view captures the target user's visible upper body movements. "With the recent ubiquity of video capturing hardware embedded in many consumer electronics, such as smartphones, tablets, and laptops, the threat of information leakage through visual channel[s] has amplified," the researchers said . "The adversary's goal is to utilize the observable upper body movements across all the recorded frames to infer the private text typed by the target." To achThe Hacker News
February 23, 2021 – General
In-House Legal Teams Increasingly Responsible for Cybersecurity Full Text
Abstract
ACC survey finds cybersecurity has overtaken compliance as most important business issue, according to chief legal officersInfosecurity Magazine
February 23, 2021 – Criminals
FIN11 cybercrime group is behind recent wave of attacks on FTA servers Full Text
Abstract
FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion...Security Affairs
February 23, 2021 – Phishing
10K Microsoft Email Users Hit in FedEx Phishing Attack Full Text
Abstract
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express – but that really steal their credentials.Threatpost
February 23, 2021 – General
CrowdStrike global threat report highlights key trends in eCrime and nation-state activity Full Text
Abstract
The findings from the 2021 CrowdStrike Global Threat Report suggest supply chain attacks, ransomware, data extortion, and nation-state threats prove to be more prolific than ever.The Times Of India
February 23, 2021 – Government
Lawmakers to roll out legislation reorganizing State cyber office Full Text
Abstract
A group of bipartisan lawmakers led by House Foreign Affairs Committee ranking member Michael McCaul (R-Texas) will reintroduce legislation Tuesday intended to increase the ability of the State Department to address international cybersecurity cooperation issues.The Hill
February 23, 2021 – Covid-19
5 Security Lessons for Small Security Teams for the Post COVID19 Era Full Text
Abstract
A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working from home. Like in an eerie doomsday movie, servers were left on in the office, but nobody was sitting in the chairs. While everyone hopes that the world returns to its previous state, it's evident that work dynamics have changed forever. From now on, we can assume a hybrid work environment. Even companies that will require their employees to arrive daily at their offices recognize that they have undergone a digital transformation, and work from home habits will remain. The eBook "5 Security Lessons for Small Security Teams for a Post-COVID19 Era" ( download here ) helps companies prepareThe Hacker News
February 23, 2021 – Covid-19
Experts Discuss How #COVID19 Impacted the Cyber-Threat Landscape Full Text
Abstract
How have the types of attacks and their targets changed in the past year?Infosecurity Magazine
February 23, 2021 – Criminals
Cybercriminals Misuse Telegram API to Create Malicious Domains to Harvest User Credentials Full Text
Abstract
This particular phishing attack appeared active in mid-December 2020 and has since stopped. The targets of these malicious emails mainly worked in the U.K. financial services sector, Cofense notes.Gov Info Security
February 23, 2021 – Attack
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs Full Text
Abstract
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called " Shadow attacks " by academics from Ruhr-University Bochum, the technique uses the "enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant." The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks. To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that's expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed. "The signers of the PDF receive the document, review it, and sThe Hacker News
February 23, 2021 – General
Think Tank Warns of “Silent Stealing” Fraud Full Text
Abstract
Scammers may be going downmarket to target consumersInfosecurity Magazine
February 23, 2021 – Government
NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites Full Text
Abstract
The NYDFS learned of the threat after receiving reports from auto insurers that cybercriminals were targeting their premium quote sites to steal driver’s license numbers.The National Law Review
February 23, 2021 – Attack
FireEye: Accellion FTA Attacks Could be FIN11 Full Text
Abstract
Cybercrime group linked to theft and extortionInfosecurity Magazine
February 23, 2021 – Phishing
A ‘crypto’ scam is brewing on Twitter, and social media at large Full Text
Abstract
Two weeks ago, a Mumbai-based fan of the Korean pop (K-pop) band BTS realised that she and her connections had been inadvertently following a cryptocurrency account on Twitter.The Times Of India
February 23, 2021 – General
Most Firms Now Fear Nation State Attack Full Text
Abstract
Cybersecurity Tech Accord calls for closer government engagementInfosecurity Magazine
February 23, 2021 – General
New Partnership Launched to Improve Cyber-Resilience in Scotland Full Text
Abstract
CyberScotland partnership has already launched an online resource for individuals and organizationsInfosecurity Magazine
February 23, 2021 – Attack
South Carolina County Rebuilds Network After Hacking Full Text
Abstract
Hackers sent an email on Jan 22 that allowed them to take over Georgetown County’s computers. They demanded a ransom to return the system to the county’s control, spokeswoman Jackie Broach said.Security Week
February 23, 2021 – Government
FBI Issued a Warning About the Risks of Telephony denial-of-service (TDoS) Full Text
Abstract
The Federal Bureau of Investigation (FBI) has issued a notification last week alerting all about the effects of a TDOS attack and...Cyber Security News
February 23, 2021 – Breach
NurseryCam daycare cam service shut down after security breach Full Text
Abstract
Daycare camera product NurseryCam was hacked last week, the company was forced to shut down its IoT camera service. On Friday, The Register become aware of the compromise of the NurseryCam network. NurseryCam is produced by the companies FootfallCam...Security Affairs
February 22, 2021 – Hacker
Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks Full Text
Abstract
Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546 . The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named DEWMODE on victim networks and exfiltrating sensitive data, which was then published on a data leak website operated by the CLOP ransomware gang. But in a twist, no ransomware was actually deployed in any of the recent incidents that hit organizations in the U.S., Singapore, Canada, and the Netherlands, with the actors instead resorting to extortion emails to threaten victims into paying bitcoin ransoms. According to Risky Business , some of the companies that have had their data listed on the site include Singapore's telecom provider SingTel , the American Bureau of Shipping, law firmThe Hacker News
February 22, 2021 – General
Hillicon Valley: Google lifting ban on political ads | DHS taking steps on cybersecurity | Controversy over TV ‘misinformation rumor mills’ Full Text
Abstract
GOOGLE TO LIFT BAN: Advertisers will be able to buy political ads with the search giant starting Wednesday for the first time since Jan. 13, when a ban was implemented a week after the deadly insurrection at the Capitol.The Hill
February 22, 2021 – Malware
Google Alerts used to launch fake Adobe Flash Player updater Full Text
Abstract
The threat actors are “quite clever” in using Google Alerts as an attack vector to prompt users to “update” Adobe Flash Player.SCMagazine
February 22, 2021 – Government
DHS announces new measures to boost nation’s cybersecurity Full Text
Abstract
The Department of Homeland Security (DHS) on Monday announced a range of steps it will take to bolster the nation’s cybersecurity posture, including increasing funding for key cybersecurity issues.The Hill
February 22, 2021 – General
Interactive hacks went up 400% in the past two years Full Text
Abstract
The numbers provide a needed counterweight to the argument that automated hacking (or defense) can be a tonic for everything in the cyber realm.SCMagazine
February 22, 2021 – Denial Of Service
TDoS Attacks Take Aim at Emergency First-Responder Services Full Text
Abstract
The FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services.Threatpost
February 22, 2021 – Attack
Ukraine sites suffered massive attacks launched from Russian networks Full Text
Abstract
Ukraine 's government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security...Security Affairs
February 22, 2021 – General
‘Think about problems in a different way’: Inside the Bank of America CISO’s neurodiversity push Full Text
Abstract
Professionals with autism, ADHD and other conditions can bring a different way of thinking to infosec roles, “able to connect dots that we may not be able to connect,” said Bank of America’s Craig Froelich in an indepth interview.SCMagazine
February 22, 2021 – Hacker
Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report Full Text
Abstract
APT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers.Threatpost
February 22, 2021 – Phishing
Texas electric company warns of scammers threatening to cut power Full Text
Abstract
Texas electric utility Austin Energy today warned of unknown individuals impersonating the company and threatening customers over the phone that their power will be cut off unless they pay fictitious overdue bills.BleepingComputer
February 22, 2021 – Insider Threat
Former Employee Behind Earthquakes Stadium Hack Full Text
Abstract
Spiteful fired employee lost San Jose stadium concessionaire hundreds of thousands of dollarsInfosecurity Magazine
February 22, 2021 – Attack
Georgetown County has yet to recover from a sophisticated cyber attack Full Text
Abstract
The systems of Georgetown County have been hacked at the end of January, and the county staff is still working to rebuild its computer network. The systems of Georgetown County have been hit with a sophisticated cyber attack at the end of January,...Security Affairs
February 22, 2021 – Vulnerabilities
SHAREit fixes security bugs in app with 1 billion downloads Full Text
Abstract
Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users' devices.BleepingComputer
February 22, 2021 – Vulnerabilities
SHAREit fixes security bugs three months after initial report Full Text
Abstract
Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users' devices.BleepingComputer
February 22, 2021 – Disinformation
Content Provenance Group Formed Full Text
Abstract
Media and tech companies ally to tackle disinformation and fraudulent online contentInfosecurity Magazine
February 22, 2021 – Privacy
Brave browser found to leak users’ Tor dark web activity Full Text
Abstract
An anonymous security researcher demonstrated that the browser was sending the queries for .onion addresses to public DNS resolvers for all to see, defeating the purpose of using the Tor mode.Tech Radar
February 22, 2021 – General
Personal info compromised at 88 firms in Japan in 2020 Full Text
Abstract
Behind the surge in the number of cases in which information was compromised is that many companies have been rushing to promote digitalization and remote work, experts said.The Japan Times
February 22, 2021 – Attack
Silicon Valley VC Firm Phished Full Text
Abstract
Sequoia Capital tells investors that it has been hackedInfosecurity Magazine
February 22, 2021 – Business
Proofpoint To Buy Data Protection MSP InteliSecure For $62.5M Full Text
Abstract
The email security vendor said the acquisition of InteliSecure will simplify data protection for customers by streamlining policy creation and providing unified event visibility across tools.CRN
February 22, 2021 – Botnet
Watch Out for WatchDog Full Text
Abstract
WatchDog, the cryptomining malware, has been found to be running undetected for more than two years. The botnet has hijacked at least 476 Windows and Linux devices, to date.Cyware Alerts - Hacker News
February 22, 2021 – Malware
New Silver Sparrow malware infects 30,000 Macs for unknown purpose Full Text
Abstract
A new macOS malware known as Silver Sparrow has silently infected almost 30,000 Mac devices with malware whose purpose is a mystery.BleepingComputer
February 22, 2021 – Hacker
Chinese hackers used NSA exploit years before Shadow Brokers leak Full Text
Abstract
Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017.BleepingComputer
February 22, 2021 – Vulnerabilities
Python programming language hurries out update to tackle remote code vulnerability Full Text
Abstract
PSF is urging its legion of Python users to upgrade systems to Python 3.8.8 or 3.9.2, in particular to address the remote code execution (RCE) vulnerability that's tracked as CVE-2021-3177.ZDNet
February 22, 2021 – Privacy
How smartphone apps extract your data via location tracking Full Text
Abstract
From the location data, an app can extract personal information and asks users to give feedback on the correctness of such information as well as to rate its relevance in terms of privacy sensitivity.The Times Of India
February 22, 2021 – Attack
Criminals leveraging shift to remote work to develop targeted attacks Full Text
Abstract
Malwarebytes announced the findings of its report which explores how the global pandemic forced many employees to quickly become a remote workforce and confined consumers to their homes.Help Net Security
February 22, 2021 – Ransomware
Global Accellion data breaches linked to Clop ransomware gang Full Text
Abstract
Threat actors associated with a financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion's legacy File Transfer Appliance and steal data.BleepingComputer
February 22, 2021 – Covid-19
10 COVID-19-related lessons for future-ready cybersecurity Full Text
Abstract
For far too long, we have accepted weaknesses in software supply chain. We must be more diligent about putting pressure on the entities in the supply chain to offer proof of deep security scrutiny.Help Net Security
February 22, 2021 – Hacker
NSA Equation Group tool was used by Chinese hackers years before it was leaked online Full Text
Abstract
The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed...Security Affairs
February 22, 2021 – Outage
RMIT claims ‘significant progress’ in bouncing back from Friday’s IT outage Full Text
Abstract
Melbourne's RMIT University has said significant progress has been made in restoring its systems, following reports on Friday the university had fallen victim to a phishing attack.ZDNet
February 22, 2021 – Ransomware
Worldwide Accellion data breaches linked to Clop ransomware gang Full Text
Abstract
Threat actors associated with a financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion's legacy File Transfer Appliance and steal data.BleepingComputer
February 22, 2021 – Attack
Beneteau to Suspend Some Production After Cyberattack Full Text
Abstract
While the deployment of backup systems will allow Beneteau’s activities to start again, production at some of its units, particularly in France, will have to slow down or stop for a few days.Bloomberg
February 22, 2021 – Breach
Kroger warns pharmacy customers’ personal data may have been stolen in hack Full Text
Abstract
Some Kroger pharmacy customers’ data may have been stolen after hackers accessed a vendor’s file-transfer service, the grocery store chain said on Friday.The Hill
February 22, 2021 – Education
How to Fight Business Email Compromise (BEC) with Email Authentication? Full Text
Abstract
An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay their focus on MNCs and enterprise-level organizations. SMEs these days are just as much a target to email fraud as the larger industry players. How Can BEC Affect Organizations? Examples of BEC include sophisticated social engineering attacks like phishing, CEO fraud, fake invoices, and email spoofing, to name a few. It can also be termed an impersonation attack wherein an attacker aims to defraud a company by posing people in authoritarian positions. Impersonating people like the CFO or CEO, a business partner, or anyone you will blindly place your trust in is what drives these attacks' success. February ofThe Hacker News
February 22, 2021 – Business
Kaspersky Appoints Christopher Hurst GM of UK and Ireland Full Text
Abstract
Industry veteran to help drive continued enterprise and channel growthInfosecurity Magazine
February 22, 2021 – Hacker
An attacker was able to siphon audio feeds from multiple Clubhouse rooms Full Text
Abstract
An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website While the popularity of the audio chatroom app Clubhouse continues to increase experts are questioning...Security Affairs
February 22, 2021 – Hacker
Chinese Shadow Brokers Hacking Group Copied Windows Zero-Day Exploit Belonging to NSA’s Equation Group Full Text
Abstract
Chinese threat actors "cloned" and used a Windows zero-day exploit stolen from the NSA's Equation Group for years before the privilege escalation flaw was patched, researchers say.ZDNet
February 22, 2021 – Hacker
Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online Full Text
Abstract
On August 13, 2016, a hacking unit calling itself " The Shadow Brokers " announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA). Although the group has since signed off following the unprecedented disclosures, new "conclusive" evidence unearthed by Check Point Research shows that this was not an isolated incident. The previously undocumented cyber-theft took place more than two years before the Shadow Brokers episode, the American-Israeli cybersecurity company said in an exhaustive report published today, resulting in U.S.-developed cyber tools reaching the hands of a Chinese advanced persistent threat which then repurposed them in order to attack U.S. targets. "The caught-in-the-wild exploit of CVE-2017-0005, a zero-day attributed by Microsoft to the Chinese APT31 (aka Zirconium), isThe Hacker News
February 22, 2021 – Criminals
BBC Reports Theft of 105 Electrical Devices Full Text
Abstract
Devices such as laptops and mobile phones taken from BBC premises in the past two yearsInfosecurity Magazine
February 22, 2021 – Privacy
Clubhouse User Extracts Streams From Multiple Private Rooms to Third-Party Website Full Text
Abstract
An unidentified user was able to stream Clubhouse audio feeds this weekend from “multiple rooms” into their own third-party website, said Reema Bahnasy, a spokeswoman for Clubhouse.Bloomberg
February 22, 2021 – Breach
US Retailer Kroger Admits Accellion Breach Full Text
Abstract
FTA platform exploited to compromise dataInfosecurity Magazine
February 22, 2021 – Malware
IronNetInjector: Turla’s New Malware Loading Tool Full Text
Abstract
The method, known as Bring Your Own Interpreter (BYOI), involves use of an interpreter, not present on a system by default, to run malicious code of an interpreted programming or scripting language.Palo Alto Networks
February 22, 2021 – General
Concern as Attacker “Breakout” Time Halves in 2020 Full Text
Abstract
CrowdStrike warns of rising e-crime and nation state activityInfosecurity Magazine
February 22, 2021 – Ransomware
Eye Care Practice: Vendor Paid Ransom for Return of Data Full Text
Abstract
A California-based eye care provider says its online storage vendor was recently hit by hackers and paid a ransom for the return of patient data stolen from both entities.Info Risk Today
February 22, 2021 – Solution
CIS Offers Free DNS Security Tool for US Hospitals Full Text
Abstract
Akamai-powered MDBR service blocks traffic to suspicious domainsInfosecurity Magazine
February 22, 2021 – Business
1Kosmos Emerges from Stealth Mode With $15 Million in Funding Full Text
Abstract
Cybersecurity startup 1Kosmos emerged from stealth mode this week armed with $15 million in Series A funding from ForgePoint Capital to gain traction with its digital identity and authentic solutions.Security Week
February 22, 2021 – Breach
Parents alerted to NurseryCam security breach Full Text
Abstract
NurseryCam said it did not believe the incident had involved any youngsters or staff being watched without their permission, but had shut down its server as a precautionary measure.Yahoo! Finance
February 22, 2021 – Malware
Researchers uncovered a new Malware Builder dubbed APOMacroSploit Full Text
Abstract
Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit,...Security Affairs
February 21, 2021 – Solution
New Chrome for iOS feature locks Incognito tabs with Face ID Full Text
Abstract
Google Chrome for iOS is getting a new privacy feature that lets you lock your opened Incognito tabs behind your iPhone's Face ID or Touch ID biometric authentication features.BleepingComputer
February 21, 2021 – Hacker
Experts warn of threat actors abusing Google Alerts to deliver unwanted programs Full Text
Abstract
Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player...Security Affairs
February 21, 2021 – Hacker
RDP Attackers Have Made Themselves at Home Full Text
Abstract
We all know that the attack surface has expanded because of the sudden shift to work from home, and now, this has given a boost to Remote Desktop Protocol (RDP) attacks.Cyware Alerts - Hacker News
February 21, 2021 – Hacker
Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Full Text
Abstract
A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. The bug bounty hunter Vishal Bharad has earned a $5,000 reward from Apple for reporting a stored cross-site scripting...Security Affairs
February 21, 2021 – Attack
Lakehead University shuts down campus network after cyberattack Full Text
Abstract
Canadian undergraduate research university Lakehead has been dealing with a cyberattack that forced the institution earlier this week to cut off access to its servers.BleepingComputer
February 21, 2021 – Malware
Warning: Google Alerts abused to push fake Adobe Flash updater Full Text
Abstract
Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users' computers.BleepingComputer
February 21, 2021 – Denial Of Service
FBI warns of the consequences of telephony denial-of-service (TDoS) attacks Full Text
Abstract
The Federal Bureau of Investigation (FBI) has issued a warning about the risks of telephony denial-of-service (TDoS) attacks on call centers. The United States’ Federal Bureau of Investigation (FBI) is warning of the consequences of telephony denial-of-service...Security Affairs
February 21, 2021 – Solution
Chrome for iOS will let you lock Incognito mode with Face ID Full Text
Abstract
Google Chrome for iOS is getting a new privacy feature that lets you lock your opened Incognito tabs behind your iPhone's Face ID or Touch ID biometric authentication features.BleepingComputer
February 21, 2021 – General
Security Affairs newsletter Round 302 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. PayPal addresses...Security Affairs
February 20, 2021 – Business
Microsoft Edge is crowdsourcing whether to show notification prompts Full Text
Abstract
Microsoft is now using crowdsourcing to determine whether to show a site's website subscription dialog prompt in the Microsoft Edge web browser.BleepingComputer
February 20, 2021 – Privacy
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users Full Text
Abstract
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday. Brave ships with a built-in feature called " Private Window with Tor " that integrates the Tor anonymity network into the browser, allowing users to access .onion websites, which are hosted on the darknet, without revealing the IP address information to internet service providers (ISPs), Wi-Fi network providers, and the websites themselves. The feature was added in June 2018 . This is achieved by relaying users' requests for an onion URL through a network of volunteer-run Tor nodes. At the same time, it's worth noting that the feature uses Tor just as a proxy and does not implement most of the privacy protections offered by Tor Browser. But according to a report firstThe Hacker News
February 20, 2021 – Breach
Kroger data breach exposes pharmacy and employee data Full Text
Abstract
Supermarket giant Kroger has suffered a data breach after a service used to transfer files securely was hacked, and threat actors stole files.BleepingComputer
February 20, 2021 – Government
The US Government is going to respond to the SolarWinds hack very soon Full Text
Abstract
The US is going to respond to the SolarWinds supply chain attack within weeks, national security adviser Jake Sullivan told CNN. The US will respond within weeks to the devastating SolarWinds supply cyber attack, national security adviser Jake Sullivan...Security Affairs
February 20, 2021 – Vulnerabilities
Recently fixed Windows zero-day actively exploited since mid-2020 Full Text
Abstract
Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.BleepingComputer
February 20, 2021 – Breach
Sequoia Capital Venture Capital firm discloses a data breach Full Text
Abstract
Sequoia Capital, one of the most prominent venture capital firms, told its investors that an unauthorized third party had access to their information. Sequoia Capital, one of the most prominent venture capital firms that focus on the technology...Security Affairs
February 20, 2021 – Vulnerabilities
SonicWall releases second firmware updates for SMA 100 vulnerability Full Text
Abstract
Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a...Security Affairs
February 20, 2021 – Malware
Silver Sparrow, a new malware infects Mac systems using Apple M1 chip Full Text
Abstract
Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using...Security Affairs
February 20, 2021 – Vulnerabilities
SonicWall releases additional update for SMA 100 vulnerability Full Text
Abstract
SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately.BleepingComputer
February 20, 2021 – Attack
Sequoia Capital says it was hacked Full Text
Abstract
As per Axios, Sequoia Capital told its investors that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee's email was successfully phished.Axios
February 20, 2021 – Breach
Kroger advises customers of data breach affecting pharmacy Full Text
Abstract
The Kroger Co. has advised customers of its pharmacy and Little Clinic of a data security breach in which patient names and sensitive personal information was illegally accessed.AJC
February 20, 2021 – Malware
New Masslogger Trojan variant exfiltrates user credentials Full Text
Abstract
Talos experts uncovered attacks against users in Turkey, Latvia, and Italy, the infections have some similarities with attacks that targeted users in Bulgaria, Lithuania, Hungary, Estonia, Romania, and Spain in September, October, and November 2020.Security Affairs
February 20, 2021 – Vulnerabilities
Brave browser leaks onion addresses in DNS traffic Full Text
Abstract
The Tor mode included with the Brave web browser allows users to access .onion dark web domains inside Brave private browsing windows without having to install Tor as a separate software package.ZDNet
February 20, 2021 – Attack
Lakehead University Shuts Down Campuses and Computers After Cyberattack Full Text
Abstract
In response to the attack, officials shut down all computer systems at the Thunder Bay and Orillia campuses. The message sent to faculty members doesn’t say how the threat actors managed to infiltrate the information systems of the university.Bit Defender
February 19, 2021 – Government
‘If you wait for government, you’re going to be waiting a long time’: A look at Biden’s cyber funding Full Text
Abstract
How much of Biden’s promised funding for cyber will support small and medium businesses? Tugboat Logic CEO Ray Kruck offers tips for managing the risk in the meantime.SCMagazine
February 19, 2021 – Ransomware
Underwriters Laboratories (UL) certification giant hit by ransomware Full Text
Abstract
UL LLC, better known as Underwriters Laboratories, has suffered a ransomware attack that encrypted its servers and caused them to shut down systems while they recover.BleepingComputer
February 19, 2021 – Phishing
Phishing campaign alters prefix in hyperlinks to bypass email defenses Full Text
Abstract
Better integration between email and web security systems could serve as a defense.SCMagazine
February 19, 2021 – General
Hillicon Valley: Biden cyber rules | Australia’s war with Facebook | UK ruling on Uber Full Text
Abstract
President BidenJoe BidenDeath toll from winter weather rises to at least 40: AP On The Money: House panel spars over GameStop, Robinhood | Manchin meets with advocates for wage | Yellen says go big, GOP says hold off Top political donor sentenced to 12 years in prison for illegal campaign contributions MORE is pushing for “rules of the road” on cybersecurity and tech. In a story that is blowing up down under, the Australian Prime Minister is pushing Facebook to reconsider its newly instated policy restricting users in the country from sharing news content. In a U.K. decision with ripple effects, Uber drivers were deemed “workers” for the company by an unanimous Supreme Court ruling, forcing the company to evaluate payments and benefits to its drivers. In other news, this is really cool.The Hill
February 19, 2021 – Vulnerabilities
Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider Full Text
Abstract
A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users. A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users. The...Security Affairs
February 19, 2021 – Ransomware
Payment processor used by state, municipal agencies hit by ‘Cuba’ ransomware gang Full Text
Abstract
The Cuba ransomware gang launched assaults in February on a payment processor widely used by many state and municipal agencies across the United States to manage utility bills and driver’s license data, prompting data breach notifications from numerous cities and agencies in California and Washington. The miscreants gang stole unencrypted data files from Seattle-based Automatic…SCMagazine
February 19, 2021 – Business
CrowdStrike $400M buy addresses ‘drastically different attack surface’ Full Text
Abstract
The purchase and integration of log management startup Humio is designed to account for the changes that have taken place in IT management over the last decade, particularly the reliance on multiple vendors and cloud services.SCMagazine
February 19, 2021 – Malware
Mysterious Silver Sparrow Malware Found Nesting on 30K Macs Full Text
Abstract
A second malware that targets Macs with Apple’s in-house M1 chip is infecting machines worldwide — but it’s unclear why.Threatpost
February 19, 2021 – Attack
Credential-Stuffing Attack Targets Regional Internet Registry Full Text
Abstract
RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.Threatpost
February 19, 2021 – General
Threatpost Cybersecurity Webinars: Going Beyond the Headlines Full Text
Abstract
A collection of past and upcoming Threatpost webinars on the cybersecurity topics that matter most. A collection of past and upcoming Threatpost webinars on the cybersecurity topics that matter most. A collection of past and upcoming Threatpost webinars on the cybersecurity topics that matter most. A collection of past and upcoming Threatpost webinars on the cybersecurity topics that matter most. A collection of past and upcoming Threatpost webinars on the cybersecurity topics that matter most.Threatpost
February 19, 2021 – Policy and Law
US Arrests Six Alleged Cyber-Scam Money Launderers Full Text
Abstract
Charges brought against alleged members of $50m fraud and money-laundering ringInfosecurity Magazine
February 19, 2021 – Ransomware
Kia Denies Ransomware Attack Full Text
Abstract
Car maker says this week’s network outage was not linked to ransomwareInfosecurity Magazine
February 19, 2021 – Phishing
Spam and Phishing Attacks 2020 - Key Trends Full Text
Abstract
The COVID-19 pandemic is being completely exploited by online scammers. Kaspersky researchers laydown trends and studies for phishing and spam for the past year.Cyware Alerts - Hacker News
February 19, 2021 – Government
Biden calls for creating ‘rules’ on cyber, tech to combat China and Russia threats Full Text
Abstract
President Biden on Friday called on the United States and other democratic nations to shape the “rules of the road” on cybersecurity and tech issues, particularly as part of efforts to confront China and Russia.The Hill
February 19, 2021 – General
Healthcare Data Breaches Halved in January Full Text
Abstract
Sharp month-on-month drop in US healthcare data breaches of 500 or more recordsInfosecurity Magazine
February 19, 2021 – Malware
New Masslogger Trojan variant exfiltrates user credentials Full Text
Abstract
MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. MassLogger Windows credential stealer is back and it has been upgraded to steal credentials from...Security Affairs
February 19, 2021 – Denial Of Service
DDoS Attacks in Fourth Quarter of 2020 - A Report Full Text
Abstract
Researchers explain how the DDoS attack trend in the final quarter of the year 2020 is a unique one and highlights what to expect from DDoS threats for Q1 2021.Cyware Alerts - Hacker News
February 19, 2021 – Vulnerabilities
Highest Number of Vulnerabilities Disclosure Reported in 2020 Full Text
Abstract
An analysis of data collected by the NIST about vulnerabilities from 2020 says numbers of security loopholes in 2020 skyrocketed to create a new record.Cyware Alerts - Hacker News
February 19, 2021 – Ransomware
CIS now offers free ransomware protection to all US hospitals Full Text
Abstract
The Center for Internet Security (CIS), a non-profit dedicated to securing IT systems and data, announced the launch of free ransomware protection for US private hospitals through the Malicious Domain Blocking and Reporting (MDBR) service.BleepingComputer
February 19, 2021 – Vulnerabilities
Brave privacy bug exposes Tor onion URLs to your DNS provider Full Text
Abstract
Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit.BleepingComputer
February 19, 2021 – Policy and Law
Three North Korean Hackers Indicted in Global Cybercrime Scheme Full Text
Abstract
On Feb. 17, the Department of Justice released a newly unsealed indictment that charges three North Korean cyber operatives in connection with an alleged scheme to steal currency and commit cyberattacks on banks and businesses around the world.Lawfare
February 19, 2021 – Policy and Law
Draft Adequacy Decision Paves the Way for EU-UK Data Flows to Continue Freely Full Text
Abstract
The UK urges the approval process to be quickly concludedInfosecurity Magazine
February 19, 2021 – Policy and Law
U.S. Charges 3 North Koreans With Hacking and Stealing Millions of Dollars Full Text
Abstract
The Justice Department unsealed charges against three intelligence officers, revealing more details about incursions on Sony Pictures and the National Health Service in Britain, and other attacks.New York Times
February 19, 2021 – Attack
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card Full Text
Abstract
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from the ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad actors to leverage a victim's stolen or lost Visa EMV-enabled credit card for making high-value purchases without knowledge of the card's PIN, and even fool the terminal into accepting unauthentic offline card transactions. "This is not just a mere card brand mixup but it has critical consequences," researchers David Basin, Ralf Sasse, and Jorge Toro said. "For example, criminals can use it in combination with the previous attack on Visa to also bypass the PIN for Mastercard cards. The cards of this brand were previously presumed protected by PIN." Following responsible discThe Hacker News
February 19, 2021 – Vulnerabilities
Security researchers warn of critical zero-day flaws in ‘age gap’ dating app Gaper Full Text
Abstract
Critical zero-day vulnerabilities in Gaper, an ‘age gap’ dating app, could be exploited to compromise any user account and potentially extort users, security researchers claim.The Daily Swig
February 19, 2021 – Vulnerabilities
Stored XSS Vulnerability on iCloud.com Earned Researcher $5,000 Full Text
Abstract
The flaw was present in the iCloud-hosted versions of Apple’s Pages and Keynote software. Exploitation involved creating a new document or presentation and entering an XSS payload into its name field.Security Week
February 19, 2021 – Denial Of Service
Kaspersky: Decline in DDoS Attacks Linked to Surge in Cryptocurrency Value Full Text
Abstract
A 31% fall in DDoS attacks was observed in Q4 of 2020Infosecurity Magazine
February 19, 2021 – Malware
Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning Full Text
Abstract
Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target...Security Affairs
February 19, 2021 – Attack
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy Full Text
Abstract
The SolarWinds breach is a reminder that, in general, any company that relies heavily on tools alone to secure its network infrastructure and software is taking an enormous risk.Dark Reading
February 19, 2021 – General
Shift to Remote Work Necessitating Greater Innovation in Cybersecurity Full Text
Abstract
The changing security perimeter requires new ways of thinking about cybersecurityInfosecurity Magazine
February 19, 2021 – Solution
Apple adds ‘BlastDoor’ security feature to fight iMessage hacks Full Text
Abstract
While largely invisible to users, BlastDoor is present on iOS 14, the most recent version of Apple’s iPhone operating system, and systems for all its other devices, company officials said.Reuters
February 19, 2021 – Business
CrowdStrike Snaps Up London Start-Up Humio Full Text
Abstract
US security giant pays $400m for log management firmInfosecurity Magazine
February 19, 2021 – Breach
Jamaica’s Immigration Website Exposed Personal Data and COVID-19 Test Results of Thousands of Travelers Full Text
Abstract
A security lapse by a Jamaican government contractor has exposed immigration records and COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year.TechCrunch
February 19, 2021 – Hacker
SolarWinds Attackers Breached 100+ Private Firms Full Text
Abstract
White House briefing reveals extent of attack on tech industryInfosecurity Magazine
February 19, 2021 – Malware
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware Full Text
Abstract
This joint advisory is the result of analytic efforts among the FBI, the CISA, and the Treasury to highlight the threat to cryptocurrency posed by North Korea and provide mitigation recommendations.CISA
February 19, 2021 – Attack
Internet Registry RIPE NCC Warns of Credential Stuffing Attack Full Text
Abstract
Attackers unsuccessfully targeted its single sign-on serviceInfosecurity Magazine
February 19, 2021 – General
Healthcare breaches increased over 50% in 2020 Full Text
Abstract
Hacking and IT incidents also led to larger breaches than other categories did, compromising 91.2% of all exposed healthcare records in 2020 (24.1 million out of 26.4 million), according to Bitglass.Help Net Security
February 19, 2021 – Criminals
Darknet Markets Compete to Replace Joker’s Stash Full Text
Abstract
Cybercriminal gangs operating darknet stolen payment card marketplaces are scrambling to attract customers from the now-closed Joker's Stash card market, according to Kela and Flashpoint.Gov Info Security
February 19, 2021 – Business
Capital Group Appoints Marta Zarraga as Global Chief Information Officer Full Text
Abstract
Zarraga will oversee the org’s technology and cybersecurityInfosecurity Magazine
February 19, 2021 – Phishing
Phishing: These are the most common techniques used to attack your PC Full Text
Abstract
Creating malicious Office macros is still the most common attack technique deployed by cybercriminals looking to compromise PCs after they've tricked victims into opening phishing emails.ZDNet
February 19, 2021 – Malware
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials Full Text
Abstract
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger — a .NET-based malware with capabilities to hinder static analysis — building on similar campaigns undertaken by the same actor against users in Bulgaria, Lithuania, Hungary, Estonia, Romania, and Spain in September, October, and November 2020. MassLogger was first spotted in the wild last April, but the presence of a new variant implies malware authors are constantly retooling their arsenal to evade detection and monetize them. "Although operations of the Masslogger trojan have been previously documented, we found the new campaign notable for using the compiled HTML file format to start the infection chain," researchers with Cisco Talos said on WThe Hacker News
February 19, 2021 – Hacker
Hackers steal credit card data abusing Google’s Apps Script Full Text
Abstract
Hackers abuse Google Apps Script to steal credit cards, bypass CSP Attackers are abusing Google's Apps Script business application development platform to steal payment card information from e-stores. Sansec researchers reported that threat...Security Affairs
February 19, 2021 – Phishing
Nigerian man sentenced 10 years for $11 million phishing scam Full Text
Abstract
A Nigerian national has been sentenced to 10 years in prison for allegedly coordinating an international spearphishing campaign that has cost victims approximately $11 million in losses.Cyberscoop
February 19, 2021 – Attack
Internet Registry for Europe experienced a credential-stuffing attack Full Text
Abstract
The Regional Internet Registry for Europe and part of Asia (RIPE NCC) said its single sign-on (SSO) service experienced a suspected credential-stuffing attack, which caused a short outage.Cyber News
February 18, 2021 – Hacker
SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune Full Text
Abstract
Microsoft, on Thursday, said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure builds upon an earlier update on December 31, 2020, that uncovered a compromise of its own network to view source code related to its products and services. "We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," the Windows maker had previously disclosed. "The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.". Now according to the company, besides viewing few individual files by searching throThe Hacker News
February 18, 2021 – Ransomware
US cities disclose data breaches after vendor’s ransomware attack Full Text
Abstract
A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington.BleepingComputer
February 18, 2021 – Accident
Microsoft wraps SolarWinds probe, nudges companies toward zero trust Full Text
Abstract
Some question Microsoft’s decision to close the book on the investigation, and say zero trust might not have made a significant difference.SCMagazine
February 18, 2021 – General
Hillicon Valley: Congress prepares to hold hearing on SolarWinds breach, Big Tech content moderation | Tensions rise between Capitol Hill and Facebook, Google over news distribution Full Text
Abstract
Congress is lining up tech and cyber hearings over the next few weeks, including a look at the SolarWinds breach, hearing from Big Tech CEOs on content moderation policies, and the launch of a series of hearings focused on combating what lawmakers says is an abuse of online market power.The Hill
February 18, 2021 – Malware
Second malware strain primed to attack Apple’s new M1 chip identified Full Text
Abstract
In just three months, hackers have debuted at least two strains of malware designed to attack Apple’s new M1 chip. Noted Mac security researcher Patrick Wardle published a blog Feb. 14 noting that a Safari adware extension that was originally written to run on Intel x86 chips was revamped to run on the new M1…SCMagazine
February 18, 2021 – Hacker
Microsoft: SolarWinds hackers downloaded some Azure, Exchange source code Full Text
Abstract
Microsoft announced today that the SolarWinds hackers could gain access to source code for a limited amount of components used by Azure, Intune, and Exchange.BleepingComputer
February 18, 2021 – Attack
Credential stuffing attack hit RIPE NCC: Members have to enable 2FA Full Text
Abstract
RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for their accounts. RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on...Security Affairs
February 18, 2021 – Vulnerabilities
SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps Full Text
Abstract
Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered.Threatpost
February 18, 2021 – Ransomware
– Ransomware
The Egregor takedown: New tactics to take down ransomware groups show promise Full Text
Abstract
Ransomware ringleaders and their customers have been put on notice: they may not be as untouchable as they thought.SCMagazine
February 18, 2021 – Criminals
Cybercriminal Enterprise ‘Ringleaders’ Stole $55M Via COVID-19 Fraud, Romance Scams Full Text
Abstract
The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013.Threatpost
February 18, 2021 – Business
Apple Outlines 2021 Security, Privacy Roadmap Full Text
Abstract
Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap.Threatpost
February 18, 2021 – Solution
Apple touts M1 features in updated security guide, days after malicious code discovery Full Text
Abstract
Apple released substantial updates Thursday to its Platform Security Guide – the first revision since April, and the first in the era of Apple’s self-designed M1 chips.SCMagazine
February 18, 2021 – Hacker
SolarWinds hackers had access to components used by Azure, Intune, and Exchange Full Text
Abstract
Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange. Microsoft announced that the threat actors behind the SolarWinds supply chain attack could have had access...Security Affairs
February 18, 2021 – Ransomware
Kia Motors Hit With $20M Ransomware Attack – Report Full Text
Abstract
So far, Kia Motors America has publicly acknowledged an “extended system outage,” but ransomware gang DoppelPaymer claimed it has locked down the company’s files in a cyberattack that includes a $20 million ransom demand. That $20 million will gain Kia a decryptor and a guarantee to not to publish sensitive data bits on the gang’s […]Threatpost
February 18, 2021 – Government
Senate Intelligence panel to hold hearing on SolarWinds breach next week Full Text
Abstract
The Senate Intelligence Committee will hold a hearing on the massive Russian breach of the federal government that has become known as the SolarWinds hack next week in one of the first major congressional hearings on the issue.The Hill
February 18, 2021 – Attack
RIPE NCC Internet Registry discloses SSO credential stuffing attack Full Text
Abstract
RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts.BleepingComputer
February 18, 2021 – Criminals
Software Firm Owner Admits Fraud and CSAM Possession Full Text
Abstract
Agents find indecent images of children while investigating Virginia businessman for fraudInfosecurity Magazine
February 18, 2021 – Breach
California DMV Halts Data Transfers After Vendor Breach Full Text
Abstract
California drivers warned of data breach after Seattle verification company suffers ransomware attackInfosecurity Magazine
February 18, 2021 – Attack
SolarWinds attack hit 100 companies and took months of planning, says White House Full Text
Abstract
The White House team leading the investigation into the SolarWinds hack is worried that the breach of 100 US companies has the potential to make the initial compromise a headache in future.ZDNet
February 18, 2021 – General
Discord: A New Paradise for Cybercrime Full Text
Abstract
In a new report, Zscaler revealed the widespread use of Discord to host multiple payloads, including the Epsilon ransomware, Redline stealer, XMRig miner, and Discord token grabbers.Cyware Alerts - Hacker News
February 18, 2021 – Hacker
Hackers abuse Google Apps Script to steal credit cards, bypass CSP Full Text
Abstract
Attackers are abusing Google's Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online.BleepingComputer
February 18, 2021 – Hacker
Hackers target Myanmar government websites in coup protest Full Text
Abstract
Hackers attacked military-run government websites in Myanmar on Thursday (Feb 18) as a cyber war erupted after authorities shut down the Internet for a fourth straight night.Channel News Asia
February 18, 2021 – Vulnerabilities
Exploit Details Emerge for Unpatched Microsoft Bug Full Text
Abstract
A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.Threatpost
February 18, 2021 – APT
French IT Providers Actively Targeted by Russian Sandworm APT Group Full Text
Abstract
The French information security agency (ANSSI) linked Russian group Sandworm with a three-year-long stealthy operation involving a breach of several French entities by exploiting an IT monitoring tool.Cyware Alerts - Hacker News
February 18, 2021 – Education
Purdue University and MITRE form partnership to advance innovation and workforce development Full Text
Abstract
Purdue University and MITRE are combining their expertise and capabilities to form a new public-private partnership focusing on key areas of national safety and security.Help Net Security
February 18, 2021 – Phishing
Phishers tricking users via fake LinkedIn Private Shared Document Full Text
Abstract
Phishers are trying to trick users into opening a “LinkedIn Private Shared Document” and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns.Help Net Security
February 18, 2021 – Breach
Sensitive data of Over 257,000 Online Gamblers Put for Sale on Hacker Forum Full Text
Abstract
A user on a popular hacking forum is selling a database that purportedly contains more than 257,000 user records from orakulas.lt (now known as Olybet.lt), a Lithuanian online betting service.Cyber News
February 18, 2021 – Policy and Law
US Jails Celebrated Nigerian Entrepreneur for Cyber-Fraud Full Text
Abstract
Ten years for man behind $11m cyber-fraud targeting Caterpillar’s British export sales officeInfosecurity Magazine
February 18, 2021 – Botnet
WatchDog botnet targets Windows and Linux servers in cryptomining campaign Full Text
Abstract
PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows...Security Affairs
February 18, 2021 – Hacker
Microsoft: SolarWinds hackers downloaded Azure, Exchange source code Full Text
Abstract
Microsoft announced today that the SolarWinds hackers could gain access to source code for a limited amount of components used by Azure, Intune, and Exchange.BleepingComputer
February 18, 2021 – Attack
FBI: Telephony denial-of-service attacks can lead to loss of lives Full Text
Abstract
The Federal Bureau of Investigation (FBI) has warned of the harsh consequences of telephony denial-of-service (TDoS) attacks and has also provided the steps needed to mitigate their impact.BleepingComputer
February 18, 2021 – Disinformation
Groups launch $22 million effort to battle disinformation targeting Latinos Full Text
Abstract
A Latino advocacy group and media watchdog will invest $22 million in an effort to battle disinformation targeted at the Hispanic community.The Hill
February 18, 2021 – Government
Congress’s IT Infrastructure Is a Disaster Waiting to Happen—Here’s How to Start Fixing It Full Text
Abstract
Over a month after the insurrection, the significance of the cybersecurity-related damage remains unknown. Congress should take this moment as an opportunity to shore up the Capitol's digital systems.Lawfare
February 18, 2021 – Education
How To Know if a Website Is Safe To Use Full Text
Abstract
Some aspects of the web are a mystery to many users around the world. Even though we are using our computers daily,...Cyber Security News
February 18, 2021 – Attack
Top 10 most used MITRE ATT&CK tactics and techniques Full Text
Abstract
The MITRE ATT&CK framework is a well known and widely used knowledge base of cyber adversary tactics, techniques and procedures, and is based on observations on real-world attacks.Help Net Security
February 18, 2021 – Malware
US shares info on North Korean malware used to steal cryptocurrency Full Text
Abstract
The FBI, CISA, and US Department of Treasury shared detailed info on malicious and fake crypto-trading applications used by North Korean-backed state hackers to steal cryptocurrency from individuals and companies worldwide in a joint advisory published on Wednesday.BleepingComputer
February 18, 2021 – Malware
Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos Full Text
Abstract
Delivered through phishing emails, the Masslogger trojan’s latest variant is contained within a multi-volume RAR archive using the .chm file format and .r00 extensions, said Switchzilla researchers.The Register
February 18, 2021 – Business
FDM Group Makes Pledge to Hire 2000+ New Global IT Trainees in 2021 Full Text
Abstract
Hiring goal announced amid surge in demand for IT specialistsInfosecurity Magazine
February 18, 2021 – Breach
California DMV halts data transfers with third-party company after security breach Full Text
Abstract
The California Department of Motor Vehicles announced Wednesday that a third-party company it shares data with has had a security breach. It is unclear if any DMV information was compromised.KCRA
February 18, 2021 – Business
CrowdStrike To Acquire Humio For About $400M Full Text
Abstract
CrowdStrike, a provider of cloud-delivered endpoint and cloud workload protections, has agreed to acquire Humio, a provider of high-performance cloud log management and observability technology.Nasdaq
February 18, 2021 – Vulnerabilities
Half of Apps Contain at Least One Serious Exploitable Vulnerability Full Text
Abstract
Nearly 70% of apps in manufacturing have at least one serious vulnerabilityInfosecurity Magazine
February 18, 2021 – Breach
California Medical Imaging Group Leaks Info of 100,000 Patients Due to Flawed PACS System Full Text
Abstract
A California medical imaging group practice says vulnerabilities in its picture archiving and communications system left patient data at risk of unauthorized access for more than a year.Gov Info Security
February 18, 2021 – Attack
Centreon Says that Russian Hackers Hit Older Versions of the Software Full Text
Abstract
Centreon, a French software company, published a blog providing clarification on a report published by ANSSI , CERTFR-2021-CTI-004.According to Centreon, Russian Hackers...Cyber Security News
February 18, 2021 – Breach
Breach Caused Due to Third-party File Sharing Service Impacts 129,000 Singtel Customers’ Data Full Text
Abstract
Singtel has confirmed that the personal details of 129,000 customers, as well as the financial information of its former employees, have been compromised in a recent security breach.ZDNet
February 18, 2021 – Malware
First Malware Designed for Apple M1 Chip Discovered in the Wild Full Text
Abstract
One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors. While the transition to Apple silicon has necessitated developers to build new versions of their apps to ensure better performance and compatibility, malware authors are now undertaking similar steps to build malware that are capable of executing natively on Apple's new M1 systems, according to macOS Security researcher Patrick Wardle. Wardle detailed a Safari adware extension called GoSearch22 that was originally written to run on Intel x86 chips but has since been ported to run on ARM-based M1 chips. The rogue extension, which is a variant of the Pirrit advertising malware, was first seen in the wild on November 23, 2020, according to a sample uploaded to VirusTotal on December 27. "TodThe Hacker News
February 18, 2021 – General
Breaches Cost US Healthcare Organizations $13bn in 2020 Full Text
Abstract
Bitglass says over 26 million people were impactedInfosecurity Magazine
February 18, 2021 – Attack
Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software Full Text
Abstract
The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020. Threat actors mainly targeted IT service providers, particularly web hosting.Security Affairs
February 18, 2021 – Policy and Law
Two More Lazarus Group Members Indicted for North Korean Attacks Full Text
Abstract
Sony Pictures, WannaCry and string of heists blamed on agentsInfosecurity Magazine
February 18, 2021 – Ransomware
When Cyber Gangs Disregard Ransomware Payments, Victims Can Be Hit Twice Full Text
Abstract
In its Quarterly Ransomware Report for Q3 2020, Coveware notes that nearly half of the ransomware attacks it had tracked during that quarter had included the threat to leak unencrypted data.Security Intelligence
February 18, 2021 – General
UK’s Cybersecurity Sector Experiences Record Growth Full Text
Abstract
Sector saw £821m raised in investment last yearInfosecurity Magazine
February 18, 2021 – Privacy
Tracker pixels in emails are now an ‘endemic’ privacy concern Full Text
Abstract
The Hey messaging service analyzed its traffic following a request from the BBC and discovered that roughly two-thirds of emails sent to its users' private email accounts contained a "spy pixel."ZDNet
February 18, 2021 – Business
AdaCore acquires Componolit to expand its market share in Germany Full Text
Abstract
The acquisition of Componolit will provide AdaCore with a further foothold to expand its growing market share in Germany where the requirement for high-assurance software is increasing rapidly.Help Net Security
February 18, 2021 – Breach
Singtel Breach Hits 129,000 Customers Full Text
Abstract
Telco was compromised via legacy Accellion FTA productInfosecurity Magazine
February 18, 2021 – Vulnerabilities
The OpenSSL Project addressed three vulnerabilities Full Text
Abstract
The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The OpenSSL Project released security patches to address three vulnerabilities, two denial-of-service (DoS)...Security Affairs
February 18, 2021 – Phishing
Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam Full Text
Abstract
The owners of a popular barcode scanner Android application that became a malicious nuisance on millions of devices with one update insist that a third-party buyer was to blame.ZDNet
February 18, 2021 – Ransomware
Update: Information Posted Online After North Carolina Ransomware Attack Full Text
Abstract
The Chatham County network was hit on Oct. 28 with ransomware that originated in a phishing email with a malicious attachment, The News & Observer of Raleigh reported Tuesday.Security Week
February 18, 2021 – Business
Security Operations Firm Red Canary Raises $81M To Grow R&D Full Text
Abstract
The Denver-based security operations vendor said the funding will support continued investment in both product and team expansion as Red Canary works to fulfill rapidly growing customer demand.CRN
February 17, 2021 – Policy and Law
U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency Heist Full Text
Abstract
The U.S. Department of Justice (DoJ) on Wednesday indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses. The three defendants — Jon Chang Hyok, 31; Kim Il, 27; and Park Jin Hyok, 36 — are said to be members of the Reconnaissance General Bureau, a military intelligence division of North Korea, also known as the Lazarus group , Hidden Cobra , or Advanced Persistent Threat 38 (APT 38). Accusing them of creating and deploying multiple malicious cryptocurrency applications, developing and fraudulently marketing a blockchain platform, the indictment expands on the 2018 charges brought against Park , one of the alleged nation-state hackers previously charged in connection with the 2014 cyberattack on Sony Pictures Entertainment. A Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes "North Korea's operatives, using keyboards rather than gThe Hacker News
February 17, 2021 – Phishing
NIST hints at upgrades to its system for scoring a phish’s deceptiveness Full Text
Abstract
Future plans for the methodology include the incorporation of operational data gathered from multiple organizations.SCMagazine
February 17, 2021 – Ransomware
Kia Motors America suffers ransomware attack, $20 million ransom Full Text
Abstract
Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.BleepingComputer
February 17, 2021 – Phishing
Beware of These New Waves of Phishing Attacks - Warn Agencies Full Text
Abstract
Tech companies and government agencies released alerts about ongoing phishing campaigns laden with malicious attachments and social engineering tactics.Cyware Alerts - Hacker News
February 17, 2021 – Government
Hillicon Valley: Biden to take ‘executive action’ to address SolarWinds breach | Facebook and Google respond to Australian proposed law | DOJ charges North Korean hackers with stealing $1.3 billion in cryptocurrency Full Text
Abstract
Biden will be rolling out action to address cybersecurity following the recent Russian hack, while the Justice Department announced major indictments against North Korean hackers. Meanwhile, Silicon Valley’s eyes were on an Australian proposal today, with Facebook announcing it would restrict news content in the country and Google reaching a deal to pay News Corp to distribute content. In other news, you win some, you Zoom some.The Hill
February 17, 2021 – Business
Applied Insight Acquires Maryland Cyber Firm Full Text
Abstract
Bridges Inc. becomes Applied Insight LLC’s second acquisition in just over a yearInfosecurity Magazine
February 17, 2021 – Government
The U.S. Needs a Cyber State of Distress to Withstand the Next SolarWinds Full Text
Abstract
The SolarWinds hack exposed shortcomings in the U.S. government’s capacity to respond to cyberattacks. In a hard-hitting, far-reaching, and nearly undetectable attack, the perpetrators behind the SolarWinds intrusion secretly inserted malicious code into a software update and subsequently programmed it to appear legitimate.Lawfare
February 17, 2021 – APT
US DoJ charges three members of the North Korea-linked Lazarus APT group Full Text
Abstract
The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department indicted three North Korean military intelligence officials, members of the Lazarus APT group, for their involvement...Security Affairs
February 17, 2021 – Solution
Most businesses plan to move away from VPNs, adopt a zero-trust access model Full Text
Abstract
Growing security risks have prompted companies to move away from virtual private networks (VPNs) in favor of a zero-trust model. Most organizations, 72 percent, plan to ditch VPNs, according to Zscaler’s 2021 VPN Risk Report, which found that 67 percent of organizations are considering remote access alternatives. “It’s encouraging to see that enterprises understand that…SCMagazine
February 17, 2021 – Breach
Stolen Jones Day Law Firm Files Posted on Dark Web Full Text
Abstract
Jones Day, which represented Trump, said the breach is part of the Accellion attack from December.Threatpost
February 17, 2021 – Policy and Law
US indicts North Korean hackers for stealing $1.3 billion Full Text
Abstract
The U.S. Department of Justice has charged three North Koreans for stealing $1.3 billion in money and cryptocurrency in attacks on banks, the entertainment industry, cryptocurrency companies, and more.BleepingComputer
February 17, 2021 – Malware
Trickbot’s Sibling, Bazarbackdoor, is Hunting Down its Targets Vigorously Full Text
Abstract
Researchers have observed a newer, stealthier version of BazarBackdoor, which is written in Nim language to enhance its evasion capabilities, being increasingly distributed through spam campaigns.Cyware Alerts - Hacker News
February 17, 2021 – Government
Hassan to chair Senate emerging threats subcommittee Full Text
Abstract
Sen. Maggie Hassan (D-N.H.) will chair the Senate Homeland Security and Governmental Affairs Committee’s subcommittee focused on national security threats and spending oversight, committee leaders announced Wednesday.The Hill
February 17, 2021 – General
Security Pros Pursue Hobbies at Work Full Text
Abstract
IT security employees spend six hours of every working week on their hobbiesInfosecurity Magazine
February 17, 2021 – Malware
ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams Full Text
Abstract
Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift card scams. The Malvertising gang ScamClub has abused an unpatched zero-day vulnerability in WebKit-based...Security Affairs
February 17, 2021 – Policy and Law
Three North Korean hackers charged for financial and revenge-motivated hacks Full Text
Abstract
The crimes include the 2014 hack against Sony, the WannaCry attacks, cryptocurrency fraud and ATM cash out schemes that targeted at least $1.3 billion.SCMagazine
February 17, 2021 – Attack
Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign Full Text
Abstract
The WatchDog malware has flown under the radar for two years in what researchers call one of the ‘largest’ Monero cryptojacking attacks ever.Threatpost
February 17, 2021 – Hacker
Hackers are Playing No Games: CD Projekt Edition Full Text
Abstract
CD Projekt Red, the Polish gaming firm, announced being hit by a ransomware attack affecting its network. The group responsible for the attack goes by the name of HelloKitty.Cyware Alerts - Hacker News
February 17, 2021 – Government
Biden to take ‘executive action’ to address SolarWinds breach Full Text
Abstract
President Biden will soon take executive action in response to the alleged Russian hack of at least nine federal agencies, according to a White House official.The Hill
February 17, 2021 – Breach
Jones Day Denies Network Breach Full Text
Abstract
America’s tenth-largest law firm says its network was not compromised following Accellion data breachInfosecurity Magazine
February 17, 2021 – Ransomware
Non-profit pledges $1 million to offer free ransomware protection for private hospitals Full Text
Abstract
Public hospitals and health organizations are already eligible, but a series of high-profile attacks on hospitals over the past year have convinced CIS leadership to expand the services to private hospitals as well.SCMagazine
February 17, 2021 – Breach
14 Million Accounts of Amazon and eBay Users From 18 Countries Sold Online in New Leak Full Text
Abstract
The database, which was being sold for $800, included the full names, postal codes, delivery addresses, and shop names, and 1.6 million phone records of customers from 18 countries.Cyber News
February 17, 2021 – Policy and Law
DOJ charges North Korean hackers with stealing $1.3 billion in cryptocurrency Full Text
Abstract
The Justice Department (DOJ) announced charges Wednesday against three North Korean individuals for allegedly stealing $1.3 billion in cash and cryptocurrency from U.S. groups and conducting a series of cyberattacks, including the 2014 Sony Pictures hack.The Hill
February 17, 2021 – Education
#DTX Tech Predictions Mini Summit: How to Build a Strong Cybersecurity Culture Full Text
Abstract
Staff behaviors often cause the biggest security issues to orgsInfosecurity Magazine
February 17, 2021 – Government
Senate Intel leader demands answers on Florida water treatment center breach Full Text
Abstract
Senate Intelligence Committee Chairman Mark Warner (D-Va.) on Wednesday demanded answers around the investigation into the recent attempt by a hacker to breach and poison the water supply in a Florida city.The Hill
February 17, 2021 – Government
China requiring bloggers to obtain government credentials Full Text
Abstract
The Chinese government is launching new rules requiring bloggers and online influencers to acquire state credentials in order to publish content on certain topics, including politics, health and economics.The Hill
February 17, 2021 – General
Rising healthcare breaches driven by hacking and unsecured servers Full Text
Abstract
2020 was a bad year for healthcare organizations in the U.S., which had to deal with a record-high number of cybersecurity incidents on the backdrop of the COVID-19 pandemic.BleepingComputer
February 17, 2021 – Attack
Simon Fraser University Discloses Cyberattack Exposing Personal Information of About 200,000 Students, Staff, and Alumni Full Text
Abstract
The school says about 200,000 people were affected by the breach. The server contained personal information for some current and former students, faculty, staff, and student applicants.CBC
February 17, 2021 – Hacker
Russian Sandworm hackers only hit orgs with old Centreon software Full Text
Abstract
Centreon, the maker of the IT monitoring software exploited by Russian state hackers to infiltrate French companies' networks, said today that only organizations using obsolete software were compromised.BleepingComputer
February 17, 2021 – Policy and Law
Dutch police post ‘friendly’ warnings on hacking forums Full Text
Abstract
Dutch police have posted "friendly" messages on two of today's largest hacking forums warning cyber-criminals that "hosting criminal infrastructure in the Netherlands is a lost cause."ZDNet
February 17, 2021 – Policy and Law
The Cyberlaw Podcast: “This Is How They Tell Me the World Ends” Full Text
Abstract
Our interview this week is with Nicole Perlroth, The New York Times reporter andLawfare
February 17, 2021
Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed Full Text
Abstract
Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups.Threatpost
February 17, 2021 – Policy and Law
Dutch Police post “say no to cybercrime” warnings on hacker forums Full Text
Abstract
The Dutch Police have begun posting warnings on Russian and English-speaking hacker forums not to commit cybercrime as law enforcement is watching their activity.BleepingComputer
February 17, 2021 – Breach
Over 110,000 User Records From Lithuania’s CityBee Car Sharing Service Leaked on Hacker Forum Full Text
Abstract
The first part of the database was posted on February 15 and includes 110,000 CityBee user IDs, usernames, hashed passwords, full names, as well as personal codes (national identification numbers) that belong to mostly Lithuanian CityBee users.Cyber News
February 17, 2021 – Vulnerabilities
Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping Full Text
Abstract
A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and Skout; healthcare apps like Talkspace, Practo, and Dr. First's Backline; and in the Android app that's paired with "temi" personal robot. California-based Agora is a video, voice, and live interactive streaming platform, allowing developers to embed voice and video chat, real-time recording, interactive live streaming, and real-time messaging into their apps. The company's SDKs are estimated to be embedded into mobile, web, and desktop applications across more than 1.7 billion devices globally. McAfee disclosed the flaw (CVE-2020-25605) to Agora.io on April 20The Hacker News
February 17, 2021 – Business
Caren Havelock Joins SureCloud as New CMO Full Text
Abstract
Havelock brings 21+ years of IT marketing experience to cybersecurity and risk management firmInfosecurity Magazine
February 17, 2021 – Vulnerabilities
QNAP patches critical vulnerability in Surveillance Station NAS app Full Text
Abstract
QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software.BleepingComputer
February 17, 2021 – Vulnerabilities
Three New Vulnerabilities Patched in OpenSSL Full Text
Abstract
The most serious of the vulnerabilities, with a severity rating of moderate, is CVE-2021-23841, a NULL pointer dereference issue that can result in a crash and a DoS condition.Security Week
February 17, 2021 – Policy and Law
Italian watchdog fines Facebook 7 million euros Full Text
Abstract
Italy’s competition watchdog fined Facebook ~$8.5 million for not complying with a request by the regulator to correct improper commercial practices in the group’s treatment of user data.Cyber News
February 17, 2021 – Malware
Latin American Javali Trojan Exploits Avira Antivirus Legitimate Injector to Implant Malware Full Text
Abstract
Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico using similar routines as other Latin American trojans.Security Affairs
February 17, 2021 – General
F-Secure: CISOs Must Develop Emotional Intelligence Skills to Succeed Full Text
Abstract
The role of CISOs has significantly broadenedInfosecurity Magazine
February 17, 2021 – Vulnerabilities
The cybersecurity issues of seismic monitoring devices Full Text
Abstract
Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, say researchers who have probed the devices for weak points.Help Net Security
February 17, 2021 – Vulnerabilities
Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software Full Text
Abstract
French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers. The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used...Security Affairs
February 17, 2021 – Government
NIST Issues ‘Foundational Profile’ for Secure GPS Use Full Text
Abstract
The NIST released new guidance based on its cybersecurity framework toward satisfying an executive order on securely using position, navigation, and timing services like the GPS.Nextgov
February 17, 2021 – Ransomware
Clop Ransomware Gang Claims to Steal 100GB of Data From Servers of Jones Day Law Firm Full Text
Abstract
Those behind the Clop ransomware claim that they had obtained 100GB of files from servers of Jones Day and have started to publish redacted files as proof of their successful ransomware attack.Silicon Angle
February 17, 2021 – Hacker
Researchers Unmask Hackers Behind APOMacroSploit Malware Builder Full Text
Abstract
Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely. The tool — dubbed " APOMacroSploit " — is a macro exploit generator that allows the user to create an Excel document capable of bypassing antivirus software, Windows Antimalware Scan Interface (AMSI), and even Gmail and other email-based phishing detection. APOMacroSploit is believed to be the work of two French-based threat actors "Apocaliptique" and "Nitrix," who are estimated to have made at least $5000 in less than two months selling the product on HackForums.net. About 40 hackers in total are said to be behind the operation, utilizing 100 different email senders in a slew of attacks targeting users in more than 30 different countries. The attacks were spotted for the first time at the end of November 2020, accoThe Hacker News
February 17, 2021 – Phishing
NHS Phishing Scam Promises #COVID19 Vaccine Full Text
Abstract
Threat actor ups email volumes 350%, according to MimecastInfosecurity Magazine
February 17, 2021 – APT
French Agency ANSSI Warns that Russia-linked Sandworm APT group Targeting Centreon Monitoring Software Full Text
Abstract
The cybersecurity agency of France has recently affirmed that a group of Russian military hackers, acknowledged as the Sandworm group, was behind...Cyber Security News
February 17, 2021 – Breach
Hoffman Construction shores up its defense systems after employee healthcare data breach Full Text
Abstract
In a breach notification statement, Hoffman said that as soon as it discovered the problem it “disabled the affected systems, took steps to secure our network, and began an investigation”.The Daily Swig
February 17, 2021 – Disinformation
YouTube Terminates 3000 Channels in Russia and China Clampdown Full Text
Abstract
Removals a response to coordinated influence operationsInfosecurity Magazine
February 17, 2021 – Malware
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware Full Text
Abstract
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication. Although exists a strong...Security Affairs
February 17, 2021 – Education
Org behind .org launches DNS Abuse Institute Full Text
Abstract
Public Interest Registry (PIR), the non-profit best known for overseeing the .org top-level domain, launched a centralized resource to help stomp out domain name system (DNS) abuse.SCMagazine
February 17, 2021 – Vulnerabilities
SQLite patches use-after-free bug that left apps open to code execution, denial-of-service exploits Full Text
Abstract
The highest threat to systems running affected versions of SQLite, a C-language library that implements an SQL database engine, is to system availability, according to a Red Hat Bugzilla thread.The Daily Swig
February 17, 2021 – Attack
Centreon: Sandworm Attacks Targeted Legacy Open Source Product Full Text
Abstract
French IT monitoring firm says around 15 organizations were impactedInfosecurity Magazine
February 17, 2021 – Privacy
Quad9 to move offices to Switzerland, invites other privacy-focused firms to follow Full Text
Abstract
Why would a company choose to relocate to a country with more stringent standards? As a proof point to customers. But other companies in the privacy community argue that building trust is more complicated than hopping a plane to Geneva.SCMagazine
February 17, 2021 – Breach
Clubhouse may be leaking data to Chinese govt: Stanford report Full Text
Abstract
The Stanford Internet Observatory (SIO) has confirmed that Agora, a Shanghai-based provider of real-time engagement software, supplies back-end infrastructure to the Clubhouse app.The Times Of India
February 17, 2021 – Covid-19
North Korea Allegedly Targets Pfizer to Steal #COVID19 Vaccine Data Full Text
Abstract
South Korea’s National Intelligence Agency has briefed law makers about the incidentInfosecurity Magazine
February 17, 2021 – Ransomware
CISOs report that ransomware is now the biggest cybersecurity concern in 2021 Full Text
Abstract
Organizations have good reason to be concerned about ransomware. Not only are they highly effective, but often victims find that it is simply easier to pay the ransom than try to rectify the problem.AT&T Cybersecurity
February 17, 2021 – Phishing
Hackers abusing the Ngrok platform phishing attacks Full Text
Abstract
Researchers at Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost.Security Affairs
February 17, 2021 – Solution
Unleash the Power of MITRE ATT&CK for a More Mature SOC Full Text
Abstract
The ATT&CK knowledge base is used as a foundation for building specific threat models and methodologies in the private sector, governments, and the cybersecurity products and services world.Security Intelligence
February 17, 2021 – Business
Sources: Palo Alto Networks acquired DevOps security startup Bridgecrew for around $200M Full Text
Abstract
The startup, backed by the likes of Battery Ventures, Operator Partners and more than a dozen others, has only raised around $18 million, including a Series A of $14 million last year.TechCrunch
February 17, 2021 – Vulnerabilities
Two vulnerabilities in Advantech WebAccess/SCADA Full Text
Abstract
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure.Talos
February 16, 2021 – Vulnerabilities
Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites Full Text
Abstract
A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug (CVE-2021–1801) that allowed malicious parties to bypass the iframe sandboxing policy in the browser engine that powers Safari and Google Chrome for iOS and run malicious code. Specifically, the technique exploited the manner how WebKit handles JavaScript event listeners , thus making it possible to break out of the sandbox associated with an ad's inline frame element despite the presence of "allow-top-navigation-by-user-activation" attribute that explicitly forbids any redirection unless the click event occurs inside the iframe. To test this hypothesis, the researchers set about creating a simple HTML file containing a cross-origin sandboxed iframe and a button outside it thatThe Hacker News
February 16, 2021 – Hacker
Hacker claims to have stolen files from law firm tied to Trump: WSJ Full Text
Abstract
A hacker is claiming to have stolen files from prominent law firm Jones Day, The Wall Street Journal reported on Tuesday.The Hill
February 16, 2021 – Government
‘Everyone’s half asleep, and bosses don’t want trouble’: The struggle to secure utilities Full Text
Abstract
Padraic O’Reilly, co-founder of cyber risk firm CyberSaint, shared insights with SC Media, about the struggles faced by water plants, energy companies and other utilities to assess cyber risk and prevent cyberattacks.SCMagazine
February 16, 2021 – General
Hillicon Valley: TikTok faces more data privacy concerns | Parler is back | North Korean hackers target Pfizer COVID-19 vaccine | Amazon acquires Shopify competitor Selz Full Text
Abstract
A European consumer group is piling on the data privacy concerns facing the widely popular video-sharing app TikTok. Parler is back and looking for new users. North Korean hackers are reportedly targeting and attempting to steal information on Pfizer's COVID-19 vaccine. And e-commerce giant Amazon is expanding with the company, confirming Tuesday it has quietly acquired Australian-based e-commerce platform Selz.The Hill
February 16, 2021 – Hacker
South Korea claims North Koreans hacked Pfizer for COVID-19 vaccine data Full Text
Abstract
The report comes after attempts late last year by suspected North Korean hackers to steal data from at least nine healthcare companies, such as Johnson & Johnson, Novavax and AstraZeneca.SCMagazine
February 16, 2021 – Government
Federal cyber agency gets deputy director after months-long vacancy Full Text
Abstract
Nitin Natarajan on Tuesday was appointed the deputy director of the Cybersecurity and Infrastructure Security Agency (CISA), building back the agency’s leadership months after its top leaders were forced to step down.The Hill
February 16, 2021 – General
SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users Full Text
Abstract
A study of 10 orgs found that, on average, their SIEM solution rules cover only 16% of tactics listed in the framework.SCMagazine
February 16, 2021 – Vulnerabilities
Telegram flaw could have allowed access to users secret chats Full Text
Abstract
Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users' secret messages, photos, and videos to remote attackers. Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS...Security Affairs
February 16, 2021 – Privacy
Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies Full Text
Abstract
TikTok is again in hot water for how the popular video-sharing app collects and shares data – particularly from its underage userbase.Threatpost
February 16, 2021 – Vulnerabilities
Misconfigured Baby Monitors Allow Unauthorized Viewing Full Text
Abstract
Hundreds of thousands of individuals are potentially affected by this vulnerability.Threatpost
February 16, 2021 – Solution
Microsoft releases Azure Firewall Premium in public preview Full Text
Abstract
Microsoft has announced that the new Premium tier for its managed cloud-based network security service Azure Firewall has entered public preview starting today.BleepingComputer
February 16, 2021 – Denial Of Service
DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence Full Text
Abstract
The volume of attacks fell 31 percent in the last part of 2020, as Bitcoin values skyrocketed. But there were still several notable trends, such as a rise in Linux botnets.Threatpost
February 16, 2021 – Solution
Microsoft Edge is getting a new child-friendly Kids Mode Full Text
Abstract
Microsoft is adding a new 'Kids Mode' to the Microsoft Edge browser that provides a safe environment for children to browse the web and consume family-friendly content.BleepingComputer
February 16, 2021 – Solution
Microsoft Edge is getting a new child-friendly Kids Mode Full Text
Abstract
Microsoft is adding a new 'Kids Mode' to the Microsoft Edge browser that provides a safe environment for children to browse the web and consume family-friendly content.BleepingComputer
February 16, 2021 – Education
Mitre and Purdue University team up to push big ideas in cyber and tech Full Text
Abstract
The partnership will allow the two organizations to share research, expertise and personnel as they explore new technologies and workforce solutions in cybersecurity, autonomous systems, microelectronics, and other areas.SCMagazine
February 16, 2021 – Criminals
Neighbor Revealed as Cyber-Stalker Full Text
Abstract
Durban man admits targeting neighbors in cyber-stalking campaignInfosecurity Magazine
February 16, 2021 – Privacy
Europeans Unhappy with TikTok’s Child Safety Policy Full Text
Abstract
EU consumer groups say app fails to protect children from inappropriate contentInfosecurity Magazine
February 16, 2021 – Outage
Kia Motors America experiences massive IT outage across the US Full Text
Abstract
Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support.BleepingComputer
February 16, 2021 – Disinformation
Which? Flags Fake Amazon Reviews Full Text
Abstract
Consumer group finds Amazon retailers can buy positive reviews by the bundleInfosecurity Magazine
February 16, 2021 – Attack
Microsoft: Web Shells Attacks Spreading Like Wildfire Full Text
Abstract
According to Microsoft, web shells are among critical tools used by hackers as it records around 140,000 web shells a month between August 2020 and January 2021.Cyware Alerts - Hacker News
February 16, 2021 – Phishing
Lockdown Love Scams Reach a Record High Full Text
Abstract
The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic with cybercriminals raking in a record $304 million in 2020.Cyware Alerts - Hacker News
February 16, 2021 – Hacker
Threat Actors Unite Against Healthcare Sector Full Text
Abstract
As if double extortion was not enough, the triple extortion tactic is here to be the next nightmare, especially for the healthcare sector.Cyware Alerts - Hacker News
February 16, 2021 – Hacker
North Korean hackers targeted Pfizer coronavirus vaccine: report Full Text
Abstract
North Korean hackers were recently involved in targeting and attempting to steal information on Pfizer’s COVID-19 vaccine, The Washington Post reported Tuesday.The Hill
February 16, 2021 – Vulnerabilities
Windows 10 Secure Boot update triggers BitLocker key recovery Full Text
Abstract
Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot.BleepingComputer
February 16, 2021 – Business
Strata Raises $11 Million to Tackle Multi-Cloud Identity Management Full Text
Abstract
The Boulder, Colorado-based Strata Identity today announced that it has raised $11 million through a Series A funding round led by Menlo Ventures with support from ForgePoint Capital.Security Week
February 16, 2021 – Vulnerabilities
Apple patches severe macOS Big Sur data loss bug Full Text
Abstract
For the past few weeks, macOS Big Sur has suffered from a bug that could cause serious data loss. The bug was introduced in Big Sur 11.2, and it made its way into the 11.3 data.ZDNet
February 16, 2021 – Business
LastPass Free to force users to choose between mobile, desktop Full Text
Abstract
Starting next month, LastPass will no longer allow a free account to be used on multiple types of devices (computers and mobile) at the same time.BleepingComputer
February 16, 2021 – Phishing
Hackers abusing the Ngrok platform phishing attacks Full Text
Abstract
Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations...Security Affairs
February 16, 2021 – Hacker
North Korea ‘Tried to Hack’ Pfizer for Vaccine Info - South’s Spies: Reports Full Text
Abstract
North Korean hackers tried to break into the systems of Pfizer in a search for information on a COVID-19 vaccine and treatment technology, South Korea's spy agency said Tuesday, according to reports.Security Week
February 16, 2021 – Phishing
Automating scam call blocking sees Telstra prevent up to 500,000 calls a day Full Text
Abstract
Telstra said it is now blocking 6.5 million suspected scam calls a month, at times up to 500,000 a day, thanks to automating the former manual process that sat at around 1 million monthly scam calls.ZDNet
February 16, 2021 – Phishing
Malvertisers exploited browser zero-day to redirect users to scams Full Text
Abstract
The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.BleepingComputer
February 16, 2021 – Outage
Notion’s hours-long outage was caused by phishing complaints Full Text
Abstract
Notion's domain registrar is Name.com, but all .so domains are managed by Hexonet, a company that helps connect Sonic, the .so top-level domain registry, with domain name registrars like Name.com.TechCrunch
February 16, 2021 – Education
Learn How to Manage and Secure Active Directory Service Accounts Full Text
Abstract
There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a service account . A service account is a special type of account that serves a specific purpose for services, and ultimately, applications in the environment. These special-purpose Active Directory accounts are also the subject of cybersecurity risks in the environment. What is a service account? What special privileges does it have on local systems? What cybersecurity risks can relate to service accounts used in the environment? How can IT admins find weak or non-expiring passwords used in Active Directory for service accounts? What is a Windows service? As mentioned at the outset, specific Active Directory accounts serve different purposes in Active Directory Domain Services (ADDS). You can assign Active Directory accounts as service accounts, a special-purpose account that most organizations create andThe Hacker News
February 16, 2021 – Education
#DTX Tech Predictions Mini Summit: Focus on Security When Expanding Digital Presence Full Text
Abstract
Orgs must ensure they stay secure as they expand the use of digital technologiesInfosecurity Magazine
February 16, 2021 – Vulnerabilities
Security Flaws Left Unpatched in SHAREit Android App with One Billion Downloads Full Text
Abstract
The bugs can be exploited to run malicious code on smartphones where the SHAREit app is installed, Echo Duan, a mobile threats analyst for security firm Trend Micro, said in a report on Monday.ZDNet
February 16, 2021 – Vulnerabilities
Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware Full Text
Abstract
Multiple unpatched vulnerabilities have been discovered in SHAREit , a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's analysis of the Android version of the app, which allows users to share or transfer files between devices. But in a worrisome twist, the flaws are yet to be patched by Smart Media4U Technology Pte. Ltd., the Singapore-based developer of the app, despite responsible disclosure three months ago. "We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps' permission," Trend Micro researcher Echo Duan said in a write-up. "It is also not easily detectable." One of the flaws arises from the manner the app facilitates sharing ofThe Hacker News
February 16, 2021 – General
Industry Leaders Javvad Malik and Wendy Nather to Headline Infosecurity Magazine Online Summit Full Text
Abstract
Two-day virtual event takes place March 23 and 24Infosecurity Magazine
February 16, 2021 – Hacker
Why Threat Actors Continue to Rely on Cyber Fraud Full Text
Abstract
While 2020 is gone, cyber fraud problems will continue in 2021. Cybercriminals will focus on maximizing their profits, using a traditional cost-benefit analysis to decide on the best attack vector.Fortinet
February 16, 2021 – Education
Managed Service Provider? Watch This Video to Learn about Autonomous XDR Full Text
Abstract
As managed security service providers, you're always on the lookout for new platforms. One that can generate further business, enables you to scale easily without investing in more human resources and provides that value immediately. In the meanwhile, your clients are constantly demanding more security for a lesser cost. Cynet recently published an 8-min video detailing their platform, the Cynet 360 Autonomous XDR Platform. In their video, Cynet specifically focuses on managed service partners, showing the security and business benefits that the platform provides. The video shows the "partner view" of the system and demonstrates how the platform is used to manage multiple clients. Learn more about the Cynet 360 platform for Managed Service Providers here . Cynet 360 natively combines several security components to reduce your operational costs. First, an XDR - Extended Detection and Response, which is a consolidated pre-integrated platform of multiple security solThe Hacker News
February 16, 2021 – General
Cybersecurity Challenges for the European Railways Full Text
Abstract
The European Union Agency for Cybersecurity (ENISA) released in November 2020 its “Cybersecurity in Railways” report to raise awareness about the cybersecurity challenges facing Europe’s railways.Tripwire
February 16, 2021 – Breach
Adorcam App Leaks 124 Million User Records via Unsecured ElasticSearch Database Full Text
Abstract
An unsecured ElasticSearch database belonging to the Adorcam app exposed credentials, hostname, and port for the MQTT server, allowing threat actors to download, delete, or modify the data.CISO MAG
February 16, 2021 – Phishing
Spam and phishing trends in 2020 Full Text
Abstract
In the year 2020, the share of spam in email traffic amounted to 50.37%, down by 6.14 percentage points from 2019. Most of the email spam traffic (21.27%) originated in Russia.Kaspersky Labs
February 16, 2021 – Policy and Law
Police Target Irish Family in €4m Money Laundering Probe Full Text
Abstract
Gang’s criminal proceeds seized in raidsInfosecurity Magazine
February 16, 2021 – Criminals
Most Europeans Don’t Know How to Report Cybercrime Full Text
Abstract
Brits are among the most clued-upInfosecurity Magazine
February 16, 2021 – Privacy
FBI Could use a Tool to Access Private Signal Messages on iPhones Full Text
Abstract
The court has recently published a document that affirms that the FBI may have developed a tool to access the Signal messages...Cyber Security News
February 16, 2021 – Vulnerabilities
Many SolarWinds Customers Failed to Secure Systems Following Hack Full Text
Abstract
Many companies still expose SolarWinds Orion to the internet and have failed to take action following the disclosure of the massive SolarWinds breach, according to RiskRecon.Security Week
February 16, 2021 – General
Have we put too much emphasis on protecting the network? Full Text
Abstract
The “network” is really the plumbing that all of our interconnected devices, applications, data, and resources rely on, and through which we pass instructions and information.Help Net Security
February 16, 2021 – Vulnerabilities
Popular SHAREit app is affected by severe flaws yet to be fixed Full Text
Abstract
Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple...Security Affairs
February 16, 2021 – Vulnerabilities
Popular SHAREit app is affected by severe flaws yet to be fixed Full Text
Abstract
Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple...Security Affairs
February 16, 2021 – Hacker
Microsoft: 1000+ Hackers Worked on SolarWinds Campaign Full Text
Abstract
Russian-backed cyber-espionage operation is “largest” world has seenInfosecurity Magazine
February 16, 2021 – General
Building a secure cloud infrastructure in the era of remote working Full Text
Abstract
Cloud is driving digitalization and promoting the organization to move their current workloads to operate from cloud and support the launch of new services in the age of new normal.The Times Of India
February 16, 2021 – Privacy
Researchers want Australia’s digital ID system thrown out and redesigned from scratch Full Text
Abstract
Researchers find myGovID is subject to an easily-implemented code proxying attack, while the digital identity solution from Australia Post does not possess a fundamental requirement for accreditation.ZDNet
February 16, 2021 – Criminals
270 addresses are responsible for 55% of all cryptocurrency money laundering Full Text
Abstract
Criminals who keep their funds in cryptocurrency tend to launder funds through a small cluster of online services, blockchain investigations firm Chainalysis said in a report last week.ZDNet
February 16, 2021 – General
Health Data Breach Tally Crowded With Vendor Incidents Full Text
Abstract
As of Monday, the HHS OCR website shows 37 major data breaches affecting more than 4.5 million individuals have been reported in 2021 and added to the tally so far this year.Gov Info Security
February 16, 2021 – Business
Cybersecurity spending for critical infrastructure to reach $105.99 billion in 2021 Full Text
Abstract
According to a report by ABI Research, cybersecurity spending for critical infrastructure (CI) will increase by $9 billion over the next year to reach $105.99 billion in 2021.Help Net Security
February 16, 2021 – Skimming
A new Bluetooth overlay skimmer block chip-based transactions Full Text
Abstract
Experts discovered a new Bluetooth overlay skimmer that interferes with the ability of the terminal to read chip-based cards, forcing the use of the stripe. The popular investigator Brian Krebs reported the discovery of a new Bluetooth overlay skimmer...Security Affairs
February 16, 2021 – Skimming
Bluetooth Overlay Skimmer That Blocks Chip — Krebs on Security Full Text
Abstract
The Bluetooth-enabled skimming devices placed over top of payment card terminals interfere with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.Krebs on Security
February 15, 2021 – Hacker
Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities Full Text
Abstract
Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon . The intrusion campaign — which breached "several French entities" — is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French information security agency ANSSI in an advisory. "On compromised systems, ANSSI discovered the presence of a backdoor in the form of a webshell dropped on several Centreon servers exposed to the internet," the agency said on Monday. "This backdoor was identified as being the PAS webshell, version number 3.1.4. On the same servers, ANSSI found another backdoor identical to one described by ESET and named Exaramel." The Russian hacker group (also called APT28, TeleBots, Voodoo Bear, or Iron Viking) is said to be behind some of the most devastating cyberattacks in pThe Hacker News
February 15, 2021 – Vulnerabilities
A Sticker Sent On Telegram Could Have Exposed Your Secret Chats Full Text
Abstract
Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors. The issues were discovered by Italy-based Shielder in iOS, Android, and macOS versions of the app. Following responsible disclosure, Telegram addressed them in a series of patches on September 30 and October 2, 2020. The flaws stemmed from the way secret chat functionality operates and in the app's handling of animated stickers , thus allowing attackers to send malformed stickers to unsuspecting users and gain access to messages, photos, and videos that were exchanged with their Telegram contacts through both classic and secret chats. One caveat of note is that exploiting the flaws in the wild may not have been trivial, as it requires chaining the aforementioned weaknesses to at least one additional vulnerability in order to get around security defenses in modern devices todThe Hacker News
February 15, 2021 – General
Hillicon Valley: Parler announces official relaunch | Google strikes news pay deal with major Australian media company | China central to GOP efforts to push back on Biden Full Text
Abstract
The week in tech news is starting off with the return of the controversial social media platform Parler. Meanwhile, Google has reportedly struck a deal with an Australian news company to pay for its news amid the Silicon Valley giant’s pushback of an Australian proposal that would require it to do just that. More on that and Republicans’ push to cast President BidenJoe BidenWinter storm batters southern US Biden pens Valentine's Day post to wife Biden plans to focus on coronavirus in first G7 meeting MORE as soft on China in today’s Hillicon Valley.The Hill
February 15, 2021 – Vulnerabilities
VMware fixes command injection issue in vSphere Replication Full Text
Abstract
VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere...Security Affairs
February 15, 2021 – Vulnerabilities
VMware fixes command injection issue in vSphere Replication Full Text
Abstract
VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere...Security Affairs
February 15, 2021 – Government
Langevin hopeful new Armed Services panel will shine new spotlight on cybersecurity Full Text
Abstract
Rep. Jim Langevin (D-R.I.), the newly minted chairman of the House Armed Services Committee’s new cybersecurity subcommittee, is looking to bring a new spotlight to the nation’s defensive cyber capabilities and international cyber diplomacy.The Hill
February 15, 2021 – APT
France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers Full Text
Abstract
French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French...Security Affairs
February 15, 2021 – Denial Of Service
DDoS attack takes down EXMO cryptocurrency exchange servers Full Text
Abstract
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack.BleepingComputer
February 15, 2021 – Education
UK’s Top Cyber Schools Revealed Full Text
Abstract
UK’s best schools for cybersecurity instruction win National Cyber Security Centre awardsInfosecurity Magazine
February 15, 2021 – Attack
Cyberattack on Dutch Research Council (NWO) suspends research grants Full Text
Abstract
Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future.BleepingComputer
February 15, 2021 – Hacker
France links Russian Sandworm hackers to hosting provider attacks Full Text
Abstract
The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group.BleepingComputer
February 15, 2021 – Ransomware
Evolving Tricks and Techniques of Conti Full Text
Abstract
Conti is a relatively new addition to the ransomware landscape, however, it has turned to be quite destructive. It is a more accessible variant of Ryuk and works in a RaaS model.Cyware Alerts - Hacker News
February 15, 2021 – Attack
Frequent Attacks on Google Services and Products: A Worrisome Situation Full Text
Abstract
Google products and services have long been targets of cybercrime, majorly due to its userbase. Recently, many attacker groups attempted to exploit Google systems in a variety of campaigns.Cyware Alerts - Hacker News
February 15, 2021 – Phishing
IRS Warns of EFIN Scam Full Text
Abstract
Scammers spoof IRS to steal Electronic Filing Identification Numbers from tax prosInfosecurity Magazine
February 15, 2021 – Vulnerabilities
Mercedes Issues eCall Recall Full Text
Abstract
Over a million Mercedes-Benz cars recalled due to bug in emergency call systemInfosecurity Magazine
February 15, 2021 – General
Cyberattacks are No More Just Virtual, Lives are at Risk Full Text
Abstract
Lately, we have unfortunately witnessed cyber incidents where hackers do not hesitate to endanger human lives if it benefits them. The attacks on industrial systems have proven this point pretty clearly.Cyware Alerts - Hacker News
February 15, 2021 – Hacker
Hackers Not Relinquishing Attacks on Medical Sector, Not Yet Full Text
Abstract
Healthcare organizations are still struggling to keep their patients’ confidential data out of the reach of hackers. Especially in the era of COVID-19.Cyware Alerts - Hacker News
February 15, 2021 – Phishing
Microsoft will alert Office 365 admins of Forms phishing attempts Full Text
Abstract
Microsoft is adding new security warnings to the Security and Compliance Center (SCC) default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants.BleepingComputer
February 15, 2021 – Malware
The malicious code in SolarWinds attack was the work of 1,000+ developers Full Text
Abstract
Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attack Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft...Security Affairs
February 15, 2021 – Ransomware
Dax-Côte d’Argent Hospital in France Hit by Ransomware Attack Impacting Patient Care Full Text
Abstract
In a tweet on February 11, the Center Hospitalier de Dax-Côte d’Argent revealed that it had fallen prey to a cyber-attack and was trying to restore systems that included the telephone switchboard.The Daily Swig
February 15, 2021 – Government
Post Office Announces New Digital ID Solutions Full Text
Abstract
Customers will be able to conduct transactions more easily and securelyInfosecurity Magazine
February 15, 2021 – Phishing
Update: Recent Facebook Phishing Campaign is Now Spreading to the UK After Targeting German Users Full Text
Abstract
With over 20,000 additional victims tricked since the new campaign began on February 11, it appears that is now also targeting British users, as about 75% of the new victims are based in the UK.Cyber News
February 15, 2021 – Vulnerabilities
Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises Full Text
Abstract
Several versions of the product are affected by a high-severity (important) command injection vulnerability that can be exploited by a hacker with admin privileges to execute shell commands.Security Week
February 15, 2021 – Privacy
Apple will proxy Safe Browsing requests to hide iOS users’ IP from Google Full Text
Abstract
Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. A built-in security-focused feature in the Safari browser, " Fraudulent Website Warning ," alerts users about dangerous websites that have been reported as deceptive, malicious, or harmful. To achieve this, Apple relies on Google Safe Browsing — or Tencent Safe Browsing for users in Mainland China — a blocklist service that provides a list of URLs for web resources that contain malware or phishing content, to compare a hash prefix calculated from the website address and check if the website is fraudulent. Any match against the database will prompt Safari to request Google or Tencent for the full list of URLs that match the hashed prefix and subsequently block the user's access to the site with a warning. While the approach ensures that thThe Hacker News
February 15, 2021 – Ransomware
SBRC Adds Ransomware Scenario to Security Training Program Full Text
Abstract
Update recognizes recent rise in ransomware infectionsInfosecurity Magazine
February 15, 2021 – Policy and Law
French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine Full Text
Abstract
An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the Egregor RaaS. Some affiliated with the Egregor RaaS, not the main ransomware gang, have been arrested as a result of a joint...Security Affairs
February 15, 2021 – Vulnerabilities
Palo Alto firewall software vulnerability quartet revealed Full Text
Abstract
“Using these vulnerabilities, an attacker can gain access to sensitive data, disrupt the availability of firewall components or gain access to internal network segments,” the researchers warn.The Daily Swig
February 15, 2021 – Policy and Law
Duo Charged with Multimillion-Dollar Dark Web Drugs Scheme Full Text
Abstract
Two men from Texas alleged to have sold fake Adderall onlineInfosecurity Magazine
February 15, 2021 – Phishing
Nearly 40% of consumers lost money to phone scams in 2020 Full Text
Abstract
Businesses and consumers are relying on the voice call more than ever during the pandemic with voice traffic up 184% in 2020 compared to 2019, according to a Hiya report.Help Net Security
February 15, 2021 – Insider Threat
Yandex Insider Breach Hits Nearly 5000 Inboxes Full Text
Abstract
Customers informed that employee sold accessInfosecurity Magazine
February 15, 2021 – Ransomware
DarkSide Ransomware Gang Claims to Steal 120GB Data from Canada-based Discount Car and Truck Rentals Full Text
Abstract
Visitors who try to manage or book a rental online are met with a message stating that the website is off due to technical problems and for assistance to call the listed numbers.Secure Reading
February 15, 2021 – Ransomware
Police Reportedly Arrest Egregor Ransomware Members Full Text
Abstract
Investigators traced suspects via Bitcoin transactionsInfosecurity Magazine
February 15, 2021 – Business
Hacked Finnish psychotherapy clinic files for bankruptcy Full Text
Abstract
After carefully assessing the situation of Vastaamo, liquidator Lassi Nyyssönen from the law firm Fenno made a decision that it is not possible to conduct liquidation proceedings.Hackread
February 15, 2021 – General
Breach of Trust: How Threat Actors Leverage Confidential Information Against Law Firms Full Text
Abstract
Increasing digitization and the primacy of information in the modern economy has made effective cybersecurity vital for law firms to fulfill their role as custodians of clients’ legal information.Advanced Intelligence
February 15, 2021 – Business
Scalarr raises $7.5M to fight mobile ad fraud Full Text
Abstract
The Series A funding round of Scalarr was led by the European Bank of Reconstruction and Development, with participation from TMT Investments, OTB Ventures, and Speedinvest.TechCrunch
February 15, 2021 – Ransomware
Egregor ransomware operators arrested in Ukraine Full Text
Abstract
Members of the Egregor ransomware operation have been arrested this week in Ukraine, French radio station France Inter reported on Friday, citing law enforcement sources.ZDNet
February 14, 2021 – Solution
Google Chrome, Microsoft Edge getting this Intel security feature Full Text
Abstract
Chromium-based browsers such as Microsoft Edge and Google Chrome will soon support the Intel CET security feature to prevent a wide range of vulnerabilities.BleepingComputer
February 14, 2021 – Criminals
The kingpin behind Joker’s Stash retires with a billionaire exit Full Text
Abstract
The administrators of the most popular carding marketplace on the dark web Joker's Stash announced his retirement. Cybercriminal behind the most prominent carding marketplace on the dark web Joker's Stash retires, he will shut down its servers and destroy...Security Affairs
February 14, 2021 – Ransomware
Egregor ransomware members arrested by Ukrainian, French police Full Text
Abstract
A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine.BleepingComputer
February 14, 2021 – Hacker
Pro-India hackers use Android spyware to spy on Pakistani military Full Text
Abstract
This week a report has revealed details on the two spyware strains leveraged by state-sponsored threat actors during the India-Pakistan conflict. The malware strains named Hornbill and SunBird have been delivered as fake Android apps (APKs) by the Confucius advanced persistent threat group (APT), a state-sponsored operation.BleepingComputer
February 14, 2021 – Vulnerabilities
PayPal addresses reflected XSS bug in user wallet currency converter Full Text
Abstract
PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets. PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency...Security Affairs
February 14, 2021 – General
Security Affairs newsletter Round 301 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. COMB breach:...Security Affairs
February 14, 2021 – Vulnerabilities
FBI’s alert warns about using Windows 7 and TeamViewer Full Text
Abstract
The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using...Security Affairs
February 14, 2021 – Malware
Hildegard: TeamTNT’s New Feature-Rich Malware Targeting Kubernetes Full Text
Abstract
The hacking group TeamTNT introduced a new piece of malware with an improved ability to steal Docker credentials. It was found exploiting Kubernetes systems.Cyware Alerts - Hacker News
February 13, 2021 – Malware
New Agent Tesla Variants can Bypass Security Walls Full Text
Abstract
As researchers continue to block new attack vectors, actors behind Agent Tesla malware have been found launching new variants designed to infect Microsoft Antimalware Scan Interface (AMSI) itself.Cyware Alerts - Hacker News
February 13, 2021 – Hacker
Windows Users Face Another Wave of Cyber Threats Full Text
Abstract
Threat actors continue to upgrade their attack arsenal. Now, researchers reported a cyberespionage campaign using the new LodaRAT to spy on Android and Windows users in Bangladesh.Cyware Alerts - Hacker News
February 13, 2021 – Hacker
Iranian MuddyWater Hacker Group Utilizing ScreenConnect for Nefarious Purposes Full Text
Abstract
An Iranian APT masquerading as the Ministry of Foreign Affairs of Kuwait and the UAE National Council is using a remote management tool called ConnectWise Control in a cyberespionage campaign.Cyware Alerts - Hacker News
February 13, 2021 – Ransomware
Leading Canadian rental car company hit by DarkSide ransomware Full Text
Abstract
Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data.BleepingComputer
February 13, 2021 – Malware
Rising Security Concerns Over the Takedown of Emotet Full Text
Abstract
By the time law enforcement intervened, Emotet had infected more than 1.6 million machines and caused hundreds of millions of dollars in damage.Cyware Alerts - Hacker News
February 13, 2021 – Policy and Law
Court documents show FBI could use a tool to access private Signal messages on iPhones Full Text
Abstract
Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may...Security Affairs
February 13, 2021 – Ransomware
CD Projekt’s stolen source code allegedly sold by ransomware gang Full Text
Abstract
A ransomware gang who says they stole unencrypted source code for the company's most popular games and then encrypted CD Projekt's servers claims to have sold the data.BleepingComputer
February 13, 2021 – General
The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data Full Text
Abstract
Personal and Corporate data is now regularly targeted and traded by unscrupulous actors, protect it with a proactive Cyber Defense solution. If your enemy is secure at all points, be prepared for them. If they are in superior strength, evade them....Security Affairs
February 13, 2021 – Vulnerabilities
Vulnerability in Chess.com Allowed Access to 50 Million User Records Full Text
Abstract
The vulnerability in Chess.com's API could have been exploited to access any account on the site. It could also be used to gain full access to the site through its admin panel.Hackread
February 13, 2021 – Phishing
Gmail users from US most targeted by email-based phishing and malware Full Text
Abstract
Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware. A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware...Security Affairs
February 13, 2021 – Breach
Web cam app Adorcom leaks 124M rows of customers’ data Full Text
Abstract
The expose included live details such as location, whether the microphone was active, and the name of the WiFi network that the camera is connected to, along with information about the webcam owner such as email addresses.The Times Of India
February 13, 2021 – Malware
Microsoft said the number of web shells has doubled since last year Full Text
Abstract
In a blog post, the Redmond company said it detected roughly 140,000 web shells per month between August 2020 and January 2021, up from the 77,000 average it reported last year.ZDNet
February 13, 2021 – Phishing
New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign Full Text
Abstract
Bazar is a backdoor Trojan designed to target a device, collect sensitive information, control the system via commands, and deliver malware. Last year, it was observed delivering the TrickBot malware.Fortinet
February 13, 2021 – Vulnerabilities
Siemens Patches 21 Vulnerabilities in 2 Tools Full Text
Abstract
Siemens has mitigated 21 vulnerabilities in two of its virtualization software tools that, if exploited, could enable attackers to gain remote control, exfiltrate data or cause systems to crash.Gov Info Security
February 13, 2021 – Vulnerabilities
PayPal Mitigates XSS Vulnerability Full Text
Abstract
The PayPal vulnerability was discovered in February 2020 by a security researcher who goes by the name Cr33pb0y, who was paid $2,900 as part of HackerOne's bug bounty program.Cuinfosecurity
February 12, 2021 – Government
Water plant’s missteps illustrates need for critical infrastructure security controls Full Text
Abstract
Before implementing controls, facilities may first need to conduct a thorough risk assessment and prioritization exercise. And if they don’t start to apply some of these measures themselves, government just might step in.SCMagazine
February 12, 2021 – Vulnerabilities
Copycats emerge after researcher exploits design flaw to breach Microsoft, Apple, Tesla Full Text
Abstract
Pseudonymous authors published more than 150 copycat packages just three days after Sonatype published research around a software supply chain flaw, attempting to exploit the vulnerabilities in the brief window before a patch. Ethical hacker and security researcher Alex Birsan posted a blog on Feb. 9 that detailed how he used dependency, or namespace confusion,…SCMagazine
February 12, 2021 – General
Hillicon Valley: Robert F. Kennedy Jr. | YouTube study | Amazon lawsuit | Trump comments Full Text
Abstract
Social media giants are facing questions over their handling of content moderation, with criticism springing up over Facebook's and Twitter’s enforcement of coronavirus misinformation over Robert F. Kennedy Jr.’s posts, while a report released Friday found YouTube is still pushing extremist videos to users already susceptible to racial hatred. Meanwhile, Amazon is looking to block the New York attorney general from taking legal action against the e-commerce giant’s workplace safety. Happy Friday! May you have a sense of humor like Bing.The Hill
February 12, 2021 – Ransomware
The Week in Ransomware - February 12th 2021 - More keys released Full Text
Abstract
This week we saw another ransomware shut down its operation and a significant attack against Cyberpunk 2077 game developer CD Projekt Red.BleepingComputer
February 12, 2021 – Vulnerabilities
Vulnerabilities hit record high in 2020, topping 18,000 Full Text
Abstract
Security teams were under siege last year, according to research analyzing 2020 NIST data on common vulnerabilities and exposures (CVEs) that found more security flaws – 18,103 – were disclosed in 2020 than in any other year to date. To understand the significance, there were far more “critical” and “high severity” vulnerabilities in 2020 (10,342)…SCMagazine
February 12, 2021 – Attack
Microsoft: web shell attacks have doubled over the past year Full Text
Abstract
While they’re easy for attackers to set up, web shells can be difficult for defenders to detect, since they’re often targeted to specific servers and can hide in the noise of internet traffic, scanning, probing and unsuccessful attacks that most organizations see on a daily basis.SCMagazine
February 12, 2021 – Attack
Copycats imitate novel supply chain attack that hit tech giants Full Text
Abstract
This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms.BleepingComputer
February 12, 2021 – Government
South Carolina looks to align cyber ecosystem, economic growth Full Text
Abstract
South Carolina becomes the latest region to invest in cybersecurity capacity as foundational to grow the economy, coordinating opportunities from across state government, multiple state universities, local industry, and critical infrastructure.SCMagazine
February 12, 2021 – Breach
Yandex Data Breach Exposes 4K+ Email Accounts Full Text
Abstract
In a security notice, Yandex said an employee had been providing unauthorized access to users’ email accounts “for personal gain.”Threatpost
February 12, 2021 – Phishing
Scammers target US tax pros in ongoing IRS phishing attacks Full Text
Abstract
The Internal Revenue Service (IRS) has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs).BleepingComputer
February 12, 2021 – Vulnerabilities
Telegram ‘Secret Chat’ didn’t delete self-destructing media files Full Text
Abstract
Telegram has fixed a security issue where self-destructing audio and video recording were not being deleted from user's macOS devices as expected.BleepingComputer
February 12, 2021 – Policy and Law
Three Charged Over Fraudulent Vaccine Website Full Text
Abstract
Baltimore County trio indicted over spoofed Moderna website selling fake coronavirus vaccinesInfosecurity Magazine
February 12, 2021 – Phishing
Google: Gmail users from US most targeted by phishing attacks Full Text
Abstract
Google has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks.BleepingComputer
February 12, 2021 – Insider Threat
Yandex security team caught admin selling access to users’ inboxes Full Text
Abstract
Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system...Security Affairs
February 12, 2021 – Hacker
Dark Web Forums Have Become a Picnic Spot for Hackers Full Text
Abstract
The dark web is proving to be a serious menace for organizations and the threats keep on piling up with the huge amount of data dumped on it on a regular basis.Cyware Alerts - Hacker News
February 12, 2021 – Hacker
Hackers Getting Used to Automated Tools to Target Webapps Full Text
Abstract
According to a recent report, cybercriminals are now actively adopting automation tools and bots to target web applications. Sometimes, bots would impersonate Google bots to evade a system's defensive mechanism.Cyware Alerts - Hacker News
February 12, 2021 – Vulnerabilities
Misconfigured Docker Containers Could Land You in Trouble Full Text
Abstract
Cyber adversaries have been found injecting cryptomining malware via exposed Redis instances, that give full access to all the running containers on Docker Hub, in an ongoing campaign.Cyware Alerts - Hacker News
February 12, 2021 – Attack
Dependency Confusion - Novel Supply Chain Attack Technique Full Text
Abstract
Microsoft warned of a new type of attack technique that can be used to poison the app-building process. The attack was tested against at least 35 major tech firms.Cyware Alerts - Hacker News
February 12, 2021 – General
Cyber Threats and Trends: ICS Edition Full Text
Abstract
ICS-related attacks have gained prominence over the past year and with the rising number of vulnerability disclosures, the attacks are anticipated to see a surge.Cyware Alerts - Hacker News
February 12, 2021 – Policy and Law
US Jails Money Mule Kingpin Full Text
Abstract
Man who laundered millions of dollars stolen by Eastern European computer hackers is sent to prisonInfosecurity Magazine
February 12, 2021 – Attack
Browser Extensions Gain Traction as Attack Vector Full Text
Abstract
Malicious browser extensions are increasingly being used to infect millions of users across the world to monitor their browsing activity, exfiltrate stolen data, send malicious commands, and more.Cyware Alerts - Hacker News
February 12, 2021 – Criminals
Diners Devour Made-to-Order Fraud Full Text
Abstract
Cyber-criminals use Telegram to sell food bought with stolen credit cards to hungry usersInfosecurity Magazine
February 12, 2021 – Attack
Copycat researchers imitate supply chain attack that hit tech giants Full Text
Abstract
This week, hundreds of new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms.BleepingComputer
February 12, 2021 – Business
Accellion to retire product at the heart of recent hacks Full Text
Abstract
Since December, FTA-linked hacks have been reported by the Reserve Bank of New Zealand, Australian Securities and Investments Commission (ASIC), law firm Allens, the University of Colorado, and more.ZDNet
February 12, 2021 – Attack
Singtel Suffers Zero-Day Cyberattack, Damage Unknown Full Text
Abstract
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer program.Threatpost
February 12, 2021 – Insider Threat
Yandex suffers data breach after sysadmin sold access to user emails Full Text
Abstract
Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes.BleepingComputer
February 12, 2021 – Government
Anne Neuberger coordinating Biden’s SolarWinds efforts Full Text
Abstract
The announcement came after Sens. Mark Warner, D-Va., and Marco Rubio, R-Fla., sent a letter to the U.S. intelligence services asking them to assign a leader for the response.SCMagazine
February 12, 2021 – General
Internet-exposed Orion servers drop 25% since SolarWinds breaches announced Full Text
Abstract
One in four SolarWinds Orion servers exposed to the internet at the time of an era-defining espionage campaign have been taken off the internet, RiskRecon reports. Orion is one of several platforms used in a broad espionage campaign widely believed to be orchestrated by Russian intelligence discovered last year, ensnaring government agencies, security companies, and…SCMagazine
February 12, 2021 – Phishing
Romance scam victims reported $304 million in fraud in 2020, a new high Full Text
Abstract
Some of the fraud was initiated through dating apps but even more through social media, the FTC said, as people flocked to them during months of stay-at-home orders during the coronavirus pandemic.Cyberscoop
February 12, 2021 – Insider Threat
Russian Yandex informs of sysadmin giving access to user mailboxes Full Text
Abstract
Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes.BleepingComputer
February 12, 2021 – Hacker
Hackers Claim to Sell 40 Million User Records From Largest Commercial Bank in Ukraine Full Text
Abstract
The database is said to contain customers’ full names, birthdates, taxpayer identification number (TIN), birthplace, passport details, family status, car availability, education, phone number, etc.Cyber News
February 12, 2021 – Vulnerabilities
TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server Full Text
Abstract
Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information...Security Affairs
February 12, 2021 – Attack
Florida Water Plant Hack: Leaked Credentials Found in Breach Database Full Text
Abstract
Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.Threatpost
February 12, 2021 – Criminals
Brazilian Authorities Investigate New Cybercriminal Leak of 102 Million Consumers Full Text
Abstract
Brazil's National Data Protection Authority (ANPD, in the Portuguese acronym) has informed today (11) that it has started an investigation into the country's second-largest data leak of the year.ZDNet
February 12, 2021 – Attack
Microsoft warns of the rise of web shell attacks Full Text
Abstract
Researchers from Microsoft are warning that the number of monthly web shell attacks has doubled since last year. Microsoft reported that the number of monthly web shell attacks has almost doubled since last year, its experts observed an average of 140,000...Security Affairs
February 12, 2021 – Business
Datadog bolsters app security and observability data with Sqreen and Timber acquisitions Full Text
Abstract
Datadog, a security-focused cloud monitoring platform, announced to acquire Sqreen, a cybersecurity startup that helps developers monitor and protect their web apps from vulnerabilities and attacks.Venture Beat
February 12, 2021 – Hacker
Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders Full Text
Abstract
Taking advantage of the increased demand for food delivery, fraudsters advertise in Telegram forums that they can illicitly buy food orders at steep discounts, around 60%-75% off.Cyberscoop
February 12, 2021 – Ransomware
Free decrypter released for Avaddon ransomware victims… aaand, it’s gone! Full Text
Abstract
The tool works by dumping an infected system's RAM and scouring the memory content for data that could be used to recover the Avaddon ransomware's original encryption key.ZDNet
February 12, 2021 – General
Real Bug Volumes in 2020 Exceed Official CVEs by 29%: Report Full Text
Abstract
Risk Based Security claims to have spotted 6767 more bugs than NVDInfosecurity Magazine
February 12, 2021 – Covid-19
Lampion Trojan Disseminated in Portugal Using COVID-19 Template Full Text
Abstract
This trojan has been distributed in Portugal in different ways, but this time the pandemic situation and the ongoing vaccination process is the reason behind this campaign.Security Affairs
February 12, 2021 – Business
WireWheel Raises $20M in Series B Funding Full Text
Abstract
The round was led by ForgePoint Capital with participation from existing investors New Enterprise Associates, Revolution’s Rise of the Rest Fund, PSP Growth, Grotech, and Sands Capital Ventures.FinSMEs
February 12, 2021 – General
Researchers put the price tag of stolen streaming subscriptions at $38 million Full Text
Abstract
NordVPN found 174,800 accounts for streaming services were up for resale after being stolen by this type of malware. Thieves pay for a subscription to this kind of malware, according to NordVPN.Tech Republic
February 12, 2021 – Vulnerabilities
Nearly Two-Thirds of CVEs Are Low Complexity Full Text
Abstract
Similar number in 2020 required no user interaction, says RedscanInfosecurity Magazine
February 12, 2021 – Breach
KeepChange said it stopped hackers from stealing user funds, but not personal data Full Text
Abstract
KeepChange, a Bitcoin exchange portal that launched last year, said it was hacked over the weekend but that security safeguards it had in place stopped the intruders from stealing user funds.ZDNet
February 12, 2021 – Business<br
Landis+Gyr improves cybersecurity of smart meters with German acquisition Full Text
Abstract
Landis+Gyr has signed an agreement to acquire a 100% stake in Germany-based IoT cybersecurity firm Rhebo GmbH as part of efforts to strengthen the cybersecurity of its smart meters.Smart Energy
February 12, 2021 – Privacy
The “P” in Telegram stands for Privacy Full Text
Abstract
Security expert Dhiraj Mishra analyzed the popular instant messaging app Telegram and identified some failures in terms of handling the users' data. Summary: While understanding the implementation of various security and privacy measures in Telegram,...Security Affairs
February 12, 2021 – Ransomware
Zeoticus 2.0 Making Infections Harder to Control, Contain, and Mitigate Full Text
Abstract
A security researcher has found a more versatile and effective version of the Zeoticus ransomware with elevated capabilities such as executing payloads without connectivity or remote commands.Cyware Alerts - Hacker News
February 12, 2021 – Hacker
Hacker Sriki stole data from Adani Power PCs, say police Full Text
Abstract
Latest police investigation revealed G Srikrishna alias Sriki, 24, the alleged hacker from Bengaluru, had hacked into the office computers of Udupi Power Corporation Ltd owned by Adani Power.The Times Of India
February 12, 2021 – Business
FingerprintJS raises $8 million to expand its enterprise identification API Full Text
Abstract
Chicago-based FingerprintJS, a company focused on browser fingerprinting-as-a-service, today announced the completion of an $8 million series A funding round led by Nexus Venture Partners.Venture Beat
February 12, 2021 – Vulnerabilities
Secret Chat in Telegram Left Self-Destructing Media Files On Devices Full Text
Abstract
Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020. The issue has since been resolved in version 7.4 , released on January 29. Unlike Signal or WhatsApp, conversations on Telegram by default are not end-to-end encrypted, unless users explicitly opt to enable a device-specific feature called " secret chat ," which keeps data encrypted even on Telegram servers. Also available as part of secret chats is the option to send self-destructing messages. What Mishra found was that when a user records and sends an audio or video message via a regular chat, the application leaked the exact path where the recorded message is stored in ".mp4" format. With the secret chatThe Hacker News
February 12, 2021 – Vulnerabilities
Singtel Supply Chain Breach Traced to Zero-Day Bug Full Text
Abstract
Accellion’s legacy FTA product was also exploited in New Zealand bank attackInfosecurity Magazine
February 12, 2021 – Covid-19
Lampion trojan disseminated in Portugal using COVID-19 template Full Text
Abstract
The fresh release of the Latin American Lampion trojan was updated with a new C2 address. Lampion trojan disseminated in Portugal using COVID-19 template. In the last few days, a new release of the Latin American Lampion trojan was released in Portugal...Security Affairs
February 12, 2021 – Breach
Romania’s biggest real estate portal suffers major data breach Full Text
Abstract
The largest real estate portal in Romania, Imobiliare.ro, has suffered a data breach that could potentially affect its entire client database, reports Website Planet quoted by Profit.ro.Romania Insider
February 12, 2021 – Attack
Blocked accounts abused in Evolution CMS SQL injection attacks Full Text
Abstract
On February 8, Synactiv revealed two security flaws in the CMS and how a “blocked account” can be exploited to perform an “unauthenticated SQLi in Evolution CMS using the X-Forwarded-For header”.The Daily Swig
February 12, 2021 – Education
Queen’s University Belfast Recognized for Role in Growing Cybersecurity Awareness Full Text
Abstract
Uni recognized for cybersecurity education program and work promoting cyber-skills in local communityInfosecurity Magazine
February 12, 2021 – Phishing
SMS tax scam unmasked: Bogus but believable – don’t fall for it! Full Text
Abstract
Every month of the year has some sort of tax relevance somewhere in the world, and tax scammers take advantage of the many different regional tax filing seasons to customize their criminality to where you live.Sophos
February 12, 2021 – Phishing
Authorities Blocked One of The World’s Largest Phishing Service Full Text
Abstract
Recently, the international Cyber police team has reported another high-profile arrest on February 4 during an international specialized operation along with law...Cyber Security News
February 11, 2021 – Education
New organization helps blind workers find their dream jobs in cybersecurity Full Text
Abstract
The National Institute of the Blind’s efforts have primarily been tied to government programs and contracts. But through a new spinoff, the blind and visually impaired can take advantage of workforce development opportunities in the private sector, in such sectors as cybersecurity, banking and energy.SCMagazine
February 11, 2021 – Business
Startup Traceable turns to CISO investors for next phase of growth Full Text
Abstract
The new partnership with Silicon Valley CISO Investments will include an additional $250,000, but perhaps more importantly it will include support and guidance from dozens of practicing CISOs around operations, product road maps, pricing and marketing initiatives as the startup looks to scale its business.SCMagazine
February 11, 2021 – Vulnerabilities
Internet Explorer 11 zero-day vulnerability gets unofficial micropatch Full Text
Abstract
An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.BleepingComputer
February 11, 2021 – General
Hillicon Valley: Chip order inbound | Biden asks for more time on WeChat | New IoT bill introduced Full Text
Abstract
The Biden administration took steps to spell out its tech policy Thursday by requesting more time to evaluate the situation with Chinese social media site WeChat and promising to sign an order on semiconductors. In other news, Facebook took (some) action against anti-vaccine activist John F. Kennedy Jr. and Bumble went public.The Hill
February 11, 2021 – Ransomware
Avaddon ransomware fixes flaw allowing free decryption Full Text
Abstract
The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor.BleepingComputer
February 11, 2021 – Vulnerabilities
Deskpro XSS flaws could hijack admin sessions, take over helpdesk agent accounts Full Text
Abstract
Hackers could have exploited cross-site scripting (XSS) vulnerabilities found in popular helpdesk platform Deskpro to hijack the sessions of administrators and takeover the accounts of helpdesk agents. This would give the attackers the same privileges as admins and agents in terms of what they could execute or information they are exposed to, according to a…SCMagazine
February 11, 2021 – Malware
Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie Stores Full Text
Abstract
Emails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are actually spreading the BazaLoader malware.Threatpost
February 11, 2021 – Ransomware
Avaddon ransomware decryptor released, but operators quickly reacted Full Text
Abstract
An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used...Security Affairs
February 11, 2021 – Vulnerabilities
Internet Explorer 11 zero-day vulnerability gets a free micropatch Full Text
Abstract
An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.BleepingComputer
February 11, 2021 – Ransomware
Understanding the Use of Cryptocurrency by Ransomware Operators Full Text
Abstract
Ransomware-as-a-Service (RaaS) has become a lucrative enterprise. As per research by Chainalysis, blockchain transactions prove that different ransomware operators are interconnected.Cyware Alerts - Hacker News
February 11, 2021 – Policy and Law
Lawmakers introduce bipartisan bill to allow for increased use of internet-connected devices Full Text
Abstract
Reps. Suzan DelBene (D-Wash.) and John KatkoJohn Michael KatkoHillicon Valley: Krebs is back on Capitol Hill | Cybersecurity as 'preeminent threat' | News on data privacy and voter security Krebs, other officials urge Congress to take strong action to tamp down cyber threats Katko calls for bipartisanship on cyber issues as threats intensify MORE (R-N.Y.) on Thursday introduced legislation intended to allow for growth of the number of internet-connected devices and the expansion of spectrum to meet the expected increased demand.The Hill
February 11, 2021 – Government
Researchers Uncover Android Spying Campaign Targeting Pakistan Officials Full Text
Abstract
Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover its tracks, only to stealthily collect SMS, encrypted messaging app content, and geolocation, among other types of sensitive information. The findings published by Lookout is the result of an analysis of 18GB of exfiltrated data that was publicly exposed from at least six insecurely configured command-and-control (C2) servers located in India. "Some notable targets included an individual who applied for a position at the Pakistan Atomic Energy Commission, individuals with numerous contacts in the Pakistan Air Force (PAF), as well as officers responsible for electoral rolls (Booth Level Officers) located in the Pulwama district of Kashmir," the researchers said in a Wednesday anaThe Hacker News
February 11, 2021 – Government
India Calls Out Twitter for Differential Treatment Full Text
Abstract
Indian government slams micro-blogging company for “double standards” over violence at Red Fort and Capitol HillInfosecurity Magazine
February 11, 2021 – APT
Experts spotted two Android spyware used by Indian APT Confucius Full Text
Abstract
Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius. Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed...Security Affairs
February 11, 2021 – Attack
Microsoft warns of an increasing number of web shell attacks Full Text
Abstract
Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month.BleepingComputer
February 11, 2021 – Ransomware
Rains in the Desert: Some Takedowns, Some Shutdowns Full Text
Abstract
From the past few months, law enforcement agencies from around the globe have been making significant progress in controlling cybercrime, especially ransomware operations.Cyware Alerts - Hacker News
February 11, 2021 – Government
Biden to sign executive order addressing chip shortage Full Text
Abstract
President Biden is planning to sign an executive order to address the shortage of semiconductors, or chips, an issue that industry has begged him to take action on recently.The Hill
February 11, 2021 – Business
Apax to Acquire Herjavec Group Full Text
Abstract
Apax Partners signs agreement to acquire majority stake in Herjavec GroupInfosecurity Magazine
February 11, 2021 – Breach
Singtel, QIMR Berghofer report Accellion-related data breaches Full Text
Abstract
Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software.BleepingComputer
February 11, 2021 – Vulnerabilities
If you use Slack on Android, reset your password now Full Text
Abstract
Slack found that one of its app versions on Android was storing passwords in plaintext, leaving affected users vulnerable. The company has fixed the bug and is now starting to intimate affected users to reset their passwords.Business Insider
February 11, 2021 – Government
Illinois Is State Hit Hardest by Cybercrime Full Text
Abstract
Illinois has the highest concentration of cybercrime victims in the United StatesInfosecurity Magazine
February 11, 2021 – Vulnerabilities
Buggy WordPress plugin exposes 100K sites to takeover attacks Full Text
Abstract
Critical and high severity vulnerabilities in the Responsive Menu WordPress plugin exposed over 100,000 sites to takeover attacks as discovered by Wordfence.BleepingComputer
February 11, 2021 – Hacker
Domestic Kitten is Actively Surveilling Enemies of the Iranian State Full Text
Abstract
Check Point researchers discovered a group of Iranian hackers targeting more than 1,000 dissidents worldwide in two-of-a-kind surveillance operations in at least four attack campaigns.Cyware Alerts - Hacker News
February 11, 2021 – Breach
Australian Research Institute QIMR Berghofer Confirms Likely Data Breach Due to Third-party Accellion Hack Full Text
Abstract
On February 2, the organization said it was told that it had been affected by the data breach. The institute’s investigation revealed that around 4% of its data held by Accellion had been accessed.The Daily Swig
February 11, 2021 – Vulnerabilities
Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products Full Text
Abstract
These vulnerabilities can be exploited by an attacker for arbitrary code execution, data extraction, and DoS attacks if they can trick the targeted user into opening a malicious file.Security Week
February 11, 2021 – Breach
Researchers Discover 30 Popular Mobile Health Apps Exposing Millions of Patient Records Full Text
Abstract
With people increasingly relying on mHealth apps during the COVID-19 pandemic, researchers observed that such apps are now generating more user activities compared to other mobile apps.Security Week
February 11, 2021 – Malware
Android spyware strains linked to state-sponsored Confucius threat group Full Text
Abstract
First detected in 2013, Confucius has been linked to attacks on governments in Southeast Asia, and targeted strikes on Pakistani military personnel, Indian election officials, and nuclear agencies.ZDNet
February 11, 2021 – Vulnerabilities
A Windows Defender Vulnerability Lurked Undetected for 12 Years Full Text
Abstract
The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender uses to delete the invasive files and infrastructure that malware can create.Wired
February 11, 2021 – General
How Email Attacks are Evolving in 2021 Full Text
Abstract
The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.Threatpost
February 11, 2021 – Vulnerabilities
Intel fixes vulnerabilities in Windows, Linux graphics drivers Full Text
Abstract
Intel addressed 57 vulnerabilities during this month's Patch Tuesday, including high severity ones impacting Intel Graphics Drivers.BleepingComputer
February 11, 2021 – Malware
Various Malware Lurking in Discord App to Target Gamers Full Text
Abstract
Research from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token stealers.Threatpost
February 11, 2021 – Vulnerabilities
PayPal fixes reflected XSS vulnerability in user wallet currency converter Full Text
Abstract
First disclosed on February 19, 2020, by a bug bounty hunter who goes by the name "Cr33pb0y" on HackerOne, the vulnerability is described as a "reflected XSS and CSP bypass" issue.ZDNet
February 11, 2021 – Vulnerabilities
12-year-old Windows Defender bug gives hackers admin rights Full Text
Abstract
Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems.BleepingComputer
February 11, 2021 – Government
UK Govt Reveals Plans to Build Trust in Use of Digital Identities Full Text
Abstract
Public invited to contribute to draft rules around data protection, security and inclusivityInfosecurity Magazine
February 11, 2021 – Ransomware
Researchers identify 223 vulnerabilities used in recent ransomware attacks Full Text
Abstract
Ransomware groups – and APTs – are leveraging an expanding list of vulnerabilities, misconfigurations and technologies to overwhelm IT security teams.SCMagazine
February 11, 2021 – Business
Investments in Israel’s Cybersecurity Sector Grow 70% Full Text
Abstract
The Israel National Cyber Directorate reports that pre-IPO investments in cybersecurity firms based in the country totaled $2.9 billion in 2020, up 70% from the previous year.Bank Info Security
February 11, 2021 – Business
Tenable acquires Alsid to provide users with a more complete approach to cyber preparedness Full Text
Abstract
Alsid for Active Directory is a Software as a Service (SaaS) solution with an on-premises deployment option that monitors the security of Active Directory (AD) in real-time.Help Net Security
February 11, 2021 – Hacker
Hackers ask only $1,500 for access to breached company networks Full Text
Abstract
The number of offers for network access and their median prices on the public face of hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market.BleepingComputer
February 11, 2021 – Breach
Singapore Telecom Firm Singtel Discloses Breach Potentially Impacting Customer Data Full Text
Abstract
The attack had affected a file-sharing system developed two decades ago by a third-party vendor Accellion, which the Singapore telco had used internally and with external stakeholders.ZDNet
February 11, 2021 – General
#WomenInScience: High Number of Girls Sign Up for Codebreaking Contest Full Text
Abstract
NCSC reveals high uptake of 2021 CyberFirst Girls CompetitionInfosecurity Magazine
February 11, 2021 – Disinformation
Political Bias and Impulsive Behavior Open Door to Misinformation Full Text
Abstract
New studies illuminate debate on social media echo chambersInfosecurity Magazine
February 11, 2021 – Malware
Military, Nuclear Entities Under Target By Novel Android Malware Full Text
Abstract
The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation.Threatpost
February 11, 2021 – Business
Israeli startup CYE raises $100M to help companies shore up their cyber-defenses Full Text
Abstract
Israel-based cybersecurity startup CYE has raised $100 million in new funding round, led by investment firm EQT and with participation from 83North, to grow its presence in the U.S. and Europe.TechCrunch
February 11, 2021 – Government
FBI Warns About the Use of TeamViewer, Out-of-date Windows 7 Systems Following the Oldsmar Incident Full Text
Abstract
The alert warns about the use of out-of-date Windows 7 systems, poor passwords, and TeamViewer, urging private companies and government agencies to review internal networks and access policies.ZDNet
February 11, 2021 – Malware
TrickBot’s BazarBackdoor malware is now coded in Nim to evade antivirus Full Text
Abstract
TrickBot's stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software.BleepingComputer
February 11, 2021 – Attack
UN Links North Korea to $281m Crypto Exchange Heist Full Text
Abstract
Most funds recovered but attack bears hallmarks of hermit kingdomInfosecurity Magazine
February 11, 2021 – Policy and Law
10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities Full Text
Abstract
Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was jointly conducted by law enforcement authorities from the U.K., U.S., Belgium, Malta, and Canada. "The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sport stars, musicians and their families," Europol said in a statement. "The criminals are believed to have stolen from them over $100 million in cryptocurrencies after illegally gaining access to their phones." The eight suspects, aged 18 to 26, are said to be part of a larger ring, two members of which were nabbed previously in Malta and Belgium. The latest arrests were made in England and Scotland. The sweep comes almost a year afteThe Hacker News
February 11, 2021 – Business
AUTOCRYPT raises $13M to enhance V2X security technology Full Text
Abstract
AUTOCRYPT raised nearly $13 million in a Series A funding round involving major Korean investors KB Investment, Pathfinder H, Ulmus Investment, Korea Asset, Hyundai Venture Investment Corp., and IBK.Help Net Security
February 11, 2021 – Breach
Syracuse University data breach exposes nearly 10,000 names, Social Security numbers Full Text
Abstract
The names and Social Security numbers of about 9,800 Syracuse University students, alumni and applicants have been exposed after someone gained unauthorized access to an employee’s email account.The Daily Orange
February 11, 2021 – General
The Weakest Link in Your Security Posture: Misconfigured SaaS Settings Full Text
Abstract
In the era of hacking and malicious actors, a company's cloud security posture is a concern that preoccupies most, if not all, organizations. Yet even more than that, it is the SaaS Security Posture Management (SSPM) that is critical to today's company security. Recently Malwarebytes released a statement on how they were targeted by Nation-State Actors implicated in SolarWinds breach. Their investigation suggested abuse of privileged access to Microsoft Office 365 and Azure environments. Often left unsecured, it's SaaS setting errors like misconfigurations, inadequate legacy protocols, insufficient identity checks, credential access, and key management that leave companies open to account hijacking, insider threats, and other types of leaks or breaches in the organization. Gartner has defined the SaaS Security Posture Management (SSPM) category in 2020's Gartner Hype Cycle for Cloud Security as solutions that continuously assess the security risk and manage SaaS aThe Hacker News
February 11, 2021 – Policy and Law
UK Cops Arrest Eight in US Celeb SIM Swap Case Full Text
Abstract
Group allegedly stole funds and hijacked social media accountsInfosecurity Magazine
February 11, 2021 – General
New research reveals who’s targeted by email attacks Full Text
Abstract
Researchers from Google and Stanford found that users in the United States were the most popular targets (42% of attacks), followed by the United Kingdom (10% of attacks), and Japan (5% of attacks).February 11, 2021 – Vulnerabilities
Magento security: Multiple critical flaws give e-commerce sites ample reason to update Full Text
Abstract
E-commerce sites that rely on the widely used Magento platform ought to update their installations following the release of a batch of security updates, some of which are critical.The Daily Swig
February 11, 2021 – Hacker
Network hackers asked for over $1 million in initial access offers Full Text
Abstract
The number of offers for network access and their median prices on the public face of hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market.BleepingComputer
February 11, 2021 – Business
Cloud Security Firm iboss Appoints New Senior Leaders Full Text
Abstract
Cloud security firm looking to continue its rapid growthInfosecurity Magazine
February 11, 2021 – Attack
Poor Password Security Lead to Recent Water Treatment Facility Hack Full Text
Abstract
New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach, which occurred last Friday, involved an unsuccessful attempt on the part of an adversary to increase sodium hydroxide dosage in the water supply to dangerous levels by remotely accessing the SCADA system at the water treatment plant. The system's plant operator, who spotted the intrusion, quickly took steps to reverse the command, leading to minimal impact. Now, according to an advisory published on Wednesday by the state of Massachusetts, unidentified cyber actors accessed the supervisory control and data acquisition (SCADA) system via TeamViewer software installed on one of the plant's several computers that were connected to the control system. Not only were these computers running 32-bit versions of the Windows 7 operating system, butThe Hacker News
February 11, 2021 – Attack
Researchers Hacked into Microsoft, Apple, more in Novel Supply Chain Attack Full Text
Abstract
Ethical hacker, Alex Birsan, has demonstrated that it is possible to breach the systems of tech giants by utilizing a novel supply...Cyber Security News
February 11, 2021 – Criminals
Love is in the air—and cybercriminals are taking advantage Full Text
Abstract
Over 400 malicious Valentine's Day-themed phishing individual email campaigns were spotted on a weekly basis in January, according to data collected by Check Point Research.Tech Republic
February 11, 2021 – APT
Most Sophisticated BendyBear APT Malware Linked With Chinese Hacking Group BlackTech Full Text
Abstract
During a core investigation, the Unit 42 researchers have discovered a new polymorphic and "highly sophisticated" and well-engineered malware that is named...Cyber Security News
February 11, 2021 – Vulnerabilities
SAP addresses a critical flaw in SAP Commerce Product Full Text
Abstract
The CVE-2021-21477 is a remote code execution that impacts the Commerce product if the rule engine extension is installed. The critical flaw received a CVSS score of 9.9.Security Affairs
February 11, 2021 – Policy and Law
Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks Full Text
Abstract
A total of eight criminals have been arrested on 9 February as a result of an international police operation into a series of SIM swapping attacks. Eight men were arrested in England and Scotland as part of a year-long international investigation...Security Affairs
February 11, 2021 – Business
Investor data breach ‘fatigue’ reduces Wall Street punishment for cybersecurity failures Full Text
Abstract
In today's marketplace, technology and financial services companies suffered the most after a data breach, whereas e-commerce and social media firms are "the least affected," according to Comparitech.ZDNet
February 11, 2021 – Policy and Law
Europol: 10 held for alleged $100m cryptocurrency theft from celebs, others Full Text
Abstract
“The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sports stars, musicians, and their families,” the agency said.Cyber News
February 10, 2021 – Hacker
Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies Full Text
Abstract
UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten (aka MERCURY or MuddyWater), Anomali said the "objective of this activity is to install a remote management tool called ScreenConnect (acquired by ConnectWise 2015) with unique launch parameters that have custom properties," with malware samples and URLs masquerading as the Ministry of Foreign Affairs (MOFA) of Kuwait and the UAE National Council. Since its origins in 2017, MuddyWater has been tied to a number of attacks primarily against Middle Eastern nations, actively exploiting Zerologon vulnerability in real-world attack campaigns to strike prominent Israeli organizations with malicious payloads. The state-sponsored hacking group is believed to be working at the behest of Iran's Islamic Republic Guard Corps, the country's primary intelligThe Hacker News
February 10, 2021 – Ransomware
French MNH health insurance company hit by RansomExx ransomware Full Text
Abstract
French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company's operations. BleepingComputer has learned.BleepingComputer
February 10, 2021 – Government
Old Iranian Spying Operation Resumes After Long Break Full Text
Abstract
The new malware, security researchers say, appears to have been designed to expand the capabilities of Foudre, but released as a separate component, most probably to be deployed only when needed.Security Week
February 10, 2021 – General
Hillicon Valley: Krebs is back on Capitol Hill | Cybersecurity as ‘preeminent threat’ | News on data privacy and voter security Full Text
Abstract
Cybersecurity was in the spotlight on Capitol Hill today as Christopher Krebs returned to testify to the House Homeland Security Committee on cyber threats. Ahead of the hearing, The Hill spoke with two key committee leaders about their cyber priorities. And Congress is coming increasingly under pressure to produce a federal approach to privacy as Virginia is poised to approve a data privacy bill this week.The Hill
February 10, 2021 – Business
Tenable Announces Intent to Acquire Alsid Full Text
Abstract
Tenable enters into $98m definitive agreement to acquire Activity Directory security startupInfosecurity Magazine
February 10, 2021 – Vulnerabilities
SAP addresses a critical flaw in SAP Commerce Product Full Text
Abstract
SAP released seven new security notes on February 2021 Security Patch Day, including a Hot News note for a critical issue affecting SAP Commerce. SAP released seven new security notes on February 2021 Security Patch Day and updated six previously...Security Affairs
February 10, 2021 – Government
CISA, SolarWinds up interest in security scoring Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) recently included security ratings or scoring as part of its cyber risk reduction initiative. But what’s behind the numbers? Sachin Bansal, general counsel at SecurityScorecard, spoke with SC Media about ratings, and how they can be used to strengthen the supply chain, determine cyber insurance premiums and as…SCMagazine
February 10, 2021 – Attack
Hybrid, Older Users Most-Targeted by Gmail Attackers Full Text
Abstract
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn’t a big factor.Threatpost
February 10, 2021 – Government
US Coast Guard orders maritime facilities to report SolarWinds breaches Full Text
Abstract
The U.S. Coast Guard (USCG) has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack.BleepingComputer
February 10, 2021 – Hacker
Sprite Spider: Another Threat Actor to Be Aware of Full Text
Abstract
Researchers from CrowdStrike connected the dots between Shifu, Wyatt, and Pixi to the DEFRAY777 ransomware attacks and found that all these activities were connected to a single group.Cyware Alerts - Hacker News
February 10, 2021 – Government
Krebs, other officials urge Congress to take strong action to tamp down cyber threats Full Text
Abstract
Christopher Krebs, the nation’s former top cybersecurity official, and other officials pushed hard Wednesday for taking a strong stance against malicious hackers in the wake of a devastating cyberattack on the federal government.The Hill
February 10, 2021 – Attack
Researcher Hacks Apple and Microsoft Full Text
Abstract
Novel supply chain attack allows researcher to hack internal systems of major companiesInfosecurity Magazine
February 10, 2021 – Breach
Anti-malware firm Emsisoft accidentally exposes internal DB Full Text
Abstract
Antivirus firm Emsisoft discloses a data breach, a third-party had access to a publicly exposed database containing technical logs. The anti-malware solutions provider Emsisoft disclosed last week a data breach. The company revealed that a third-party...Security Affairs
February 10, 2021 – General
Pensacola incentive campaign portrays a paradise for remote cyber workers Full Text
Abstract
Smaller cities are appealing to infosec pros’ dreams of affordable living, better quality of life.SCMagazine
February 10, 2021 – Vulnerabilities
Intel Squashes High-Severity Graphics Driver Flaws Full Text
Abstract
Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.Threatpost
February 10, 2021 – Solution
Microsoft now forces secure RPC to block Windows Zerologon attacks Full Text
Abstract
Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates.BleepingComputer
February 10, 2021 – Criminals
Cybercriminals Leverage Discord CDN Service to Target Gamers with Malware Payloads Full Text
Abstract
Malware-tainted files are disguised as cracked software or gaming software in order to target gamers – an attractive target for miscreants because they typically use high specification PCs.The Daily Swig
February 10, 2021 – Government
Katko calls for bipartisanship on cyber issues as threats intensify Full Text
Abstract
Rep. John Katko (R-N.Y.) says he is looking to shine a bipartisan spotlight on cybersecurity concerns as the newly appointed ranking member of the House Homeland Security Committee.The Hill
February 10, 2021 – Hacker
Hacker Admits Stealing College Girls’ Nude Snaps Full Text
Abstract
New Yorker stole intimate images from social media accounts and traded themInfosecurity Magazine
February 10, 2021 – Ransomware
CD Projekt Red game maker discloses ransomware attack Full Text
Abstract
The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher, has disclosed a ransomware attack. The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher series, has suffered...Security Affairs
February 10, 2021 – Government
Krebs: Oldsmar water treatment plant’s security is ‘rule, not the exception’ Full Text
Abstract
The former director of the Cybersecurity and Infrastructure Security Agency suggested a multipronged approach to shoring up municipal utilities, including adding funding to update aging technology.SCMagazine
February 10, 2021 – General
The time for Insider Risk Management is now: Code42 2021 Data Exposure Report Reveals a Perfect Storm Full Text
Abstract
The Code42 2021 Data Exposure Report highlights the need to adopt a new approach to data security and invest in modern Insider Risk technology.Threatpost
February 10, 2021 – Hacker
Hackers auction alleged stolen Cyberpunk 2077, Witcher source code Full Text
Abstract
Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack.BleepingComputer
February 10, 2021 – Ransomware
Zeoticus 2.0 Making Infections Are Now Harder to Control, Contain, and Mitigate Full Text
Abstract
A security researcher has found a more versatile and effective version of the Zeoticus ransomware with elevated capabilities such as executing payloads without connectivity or remote commands.Cyware Alerts - Hacker News
February 10, 2021 – Government
Election commission approves new guidelines to secure, update voting equipment Full Text
Abstract
A federal election commission on Wednesday approved new national guidelines to overhaul voting equipment standards, including boosting security, privacy and the use of paper ballots as well as the auditing of election results.The Hill
February 10, 2021 – General
Prioritize updates based on risk, not vendor ratings, experts warn after ‘important’ zero-day Full Text
Abstract
Security teams might want to take a close look at their own risks for a particular flaw noted Microsoft, despite the decision by the security giant to forgo the “critical” rating.SCMagazine
February 10, 2021 – Attack
Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple Full Text
Abstract
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications.Threatpost
February 10, 2021 – Privacy
SIM hijackers arrested after stealing millions from US celebrities Full Text
Abstract
Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium.BleepingComputer
February 10, 2021 – Vulnerabilities
Intel Patches Tens of Vulnerabilities in Software, Hardware Products Full Text
Abstract
The list of high-severity flaws includes a privilege escalation issue in the Intel Solid State Drive (SSD) Toolbox, and a denial-of-service (DoS) flaw in the XMM 7360 Cell Modem.Security Week
February 10, 2021 – Government
Watch live: Trump cybersecurity chief Krebs testifies before House panel Full Text
Abstract
Christopher Krebs, former President Trump's top cybersecurity official, will testify before the House Homeland Security Committee on Wednesday on threats facing the U.S.The Hill
February 10, 2021 – Vulnerabilities
Microsoft Office February security updates patch Sharepoint, Excel RCE bugs Full Text
Abstract
Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates.BleepingComputer
February 10, 2021 – Attack
Attackers Using Sophisticated Obfuscation Techniques to Evade Detection Full Text
Abstract
Security experts stumbled across an unusual DNS query that eventually led to the discovery of a multi-step obfuscated malware using nslookup.exe to hide the actual malicious intent.Cyware Alerts - Hacker News
February 10, 2021 – Government
New cyber panel chair zeros in on election security, SolarWinds hack Full Text
Abstract
Rep. Yvette Clarke (D-N.Y.), the new chair of the House Homeland Security Committee’s cyber panel, said she plans to tackle a wide range of cybersecurity challenges, but with an early focus on bolstering election security and responding to a massive hack that has compromised much of the federal government.The Hill
February 10, 2021 – Vulnerabilities
Microsoft fixes Windows 10 bug letting attackers trigger BSOD crashes Full Text
Abstract
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.BleepingComputer
February 10, 2021 – Malware
BazarBackdoor’s Stealthy Infiltration Evades Multiple SEGs Full Text
Abstract
The malware attack campaign, first observed in mid-December, carries pharmaceutical-themed invoices that contain references to a series of websites hosted on the “shop” domain.Cofense
February 10, 2021 – Hacker
Hackers are Silently Making an Onslaught on Energy Sector Full Text
Abstract
Researchers revealed that there is a perpetual threat in the utility sector about the next vulnerability to be exploited by cybercriminals. Several prominent incidents manifest the claim.Cyware Alerts - Hacker News
February 10, 2021 – Vulnerabilities
Nine New ‘Number:Jack’ Vulnerabilities in Communication Protocols Could be Used to Exploit IoT and OT Devices Full Text
Abstract
Vulnerabilities in the communications protocols used by millions of Internet of Things (IoT) and operational technology (OT) devices could allow cyber attackers to intercept and manipulate data.ZDNet
February 10, 2021 – Vulnerabilities
Adobe fixes a buffer overflow issue in Reader which is exploited in the wild Full Text
Abstract
Adobe has released security updates that aim to address 50 vulnerabilities affecting its Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver products.Security Affairs
February 10, 2021 – Vulnerabilities
Microsoft fixes Windows 10 console bug leading to blue screens Full Text
Abstract
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.BleepingComputer
February 10, 2021 – Business
Identity Verification Firm Veriff Appoints Amish Mody as New CFO Full Text
Abstract
Moday joins Veriff from FinTech MoneseInfosecurity Magazine
February 10, 2021 – Attack
Web hosting provider shuts down after cyberattack Full Text
Abstract
A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation.ZDNet
February 10, 2021 – Attack
Dependency Confusion Supply-Chain Attack Hit Over 35 High-Profile Companies Full Text
Abstract
In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, and achieve remote code execution. The technique, called dependency confusion or a substitution attack, takes advantage of the fact that a piece of software may include components from a mix of private and public sources. These external package dependencies, which are fetched from public repositories during a build process, can pose an attack opportunity when an adversary uploads a higher version of a private module to the public feed, causing a client to automatically download the bogus "latest" version without requiring any action from the developer. "From one-off mistakes made by developers on their own machines, to misconfigured internal or cloud-based build servers, to systemically vulnerable development pipelines, one thing was clear: squatting valThe Hacker News
February 10, 2021 – Solution
Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack Full Text
Abstract
Remote access to industrial facilities can be architected safely. But the best architecture can also be circumvented by attackers with unapproved software such as TeamViewer.Dragos
February 10, 2021 – General
Credential Theft Attacks Doubled Between 2016 and 2020 Full Text
Abstract
F5 warns of persistent credential stuffing threatInfosecurity Magazine
February 10, 2021 – General
North Korean Attacks on Cryptocurrency Exchanges Reportedly Netted $316 Million in Two Years Full Text
Abstract
North Korean hacking attacks on cryptocurrency exchanges reportedly netted an estimated $316m in cryptocurrency in 2019 and 2020, according to a report by Japan’s Nikkei.The Register
February 10, 2021 – Malware
LodaRAT Windows Malware Now Also Targets Android Devices Full Text
Abstract
A previously known Windows remote access Trojan (RAT) with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives. "The developers of LodaRAT have added Android as a targeted platform," Cisco Talos researchers said in a Tuesday analysis. "A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities." Kasablanca, the group behind the malware, is said to have deployed the new RAT in an ongoing hybrid campaign targeting Bangladeshi users, the researchers noted. The reason why Bangladesh-based organizations have been specifically singled out for this campaign remains unclear, as is the identity of the threat actor. First documented in May 2017 by Proofpoint , Loda is an AutoIt malware typically delivered via phishing lures that's equipped to run a wide range of commands designed to record audio, video, and capture othThe Hacker News
February 10, 2021 – General
MAS revises Technology Risk Management Guidelines for Financial Institutions Full Text
Abstract
On 18 January 2021, MAS issued the revised guidelines to address technology and cyber risks in view of the growing use of cloud technology, APIs, and software development by financial institutions.Lexology
February 10, 2021 – Attack
Microsoft Discloses New ‘Dependency Confusion’ Attack Technique Used to Target 35 Major Tech Firms Full Text
Abstract
Microsoft published a white paper on a new technique called a "dependency confusion" or a "substitution attack" that can be used to poison the app-building process inside corporate environments.ZDNet
February 10, 2021 – General
Romance Fraud Surges in Lockdown Following Shift to Online Dating Full Text
Abstract
UK Finance reveals that bank transfer romance fraud increased by 20% last yearInfosecurity Magazine
February 10, 2021 – Vulnerabilities
Big Russian hack used a technique experts had warned about for years. Why wasn’t the U.S. government ready? Full Text
Abstract
The disastrous Russian hack of federal government networks last year relied on a powerful new trick: Digital spies penetrated so deeply that they were able to impersonate any user they wanted.Washington Post
February 10, 2021 – Phishing
Scammers Selling Fake #COVID19 Vaccination Cards for Just $20 Full Text
Abstract
DomainTools says market is building for anti-vaxxersInfosecurity Magazine
February 10, 2021 – Vulnerabilities
Apple Patches 10-Year-Old macOS SUDO Root Privilege Escalation Bug Full Text
Abstract
Apple has rolled out a fix for a critical sudo vulnerability in macOS Big Sur, Catalina, and Mojave that could allow unauthenticated local users to gain root-level privileges on the system. "A local attacker may be able to elevate their privileges," Apple said in a security advisory. "This issue was addressed by updating to sudo version 1.9.5p2." Sudo is a common utility built into most Unix and Linux operating systems that lets a user without security privileges access and run a program with the credentials of another user. Tracked as CVE-2021-3156 (also called " Baron Samedit "), the vulnerability first came to light last month after security auditing firm Qualys disclosed the existence of a heap-based buffer overflow, which it said had been "hiding in plain sight" for almost 10 years. The vulnerability, which was introduced in the code back in July 2011, impacts sudo versions 1.7.7 through 1.7.10p9, 1.8.2 through 1.8.31p2, and 1.9.0The Hacker News
February 10, 2021 – Vulnerabilities
Many TCP/IP stacks found vulnerable to Mitnick attack, some still unpatched Full Text
Abstract
The tested stacks are used across a bevy of internet of things devices, industrial equipment and other networked products.SCMagazine
February 10, 2021 – Education
Your security technology is only as strong as your team Full Text
Abstract
In a recent CSIS survey, 82% of IT decision-makers said their organizations suffered from a shortage of cybersecurity skills, and 71% said that it had resulted in direct and measurable damage.Help Net Security
February 10, 2021 – Vulnerabilities
Zero-Day and Six Publicly Disclosed CVEs Fixed by Microsoft Full Text
Abstract
Patch Tuesday sees just 56 vulnerabilities addressed this monthInfosecurity Magazine
February 10, 2021 – Vulnerabilities
Microsoft fixes the Windows 10 console driver crash bug Full Text
Abstract
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.BleepingComputer
February 10, 2021 – General
Coalition Against Stalkerware Full Text
Abstract
Avast is joining the Electronic Frontier Foundation, the National Network to End Domestic Violence, Operation Safe Escape, Weisser Ring other leading companies in the fight against digital tracking.Avast
February 10, 2021 – Vulnerabilities
Adobe fixes a buffer overflow issue in Reader which is exploited in the wild Full Text
Abstract
Adobe released security patches for 50 flaws affecting six products, including a zero-day flaw in Reader that has been exploited in the wild. Adobe has released security updates that address 50 vulnerabilities affecting its Adobe Acrobat, Magento,...Security Affairs
February 10, 2021 – General
Enormous Growth in RDP Attacks as Hackers Targeting Employees Working From Home Full Text
Abstract
Nowadays, there is a vast increase in cybercriminal attacks, and the RDP attacks are at the top of these attacks list in...Cyber Security News
February 9, 2021 – Ransomware
Ransomware group claims it dumped source code of Cyberpunk 2077 Full Text
Abstract
In what could have been the dystopian future envisioned by sci-fi author William Gibson or just another bad day for CD Projekt Red, the company was hit with a 48-hour ransom demand by an undetermined hacking group that claimed to have dumped full copies of the source code for the company’s Cyberpunk 2077 server and…SCMagazine
February 09, 2021 – Vulnerabilities
Apple fixes SUDO root privilege escalation flaw in macOS Full Text
Abstract
Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges.BleepingComputer
February 09, 2021 – General
Hillicon Valley: Senators express concerns over response to Russian hack | Huawei makes a legal move | Twitter sees jump in user growth Full Text
Abstract
A mix of big tech companies are keeping unexpected company in the news today. Top senators on the Intelligence Committee are criticizing the “disorganized” federal response to the SolarWinds hack investigation. Meanwhile, Huawei is looking to a court to overturn the Federal Communications Commission’s decision to label it a national security threat even as the founder of the Chinese telecommunications giant said he is doubtful the Biden administration will lift the Trump-era sanctions.The Hill
February 9, 2021 – Business
SentinelOne forks over $155 million for log management company Full Text
Abstract
Executives are keen to incorporate Scalyr’s cloud-based data and event ingestion tool into their extended detection and response platform.SCMagazine
February 09, 2021 – Government
Senators ask federal officials to designate leader in ‘disorganized’ SolarWinds response Full Text
Abstract
Senate Intelligence Committee Chairman Mark Warner (D-Va.) and Vice Chairman Marco RubioMarco Antonio RubioThe GOP's impeachment 'prisoner's dilemma' Lawmakers wager barbecue, sweets and crab claws ahead of Super Bowl Republican 2024 hopefuls draw early battle lines for post-Trump era MORE (R-Fla.) on Tuesday criticized the “disorganized” federal response to the recently uncovered Russian hack of IT group SolarWinds, calling for agencies to designate a leader.The Hill
February 9, 2021 – Vulnerabilities
Rampant data sharing suggests website managers lack control, visibility Full Text
Abstract
Website managers need better insight into their third-party app partners’ default settings and access rights, experts say.SCMagazine
February 9, 2021 – Ransomware
Cyberpunk 2077 Publisher Hit with Hack, Threats and Ransomware Full Text
Abstract
CD Projekt Red was hit with a cyberattack (possibly the work of the “Hello Kitty” gang), and the attackers are threatening to release source code for Witcher 3, corporate documents and more.Threatpost
February 9, 2021 – Vulnerabilities
Actively Exploited Windows Kernel EoP Bug Allows Takeover Full Text
Abstract
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday — including 11 critical and six publicly known. And, it continued to address the Zerologon bug.Threatpost
February 9, 2021 – General
Google Play Boots Barcode Scanner App After Ad Explosion Full Text
Abstract
A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones.Threatpost
February 9, 2021 – Vulnerabilities
Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day Full Text
Abstract
Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild. Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows...Security Affairs
February 9, 2021 – Attack
A water-treatment hacking, and the complexities of risk mitigation Full Text
Abstract
How do you define risk? For those in the cybersecurity community, risk is usually defined by degree of exposure an organization might have to losses tied to breaches or system attacks. But ask that same question of a hospital administrator struggling to treat COVID patients and the answer might be tied to the number of…SCMagazine
February 09, 2021 – Ransomware
HelloKitty ransomware behind CD Projekt Red cyberattack, data theft Full Text
Abstract
The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name 'HelloKitty,' and yes, that's the name the threat actors utilize.BleepingComputer
February 9, 2021 – Phishing
Ukraine’s police arrested the author of the U-Admin phishing kit Full Text
Abstract
An international operation conducted by Ukraine's police, along with the US and Australia peers, shut down the world's largest phishing Service U-Admin. Last week, an international operation conducted by Ukraine's police, along with the US and Australian...Security Affairs
February 09, 2021 – Solution
Google expands election security aid for federal, state campaigns Full Text
Abstract
Google announced Tuesday it is expanding its efforts around election security by providing free training to state and federal campaigns in all 50 states.The Hill
February 9, 2021 – Vulnerabilities
Attackers Exploit Critical Adobe Flaw to Target Windows Users Full Text
Abstract
A critical vulnerability in Adobe Reader has been exploited in “limited attacks.”Threatpost
February 9, 2021 – Policy and Law
Cyber Command Major Imprisoned for Sex Crime Full Text
Abstract
US Army major gets lengthy sentence for producing child sexual abuse materialInfosecurity Magazine
February 09, 2021 – Vulnerabilities
Microsoft urges customers to patch critical Windows TCP/IP bugs Full Text
Abstract
Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible.BleepingComputer
February 9, 2021 – Ransomware
Ransomware targets Ness Digital Engineering, sparking concern in Israel Full Text
Abstract
The details of the cyberattack remain unclear, but initial reports indicate that the attack may have begun in Israel and then spread to other Ness branches around the world.The Jerusalem Post
February 9, 2021 – General
Gaming Industry Is Fraudsters’ Prime Target Full Text
Abstract
Fraud booms across all industries, with gaming companies topping US victim listInfosecurity Magazine
February 9, 2021 – Policy and Law
Attorney-General of Australia asked to update ‘personal information’ definition in Privacy Act Full Text
Abstract
The Attorney-General's Department is currently in the midst of reviewing the Australia Privacy Act 1988. Since October, it has been calling for all interested parties to provide their two cents.ZDNet
February 09, 2021 – Vulnerabilities
Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day Full Text
Abstract
Today is Microsoft's February 2021 Patch Tuesday, so please be buy your Windows administrators some snacks to keep their energy up throughout the day.BleepingComputer
February 9, 2021 – Education
Alison Partners with CODERED Full Text
Abstract
Free online learning platform announces partnership with cybersecurity course providerInfosecurity Magazine
February 09, 2021 – APT
New BendyBear APT malware gets linked to Chinese hacking group Full Text
Abstract
Unit 42 researchers today have shared info on a new polymorphic and "highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government.BleepingComputer
February 9, 2021 – Business
IoT Security Startup Armis Doubles Valuation To $2B With $125M Round Full Text
Abstract
The Palo Alto, California-based IoT security company announced Tuesday that it has raised a $125 million funding round from Brookfield Technology Partners and other investors.CRN
February 09, 2021 – Attack
Researcher hacks Microsoft, Apple, more in novel supply chain attack Full Text
Abstract
A researcher managed to hack systems of over 35 major tech companies including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla, Yelp, Tesla, and Uber in a novel software supply chain attack. For his ethical hacking research efforts, the researcher has been awarded over $130,000 in bug bounties.BleepingComputer
February 9, 2021 – Vulnerabilities
Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs Full Text
Abstract
An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution.Security Week
February 09, 2021 – Government
Huawei founder doubts Biden will lift sanctions Full Text
Abstract
The founder of Chinese tech giant Huawei said Tuesday that he does not expect the Biden administration to lift sanctions imposed on the company under former President Trump.The Hill
February 09, 2021 – Vulnerabilities
Adobe fixes critical Reader vulnerability exploited in the wild Full Text
Abstract
Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.BleepingComputer
February 9, 2021 – Breach
Tokyo Gas discloses data breach impacting anime-style dating simulation game Full Text
Abstract
Around 10,000 email addresses belonging to players of an online, anime-style game were exposed during a data breach, according to Tokyo Gas, the game’s developer and Japanese utility giant.The Daily Swig
February 9, 2021 – Phishing
Researchers uncovered a Facebook phishing campaign that tricked nearly 500,000 users in two weeks Full Text
Abstract
“Is that you” is a phishing scam that begins with a Facebook message sent by one of your friends. The “friend” claims to have found a video or image with you featured in it.Cyber News
February 09, 2021 – Solution
Office 365 will help admins find impersonation attack targets Full Text
Abstract
Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap.BleepingComputer
February 9, 2021 – Business
SentinelOne to acquire high-speed logging startup Scalyr for $155M Full Text
Abstract
SentinelOne, a security startup that helps customers make sense of security data using AI and machine learning, is acquiring Scalyr, the high-speed logging startup for $155 million in stock and cash.TechCrunch
February 9, 2021 – Criminals
Cybercriminals Claim to Steal Source Code for Cyberpunk 2077, The Witcher 3 Games Developed by CD Projekt Full Text
Abstract
Video game company CD Projekt says a cyberattack exposed some of its data, and the intruders left a ransom note claiming they accessed the source code for “Cyberpunk 2077” and other games.Cyberscoop
February 9, 2021 – Hacker
High Demand for Hacker Services on Dark Web Forums Full Text
Abstract
Seven in 10 inquiries on dark web forums relate to gaining access to a web resourceInfosecurity Magazine
February 9, 2021 – Phishing
Phishers Piggyback on Phishing Kits to Expand Their Activities Full Text
Abstract
Compiled with a set of JavaScript functions, the novel toolkit dubbed LogoKit enables cybercriminals to change logos and text on a phishing page in real-time.Cyware Alerts - Hacker News
February 9, 2021 – Vulnerabilities
Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs Full Text
Abstract
The development team behind the NextGen Gallery plugin has addressed two severe CSRF vulnerabilities that could have allowed site takeover. The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF)...Security Affairs
February 9, 2021 – Attack
Supply Chain Attacks Back on the Forefront Full Text
Abstract
ESET researchers recently disclosed a cyber-espionage attack campaign targeting Asian gamers, that jeopardized the update mechanism of NoxPlayer, an Android emulator for Macs and PCs.Cyware Alerts - Hacker News
February 9, 2021 – Malware
2016 Facebook malware campaign resurfaces, India top victim Full Text
Abstract
A 2016 Facebook malware campaign, known to use a combination of Windows trojan, browser injections, clever scripting, and a bug in the social network's platform, has resurfaced in India.The Times Of India
February 9, 2021 – Solution
Microsoft to add ‘nation-state activity alerts’ to Defender for Office 365 Full Text
Abstract
Microsoft is working on adding a new security alert to the dashboard of Microsoft Defender for Office 365 to notify companies when their employees are being targeted by nation-state threat actors.ZDNet
February 9, 2021 – General
Emotet Takedown: Short-Term Celebration, Long-Term Concerns Full Text
Abstract
Could Emotet come back in the same way? Experts don't think so because this law enforcement operation was more comprehensive and involved more participation from global authorities.Dark Reading
February 9, 2021 – Attack
Microsoft, SolarWinds in dispute over nation-state attacks Full Text
Abstract
In separate blog posts last week, the two companies provided updates on their ongoing investigations into how nation-state actors initially compromised SolarWinds' environment.Tech Target
February 9, 2021 – Disinformation
Spammers Flood Python Package Index Portal and GitLab with Garbage Content Full Text
Abstract
Spammers have inundated the Python Package Index (PyPI) portal and the GitLab source code hosting website with garbage content, flooding both with ads for shady sites and services.ZDNet
February 9, 2021 – Business
Tanium Adds Matt Thompson to Board of Directors Full Text
Abstract
Thompson becomes independent director of endpoint management and security providerInfosecurity Magazine
February 9, 2021 – Hacker
Hacker Tries to Poison Water Supply of Florida Town Full Text
Abstract
A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water, an action that was quickly noticed and remediated.Threatpost
February 9, 2021 – Vulnerabilities
Launching OSV - Better vulnerability triage for open source Full Text
Abstract
For consumers of open source software, it is often difficult to map a vulnerability such as a Common Vulnerabilities and Exposures (CVE) entry to the package versions they are using.Chrome Releases
February 9, 2021 – Hacker
Hacker Broke Into Florida County Water Treatment Plant and Attempted to Poison Water Supply Full Text
Abstract
The hacker took control of the computer system's mouse and attempted to change the sodium hydroxide in the water supply from about 100 parts per million to more than 11,100 parts per million.CBS News
February 9, 2021 – Education
New Council Will Drive UK’s Cyber-Training and Standards Full Text
Abstract
UK Cyber Security Council brings profession in line with medical, legal sectorsInfosecurity Magazine
February 09, 2021 – Ransomware
CD PROJEKT RED gaming studio hit by ransomware attack Full Text
Abstract
CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network.BleepingComputer
February 9, 2021 – Breach
Experian says investigating if involved in Brazil data breach Full Text
Abstract
Experian said it was investigating whether the personal data of millions of Brazilians that was found to be illegally offered for sale online could be connected with its Brazilian business Serasa.Reuters
February 09, 2021 – Education
Webinar and eBook: The Dark Side of EDR. Are You Prepared? Full Text
Abstract
Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams. Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to close the gaps. It's important to understand that each company is unique, and an EDR that a large company uses might not necessarily be the technology that works best when you are leading a small security team, even if you're within the same industry vertical. Understanding your threat detection technology requirements based on your unique company characteristics will help you choose the right one. The eBook and webinar "The Dark Side of EDR. Are You Prepared?" helps you in that requirement definition process. It points out the dark side(s) of EDR and provides guidance as to how to overcome them according to your company'The Hacker News
February 9, 2021 – Attack
Cyberpunk 2077 Developer Hit By Cyber-Attack Full Text
Abstract
Video game firm CD Projekt reveals a ransom note left by the attackersInfosecurity Magazine
February 9, 2021 – Policy and Law
HIPAA’s new ‘Safe Harbor’ rules promote security at healthcare firms under seige Full Text
Abstract
The US Health Insurance Portability and Accountability Act — HIPAA — has undergone some massive changes in the past few years to minimize the burden of healthcare entities.Last Watchdog
February 9, 2021 – General
Experts Warn of “Beg Bounty” Extortion Attempts Full Text
Abstract
SMBs are being bombarded by unsolicited bug bounty requestsInfosecurity Magazine
February 9, 2021 – Hacker
Cyber-Attacker Tries to Remotely Poison Florida City Full Text
Abstract
Unknown assailant hijacked system to increase sodium hydroxide levelsInfosecurity Magazine
February 9, 2021 – Ransomware
Ransomware Extortion Strategy Deepens as New Trends Emerge Full Text
Abstract
One of the emerging trends involves several ransomware gangs extorting companies by targeting the classified and confidential data of top executives and managers.Cyware Alerts - Hacker News
February 09, 2021 – Phishing
Ukrainian Police Arrest Author of World’s Largest Phishing Service U-Admin Full Text
Abstract
Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world's largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millions of dollars in losses. The Ukrainian attorney general's office said it worked with the National Police and its Main Investigation Department to identify a 39-year-old man from the Ternopil region who developed a phishing package and a special administrative panel for the service, which were then aimed at several banks located in Australia, Spain, the U.S., Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany, and the U.K. Computer equipment, mobile phones, and hard drives were seized as part of five authorized searches conducted during the course of the operation. Security researcher Brian Krebs noted the raids were in connection with U-Admin , a phishing framework that makes use of fake web pages to pilThe Hacker News
February 9, 2021 – Denial Of Service
DDoS Attacks Back with Bigger and Bolder Versions Full Text
Abstract
While there has been a significant rise in ransom-related DDoS (RDDoS) attacks in 2020, the trend continues to take a new shape as we settle into 2021.Cyware Alerts - Hacker News
February 9, 2021 – Phishing
Arrest, Raids Tied to ‘U-Admin’ Phishing Kit — Krebs on Security Full Text
Abstract
Cyber cops in Ukraine carried out an arrest and raids in connection with author of U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.”Krebs on Security
February 9, 2021 – Attack
Microsoft to notify Office 365 users of nation-state attacks Full Text
Abstract
Microsoft implements alerts for 'nation-state activity' in the Defender for Office 365 dashboard, to allow organizations to quickly respond. Since 2016, Microsoft has been alerting users of nation-state activity, now the IT giant added the same service...Security Affairs
February 9, 2021 – Malware
TeamTNT Back at it Again - Kubernetes Edition Full Text
Abstract
Unit42 researchers discovered a new malware, Hildegard, that is being leveraged to launch cryptojacking attacks on Kubernetes clusters.Cyware Alerts - Hacker News
February 9, 2021 – Denial Of Service
New Botnet Reuse the Mirai Framework to Perform DDoS Attack on Android Devices Full Text
Abstract
Recently, the Chinese security firm Qihoo 360's networking security division Netlab has discovered a nascent malware campaign. This campaign...Cyber Security News
February 8, 2021 – Hacker
Security gaps in operational tech exposed with hacker attempt to poison Florida city water Full Text
Abstract
Experts warn: no one should presume this is a fluke. In fact, the barrier of entry for unsophisticated actors to attack industrial controls is lower than ever.SCMagazine
February 8, 2021 – Hacker
Hackers attempted to poison the water supply of a US city Full Text
Abstract
Pinellas Sheriff revealed that attackers tried to raise levels of sodium hydroxide, by a factor of more than 100, in the Oldsmar’s water supply. The scenario described by Pinellas Sheriff Bob Gualtieri is disconcerting, an attacker attempted to raise...Security Affairs
February 08, 2021 – Hacker
Hackers tried poisoning town after breaching its water facility Full Text
Abstract
A hacker gained access to the water treatment system for the city of Oldsmar, Florida, and attempted to increase the concentration of sodium hydroxide (NaOH), also known as lye and caustic soda, to extremely dangerous levels.BleepingComputer
February 8, 2021 – General
Analyzing the Relationship between Social Media and Cyber Threats Full Text
Abstract
Research by Tessian has revealed that every photo we post and tag people, leads to the leak of valuable information that can be abused by hackers to design targeted attacks.Cyware Alerts - Hacker News
February 08, 2021 – General
Hillicon Valley: Ballots go out in Amazon union battle in Alabama | Hackers breach, attempt to poison Florida city’s water supply | Facebook to remove posts with false claims about vaccines Full Text
Abstract
VOTING STARTS NOW: Amazon workers in Bessemer, Ala., are being sent their ballots Monday in one of the most important union elections of the last decade.The Hill
February 08, 2021 – Government
Detailed: Here’s How Iran Spies on Dissidents with the Help of Hackers Full Text
Abstract
Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish natives. Tracing the extensive espionage operations to two advanced Iranian cyber-groups Domestic Kitten (or APT-C-50) and Infy , cybersecurity firm Check Point revealed new and recent evidence of their ongoing activities that involve the use of a revamped malware toolset as well as tricking unwitting users into downloading malicious software under the guise of popular apps. "Both groups have conducted long-running cyberattacks and intrusive surveillance campaigns which target both individuals' mobile devices and personal computers," Check Point researchers said in a new analysis. "The operators of these campaigns are clearly active, responsive and constantly seeking new attThe Hacker News
February 8, 2021 – Policy and Law
Paralegal’s Pal Admits Outing Witnesses Full Text
Abstract
Iowan pleads guilty to accessing sensitive, non-public information and releasing it on FacebookInfosecurity Magazine
February 8, 2021 – Education
TechTank: How to Protect Yourself From Cybersecurity Attacks Full Text
Abstract
At the end of 2020, reporting revealed the dramatic SolarWinds hack of major American businesses and government agencies. Russia broke into leading institutions and cybersecurity experts still are gauging the scope of the damage.Lawfare
February 8, 2021 – Vulnerabilities
Google launches Open Source Vulnerabilities (OSV) database Full Text
Abstract
Google announced the launch of OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure for open source projects. Google last week announced the OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure...Security Affairs
February 8, 2021 – Vulnerabilities
Google pitches security standards for ‘critical’ open-source projects Full Text
Abstract
In a post-Solar Winds era, less structured projects are extremely vulnerable to malicious forces and human error, the software giant argues.SCMagazine
February 8, 2021 – Ransomware
WestRock Ransomware Attack Hinders Packaging Production Full Text
Abstract
The ransomware attack, affecting OT systems, resulted in some of WestRock’s facilities lagging in production levels.Threatpost
February 08, 2021 – Vulnerabilities
Critical vulnerability fixed in WordPress plugin with 800K installs Full Text
Abstract
The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks.BleepingComputer
February 8, 2021 – Malware
Police Seize $60 Million of Bitcoin That Generated Via Installing Malware Full Text
Abstract
The officials of Germany have recently seized a digital wallet that was assumed to carry $60 million in bitcoins; all these bitcoins were acquired through fraudulent online activity.GB Hackers
February 08, 2021 – Hacker
Hackers breach, attempt to poison Florida city’s water supply Full Text
Abstract
Officials said Monday that a hacker had breached and attempted to poison the water supply for the city of Oldsmar, Fla., last week, but had been unsuccessful.The Hill
February 08, 2021 – General
Top 5 Bug Bounty Programs to Watch in 2021 Full Text
Abstract
While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are looking to enhance your existing software testing arsenal with knowledge and expertise from international security researchers: 1. HackerOne Being a unicorn backed by numerous reputable venture capitalists, HackerOne is probably the most well-known and recognized Bug Bounty brand in the world. According to their most recent annual report, over 1,700 companies trust the HackerOne platform to augment their in-house application security testing capacities. The report likewise says that their security researchers earned approximately $40 million in bounties in 2019 alone and $82 million cumulatively. HackerOne is also famous for hosting US government Bug Bounty programs, including theThe Hacker News
February 8, 2021 – Breach
Law Firm Data Breach Impacts UPMC Patients Full Text
Abstract
PHI of more than 36k UPMC patients may have been exposed following attack on law firmInfosecurity Magazine
February 8, 2021 – Policy and Law
What Is the Point of These Nation-State Indictments? Full Text
Abstract
Nation-state indictments may not be dramatic, but they are foundational.Lawfare
February 8, 2021 – APT
Domestic Kitten has been conducting surveillance targeting over 1,000 individuals Full Text
Abstract
Iran-linked APT group Domestic Kitten, also tracked as APT-C-50, has been conducting widespread surveillance targeting over 1,000 individuals. Domestic Kitten, also tracked as APT-C-50, is an Iran-linked APT group that has been active at least since...Security Affairs
February 8, 2021 – Vulnerabilities
With thousands of vendors, companies typically have limited grasp over supply chain security Full Text
Abstract
Organizations operate in networks that on average include 1,409 vendors. Combine that with limited resources, and supply chain security can seem an oxymoron.SCMagazine
February 08, 2021 – Vulnerabilities
Cyberpunk 2077 bug fixed that let malicious mods take over PCs Full Text
Abstract
CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files.BleepingComputer
February 8, 2021 – APT
Domestic Kitten hacking group strikes local citizens considered a threat to Iranian regime Full Text
Abstract
Domestic Kitten has been conducting widespread surveillance for the past four years, launching at least 10 separate campaigns and maintaining a target list of 1,200 individuals, at a minimum.ZDNet
February 8, 2021 – Breach
Emsisoft Suffers System Breach Full Text
Abstract
Configuration error allows unauthorized third party to access anti-malware solution maker’s technical logsInfosecurity Magazine
February 8, 2021 – Phishing
Novel phishing technique uses Morse code to compose malicious URLs Full Text
Abstract
Cybercriminals devised a new phishing technique that leverages the Morse code to hide malicious URLs and bypass defense. Experts spotted a new targeted phishing campaign that leverages a new obfuscation technique based on the Morse code to hide malicious...Security Affairs
February 8, 2021 – Ransomware
Conti ransomware gang tied to latest attacks on hospitals in Florida and Texas Full Text
Abstract
At least tens of thousands of sensitive medical files were posted to a blog on the dark web that the hackers used to extort the two hospital chains.SCMagazine
February 08, 2021 – Botnet
Microsoft: Keep your guard up even after Emotet’s disruption Full Text
Abstract
Microsoft warns customers not to let their guard down even after hundreds of Emotet botnet servers were taken down in late January 2021.BleepingComputer
February 8, 2021 – Hacker
Big jump in RDP attacks as hackers target staff working from home Full Text
Abstract
There's been a huge increase in cyber criminals attempting to perform attacks by exploiting remote login credentials over the last year, as many employees continue to work from home.ZDNet
February 8, 2021 – General
Remote Desktop Protocol Attacks Surge by 768% Full Text
Abstract
RDP attacks continued to grow in Q4 of 2020, but at a slower rateInfosecurity Magazine
February 8, 2021 – General
Safety first: Will insurance companies stall or accelerate cybersecurity progress? Full Text
Abstract
When it comes to cybersecurity coverage, the relationship between enterprises and insurers has been rocky and uncertain. But the market just may force a compromise.SCMagazine
February 08, 2021 – Malware
Android app joins the dark side, sends malware update to millions Full Text
Abstract
Google has removed a popular Android barcode scanner app with over 10 million installs from the Play Store after researchers found that it turned malicious following a December 2020 update.BleepingComputer
February 8, 2021 – Phishing
Fraudsters Target Discord Users in Cryptocurrency Scam Full Text
Abstract
Fraudsters are targeting Discord users with a scam centered on a fake cryptocurrency exchange and using the lure of free bitcoin or ethereum cryptocurrency to steal money and personal data.Bank Info Security
February 8, 2021 – General
NHS Staff Hit by Almost 140,000 Malicious Emails in 2020 Full Text
Abstract
NHS Digital figures highlight email threats faced by the healthcare sectorInfosecurity Magazine
February 08, 2021 – General
Microsoft to alert Office 365 users of nation-state hacking activity Full Text
Abstract
Microsoft will soon notify Office 365 of suspected nation-state hacking activity detected within their tenants according to a new listing on the company's Microsoft 365 roadmap.BleepingComputer
February 8, 2021 – Solution
Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files Full Text
Abstract
CyberArk researchers have released BlobHunter, an open-source tool organizations can use to discover Azure blobs containing sensitive files they have inadvertently made public.Help Net Security
February 8, 2021 – Policy and Law
Europol Breaks $14m Card Fraud Ring Full Text
Abstract
Operation Secreto results in 105 arrests across the continentInfosecurity Magazine
February 8, 2021 – Education
Three ways MITRE ATT&CK can improve your organizational security Full Text
Abstract
Built using real-world observations, ATT&CK provides greater depth when describing attacker techniques, enabling red teams to reproduce the behavior of various threat groups.Help Net Security
February 8, 2021 – Attack
Tens of Thousands of Patient Files Leaked in US Hospital Attacks Full Text
Abstract
Ransomware group suspected, but lack of malware perplexesInfosecurity Magazine
February 8, 2021 – Business
Guardforce AI Announces Acquisition of Handshake Full Text
Abstract
Guardforce AI, an integrated security solutions provider in Asia, acquired a majority stake in Handshake Networking Ltd, a Hong Kong-based company specializing in penetration testing.Yahoo! Finance
February 8, 2021 – Policy and Law
Crypto Fund Founder Pleads Guilty to $100m Fraud Scheme Full Text
Abstract
Virgil Sigma and VQR investors left high and dryInfosecurity Magazine
February 8, 2021 – Ransomware
Victims of Ziggy ransomware can recover their files for free Full Text
Abstract
The Ziggy ransomware gang has shut down its operations and released the decryption keys fearing the ongoing investigation of law enforcement. Good news for the victims of the Ziggy ransomware, the ransomware operators have shut down their operations...Security Affairs
February 8, 2021 – Malware
CinaRAT Resurfaces With New Evasive Tactics and Techniques Full Text
Abstract
Different versions of multi-staged loaders attempt to inject and execute CinaRAT within the victim’s host memory. CinaRAT code is available on GitHub; generally it's just a rebranded QuasarRAT.Morphisec
February 8, 2021 – Ransomware
Update: Packaging giant WestRock is still working to resume after recent Ransomware Attack Full Text
Abstract
American packaging company WestRock announced at the end of January that it was the victim of a ransomware attack that impacted its information technology (IT) and operational technology (OT) systems.Security Affairs
February 07, 2021 – Vulnerabilities
Removal notice for Signal article Full Text
Abstract
Due to conflicting information BleepingComputer has received, we have removed our original article.BleepingComputer
February 07, 2021 – Vulnerabilities
Signal ignores proxy censorship vulnerability, says it’s not a risk Full Text
Abstract
Signal, an end-to-end encrypted messaging platform was blocked in Iran and suggested a TLS proxy workaround to help its users bypass censorship. However, researchers have discovered vulnerabilities in the workaround that can render Signal's suggestions moot and pose risks for the users.BleepingComputer
February 7, 2021 – Breach
COMB breach: 3.2B email and password pairs leaked online Full Text
Abstract
The Largest compilation of emails and passwords (COMB), more than 3.2 billion login credentials, has been leaked on a popular hacking forum. More than 3.2 billion unique pairs of cleartext emails and passwords have been leaked on a popular hacking...Security Affairs
February 7, 2021 – Vulnerabilities
Hacking Nespresso machines to have unlimited funds to purchase coffee Full Text
Abstract
Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. The attack is possible because the machines...Security Affairs
February 07, 2021 – Ransomware
Ziggy ransomware shuts down and releases victims’ decryption keys Full Text
Abstract
The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims.BleepingComputer
February 07, 2021 – Phishing
New phishing attack uses Morse code to hide malicious URLs Full Text
Abstract
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.BleepingComputer
February 07, 2021 – Vulnerabilities
Fortinet fixes critical vulnerabilities in SSL VPN and web firewall Full Text
Abstract
Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products.BleepingComputer
February 7, 2021 – General
The number of ICS flaws in 2020 was 24,72% higher compared to 2019 Full Text
Abstract
The number of vulnerabilities discovered in industrial control system (ICS) products surged in 2020, security firm Claroty reports. According to a report published by the industrial cybersecurity firm Claroty that focuses on the second half of 2020,...Security Affairs
February 07, 2021 – Vulnerabilities
Signal ignores proxy censorship vulnerability, bans researchers Full Text
Abstract
Signal, an end-to-end encrypted messaging platform was blocked in Iran and suggested a TLS proxy workaround to help its users bypass censorship. However, researchers have discovered vulnerabilities in the workaround that can render Signal's suggestions moot and pose risks for the users.BleepingComputer
February 7, 2021 – Hacker
Hackers Abusing Google Chrome Extension to Exfiltrating Data & Using That Channel for C&C Communication Full Text
Abstract
Recently, an IT cybersecurity researcher, Bojan Zdrnja, has published its research exposing that the threat actors are using Google Chrome's Sync feature...Cyber Security News
February 7, 2021 – Hacker
How the United States Lost to Hackers Full Text
Abstract
The USA is getting hacked from so many sides that it has become virtually impossible to keep track, let alone inform the average American reader who is trying to grasp a largely invisible threat that lives in code.New York Times
February 7, 2021 – General
Security Affairs newsletter Round 300 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Experts explain...Security Affairs
February 7, 2021 – Breach
Web developers SitePoint discloses a data breach Full Text
Abstract
The website, and publisher of books, courses and articles for web developers, SitePoint discloses a data breach that impacted 1M users. SitePoint is an Australian-based website, and publisher of books, courses and articles for web developers. The company...Security Affairs
February 6, 2021 – Vulnerabilities
Experts found critical flaws in Realtek Wi-Fi Module Full Text
Abstract
Critical flaws in the Realtek RTL8195A Wi-Fi module could have been exploited to gain root access and take over devices' wireless communications. Researchers from Israeli IoT security firm Vdoo found six vulnerabilities in the Realtek RTL8195A Wi-Fi...Security Affairs
February 06, 2021 – Vulnerabilities
Mozilla fixes Windows 10 NTFS corruption bug in Firefox Full Text
Abstract
Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser.BleepingComputer
February 6, 2021 – Malware
Microsoft Tailing Dynamically Generated Email Infrastructure Full Text
Abstract
Microsoft digs into emerging email infrastructure, consisting of two segments named StrangeU and RandomU, that send over a million malware-laden emails each month.Cyware Alerts - Hacker News
February 6, 2021 – Ransomware
Ransomware Attacks Now a Million Dollar Enterprise Full Text
Abstract
Chainalysis tracked million worth of bitcoin transactions related to ransomware attacks and discovered that a sizable chunk usually ends up with actors at the top of the pyramid.Cyware Alerts - Hacker News
February 06, 2021 – Malware
The Great Suspender Chrome extension’s fall from grace Full Text
Abstract
Google has forcibly uninstalled the immensely popular 'The Great Suspender' extension from Google Chrome and classified it as malware.BleepingComputer
February 6, 2021 – Malware
Watch out! ‘The Great Suspender’ Chrome extension contains Malware Full Text
Abstract
Google removed the popular The Great Suspender from the official Chrome Web Store for containing malware and deactivated it from the users' PC. Google on Thursday removed The Great Suspender extension from the Chrome Web Store. Million of users...Security Affairs
February 6, 2021 – Ransomware
Packaging giant WestRock is still working to resume after recent Ransomware Attack Full Text
Abstract
Packaging giant WestRock revealed this week that the recent ransomware attack impacted the company’s IT and operational technology (OT) systems. American corrugated packaging company WestRock announced at the end of January that it was the victim...Security Affairs
February 06, 2021 – Malware
WARNING — Hugely Popular ‘The Great Suspender’ Chrome Extension Contains Malware Full Text
Abstract
Google on Thursday removed The Great Suspender , a popular Chrome extension used by millions of users, from its Chrome Web Store for containing malware. It also took the unusual step of deactivating it from users' computers. "This extension contains malware," read a terse notification from Google, but it has since emerged that the add-on stealthily added features that could be exploited to execute arbitrary code from a remote server, including tracking users online and committing advertising fraud. "The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more," Calum McConnell said in a GitHub post. The extension, which had more than two million installs before it was disabled, would suspend tabs that aren't in use, replacing them with a blank gray screen until they were reloaded upon returning to the tabs in question. Signs of theThe Hacker News
February 6, 2021 – Education
What is SYN Attack? How the Attack works and How to Prevent the SYN Attack Full Text
Abstract
TCP SYN Flood attacks are the most popular ones amongst the DDOS attacks. Here we are going to discuss in detail, the...Cyber Security News
February 6, 2021 – Attack
SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad-Based Attack Full Text
Abstract
SolarWinds CEO Sudhakar Ramakrishna verified this week “suspicious activity” in its Office 365 environment allowed hackers to gain access to and exploit the SolarWinds Orion development environment.CRN
February 6, 2021 – Hacker
Hackers post detailed patient medical records from two hospitals to the dark web Full Text
Abstract
Hackers have published extensive patient information from two U.S. hospital chains in an apparent attempt to extort them for money. The files also include at least tens of thousands of scanned diagnostic results and letters to insurers.NBC News
February 6, 2021 – Privacy
FBI leaned on Dutch cops’ hacking in Emotet disruption Full Text
Abstract
The U.S. and European law enforcement agencies last week conducted an extraordinary crackdown on Emotet, a botnet of infected computers that has defrauded victims of millions.Cyberscoop
February 6, 2021 – Vulnerabilities
Google Chrome sync feature can be abused for C&C and data exfiltration Full Text
Abstract
Threat actors have discovered they can abuse the Google Chrome sync feature to send commands to infected browsers and steal data from infected systems, bypassing traditional firewalls and other network defenses.ZDNet
February 6, 2021 – Vulnerabilities
Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213) Full Text
Abstract
Successful exploitation of this vulnerability allows an attacker to upload an arbitrary file with arbitrary names and extensions, leading to Remote Code Execution (RCE) on the targeted web server.Palo Alto Networks
February 6, 2021 – Ransomware
Researchers find financial ties between notorious ransomware gangs Full Text
Abstract
The number of ransomware strains that lock up systems throughout the global internet might suggest an immeasurable number of independent hackers are plundering victims’ data.Cyberscoop
February 6, 2021 – Breach
Webdev tutorials site SitePoint discloses data breach Full Text
Abstract
SitePoint, a website that provides access to a wealth of web development tutorials and books, has disclosed a security breach this week in emails sent to some of its users.ZDNet
February 05, 2021 – Ransomware
The Week in Ransomware - February 5th 2021 - Data destruction Full Text
Abstract
This week we saw a few large scale attacks and various ransomware reports indicating ransom payments are falling, while attacks are increasingly destroying data permanently. The good news is a new ransomware decryptor was released, allowing victims to recover files for free.BleepingComputer
February 05, 2021 – General
Hillicon Valley: Democratic senators unveil bill to reform Section 230 | Labor board denies Amazon request to delay local union vote | Robinhood lifts restrictions on GameStop, other stocks Full Text
Abstract
The Hill
February 05, 2021 – Denial Of Service
Cybercriminals Now Using Plex Media Servers to Amplify DDoS Attacks Full Text
Abstract
A new distributed denial-of-service attack (DDoS) vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks," Netscout researchers said in a Thursday alert. Plex Media Server is a personal media library and streaming system that runs on modern Windows, macOS, and Linux operating systems, as well as variants customized for special-purpose platforms such as network-attached storage (NAS) devices and digital media players. The desktop application organizes video, audio, and photos from a user's library and from online services, allowing access to and stream the contents to other compatible devices. DDoS attacks typically involve flooding a legitimate target with junk network traffic that comes from a large number oThe Hacker News
February 5, 2021 – Government
South Carolina Plans Cyber-Ecosystem Full Text
Abstract
University partners with state government to improve South Carolina’s cyber-capabilities under one umbrellaInfosecurity Magazine
February 5, 2021 – Ransomware
Forward Air Corporation says that December Ransomware attack caused a loss of $7.5M Full Text
Abstract
Trucking and freight transportation logistics giant Forward Air Corporation said a December 2020 ransomware attack had $7.5M Impact. Trucking and freight transportation logistics giant Forward Air Corporation announced that the ransomware attack that...Security Affairs
February 5, 2021 – Phishing
Google Firebase hosts Microsoft Office phishing attack Full Text
Abstract
A phishing attack recently uncovered by researchers pretends to share information about an electronic funds transfer (EFT) by offering up a link to download an HTML invoice that then loads to a page with Microsoft Office branding that’s hosted on Google Firebase. The attack culminates with a final phishing page that looks to extract a…SCMagazine
February 5, 2021 – General
Industrial Networks See Sharp Uptick in Hackable Security Holes Full Text
Abstract
Claroty reports that adversaries, CISOs and researchers have all turned their attention to finding critical security bugs in ICS networks.Threatpost
February 05, 2021 – Malware
Malicious extension abuses Chrome sync to steal users’ data Full Text
Abstract
The Google Chrome Sync feature can be abused by threat actors to harvest information from compromised computers using maliciously-crafted Chrome browser extensions.BleepingComputer
February 5, 2021 – Attack
Cyber-Attack on Woodland Trust Full Text
Abstract
Conservation charity notifies members of sophisticated December cyber-assaultInfosecurity Magazine
February 5, 2021 – Denial Of Service
Hackers abuse Plex Media servers for DDoS amplification attacks Full Text
Abstract
Netscout experts warn of DDoS-for-hire services abusing Plex Media servers to bounce junk traffic and amplify DDoS attacks. Security researchers from Netscout discovered DDoS-for-hire services have found a way to abuse Plex Media servers...Security Affairs
February 5, 2021 – Vulnerabilities
Google: Insufficient and rushed patching leads to more zero-day exploits Full Text
Abstract
The findings highlight a troubling habit that software developers can sometimes fall into: hastily scramble to issue an urgent vulnerability patch, only to move on to the next issue without fully grasping the underlying cause or crafting a wholistic fix.SCMagazine
February 5, 2021 – Vulnerabilities
Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites Full Text
Abstract
An CRSF-to-stored-XSS security bug plagues 50,000 ‘Contact Form 7’ Style users.Threatpost
February 05, 2021 – Breach
SitePoint discloses data breach after stolen info used in attacks Full Text
Abstract
The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.BleepingComputer
February 5, 2021 – Malware
TeamTNT group uses Hildegard Malware to target Kubernetes Systems Full Text
Abstract
The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes...Security Affairs
February 5, 2021 – Ransomware
Mortgage loan servicing company discloses ransomware attack to multiple states Full Text
Abstract
A preliminary investigation identified data related to SN Servicing Corporation’s billing statements and fee notices to customers from 2018, including names, address, loan numbers, balance information and billing information such as charges assessed, owed or paid.SCMagazine
February 05, 2021 – Phishing
Microsoft warns of increasing OAuth Office 365 phishing attacks Full Text
Abstract
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned.BleepingComputer
February 5, 2021 – Education
National Cyber League Expands HBCU Scholarship Program Full Text
Abstract
Second season of support for financially disadvantaged students at historically black colleges and universitiesInfosecurity Magazine
February 5, 2021 – Vulnerabilities
Skype ‘spoofing vulnerabilities’ are a haven for social engineering attacks, security researcher claims Full Text
Abstract
According to the researcher, tampering is possible by sending the content, intercepting requests, and forwarding with modified code, as well as by intercepting spoofed content and changing values.The Daily Swig
February 5, 2021 – Vulnerabilities
Google Chrome Zero-Day Afflicts Windows, Mac Users Full Text
Abstract
Google warns of a zero-day vulnerability in the V8 open-source engine that’s being actively exploited by attackers.Threatpost
February 5, 2021 – Ransomware
Ransomware Attacks Hit Major Utilities Full Text
Abstract
Electrobras, the largest power company in Latin America, faced a temporary suspension of some operations.Threatpost
February 5, 2021 – Business
Google Paid Out $6.7 Million in Bug Bounty Rewards in 2020 Full Text
Abstract
Google this week said it paid out more than $6.7 million in rewards as part of its bug bounty programs in 2020, marking a slight increase from the $6.5 million paid out in 2019.Security Week
February 5, 2021 – Breach
BA Data Breach Victims Granted Extension to File Claims Full Text
Abstract
Breach victims who have not filed their claim encouraged to do soInfosecurity Magazine
February 5, 2021 – Vulnerabilities
Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls Full Text
Abstract
Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls that were reported by Positive Technologies expert Andrey Medov. Two proof-of-concept exploits were also published.Security Affairs
February 5, 2021 – Ransomware
Experts: Foxtons Breach Was Egregor Ransomware Full Text
Abstract
Double extortion attempt likely, according to KelaInfosecurity Magazine
February 5, 2021 – Education
IBM Introduces $3 Million in Cybersecurity Grants for Public Schools in United States as Attacks on Education Grow Full Text
Abstract
These grants will be awarded to six school districts in the United States to sponsor teams of IBM professionals to help them proactively prepare for and respond to cyberattacks.Salamanca Press
February 5, 2021 – General
Data Sharing Critical to AI’s Use in Cybersecurity Full Text
Abstract
Developing datasets is vital in enabling the effective use of AIInfosecurity Magazine
February 5, 2021 – Ransomware
Meet Babuk, a ransomware attacker blamed for the Serco breach Full Text
Abstract
The ransomware gang, dubbed Babuk after its strain of code, is a case study in how quickly crooks can learn the basics of digital extortion and how that breeds ambition for big corporate scalps.Cyberscoop
February 5, 2021 – General
Financial Regulator Hit by 240,000 Malicious Emails in Q4 2020 Full Text
Abstract
Financial Conduct Authority swats away spam and malwareInfosecurity Magazine
February 5, 2021 – Solution
Open-source tool for hardening commonly used HMI/SCADA system Full Text
Abstract
Otorio, a provider of OT security and digital risk management solutions, released an open-source tool designed for hardening the security of GE Digital’s CIMPLICITY, a commonly used HMI/SCADA system.Help Net Security
February 5, 2021 – Breach
Government Security Supplier Suffers Double Breach Full Text
Abstract
French security company warns of customer data and source code theftInfosecurity Magazine
February 5, 2021 – Vulnerabilities
Geeni smart doorbells, cameras riddled with flaws, research finds Full Text
Abstract
The vulnerabilities, found in Geeni- and Merkury-branded security cameras and smart doorbells, would allow attackers to take full control of devices and remotely disable cameras in some cases.Cyberscoop
February 5, 2021 – Business
Instagram Bans Hundreds of Accounts With Stolen User Names Full Text
Abstract
Instagram is coordinating with other social media platforms, including Twitter and TikTok, to ban users who have been involved in stealing hundreds of single-word user names.New York Times
February 05, 2021 – Ransomware
Eletrobras, Copel energy companies hit by ransomware attacks Full Text
Abstract
Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week.BleepingComputer
February 5, 2021 – Malware
Hackers Hijacking Google Search Results via Backdoored Browser Extensions Full Text
Abstract
Cybersecurity researchers at Avast have recently reported a huge campaign comprised of dozens of malicious Chrome and Edge browser extensions along with...Cyber Security News
February 5, 2021 – Vulnerabilities
Google patches an actively exploited Chrome zero-day Full Text
Abstract
Google has released today version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today's release contains only one bugfix for a zero-day vulnerability that was exploited in the wild.ZDNet
February 05, 2021 – Vulnerabilities
Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP Full Text
Abstract
Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) — impact RV160, RV160W, RV260, RV260P, and RV260W VPN routers running a firmware release earlier than Release 1.0.01.02. Along with the aforementioned three vulnerabilities, patches have also been released for two more arbitrary file write flaws (CVE-2021-1296 and CVE-2021-1297) affecting the same set of VPN routers that could have made it possible for an adversary to overwrite arbitrary files on the vulnerable system. All the nine security issues were reported to the networking equipment maker by security researcher Takeshi Shiomitsu, who has previously uncovered similar critical flaws in RV110W, RV130W, and RV215W Routers that could be leverThe Hacker News
February 5, 2021 – Vulnerabilities
Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls Full Text
Abstract
Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls that were reported by Positive...Security Affairs
February 5, 2021 – Vulnerabilities
7 Common Microsoft AD Misconfigurations that Adversaries Abuse Full Text
Abstract
Threat actors typically have the goal of obtaining Active Directory Domain Administrator privileges, or, in other words, complete control over the Active Directory domain.Crowdstrike
February 5, 2021 – Vulnerabilities
Free coffee! Belgian researcher hacks prepaid vending machines Full Text
Abstract
Belgian cybersecurity researcher Polle Vanhoof just published a paper about an exploitable hole he found in the payment system used in some Nespresso prepaid coffee machines.Sophos
February 04, 2021 – Vulnerabilities
New Chrome Browser 0-day Under Active Attack—Update Immediately! Full Text
Abstract
Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine. "Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the company said in a statement. The security flaw was reported to Google by Mattias Buelens on January 24. Previously on February 2, Google addressed six issues in Chrome , including one critical use after free vulnerability in Payments (CVE-2021-21142) and four high severity issues in Extensions, Tab Groups, Fonts, and Navigation features. While it's typical of Google to limit details of the vulnerability until a majority of users are updated with the fix, the development comes weeks after Google and Microsoft disclosed attacks carried out by North Korean hackers against security researThe Hacker News
February 04, 2021 – Vulnerabilities
Google fixes Chrome zero-day actively exploited in the wild Full Text
Abstract
Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users.BleepingComputer
February 4, 2021 – Vulnerabilities
Allen-Bradley Flex I/O vulnerable to denial of service Full Text
Abstract
A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.Talos
February 04, 2021 – Government
Cruz blocks vote on Biden Commerce secretary nominee over Huawei concerns Full Text
Abstract
Sen. Ted Cruz (R-Texas) on Thursday formally placed a hold on the Senate voting on the nomination of Gina RaimondoGina RaimondoOn The Money: Biden commits to ,400 checks, but open to eligibility limits | House approves budget resolution for COVID-19 package | McConnell seeks to inflict political pain on budget votes Hillicon Valley: Federal cyber agency reevaluating role in countering election disinformation | Senate panel advances Biden's Commerce secretary pick | House Armed Services panel establishes new cybersecurity panel GOP warns Biden nominees on hold until after impeachment MORE, President Biden’s pick for Commerce secretary, due to concerns Raimondo has not clarified her stance on Chinese telecom giant Huawei.The Hill
February 4, 2021 – Ransomware
NCIJTF Releases New Ransomware Fact Sheet Full Text
Abstract
America’s National Cyber Investigative Joint Task Force seeks to educate public on ransomware threatInfosecurity Magazine
February 4, 2021 – Vulnerabilities
Google addresses Chrome zero-day flaw actively exploited in the wild Full Text
Abstract
Google has addressed an actively exploited zero-day vulnerability, tracked as CVE-2021-21148, with the release of the Chrome 88.0.4324.150 version. Google released Chrome 88.0.4324.150 version that addressed an actively exploited zero-day security...Security Affairs
February 4, 2021 – Vulnerabilities
Industrial control system vulnerabilities up 25 percent in 2020 Full Text
Abstract
A new research report released Thursday by Claroty said that vendors and industrial organizations must come to grips with these trends and act upon bug reports because the attacks and vulnerabilities will not abate.SCMagazine
February 4, 2021 – Denial Of Service
Android Devices Prone to Botnet’s DDoS Onslaught Full Text
Abstract
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.Threatpost
February 04, 2021 – Hacker
Hackers steal StormShield firewall source code in data breach Full Text
Abstract
Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the company's support ticket system and steal source code for Stormshield Network Security firewall software.BleepingComputer
February 4, 2021 – Government
US DARPA bug bounty helps strengthen military research agency’s security defenses Full Text
Abstract
The US Defense Advanced Research Projects Agency (DARPA) has reported back on its first ever security bug bounty program, saying the scheme has highlighted strengths as well as weaknesses.The Daily Swig
February 04, 2021 – General
Hillicon Valley: Biden: US taking ‘urgent’ steps to improve cybersecurity | Democrat warns tech companies to ‘step up’ or risk Section 230 changes | California court rejects suit challenging state’s new rules for gig workers Full Text
Abstract
BIDEN TEASES CYBER INITIATIVE: President Biden said Thursday that his administration is launching an “urgent initiative” to improve the nation’s cybersecurity, pointing to concerns involving both Russia and China.The Hill
February 4, 2021 – General
Study Finds Delays in Revoking System Access Full Text
Abstract
Tardy access revocation when workers depart exposes US organizations to security riskInfosecurity Magazine
February 4, 2021 – Denial Of Service
Matryosh DDoS botnet targets Android-Based devices via ADB Full Text
Abstract
Netlab researchers spotted a new Android malware, dubbed Matryosh, that is infecting devices to recruit them in a distributed denial-of-service (DDoS) botnet. On January 25, 2021, researchers at 360 netlab detected a suspicious ELF file, initially...Security Affairs
February 4, 2021 – Covid-19
A people counter that didn’t add up, and the dangers of the COVID IoT boom Full Text
Abstract
COVID-19 created an immediate demand for social distancing and safety products, many of which integrate with corporate networks, where security concerns and testing might fall to the wayside.SCMagazine
February 4, 2021 – Attack
Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months Full Text
Abstract
As many as 100,000 of the music streaming service’s customers could face account takeover.Threatpost
February 04, 2021 – Hacker
Hacking group also used an IE zero-day against security researchers Full Text
Abstract
An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers.BleepingComputer
February 4, 2021 – General
Consider the Human Angle in your Threat Modeling Full Text
Abstract
As security practitioners, we need to consider a wider variety of possibilities for misuse of data and systems in our care, not just those that affect the majority of people.Security Intelligence
February 04, 2021 – Government
Biden: US taking ‘urgent’ steps to improve cybersecurity Full Text
Abstract
President Biden said Thursday that his administration is launching an “urgent initiative” to improve the nation’s cybersecurity, pointing to concerns around malign efforts by Russia and China.The Hill
February 4, 2021 – Attack
Automated Tools Increasingly Used to Launch Cyber-Attacks Full Text
Abstract
Over half of attacks detected by Barracuda involve the use of automationInfosecurity Magazine
February 4, 2021 – Hacker
Hackers accessed Stormshield data, including source code of ANSSI certified products Full Text
Abstract
The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients. Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive...Security Affairs
February 4, 2021 – Education
How not to overshare when crafting social media posts, out-of-office messages Full Text
Abstract
Out-of-office email messages serve an important business communications function, and a strong social media profile is a great way to network with your peers and brand yourself. So the question becomes: Where do you draw the line? What constitutes TMI?SCMagazine
February 04, 2021 – Denial Of Service
Plex Media servers actively abused to amplify DDoS attacks Full Text
Abstract
Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in Distributed Denial of Service (DDoS) attacks.BleepingComputer
February 4, 2021 – Education
Why pseudonymisation is important to protect personal data? Full Text
Abstract
The ENISA released its report on pseudonymisation for personal data protection, providing a technical analysis of cybersecurity measures in personal data protection and privacy.Help Net Security
February 4, 2021 – Business
IBM Announces Cybersecurity Grants for US Schools Full Text
Abstract
Public schools in US to receive $3m in cybersecurity grants from IBM to protect against threatsInfosecurity Magazine
February 4, 2021 – General
Years overdue, the profile of the CISO begins to rise as cyber grabs attention in boardrooms Full Text
Abstract
Recognition of CISOs as critical protectors of company assets and customer trust is expanding. And yet, security executives say true influence often remains elusive.SCMagazine
February 04, 2021 – Ransomware
Ransomware attacks increasingly destroy victims’ data by mistake Full Text
Abstract
More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption.BleepingComputer
February 4, 2021 – Vulnerabilities
Multiple vulnerabilities spotted in SoftMaker Office PlanMaker Full Text
Abstract
An exploitable integer overflow and heap-based buffer overflow vulnerabilities exists in the PlanMaker document-parsing functionality of SoftMaker Office 2021's PlanMaker application.Talos
February 4, 2021 – Denial Of Service
DDoS attacks leverage Plex media server Full Text
Abstract
The situation offers one more example of the threats posed by remote employees, if companies don’t ensure proper security protocols are in place.SCMagazine
February 4, 2021 – General
Major trends that are changing the CISO role Full Text
Abstract
In a rapidly changing business environment, the role of the CISO has hugely expanded in its scope and responsibilities, a BT Security survey of over 7000 professionals from across the world reveals.Help Net Security
February 4, 2021 – Education
Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source Full Text
Abstract
The security of open source software has rightfully garnered the industry’s attention, but solutions require consensus about the challenges and cooperation in the execution.Chrome Releases
February 4, 2021 – Breach
Data Breach at Security Firm Stormshield Impacts Client Information, Source Code Full Text
Abstract
Stormshield is a major provider of network security products to the French government, some used on sensitive networks, so it is being treated as a major security breach inside the French government.ZDNet
February 4, 2021 – Phishing
Fraudsters Build Up Phishing Repertoire for 2021 Tax Season. Are… Full Text
Abstract
Fraudsters had an early start anticipating the buzz surrounding tax filing season, with phishing campaigns impersonating the government agency as early as November 25, 2020, according to Bitdefender.Bit Defender
February 4, 2021 – Solution
SonicWall released patch for actively exploited SMA 100 zero-day Full Text
Abstract
SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) to address an actively exploited zero-day...Security Affairs
February 4, 2021 – Government
DOD to Try Out Its Vulnerability Disclosure Program with Contractors Full Text
Abstract
The DoD’s Cyber Crime Center will soon be accepting applications for a limited number of companies within the defense industrial base to benefit from security researchers already working for it.Nextgov
February 4, 2021 – Vulnerabilities
Disclosed ICS Vulnerabilities Surged During Second Half of 2020 Full Text
Abstract
ICS vulnerabilities were up 25% year-on-yearInfosecurity Magazine
February 4, 2021 – Ransomware
Trucking company Forward Air said its ransomware incident cost it $7.5 million Full Text
Abstract
The losses stemmed "primarily because of the Company's need to temporarily suspend its electronic data interfaces with its customers," Forward Air said in SEC documents filed today.ZDNet
February 4, 2021 – General
London Orgs: Increased Risk Due to Remote Working to Persist for 12-18 months Full Text
Abstract
Study uncovers what’s at stake for UK capital as it continues to adapt to health crisisInfosecurity Magazine
February 4, 2021 – Vulnerabilities
Rubbish software security patches responsible for a quarter of zero-days last year Full Text
Abstract
Zero-day flaws are a problem because they may be exploited for long periods of time before they're detected and dealt with. There were 24 of them in 2020, four more than in 2019.The Register
February 04, 2021 – Business
IBM rolls out $3M grant program for schools to defend against cyberattacks Full Text
Abstract
IBM on Thursday announced a $3 million grant program that is expected to go toward protecting K-12 schools against ransomware and other cyberattacks, which have increased significantly as classes moved to online instruction during the COVID-19 pandemic.The Hill
February 04, 2021 – Education
How to Audit Password Changes in Active Directory Full Text
Abstract
Today's admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user is whom they claim to be. This initial layer of security is crucial for protecting one's entire infrastructure. Unfortunately, the personal nature of passwords has its shortcomings. Passwords are easily forgotten. They may also be too simplistic; many companies don't enforce stringent password-creation requirements. This is where the Active Directory Password Policy comes in. Additionally, the following is achievable: Changing user passwords Recording password changes and storing them within a history log Active Directory accounts for any impactful changes across user accounts. We'll assess why and how administrators might leverage these core features. Why change userThe Hacker News
February 4, 2021 – Vulnerabilities
Three More Vulnerabilities Found in SolarWinds Products Full Text
Abstract
Customers urged to patch Orion and Serv-U FTP promptlyInfosecurity Magazine
February 4, 2021 – Solution
RF Enables Takeover of Hostile Drones Full Text
Abstract
Various kinds of drones are increasingly breaching the security lines of restricted areas, and whenever a drone crosses into an unauthorized territory, security teams must determine if it's hostile.Dark Reading
February 04, 2021 – Denial Of Service
Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices Full Text
Abstract
A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service (DDoS) attacks. Called " Matryosh " by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge (ADB) interfaces to infect Android devices and ensnare them into its network. ADB is a command-line tool part of the Android SDK that handles communications and allows developers to install and debug apps on Android devices. While this option is turned off by default on most Android smartphones and tablets, some vendors ship with this feature enabled, thus allowing unauthenticated attackers to connect remotely via the 5555 TCP port and open the devices directly to exploitation. This is not the first time a botnet has taken advantage of ADB to infect vulnerable devices. In July 2018, open ADB ports were used to spread multipThe Hacker News
February 4, 2021 – Ransomware
US Shipping Giant Loses $7.5m in Ransomware Attack Full Text
Abstract
Forward Air couldn’t reach customers after December incidentInfosecurity Magazine
February 04, 2021 – General
Why Human Error is #1 Cyber Security Threat to Businesses in 2021 Full Text
Abstract
Phishing and Malware Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis. Phishing has also seen a resurgence in the last few years, with many new scams being invented to take advantage of unsuspecting companies. Just one variation, the CEO Fraud email scam, cost UK businesses alone £14.8m in 2018. Working From Home Staff working from home are outside the direct oversight of IT support teams and often struggle to deal with cyber threats and appropriately protect company information. Failing to update software and operating systems, sending data over insecure networks, and increasing reliance on email and online messaging has made employees far more susceptible to threats ranging from malware to phishing. Human Error While technical solutions like spam filters and mobile device management systeThe Hacker News
February 4, 2021 – Malware
Whitespace Steganography Conceals Web Shell in PHP Malware Full Text
Abstract
The web shell provides attackers with tools to work with files and databases on the targeted server, collect sensitive information, infect files, and conduct brute force attacks.Sucuri
February 4, 2021 – Vulnerabilities
Google: Incomplete Patches Caused Quarter of Zero-Days in 2020 Full Text
Abstract
Attackers are capitalizing on lack of vendor thoroughnessInfosecurity Magazine
February 4, 2021 – Malware
The Drovorub Mystery: Malware NSA Warned About Can’t Be Found Full Text
Abstract
An advisory by the NSA and the FBI shares information on how Drovorub works, how it can be detected, and how organizations can protect their systems against attacks involving the malware.Security Week
February 4, 2021 – Breach
Vermont labor commissioner apologizes for tax data bungle Full Text
Abstract
Vermont Labor Department officials remain on damage control a day after revealing a massive data breach involving tens of thousands of 1099-G unemployment tax forms sent to the wrong people.Wcax
February 04, 2021 – Vulnerabilities
Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices Full Text
Abstract
Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The six flaws were reported by researchers from Israeli IoT security firm Vdoo. The Realtek RTL8195A module is a standalone, low-power-consumption Wi-Fi hardware module targeted at embedded devices used in several industries such as agriculture, smart home, healthcare, gaming, and automotive sectors. It also makes use of an "Ameba" API, allowing developers to communicate with the device via Wi-Fi, HTTP, and MQTT , a lightweight messaging protocol for small sensors and mobile devices. Although the issues uncovered by Vdoo were verified only on RTL8195A, the researchers said they extend to other modules as well, including RTL8711AM, RTL8711AF, and RTL8710AF. The flaws concern a mix of stack overflow, and out-of-bounds reads that stem from the Wi-Fi module's WPA2 foThe Hacker News
February 04, 2021 – Ransomware
Rise in ransomware attacks mistakenly causing data destruction Full Text
Abstract
More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption.BleepingComputer
February 4, 2021 – General
Top 10 Cyber Attack Maps to See Digital Threats 2021 Full Text
Abstract
With the help of Bromium, we get to know that digital crime result has increased to 1.5 trillion dollars yearly in illegal...Cyber Security News
February 4, 2021 – Solution
Cisco fixes critical remote code execution issues in SMB VPN routers Full Text
Abstract
Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers....Security Affairs
February 03, 2021 – Breach
Oxfam Australia investigates data breach after database sold online Full Text
Abstract
Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database belonging on a hacker forum.BleepingComputer
February 3, 2021 – Malware
TeamTNT launches cryptojacking operation on Kubnernetes clusters Full Text
Abstract
Although the malware is still under development and the campaign has not spread widely, Unit 42 believes the attacker will soon improve the tools and start a large-scale deployment.SCMagazine
February 3, 2021 – Vulnerabilities
SonicWall issues firmware patch after attackers exploited critical bugs Full Text
Abstract
Fix addresses an exploit enabling admin credential access, and a remote code execution attack.SCMagazine
February 03, 2021 – Ransomware
New Fonix ransomware decryptor can recover victim’s files for free Full Text
Abstract
Kaspersky has released a decryptor for the Fonix Ransomware (XONIF) that allows victims to recover their encrypted files for free.BleepingComputer
February 03, 2021 – General
Hillicon Valley: Federal cyber agency reevaluating role in countering election disinformation | Senate panel advances Biden’s Commerce secretary pick | House Armed Services panel establishes new cybersecurity panel Full Text
Abstract
‘RUMOR CONTROL’ UNDER REVIEW: Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), said Wednesday that the agency’s involvement in countering election disinformation and misinformation was under review.The Hill
February 3, 2021 – General
SOC teams spend nearly a quarter of their day handling suspicious emails Full Text
Abstract
Email investigations take nearly double the amount of time as prevention and response. Time well spent?SCMagazine
February 03, 2021 – Government
House Armed Services panel establishes new cybersecurity subcommittee Full Text
Abstract
House Armed Services Committee Chairman Adam Smith (D-Wash.) and Rep. Jim LangevinJames (Jim) R. LangevinThe next pandemic may be cyber — How Biden administration can stop it Hillicon Valley: Parler sues Amazon, asks court to reinstate platform | Twitter stock falls after Trump ban | Facebook pauses political spending in wake of Capitol attack Cyber czar to draw on new powers from defense bill MORE (D-R.I.) on Wednesday announced the establishment of a new cybersecurity-focused subcommittee on the panel.The Hill
February 3, 2021 – Vulnerabilities
TIM’s Red Team Research (RTR) discovered 2 new zero-day vulnerabilities in WordPress Plugin Limit Login Attempts Reloaded Full Text
Abstract
Researchers from TIM’s Red Team Research (RTR) discovered 2 new zero-day vulnerabilities in WordPress Plugin Limit Login Attempts Reloaded Italy also joins the security bug research, with the Red Team Research laboratory of TIM, an important Italian...Security Affairs
February 3, 2021 – Malware
Emotet’s Takedown: Have We Seen the Last of the Malware? Full Text
Abstract
A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware.Threatpost
February 3, 2021 – Attack
Second SolarWinds Attack Group Breaks into USDA Payroll — Report Full Text
Abstract
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.Threatpost
February 3, 2021 – Attack
Alleged China-linked hackers used SolarWinds bug to breach National Finance Center Full Text
Abstract
Alleged China-linked hackers have exploited a flaw in the SolarWinds Orion software to hack systems at the U.S. National Finance Center. FBI investigators discovered that allegedly China-linked hackers have exploited a flaw in the SolarWinds Orion...Security Affairs
February 3, 2021 – Malware
New Malware Hijacks Kubernetes Clusters to Mine Monero Full Text
Abstract
Researchers warn that the Hildegard malware is part of ‘one of the most complicated attacks targeting Kubernetes.’Threatpost
February 03, 2021 – Vulnerabilities
SonicWall fixes actively exploited SMA 100 zero-day vulnerability Full Text
Abstract
SonicWall has released a patch for the zero-day vulnerability used in attacks against the SMA 100 series of remote access appliances.BleepingComputer
February 03, 2021 – Government
Federal cyber agency reevaluating its role in countering election disinformation Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA), the key federal group responsible for election security, is reevaluating its role in countering disinformation and misinformation after the agency stood up a web page to address misleading election claims last year.The Hill
February 3, 2021 – General
Execs fear business setbacks from failure to keep up with ‘digital born’ competitors Full Text
Abstract
The volatility and uncertainties brought about by the pandemic will have an impact well into the next decade, with executives foreshadowing struggles tied to evolving security requirements and the need to transform digitally on a dime.SCMagazine
February 3, 2021 – Malware
New Trickbot Malware Component Performs Local Network Reconnaissance Full Text
Abstract
Trickbot recently added a fresh module to scan local network systems with open ports for quick lateral movement. Names masrv, the component incorporates a copy of the Masscan open-source utility.Cyware Alerts - Hacker News
February 3, 2021 – Criminals
Retail Sector Still a Favorite Playground for Cybercriminals Full Text
Abstract
Retail firms are back on the targets of cyber adversaries; several organizations were hit by a variety of threats including phishing campaigns, code injection, and ransomware attacks lately.Cyware Alerts - Hacker News
February 3, 2021 – Policy and Law
Prison for International Credit Card Fraud Kingpin Full Text
Abstract
Ireland imprisons two members of multi-million-dollar cybercrime gangInfosecurity Magazine
February 03, 2021 – Vulnerabilities
Cisco fixes critical code execution bugs in SMB VPN routers Full Text
Abstract
Cisco has addressed multiple pre-auth remote code execution (RCE) vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices.BleepingComputer
February 03, 2021 – Hacker
Hackers had access to SolarWinds email system for months: report Full Text
Abstract
Hackers involved in the recent breach of IT group SolarWinds, one of the largest cyber incidents in U.S. history, likely had access to the company’s email system for almost a year.The Hill
February 3, 2021 – Breach
Largest Compilation of User Emails and Passwords Leaked for Free on Hacker Forum Full Text
Abstract
More than 3.2 billion unique pairs of cleartext emails and passwords have just been leaked on a popular hacking forum, aggregating past leaks from Netflix, LinkedIn, Exploit.in, Bitcoin, and more.Cyber News
February 3, 2021 – Policy and Law
Tulsa Mayor’s Cyber-stalker Jailed Full Text
Abstract
US jails Virginian who repeatedly threatened Tulsa’s mayor in a bid to stop a political rally from taking placeInfosecurity Magazine
February 3, 2021 – Vulnerabilities
Recently discovered CVE-2021-3156 SUDO bug also affects macOS Big Sur Full Text
Abstract
Experts warn that the recently discovered heap-based buffer overflow bug in Linux SUDO also impacts the latest version of Apple macOS Big Sur. Recently Qualys researchers found a Sudo vulnerability, tracked as CVE-2021-3156, that has allowed any local...Security Affairs
February 3, 2021 – Privacy
Playing Fetch: New XS-Leak exploits browser redirects to break user privacy Full Text
Abstract
The XS-Leak family of browser side-channel attacks that can be used to glean important information from a system, bypassing existing security measures to leak sensitive user data.The Daily Swig
February 3, 2021 – Vulnerabilities
Weak ACLs in Adobe ColdFusion Allow Privilege Escalation Full Text
Abstract
An unprivileged user on a Windows computer could place a malicious DLL file within the installation directory of Adobe ColdFusion, which would lead to arbitrary code execution with SYSTEM privileges.Security Week
February 3, 2021 – Business
HelpSystems Expands Cybersecurity Portfolio Through Latest Acquisition Full Text
Abstract
HelpSystems acquires cloud security firm Digital DefenseInfosecurity Magazine
February 3, 2021 – Policy and Law
Fertility App Sued Over Non-Consensual Data Sharing Full Text
Abstract
Premom developer accused of sharing sensitive data with Chinese firms without user consentInfosecurity Magazine
February 03, 2021 – Vulnerabilities
Microsoft Defender ATP detects Chrome updates as PHP backdoors Full Text
Abstract
Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file.BleepingComputer
February 3, 2021 – Breach
Data of 2.5 million Airtel customers in J-K allegedly leaked; telco claims no breach in server Full Text
Abstract
Data of around 2.5 million Bharti Airtel subscribers of Jammu and Kashmir circle, including Aadhaar numbers, address, and date of birth, has reportedly been leaked by hackers.The Times Of India
February 3, 2021 – Vulnerabilities
Five Critical Android Bugs Patched, Part of Feb. Security Bulletin Full Text
Abstract
February’s security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8.Threatpost
February 3, 2021 – Government
Singapore assessing WhatsApp privacy policy change, not ‘adversely affected’ in SolarWinds breach Full Text
Abstract
Government reveals there has been no indication its systems or the country's critical information infrastructures have been severely impacted by the SolarWinds supply chain breach.ZDNet
February 03, 2021 – Government
Senate panel advances Biden’s Commerce secretary pick in 21-3 vote Full Text
Abstract
The Senate Commerce Committee on Wednesday advanced President Biden’s nominee to lead the Commerce Department, Gina Raimondo, in a broadly bipartisan 21-3 vote.The Hill
February 3, 2021 – General
Fraudsters Ramped Up Account Takeover Attacks in 2020 Full Text
Abstract
Account takeover attacks on the rise since COVID-19 pandemicInfosecurity Magazine
February 03, 2021 – Vulnerabilities
SolarWinds patches critical vulnerabilities in the Orion platform Full Text
Abstract
Even with the security updates prompted by the recent SolarWinds Orion supply-chain attack, researchers still found some glaring vulnerabilities affecting the platform, one of them allowing code execution with top privileges.BleepingComputer
February 3, 2021 – Attack
A New Supply Chain Attack Targets Gaming Companies in Asia Full Text
Abstract
ESET researchers uncover a new supply-chain attack used in a cyberespionage operation targeting online‑gaming communities in Asia. The new...Cyber Security News
February 3, 2021 – Ransomware
Ransomware’s Helper: Initial Access Brokers Flourish Full Text
Abstract
To take down bigger targets more easily, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks for a few hundreds or thousands of dollars.Gov Info Security
February 03, 2021 – Malware
Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions Full Text
Abstract
New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads. Collectively called " CacheFlow " by Avast, the 28 extensions in question — including Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock — made use of a sneaky trick to mask its true purpose: Leverage Cache-Control HTTP header as a covert channel to retrieve commands from an attacker-controlled server. All the backdoored browser add-ons have been taken down by Google and Microsoft as of December 18, 2020, to prevent more users from downloading them from the official stores. According to telemetry data gathered by the firm, the top three infected countries were Brazil, Ukraine, and France, followed by Argentina, Spain, Russia, and the U.S. The CacheFlow sequence began when unsuspecting users downloaded one of theThe Hacker News
February 3, 2021 – Solution
OBIE Launches Free Tool to Fight Open Banking Fraud Full Text
Abstract
New tool is freely available to all firms enrolled in the OBIE DirectoryInfosecurity Magazine
February 3, 2021 – Hacker
Hackers stole personnel records of software developer Wind River Full Text
Abstract
The global leader of embedded system software Wind River Systems discloses a data breach that resulted in the theft of customers' personal information. Wind River Systems, a global leader in delivering software for smart connected systems, discloses...Security Affairs
February 3, 2021 – Vulnerabilities
Three new SolarWinds vulnerabilities found and patched Full Text
Abstract
The discovery is the latest in what some predict will be a surge of both researchers and criminals looking at the company as a result of recent security events, which inevitably will lead to more vulnerabilities being found.SCMagazine
February 3, 2021 – Vulnerabilities
SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover Full Text
Abstract
The by-now infamous company has issued patches for three security vulnerabilities in total.Threatpost
February 03, 2021 – Vulnerabilities
Latest macOS Big Sur also has SUDO root privilege escalation flaw Full Text
Abstract
Recently discovered Linux SUDO privilege escalation vulnerability, CVE-2021-3156 (aka Baron Samedit) also impacts the latest Apple macOS Big Sur with no patch available yet.BleepingComputer
February 3, 2021 – Ransomware
Ransomware gangs made at least $350 million in 2020 Full Text
Abstract
According to numbers released in a previous report by Chainalysis, ransomware payments accounted for 7% of all funds received by "criminal" cryptocurrency addresses in 2020.ZDNet
February 03, 2021 – Vulnerabilities
3 New Severe Security Vulnerabilities Found In SolarWinds Software Full Text
Abstract
Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. Two of the flaws (CVE-2021-25274 and CVE-2021-25275) were identified in the SolarWinds Orion Platform, while a third separate weakness (CVE-2021-25276) was found in the company's Serv-U FTP server for Windows, said cybersecurity firm Trustwave in technical analysis. None of the three security issues have been exploited in the unprecedented supply chain attack targeting the Orion Platform that came to light last December. The two sets of vulnerabilities in Orion and Serv-U FTP were disclosed to SolarWinds on December 30, 2020, and January 4, 2021, respectively, following which the company resolved the issues on January 22 and January 25. It's highly recommended that users install the latest versions of Orion Platform and Serv-U FTP ( 15.2.2 HoThe Hacker News
February 3, 2021 – Breach
Data on Thousands of Foxtons Customers Posted Online Full Text
Abstract
Report claims trove was first discovered in October 2020Infosecurity Magazine
February 03, 2021 – Breach
Female escort review site data breach affects 470,000 members Full Text
Abstract
An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database.BleepingComputer
February 3, 2021 – Criminals
Cybercriminals Claim to Leak Police Exam Database Containing 500,000 Indian Citizens’ Personal Details Full Text
Abstract
While the threat actor does not mention the name of an organization, the data provided in the sample is potentially associated with a police exam conducted on December 22, 2019.Security Affairs
February 03, 2021 – General
Guide: How Security Consolidation Helps Small Cybersecurity Teams Full Text
Abstract
The dynamic nature of cybersecurity, the changes in the threat landscape, and the expansion of the attack surface lead organizations to add more security solutions—from different vendors—creating a layered security infrastructure that introduces new challenges to any team, with a much more significant impact on small ones. And yet, sophisticated attacks continue to bypass these advanced security layers while FOMO (fear of missing out) compels security teams to evaluate every new solution that comes out. A new guide, "How Security Consolidation Helps Small Security Teams" ( download here ), reviews the challenges of a layered, multi-vendor security approach for protecting your internal environment and reveals why the concept of consolidation of security solutions is becoming the go-to security approach of many CISOs with small teams. Having a single consolidated solution for protecting your internal environment can free up much of your small team's time and reduce yourThe Hacker News
February 3, 2021 – Government
US Payroll Agency Targeted in Separate SolarWinds Attack - Report Full Text
Abstract
Suspected Chinese attackers exploited since-patched Orion bugInfosecurity Magazine
February 3, 2021 – Government
The Transition to TIC 3.0: Ensuring Agency Readiness for Network Modernization Full Text
Abstract
The recent sophisticated attacks on multiple federal agencies by nation-state hackers demonstrate that new approaches are required to protect federal networks and IT infrastructures.Nextgov
February 03, 2021 – Malware
A New Linux Malware Targeting High-Performance Computing Clusters Full Text
Abstract
High-performance computing clusters belonging to university networks as well as servers associated with government agencies, endpoint security vendors, and internet service providers have been targeted by a newly discovered backdoor that gives attackers the ability to execute arbitrary commands on the systems remotely. Cybersecurity firm ESET named the malware " Kobalos " — a nod to a " mischievous creature " of the same name from Greek mythology — for its "tiny code size and many tricks." "Kobalos is a generic backdoor in the sense that it contains broad commands that don't reveal the intent of the attackers," researchers Marc-Etienne M. Léveillé and Ignacio Sanmillan said in a Tuesday analysis. "In short, Kobalos grants remote access to the file system, provides the ability to spawn terminal sessions, and allows proxying connections to other Kobalos-infected servers." Besides tracing the malware back to attacks against a nuThe Hacker News
February 3, 2021 – Breach
Over Three Million US Drivers Exposed in Data Breach Full Text
Abstract
Dealership service provider appears to have been targetedInfosecurity Magazine
February 3, 2021 – Policy and Law
Law Enforcement Takes Down ValidCC Dark Web Payment Card Marketplace Full Text
Abstract
ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week.Krebs on Security
February 3, 2021 – General
Infosecurity Industry’s White Hat Event Raises £66,000 for Childline Full Text
Abstract
The Infosecurity industry came together virtually on January 29 2021 to raise money for the NSPCC’s Childline Service.Infosecurity Magazine
February 3, 2021 – Hacker
Suspected Chinese Hackers Exploited SolarWinds Bug to Spy on U.S. National Finance Center Full Text
Abstract
Suspected Chinese hackers exploited a flaw in software made by SolarWinds Corp to help break into U.S. government computers last year, five people familiar with the matter told Reuters.Reuters
February 02, 2021 – Government
US payroll agency targeted by Chinese hackers: report Full Text
Abstract
A federal payroll agency was targeted by suspected Chinese hackers who exploited a flaw within SolarWinds software, Reuters reported on Tuesday, citing five people familiar with the matter.The Hill
February 2, 2021 – General
Cyber Defense Magazine – February 2021 has arrived. Enjoy it! Full Text
Abstract
Cyber Defense Magazine February 2021 Edition has arrived. We hope you enjoy this month's edition…packed with over 108 pages of excellent content. 108 PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind...Security Affairs
February 2, 2021 – Malware
High-performance computing malware targeting Linux, Solaris and possibly Microsoft Full Text
Abstract
The attacks have been spread out between the U.S., Europe, and Asia, and have included HPC clusters as well as university systems, a large internet service provider, personal systems, and marketing and hosting firms.SCMagazine
February 02, 2021 – General
Hillicon Valley: Bezos stepping down as Amazon CEO | Officials applaud confirmation of Mayorkas as DHS secretary | Uber to purchase alcohol delivery service Drizly Full Text
Abstract
BYE BYE BEZOS: Amazon said Tuesday that CEO Jeff BezosJeffrey (Jeff) Preston BezosShould deficits matter any more? SpaceX, Amazon spar over plans for satellites: report Marty Baron announces retirement from Washington Post MORE will be transitioning from the top spot into the role of executive chair of the company’s board in the third quarter of 2021.The Hill
February 2, 2021 – Government
State auditor’s office clashes with file transfer service provider after breach Full Text
Abstract
The Accellion product was near end of life at the time of the breach. Should customers have switched sooner?SCMagazine
February 02, 2021 – Government
Officials applaud confirmation of Mayorkas as DHS secretary over cybersecurity concerns Full Text
Abstract
Key cyber-focused members of Congress and other officials on Tuesday applauded the Senate confirmation of Alejandro Mayorkas as secretary of the Department of Homeland Security (DHS), citing the need for his leadership following the hack of IT group SolarWinds.The Hill
February 2, 2021 – General
Security spending will top 40% in most 2021 IT budgets Full Text
Abstract
Some 56% of IT leaders will allocate more than 40% of their IT budgets to cybersecurity in 2021. On top of that, 37% listed “improving cybersecurity protections” as their top IT investment priority for this year, according to a recent Syntax survey of 500 IT decision-makers. Survey respondents said the investment spike was due to…SCMagazine
February 02, 2021 – Attack
US federal payroll agency hacked using SolarWinds software flaw Full Text
Abstract
The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report.BleepingComputer
February 2, 2021 – APT
Lebanese Cedar APT group Attack ISP Companies Worldwide Full Text
Abstract
Recently, the Clearsky researchers have joined the Lebanese Cedar group in a cyber espionage campaign that has targeted several companies worldwide. According...Cyber Security News
February 2, 2021 – Malware
Destroying the Destroyer - Malware Edition Full Text
Abstract
Dubbed Operation LadyBird, Emotet's infrastructure was taken down by the joint collaboration between law enforcement agencies from the U.S., the U.K, Canada, along with Europol and Eurojust.Cyware Alerts - Hacker News
February 02, 2021 – Government
House Republicans urge Senate to block vote on Commerce secretary over Huawei Full Text
Abstract
A coalition of House Republicans on Tuesday urged their Senate colleagues to place a hold on Gina Raimondo, President Biden’s nominee for Commerce secretary, arguing that she has not clarified her stance on Chinese telecommunications giant Huawei.The Hill
February 02, 2021 – Malware
Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques Full Text
Abstract
Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan (RAT) to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware Scan Interface ( AMSI ) in an attempt to defeat endpoint protection software, it also employs a multi-stage installation process and makes use of Tor and Telegram messaging API to communicate with a command-and-control (C2) server. Cybersecurity firm Sophos , which observed two versions of Agent Tesla — version 2 and version 3 — currently in the wild, said the changes are yet another sign of Agent Tesla's constant evolution designed to make a sandbox and static analysis more difficult. "The differences we see between v2 and v3 of Agent Tesla appear to be focused on improving the success rate of the malware against sandbox defenses and malware scanners, and on providing moreThe Hacker News
February 2, 2021 – Policy and Law
Medical Researcher Jailed for Selling Secrets to China Full Text
Abstract
Ohio resident who conspired with husband to steal hospital’s secrets is imprisonedInfosecurity Magazine
February 2, 2021 – Breach
Police Exam Database Exposes 500K Indian Citizens ’ PII Full Text
Abstract
CloudSEK has discovered a post on a well-known database sharing forum advertising the PII of 500,000 Indian citizens. While the threat actor does not mention the name of an organization, the data provided in the sample is clearly associated with...Security Affairs
February 2, 2021 – Education
UK ‘open banking’ efforts provide case study in risks, rewards tied to digital transformation Full Text
Abstract
Much like digital transformation efforts in the U.S., open banking in the U.K. is designed to give customers and businesses ownership over their data. But regulators worry it could also be a treasure trove for fraudsters.SCMagazine
February 2, 2021 – Malware
TrickBot Continues Resurgence with Port-Scanning Module Full Text
Abstract
The infamous malware has incorporated the legitimate Masscan tool, which looks for open TCP/IP ports with lightning-fast results.Threatpost
February 02, 2021 – Ransomware
Babyk Ransomware won’t hit charities, unless they support LGBT, BLM Full Text
Abstract
The Babyk ransomware operation has launched a new data leak site used to publish victim's stolen data as part of a double extortion strategy. Included is a list of targets they wont attack with some exclusions that definitely stand out.BleepingComputer
February 2, 2021 – Malware
Android Gets Its New Malware for the Year Full Text
Abstract
Dubbed Oscorp, the malware abuses accessibility services in Android devices to steal user credentials and media content. The malware gets its name from the title of the login page of its C2 server.Cyware Alerts - Hacker News
February 02, 2021 – Disinformation
Former cyber chief pushes for renewed focus on combating disinformation Full Text
Abstract
Former Department of Homeland Security (DHS) cyber chief Suzanne Spaulding, a key official involved in the response to Russian interference efforts in 2016, is pushing hard for more to be done to combat disinformation and promote civics education as the nation reels from the fallout of the recent election.The Hill
February 02, 2021 – Breach
Data Breach Exposes 1.6 Million Jobless Claims Filed in the Washington State Full Text
Abstract
The Office of the Washington State Auditor (SAO) on Monday said it's investigating a security incident that resulted in the compromise of personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. The SAO blamed the breach on a software vulnerability in Accellion's File Transfer Appliance (FTA) service, which allows organizations to share sensitive documents with users outside their organization securely. "During the week of January 25, 2021, Accellion confirmed that an unauthorized person gained access to SAO files by exploiting a vulnerability in Accellion's file transfer service," the SAO said in a statement. The accessed information is said to have contained personal details of Washington state residents who filed unemployment insurance claims in 2020, as well as other data from local governments and state agencies. The exact information that may have been compromised include: Full name Social securiThe Hacker News
February 2, 2021 – General
Indiana Launches Cyber Blog Full Text
Abstract
Hoosier State introduces best practices blog on Cybersecurity Hub websiteInfosecurity Magazine
February 2, 2021 – Malware
Kobalos, a complex Linux malware targets high-performance computing clusters Full Text
Abstract
ESET experts uncovered a previously undocumented piece of malware that had been observed targeting high-performance computing clusters (HPC). ESET analyzed a new piece of malware, dubbed Kobalos, that was employed in attacks against high-performance...Security Affairs
February 2, 2021 – Covid-19
Identity Theft Spikes Due to COVID-19 Relief Full Text
Abstract
Cases reported to the FTC doubled last year as cybercriminals took advantage of increased filing for government relief benefits due to the pandemic.Threatpost
February 02, 2021 – Solution
Microsoft Defender now detects macOS system, app vulnerabilities Full Text
Abstract
Microsoft announced that Defender for Endpoint will now also help admins discover OS and software vulnerabilities affecting macOS devices on their organization's network.BleepingComputer
February 2, 2021 – Malware
New Sophisticated Multiplatform Malware ‘Kobalos’ Targets Linux Supercomputers Full Text
Abstract
Once the malware has landed on a supercomputer, the code buries itself in an OpenSSH server executable and will trigger the backdoor if a call is made through a specific TCP source port.ZDNet
February 02, 2021 – General
Sigma Rules to Live Your Best SOC Life Full Text
Abstract
Security Operations is a 24 x 7 job. It does not stop for weekends or holidays or even that much-needed coffee break after the first hour of the shift is complete. We all know this. Every SOC engineer is hoping for some rest at some point. One of my favorite jokes when talking about Security Operations is "3 SOC engineers walked into a bar…" That the joke. No SOC engineers have time to do that. They get it. They laugh. So why is this all true? Let us explore that a little bit. Demand for experienced SOC engineers far surpasses the available talent. Event volume levels boggle the imagination compared to even just a few years ago. Utilization of tools to their utmost capability has often not been a priority. In the Security Operations space, we have been using SIEM's for many years with varying degrees of deployments, customization, and effectiveness. For the most part, they have been a helpful tool for Security Operations. But they can be better. Like any tool, tThe Hacker News
February 2, 2021 – Attack
South Carolina County Still Reeling from January Cyber-Attack Full Text
Abstract
Georgetown County still working to repair network brought down by cyber-criminalsInfosecurity Magazine
February 2, 2021 – Ransomware
Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs Full Text
Abstract
Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992,...Security Affairs
February 02, 2021 – Malware
Trickbot malware now maps victims’ networks using Masscan Full Text
Abstract
The Trickbot malware has been upgraded with a network reconnaissance module designed to survey local networks after infecting a victim's computer.BleepingComputer
February 2, 2021 – Ransomware
Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks Full Text
Abstract
At least one major ransomware gang is abusing vulnerabilities in the VMWare ESXi product to take over virtual machines deployed in enterprise environments and encrypt their virtual hard drives.ZDNet
February 2, 2021 – General
CISOs: Vendor Relationships a Factor in Ongoing Remote Working Dangers Full Text
Abstract
Almost six in 10 CISOs find it difficult to action guidance given by security vendorsInfosecurity Magazine
February 2, 2021 – Attack
CISA: Many victims of SolarWinds hackers had no direct connection to SolarWinds Full Text
Abstract
The U.S. CISA reveals that many of the victims of the SolarWinds hackers had no direct connection to SolarWinds. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that many of the organizations targeted by SolarWinds hackers...Security Affairs
February 02, 2021 – Malware
Malicious script steals credit card info stolen by other hackers Full Text
Abstract
A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer.BleepingComputer
February 2, 2021 – Vulnerabilities
Kids’ Health Insurer’s Website Vulnerable for 7 Years Full Text
Abstract
The personal information of several thousand insurance applicants was inappropriately accessed, the organization says, but it has no evidence that anyone’s personal information was removed.Info Risk Today
February 2, 2021 – Phishing
Barclays: 2020 the Highest Year on Record for Scams Full Text
Abstract
Over half of Brits are too embarrassed to report falling victim to scamsInfosecurity Magazine
February 02, 2021 – Vulnerabilities
Apple pulls iCloud 12 for Windows 10 with Keychain sync feature Full Text
Abstract
Apple has pulled iCloud 12 for Windows 10 from the Microsoft Store for what is believed to be issues with their new Chrome iCloud Keychain password synchronization feature.BleepingComputer
February 2, 2021 – General
Social Media Oversharing Exposes 80% of Office Workers Full Text
Abstract
Tessian study urges employees to think before postingInfosecurity Magazine
February 02, 2021 – Malware
New Linux malware steals SSH credentials from supercomputers Full Text
Abstract
A new backdoor has been targeting supercomputers across the world, often stealing the credentials for secure network connections by using a trojanized version of the OpenSSH software.BleepingComputer
February 2, 2021 – Policy and Law
Man Charged in $11m Crypto Scheme that Featured Steven Seagal Full Text
Abstract
Actor drawn in to promote scam ICOInfosecurity Magazine
February 02, 2021 – Ransomware
Netgain ransomware incident impacts local governments Full Text
Abstract
The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, Minnesota, is informing clients of the Family Health Division program that the hackers may have accessed personal data.BleepingComputer
February 2, 2021 – Covid-19
FTC: #COVID19 Helped Double Identity Theft in 2020 Full Text
Abstract
Scams targeted stimulus checks for individuals and businessesInfosecurity Magazine
February 1, 2021 – Solution
SC Product Reviews: Identity & Access Management Full Text
Abstract
The identity and access management solutions reviewed here guard the proverbial gates of critical organization resources, checking the IDs of everyone that attempts to enter, ensuring identities match end-user claims and privileged access is sufficient for entry.SCMagazine
February 01, 2021 – Hacker
Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices Full Text
Abstract
SonicWall on Monday warned of active exploitation attempts against a zero-day vulnerability in its Secure Mobile Access (SMA) 100 series devices. The flaw, which affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v), came to light after the NCC Group on Sunday alerted it had detected "indiscriminate use of an exploit in the wild." Details of the exploit have not been disclosed to prevent the zero-day from being exploited further, but a patch is expected to be available by the end of day on February 2, 2021. "A few thousand devices are impacted," SonicWall said in a statement, adding, "SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability." On January 22, The Hacker News exclusively revealed that SonicWall had been breached as a consequence of a coordinated attack on its internal systems by exploiting "probable zero-day vulnerabilities" in its SMA 100 series remote aThe Hacker News
February 01, 2021 – Breach
Exposed Azure bucket leaked passports, IDs of volleyball reporters Full Text
Abstract
A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world.BleepingComputer
February 1, 2021 – Hacker
Data on 3.2 million DriveSure clients exposed on hacking forum Full Text
Abstract
Hackers published data on 3.2 million users lifted from DriveSure data on the Raidforums hacking forum late last month. To prove the data’s quality, threat actor “pompompurin” detailed the leaked files and user information information in a lengthy post, according to researchers at Risk Based Security, who were the first to report the breach. The…SCMagazine
February 01, 2021 – General
Hillicon Valley: Robinhood raises $2.4 billion over weekend after GameStop fury | New State Dept. cyber bureau stirs concern | Intel agency warns of threats from China collecting sensitive US health data Full Text
Abstract
ROBINHOOD REBOUND: The day trading app pulled in $2.4 billion from investors over the weekend, its chief financial officer said in a blog post Monday.The Hill
February 1, 2021 – General
Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs Full Text
Abstract
Despite increased perceptions about the value of cyber threat intelligence, many businesses and industries still struggle to define what it actually means to them: which capabilities to incorporate, and how to do the ground level planning necessary to support the telemetry and technological tools they put in place.SCMagazine
February 01, 2021 – Government
Intel agency warns of threats from China collecting sensitive US health data Full Text
Abstract
The National Counterintelligence and Security Center (NCSC) on Monday warned that efforts by the Chinese government to obtain U.S. health data, particularly DNA, through hacking and other means had been stepped up during the COVID-19 pandemic.The Hill
February 1, 2021 – General
The cloud divide: Risks and rewards for companies that moved pre-pandemic Full Text
Abstract
Cloud enabled a lot of organizations to shift fast, accommodating the new business requirements that emerged with the pandemic. But where did security fit into the equation? SC Media spoke to Vikram Kunchala of Deloitte to find out.SCMagazine
February 1, 2021 – Malware
Experts discovered a new Trickbot module used for lateral movement Full Text
Abstract
Experts spotted a new Trickbot module that is used to scan local networks and make lateral movement inside the target organization. Cybersecurity researchers discovered a new module of the Trickbot malware, dubbed 'masrv', that is used to scan a local...Security Affairs
February 1, 2021 – Malware
Experts discovered a new Trickbot module used for lateral movement Full Text
Abstract
Experts spotted a new Trickbot module that is used to scan local networks and make lateral movement inside the target organization. Cybersecurity researchers discovered a new module of the Trickbot malware, dubbed 'masrv', that is used to scan a local...Security Affairs
February 1, 2021 – Breach
Wind River Security Incident Affects SSNs, Passport Numbers Full Text
Abstract
Wind River Systems is warning of a ‘security incident’ after one or more files was downloaded from its network.Threatpost
February 01, 2021 – Breach
Data breach exposes 1.6 million Washington unemployment claims Full Text
Abstract
Washington's State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims.BleepingComputer
February 1, 2021 – APT
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers Full Text
Abstract
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign.Threatpost
February 1, 2021 – Government
SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat Full Text
Abstract
Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks.Threatpost
February 1, 2021 – General
Bases for Trust in a Supply Chain Full Text
Abstract
As nations become increasingly interested in defending against supply chain attacks, it is necessary to establish trust in digital systems. Here, we evaluate the strengths and limitations of various trust-building proposals.Lawfare
February 01, 2021 – General
US govt: Number of identity theft reports doubled last year Full Text
Abstract
The U.S. Federal Trade Commission (FTC) said today that the number of identity theft reports has doubled during 2020 when compared to 2019, reaching a record 1.4 million reports within a single year.BleepingComputer
February 01, 2021 – Phishing
Phishing campaign lures US businesses with fake PPP loans Full Text
Abstract
Threat actors are sending phishing emails impersonating a Small Business Administration (SBA) lender to prey on US business owners who want to apply for a PPP loan to keep their business going during the COVID-19 crisis.BleepingComputer
February 1, 2021 – Policy and Law
Greek Police to Introduce Live Facial Recognition Full Text
Abstract
Live facial recognition and fingerprint ID tech to be issued to Greek police this summerInfosecurity Magazine
February 1, 2021 – Vulnerabilities
The Next Cyberattack Is Already Under Way Full Text
Abstract
A flaw can be harmless, but zero-days represent vulnerabilities that can be turned into weapons. And governments have been buying them and storing them in vaults, like vials of the bubonic plague.New Yorker
February 1, 2021 – Attack
Operation NightScout: supply chain attack on NoxPlayer Android emulator Full Text
Abstract
Experts uncovered a new supply chain attack leveraging the update process of NoxPlayer, a free Android emulator for PCs and Macs. A new supply chain attack made the headlines, a threat actor has compromised the update process of NoxPlayer, a free...Security Affairs
February 1, 2021 – Ransomware
So, What’s So Special About the Newest Ransomware? Full Text
Abstract
The Babuk Locker ransomware group mainly focuses on enterprise networks instead of individuals, and their ransom demands range from $60,000 to $85,000.Cyware Alerts - Hacker News
February 1, 2021 – Business
Rapid7 acquires Kubernetes security startup Alcide for $50M Full Text
Abstract
Boston-based security operations company Rapid7 has been making moves into the cloud recently, and this morning it announced that it has acquired Kubernetes security startup Alcide for $50 million.TechCrunch
February 1, 2021 – Malware
DanaBot Back to the Grind Full Text
Abstract
Instead of demanding an immediate ransom from victims, Danabot is focused on gaining persistence and stealing data that can be monetized later.Cyware Alerts - Hacker News
February 1, 2021 – Government
CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) says many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds.Security Week
February 1, 2021 – Policy and Law
Michigan Computer Science Professor Charged with Sex Crime Full Text
Abstract
University of Michigan professor placed on leave after being charged with sexual abuse of minorInfosecurity Magazine
February 01, 2021 – Vulnerabilities
SonicWall SMA 100 zero-day exploit actively used in the wild Full Text
Abstract
A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity firm NCC Group.BleepingComputer
February 1, 2021 – Business
Akamai Buys IoT Security Vendor Inverse To Better Spot Devices Full Text
Abstract
Akamai has purchased Inverse to better identify IoT and mobile devices such as internet-enabled HVAC, lighting systems, medical equipment, robotics and printers in enterprise environments.CRN
February 1, 2021 – Solution
SC Product Reviews: Identity & Access Management Full Text
Abstract
Editor’s Note: This set of reviews originally appeared in June 2020. To find out more about SC Labs, contact Adrian Sanabria at [email protected] This month, SC Labs assessed several identity and access management solutions. This review comes at a relevant time with the recent events surrounding COVID-19 and the global shift to working from home. The…SCMagazine
February 1, 2021 – General
China Steals Personal Data of 80% of US Adults Full Text
Abstract
CBS report warns PRC government may have stolen personal info of 80% of adult AmericansInfosecurity Magazine
February 1, 2021 – Business
Rapid7 Expands Cloud Security Portfolio with Acquisition of Alcide Full Text
Abstract
Rapid7 announces second acquisition in a yearInfosecurity Magazine
February 1, 2021 – Vulnerabilities
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code Full Text
Abstract
The flaw in the free-source library could have been ported to multiple applications.Threatpost
February 1, 2021 – Malware
Alleged Gaming Software Supply-Chain Attack Installs Spyware Full Text
Abstract
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices.Threatpost
February 1, 2021 – Ransomware
Ransomware: These Cartels Will Leak Your Data Until You Pay Full Text
Abstract
The ransomware industry has certainly come a long way, from the early days of the AIDS Trojan to the modern, very business-like Ransomware-as-a-Service model preying on businesses of all sizes.Cyber News
February 1, 2021 – General
Space Cybersecurity: How Lessons Learned on Earth Apply in Orbit Full Text
Abstract
Some of the reasons why we should be serious about space cybersecurity are obvious, such as keeping ground-based systems running and addressing national defense concerns.Security Intelligence
February 1, 2021 – Solution
SC Product Reviews: Identity & Access Management Full Text
Abstract
Editor’s Note: This set of reviews originally appeared in June 2020. To find out more about SC Labs, contact Adrian Sanabria at [email protected] This month, SC Labs assessed several identity and access management solutions. This review comes at a relevant time with the recent events surrounding COVID-19 and the global shift to working from home. The…SCMagazine
February 01, 2021 – Breach
European volleyball org’s Azure bucket exposed reporter passports Full Text
Abstract
A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world.BleepingComputer
February 01, 2021 – Phishing
Scammers posing as FBI agents threaten targets with jail time Full Text
Abstract
The U.S. Federal Bureau of Investigation (FBI) is warning scammers actively posing as FBI representatives and threatening targets with fines and jail time unless they don't hand out personal and/or financial information.BleepingComputer
February 1, 2021 – Ransomware
Average Ransom Payment Declines to $154,108 Full Text
Abstract
While ransomware attacks continue to pummel organizations, fewer victims have been paying a ransom, and when they do, on average they're paying less than before according to an assessment by Coveware.Gov Info Security
February 1, 2021 – IOT
IoT Firmware Security: Zero-Day Exploitation & Prevention Full Text
Abstract
Typically, manufacturers install a software package on the device itself which allows the entire security suite to stem from metrics and instrumentation techniques that run on the device.Check Point Research
February 1, 2021 – Business
OwnBackup raises $167.5M to support investments in global expansion and extend platform Full Text
Abstract
OwnBackup announced a Series D investment of $167.5 million co-led by Insight Partners, Salesforce Ventures, and Sapphire Ventures, with participation from existing investors.Help Net Security
February 1, 2021 – Vulnerabilities
Patient Monitor Plagued by Security Vulnerabilities Full Text
Abstract
The VC150’s administrative web interface is vulnerable to a stored Cross-Site Scripting vulnerability (CVE-2020-27262). Further, the device can be shut down via keystroke injection.Insinuator
February 1, 2021 – Attack
British Mensa Website Hack Results in Theft of Members’ Personal Data Full Text
Abstract
British Mensa, the society for people with high IQs, failed to properly secure the passwords on its website, prompting a hack on its website that has resulted in the theft of members’ personal data.Forbes
February 1, 2021 – Vulnerabilities
Experts warn of active exploitation of SonicWall zero-day in the wild Full Text
Abstract
Researchers from the security firm NCC Group warn of the exploitation in the wild of a SonicWall zero-day vulnerability. Security experts from the firm NCC Group have detected "indiscriminate" exploitation of a SonicWall zero-day in attacks in the wild,...Security Affairs
February 01, 2021 – Malware
Android emulator supply-chain attack targets gamers with malware Full Text
Abstract
ESET researchers have discovered that the updating mechanism of NoxPlayer, an Android emulator for Windows and macOS, made by Hong Kong-based company BigNox, was compromised by an unknown threat actor and used to infect gamers with malware.BleepingComputer
February 1, 2021 – Ransomware
FonixCrypter Ransomware Gang Shuts Operations, Releases Master Decryption Key Full Text
Abstract
The cybercrime group behind the FonixCrypter ransomware has announced today on Twitter that they've deleted the ransomware's source code and plan to shut down their operation.ZDNet
February 01, 2021 – Malware
A New Software Supply‑Chain Attack Targeted Millions With Spyware Full Text
Abstract
Cybersecurity researchers today disclosed a new supply chain attack compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs. Dubbed " Operation NightScout " by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong, and Sri Lanka. NoxPlayer, developed by Hong Kong-based BigNox, is an Android emulator that allows users to play mobile games on PC, with support for keyboard, gamepad, script recording, and multiple instances. It is estimated to have over 150 million users in more than 150 countries. First signs of the ongoing attack are said to have originated around September 2020, from when the compromise continued until "explicitly malicious activity" was uncovered this week, prompting ESET to report the incident to BigNox. "Based on the compromised software in question anThe Hacker News
February 1, 2021 – Solution
Facial Recognition Ethical Framework Launched by BSIA Full Text
Abstract
Guide encompasses useful terms, abbreviations and ethical issuesInfosecurity Magazine
February 1, 2021 – Vulnerabilities
Google discloses a severe flaw in widely used Libgcrypt encryption library Full Text
Abstract
Google discovered a flaw in GNU Privacy Guard (GnuPG)'s Libgcrypt encryption library that could be exploited to get remote code execution. The popular white hat hacker Tavis Ormandy of Google Project Zero discovered a severe heap buffer overflow flaw...Security Affairs
February 1, 2021 – Attack
Chopper ASPX web shell used in targeted attack Full Text
Abstract
Web shells can be embedded on servers and can be used by attackers to launch arbitrary code. In as little as 15 bytes, web shells can enable remote administration of an infected machine or system.Trend Micro
February 01, 2021 – Education
LIVE Webinar: Major Lessons to be Learned from Top Cyber Attacks in 2020 Full Text
Abstract
We likely all agree that 2020 was a year we won't soon forget - for many reasons. One area particularly impacted last year was (and continues to be) cybersecurity. While Internet access allowed many businesses to continue functioning during the COVID-19 stay at home requirements, the unprecedented number of people accessing company assets remotely introduced many new challenges for cybersecurity professionals. With a history of leveraging societal maladies to their advantage, cyber criminals leverage the confusion and unpreparedness created by the global pandemic in their cyber attacks. In just the last two months of 2020, several high-profile organizations and government entities were successfully attacked using clever approaches that were overlooked by cybersecurity experts. Making sense of how attacks have changed and what new defensive strategies should be taken is no easy task. Cybersecurity company Cynet will help by reviewing the 2020 high profile attacks in depth andThe Hacker News
February 1, 2021 – Vulnerabilities
Researchers Spot SonicWall Exploit in the Wild Full Text
Abstract
NCC Group urges customers to check logsInfosecurity Magazine
February 1, 2021 – Vulnerabilities
SonicWall zero-day exploited in the wild Full Text
Abstract
Researchers believe they identified the same zero-day vulnerability that a mysterious threat actor used to gain access to SonicWall's internal network in a security breach disclosed on January 23.ZDNet
February 01, 2021 – Malware
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers Full Text
Abstract
A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke , the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up. "Pro-Ocean uses known vulnerabilities to target cloud applications," the researchers detailed. "In our analysis, we found Pro-Ocean targeting Apache ActiveMQ ( CVE-2016-3088 ), Oracle WebLogic ( CVE-2017-10271 ) and Redis (unsecure instances)." "Once installed, the malware kills any process that uses the CPU heavily, so that it's able to use 100% of the CPU and mine Monero efficiently." First documentedThe Hacker News
February 1, 2021 – Malware
Trickbot Trojan Back from the Dead in New Campaign Full Text
Abstract
Infamous Trojan is spreading again, says Menlo SecurityInfosecurity Magazine
February 1, 2021 – General
40% of boards will have dedicated cybersecurity committees by 2025: Gartner Full Text
Abstract
According to the analyst firm, 40% of boards of directors will feature such a committee, overseen by a qualified board member, by 2025. This is up from less than 10% today.Security Brief
February 1, 2021 – General
Board members aren’t taking cybersecurity as seriously as they should Full Text
Abstract
A Trend Micro study revealed systemic challenges with security integration into business processes, with only 23% of firms prioritizing the alignment of security with key business initiatives.Help Net Security
February 1, 2021 – Ransomware
Global Government Outsourcer Serco Hit by Ransomware Full Text
Abstract
Report suggests firm was targeted by Babuk strainInfosecurity Magazine
February 1, 2021 – General
To combat cyber warfare the security industry needs to work together Full Text
Abstract
Cyber-battles have come to every home and office, industrial control systems, public transportation, personal vehicles, and every piece of a nation’s physical and digital infrastructure.Help Net Security
February 1, 2021 – Vulnerabilities
Exploiting a bug in Azure Functions to escape Docker Full Text
Abstract
Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them. Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure...Security Affairs