January, 2021
January 31, 2021
Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects Full Text
Abstract
A "severe" vulnerability in GNU Privacy Guard (GnuPG)'s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs in hardware and software systems. No other versions of Libgcrypt are affected by the vulnerability. "There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code," Ormandy said . "Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs." GnuPG addressed the weakness almost immediately within a day after disclosure, while urging users to stop using the vulnerable version. The latest version can be dowThe Hacker News
January 31, 2021 – Outage
SpamCop anti-spam service suffers an outage after its domain expired Full Text
Abstract
Cisco's SpamCop anti-spam service suffered an outage Sunday after a its domain mistakenly was allowed to expire.BleepingComputer
January 31, 2021 – Hacker
ZINC: Another Actor Targeting Security Researchers Full Text
Abstract
After the Google TAG report about attacks on security researchers, Microsoft has disclosed a similar attempt by another North Korean actor to steal vulnerabilities from the experts.Cyware Alerts - Hacker News
January 31, 2021 – General
Experts explain how to bypass recent improvement of China’s Great Firewall Full Text
Abstract
Experts from Great Firewall Report analyzed recent upgrades to China's Great Firewall and revealed that it can be circumvented. Members of the Great Firewall Report group have analyzed the recent improvement implemented for China's Great Firewall...Security Affairs
January 31, 2021 – Malware
Pro-Ocean Malware Has New Wings Full Text
Abstract
Palo Alto is alerting organizations about new updates in Rocke Group’s new version of malware that was used throughout 2018 and 2019 to illegally mine Monero from infected Linux machines.Cyware Alerts - Hacker News
January 31, 2021 – Attack
USCellular Hacked – Hackers Gained access to its CRM Software Full Text
Abstract
USCellular is one of the mobile network operators that protect its customer's privacy and strictly follows all its protection policies. But, recently,...Cyber Security News
January 31, 2021 – Government
New State Department cyber bureau stirs opposition Full Text
Abstract
A newly established State Department bureau focused on cybersecurity and emerging technologies could give the Biden administration a launch pad for strengthening ties with allies after a massive Russian hack on the federal government.The Hill
January 31, 2021 – General
Security Affairs newsletter Round 299 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Chipmaker Intel...Security Affairs
January 31, 2021 – Hacker
New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs Full Text
Abstract
The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable...Security Affairs
January 30, 2021 – Attack
UScellular data breach: attackers ported customer phone numbers Full Text
Abstract
US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported. US wireless carrier UScellular discloses a data breach that exposed personal information of its customers. United...Security Affairs
January 30, 2021 – Ransomware
UK Research and Innovation (UKRI) discloses ransomware attack Full Text
Abstract
A ransomware infected the systems at the UK Research and Innovation (UKRI), at leat two services were impacted. The UK Research and Innovation (UKRI) discloses a ransomware incident that impacted a number of UKRI-related web assets. Two services...Security Affairs
January 30, 2021 – Malware
Is TrickBot Indestructible? Full Text
Abstract
After a takedown attempt in 2020 by the global law enforcement, that somehow wasn't that successful, a new TrickBot version has arrived.Cyware Alerts - Hacker News
January 30, 2021 – Hacker
North Korean Hackers Building Fake Persona on Social Networks Full Text
Abstract
North Korea-backed threat actors are impersonating security experts to launch attacks on the security community possibly to obtain details of undisclosed vulnerabilities that can be exploited later.Cyware Alerts - Hacker News
January 30, 2021 – Phishing
Beware: Malicious Home Depot ad gets top spot in Google Search Full Text
Abstract
A malicious Home Depot advertising campaign is redirect Google search visitors to tech support scams.BleepingComputer
January 30, 2021 – Ransomware
UK Research and Innovation (UKRI) suffers ransomware attack Full Text
Abstract
The UK Research and Innovation (UKRI) is dealing with a ransomware incident that encrypted data and impacted two of its services that offer information to subscribers and the platform for peer review of various parts of the agency.BleepingComputer
January 30, 2021 – Ransomware
Victims of FonixCrypter ransomware could decrypt their files for free Full Text
Abstract
FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware's source code. Good news for the victims of the FonixCrypter ransomware, the operators behind the threat shut down their...Security Affairs
January 30, 2021 – Vulnerabilities
Linux SUDO Flaw Lets Local Users Gain Root Privileges Full Text
Abstract
SUDO is a Unix application that enables the system administrators to yield limited root rights to regular users who admitted in the...Cyber Security News
January 29, 2021 – Ransomware
Fonix ransomware shuts down and releases master decryption key Full Text
Abstract
The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free.BleepingComputer
January 29, 2021 – General
Hillicon Valley: Fallout from Reddit-driven stock rallies, GameStop purchase ban continues | Lawmakers grill NSA on years-old breach in the wake of massive Russian hack | Facebook reportedly considering antitrust lawsuit against Apple Full Text
Abstract
The Hill
January 29, 2021 – APT
Lebanese APT group with suspected links to Hezbollah breached 250 servers worldwide Full Text
Abstract
Some 250 servers were apparently breached by the Lebanese Cedar APT group, an organization with suspected links to the Hezbollah Cyber Unit in Lebanon. The target victims include companies from many countries, including the United States, United Kingdom, Saudi Arabia, Egypt, Jordan, Lebanon, Israel and the Palestinian Authority. Many more companies and organizations have been…SCMagazine
January 29, 2021 – Malware
Here’s how law enforcement’s Emotet malware module works Full Text
Abstract
New research released today provides greater insight into the Emotet module created by law enforcement that will uninstall the malware from infected devices in April.BleepingComputer
January 29, 2021 – IOT
Firms with exposed IoT have a higher concentration of other security problems Full Text
Abstract
Exposed enterprise IoT devices can be an indicator of security issues to come, with firms sporting exposed devices having a 62% higher density of other security problems, new research shows. For example, companies with exposed IoT are more than 50% more likely to have email security issues, according to a new report and blog post…SCMagazine
January 29, 2021 – Attack
As SolarWinds spooks tech firms into rechecking code, some won’t like what they find Full Text
Abstract
If more attacks are uncovered, end-user organizations must apply lessons learned from SolarWinds and take decisive action.SCMagazine
January 29, 2021 – Ransomware
The Week in Ransomware - January 29th 2021 - Striking back Full Text
Abstract
It has been a hectic week, with law enforcement conducting two successful law enforcement operations that will significantly impact ransomware.BleepingComputer
January 29, 2021 – Phishing
Trickbot is back again - with fresh phishing and malware attacks Full Text
Abstract
Initially starting life as a banking trojan, Trickbot evolved to become a highly popular form of malware among cybercriminals, particularly because its modular nature allowed for it to be used in many different kinds of attacks.ZDNet
January 29, 2021 – Government
Lawmakers grill NSA on years-old breach in the wake of massive Russian hack Full Text
Abstract
A group of House and Senate Democrats led by Sens. Ron Wyden (D-Ore.) and Cory BookerCory BookerNew sitcom follows 'The Rock' as he runs for president in 2032 What the shift in Senate control means for marijuana policy reform Democrats seek answers on impact of Russian cyberattack on Justice Department, Courts MORE (D-N.J.) this week grilled the National Security Agency (NSA) on a years-old breach of a company that potentially compromised the federal government in a similar way to the recently uncovered breach of IT group SolarWinds.The Hill
January 29, 2021 – Solution
Google uncovers new iOS security feature Apple quietly added after zero-day attacks Full Text
Abstract
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed " BlastDoor ," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security researchers at Google tasked with studying zero-day vulnerabilities in hardware and software systems. "One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed 'BlastDoor' service which is now responsible for almost all parsing of untrusted data in iMessages," Groß said . "Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base." The development is a consequence of a zero-click exploit that leveraged an Apple iMeThe Hacker News
January 29, 2021 – Policy and Law
Cyber-Cop Charged with Forgery and Bigamy Full Text
Abstract
Nevada Cop who headed cybercrimes unit is arrested on seven felony countsInfosecurity Magazine
January 29, 2021 – Attack
Domain for programming website Perl.com hijacked Full Text
Abstract
Threat actors took over the domain name perl.com and pointed it to an IP address associated with malware campaigns. Attackers have taken over the official domain name of The Perl Foundation perl.com and pointed it to an IP address associated with...Security Affairs
January 29, 2021 – Vulnerabilities
Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers Full Text
Abstract
Two vulnerabilities discovered could lead to remote code execution, while another could lead to denial of service attacks.SCMagazine
January 29, 2021 – Vulnerabilities
WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites Full Text
Abstract
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.Threatpost
January 29, 2021 – Malware
Here’e how law enforcement’s Emotet malware module works Full Text
Abstract
New research released today provides greater insight into the Emotet module created by law enforcement that will uninstall the malware from infected devices in April.BleepingComputer
January 29, 2021 – Malware
Emotet - Soon to be Dead and Buried Full Text
Abstract
Emotet, one of the most active and dangerous botnets, has been taken down by international authorities, in an operation coordinated by Europol and Eurojust.Cyware Alerts - Hacker News
January 29, 2021 – General
New CISOs Survey Reveals How Small Cybersecurity Teams Can Confront 2021 Full Text
Abstract
The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same (relative) damages and consequences when breaches occur as the largest enterprises but are forced to protect their organizations with a fraction of the resources as the largest enterprises. Cybersecurity company Cynet just released findings from a survey of 200 CISOs in charge of small security teams ( Download here ) to shine "a spotlight into the challenges of small security teams everywhere." In addition to better understanding the challenges these CISOs face, the 2021 Survey of CISOs with Small Security Teams delves into the strategies CISOs will employ to ensure their organizations are protected from the ongoing onslaught of cyber threats - all while saddled with limited budgets and headcount. The survey findings will also be presented in a live webinar, registerThe Hacker News
January 29, 2021 – Ransomware
Miss England Held to Ransom by Cyber-attackers Full Text
Abstract
Criminals demand money to unlock hacked social media account of beauty pageantInfosecurity Magazine
January 29, 2021 – Vulnerabilities
Experts addressed flaws in Popup Builder WordPress plugin Full Text
Abstract
Multiple issues in WordPress 'Popup Builder' Plugin could be exploited by hackers to perform various malicious actions on affected websites. Developers behind the "Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter" WordPress...Security Affairs
January 29, 2021 – Attack
Does SolarWinds change the rules in offensive cyber? Experts say no, but offer alternatives Full Text
Abstract
While tempting, most experts agree that hack-back strategies are a bad idea for companies. But there are tactics that can help deter nation-state actors and limit their ability to penetrate networks.SCMagazine
January 29, 2021 – Vulnerabilities
Microsoft 365 Becomes Haven for BEC Innovation Full Text
Abstract
Two new phishing tactics use the platform’s automated responses to evade email filters.Threatpost
January 29, 2021 – Ransomware
Vovalex is likely the first ransomware written in D Full Text
Abstract
A new ransomware called Vovalex is being distributed through fake pirated software that impersonates popular Windows utilities, such as CCleaner.BleepingComputer
January 29, 2021 – General
Increasing Cyberattacks on Manufacturing Sector Full Text
Abstract
Manufacturing regularly appears as one of the industries most under threat on the global stage. Recently, several firms including a well-known crane and lifting manufacturer were compromised in targeted attacks.Cyware Alerts - Hacker News
January 29, 2021 – Hacker
Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide Full Text
Abstract
A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information. In a new report published by the ClearSky research team on Thursday, the Israeli cybersecurity firm said it identified at least 250 public-facing web servers since early 2020 that have been hacked by the threat actor to gather intelligence and steal the company's databases. The orchestrated intrusions hit a slew of companies located in the U.S., the U.K., Egypt, Jordan, Lebanon, Saudi Arabia, Israel, and the Palestinian Authority, with a majority of the victims representing telecom operators (Etisalat, Mobily, Vodafone Egypt), internet service providers (SaudiNet, TE Data), and hosting and infrastructure service providers (Secured Servers LLC, iomart). First documented in 2015, Volatile Cedar (or Lebanese Cedar) has been known to penetrate a large numberThe Hacker News
January 29, 2021 – Business
Texas Tech Company Scoops Fourth Equality Title Full Text
Abstract
Rackspace Technology named best place to work for LGBTQ equality four years runningInfosecurity Magazine
January 29, 2021 – APT
Microsoft: North Korea-linked Zinc APT targets security experts Full Text
Abstract
Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. Researchers from Microsoft monitored a cyber espionage campaign aimed at vulnerability researchers...Security Affairs
January 29, 2021 – Malware
New Pro-Ocean malware worms through Apache, Oracle, Redis servers Full Text
Abstract
The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis.BleepingComputer
January 29, 2021 – Attack
Attacks on Individuals Fall as Cybercrime Shifts Tactics Full Text
Abstract
Cybercriminals shifted away from stealing individual consumers’ information in 2020 to focus on bigger, more profitable attacks on businesses, as per a report from the Identity Theft Resource Center.Security Week
January 29, 2021 – Attack
A Fifth of Sunburst Backdoor Victims from Manufacturing Industry Full Text
Abstract
18% of all victims of the Sunburst backdoor are manufacturing organizationsInfosecurity Magazine
January 29, 2021 – Attack
Perl.com domain stolen, now using IP address tied to malware Full Text
Abstract
The domain name perl.com was stolen this week and is now points to an IP address associated with malware campaigns.BleepingComputer
January 29, 2021 – Vulnerabilities
Vulnerabilities in open source streaming platforms YouPHPTube and AVideo could lead to RCE Full Text
Abstract
Researchers from Synacktiv discovered multiple vulnerabilities in the source code shared by the projects that were due to a lack of user input sanitization, a technical write-up reads.The Daily Swig
January 29, 2021 – Privacy
#DataPrivacyDay: Organizations Must Increase Focus on Data Privacy in 2021 Full Text
Abstract
Consumers are becoming more aware of how their data is being usedInfosecurity Magazine
January 29, 2021 – Attack
Perl-clutching hijackers appear to have seized control of 33-year-old programming language’s .com domain Full Text
Abstract
The domain hijacking incident appears to have followed the age-old path of an attacker pouncing on a compromised account and swiping the domain rather than a simple expiration.The Register
January 29, 2021 – Policy and Law
66% of Workers Risk Breaching GDPR by Printing Work-Related Docs at Home Full Text
Abstract
20% of home workers admit to printing confidential employee info including payroll, addresses and medical informationInfosecurity Magazine
January 29, 2021 – Vulnerabilities
“Serious” vulnerability found in Libgcrypt, GnuPG’s cryptographic library Full Text
Abstract
Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard (GnuPG) free encryption software, has a “severe” security vulnerability, warned Werner Koch.Help Net Security
January 29, 2021 – Education
Apprenticeships Could Solve Cyber-Skills Crisis, Say Experts Full Text
Abstract
Infosecurity Europe poll offers backing for on-the-job trainingInfosecurity Magazine
January 29, 2021 – Breach
Delivery Biz Exposes 400 Million Records in Privacy Snafu Full Text
Abstract
Bykea leaked customer, employee and driver docs after misconfigurationInfosecurity Magazine
January 29, 2021 – Breach
US Breach Volumes Fell 19% in 2020 as Ransomware Surges Full Text
Abstract
ITRC reveals threat actors are moving away from mass data theftInfosecurity Magazine
January 29, 2021 – Vulnerabilities
Windows Installer zero-day vulnerability gets free micropatch Full Text
Abstract
A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system.BleepingComputer
January 29, 2021 – Malware
Pro-Ocean: Rocke Group’s New Cryptojacking Malware Full Text
Abstract
Pro-Ocean uses known vulnerabilities to target cloud applications. Additionally, it attempts to remove other malware and miners including Luoxk, BillGates, XMRig, and Hashfish before installation.Palo Alto Networks
January 29, 2021 – Criminals
Cryptocurrency crime drops in 2020 but ‘DeFi’ breaches rise Full Text
Abstract
Losses from cryptocurrency theft, hacks, and fraud fell 57% last year to $1.9 billion, but crime in the ‘decentralized finance’ space continued to grow, a report from CipherTrace showed.Cyber News
January 29, 2021 – Malware
New Malware Campaign Targeting Security Researchers Who is Working in Vulnerability Research Full Text
Abstract
The Threat Analysis Group has recently detected an ongoing campaign targeting the security researchers who are working on vulnerability analysis and development...Cyber Security News
January 29, 2021 – Malware
Oscorp, a new Android malware targets Italian users Full Text
Abstract
Researchers at the Italian CERT warns of new Android malware dubbed Oscorp that abuses accessibility services for malicious purposes. Researchers from security firm AddressIntel spotted a new Android malware dubbed Oscorp, its name comes from the title...Security Affairs
January 28, 2021 – Breach
USCellular hit by a data breach after hackers access CRM software Full Text
Abstract
Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers' accounts.BleepingComputer
January 28, 2021 – General
Hillicon Valley: Robinhood restricts trading of companies targeted by Reddit users | Facebook reverses some decisions on removed posts | Lawmakers introduce bill to massively increase mail-in voting Full Text
Abstract
REDDIT USERS WREAK WALL STREET HAVOC: Amatuer online traders fueled by online discussions on Reddit sent shares of Gamestop skyrocketing on Wednesday, setting off a series of critical reactions from Washington and a legal challenge for a popular stock trading app.The Hill
January 28, 2021 – Malware
Cryptojacking malware targeting cloud apps gets new upgrades, worming capability Full Text
Abstract
A piece of cryptojacking malware with a penchant for targeting the cloud has gotten some updates that makes it easier to spread and harder for organizations to detect when their cloud applications have been commandeered.SCMagazine
January 28, 2021 – Vulnerabilities
Azure Functions vulnerability proves cloud users not always in control Full Text
Abstract
A newly discovered Azure Functions vulnerability lets an attacker escalate privileges and escape the Azure Functions Docker to the Docker host. After an internal assessment, Microsoft determined that the vulnerability has no security impact on Azure Functions users because the Docker host itself gets protected by a Microsoft Hyper-V boundary, according to researchers from Intezer…SCMagazine
January 28, 2021 – APT
Lebanese Cedar APT group broke into telco and ISPs worldwide Full Text
Abstract
Clearsky researchers linked the Lebanese Cedar APT group to a cyber espionage campaign that targeted companies around the world. Clearsky researchers linked the Lebanese Cedar group (aka Volatile Cedar) to a cyber espionage campaign that targeted...Security Affairs
January 28, 2021 – Government
Democrats introduce measure to boost privacy, security of health data during pandemic Full Text
Abstract
A group of Democratic lawmakers in the House and Senate on Thursday introduced legislation intended to increase the privacy and security of personal health data collected in connection to the COVID-19 pandemic.The Hill
January 28, 2021 – Business
Microsoft: 8 trillion daily signals power our cybersecurity services Full Text
Abstract
Microsoft's security services grew by $10 billion in 2020, as more companies began utilizing their cloud-based security services.BleepingComputer
January 28, 2021 – Policy and Law
Social Media Influencer Charged with Election Interference Full Text
Abstract
US charges influencer over online disinformation campaign that tricked Twitter users into thinking they had votedInfosecurity Magazine
January 28, 2021 – Policy and Law
International Law Enforcement Takedown of NetWalker and Emotet Full Text
Abstract
Law enforcement’s battle against cybercrime is off to a fast start in 2021, with two major developments occurring earlier this week. Both are a result of separate collaborative efforts between U.S. law enforcement agencies and various European authorities.Lawfare
January 28, 2021 – Policy and Law
Lawmakers introduce legislation to massively expand mail-in voting Full Text
Abstract
Sen. Ron Wyden (D-Ore.) and Rep. Earl BlumenauerEarl BlumenauerInauguration parties lose the glitz and glamour in 2021 Four things Democrats should do in Biden's first 100 days House Republican wants restrictions on masks with messages MORE (D-Ore.) on Thursday introduced legislation to allow all registered voters to have the option to vote from home.The Hill
January 28, 2021 – Hacker
Microsoft: DPRK hackers ‘likely’ hit researchers with Chrome exploit Full Text
Abstract
Today, Microsoft disclosed that they have also been monitoring the targeted attacks against vulnerability researchers for months and have attributed the attacks to a DPRK group named 'Zinc.'BleepingComputer
January 28, 2021 – Attack
Hezbollah hackers attack unpatched Atlassian servers at telcos, ISPs Full Text
Abstract
Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations.BleepingComputer
January 28, 2021 – General
Leaks and Breaches Soared 93% in 2020 Full Text
Abstract
Breaches and leaks of sensitive information from organizations doubled last year, even as consumer concerns over data privacy surged, according to two new reports published on Data Protection Day.Infosecurity Magazine
January 28, 2021 – Solution
Return to SMS as Security Feature Full Text
Abstract
Use of SMS as security feature grows by over 100% during pandemicInfosecurity Magazine
January 28, 2021 – Hacker
North Korean Hackers Exploiting Psychological Weaknesses Full Text
Abstract
Although the tactic was unique considering the targeting of security researchers, it is not technically novel. This incident is a reminder to maintain your psychological defenses and stay vigilant.Cyware Alerts - Hacker News
January 28, 2021 – Government
US Launches Global Action Against NetWalker Full Text
Abstract
America goes after group that made millions selling ransomware-as-a-serviceInfosecurity Magazine
January 28, 2021 – Policy and Law
Utah Ponders Making Online ‘Catfishing’ a Crime Full Text
Abstract
Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow.Threatpost
January 28, 2021 – Vulnerabilities
Pirated themes and plugins are the most widespread threat to WordPress sites Full Text
Abstract
"Overall, the Wordfence scanner found malware originating from a nulled plugin or theme on 206,000 sites, accounting for over 17% of all infected sites," Wordfence said on Wednesday.ZDNet
January 28, 2021 – Attack
Blind TCP/IP hijacking is resurrected for Windows 7 Full Text
Abstract
Although Microsoft deemed the bug “very difficult” to exploit and therefore only fixed it in Windows 8, researcher Adam Zabrocki says that he was able to rework the attack for use against Windows 7.The Daily Swig
January 28, 2021 – Policy and Law
Utah tests the waters in turning online catfishing into a criminal act Full Text
Abstract
Titled, "Online Impersonation Prohibition," House Bill 239 introduced by Rep. Karianne Lisonbee proposes legal consequences for people that "use the name or persona of an individual" without consent.ZDNet
January 28, 2021 – Solution
Apple says new privacy notifications to roll out in ‘early spring’ Full Text
Abstract
Apple said that new privacy pop-up notifications will start appearing on most iPhones as soon as early spring, a requirement that major digital ad firms have warned will harm their businesses.Cyber News
January 28, 2021 – Education
Schneider Partners with Immersive Labs to Launch Virtual Training Platform Full Text
Abstract
Training platform offers realistic battle-test scenariosInfosecurity Magazine
January 28, 2021 – Phishing
LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages Full Text
Abstract
A phishing kit has been found running on at least 700 domains – and mimicking services like false SharePoint portals, OneDrive and Office 365.Threatpost
January 28, 2021 – Malware
Babuk Locker: Mediocre, But Gets the Job Done Full Text
Abstract
The code, its execution, the ways the operators communicate with victims and the threats to the stolen data have been labeled “unprofessional.” This does not mean that the malware is harmless.Security Boulevard
January 28, 2021 – Solution
Google Chrome blocks 7 more ports to stop NAT Slipstreaming attacks Full Text
Abstract
Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability.BleepingComputer
January 28, 2021 – Solution
TeamTNT group adds new detection evasion tool to its Linux miner Full Text
Abstract
The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion...Security Affairs
January 28, 2021 – Attack
Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball Full Text
Abstract
A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack.Threatpost
January 28, 2021 – Vulnerabilities
Potential remote code execution vulnerability uncovered in Node.js apps Full Text
Abstract
Made public by self-described security researcher Shoeb ‘CaptainFreak’ Patel on January 23, the research suggests that Express.js may be susceptible to local file read errors.The Daily Swig
January 28, 2021 – General
Microsoft CEO Satya Nadella: There is ‘a big crisis right now’ for cybersecurity Full Text
Abstract
For the first time on Tuesday, Microsoft disclosed revenue from its various security offerings as part of its quarterly earnings — amounting to $10 billion over the last 12 months.Yahoo! Finance
January 28, 2021 – Education
#RSAC365: How to Achieve Next Level Security Automation Full Text
Abstract
The power of end-to-end security automationInfosecurity Magazine
January 28, 2021 – Privacy
What We Learned From Apple’s New Privacy Labels Full Text
Abstract
Apps must now include so-called privacy labels, which list the types of data being collected in an easily scannable format. The labels resemble a nutrition marker on food packaging.New York Times
January 28, 2021 – Malware
Italy CERT Warns of a New Credential Stealing Android Malware Full Text
Abstract
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. Dubbed " Oscorp " by Italy's CERT-AGID, the malware "induce(s) the user to install an accessibility service with which [the attackers] can read what is present and what is typed on the screen." So named because of the title of the login page of its command-and-control (C2) server, the malicious APK (called "Assistenzaclienti.apk" or "Customer Protection") is distributed via a domain named "supportoapp[.]com," which upon installation, requests intrusive permissions to enable the accessibility service and establishes communications with a C2 server to retrieve additional commands. Furthermore, the malware repeatedly reopens the Settings screen every eight seconds until the user turns on permissions for accessibility and device usage statistics, thus pressurizing the uThe Hacker News
January 28, 2021 – Privacy
#RSAC365: Organizations Must Prepare for New #COVID19 Data Privacy Challenges Full Text
Abstract
Returning to work post-COVID brings about a number of data protection issuesInfosecurity Magazine
January 28, 2021 – Phishing
LogoKit, a new phishing kit that dynamically creates phishing forms Full Text
Abstract
Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered a new phishing kit that outstands for its ability to dynamically create phishing messages to target...Security Affairs
January 28, 2021 – Business
‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions Full Text
Abstract
The analyst from FireEye that discovered the SolarWinds attack and the co-founder of Tenable will join the advisory board of Trinity Cyber – contributing expertise to the company that counts former homeland security adviser Tom Bossert among its top executives.SCMagazine
January 28, 2021 – Solution
Chromebooks will now let you sign into websites with your fingerprint Full Text
Abstract
Google has finally brought Web Authentication (WebAuthn) passwordless authentication to Chrome OS to allow users to sign in to websites with a PIN or fingerprint used to unlock a Chromebook.ZDNet
January 28, 2021 – Policy and Law
Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware Full Text
Abstract
U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. "We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims," said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department's Criminal Division. "Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today's multi-faceted operation." In connection with the takedown, a Canadian national named Sebastien Vachon-Desjardins from the city of Gatineau was charged in the U.S. state of Florida for extorting $27.6 million in cryptocurrency from ransom payments. Separately, theThe Hacker News
January 28, 2021 – Solution
Remote Workers Could Offer Brexit Britain Cybersecurity Lifeline Full Text
Abstract
CrowdStrike study reveals many IT leaders are concerned at hiring freezeInfosecurity Magazine
January 28, 2021 – Vulnerabilities
CISA warns of high-severity flaws in Fuji Electric Tellus Lite V-Simulator and Server Lite Full Text
Abstract
The U.S. CISA published a security advisory for High-Severity flaws in some SCADA/HMI products made by Japanese company Fuji Electric. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a security advisory to warn industrial organizations...Security Affairs
January 28, 2021 – Hacker
Stack Overflow 2019 hack was guided by advice from none other than Stack Overflow Full Text
Abstract
Stack Overflow has published details of a breach from May 2019, finding evidence that an intruder in its systems made extensive use of Stack Overflow itself to determine how to make the next move.The Register
January 28, 2021 – Policy and Law
European Authorities Disrupt Emotet — World’s Most Dangerous Malware Full Text
Abstract
Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet , a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade. The coordinated takedown of the botnet on Tuesday — dubbed " Operation Ladybird " — is the result of a joint effort between authorities in the Netherlands, Germany, the U.S., the U.K., France, Lithuania, Canada, and Ukraine to take control of servers used to run and control the malware network. "The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale," Europol said . "What made Emotet so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomware, onto a victim's computer." More Than a Malware Since its first identification in 2014, Emotet has evolved from its initial roots as a creThe Hacker News
January 28, 2021 – Phishing
Consumers Falling for $100m Clone Firm Scams Full Text
Abstract
Regulator says too many are making ill-judged investmentsInfosecurity Magazine
January 28, 2021 – Ransomware
US Justice Department issues rare charges against ransomware operator Full Text
Abstract
The U.S. has struck a rare blow against an international ransomware gang, charging one alleged member of a hacker ring that has shut down health care facilities, colleges, and utilities companies.NBC News
January 28, 2021 – Privacy
#DataPrivacyDay: Leaks and Breaches Soared 93% in 2020 Full Text
Abstract
Data Privacy Day studies remind organizations of their responsibilitiesInfosecurity Magazine
January 28, 2021 – Phishing
FTC Warns ‘U.S. Trading Commission’ Website Is a Scam Full Text
Abstract
The FTC issued a unique consumer alert this week, warning that scammers pretending to be the U.S. regulatory agency have been attempting to bilk the public out of their bank accounts and life savings.Nextgov
January 28, 2021 – Ransomware
UK association defends ransomware payments in cyber insurance policies Full Text
Abstract
Businesses and organizations without viable backups or with an urgent need to restore their systems -- such as hospitals and energy utilities -- are then under extreme pressure to pay up.ZDNet
January 27, 2021 – General
Hillicon Valley: Biden’s cyber priorities zero in on Russian hack | Apple, Facebook report increase in earnings at the end of 2020 | International authorities disrupt ‘world’s most dangerous malware’ Full Text
Abstract
STRONG START FOR BIDEN ON CYBER: President Biden and his administration have hit the ground running on cybersecurity during his first week in office, with a particular emphasis on addressing the fallout from the recently discovered Russian hack that hit much of the federal government.The Hill
January 27, 2021 – Policy and Law
Law enforcement announced global action against NetWalker Ransomware Full Text
Abstract
A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators. Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware...Security Affairs
January 27, 2021 – Vulnerabilities
Even dead employees pose a security risk when their accounts are still active Full Text
Abstract
Ransomware attackers compromised deceased employee’s account to access a domain admin account. The incident is a sad reminder of some cyber hygiene standards too often overlooked.SCMagazine
January 27, 2021 – Solution
Microsoft rolls out Application Guard for Office to all customers Full Text
Abstract
Microsoft has announced that Application Guard for Office is now generally available for all Microsoft 365 users with supported licenses.BleepingComputer
January 27, 2021 – Criminals
Personal Details of over 176 million Pakistani Mobile Phone Users Sold on Hacker Forum Full Text
Abstract
It can allow cybercriminals to carry out SMSishing, SIM Swapping attacks, and identity scams while State-backed actors can use the data for all sorts of malicious purposes.Hackread
January 27, 2021 – Government
McCaul urges senators to block vote on Commerce secretary over Huawei concerns Full Text
Abstract
Rep. Michael McCaul (R-Texas), ranking member on the House Foreign Affairs Committee, on Wednesday called on the Senate to block a vote to confirm Gina RaimondoGina RaimondoBiden's Cabinet gradually confirmed by Senate Hillicon Valley: Raimondo wades into 230 debate | Google cuts donations to election result deniers | House GOP unveils tech plan Rep. Rodgers outlines GOP 'Big Tech Accountability Platform' MORE, President's Biden nominee for Commerce secretary, over concerns about her stance on Chinese telecommunications group Huawei.The Hill
January 27, 2021 – Covid-19
#RSAC365: #COVID19 Fundamentally Altered Global Attack Surface Full Text
Abstract
How adversaries have levied tactics specifically designed to exploit the pandemicInfosecurity Magazine
January 27, 2021 – Policy and Law
Emotet Botnet dismantled in a joint international operation Full Text
Abstract
A global operation of law enforcement has dismantled the infrastructure of the infamous Emotet botnet. A global operation of law enforcement, lead by Europol, has dismantled the infrastructure of the infamous Emotet botnet. The Emotet banking trojan has...Security Affairs
January 27, 2021 – Vulnerabilities
Apple Patches Three New iOS Zero-Days Full Text
Abstract
While Apple has a significant focus on making iOS secure, one researcher said increasingly complex capabilities often bring vulnerabilities.SCMagazine
January 27, 2021 – Malware
TeamTNT Cloaks Malware With Open-Source Tool Full Text
Abstract
The detection-evasion tool, libprocesshider, hides TeamTNT’s malware from process-information programs.Threatpost
January 27, 2021 – Policy and Law
US charges NetWalker ransomware affiliate, seizes ransom payments Full Text
Abstract
The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks.BleepingComputer
January 27, 2021 – Phishing
UK’s National Crime Agency warns novice and veteran traders alike of rise in clone company scams Full Text
Abstract
A warning has been issued by the UK's NCA and FCA on a rise in clone company scams targeting those looking for investment opportunities to recover financially from COVID-19.ZDNet
January 27, 2021 – Policy and Law
International authorities disrupt ‘world’s most dangerous malware’ Full Text
Abstract
A team of international law enforcement and judicial groups on Wednesday announced they had disrupted infrastructure used by cyber criminals to spread what authorities described as the “world’s most dangerous malware” and attack organizations around the world.The Hill
January 27, 2021 – Policy and Law
Emotet Disrupted Through Global Action Full Text
Abstract
Botnet taken down after seven years of wreaking havoc on the world’s networksInfosecurity Magazine
January 27, 2021 – Business
Pwn2Own 2021, more than $1,500,000 in cash and prizes for contestants Full Text
Abstract
Trend Micro’s Zero Day Initiative announced the Pwn2Own Vancouver 2021 hacking competition that will also cover Zoom, MS Teams Exploits. Trend Micro’s Zero Day Initiative (ZDI) on this week announced the forthcoming Pwn2Own Vancouver 2021 hacking...Security Affairs
January 27, 2021 – Vulnerabilities
‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access Full Text
Abstract
Cybersecurity researchers and the U.S. Cyber Command are warning users about a decade-old buffer overflow bug in sudo that can grant root access to malicious users with low level access to systems. The vulnerability, discovered by Qualys and nicknamed “Baron Samedit,” affects all versions of Linux Qualys has tested against. The glitch allows users, even…SCMagazine
January 27, 2021 – Vulnerabilities
Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming Full Text
Abstract
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren’t connected to the internet.Threatpost
January 27, 2021 – Policy and Law
Europol: Emotet malware will uninstall itself on March 25th Full Text
Abstract
Law enforcement has started to distribute an Emotet module to infected devices that will uninstall the malware on March 25th, 2021.BleepingComputer
January 27, 2021 – Ransomware
Avaddon Ransomware Using Ransom DDoS Attacks Full Text
Abstract
Avaddon ransomware actors reportedly launched a DDoS attack against one of its victims' websites to put the victim organizations under pressure of negotiating the ransom payment.Cyware Alerts - Hacker News
January 27, 2021 – Ransomware
#RSAC365: Will Recent Treasury Guidance Reduce Ransomware Payments in the US? Full Text
Abstract
Will a zero-tolerance approach to ransomware payments have a meaningful impact?Infosecurity Magazine
January 27, 2021 – Policy and Law
Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders Full Text
Abstract
The voluntary, collaborative posture taken by different private and public stakeholders is what sets this takedown apart from others.SCMagazine
January 27, 2021 – Policy and Law
Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline Full Text
Abstract
Hundreds of servers and 1 million Emotet infections have been dismantled globally, while authorities have taken NetWalker’s Dark Web leaks site offline and charged a suspect.Threatpost
January 27, 2021 – Policy and Law
Netwalker ransomware dark web sites seized by law enforcement Full Text
Abstract
The dark web websites associated with the Netwalker ransomware operation have been seized by law enforcement from the USA and Bulgaria.BleepingComputer
January 27, 2021 – Hacker
Pwn2Own 2021: Hackers Offered $200,000 for Zoom, Microsoft Teams Exploits Full Text
Abstract
Trend Micro’s Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes and rules for the Pwn2Own Vancouver 2021 hacking competition, a hybrid event scheduled to take place on April 6-8.Security Week
January 27, 2021 – Ransomware
UK Insurers Defend Covering Ransomware Payments Full Text
Abstract
Association of British Insurers said cyber-attacks could financially ruin companiesInfosecurity Magazine
January 27, 2021 – Policy and Law
Grindr Faces $11.7m Data Privacy Fine Full Text
Abstract
Norway plans to fine dating app over alleged illegal disclosure of user data to advertisersInfosecurity Magazine
January 27, 2021 – General
Global Public-Private Partnerships Key to Fighting Cybercrime Full Text
Abstract
Cybercrime investigations often require accessing data from multiple organizationsInfosecurity Magazine
January 27, 2021 – Policy and Law
Coordination Action by Europol and Eurojust Disrupts Emotet Botnet Infrastructure Full Text
Abstract
Emotet, which is distributed through an automated process, is said to be one of the biggest players in the cybercrime world as other malware operators like TrickBot and Ryuk have benefited from it.Cyber News
January 27, 2021 – General
Maritime port cybersecurity Full Text
Abstract
Let's talk about cyber risk in the maritime and port setting to better understand Maritime Port cybersecurity. In order to better understand the evolutionary trend of worldwide shipping and port facilities from 2007 to present, it is necessary to talk...Security Affairs
January 27, 2021 – Solution
Mitigating Abuse of Android Application Permissions and Special App Accesses Full Text
Abstract
Mobile devices commonly run a variety of applications that have the potential to contain exploitable vulnerabilities or deliberate malicious behaviors that exploit specific app permissions.Medium
January 27, 2021 – Malware
Linux malware uses open-source tool to evade detection Full Text
Abstract
AT&T Alien Labs security researchers have discovered that the TeamTNT cybercrime group upgraded their Linux crypto-mining with open-source detection evasion capabilities.BleepingComputer
January 27, 2021 – Attack
Hundreds of Industrial Organizations Received Sunburst Malware in SolarWinds Attack Full Text
Abstract
Kaspersky’s industrial cybersecurity researchers analyzed a list of nearly 2,000 domains impacted by Sunburst and estimated that roughly 32% of them were associated with industrial organizations.Security Week
January 27, 2021 – Hacker
Google: Hackers backed by North Korea tried to steal cyber research Full Text
Abstract
Google's threat analysis team earlier this week said that it had identified a hacking effort suspected to be centered in North Korea that targeted U.S.-based cybersecurity experts.The Hill
January 27, 2021 – Vulnerabilities
New Docker Container Escape Bug Affects Microsoft Azure Functions Full Text
Abstract
Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab 's investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have "determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host." Azure Functions , analogous to Amazon AWS Lambda, is a serverless solution that allows users to run event-triggered code without having to provision or manage infrastructure explicitly while simultaneously making it possible to scale and allocate compute and resources based on demand. By incorporating Docker into the mix, it makes it possible for developers to easily deploy and run Azure FThe Hacker News
January 27, 2021 – Criminals
Growing Digital Adoption Providing Extra Opportunities for Cyber-Criminals Full Text
Abstract
Rising digital adoption making UK consumers more vulnerableInfosecurity Magazine
January 27, 2021 – Vulnerabilities
Apple addresses three iOS zero-day flaws exploited in the wild Full Text
Abstract
Apple has addressed three zero-day vulnerabilities in its iOS operating system that have been exploited in the wild. Apple has addressed three zero-day vulnerabilities in iOS that have been exploited in the wild with the release of security updates...Security Affairs
January 27, 2021 – Policy and Law
Emotet botnet disrupted after global takedown operation Full Text
Abstract
The infrastructure of today's most dangerous botnet built by cybercriminals using the Emotet malware was taken down following an international coordinated action coordinated by Europol and Eurojust.BleepingComputer
January 27, 2021 – General
[Webinar] From Reactive to Proactive: Operationalizing Threat Intel Full Text
Abstract
Cyware's threat intel experts are hosting a webinar on 28th January 2021. The webinar will cover interesting discussion points around threat intelligence, where and how it fits into a mid-market security model, and what challenges teams face.Cyware
January 27, 2021 – Government
Biden’s cyber priorities zero in on Russian hack Full Text
Abstract
President Biden and his administration have hit the ground running on cybersecurity during his first week in office, with a particular emphasis on addressing the recent Russian hack that hit the federal government and major U.S. companies.The Hill
January 27, 2021 – Vulnerabilities
Warning Issued Over Hackable ADT’s LifeShield Home Security Cameras Full Text
Abstract
Newly discovered security vulnerabilities in ADT's Blue (formerly LifeShield) home security cameras could have been exploited to hijack both audio and video streams. The vulnerabilities (tracked as CVE-2020-8101) were identified in the video doorbell camera by Bitdefender researchers in February 2020 before they were eventually addressed on August 17, 2020. LifeShield was acquired by Florida-based ADT Inc. in 2019, with Lifeshield's DIY home security solutions rebranded as Blue as of January 2020. The company's products had a 33.6% market share in the U.S. last year. The security issues in the doorbell camera allow an attacker to Obtain the administrator password of the camera by simply knowing its MAC address, which is used to identify a device uniquely Inject commands locally to gain root access, and Access audio and video feeds using an unprotected RTSP (Real-Time Streaming Protocol) server The doorbell is designed to periodically send heartbeat messages tThe Hacker News
January 27, 2021 – Attack
More Security Vendors Admit to SolarWinds Attacks Full Text
Abstract
Scale of the cyber-espionage campaign continues to growInfosecurity Magazine
January 27, 2021 – Vulnerabilities
Here’s how a researcher broke into Microsoft VS Code’s GitHub Full Text
Abstract
This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code. A vulnerability in VS Code's issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository.BleepingComputer
January 27, 2021 – Business
Ivanti acquires Cherwell to expand the reach of its Neurons platform Full Text
Abstract
Ivanti is acquiring Cherwell to expand the reach of its Neurons platform, providing end-to-end service and asset management from IT to lines of business and from every endpoint to the IoT edge.Help Net Security
January 27, 2021 – Attack
New Attack Could Let Remote Hackers Target Devices On Internal Networks Full Text
Abstract
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the new attack (CVE-2020-16043 and CVE-2021-23961) builds on the previously disclosed technique to bypass routers and firewalls and reach any unmanaged device within the internal network from the Internet. First disclosed by security researcher Samy Kamkar in late October 2020, the JavaScript-based attack relied on luring a user into visiting a malicious website to circumvent browser-based port restrictions and allow the attacker to remotely access TCP/UDP services on the victim's device, even those that were protected by a firewall or NAT. Although partial mitigations were released on November 11 to thwart the attack in Chrome 87 , Firefox 84 , and Safari by preventing connections on port 5060 or 5061, Armis researchers Ben Seri and Gregory Vishnipolsky rThe Hacker News
January 27, 2021 – Attack
Manufacturing Giant Suffers Major Cyber-Disruption Full Text
Abstract
Attack bears the hallmarks of ransomwareInfosecurity Magazine
January 27, 2021 – Ransomware
Why Enterprises Must Take Ransomware Attacks Seriously Full Text
Abstract
The impact of a ransomware attack can be devastating. The average attack can cost over $1 million. It can take a company offline for 5-10 days, costing millions more in lost productivity and damages.Security Boulevard
January 27, 2021 – General
Top Cyber Attacks of 2020 Full Text
Abstract
With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before. "Zoombomb" became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images . Nation-state hacker groups mounted attacks against organizations involved in the coronavirus pandemic response, including the World Health Organization and Centers for Disease Control and Prevention, some in an attempt to politicize the pandemic. Even garden-variety cyber attacks like email phishing, social engineering, and refund theft took on a darker flavor in response to the widespread economic precarity brought on by the pandemic. "Hackers were mostly trying to take advantage of people's fear by offering medical equipment like thermometers and masks for cheap, lowThe Hacker News
January 27, 2021 – Government
UK Spies Called on to Help in Fraud Fight Full Text
Abstract
RUSI report warns of government “responsibility vacuum”Infosecurity Magazine
January 27, 2021 – Ransomware
Sharp Increase in Emotet, Ransomware Droppers Full Text
Abstract
Ransomware continues to be one of the most impactful threats. Aside from vulnerabilities, its primary delivery method remains phishing emails, with links or attachments containing early-stage loaders.Phish Labs
January 27, 2021 – Solution
Using the Manager Attribute in Active Directory (AD) for Password Resets Full Text
Abstract
Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have to bolster security around resetting passwords on user accounts. How can organizations bolster the security of password resets for remote workers? One security workflow might involve having manager approval before IT helpdesk technicians can change a remote worker's password. In this way, the user's manager is involved in the process. Additionally, some organizations might opt to allow managers themselves the ability to change end-user passwords. How can this be configured in Active Directory? Also, is there a more seamless solution for requiring manager approval for password resets? Why password reset security is critical This past year has undoubtedly created many IT helpdesk stThe Hacker News
January 27, 2021 – Phishing
Phishing and Malspam with Leaf PHPMailer Full Text
Abstract
When the tool is loaded, it leverages the LeafPHP mailer library to distribute the spam. It contains various text fields that allow the attacker to input custom data for important email fields.Sucuri
January 27, 2021 – Solution
Deloitte bolsters cyber threat hunting capabilities with acquisition of Root9B Full Text
Abstract
The deal will bolster its Detect and Respond cyber client offering with R9B’s deeply experienced cyber operations professionals and its award-winning threat-hunting and risk assessment solutions.Help Net Security
January 27, 2021 – Vulnerabilities
Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server Full Text
Abstract
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. An attacker can use a specially crafted HTTP request to trigger a denial of service condition.Talos
January 27, 2021 – Breach
ASIC reports server breached via Accellion vulnerability Full Text
Abstract
"This incident is related to Accellion software used by ASIC to transfer files and attachments," the corporate regulator said in a notice posted on the evening before a public holiday.ZDNet
January 27, 2021 – Covid-19
DDoS Attacks Surge in 2020 Due to #COVID19 Full Text
Abstract
NETSCOUT saw DDoS attacks rise to more than 10 million last yearInfosecurity Magazine
January 27, 2021 – Vulnerabilities
Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges Full Text
Abstract
CVE-2021-3156 Sudo vulnerability has allowed any local user to gain root privileges on Unix-like operating systems without authentication. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed...Security Affairs
January 27, 2021 – Phishing
BEC Scammers Find New Ways to Navigate Microsoft 365 Full Text
Abstract
BEC scammers targeted victims' out-of-office replies and read receipts during the 2020 holiday season, when many took time off work and automatic replies were more prevalent, researchers report.Dark Reading
January 27, 2021 – Policy and Law
Grindr faces $11.7 million fine in Norway for breach of data privacy Full Text
Abstract
Norway's Data Protection Authority said on Tuesday it plans to fine dating app Grindr about $11.7 million for what the regulator said was illegal disclosure of user data to advertising firms.The Times Of India
January 27, 2021 – Ransomware
Ransomware hackers launder bitcoin through just a handful of locations, researchers find Full Text
Abstract
A relatively small number of groups seem to dominate the cybercrime market, offering their malware on a rental basis, while taking a chunk of profits and using money laundering to cover their tracks.Cyberscoop
January 27, 2021 – General
Fighting the Rapid Rise of Cyber Warfare in a Changing World Full Text
Abstract
Addressing these risks is imperative for the public and private sectors, as evidenced by recent high-profile attacks, presumably by Russia, that impacted multiple government agencies and corporations.Dark Reading
January 27, 2021 – Phishing
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication Full Text
Abstract
FireEye recently encountered various phishing campaigns, mostly in the Americas and Europe, using WOFF-based substitution cypher, localization specific targeting, and various evasion techniques.FireEye
January 27, 2021 – Malware
Cryptomining Malware Takes Center Stage Again Full Text
Abstract
Soaring bitcoin rates are motivating a large number of cybercriminals to resort to cryptomining, which has increased by 53% quarter-on-quarter in the final three months of 2020, as per a report by Avira.Cyware Alerts - Hacker News
January 27, 2021 – Insider Threat
Tesla Filed a Lawsuit Against Former Employee for Allegedly Stealing Software Code Full Text
Abstract
Recently, the American electric vehicle company Tesla has prosecuted one of its retired employees; Telsa claimed that this employee was allegedly stealing...Cyber Security News
January 26, 2021 – Vulnerabilities
Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild Full Text
Abstract
Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. Reported by an anonymous researcher, the three zero-day flaws — CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 — could have allowed an attacker to elevate privileges and achieve remote code execution. The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them. While the privilege escalation bug in the kernel (CVE-2021-1782) was noted as a race condition that could cause a malicious application to elevate its privileges, the other two shortcomings — dubbed a "logic issue" — were discovered in the WebKit browser engine (CVE-2021-1870 and CVE-2021-1871), permitting an attacker to achieve arbitrary code execution inside Safari. Apple said the race condition and the WebKit flaws were addressed with improved locking and restrictions, respThe Hacker News
January 26, 2021 – General
In the Wake of the SolarWinds Hack, Here’s How Businesses Should Respond Full Text
Abstract
Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble the safety infrastructure required to return to some semblance of normal in 2021. But at the end of the year, news of a massive breach of IT monitoring software vendor SolarWinds introduced a new complication – the possibility of a wave of secondary data breaches and cyber-attacks. And because SolarWinds' products have a presence in so many business networks, the size of the threat is massive. So far, though, most of the attention is getting paid to large enterprises like Microsoft and Cisco (and the US Government), who were the primary target of the SolarWinds breach. What nobody's talking about is the rest of the 18,000 or so SolarWinds clients who may have been affected. For themThe Hacker News
January 26, 2021 – Phishing
Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’ Full Text
Abstract
Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders – often companies’ biggest security liabilities.SCMagazine
January 26, 2021 – General
Hillicon Valley: Raimondo wades into 230 debate | Google cuts donations to election result deniers | House GOP unveils tech plan Full Text
Abstract
RAIMONDO WEIGHS IN ON SECTION 230: President Biden’s pick to serve as the secretary of Commerce, Gina RaimondoGina RaimondoOn The Money: Senate confirms Yellen as first female Treasury secretary | Biden says he's open to tighter income limits for stimulus checks | Administration will look to expedite getting Tubman on bill On The Money: Treasury announces efforts to help people get stimulus payments | Senate panel unanimously advances Yellen nomination for Treasury | Judge sets ground rules for release of Trump taxes What Biden's Cabinet picks mean for the hardest-hit US industry MORE, said during her confirmation hearing Tuesday that there needs to be some reform for Section 230 of the Communications Decency Act.The Hill
January 26, 2021 – Attack
Fidelis, Mimecast, Palo Alto Networks, Qualys also impacted by SolarWinds hack Full Text
Abstract
Security vendors Fidelis, Mimecast, Palo Alto Networks, and Qualys revealed that were also impacted by SolarWinds supply chain attack The SolarWinds supply chain attack is worse than initially thought, other security providers, confirmed that they...Security Affairs
January 26, 2021 – Attack
BEC attack techniques exploit Microsoft 365 messages Full Text
Abstract
Attackers exploit Microsoft 365 “read receipt” and “out of office” message loopholes to evade auto-remediation of a malicious email.SCMagazine
January 26, 2021 – Hacker
North Korea Targets Security Researchers in Elaborate 0-Day Campaign Full Text
Abstract
Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor.Threatpost
January 26, 2021 – Vulnerabilities
Nvidia Squashes High-Severity Jetson DoS Flaw Full Text
Abstract
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products.Threatpost
January 26, 2021 – General
The cyber ‘journeymen’: Apprentices may be the solution to the skills gap Full Text
Abstract
Aspiring infosec professionals have the opportunity to hone their craft as companies develop talent from within, potentially with government funding, and chip away at the diversity problem.SCMagazine
January 26, 2021 – Malware
DanaBot Malware Roars Back into Relevancy Full Text
Abstract
Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months.Threatpost
January 26, 2021 – Vulnerabilities
New Linux SUDO flaw lets local users gain root privileges Full Text
Abstract
A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication.BleepingComputer
January 26, 2021 – Breach
23M Gamer Records Exposed in VIPGames Leak Full Text
Abstract
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.Threatpost
January 26, 2021 – General
Syntax Releases First IT Trends Report Full Text
Abstract
Survey of 500 US IT decision makers finds 79% had to reduce their teams in 2020 due to budget cutsInfosecurity Magazine
January 26, 2021 – Hacker
Hacker Admits Targeting Major US Websites Full Text
Abstract
Hacker pleads guilty to extorting American website operators with stolen user dataInfosecurity Magazine
January 26, 2021 – Government
Biden administration appoints Chris DeRusha as federal CISO Full Text
Abstract
The Biden administration has picked Chris DeRusha, the former top cyber official on the Biden campaign, to fill the role of federal chief information security officer.The Hill
January 26, 2021 – Ransomware
Pan-Asian retail giant Dairy Farm suffers REvil ransomware attack Full Text
Abstract
Massive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation, demanding a $30 million ransom.BleepingComputer
January 26, 2021 – Disinformation
Twitter Asks Users to Police Misinformation Full Text
Abstract
New Birdwatch scheme invites users to write notes on tweets they think are misleadingInfosecurity Magazine
January 26, 2021 – Malware
LuckyBoy Malvertising Campaign Employs Cloaking and Obfuscation Techniques Full Text
Abstract
Cybersecurity experts found a sophisticated malvertising campaign that comes with strong obfuscation techniques to avoid detection by security solutions in iOS, Android, and even Xbox systems.Cyware Alerts - Hacker News
January 26, 2021 – General
Is the SolarWinds Cyberattack an Act of War? It Is, If the United States Says It Is. Full Text
Abstract
Cyberattack is an ill-defined area of international law, leaving questions as to when such an attack reaches the threshold for an act of war.Lawfare
January 26, 2021 – General
Threat Report Portugal: Q4 2020 Full Text
Abstract
Threat Report Portugal Q4 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators...Security Affairs
January 26, 2021 – Criminals
Researchers Connect MrbMiner Crypto-Mining Operations to Iranian Software Firm Full Text
Abstract
Experts at SophosLabs have linked MrbMiner, a cryptomining malware surfaced that infected thousands of MSSQL databases last year, to an Iran-based software development company.Cyware Alerts - Hacker News
January 26, 2021 – Ransomware
Ransomware Actors on the Footsteps of Maze Full Text
Abstract
Ransomware attacks have grown rapidly around the world claiming victims after victims. A new report by Emsisoft sheds light on "the life of Maze," a threat group that has unfortunately inspired many others.Cyware Alerts - Hacker News
January 26, 2021 – Breach
Criminal, Domestic Violence Case Info Exposed in Cook County Leak Full Text
Abstract
Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records.Threatpost
January 26, 2021 – Solution
Google to offer suite of new zero trust capabilities through Chrome browser Full Text
Abstract
With backing from Google infrastructure and support from a host of industry partners, the features have the potential to significantly expand the footprint of zero trust solutions within industry and government.SCMagazine
January 26, 2021 – Ransomware
Nefilim Ransomware Gang Hits Jackpot with Ghost Account Full Text
Abstract
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed.Threatpost
January 26, 2021 – Government
Senate committee advances Biden’s DHS pick despite Republican pushback Full Text
Abstract
The Senate Homeland Security and Governmental Affairs Committee advanced President Joe Biden’s pick to lead the Department of Homeland Security (DHS) despite a push by Republicans to stall the nomination.The Hill
January 26, 2021 – Attack
South Carolina County Suffers Weekend Cyberattack Full Text
Abstract
A statement from Georgetown County’s local government said the county’s computer network “suffered a major infrastructure breach over the weekend.” Most of the county’s electronic systems, including emails, were impacted.Security Week
January 26, 2021 – Phishing
Google discloses spearphishing targeting security researchers Full Text
Abstract
Depending on how widespread the compromises were, it could potentially taint some research and defensive strategies that threat intelligence firms share with businesses and other organizations.SCMagazine
January 26, 2021 – Malware
Watch out as new Android malware spreads through WhatsApp Full Text
Abstract
As reported by researchers ReBensk and Lukas Stefanko, a new malware spreads through Whatsapp messages when it auto-replies to any messaging conversations using a malicious link that leads to a fake Huawei app.Hackread
January 26, 2021 – Ransomware
Cybercriminals use deceased staff accounts to spread Nemty ransomware Full Text
Abstract
Cybercriminals will often use brute-force attacks, phishing emails, and existing data dumps to break into corporate networks but there is one area that is often ignored to a company's detriment: ghost accounts.ZDNet
January 26, 2021 – Privacy
TikTok privacy issue could have allowed stealing users’ private details Full Text
Abstract
A vulnerability in the video-sharing social networking service TikTok could have allowed hackers to steal users' private personal information. Developers at ByteDance, the company that owns TikTok, have fixed a security vulnerability in...Security Affairs
January 26, 2021 – Hacker
Mimecast links security breach to SolarWinds hackers Full Text
Abstract
Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month.BleepingComputer
January 26, 2021 – General
The massive SolarWinds hack and the future of cyber espionage Full Text
Abstract
The repercussions of the SolarWinds hack are still being unraveled. As the Biden administration settles in, it will have to contend with the aftermath of this hack, and also work to prevent future security lapses that can endanger national security.CNBC
January 26, 2021 – Business
Dr Gary McGraw Appointed to IriusRisk Threat Modeling Technical Advisory Board Full Text
Abstract
Dr McGraw to assist in strategic direction and development of AppSec firmInfosecurity Magazine
January 26, 2021 – General
After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face Full Text
Abstract
Not long after the scope of the breach began to come into view, a semantic battle commenced: Was the breach an attack or was it espionage? An attack demands a response. Espionage can be dismissed as business as usual.New Yorker
January 26, 2021 – Ransomware
Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems Full Text
Abstract
American packaging giant WestRock on Monday revealed that it was recently targeted in a ransomware attack that impacted both information technology (IT) and operational technology (OT) systems.Security Week
January 26, 2021 – Solution
Mastercard Introduces Quantum-Resistant Specs to Enhance Contactless Security Full Text
Abstract
Standards designed to provide a more secure contactless experienceInfosecurity Magazine
January 26, 2021 – Business
Cybersecurity investments will increase up to 10% in 2021 Full Text
Abstract
A Canalys forecast predicts cybersecurity investments will increase 10% worldwide in the best-case scenario in 2021. The overall cybersecurity market value is expected to reach US$60.2 billion in 2021.Help Net Security
January 26, 2021 – Vulnerabilities
TikTok Bug Gave Access to Contacts’ Profile Details Full Text
Abstract
Check Point reveals now-fixed vulnerabilityInfosecurity Magazine
January 26, 2021 – Hacker
North Korea-linked campaign targets security experts via social media Full Text
Abstract
Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. According...Security Affairs
January 26, 2021 – Vulnerabilities
Google fixes severe Golang Windows RCE vulnerability Full Text
Abstract
This month Google engineers have fixed two vulnerabilities in the Go language (Golang), including a severe RCE flaw, and a cryptographic weakness. The RCE vulnerability tracked as CVE-2021-3115 mainly impacts Windows users of Go running the 'go get' command, due to the default behavior of Windows PATH lookups.BleepingComputer
January 26, 2021 – Hacker
Google’s Threat Analysis Group Spotted North Korean Hackers Targeting Vulnerability Researchers Full Text
Abstract
Google said that a North Korean government hacking group has targeted members of the cyber-security community engaging in vulnerability research. The attacks have been spotted by the Google Threat Analysis Group (TAG).ZDNet
January 26, 2021 – Phishing
Targeted Phishing Attacks Target High-Ranking Company Executives Full Text
Abstract
An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration notifications as lures. The messages also include an embedded link to retain the same password that, when clicked, redirects users to a phishing page for credential harvesting. "The attackers target high profile employees who may not be as technically or cybersecurity savvy, and may be more likely to be deceived into clicking on malicious links," Trend Micro researchers said in a Monday analysis. "By selectively targeting C-level employees, the attacker significantly increases the value of obtained credentials as they could lead to further access to sensitive personal andThe Hacker News
January 26, 2021 – Breach
Cook County Leaks 320,000 Court Records Full Text
Abstract
Reveals highly sensitive info from immigration, criminal and family casesInfosecurity Magazine
January 26, 2021 – Phishing
TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks Full Text
Abstract
A security flaw in TikTok could have allowed attackers to query query the platform’s database – potentially opening up for privacy violations.Threatpost
January 26, 2021 – Vulnerabilities
TikTok fixes flaws allowing theft of private user information Full Text
Abstract
ByteDance, the tech firm behind TikTok, has fixed a security vulnerability in the video-sharing social networking service which could have allowed attackers to steal users' private information.BleepingComputer
January 26, 2021 – Vulnerabilities
TikTok Bug Could Have Exposed Users’ Profile Data and Phone Numbers Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, successful exploitation of the vulnerability could have resulted in data leakage and privacy violation, Check Point Research said in an analysis shared with The Hacker News. TikTok has deployed a fix to address the shortcoming following responsible disclosure from Check Point researchers. The newly discovered bug resides in TikTok's " Find friends " feature that allows users to sync their contacts with the service to identify potential people to follow. The contacts are uploaded to TikTok via an HTTP request in the form of a list that consists of hashed contact names and the corresponding phone numbersThe Hacker News
January 26, 2021 – General
vCISO Shares Most Common Risks Faced by Companies With Small Security Teams Full Text
Abstract
Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today's onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations. Autonomous XDR company Cynet, a provider of an automated breach protection platform and MDR service for even the smallest security teams, is conducting a webinar with well-known vCISO Brian Haugli to understand the common challenges faced by CISOs with small security teams [ register here ]. In the first part of the webinar, Haugli will share the four foundational risks that are common across most companies he helps. He will then discuss the most common pieces of advice he provides across the companies he serves. Haugli will also share a situationThe Hacker News
January 26, 2021 – Breach
Misconfigured Cloud Server Exposes 66,000 Gamers Full Text
Abstract
Users of VIPGames.com at risk of follow-on attacksInfosecurity Magazine
January 26, 2021 – Vulnerabilities
Hackers Can Exploit Windows RDP Servers to Amplify DDoS Attacks Full Text
Abstract
These days, Windows Remote Desktop Protocol (RDP) servers are being exploited by DDoS-for-hire services to expand Distributed Denial of Service (DDoS) attacks....Cyber Security News
January 26, 2021 – Government
Russian hack of US agencies exposed supply chain weaknesses Full Text
Abstract
The elite Russian hackers who gained access to computer systems of federal agencies last year didn't bother trying to break one by one into the networks of each department.The Times Of India
January 26, 2021 – Covid-19
Dutch COVID-19 patient data sold on the criminal underground Full Text
Abstract
Dutch police have arrested two individuals for allegedly selling data from the health ministry's COVID-19 systems on the criminal underground. The accused had advertised the stolen data on instant messaging apps like Telegram, Snapchat, and Wickr.ZDNet
January 26, 2021 – General
Small Security Teams Have Big Security Fears, CISOs Report Full Text
Abstract
CISOs who lead small security teams at large organizations feel more vulnerable to cyberattacks compared with businesses that have more security staff, larger tool sets, and higher budgets.Dark Reading
January 26, 2021 – Covid-19
EMA says some leaked COVID-19 documents ‘taken out of context’ Full Text
Abstract
Some of the COVID-19 documents leaked online in a cyberattack on the European Medicines Agency disclosed last month were not published in their original form and may have been taken out of context, the regulator said on Monday.Reuters
January 26, 2021 – Vulnerabilities
Claroty Discloses Multiple Critical Vulns in Vendor Implementations of Key OT Protocol Full Text
Abstract
Researchers from Claroty this week disclosed multiple critical vulnerabilities in vendor implementations of the Open Platform Communications (OPC) network protocol that is widely used in operational technology (OT) networks.Dark Reading
January 26, 2021 – Vulnerabilities
CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability Full Text
Abstract
One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface.Security Week
January 26, 2021 – Malware
Cryptomining DreamBus botnet targets Linux servers Full Text
Abstract
Researchers at Zscaler’s ThreatLabZ team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet, which is a variant of SystemdMiner. The bot is composed of a series of ELF binaries and Unix shell scripts.Security Affairs
January 26, 2021 – Vulnerabilities
DDoS Attackers Exploit Vulnerable Microsoft RDP Servers Full Text
Abstract
Threat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify various distributed denial-of-service attacks, according to a report from application and network performance firm Netscout.Gov Info Security
January 25, 2021 – Hacker
North Korean hackers are targeting security researchers with malware, 0-days Full Text
Abstract
A North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight.BleepingComputer
January 25, 2021 – Hacker
N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches Full Text
Abstract
Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development. The internet giant's Threat Analysis Group (TAG) said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter, Twitter, LinkedIn, Telegram, Discord, and Keybase in a bid to communicate with the researchers and build trust. The goal, it appears, is to steal exploits developed by the researchers for possibly undisclosed vulnerabilities, thereby allowing them to stage further attacks on vulnerable targets of their choice. "Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including 'guest' posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers," said TAG researcher AThe Hacker News
January 25, 2021 – Denial Of Service
Users of IoT products from three major vendors at risk of DDoS attacks, data leaks Full Text
Abstract
Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell all provided fixes for their respective products after security firm Claroty privately disclosed them during 2020.SCMagazine
January 25, 2021 – Covid-19
Beware of this active UK NHS COVID-19 vaccination phishing attack Full Text
Abstract
A very active phishing campaign is underway pretending to be from the UK's National Health Service (NHS), alerting recipients that they are eligible to receive the COVID-19 vaccine.BleepingComputer
January 25, 2021 – Government
Speed of White House cyber appointments should make CISOs ‘a bit more confident’ Full Text
Abstract
The appointments and presumed future appointments draw heavily from people with public sector experience, a move that some praise and others criticize as a failure to consider private sector expertise.SCMagazine
January 25, 2021 – Covid-19
Beware of active UK NHS COVID-19 vaccination phishing campaign Full Text
Abstract
A very active phishing campaign is underway pretending to be from the UK's National Health Service (NHS), alerting recipients that they are eligible to receive the COVID-19 vaccine.BleepingComputer
January 25, 2021 – General
Hillicon Valley: Google workers announce global union alliance | Biden admin vows to ‘hold China accountable’ while weighing approach to Huawei, TikTok | Facebook to grant access to targeting information about political ads Full Text
Abstract
GOOGLERS TO FORM GLOBAL ALLIANCE: Google employees across 10 countries on Monday announced they would be forming a global union alliance aimed at holding the tech giant accountable.The Hill
January 25, 2021 – Covid-19
Dutch police arrested two people for the illegal sale of COVID-19 patient data Full Text
Abstract
Dutch police arrested two individuals for allegedly selling COVID-19 patient data stolen from the Dutch health ministry. Dutch police have arrested two individuals in the country for selling COVID-19 patient data stolen from the national COVID-19....Security Affairs
January 25, 2021 – Government
Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’ Full Text
Abstract
Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.Threatpost
January 25, 2021 – Ransomware
Ransomware attack hit WestRock IT and OT systems Full Text
Abstract
Packaging giant WestRock disclosed a ransomware attack that impacted its information technology (IT) and operational technology (OT) systems. American corrugated packaging company WestRock announced it was the victim of a ransomware attack that...Security Affairs
January 25, 2021 – Government
Outgoing FCC Chair Issues Final Security Salvo Against China Full Text
Abstract
Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.Threatpost
January 25, 2021 – Breach
2.28M MeetMindful Daters Compromised in Data Breach Full Text
Abstract
The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.Threatpost
January 25, 2021 – Botnet
Cryptomining DreamBus botnet targets Linux servers Full Text
Abstract
Zscaler’s research team recently spotted a Linux-based malware family, tracked as DreamBus botnet, targeting Linux servers. Researchers at Zscaler’s ThreatLabZ research team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet,...Security Affairs
January 25, 2021 – Policy and Law
Mr. Double Website Operator Convicted Full Text
Abstract
Jury convicts Texan accused of operating website that sold child sexual abuse materialInfosecurity Magazine
January 25, 2021 – Attack
Leading crane maker Palfinger hit in global cyberattack Full Text
Abstract
Leading crane and lifting manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations.BleepingComputer
January 25, 2021 – Breach
San Francisco Law Firm Investigating PupBox Data Breach Full Text
Abstract
Investigation launched after payment card info of 30k PupBox customers exposedInfosecurity Magazine
January 25, 2021 – Malware
QNAP Network Devices Targeted by New Dovecat Malware Full Text
Abstract
QNAP is warning unsuspecting customers of an ongoing malware campaign that exploits NAS devices to mine bitcoin while hogging up the whole of CPU and memory resources.Cyware Alerts - Hacker News
January 25, 2021 – General
There is More to Supply Chain Attacks Beyond SolarWinds Full Text
Abstract
Software supply chain attacks are becoming more widespread. The recent incidents manifest how they have grown patiently and become more complex to tackle.Cyware Alerts - Hacker News
January 25, 2021 – General
Does cybersecurity need its own Fauci? Full Text
Abstract
SC Media spoke to Ron Gula, former NSA hacker and cybersecurity investor through Gula Tech Adventures, who has advised Congress and the White House, about what President Joe Biden’s first 100 days in office should look like from a cyber perspective.SCMagazine
January 25, 2021 – Business
Deloitte Acquires Root9B Full Text
Abstract
Assets of cyber-threat-hunting service provider Root9B acquired by Deloitte & ToucheInfosecurity Magazine
January 25, 2021 – Vulnerabilities
Cisco DNA Center Bug Opens Enterprises to Remote Attack Full Text
Abstract
The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.Threatpost
January 25, 2021 – Malware
Building towards the richest and most interconnected malware ecosystem Full Text
Abstract
During the last few months, VirusTotal has included additional meaningful relationships to create a rich ecosystem that interconnects samples, URLs, domains, and IP addresses.Virus Total
January 25, 2021 – Breach
Australian securities regulator discloses security breach Full Text
Abstract
The Australian Securities and Investments Commission (ASIC) has revealed that one of its servers has been accessed by an unknown threat actor following a security breach.BleepingComputer
January 25, 2021 – Ransomware
Ransomware gang taunts IObit with repeated forum hacks Full Text
Abstract
A ransomware gang continues to taunt Windows software developer IObit by hacking its forums to display a ransom demand.BleepingComputer
January 25, 2021 – Vulnerabilities
Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product Full Text
Abstract
Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon.Security Week
January 25, 2021 – Criminals
Over 8 Million Teespring User Records Leaked on Hacker Forum Full Text
Abstract
The archive included email addresses and last update dates for 8,242,000 user accounts, full names, phone numbers, locations, and other account details of over 4 million users and apparel creators.Cyber News
January 25, 2021 – Vulnerabilities
Unsecured Server Leaks 323,000 Cook County Court Records Containing Personal Data and Case Notes Full Text
Abstract
On the day of discovery, a Saturday, WebsitePlanet informed the Cook County CTO about the exposure. Early the following Monday, the database was secured and public access restricted.Security Week
January 25, 2021 – Botnet
DreamBus botnet targets enterprise apps running on Linux servers Full Text
Abstract
Analyzed in a report published last week by security firm Zscaler, the company said this new threat is a variant of an older botnet named SystemdMiner, first seen in early 2019.ZDNet
January 25, 2021 – General
Enhancing Email Security with MTA-STS and SMTP TLS Reporting Full Text
Abstract
In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted using TLS protocol. However, encryption is optional in SMTP, which implies that emails can be sent in plaintext. Mail Transfer Agent-Strict Transport Security (MTA-STS) is a relatively new standard that enables mail service providers the ability to enforce Transport Layer Security (TLS) to secure SMTP connections and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that that does not offer TLS with a reliable server certificate. It has been proven to successfully mitigate TLS downgrade attacks and Man-in-the-Middle (MitM) attacks. SMTP TLS Reporting (TLS-The Hacker News
January 25, 2021 – General
Indian researcher warns of Google Drive becoming a goldmine for pirated, explicit content Full Text
Abstract
According to independent cybersecurity researcher Rajshekhar Rajaharia, thousands of such explicit and illegal content is being circulated via Google Drive, including files linking to malware.The Times Of India
January 25, 2021 – Government
India: Chinese cyber actors target telecom to breach security, firewall ready in 6 months Full Text
Abstract
The Indian government seems determined to implement the new security directives in the telecom sector, cleared by the Cabinet Committee on Security (CCS), within the next six months.The Times Of India
January 25, 2021 – Breach
Australia’s Securities Regulator Suffers Security Breach Affecting File Transfer Server Full Text
Abstract
The incident occurred with the file sharing software provided by California-based Accellion. The same software was also used by New Zealand’s central bank, who faced a cyber attack earlier this month.Reuters
January 25, 2021 – Solution
Zero trust: A solution to many cybersecurity problems Full Text
Abstract
CISOs of organizations that have been hit by the attackers who compromised SolarWinds Orion are now mulling over how to make sure that they’ve eradicated the attackers’ presence from their networks.Help Net Security
January 25, 2021 – Malware
Twenty-three SUNBURST Targets Identified Full Text
Abstract
Researchers found that out of all the companies and organizations that installed a backdoored SolarWinds Orion update, the majority were never targeted by the threat actors using Sunburst.Netresec
January 25, 2021 – Hacker
Hackers Dump Personal Details, Location Info of 2.28 Million Users of MeetMindful Dating Site Full Text
Abstract
The leaked data includes real names, emails, location details, body details, dating preferences, marital status, hashed passwords, Facebook user IDs, Facebook authentication tokens, and IP addresses.ZDNet
January 25, 2021 – Government
Russian Government Agency Warns Firms of US Attack Full Text
Abstract
Alarmist security notice talks of Biden reprisals for SolarWinds campaignInfosecurity Magazine
January 25, 2021 – Breach
Intel: Earnings Leak Down to Internal Error Full Text
Abstract
URL to infographic was mistakenly made publicInfosecurity Magazine
January 25, 2021 – Attack
SonicWall Probes Attack Using Zero-Days in Own Products Full Text
Abstract
SMA 100 Series under investigation after “sophisticated” attackInfosecurity Magazine
January 25, 2021 – Denial Of Service
DDoS Attackers Revive Old Campaigns to Extort Ransom Full Text
Abstract
Threat actors behind a distributed denial-of-service campaign targeted the same set of victims again after the organizations failed to pay the initial ransom, as per a new report by Radware.Bank Info Security
January 25, 2021 – Breach
Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked Full Text
Abstract
Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security...Security Affairs
January 25, 2021 – Accident
Chipmaker Intel reveals that an internal error caused a data leak Full Text
Abstract
Intel Corp. confirmed that an internal error is the cause of a data leak that prompted it to release a quarterly earnings report early and that attackers did not compromise the corporate network.Security Affairs
January 25, 2021 – Insider Threat
Tesla sues former employee for allegedly stealing 26,000 confidential files Full Text
Abstract
Tesla has sued a former employee for allegedly stealing about 26,000 confidential files in his first week of working at the company, according to a court filing seen by AFP.International Business Times
January 24, 2021 – Malware
Beware — A New Wormable Android Malware Spreading Through WhatsApp Full Text
Abstract
A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said. The link to the fake Huawei Mobile app, upon clicking, redirects users to a lookalike Google Play Store website. Once installed, the wormable app prompts victims to grant it notification access, which is then abused to carry out the wormable attack. Specifically, it leverages WhatApp's quick reply feature — which is used to respond to incoming messages directly from the notifications — to send out a reply to a received message automatically. Besides requesting permissions to read notifications, the app also requests intrusive access to run in the background as well as to draw over other apps,The Hacker News
January 24, 2021 – General
Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges Full Text
Abstract
Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in today's threat landscape. While there is much to be gained from a single snapshot, additional value can come from long term data collection and year over year comparisons. We can see whether the effects that recent trends have on pen testing are long term, or simply a temporary shift, and how they affect the continuing evolution of penetration testing. For instance, 2020 saw a massive influx of remote work. Unfortunately, the convenience of working safely from home increased the risk of a breach as countless new attack vectors opened up, both from the way employees connected to networks, as well aThe Hacker News
January 24, 2021 – Botnet
How to Protect Your IoT Devices From Botnet Attacks Full Text
Abstract
IoT devices allow us to connect everything and make our environment smart. However, the technology has always been marred by insecurity, with...Cyber Security News
January 24, 2021 – Insider Threat
Tesla sues former employee for allegedly stealing sensitive docs Full Text
Abstract
Tesla has accused a former employee, a software engineer, of downloading about 26,000 sensitive files and transferring them on his personal Dropbox On Saturday, Tesla sued the former employee Alex Khatilov for allegedly stealing 26,000 confidential...Security Affairs
January 24, 2021 – Insider Threat
Tesla sues former employee for allegedly stealing sensitive docs Full Text
Abstract
Tesla has accused a former employee, a software engineer, of downloading about 26,000 sensitive files and transferring them on his personal Dropbox On Saturday, Tesla sued the former employee Alex Khatilov for allegedly stealing 26,000 confidential...Security Affairs
January 24, 2021 – Hacker
Hacker leaks data of 2.28M users of dating site MeetMindful Full Text
Abstract
A well-known threat actor has leaked data belonging to 2.28 million users registered on the dating website MeetMindful. ZDNet first reported that the well-known threat actor ShinyHunters has leaked the data of more than 2.28 million users registered...Security Affairs
January 24, 2021 – Breach
Data breach at Buyucoin crypto exchange leaks user info, trades Full Text
Abstract
A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free.BleepingComputer
January 24, 2021 – Hacker
Chinese Hacker Group Abusing Cloud Services to Steal Passenger Data From the Airline Industry Full Text
Abstract
According to the recent threat report of the cybersecurity researchers at Fox-IT, there is a hacking group from China that has been...Cyber Security News
January 24, 2021 – Ransomware
Another ransomware now uses DDoS attacks to force victims to pay Full Text
Abstract
Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom.BleepingComputer
January 24, 2021 – General
Security Affairs newsletter Round 298 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Critical flaws in Orbit Fox WordPress plugin allows site takeoverEMA said that hackers manipulated...Security Affairs
January 24, 2021 – Accident
Chipmaker Intel reveals that an internal error caused a data leak Full Text
Abstract
The chipmaker Intel Corp. revealed that an internal error it the root cause of a data leak, it confirmed that corporate network was not impacted. The computer chipmaker Intel Corp. confirmed that an internal error is the cause of a data leak that...Security Affairs
January 24, 2021 – Attack
SonicWall says it was hacked using zero-days in its own products Full Text
Abstract
Networking device maker SonicWall has disclosed that it is investigating a security breach of its internal network after detecting what it described as a "coordinated attack."ZDNet
January 23, 2021 – Policy and Law
ADT employee pleads guilty for accessing cameras installed by the company Full Text
Abstract
A former ADT employee pleads guilty for accessing the cameras he installed at the home of the company's customers in the Dallas area. Telesforo Aviles (35) is a former ADT employee that pleaded for accessing the cameras he installed at the home of the company's...Security Affairs
January 23, 2021 – Attack
SonicWall network attacked via zero days in its VPN and secure access solutions Full Text
Abstract
Cybersecurity firm SonicWall disclosed Friday night that hackers attacked the company’s internal networks by first exploiting zero-day vulnerabilities in its very own secure remote access products. SC Media received an anonymous tip Friday that SonicWall had suffered an attack, but did not get confirmation ahead of the disclosure by the company. SonicWall, whose product line…SCMagazine
January 23, 2021 – Attack
SonicWall firewall maker hacked using zero-day in its VPN device Full Text
Abstract
Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.BleepingComputer
January 23, 2021 – Attack
SonicWall firewall maker attacked using zero-day in its VPN device Full Text
Abstract
Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.BleepingComputer
January 23, 2021 – Hacker
MrbMiner cryptojacking campaign linked to Iranian software firm Full Text
Abstract
Sophos experts believe that an Iranian company is behind a recently uncovered MrbMiner crypto-jacking campaign targeting SQL servers. Sophos researchers that investigated the recently uncovered crypto-mining campaign targeting SQL servers with MrbMiner...Security Affairs
January 23, 2021 – Government
Russian government warns of US retaliatory cyberattacks Full Text
Abstract
The Russian government has issued a security warning to organizations in Russia about possible retaliatory cyberattacks by the USA for the SolarWinds breach.BleepingComputer
January 23, 2021 – Vulnerabilities
Experts Detail A Recent Remotely Exploitable Windows Vulnerability Full Text
Abstract
More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager ( NTLM ) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a "remotely exploitable" flaw found in a vulnerable component bound to the network stack, although exact details of the flaw remained unknown. Now according to researchers from Crowdstrike, the security bug, if left unpatched, could allow a bad actor to achieve remote code execution via an NTLM relay. "This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler MSRPC interface to remotely execute code on the attacked machine," the researchers said in a Friday advisory. NTLM relay attacks are a kind of man-in-the-middle (MitM) attacks that typically permit attackers with access to a network to intercept legitimate autheThe Hacker News
January 23, 2021 – Attack
Security firm SonicWall was victim of a coordinated attack Full Text
Abstract
The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday. The...Security Affairs
January 23, 2021 – Vulnerabilities
Beware! Fully-Functional Released Online for SAP Solution Manager Flaw Full Text
Abstract
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207 , that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end application lifecycle management in distributed environments, acting as a centralized hub for implementing and maintaining SAP systems such as ERP, CRM, HCM, SCM, BI, and others. "A successful exploitation could allow a remote unauthenticated attacker to execute highly privileged administrative tasks in the connected SAP SMD Agents ," researchers from Onapsis said , referring to the Solution Manager Diagnostics toolset used to analyze and monitor SAP systems. The vulnerability, which has the highest possible CVSS base score of 10.0, was addressed by SAP as part of its March 2020 uThe Hacker News
January 23, 2021 – Criminals
A Home Security Tech Hacked Into Cameras To Watch People Undressing And Having Sex, Prosecutors Say Full Text
Abstract
A home security technician admitted that he secretly accessed the cameras of more than 200 customers, particularly attractive women, to spy on while they undressed, slept, or had sex.Buzzfeed
January 23, 2021 – Government
Biden hires ‘world class’ cybersecurity team after massive hack Full Text
Abstract
President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the US government works to recover from one of the biggest hacks of its agencies..Al Jazeera
January 23, 2021 – Government
FSB warns of US cyberattacks after Biden administration comments Full Text
Abstract
The Russian government has issued a security alert warning Russian businesses of potential cyberattacks launched by the United States in response to the SolarWinds incident.ZDNet
January 23, 2021 – Ransomware
Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online Full Text
Abstract
The7stars, a London ad agency, that counts Atlantic Records, Suzuki, and Penguin Random House among its clients has had its files dumped online by the Clop ransomware gang.The Register
January 23, 2021 – Malware
Gamarue malware found in UK Govt-funded laptops for homeschoolers Full Text
Abstract
Reportedly, Bradford school employees received several laptops to aid in homeschooling vulnerable students. However, the laptops came pre-installed with the virus. Many school employees shared virus details on an online forum.Hackread
January 23, 2021 – Criminals
Why North Korea Excels in Cybercrime Full Text
Abstract
Although the US and the United Nations have levied sanctions meant to prevent the illegal financing of nuclear weapons, North Korea is proving to be adept at sidestepping them — and is also remarkably proficient at cybercrime.Dark Reading
January 23, 2021 – Ransomware
Hackers publish thousands of files after government agency refuses to pay ransom Full Text
Abstract
The hackers behind the ransomware attack on the Scottish Environment Protection Agency (SEPA) have published thousands of stolen files after the organisation refused to pay the ransom.ZDNet
January 23, 2021 – Botnet
DreamBus Botnet Targets Linux Systems Full Text
Abstract
DreamBus presents a serious threat because of the many components it uses to spread via the internet and the wormlike behavior that enables it to move laterally once inside a targeted system, ThreatLabz says.Gov Info Security
January 22, 2021 – Denial Of Service
In second attack DDoS group demands 5 bitcoin payment Full Text
Abstract
Five Radware customers received extortion letters in December and January threatening a DDoS attack if they did not pay five bitcoin (worth about $200,000) from a group that wanted the victims to believe they were from Fancy Bear, Lazarus Group and the Armada Collective. The threat group first attacked late last summer and in the…SCMagazine
January 22, 2021 – Breach
Bonobos clothing store suffers a data breach, hacker leaks 70GB database Full Text
Abstract
Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after a cloud backup was downloaded by a threat actor. The corporate systems were not breached by the attacker.BleepingComputer
January 22, 2021 – Ransomware
The Week in Ransomware - January 22nd 2021 - Calm before the storm Full Text
Abstract
Ransomware news is slow this week, with mostly small ransomware variants being released and a small number of attacks reported.BleepingComputer
January 22, 2021 – Government
After big hack of U.S. government, Biden enlists ‘world class’ cybersecurity team Full Text
Abstract
President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials, investigators, and cyber experts.Reuters
January 22, 2021 – General
Hillicon Valley: Intelligence agency gathers US smartphone location data without warrants, memo says | Democrats seek answers on impact of Russian hack on DOJ, courts | Airbnb offers Biden administration help with vaccine distribution Full Text
Abstract
THE GOVERNMENT IS WATCHING: Analysts at the Defense Intelligence Agency (DIA) have purchased databases of U.S. smartphone location data in recent years without a warrant, agency officials wrote in a memo to a top Senate Democrat.The Hill
January 22, 2021 – Vulnerabilities
Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account Full Text
Abstract
Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed " KindleDrip ," the exploit chain takes advantage of a feature called " Send to Kindle " to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary code on the device and make unauthorized purchases. "The code runs as root, and the attacker only needs to know the email address assigned to the victim's device," said Yogev Bar-On, a security researcher for Readlmode Labs, in a technical write-up on Thursday. The first vulnerability lets a bad actor send an e-book to a Kindle, the second flaw allows for remote code execution while the e-book is parsed, and a third issue makes it possible to escalate privileges and run the code as the "root" user. When linked together, these weaknessesThe Hacker News
January 22, 2021 – General
New Cyber-attack Advice for European Hospitals Full Text
Abstract
EDPB wants hospitals to tell patients if their treatment is being delayed due to a cyber-attackInfosecurity Magazine
January 22, 2021 – General
The SolarWinds Hack Can Directly Affect Control Systems Full Text
Abstract
The SolarWinds breach demonstrates that cyberattacks against IT infrastructure can have OT impact, which could compromise control systems and create real-world harm.Lawfare
January 22, 2021 – Government
FSB warns Russian businesses of cyber attacks as retaliation for SolarWinds hack Full Text
Abstract
Russian authorities are alerting Russian organizations of potential cyberattacks launched by the United States in response to SolarWinds attack. The Russian intelligence agency FSB has issued a security alert this week warning Russian organizations...Security Affairs
January 22, 2021 – Solution
Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs Full Text
Abstract
Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.SCMagazine
January 22, 2021 – Ransomware
Ransomware Attackers Publish 4K Private Scottish Gov Agency Files Full Text
Abstract
Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve.Threatpost
January 22, 2021 – Vulnerabilities
SAP SolMan exploit released for max severity pre-auth flaw Full Text
Abstract
Fully-functional exploit code is now publicly available for a maximum severity pre-auth vulnerability impacting default configurations of an SAP Solution Manager (SolMan) component.BleepingComputer
January 22, 2021 – Malware
New FreakOut Malware Actively Targeting Linux Devices Full Text
Abstract
Researchers reported FreakOut botnet, whose capabilities range from scanning ports and stealing data to launching DDoS and cryptomining attacks, targets unpatched Linux systems.Cyware Alerts - Hacker News
January 22, 2021 – Government
Democrats seek answers on impact of Russian cyberattack on Justice Department, Courts Full Text
Abstract
A group of Senate Democrats led by Sen. Richard Blumenthal (Conn.) this week sought to get answers on the impact of the recently discovered breach of IT group SolarWinds on the Department of Justice (DOJ) and the U.S. Courts (AO), both of which were compromised.The Hill
January 22, 2021 – General
Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With! Full Text
Abstract
Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work interactions take the place of in-person ones with near-seamless fluidity, and the best part is that going remote helps companies save their cash in this bootstrapped time. But while the ability to work from anywhere has truly been essential to keeping businesses and the economy functional, it has opened up new challenges that need to be addressed. Your Devices Are Your Weakest Link With nearly ⅔ of employees still working remotely to some degree, the boundaries that once separated work and home have been completely washed away. A major ramification of this shift has been an increase in the volume of corporate and non-corporate devices connecting from remote to sensitiveThe Hacker News
January 22, 2021 – Criminals
Home Security Technician Admits Spying on Customers Full Text
Abstract
Security technician hacked into customers’ home surveillance cameras for sexual gratificationInfosecurity Magazine
January 22, 2021 – Vulnerabilities
KindleDrip exploit – Hacking a Kindle device with a simple email Full Text
Abstract
KindleDrip: Amazon addressed a number of flaws affecting the Kindle e-reader that could have allowed an attacker to take control of victims' devices. Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that...Security Affairs
January 22, 2021 – Business
2021 to bring ‘phase two’ of remote access investment for enterprises Full Text
Abstract
As work from home extends into 2021, remote access performance and security will continue to dominate enterprise budgets and priorities. Accommodating remote users “long-term will lead to phase two of remote access investment,” according to a report from Cato Networks that surveyed 2,376 IT leaders about budgets, purchase plans, future of remote work and secure…SCMagazine
January 22, 2021 – Denial Of Service
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks Full Text
Abstract
Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.Threatpost
January 22, 2021 – Breach
Bonobos clothing store confirms breach after hacker leaks 70GB database Full Text
Abstract
Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information.BleepingComputer
January 22, 2021 – Vulnerabilities
Shazam Vulnerability exposed location of Android, iOS users Full Text
Abstract
Due to Shazam having been acquired then by Apple, the researcher was asked to take up the issue with Apple which led the flaw to be finally patched on March 26, 2019, both on iOS and Android.Hackread
January 22, 2021 – Policy and Law
House lawmakers reintroduce bipartisan bill to weed out foreign disinformation on social media Full Text
Abstract
Reps. Abigail Spanberger (D-Va.) and John KatkoJohn Michael KatkoRep. John Katko: Why I became the first Republican lawmaker to support impeachment NY Republican says cybersecurity will be a high priority for Homeland Security panel Upton becomes first member of Congress to vote to impeach two presidents MORE (R-N.Y.) on Friday reintroduced legislation intended to cut down on foreign disinformation and propaganda spread on social media, in particular following a spike in the content after the presidential election and during the COVID-19 pandemic.The Hill
January 22, 2021 – Criminals
Court Date for Woman Accused in Theft of Pelosi’s Laptop Full Text
Abstract
Pennsylvanian suspected of helping to steal Nancy Pelosi’s laptop to appear before federal court on MondayInfosecurity Magazine
January 22, 2021 – Criminals
Data of 2 million MyFreeCams users sold on a hacker forum Full Text
Abstract
A threat actor was offering for sale on a hacker forum data from 2 million users allegedly stolen from the adult streaming site MyFreeCams. A threat actor was offering for sale on a hacker forum a database containing user records allegedly stolen...Security Affairs
January 22, 2021 – General
New cyber council tackles infosec challenges from a tech perspective Full Text
Abstract
Cybercrime is a plague on all industries, but a technology-borne problem at its core. So it makes sense that leading IT experts and infosec solution providers would step up to provide key advice to the tech community on how to protect customers from prevalent cyberthreats. To that end, the nonprofit IT trade association CompTIA this month officially…SCMagazine
January 22, 2021 – Hacker
Intel: Hackers stole unpublished earnings info from corporate site Full Text
Abstract
Intel disclosed on Thursday that unknown threat actors stole an infographic containing info on the company's fourth-quarter and full-year 2020 financial results.BleepingComputer
January 22, 2021 – Vulnerabilities
Dnsmasq Vulnerabilities Threaten DNS Integrity Full Text
Abstract
Israeli researchers shared details on seven extremely critical DNS-related vulnerabilities, tracked as DNSpooq, exposing millions of devices to a variety of DNS cache poisoning attacks.Cyware Alerts - Hacker News
January 22, 2021 – Solution
Defense More Effective Than Offense in Curbing Nation State Threat Actors Full Text
Abstract
Innovative cybersecurity solutions key to preventing attacks such as SolarWindsInfosecurity Magazine
January 22, 2021 – Denial Of Service
Abusing Windows RDP servers to amplify DDoS attacks Full Text
Abstract
Threat actors are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. Attackers are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. The...Security Affairs
January 22, 2021 – Vulnerabilities
Drupal releases fix for critical vulnerability with known exploits Full Text
Abstract
Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild.BleepingComputer
January 22, 2021 – Vulnerabilities
Windows-native PDF viewers vulnerable to multiple attack techniques Full Text
Abstract
The vast majority of the most popular Windows-native PDF viewers were vulnerable to multiple attack techniques exploiting standard PDF features, a team of security researchers has discovered.The Daily Swig
January 22, 2021 – Privacy
ICO Urged to Investigate Secretive Tory Party Consultancy Full Text
Abstract
GDPR concerns over role of CT Partners in 2019 electionInfosecurity Magazine
January 22, 2021 – Criminals
Cybercriminals Resort to Shady Ad Practices that Rip Off Users Full Text
Abstract
A report from Group-IB revealed that classified ads scammers have earned more than $6.5 million in 2020, from buyers in a widespread operation dubbed Classiscam.Cyware Alerts - Hacker News
January 22, 2021 – Breach
Human Error to Blame as Exposed Records Top 37 Billion in 2020 Full Text
Abstract
Breach volumes drop but ‘breached’ records surge 141%Infosecurity Magazine
January 22, 2021 – Vulnerabilities
Retail and hospitality sector fixing software flaws at a faster rate than others Full Text
Abstract
The retail and hospitality sector is fixing software flaws at a faster rate than five other sectors, a recent Veracode analysis of more than 130,000 applications reveals.Help Net Security
January 22, 2021 – Malware
More Malware May Be Lurking on Govt School Laptops Full Text
Abstract
Scheme to support remote learning backfiresInfosecurity Magazine
January 22, 2021 – Skimming
Magento PHP Injection Loads JavaScript Skimmer Full Text
Abstract
To avoid getting detected, the skimmer is loaded using the PHP function file_get_contents and an obfuscated URL, while ensuring that the user is on the checkout page and not logged in as admin.Sucuri
January 22, 2021 – Attack
MyFreeCams site hacked to steal info of 2 million paying users Full Text
Abstract
A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.BleepingComputer
January 22, 2021 – Vulnerabilities
Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover Full Text
Abstract
Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address.Security Week
January 22, 2021 – Vulnerabilities
Drupal fixed a new flaw related PEAR Archive_Tar library Full Text
Abstract
Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR...Security Affairs
January 22, 2021 – Business
Israeli cybersecurity firms raised record $2.9 billion in 2020 amid pandemic Full Text
Abstract
Israel’s cybersecurity industry accounted for 31% of global investments in the sector in 2020, putting the nation in second place after the US, the National Cyber Directorate said.The Times of Israel
January 22, 2021 – Attack
MyFreeCams Hacked: 2 Million User Records Sold Online Full Text
Abstract
The data was allegedly exfiltrated from the company servers in December 2020 by carrying out an SQL injection attack, and includes 2 million user records of MyFreeCams Premium members.Cyber News
January 22, 2021 – Vulnerabilities
Vulnerability with VLC Player 3.0.11 Let Attackers Execute Code Remotely Full Text
Abstract
VLC is a free and open-source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs,...Cyber Security News
January 22, 2021 – Hacker
Winnti Continues to Pursue Game Developers and Publishers Using FunnySwitch Backdoor Full Text
Abstract
Cybersecurity experts divulged the details about a cyberattack campaign by the Chinese hacker group, Winnti, that has been targeting organizations in Russia and Hong Kong.Cyware Alerts - Hacker News
January 22, 2021 – Vulnerabilities
DNSpooq Vulnerability In DNS software Let Attackers hijack Millions of Network Devices Full Text
Abstract
Recently, cybersecurity experts have detected nearly 7 vulnerabilities in a very popular DNS software set that has been executed in routers and...Cyber Security News
January 21, 2021 – Hacker
Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years Full Text
Abstract
The effectiveness of this operation serves as a reminder of the risks of openly sharing and storing plain-text network credentials or sensitive network access instructions on internet-accessible apps or servers.SCMagazine
January 21, 2021 – General
Hillicon Valley: Biden names acting chairs to lead FCC, FTC | Facebook to extend Trump ban pending review | Judge denies request for Amazon to immediately restore Parler Full Text
Abstract
The Hill
January 21, 2021 – Phishing
Thousands of BEC lures use Google Forms in recon campaign Full Text
Abstract
Researchers say they have observed thousands of messages using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to launch future business email compromises (BECs). The attackers used Google Forms to bypass email security content filters based on keywords, according to a blog released Wednesday by Proofpoint Threat…SCMagazine
January 21, 2021 – Malware
Dovecat crypto-miner is targeting QNAP NAS devices Full Text
Abstract
QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting...Security Affairs
January 21, 2021 – General
70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw Full Text
Abstract
With public administration apps, the number that went a year with an unpatched security flaw dropped to 67 percent, and nine other sectors ranged between 50 and 60 percent, according to research from WhiteHat Security.SCMagazine
January 21, 2021 – Covid-19
Biden’s COVID strategy includes Intel review of cyber risks to vaccine rollout Full Text
Abstract
President Biden is tapping his new head of national intelligence to assess cyber and foreign interference risks to the vaccine process as part of the administration's plan to tackle the coronavirus pandemic.The Hill
January 21, 2021 – Ransomware
CISA launches ransomware education program Full Text
Abstract
The effort encourages governments, schools and private companies to take steps to protect their systems and data from ransomware.SCMagazine
January 21, 2021 – Denial Of Service
Windows Remote Desktop servers now used to amplify DDoS attacks Full Text
Abstract
Windows Remote Desktop Protocol (RDP) servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service (DDoS) attacks.BleepingComputer
January 21, 2021 – Malware
SQL Server Malware Tied to Iranian Software Firm, Researchers Allege Full Text
Abstract
Researchers have traced the origins of a campaign – infecting SQL servers to mine cryptocurrency – back to an Iranian software firm.Threatpost
January 21, 2021 – Denial Of Service
DDoS booters use Windows Remote Desktop servers to amplify attacks Full Text
Abstract
Windows Remote Desktop Protocol (RDP) servers are being abused as an amplification vector by DDoS-for-hire services (aka booters or stressers) to launch Distributed Denial of Service (DDoS) attacks.BleepingComputer
January 21, 2021 – Vulnerabilities
Joe Biden’s Peloton bike may pose cybersecurity risk, experts warn Full Text
Abstract
It is not the first time the issue has been raised. A 2017 review revealed that former first lady Michelle Obama had been supplied with a modified Peloton that came without a camera or microphone.The Guardian
January 21, 2021 – Ransomware
Truckers’ Medical Records Leaked Full Text
Abstract
Ransomware attack on Virginia healthcare provider may have exposed medical records of transport workersInfosecurity Magazine
January 21, 2021 – General
Look for GDPR fines to increase, extend beyond breaches Full Text
Abstract
So far, U.S. companies have felt the brunt of regulators’ displeasure. The highest GDPR fine so far – $57 million – was imposed on Google by French regulators, though Marriott may have to pony up $123 million.SCMagazine
January 21, 2021 – Ransomware
Ransomware provides the perfect cover Full Text
Abstract
Attackers are using ransomware to their advantage as it gives them the perfect cover to divert attention so as to focus on exfiltrating IP, research, and other valuable data from corporate networks.Help Net Security
January 21, 2021 – Covid-19
COVID-19 Phishing Lures Still Working for Cyber Adversaries Full Text
Abstract
The COVID-19 related phishing attempts have evolved over time. Besides leaking patients' lab results online, hackers are now manipulating stolen vaccine data from Pfizer and BioNTech.Cyware Alerts - Hacker News
January 21, 2021 – Policy and Law
France Arrests 14 Over Online Child Sexual Abuse Full Text
Abstract
Europol and French police arrest 14 on suspicion of participating in online child sexual abuseInfosecurity Magazine
January 21, 2021 – Ransomware
Ransomware Took Heavy Toll on US in 2020: Researchers Full Text
Abstract
Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report.Security Week
January 21, 2021 – Solution
Microsoft Edge gets a password generator, leaked credentials monitor Full Text
Abstract
Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version.BleepingComputer
January 21, 2021 – Ransomware
FIN11 Attackers are Now Using Clop Ransomware Full Text
Abstract
Researchers shed light on how a cybercriminal group is trying to step into bigger shoes by collaborating with attackers behind the Clop ransomware in its recent operations.Cyware Alerts - Hacker News
January 21, 2021 – Hacker
Magecart Groups Rest Underneath Bulletproof Services Full Text
Abstract
According to RiskIQ, several Magecart groups have been hiding phishing domains and malicious tools on a bulletproof hosting service known as Media Land since 2018.Cyware Alerts - Hacker News
January 21, 2021 – Vulnerabilities
Exploit Allows Root Access to SAP Full Text
Abstract
Functional exploit affecting SAP made available to threat actors via GitHubInfosecurity Magazine
January 21, 2021 – Phishing
Passwords stolen via phishing campaign available through Google search Full Text
Abstract
Bad ops of operators of a phishing campaign exposed credentials stolen in attacks and made them publicly available through Google queries. Check Point Research along with experts from cybersecurity firm Otorio shared details on their investigation...Security Affairs
January 21, 2021 – Ransomware
Federal cyber agency announces new campaign to fight ransomware attacks Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday rolled out a new public awareness campaign to push back against the plague of ransomware cyberattacks that have increasingly targeted governments and the nation’s education systems.The Hill
January 21, 2021 – Government
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration Full Text
Abstract
During Senate confirmation hearings, President Joe Biden's nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.Dark Reading
January 21, 2021 – Business
Valtix raises $12.5 million as cloud native security becomes more urgent Full Text
Abstract
The company announced it has raised $12.5 million in venture capital from strategic partners Cisco Investments and The Syndicate Group, as well as venture firm Northgate Capital.Venture Beat
January 21, 2021 – Malware
UK govt gives malware infected laptops to vulnerable students Full Text
Abstract
Some of the laptops distributed by the UK Department for Education (DfE) to vulnerable students have been found to be infected with malware as reported by the BBC.BleepingComputer
January 21, 2021 – Attack
CHwapi hospital hit by Windows BitLocker encryption cyberattack Full Text
Abstract
The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker.BleepingComputer
January 21, 2021 – Criminals
Hackers Leak 325,000 User Records of BuyUCoin Crypto Exchange on the Dark Web Full Text
Abstract
The leaked data included names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details, and deposit history of users based in India.The Times Of India
January 21, 2021 – Vulnerabilities
Experts warn of scanning activity for critical SAP SolMan flaw after the release of exploit Full Text
Abstract
Experts warn of automated scanning activity for servers affected by a critical SAP SolMan flaw after the release of an exploit code. Experts warn of an automated scanning activity for servers affected by vulnerabilities in SAP software, attackers...Security Affairs
January 21, 2021 – Phishing
Attackers Perform BEC Target Selection Using Google Forms Full Text
Abstract
This hybrid campaign combines the benefits of scale and legitimacy by leveraging Google Services with social engineering attacks, more commonly associated with BEC schemes.Proofpoint
January 21, 2021 – Vulnerabilities
Oracle’s January 2021 CPU Contains 329 New Security Patches Full Text
Abstract
The January 2021 CPU also includes fixes for CVE-2020-14750, an exploited vulnerability in WebLogic Server, which Oracle addressed with the release of an out-of-band update on November 1, 2020.Security Week
January 21, 2021 – Malware
QNAP warns users to secure NAS devices against Dovecat malware Full Text
Abstract
QNAP urges customers to secure their network-attached storage (NAS) devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge.BleepingComputer
January 21, 2021 – General
Most CISOs believe that human error is the biggest risk for their organization Full Text
Abstract
53% of CISOs and CSOs in the UK&I reported that their organization suffered at least one significant cyberattack in 2020, with 14% experiencing multiple attacks, a Proofpoint survey reveals.Help Net Security
January 21, 2021 – Hacker
Hacker blunder leaves stolen passwords exposed via Google search Full Text
Abstract
Hackers hitting thousands of organizations worldwide in a massive phishing campaign forgot to protect their loot and let Google the stolen passwords for public searches.BleepingComputer
January 21, 2021 – Vulnerabilities
Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw Full Text
Abstract
The flaw is a missing authorization check in the EEM Manager component of SolMan, which could allow an unauthenticated, remote attacker to execute operating system commands on hosts, as the SMDAgent.Security Week
January 21, 2021 – Malware
MrbMiner Crypto-Mining Malware Links to Iranian Software Company Full Text
Abstract
A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company's name inadvertently making its way into the cryptominer code. First documented by Chinese tech giant Tencent last September, MrbMiner was found to target internet-facing MSSQL servers with the goal of installing a cryptominer, which hijacks the processing power of the systems to mine Monero and funnel them into accounts controlled by the attackers. The name "MrbMiner" comes after one of the domains used by the group to host their malicious mining software. "In many ways, MrbMiner's operations appear typical of most cryptominer attacks we've seen targeting internet-facing servers," said Gabor SzappaThe Hacker News
January 21, 2021 – Business
Barmak Meftah Joins Board of Directors at Nozomi Networks Full Text
Abstract
Meftah brings 25 years of experience to IoT and OT security firmInfosecurity Magazine
January 21, 2021 – Malware
SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation Full Text
Abstract
Microsoft's report provides details of the entire SolarWinds attack chain with a deep dive in the second-stage activation of malware and tools. Microsoft published a new report that includes additional details of the SolarWinds supply chain attack....Security Affairs
January 21, 2021 – Privacy
Google Forms Set Baseline For Widespread BEC Attacks Full Text
Abstract
Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms.Threatpost
January 21, 2021 – Vulnerabilities
Security Bug in YouTube Exposes Viewing History, Playlists of Users Full Text
Abstract
Opening a website with an embedded YouTube video potentially allowed miscreants to access a user’s viewing history, favorites, and playlists, due to a security bug in the embedded player.The Daily Swig
January 21, 2021 – Hacker
Here’s How SolarWinds Hackers Stayed Undetected for Long Enough Full Text
Abstract
Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated attacks in recent history. Calling the threat actor "skillful and methodic operators who follow operations security (OpSec) best practices," the company said the attackers went out of their way to ensure that the initial backdoor ( Sunburst aka Solorigate) and the post-compromise implants ( Teardrop and Raindrop ) are separated as much as possible so as to hinder efforts to spot their malicious activity. "The attackers behind Solorigate are skilled campaign operators who carefully planned and executed the attack, remaining elusive while maintaining persistence," researchers from Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)The Hacker News
January 21, 2021 – General
Global Cybersecurity Spending to Soar 10% in 2021 Full Text
Abstract
Canalys best-case predictions could see market surge to $60bnInfosecurity Magazine
January 21, 2021 – Ransomware
Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data Full Text
Abstract
Some organizations that fall victim to ransomware attacks are paying ransoms to the hackers despite being able to restore their networks from backups, so as to prevent hackers publishing stolen data.ZDNet
January 21, 2021 – General
Importance of Application Security and Customer Data Protection to a Startup Full Text
Abstract
When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent (probably even more!) to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at the bottom of your things-to-do list. One other reason to ignore web application protectioncould be your belief that only large enterprises are prone to data breaches, and your startup is hardly noticeable to become a target. Well, these eye-opening statistics prove otherwise. 43% of security attacks target small businesses New small businesses witnessed a 424% rise in security breaches in 2019 60% of small businesses close within six months of cyberattacks SMEs can lose more than $2.2 million a year to cyberattacks How Can Cyber Breaches Impact Your Startup? Unless you belong to the category of data security startups , which are thoroughly familiar with the importance of a secure web app, your startup can fThe Hacker News
January 21, 2021 – General
Security Biggest Barrier to Cloud Adoption for Over Half of UK Firms Full Text
Abstract
28% of orgs targeted by cloud hacking attempt since the pandemicInfosecurity Magazine
January 21, 2021 – General
Microsoft: How ‘zero trust’ can protect against sophisticated hacking attacks Full Text
Abstract
To prevent sophisticated hacking attacks, Microsoft is recommending organizations adopt a "zero trust mentality", which disavows the assumption that everything inside an IT network is safe.ZDNet
January 21, 2021 – Hacker
Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet Full Text
Abstract
A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the attacks aimed specifically at energy and construction companies, said researchers from Check Point Research today in a joint analysis in partnership with industrial cybersecurity firm Otorio. Although phishing campaigns engineered for credential theft are among the most prevalent reasons for data breaches, what makes this operation stand out is an operational security failure that led to the attackers unintentionally exposing the credentials they had stolen to the public Internet. "With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker," the researchers said . The attack chain commThe Hacker News
January 21, 2021 – Malware
LuckyBoy Multi-stage Malvertising Campaign Targets iOS, Android, XBox Users Full Text
Abstract
Should it run on a target environment, the malware executes a tracking pixel programmed to redirect the user to malicious content, including phishing pages and fake software updates.Security Week
January 21, 2021 – Criminals
Threat Actor Dumps 1.9 Million Pixlr Records Online Full Text
Abstract
ShinyHunters claims to have emails and hashed passwordsInfosecurity Magazine
January 21, 2021 – Attack
Microsoft Releases New Info on SolarWinds Attack Chain Full Text
Abstract
More than one month after the SolarWinds breach that impacted numerous organizations was first uncovered, new details of the sophisticated operation continue to trickle out.Dark Reading
January 21, 2021 – Phishing
Interpol: Dating App Victims Lured into Investment Scams Full Text
Abstract
Police body sends alert to 194 member countriesInfosecurity Magazine
January 21, 2021 – Government
Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig Full Text
Abstract
Michael Sulmeyer, a senior adviser to National Security Agency and U.S. Cyber Command leader Gen. Paul Nakasone, will take the position of senior director for cyber in the Biden White House.Cyberscoop
January 21, 2021 – Phishing
Scammers Are Sending Fake Job Offers on LinkedIn Full Text
Abstract
Online scammers are sending fake job offers to professionals on LinkedIn, impersonating real HR employees in an attempt to lure victims to share their banking information.Motherboard Vice
January 21, 2021 – Vulnerabilities
Cisco fixed multiple flaws in Cisco SD-WAN products and Smart Software Manager Satellite Web UI Full Text
Abstract
Cisco fixed multiple flaws in Cisco SD-WAN products that could allow an unauthenticated, remote attacker to execute attacks against its devices. Cisco released security updates to address multiple flaws in Cisco SD-WAN products could allow an unauthenticated,...Security Affairs
January 21, 2021 – Malware
Hundreds of Networks Still Host Devices Infected With VPNFilter Malware Full Text
Abstract
The VPNFilter malware is still present in hundreds of networks and malicious actors could take control of the infected devices, according to researchers at cybersecurity firm Trend Micro.Security Week
January 21, 2021 – General
EDPB Publishes Guidelines on Examples regarding Data Breach Notification Full Text
Abstract
The Guidelines complement the initial Guidelines on personal data breach notification under the EU General Data Protection Regulation (“GDPR”) adopted by the Article 29 Working Party in February 2018.Hunton Privacy Blog
January 20, 2021 – General
Reliance on cloud, APIs create confusion and introduce risk into software development Full Text
Abstract
Businesses are increasingly hosting their applications in public or private clouds while using APIs to speed up the development process. Both shifts come with security implications.SCMagazine
January 20, 2021 – General
Hillicon Valley: QAnon followers struggle to explain Biden inauguration | Trump pardons ex-Google, Uber engineer who plead guilty to stealing trade secrets | Amazon offers to help Biden with vaccine distribution Full Text
Abstract
QHAOS: Some QAnon followers are losing hope in the conspiracy as yet another one of its predictions - that Donald Trump would remain president and arrest top Democrats for their participation in child trafficking rings - failed to pass.The Hill
January 20, 2021 – Attack
Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems Full Text
Abstract
Based on the malware features, the researchers said the attackers use the compromised systems for further attacks, spreading laterally across the victim company’s network, or launching attacks on outside targets while masquerading as the compromised company.SCMagazine
January 20, 2021 – General
Reliance on cloud, APIs create confusion and introduce risk into software development Full Text
Abstract
Businesses are increasingly hosting their applications in public or private clouds while using APIs to speed up the development process. Both shifts come with security implications.SCMagazine
January 20, 2021 – Policy and Law
Last-minute Trump order adds new security regulation to cloud providers Full Text
Abstract
An eleventh-hour executive order will require infrastructure-as-a-service providers to log the identity of foreign clients. The executive order will stand, unless specifically repealed by new President Joe Biden.SCMagazine
January 20, 2021 – Vulnerabilities
Logic bugs found in popular apps, including Signal and FB Messenger Full Text
Abstract
Flaws in popular messaging apps, such as Signal and FB Messenger allowed to force a target device to transmit audio to an attacker device. Google Project Zero security researcher Natalie Silvanovich found multiple flaws in popular video conferencing...Security Affairs
January 20, 2021 – Vulnerabilities
Critical Cisco SD-WAN Bugs Allow RCE Attacks Full Text
Abstract
Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.Threatpost
January 20, 2021 – Ransomware
CISO lends voice to MSPs and their small-biz clients in ransomware battle Full Text
Abstract
Ryan Weeks is CISO at Datto, a founding member of the Institute for Security and Technology’s new anti-ransomware initiative. He spoke to SC Media about the segment of the business community that he believes to be underserved by efforts to counter ransomware.SCMagazine
January 20, 2021 – Hacker
Microsoft shares how SolarWinds hackers evaded detection Full Text
Abstract
Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies.BleepingComputer
January 20, 2021 – Vulnerabilities
NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs Full Text
Abstract
The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory.Threatpost
January 20, 2021 – Policy and Law
Kentucky Senior Arrested for Identity Theft Full Text
Abstract
US police arrest two women in cybercrime case involving stolen identitiesInfosecurity Magazine
January 20, 2021 – Vulnerabilities
Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager Full Text
Abstract
Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.BleepingComputer
January 20, 2021 – Policy and Law
Trump Pardons Google Trade Secret Thief Full Text
Abstract
Former Waymo exec who passed Google trade secret to Uber pardoned by outgoing US presidentInfosecurity Magazine
January 20, 2021 – Solution
Google Chrome now checks for weak passwords, helps fix them Full Text
Abstract
Google has added a new feature to the Chrome web browser that will make it easier for users to check if their stored passwords are weak and easy to guess.BleepingComputer
January 20, 2021 – Malware
ElectroRAT: Yet Another Golang Multi-Platform Malware Full Text
Abstract
Security experts have raised an alarm against a new threat, dubbed ElectroRat, luring Windows, Linux, and macOS users to download malicious applications to embezzle cryptocurrency.Cyware Alerts - Hacker News
January 20, 2021 – Government
US Marines Create “Blue Team” Full Text
Abstract
Marine Corps establishes adversarial cyber-assessment "Blue Team"Infosecurity Magazine
January 20, 2021 – Hacker
Chimera Group Now Targeting Cloud Services Full Text
Abstract
Security researchers are reporting a threat group taking advantage of Microsoft and Google cloud services to pilfer data from a broad range of target organizations.Cyware Alerts - Hacker News
January 20, 2021 – Attack
Malwarebytes Hit by SolarWinds Attackers Full Text
Abstract
The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365.Threatpost
January 20, 2021 – Breach
Hacker leaks full database of 77 million Nitro PDF user records Full Text
Abstract
A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.BleepingComputer
January 20, 2021 – Government
Trump pardons ex-Google, Uber engineer who plead guilty to stealing trade secrets Full Text
Abstract
President Trump early Wednesday pardoned former Google and Uber engineer Anthony Levandowski, who was indicted in 2019 for stealing trade secrets from Google’s self-driving cars program.The Hill
January 20, 2021 – Phishing
Investment Scammers Prey on Dating App Users, Interpol Warns Full Text
Abstract
Users of dating apps – like Tinder, Match and Bumble – should be on the lookout for investment-fraud scammers.Threatpost
January 20, 2021 – Vulnerabilities
Chrome 88 Drops Flash, Patches Critical Vulnerability Full Text
Abstract
The new browser iteration arrives with patches for a total of 36 vulnerabilities. The flaws can be exploited if the user visits or is redirected to a specially crafted webpage.Security Week
January 20, 2021 – General
Panel Reflects on How Orgs Should Approach Security in 2021 Full Text
Abstract
Organizations need to embrace transparency regarding their cybersecurityInfosecurity Magazine
January 20, 2021 – Criminals
Hacker posts 1.9 million Pixlr user records for free on forum Full Text
Abstract
A hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks.BleepingComputer
January 20, 2021 – Criminals
Hacker posts 1.4 million Pixlr user records for free on forum Full Text
Abstract
A hacker has leaked 1.4 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks.BleepingComputer
January 20, 2021 – Vulnerabilities
Bugs in Facebook, Google chat, JioChat Let Attackers Spy on the Users Full Text
Abstract
Google’s Project Zero security researcher, Natalie Silvanovich discovered a serious vulnerability in Group FaceTime which allowed an attacker to call a target...Cyber Security News
January 20, 2021 – Breach
US spinal care practice among first to issue healthcare data breach warning in 2021 Full Text
Abstract
Precision Spine Care, a Texas-based spinal care center, has warned of a potential data breach after an unauthorized individual gained access to an employee email account to fraudulently divert funds.The Daily Swig
January 20, 2021 – Vulnerabilities
Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps Full Text
Abstract
In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group chats feature altogether before the issue was resolved in a subsequent iOS update. Since then, a number of similar shortcomings have been discovered in multiple video chat apps such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger — all thanks to the work of Google Project Zero researcher Natalie Silvanovich. "While [the Group FaceTime] bug was soon fixed, the fact that such a serious and easy to reach vulnerability had occurred due to a logic bug in a calling state machine — an attack scenario I had never seen considered on any platform — made me wonder whether other staThe Hacker News
January 20, 2021 – General
#Inauguration2021: Cyber-Experts React as Joe Biden Set to Become 46th US President Full Text
Abstract
Cybersecurity discussed as Biden/Kamala Harris administration beginsInfosecurity Magazine
January 20, 2021 – Business
Livecoin halted operations after the December attack Full Text
Abstract
The Russian cryptocurrency exchange Livecoin has announced it is terminating its operation following the December cyberattack. The Russian cryptocurrency exchange was hacked on Christmas Eve, it published a message on its website warning customers...Security Affairs
January 20, 2021 – General
With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge Full Text
Abstract
Washington, D.C. is on high alert, extending a special designation for security that always applies to inaugurations to Jan. 21, and calling in the National Guard. But in the wake of the attack on the Capitol, protection of digital assets is paramount.SCMagazine
January 20, 2021 – Vulnerabilities
Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms Full Text
Abstract
Mystery of spying using popular chat apps uncovered by Google Project Zero researcher.Threatpost
January 20, 2021 – Breach
Defunct social media app Fleek exposed explicit photos of users Full Text
Abstract
The team of researchers at VpnMentor discovered 377,000 files stored in the misconfigured 32 GB AWS S3 bucket. The exposed data included private photos of users and also bot scripts.Hackread
January 20, 2021 – Vulnerabilities
Retail and Hospitality Facing Deluge of Critical Web App Flaws Full Text
Abstract
Sector has one of the worst rates of high severity bugsInfosecurity Magazine
January 20, 2021 – Solution
FireEye releases an auditing tool to detect SolarWinds hackers’ activity Full Text
Abstract
Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers breached its networks. Cybersecurity firm FireEye has released a report that sheds the light on the SolarWinds attack and the way hackers...Security Affairs
January 20, 2021 – Ransomware
Over 560 US healthcare companies hit by ransomware in 2020 Full Text
Abstract
As per a study by Emsisoft, the year 2020 witnessed over 560 US healthcare companies being hit by ransomware, causing EHR downtime, ambulance diversion, inaccessible lab tests, and more.Cybersecurity Insiders
January 20, 2021 – Hacker
Malwarebytes: SolarWinds Hackers Read Our Emails Full Text
Abstract
Security vendor the latest victim to come forwardInfosecurity Magazine
January 20, 2021 – Hacker
Chinese Hacking Group Chimera Launched Attacks Against Airline Industry to Steal Passenger Details Full Text
Abstract
A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest.ZDNet
January 20, 2021 – General
Quarter of Orgs Don’t Offer Cybersecurity Training Due to Lack of Budget Full Text
Abstract
28% of businesses offer no cybersecurity training at allInfosecurity Magazine
January 20, 2021 – Vulnerabilities
Microsoft to Launch ‘Enforcement Mode’ for Zerologon Flaw Full Text
Abstract
Microsoft has warned security admins that starting with its February 9 security update, it will enable Domain Controller (DC) enforcement mode by default as a means of addressing the Zerologon flaw.Dark Reading
January 20, 2021 – Malware
Coin-Mining Malware Volumes Soar 53% in Q4 2020 Full Text
Abstract
Surging value of digital currencies is sparking fresh interestInfosecurity Magazine
January 20, 2021 – Vulnerabilities
Multiple vulnerabilities discovered in PrusaSlicer Full Text
Abstract
Two functions in the software could be exploited with specially crafted OBJ and AMF files to cause an out-of-bounds write condition or a buffer overflow, and then execute code on the victim machine.Talos
January 20, 2021 – Vulnerabilities
New Reolink P2P Vulnerabilities Show IoT Security Camera Risks Full Text
Abstract
Nozomi Networks Labs has discovered vulnerabilities in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras – Reolink, including lack of encryption and credential leakage.Nozomi Networks
January 20, 2021 – Vulnerabilities
List of DNSpooq vulnerability advisories, patches, and updates Full Text
Abstract
Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices. In this article we list all the available security advisories related to these vulnerabilities.BleepingComputer
January 19, 2021 – Hacker
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm Full Text
Abstract
Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye , Microsoft , and CrowdStrike . The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications with privileged access to Microsoft Office 365 and Azure environments." The discovery was made after Microsoft notified Malwarebytes of suspicious activity from a dormant email protection app within its Office 365 tenant on December 15, following which it performed a detailed investigation into the incident. "While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," the company's CEO Marcin Kleczynski said in a post. "We found no evidence of unauthorized access or compromise in any of oThe Hacker News
January 19, 2021 – Malware
Fourth SolarWinds malware strain shows diversity of tactics Full Text
Abstract
While Teardrop was delivered by the original Sunburst backdoor in early July 2020, Raindrop was used just under two weeks later for spreading laterally across the victim’s network, Symantec said in a report.SCMagazine
January 19, 2021 – Vulnerabilities
SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach Full Text
Abstract
Tactics expose the need for organizations to develop cohesive playbooks for breaches affecting hybrid environments.SCMagazine
January 19, 2021 – Hacker
Malwarebytes ‘s email systems hacked by SolarWinds attackers Full Text
Abstract
Cyber security firm Malwarebytes announced that threat actor behind the SolarWinds attack also breached its network last year. Malwarebytes revealed today that SolarWinds hackers also breached its systems and gained access to its email. Malwarebytes...Security Affairs
January 19, 2021 – Malware
Fourth SolarWinds malware strain shows diversity of tactics, need to focus on detection, response Full Text
Abstract
Researchers have found a fourth strain of malware – Raindrop – that was used in the SolarWinds supply chain attack, a loader similar to the Teardrop tool. But while Teardrop was delivered by the original Sunburst backdoor in early July 2020, Raindrop was used just under two weeks later for spreading laterally across the victim’s…SCMagazine
January 19, 2021 – General
Hillicon Valley: Biden picks stress need for cybersecurity in confirmation hearings | FTC chairman to step down this month | Progressives warn against appointing tech insiders to key antitrust roles Full Text
Abstract
BIDEN NOMINEES ZERO IN ON CYBER: President-elect Joe BidenJoe BidenWoman accused of trying to sell Pelosi laptop to Russians arrested Trump gets lowest job approval rating in final days as president Trump moves to lift coronavirus travel restrictions on Europe, Brazil MORE’s nominees to serve as secretary of the Department of Homeland Security (DHS) and as director of national intelligence (DNI) on Tuesday both zeroed in on cybersecurity as being a major priority if confirmed.The Hill
January 19, 2021 – Malware
Raindrop, a fourth malware employed in SolarWinds attacks Full Text
Abstract
The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware...Security Affairs
January 19, 2021 – Government
Biden DHS, Intel picks stress need to prioritize cybersecurity after SolarWinds hack Full Text
Abstract
President-elect Joe Biden’s nominees to serve as secretary of the Department of Homeland Security (DHS) and as director of national intelligence (DNI) both said Tuesday that if confirmed they will make a priority out of bolstering the nation’s cybersecurity.The Hill
January 19, 2021 – Vulnerabilities
7 vulnerabilities in popular DNS forwarding software open door to range of attacks Full Text
Abstract
Researchers at JSOF have discovered distinct spoofing and buffer overflow vulnerabilities associated with DNSMasq, used in networking devices to cache and forward Domain Name System requests.SCMagazine
January 19, 2021 – Vulnerabilities
Bugs in Signal, Facebook, Google chat apps let attackers spy on users Full Text
Abstract
Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls.BleepingComputer
January 19, 2021 – Government
Rob Joyce to Take Over as NSA Cybersecurity Director Full Text
Abstract
Joyce will replace Anne Neuberger, who is now deputy national security advisor for the incoming Biden administration.Threatpost
January 19, 2021 – Hacker
Malwarebytes says SolarWinds hackers accessed its internal emails Full Text
Abstract
Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails.BleepingComputer
January 19, 2021 – Hacker
SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader Full Text
Abstract
The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network.BleepingComputer
January 19, 2021 – Hacker
MAZE Exfiltration Tactic Widely Adopted Full Text
Abstract
Ransomware gang’s blackmail tactic taken up by 17 other cyber-criminal groupsInfosecurity Magazine
January 19, 2021 – Covid-19
Suspicious Vaccine-Related Domains Triple Full Text
Abstract
Security researchers observe increase in number of shady domain names using the word "vaccine"Infosecurity Magazine
January 19, 2021 – Vulnerabilities
Zero-day Threats Zeroing-in Again Full Text
Abstract
Infosec researchers recently found a zero-day flaw in Windows 10, including the latest version, that allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.Cyware Alerts - Hacker News
January 19, 2021 – Phishing
Interpol: Trading scammers lure love-struck victims via dating apps Full Text
Abstract
The Interpol (International Criminal Police Organisation) warns of fraudsters targeting dating app users and attempting to trick them into investing through fake trading apps.BleepingComputer
January 19, 2021 – Hacker
Telegram-Based Classiscam Operation Targeting Users of European Marketplaces Full Text
Abstract
A new Russian cybercrime outfit dubbed Classiscam has been found to have enabled theft of millions of dollars through a new scam-as-a-service operation.Cyware Alerts - Hacker News
January 19, 2021 – Malware
SolarWinds Malware Arsenal Widens with Raindrop Full Text
Abstract
The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.Threatpost
January 19, 2021 – General
DNS-based Attacks are Becoming Prominent Again Full Text
Abstract
Attackers often target DNS via attacks such as tunneling, phishing, hijacking, cache poisoning, and DDoS, however, other attack methods have also been observed.Cyware Alerts - Hacker News
January 19, 2021 – Attack
Atlanta Synagogue Reports Cyber-Attack Full Text
Abstract
Annual Martin Luther King Jr. Shabbat service disrupted by “malicious user agents”Infosecurity Magazine
January 19, 2021 – General
Rethinking Active Directory security Full Text
Abstract
Since Active Directory is used as a source from which to sync to other identity stores, any tampering with Active Directory can cause a devastating ripple effect across your identity infrastructure.Help Net Security
January 19, 2021 – Phishing
Text Phishing Scam Disguised as New York State DMV Messages Full Text
Abstract
Using the ongoing adoption of the REAL ID Act of 2005 in an attempt to make the scam sound legitimate, the attackers have used three specific text phishing messages, the New York State DMV said.Security Intelligence
January 19, 2021 – Solution
FireEye releases tool for auditing networks for techniques used by SolarWinds hackers Full Text
Abstract
FireEye released a free tool on GitHub named Azure AD Investigator that can help companies determine if the SolarWinds hackers (aka UNC2452) used any of their attack techniques inside their networks.ZDNet
January 19, 2021 – Vulnerabilities
DNSpooq bugs let attackers hijack DNS on millions of devices Full Text
Abstract
Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning and remote code execution against millions of affected devices.BleepingComputer
January 19, 2021 – Ransomware
Wentworth hacked and personal details of entire member list thought to be stolen Full Text
Abstract
The theft occurred after hackers infiltrated the Wentworth IT system and sent out a post to members, seemingly demanding a payment in bitcoins, a cyber currency, to “recover files”.The Telegraph
January 19, 2021 – Government
Former Trump intel chief Coats introduces Biden nominee Haines at hearing Full Text
Abstract
Former Director of National Intelligence Dan Coats, who served under President TrumpDonald TrumpGiuliani used provisional ballot to vote in 2020 election, same method he disparaged in fighting to overturn results Trump gets lowest job approval rating in final days as president Fox News' DC managing editor Bill Sammon to retire MORE, on Tuesday introduced Avril Haines, President-elect Joe BidenJoe BidenWoman accused of trying to sell Pelosi laptop to Russians arrested Trump gets lowest job approval rating in final days as president Trump moves to lift coronavirus travel restrictions on Europe, Brazil MORE’s nominee to serve as DNI, at her Senate confirmation hearing.The Hill
January 19, 2021
Linux Devices Under Attack by New FreakOut Malware Full Text
Abstract
The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks.Threatpost
January 19, 2021 – Breach
AnyVan Discloses Data Breach Exposing Customer Names, Emails, and Hashed Passwords Full Text
Abstract
The company wrote to customers mid-last week to inform them of a "breach of security resulting in the unauthorised access to data from our user database," according to the email seen by The Register.The Register
January 19, 2021 – Solution
Microsoft Defender is boosting its response to malware attacks by changing a key setting Full Text
Abstract
Microsoft is stepping up security for users of Microsoft Defender for Endpoint by changing a key setting, switching the default from optional automatic malware fixes to fully automatic remediation.ZDNet
January 19, 2021 – Malware
Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack Full Text
Abstract
Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot , Sunburst (or Solorigate), and Teardrop that were stealthily delivered to enterprise networks. The latest finding comes amid a continued probe into the breach, suspected to be of Russian origin , that has claimed a number of U.S. government agencies and private sector companies. "The discovery of Raindrop is a significant step in our investigation of the SolarWinds attacks as it provides further insights into post-compromise activity at organizations of interest to the attackers," Symantec researchers said . The cybersecurity firm said it discovered only four samples of Raindrop to date that were used to dThe Hacker News
January 19, 2021 – Malware
Google Removed 164 Apps Downloaded a Total of 10 Million Times From Google Play Full Text
Abstract
Google has recently removed 164 Apps from Google Play since they were showing disruptive ads, which is considered as malicious. These apps...Cyber Security News
January 19, 2021 – Malware
Researchers Identify Fourth Malware Strain Named Raindrop in SolarWinds Attack Full Text
Abstract
Symantec identified another malware strain that was used during the SolarWinds supply chain attack, bringing the total number to four, after the likes of Sunspot, Sunburst (Solorigate), and Teardrop.ZDNet
January 19, 2021 – Phishing
Attackers Steal E-Mails, Info from OpenWrt Forum Full Text
Abstract
Users of the Linux-based open-source firmware—which include developers from commercial router companies–may be targeted by phishing campaigns, administrators warn.Threatpost
January 19, 2021 – Botnet
New FreakOut botnet targets Linux systems running unpatched software Full Text
Abstract
Its current targets include TerraMaster data storage units, web applications built on top of the Zend PHP Framework, and websites running the Liferay Portal content management system.ZDNet
January 19, 2021 – Breach
NZ Reserve Bank Governor Says He ‘Owns’ Breach Full Text
Abstract
The governor of New Zealand's Reserve Bank, the nation's central bank, says he "personally owns" responsibility for a data breach that exposed private and sensitive stakeholder information.Gov Info Security
January 19, 2021 – Business
Google Cloud: We do use some SolarWinds, but we weren’t affected by mega hack Full Text
Abstract
Google Cloud's first chief information security office (CISO) has revealed that Google's cloud venture does use software from vendor, SolarWinds, but says its use was "limited and contained".ZDNet
January 19, 2021 – Botnet
FreakOut botnet target 3 recent flaws to compromise Linux devices Full Text
Abstract
Security researchers uncovered a series of attacks conducted by the FreakOut botnet that leveraged recently discovered vulnerabilities. Security researchers from Check Point have uncovered a series of attacks associated with the FreakOut botnet that...Security Affairs
January 19, 2021 – Covid-19
World Economic Forum: Action Required to Address Digital Inequalities Post-COVID Full Text
Abstract
WEF highlights dangers that may emerge from shift to a digital economyInfosecurity Magazine
January 19, 2021 – Malware
FreakOut malware exploits critical bugs to infect Linux hosts Full Text
Abstract
An active malicious campaign is currently targeting Linux devices running software with critical vulnerabilities that is powering network-attached storage (NAS) devices or for developing web applications and portals.BleepingComputer
January 19, 2021 – Malware
Researchers Discover New Malicious Push Notification Campaign Rapidly Growing In Size Full Text
Abstract
Indelible discovered the “PushBug” campaign, which is a highly resilient operation, spread across more than 100 domains and installing browser-based activity that is difficult to detect.Yahoo! Finance
January 19, 2021 – Phishing
Vishing attacks conducted to steal corporate accounts, FBI warns Full Text
Abstract
The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. The Federal Bureau of Investigation (FBI) published a Private Industry Notification (PIN) that warns of...Security Affairs
January 19, 2021 – Criminals
Hackers Claim to Leak Over 500,000 Records of C-Level Executives From Capital Economics Full Text
Abstract
During a routine dark web monitoring, researchers from Cyble found a leak of over 500,000 records of C-level executives from Capital Economics on a Russian-speaking forum.Security Affairs
January 19, 2021 – Breach
OpenWRT Discloses Data Breach After Cybercriminals Broke Into Forum Admin Account Full Text
Abstract
The maintainers of OpenWRT, an open-source project that provides free and customizable firmware for home routers, have disclosed a security breach that took place over the weekend.ZDNet
January 19, 2021 – Vulnerabilities
A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder Full Text
Abstract
Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in the DNS architecture, making Dnsmasq servers powerless against a range of attacks. "We found that Dnsmasq is vulnerable to DNS cache poisoning attack by an off-path attacker (i.e., an attacker that does not observe the communication between the DNS forwarder and the DNS server)," the researchers noted in a report published today. "Our attack allows for poisoning of multiple domain names at once, and is a result of several vulnerabilities found. The attack can be completed successfully under seconds or few minutes, and have no special requirements. We also found that manyThe Hacker News
January 19, 2021 – Accident
Cloud Config Error Exposes X-Rated College Pics Full Text
Abstract
Fleek users thought their photos were automatically deletedInfosecurity Magazine
January 19, 2021 – Breach
Hendrick Health System discloses network breach impacting some patients’ information Full Text
Abstract
Hendrick Health System on Friday began notifying patients that some identifying information may have been compromised during a network security breach identified on November 20.Abilene Reporter News
January 19, 2021 – Education
New Educational Video Series for CISOs with Small Security Teams Full Text
Abstract
Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities. CISOs at SMEs are increasingly relying on virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security programs across large and small organizations. Helpful Advice for CISOs with Small Security Teams Brian Haugli, a well-known vCISO in the US, recently collaborated with cybersecurity company Cynet —which provides autonomous XDR platforms tailored to small security teams—to provide a series of educational videos for CISOs with small security teams with relevant information about their challenges and possible soluThe Hacker News
January 19, 2021 – Covid-19
Most Financial Services Have Suffered COVID-Linked Cyber-Attacks Full Text
Abstract
Remote working threats worry security managers in the UKInfosecurity Magazine
January 19, 2021 – Phishing
Organizations Should Establish ‘Blame-Free Employee Reporting’ of… Full Text
Abstract
CISA’s description of the latest phishing attempts fit the bill for spearphishing, where the attackers typically go after a high-profile victim who handles the company’s finances, or an executive.Bit Defender
January 19, 2021 – Malware
FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities Full Text
Abstract
An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in Linux devices to co-opt the systems into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency. The attacks involve a new malware variant called " FreakOut " that leverages newly patched flaws in TerraMaster, Laminas Project (formerly Zend Framework), and Liferay Portal, according to Check Point Research's new analysis published today and shared with The Hacker News. Attributing the malware to be the work of a long-time cybercrime hacker — who goes by the aliases Fl0urite and Freak on HackForums and Pastebin as early as 2015 — the researchers said the flaws — CVE-2020-28188 , CVE-2021-3007 , and CVE-2020-7961 — were weaponized to inject and execute malicious commands in the server. Regardless of the vulnerabilities exploited, the end goal of the attacker appears to be to download and execute a Python script named &quoThe Hacker News
January 19, 2021 – Vulnerabilities
Researchers Earn $50,000 for Hacking Apple Servers Full Text
Abstract
Jaiswal and Maini said their research focused on Apple hosts running a content management system (CMS) powered by Lucee, an open-source scripting language designed for developing web applications.Security Week
January 19, 2021 – Attack
Livecoin crypto exchange shuts down after losing domain to hackers Full Text
Abstract
Livecoin has announced shutting down its operations, after becoming the victim of an alleged “carefully planned attack” that halted its operations temporarily on December 24, 2020,Hackread
January 19, 2021 – Government
U.S. National Cybersecurity Plan to Safeguard Maritime Sector Full Text
Abstract
The U.S Government released on January 5, 2021, a cybersecurity plan to secure the nation’s maritime sector against cybersecurity threats that could endanger national security.Tripwire
January 19, 2021 – Ransomware
Ransomware cyber attack suspected on Okanogan County Full Text
Abstract
The county officials including those belonging to Public Health have disclosed that the phone and email systems were deeply impacted in the attack and the time for restoration is unknown yet.Cybersecurity Insiders
January 19, 2021 – Criminals
Joker’s Stash Carding Market to Call it Quits — Krebs on Security Full Text
Abstract
Joker’s Stash, which is by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021.Krebs on Security
January 19, 2021 – Policy and Law
GDPR Fines Surge 39% Over Past Year Despite #COVID19 Full Text
Abstract
Over $190m in financial penalties imposed across EUInfosecurity Magazine
January 18, 2021 – Ransomware
IObit forums hacked to spread ransomware to its members Full Text
Abstract
Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.BleepingComputer
January 18, 2021 – Ransomware
IObit forums hacked in widespread DeroHE ransomware attack Full Text
Abstract
Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.BleepingComputer
January 18, 2021 – Attack
A Sophisticated Windows and Android Hacking Operation Using Zero-Day Exploits Full Text
Abstract
Google experts unveiled an attack campaign purportedly by a sophisticated hacking group targeting Windows and Android users with zero-day and n-day exploits.Cyware Alerts - Hacker News
January 18, 2021 – Policy and Law
No US Trial for Irish Hacker Full Text
Abstract
United States withdraws extradition request for Dubliner who stole $2m in BitcoinInfosecurity Magazine
January 18, 2021 – Breach
OpenWRT forum hacked, intruders stole user data Full Text
Abstract
The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices...Security Affairs
January 18, 2021 – General
Free cyber career training coursework emerges as a perk in tough times Full Text
Abstract
New complimentary offerings are helping current, aspiring and unemployed infosec professionals gain an upper hand in a down economy, while aiding an industry facing a growing skills gap.SCMagazine
January 18, 2021 – Solution
Microsoft Defender to enable full auto-remediation by default Full Text
Abstract
Microsoft will enable fully automated threat remediation by default for Microsoft Defender for Endpoint customers who have opted into public previews starting next month, on February 16, 2021.BleepingComputer
January 18, 2021 – Malware
Rogue: The Evolution of Next Level Malware Development Package Full Text
Abstract
The Rogue malware targets Android devices with a keylogger, allowing attackers to monitor the use of websites and apps to steal login credentials and other sensitive data.Cyware Alerts - Hacker News
January 18, 2021 – Business
EEMA Appoints Digital Identity Expert to Board of Management Full Text
Abstract
Steve Pannifer joins EEMA boardInfosecurity Magazine
January 18, 2021 – Breach
500K+ records of C-level people from Capital Economics leaked online Full Text
Abstract
Experts from Cyble recently found a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum. During a routine Darkweb monitoring, researchers from Cyble found a leak of 500K+ records of C-level people from...Security Affairs
January 18, 2021 – Breach
OpenWRT Forum user data stolen in weekend data breach Full Text
Abstract
The administrators of the OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach.BleepingComputer
January 18, 2021 – General
Over 22 bn records exposed in data breaches in 2020: Report Full Text
Abstract
Thirty-five percent of breaches were linked to ransomware attacks, resulting in tremendous financial cost, while 14 percent of breaches were the result of email compromises, according to Tenable.CRN
January 18, 2021 – Policy and Law
Health Insurer Fined $5.1m Over Data Breach Full Text
Abstract
Excellus Health Plan agrees to pay $5.1m to settle HIPAA violation caseInfosecurity Magazine
January 18, 2021 – Vulnerabilities
Apple paid a $50,000 bounty to two bug bounty hunters for hacking its hosts Full Text
Abstract
A duo of white hat hackers claims to have earned $50,000 from Apple for reporting serious flaws that allowed them to company's servers. The Indian white hat hackers Harsh Jaiswal and Rahul Maini claim to have discovered multiple flaws that allowed...Security Affairs
January 18, 2021 – Attack
FBI warns of vishing attacks stealing corporate accounts Full Text
Abstract
The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees.BleepingComputer
January 18, 2021 – General
How Cybersecurity Will Transform the Business Landscape in The Post-COVID World? Full Text
Abstract
The rapid transition to remote working, more use of digital technology has exposed organizations to higher risks of cyberattacks, making it the biggest concern for chief executives globally.The Times Of India
January 18, 2021 – Government
NSA Appoints Cyber Director Full Text
Abstract
America’s National Security Agency confirms Rob Joyce as Cybersecurity Directorate leaderInfosecurity Magazine
January 18, 2021 – Government
Rob Joyce is the new NSA Cyber Director Full Text
Abstract
The U.S. National Security Agency has appointed Rob Joyce as the agency’s new director of cybersecurity, who has long experience in US cybersecurity The National Security Agency (NSA) has appointed US cybersecurity official Rob Joyce as the new chief...Security Affairs
January 18, 2021 – Vulnerabilities
CoTURN patches access control protection bypass vulnerability in its VoIP system Full Text
Abstract
Berlin-based Enable Security has urged organizations that use the open source servers, which power VoIP platforms, to apply their configuration advice as well as the latest software update.The Daily Swig
January 18, 2021 – General
MoD Experiences 18% Growth in Personal Data Loss Incidents Full Text
Abstract
MoD saw incidents rise by 18% year-on-yearInfosecurity Magazine
January 18, 2021 – Policy and Law
German laptop retailer fined €10.4m under GDPR for video-monitoring employees Full Text
Abstract
German data regulator LfD announced a €10.4M fine under GDPR against the online laptop and electronic goods retailer NBB for video-monitoring employees. The State Commissioner for Data Protection (LfD) Lower Saxony announced a €10.4 million fine...Security Affairs
January 18, 2021 – Business
Entrust acquires HyTrust to offer identity, encryption and security policy control for cloud environments Full Text
Abstract
Based in Mountain View, California, and founded in 2007, HyTrust's solutions automate security controls for software-defined computing, networking, and storage workloads.Help Net Security
January 18, 2021 – Business
Thales and TT Electronics Partner to Enable OT Cybersecurity Initiatives and Research Full Text
Abstract
Collaboration seeks to accelerate digital risk management innovationInfosecurity Magazine
January 18, 2021 – Business
Quick Heal to invest more in Israeli startup L7 Defense Full Text
Abstract
Homegrown IT security company Quick Heal Technologies on Thursday said it has signed a definitive agreement to invest $2 million in L7 Defense, an Israeli API security startup.VCCircle
January 18, 2021 – Criminals
Joker’s Stash Carding Site to Close in February Full Text
Abstract
Site admin announces retirement after alleged bout of COVID-19Infosecurity Magazine
January 18, 2021 – Business
Data Security Startup Qohash Raises $6 Million Full Text
Abstract
Canadian data security startup Qohash this week announced it raised CAD 8 million (approximately USD $6.3 million) in Series A funding. The financing was led by FINTOP Capital.Security Week
January 18, 2021 – Ransomware
Environmental Regulator Suffers Ransomware Blow Full Text
Abstract
SEPA warns it will take some time to restore all servicesInfosecurity Magazine
January 18, 2021 – Government
Rob Joyce Appointed Director of Cybersecurity at NSA Full Text
Abstract
The U.S. National Security Agency on Friday announced that Rob Joyce, an official who is highly respected in the cybersecurity community, has been named the agency’s new director of cybersecurity.Security Week
January 18, 2021 – Business
Veritas Technologies acquires HubStor to protect cloud data Full Text
Abstract
Veritas plans to offer the HubStor service alongside an existing portfolio of data protection tools that are already employed widely by enterprise IT organizations, Veritas VP Simon Jelley added.Venture Beat
January 18, 2021 – Criminals
Leaked #COVID19 Vaccine Data “Manipulated” to Mislead Public Full Text
Abstract
Disinformation effort could undermine trust in vaccines, warns EMAInfosecurity Magazine
January 18, 2021 – Hacker
EMA said that hackers manipulated stolen documents before leaking them Full Text
Abstract
The investigation conducted by the European Medicines Agency showed that threat actors manipulated emails and documents related to the evaluation of experimental COVID-19 vaccines before leaking them.Security Affairs
January 18, 2021 – Ransomware
Ransomware reveals the hidden weakness of our big tech world Full Text
Abstract
Rarely a week goes by without another company, or city, or hospital, falling prey to the gangs who will encrypt the data across PCs and networks and demand thousands or millions in ransom.ZDNet
January 18, 2021 – Vulnerabilities
Multiple backdoors and vulnerabilities discovered in FiberHome routers Full Text
Abstract
At least 28 backdoor accounts and several other vulnerabilities have been discovered in the firmware of a popular FTTH ONT router, widely deployed across South America and Southeast Asia.ZDNet
January 18, 2021 – Criminals
Joker’s Stash, the Largest Underground Carding Marketplace, Shuts Down Full Text
Abstract
Security experts from the FBI and Interpol have recently seized several servers of the large carder site, Joker's Stash, temporarily disrupted the...Cyber Security News
January 18, 2021 – Government
President Biden’s Peloton exercise equipment under scrutiny Full Text
Abstract
President Joe Biden can't bring his Peloton exercise equipment to the White House due to security reasons. According to a Popular Mechanics report, President Joe Biden is going to move to the White House and likely he will have to give up his Peloton...Security Affairs
January 17, 2021 – Vulnerabilities
Windows 10 bug causes a BSOD crash when opening a certain path Full Text
Abstract
A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands.BleepingComputer
January 17, 2021 – Ransomware
New coalition aims to combat growing wave of ransomware attacks Full Text
Abstract
A new coalition of cybersecurity and tech groups is looking to create a roadmap for countering the surge of ransomware attacks that plagued city governments, schools and hospitals in 2020.The Hill
January 17, 2021 – Hacker
EMA said that hackers manipulated stolen documents before leaking them Full Text
Abstract
The European Medicines Agency (EMA) revealed Friday that COVID-19 vaccine documents stolen from its servers have been manipulated before the leak. The European Medicines Agency (EMA) declared that COVID-19 vaccine documents stolen from its servers...Security Affairs
January 17, 2021 – Privacy
Privacy-focused search engine DuckDuckGo grew by 62% in 2020 Full Text
Abstract
The privacy-focused search engine DuckDuckGo continues to grow rapidly as the company reached 102M daily search queries for the first time in January.BleepingComputer
January 17, 2021 – Vulnerabilities
Critical flaws in Orbit Fox WordPress plugin allows site takeover Full Text
Abstract
Two vulnerabilities in the Orbit Fox WordPress plugin, a privilege-escalation issue and a stored XSS bug, can allow site takeover. Security experts from Wordfence have discovered two security vulnerabilities in the Orbit Fox WordPress plugin. The flaws...Security Affairs
January 17, 2021 – General
Security Affairs newsletter Round 297 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. It is time to re-evaluate Cyber-defence solutionsNew Zealand central bank hit by a cyber attackTeamTNT...Security Affairs
January 17, 2021 – Hacker
A security researcher commandeered a country’s expired top-level domain to save it from hackers Full Text
Abstract
In October, a little-known but critically important domain name for one country’s internet space began to expire. If it fell into the wrong hands, an attacker could redirect millions of unknowing internet users to rogue websites of their choosing.TechCrunch
January 17, 2021 – Policy and Law
Authorities Take Down the Worlds Largest Illegal Dark web Market Place Full Text
Abstract
DarkMarket is one of the world's largest illegal market on the web, and recently, this market has been shut down by many...Cyber Security News
January 16, 2021 – Vulnerabilities
Two kids found a screensaver bypass in Linux Mint Full Text
Abstract
The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass...Security Affairs
January 16, 2021 – Government
Pro-Trump ‘Enemies of the People’ doxing site is still active Full Text
Abstract
Enemies of the People, the website inciting violence against U.S. officials who refused to support the President's claims to voter fraud, is still active and continues to expose personal details from more individuals.BleepingComputer
January 16, 2021 – Criminals
Stolen credit card shop Joker’s Stash closes after making a fortune Full Text
Abstract
The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month.BleepingComputer
January 16, 2021 – Criminals
Massive stolen credit card shop Joker’s Stash shuts down Full Text
Abstract
The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month.BleepingComputer
January 16, 2021 – Malware
TA551 Now Spreading IcedID Stealer via Spoofed Emails Full Text
Abstract
Cybercriminal group TA551 was found hijacking an ongoing email conversation to spread information-stealing malware such as Ursnif, Valak, and IcedID, Palo Alto Networks revealed.Cyware Alerts - Hacker News
January 16, 2021 – Attack
xHunt Campaign Adopts New Enhancements to Evade Detection Full Text
Abstract
A sophisticated group is using a webshell called BumbleBee in an ongoing xHunt campaign targeting Microsoft Exchange servers at Kuwaiti organizations.Cyware Alerts - Hacker News
January 16, 2021 – Privacy
WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months Full Text
Abstract
WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of information that will be shared under the incoming terms. The Facebook-owned company has since repeatedly clarified that the update does not expand its ability to share personal user chats or other profile information with Facebook and is instead simply providing further transparency about how user data is collected and shared when using the messaging app to interact with businesses. "The update includes new options people will have to message a business on WhatsApp, and provides further transparency about how we collect and use data," WhatsApp said in a post. "WThe Hacker News
January 16, 2021 – Vulnerabilities
Siemens fixed tens of flaws in Siemens Digital Industries Software products Full Text
Abstract
Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides...Security Affairs
January 16, 2021 – Criminals
Joker’s Stash, the largest carding site, is shutting down Full Text
Abstract
Joker's Stash to shut down on February 15, 2021. Joker’s Stash, the largest carding marketplace online announced that it was shutting down its operations on February 15, 2021. Joker’s Stash, the largest carding marketplace online, announced...Security Affairs
January 16, 2021 – Breach
Security Researchers Gained Access to Git Repositories of the United Nations Full Text
Abstract
The security experts of Sakura Samurai have managed to get access to more than 100,000 personal records and credentials belonging to United...Cyber Security News
January 16, 2021 – Criminals
Joker’s Stash, the internet’s largest carding forum, is shutting down Full Text
Abstract
Joker's Stash, the internet's notorious and largest marketplace for buying & selling stolen card data, announced that it was shutting down within a month, on February 15, 2021.ZDNet
January 16, 2021 – Government
NSA Appoints Rob Joyce as Cyber Director Full Text
Abstract
The NSA has confirmed longtime US cybersecurity official Rob Joyce as the new leader of its Cybersecurity Directorate. He most recently has been serving as the NSA's top representative in the UK, a position he has held since 2018.Dark Reading
January 16, 2021 – Vulnerabilities
Linux Mint fixes screensaver bypass discovered by two kids Full Text
Abstract
The Linux Mint project has patched this week a security flaw that could have allowed a threat actor to bypass the OS screensaver and its password and access locked desktops.ZDNet
January 16, 2021 – Ransomware
Ransomware attacks now to blame for half of healthcare data breaches Full Text
Abstract
According to a new research, almost half of all data breaches in hospitals and the wider healthcare sector are a result of ransomware attacks that have recently shown an uptick in deploying an extra layer of extortion.ZDNet
January 16, 2021 – Breach
Dutch Energy Supplier Blames Cyber Intrusion on Data Breaches Suffered by Other Companies Full Text
Abstract
Eneco, a producer and supplier of natural gas, electricity, and heat in the Netherlands has warned tens of thousands of clients, including business partners, to change their passwords amid a recent data breach.Bit Defender
January 15, 2021 – Ransomware
The Week in Ransomware - January 15th 2021 - Locking you up Full Text
Abstract
It has been another quiet week for ransomware, though we did have some interesting stories come out this week.BleepingComputer
January 15, 2021 – General
Hillicon Valley: WhatsApp delays controversial privacy update | Amazon hit with antitrust lawsuit alleging e-book price fixing | Biden launches new Twitter account ahead of inauguration Full Text
Abstract
WHATSAPP DELAYS AMID CONFUSION: The Facebook-owned messaging service decided to push back an update to its privacy policy by three months amid widespread confusion over what the change actually means.The Hill
January 15, 2021 – Criminals
Florida Man Cyberstalked Survivor of Murder Attempt Full Text
Abstract
Cross City man pleads guilty to cyberstalking woman who survived violent encounter in childhoodInfosecurity Magazine
January 15, 2021 – General
Cyber ‘Deterrence’: A Brexit Analogy Full Text
Abstract
How “imposing costs on our adversaries” has become the “Brexit means Brexit” of cyberspaceLawfare
January 15, 2021 – Outage
Signal is down for multiple users worldwide Full Text
Abstract
The popular signal messaging app Signal is currently facing issues around the world, users are not able to make calls and send/receive messages. At the time of this writing, it is not possible to make calls and send/receive messages. Users...Security Affairs
January 15, 2021 – Ransomware
FIN11 e-crime group shifted to CL0P ransomware and big game hunting Full Text
Abstract
FIN11 has increasingly factored CL0P ransomware into its operations, and its clear they also put a substantial amount of effort into each follow-up compromise.SCMagazine
January 15, 2021 – General
Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show Full Text
Abstract
Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures.Threatpost
January 15, 2021 – Vulnerabilities
Windows Finger command abused by phishing to download malware Full Text
Abstract
Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.BleepingComputer
January 15, 2021 – Business
Women in Cybersecurity Mid-Atlantic Partners with CMMC COE Full Text
Abstract
Memorandum of Understanding reached between WiCyS Mid-Atlantic and CMMC COEInfosecurity Magazine
January 15, 2021 – Government
How to Make the National Cyber Director Position Work Full Text
Abstract
It will fall on the incoming Biden administration to implement the new office—and a great deal of hard work lies ahead.Lawfare
January 15, 2021 – Malware
Expert launched Malvuln, a project to report flaws in malware Full Text
Abstract
The researcher John Page launched malvuln.com, the first website exclusively dedicated to the research of security flaws in malware codes. The security expert John Page (aka hyp3rlinx) launched malvuln.com, the first platform exclusively dedicated...Security Affairs
January 15, 2021 – Government
Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles Full Text
Abstract
President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical that the newfound funding focus on cybersecurity will be enough to draw the necessary talent. Noting…SCMagazine
January 15, 2021 – Hacker
Hackers leaked altered Pfizer data to sabotage trust in vaccines Full Text
Abstract
The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public's trust in COVID-19 vaccines.BleepingComputer
January 15, 2021 – Accident
UK Accidentally Deletes 150k Arrest Records Full Text
Abstract
Technical blunder erases 150k arrest records from UK-wide police databaseInfosecurity Magazine
January 15, 2021 – Government
NSA urges use of enterprise resolvers to protect DNS traffic on corporate networks Full Text
Abstract
NSA advises security pros to use designated enterprise DNS resolvers to lock down DoH on corporate networks.SCMagazine
January 15, 2021 – Phishing
Surge in remotely hosted phish images? Some say it’s business as usual Full Text
Abstract
In Nov. 2020 alone, company blocked 262 million emails containing malicious, remotely hosted images.SCMagazine
January 15, 2021 – Ransomware
Intel unveils ransomware-fighting CPUs Full Text
Abstract
The capability is an easy win for CISOs, which can benefit with limited tweaks to machines.SCMagazine
January 15, 2021 – Phishing
Phishers count on remotely hosted images to bypass email filters Full Text
Abstract
Loading remotely hosted images instead of embedding them directly into emails is one of the latest tricks employed by phishers to bypass email filters that cannot detect such images in real-time.Help Net Security
January 15, 2021 – Ransomware
Scotland environmental regulator hit by ‘ongoing’ ransomware attack Full Text
Abstract
The Scottish Environment Protection Agency confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve.BleepingComputer
January 15, 2021 – Malware
Google Boots 164 Apps from Play Marketplace for Shady Ad Practices Full Text
Abstract
The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.Threatpost
January 15, 2021 – Vulnerabilities
Microsoft warns of incoming Windows Zerologon patch enforcement Full Text
Abstract
Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month.BleepingComputer
January 15, 2021 – Policy and Law
Facebook sues two Chrome extension devs for scraping user data Full Text
Abstract
All extensions were developed by a software company named "Oink and Stuff," specialized in creating Android apps and browser extensions for Chrome, Firefox, Opera, and Microsoft Edge.ZDNet
January 15, 2021 – Malware
Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks Full Text
Abstract
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A second attack detected on May 30 used a malicious RAR archive file consisting of shortcuts to two bait PDF documents claimed to be a curriculum vitae and an IELTS certificate. The shortcuts themselves contain links to pages hosted on Zeplin, a legitimate collaboration tool for designers and developers that are used to fetch the final-stage malware that, in turn, includes a shellcode loader ("svchast.exe") and a backdoor called Crosswalk ("3t54dE3r.tmp"). Crosswalk, first documented by FireEye in 2017, is a bare-bones modular backdoor capable of carrying out system rThe Hacker News
January 15, 2021 – Solution
NCSC Reveals New Solution to Protect Remote Public Sector Workers Full Text
Abstract
Solution enables existing PDNS solution to extend beyond the enterprise networkInfosecurity Magazine
January 15, 2021 Winnti APT
Winnti APT continues to target game developers in Russia and abroad Full Text
Abstract
A Chinese Threat actor targeted organizations in Russia and Hong Kong with a previously undocumented backdoor, experts warn. Cybersecurity researchers from Positive Technologies have uncovered a series of attacks conducted by a Chinese threat actor...Security Affairs
January 15, 2021 – Vulnerabilities
Undisclosed Apache Velocity XSS vulnerability impacts GOV sites Full Text
Abstract
An undisclosed XSS vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA.BleepingComputer
January 15, 2021 – APT
What are Chinese APT Groups Up to? Full Text
Abstract
In the wake of several recent attacks, the adoption of ransomware tactics points to the fact that these APT groups are aiming for financial gains as these attacks don’t count as espionage targets.Cyware Alerts - Hacker News
January 15, 2021 – General
#CES2021: AI and Quantum Technologies Set to Disrupt Cybersecurity Industry Full Text
Abstract
Orgs must prepare cyber-defenses for surge in AI and quantum techInfosecurity Magazine
January 15, 2021 – Privacy
Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses Full Text
Abstract
A security flaw in Ring’s Neighbors app, which lets users anonymously alert nearby residents to crime and public-safety issues, was exposing precise locations and home addresses of those who posted.TechCrunch
January 15, 2021 – Government
NSA: DNS over HTTPS Provides “False Sense of Security” Full Text
Abstract
Agency urges most enterprises to avoid DoHInfosecurity Magazine
January 15, 2021 – Business
Seed rounds for cybersecurity rose during pandemic as enterprises search for new defenses Full Text
Abstract
According to a new report from VC firm DataTribe, the trend reflects the way the cybersecurity industry is resetting after a wave of venture capital began dropping off about two years ago.Venture Beat
January 15, 2021 – Policy and Law
Facebook Sues Devs of Alleged Data-Scraping Chrome Extensions Full Text
Abstract
Portuguese duo said to have designed code to covertly harvest user infoInfosecurity Magazine
January 15, 2021 – Government
CISA tells agencies to consider ad blockers to fend off ‘malvertising’ Full Text
Abstract
The U.S. CISA urged federal agencies on Thursday to deploy ad-blocking software and standardize web browser usage across their workforces in order to fend off advertisements implanted with malware.Cyberscoop
January 15, 2021 – Criminals
Automated “Classiscam” Operation Made $6.5m in 2020 Full Text
Abstract
E-commerce scam-as-a-service comes to Europe from RussiaInfosecurity Magazine
January 15, 2021 – Vulnerabilities
Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks Full Text
Abstract
According to F5 Networks, the vulnerability is related to a component named Traffic Management Microkernel (TMM), which processes all load-balanced traffic on BIG-IP systems.Security Week
January 15, 2021 – Disinformation
Fujitsu: High Risk of #COVID19 Vaccine Disinformation Campaigns Full Text
Abstract
Individuals and businesses should prepare for a wave of vaccine disinformation campaignsInfosecurity Magazine
January 15, 2021 – Breach
12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency Full Text
Abstract
At the time of discovery, the unsecured Microsoft Azure Blob contained 12,464 images, PDF documents, and email messages presumably sent by the exposed workers to Nohow International.Cyber News
January 15, 2021 – Vulnerabilities
Over 70 Vulnerabilities Will Remain Unpatched in EOL Cisco Routers Full Text
Abstract
A total of 68 high-severity flaws were identified in Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers, but the patches won’t be released because these devices have reached EOL.Security Week
January 15, 2021 – Vulnerabilities
Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways Full Text
Abstract
Several flaws have been identified in Pepperl+Fuchs Comtrol IO-Link Master industrial gateways, including those that can be exploited to gain root access to a device and create backdoors.Security Week
January 15, 2021 – Vulnerabilities
Cisco says its RV routers will no longer receive updates Full Text
Abstract
Cisco announced it will no longer release firmware updates to fix 74 vulnerabilities affecting its RV routers, which reached end-of-life (EOL). Cisco will no longer release firmware updates to address 74 vulnerabilities affecting some of its RV routers...Security Affairs
January 14, 2021 – Breach
Verified Twitter accounts hacked in $580k ‘Elon Musk’ crypto scam Full Text
Abstract
Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active.BleepingComputer
January 14, 2021 – Malware
New Malware That Uses WiFi BSSID to Determine the Victim’s Location Full Text
Abstract
The cybersecurity researchers at SANS Internet Storm Center’s Xavier Mertens recently recognized malware that utilizes an exciting method to discover the victim’s...Cyber Security News
January 14, 2021 – General
Hillicon Valley: Biden proposes big cyber investment | Facebook struggles with ‘Stop the Steal’ content | Google-Fitbit deal consummated Full Text
Abstract
CYBERSECURITY’S NEW PRESIDENTIAL ADVOCATE: President-elect Joe BidenJoe BidenCotton: Senate lacks authority to hold impeachment trial once Trump leaves office Marjorie Taylor Greene says she will introduce impeachment articles against Biden ICE acting director resigns weeks after assuming post MORE made clear Thursday that cybersecurity will be a major focus for his administration, proposing more than $10 billion in cyber and IT funding as part of his $1.9 trillion COVID-19 relief plan.The Hill
January 14, 2021 – Hacker
Convicted Hacker Allegedly Commits Fraud While Awaiting Release Full Text
Abstract
ISIS cyber-operative granted compassionate release charged with committing crimes while in federal prisonInfosecurity Magazine
January 14, 2021 – General
SolarWinds Is Bad, but Retreat From Defend Forward Would Be Worse Full Text
Abstract
Russia launched SolarWinds—the latest in a long series of hostile Russian cyber operations—not because the U.S. has engaged too proactively in cyberspace. Quite the opposite; it did so, very simply, because it could.Lawfare
January 14, 2021 – Vulnerabilities
Expert discovered a DoS vulnerability in F5 BIG-IP systems Full Text
Abstract
A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716,...Security Affairs
January 14, 2021 – Business
With insured losses estimated at $90 billion, did cyber insurance firms dodge financial calamity? Full Text
Abstract
The number of SolarWinds victims will likely grow in the upcoming months, but direct insured costs should remain close to the current estimate since many of the organizations hit – particularly federal agencies – do not carry insurance against cyber risks.SCMagazine
January 14, 2021 – Policy and Law
Facebook: Malicious Chrome Extension Developers Scraped Profile Data Full Text
Abstract
Facebook has sued two Chrome devs for scraping user profile data – including names, user IDs and more.Threatpost
January 14, 2021 – Policy and Law
Facebook sues makers of malicious Chrome extensions for scraping data Full Text
Abstract
Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook's website and from users' systems without authorization.BleepingComputer
January 14, 2021 – Covid-19
Biden includes over $10 billion in cyber, IT funds as part of COVID-19 relief proposal Full Text
Abstract
President-elect Joe Biden is set Thursday to roll out a sweeping COVID-19 relief plan that includes more than $10 billion in funding to boost the nation’s cybersecurity and information technology after a massive Russian cyberattack.The Hill
January 14, 2021 – Vulnerabilities
2020 Saw 6% Rise in Number of CVEs Reported Full Text
Abstract
Number of reported Common Vulnerabilities and Exposures grew 6% year on year in 2020Infosecurity Magazine
January 14, 2021 – Malware
Operation Spalax, an ongoing malware campaign targeting Colombian entities Full Text
Abstract
Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation...Security Affairs
January 14, 2021 – Business
Early-stage cybersecurity investment flowing, despite pandemic Full Text
Abstract
While most industries saw a significant dip in seed and Series A investments last year, cybersecurity investment remained resilient.SCMagazine
January 14, 2021 – Policy and Law
Florida Ethics Officer Charged with Cyberstalking Full Text
Abstract
Judge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking.Threatpost
January 14, 2021 – Government
NSA advises companies to avoid third party DNS resolvers Full Text
Abstract
The US National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors' DNS traffic eavesdropping and manipulation attempts and to block access to internal network information.BleepingComputer
January 14, 2021 – Government
Krebs: Infrastructure operators ‘need to be assembling their crisis management teams yesterday’ Full Text
Abstract
Christopher Krebs, the nation’s former top cybersecurity official, said Thursday that critical infrastructure owners and operations should already be assembling their “crisis management teams” in advance of potential violence on Inauguration Day next week.The Hill
January 14, 2021 – Policy and Law
Hy-Vee Data Breach Settlement Proposed Full Text
Abstract
Victims of months-long Hy-Vee data breach could receive $225 each under proposed settlementInfosecurity Magazine
January 14, 2021 – Ransomware
CAPCOM: 390,000 people impacted in the recent ransomware Attack Full Text
Abstract
Capcom revealed that the recent ransomware attack has potentially impacted 390,000 people, an increase of approximately 40,000 people from the previous report. In November, Japanese game developer Capcom admitted to have suffered a cyberattack that...Security Affairs
January 14, 2021 – Attack
CISA says multiple attacks on cloud services bypassed multifactor authentication Full Text
Abstract
Threat actors have used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a so-called “pass-the-cookie” attack that bypassed multifactor authentication to exploit cloud security weaknesses.SCMagazine
January 14, 2021 – Vulnerabilities
Office January security updates fix remote code execution bugs Full Text
Abstract
Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month's Patch Tuesday.BleepingComputer
January 14, 2021 – Vulnerabilities
Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers Full Text
Abstract
The software essentially exempted Apple’s own programs from being routed through its Network Extension Framework, which the company created for third-party security products to monitor and filter network traffic.SCMagazine
January 14, 2021 – Business
NTT DATA and Conferma Pay Partner to Deliver Secure, Virtual Payment Comms to Hotels Full Text
Abstract
Move seeks to improve payment security, safety and speedInfosecurity Magazine
January 14, 2021 – Business
Ring Adds End-to-End Encryption to Quell Security Uproar Full Text
Abstract
The optional feature was released free to users in a technical preview this week, adding a new layer of security to service, which has been plagued by privacy concerns.Threatpost
January 14, 2021 – Phishing
Telegram-based phishing service Classiscam hits European marketplaces Full Text
Abstract
Dozens of cybercriminal gangs are publishing fake ads on popular online marketplaces to lure interested users to fraudulent merchant sites or to phishing pages that steal payment data.BleepingComputer
January 14, 2021 – Phishing
Scam-as-a-Service operation made more than $6.5 million in 2020 Full Text
Abstract
A newly uncovered Russian-based cybercrime operation has helped classified ads scammers steal more than $6.5 million from buyers across the US, Europe, and former Soviet states.ZDNet
January 14, 2021 – Malware
Experts Uncover Malware Attacks Against Colombian Government and Companies Full Text
Abstract
Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed " Operation Spalax " — began in 2020, with the modus operandi sharing some similarities to an APT group targeting the country since at least April 2018, but also different in other ways. The overlaps come in the form of phishing emails, which have similar topics and pretend to come from some of the same entities that were used in a February 2019 operation disclosed by QiAnXin researchers , and subdomain names used for command-and-control (C2) servers. However, the two campaigns diverge in the attachments used for phishing emails, the remote access trojans (RATs) deployed, and the C2 infrastructure employed to fetch the malware dropped. The attack chain begins with the targetThe Hacker News
January 14, 2021 – Business
Ring Rolls-Out End-to-End Encryption to Bolster Privacy Full Text
Abstract
Video streams on some models now safe from snoopingInfosecurity Magazine
January 14, 2021 – Phishing
Classiscam expands to Europe: Russian-speaking scammers lure Europeans to pages mimicking classifieds Full Text
Abstract
Russian-speaking scammers started targeting users of European marketplaces and classifieds is a criminal scheme dubbed Classiscam. Group-IB, a global threat hunting and and adversary-centric cyber intelligence company, has discovered that Russian-speaking...Security Affairs
January 14, 2021 – Vulnerabilities
Windows 10 bug corrupts your hard drive on seeing this file’s icon Full Text
Abstract
An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.BleepingComputer
January 14, 2021 – Criminals
Files Allegedly Obtained in SolarWinds Hack Offered for Sale Full Text
Abstract
Someone has set up a website named SolarLeaks where they are offering to sell gigabytes of files allegedly obtained as a result of the recently disclosed SolarWinds breach.Security Week
January 14, 2021 – General
#CES2021: Microsoft President Calls for Collaboration to Counter Growing Cyber-Threats Full Text
Abstract
People need to come together in areas such as setting standards and data sharingInfosecurity Magazine
January 14, 2021 – Vulnerabilities
Cisco addresses a High-severity flaw in CMX Software Full Text
Abstract
Cisco addressed tens of high-severity flaws, including some flaws in the AnyConnect Secure Mobility Client and in its small business routers. This week Cisco released security updates to address 67 high-severity vulnerabilities, including issues...Security Affairs
January 14, 2021 – Business
Iranian venture firm investing in cyber tech is subject of US sanctions Full Text
Abstract
Treasury’s Office of Foreign Assets Control identified the firm, Barkat Ventures, as an arm of an organization that the supreme leader of Iran controls called EIKO, short for Execution of Imam Khomeini’s Order.Cyberscoop
January 14, 2021 – Government
CISA Warns of Cloud Attacks Exploiting Poor Cyber-Hygiene Full Text
Abstract
Remote workers targeted with phishing, brute force and moreInfosecurity Magazine
January 14, 2021 – Government
CISA warns of recent successful cyberattacks against cloud service accounts Full Text
Abstract
The US CISA revealed that several recent successful cyberattacks against various organizations’ cloud services. The Cybersecurity and Infrastructure Security Agency (CISA) announced that several recent successful cyberattacks hit various organizations’...Security Affairs
January 14, 2021 – Vulnerabilities
Understanding TCP/IP Stack Vulnerabilities in the IoT Full Text
Abstract
Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here's an overview of what you need to know to mitigate risks.Dark Reading
January 14, 2021 – Covid-19
European Regulator: #COVID19 Vaccine Data Leaked Online Full Text
Abstract
Hackers stole data from EMA in DecemberInfosecurity Magazine
January 14, 2021 – Malware
‘Rogue’ Android RAT Can Take Control of Devices, Steal Data Full Text
Abstract
Dubbed Rogue, the Trojan is the work of Triangulum and HeXaGoN Dev, known Android malware authors that have been selling their malicious products on underground markets for several years.Security Week
January 13, 2021 – Hacker
Google: Attacker ‘likely’ had access to Android zero-day vulnerabilities Full Text
Abstract
Google’s Project Zero this week introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.SCMagazine
January 13, 2021 – Government
Senate panel to hold nomination hearing for Biden Intelligence director nominee this week Full Text
Abstract
The Senate Intelligence Committee will hold a hearing later this week to consider the nomination of Avril Haines, President-elect Joe Biden’s pick for director of national intelligence (DNI), committee leaders announced Wednesday.The Hill
January 13, 2021 – Business
JumpCloud land $100 million in funding, as secure remote access market continues surge Full Text
Abstract
Over the past two decades, businesses have piled a patchwork of different products and services – multi-factor authentication, single sign-on, identity governance and administration policies and others – on top of their directory. That introduces risk and complexity, says Jumpcloud CEO Rajat Bhargava.SCMagazine
January 13, 2021 – Malware
Sunspot malware scoured servers for SolarWinds builds that it could weaponize Full Text
Abstract
Software company says 2 customer inquires, in hindsight, appear linked to supply-chain attackSCMagazine
January 13, 2021 – Hacker
Attackers targeted Accellion FTA in New Zealand Central Bank attack Full Text
Abstract
The root cause for the hack of the New Zealand Central Bank was the Accellion FTA (File Transfer Application) file sharing service. During the weekend, the New Zealand central bank announced that a cyber attack hit its infrastructure. According to the Government...Security Affairs
January 13, 2021 – General
Hillicon Valley: Airbnb canceling reservations in DC during inauguration week | Biden appoints NSA’s Anne Neuberger to key national security position | Google pausing political ads through Jan. 21 Full Text
Abstract
AIRBNB CANCELS INAUGURATION VISITS: Online home rental platform Airbnb announced Wednesday it would preemptively cancel all reservations in the Washington, D.C. area for the next week as a precautionary measure.The Hill
January 13, 2021 – General
Digital nationalism and the complexity of emerging threats for multinational companies Full Text
Abstract
Nicolas Reys of Control Risks spoke with SC Media about how companies can position themselves to rebound from a year complicated by the pandemic, climate change challenges and deteriorating U.S.-China relations.SCMagazine
January 13, 2021 – Privacy
TikTok Takes Teen Accounts Private Full Text
Abstract
The company announced accounts for ages 13-15 will default to privacy setting, among other safety measures.Threatpost
January 13, 2021 – Hacker
CISA: Hackers bypassed MFA to access cloud service accounts Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts.BleepingComputer
January 13, 2021 – Vulnerabilities
High-Severity Cisco Flaw Found in CMX Software For Retailers Full Text
Abstract
Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers.Threatpost
January 13, 2021 – Policy and Law
Former Florida Official Charged with Cyberstalking Full Text
Abstract
Tallahassee’s first ethics officer arrested for allegedly stalking former city auditorInfosecurity Magazine
January 13, 2021 – Policy and Law
Bitcoin Exchange Owner Jailed for Money Laundering Full Text
Abstract
US imprisons RG Coins owner for role in international multimillion-dollar online fraud schemeInfosecurity Magazine
January 13, 2021 – Vulnerabilities
Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover Full Text
Abstract
Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs.Threatpost
January 13, 2021 – Breach
Capcom Data Breach May Have Impacted Extra 40k Customers Full Text
Abstract
Gaming company warns ransomware attack may have compromised data of up to 390k customersInfosecurity Magazine
January 13, 2021 – Malware
Rogue Android RAT emerges from the darkweb Full Text
Abstract
Experts discovered an Android Remote Access Trojan, dubbed Rogue, that can allow to take over infected devices and steal user data. Rogue is a new mobile RAT discovered by researchers from Check Point while investigating the activity of the darknet...Security Affairs
January 13, 2021 – Government
Biden formally appoints NSA’s Anne Neuberger to key national security position Full Text
Abstract
President-elect Joe Biden's transition team on Wednesday announced three key national security appointments, including tapping Anne Neuberger, a top official at the National Security Agency (NSA), to serve in a new cybersecurity-focused role on the National Security Council.The Hill
January 13, 2021 – Vulnerabilities
Perils of coding errors play out in Parler slip up Full Text
Abstract
Applied to internet applications in general, the IDOR problems that led to the Parler exposure could extend to anything stored sequentially and not secured individually — receipts, posts, and in many instances entire accounts.SCMagazine
January 13, 2021 – Hacker
Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data Full Text
Abstract
On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet.Threatpost
January 13, 2021 – Vulnerabilities
Sophisticated Hacks Against Android, Windows Reveals Zero-Day Trove Full Text
Abstract
Watering-hole attacks executed by ‘experts’ exploited Chrome, Windows and Android flaws and were carried out on two servers.Threatpost
January 13, 2021 – General
Browser security briefing: Google and Mozilla lay the groundwork for a ‘post-XSS world’ Full Text
Abstract
Minimizing the potency of classic attack vectors such as cross-site scripting (XSS) and cross-site request forgery (CSRF) promises to herald what some are calling the ‘post-XSS world’.The Daily Swig
January 13, 2021 – Vulnerabilities
Microsoft fixes Secure Boot bug allowing Windows rootkit installation Full Text
Abstract
Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled.BleepingComputer
January 13, 2021 – Attack
Google discloses hacking campaign targeting Windows, Android users Full Text
Abstract
Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits.BleepingComputer
January 13, 2021 – Business
Hornetsecurity acquires Altaro to expand international locations and provide new products Full Text
Abstract
This new acquisition builds on it’s acquisition of Spamina, the Spanish market leader for cloud email security solutions, in January 2019, and EveryCloud, its British market partner, in early 2020.Help Net Security
January 13, 2021 – Attack
Mimecast Cert Abused to Target Inboxes in “Sophisticated” Attack Full Text
Abstract
Security vendor says attackers used it to access Microsoft 365 accountsInfosecurity Magazine
January 13, 2021 – Vulnerabilities
Assessing the Vulnerabilities Equities Process, Three Years After the VEP Charter Full Text
Abstract
The government has failed to deliver on its promises of greater transparency.Lawfare
January 13, 2021 – Vulnerabilities
Microsoft Patch Tuesday for January 2021 fixes 83 flaws, including an actively exploited issue Full Text
Abstract
Microsoft Patch Tuesday security updates for January 2021 address 83 vulnerabilities, including a critical flaw actively exploited in the wild. Microsoft Patch Tuesday security updates for January 2021 fix 83 security vulnerabilities in multiple products,...Security Affairs
January 13, 2021 – Covid-19
CISOs Prep For COVID-19 Exposure Notification in the Workplace Full Text
Abstract
Security teams are preparing for the inevitable return to the workplace – and the privacy implications of exposure notification apps that companies may need to adopt.Threatpost
January 13, 2021 – Criminals
World’s largest dark-web marketplace shuttered after Euro cybercops cuff Aussie Full Text
Abstract
Europol cops have taken down dark-web souk DarkMarket, after arresting an Australian citizen living in Germany who they claim was operating the world's biggest online bazaar of its kind.The Register
January 13, 2021 – Malware
#COVID19 Led to Surge in Malware Attacks Last Year Full Text
Abstract
Malware authors continued to use COVID-19 lures to launch attacksInfosecurity Magazine
January 13, 2021 – Government
Watchdog Raises Concerns About Census Bureau’s IT Security Full Text
Abstract
A watchdog agency for the U.S. Census Bureau says that proper information-technology security safeguards weren’t in place leading up to the start of the 2020 census last year.Security Week
January 13, 2021 – Attack
Project Zero Discovers Exploits via Watering Hole Attacks Full Text
Abstract
Researchers discovered two exploit servers delivering different exploit chains via watering hole attacks. One server targeted Windows users, the other targeted Android devices.Google Project Zero
January 13, 2021 – Vulnerabilities
Misconfigurations in Spring Data projects could leave web apps open to abuse Full Text
Abstract
The issue lies within Spring’s Application-Level Profile Semantics (ALPS) feature which is defined as “a data format for defining simple descriptions of application-level semantics”.The Daily Swig
January 13, 2021 – Vulnerabilities
SAP Patches Serious Code Injection, DoS Vulnerabilities Full Text
Abstract
SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities. SAP also published a total of 7 other updates for previously released security notes.Security Week
January 13, 2021 – Breach
Chinese Data-Scrapers Leaked Millions of Social Media Profiles Full Text
Abstract
A well-known and fast-growing Chinese social media management company Socialarks has suffered a huge data leak leading to the exposure of over...Cyber Security News
January 13, 2021 – Ransomware
Obfuscation Techniques in Ransomweb “Ransomware” Full Text
Abstract
The worst part about ransomware is that it encrypts data and removes the original encrypted copies, thereby eliminating any way to recover files that are not backed up without paying the ransom.Sucuri
January 13, 2021 – Ransomware
Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips Full Text
Abstract
Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker's newly announced 11th generation Core vPro business-class processors. The hardware-based security enhancements are baked into Intel's vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU performance. "The joint solution represents the first instance where PC hardware plays a direct role in ransomware defenses to better protect enterprise endpoints from costly attacks," Cybereason said . Exclusive to vPro, Intel Hardware Shield provides protections against firmware-level attacks targeting the BIOS , thereby ensuring that the operating system (OS) runs on legitimate hardware as well as minimizing the risk of malicious code injection by locking down memory in the BIOS when the software is running to help prevent planted malware from compromising the OSThe Hacker News
January 13, 2021 – Privacy
#CES2021: Raising the Bar on Privacy and Trust Online in 2021 Full Text
Abstract
Improving privacy controls and transparency is becoming increasingly criticalInfosecurity Magazine
January 13, 2021 – Phishing
New Variant of Ursnif Continuously Targeting Italy Full Text
Abstract
A few days ago, FortiGuard Labs detected a phishing campaign in the wild that was spreading a fresh variant of the Ursnif Trojan via an attached MS Word document that is continuously targeting Italy.Fortinet
January 13, 2021 – Vulnerabilities
Microsoft Fixes Windows Defender Zero-Day Bug Full Text
Abstract
First Patch Tuesday of 2021 featured updates for just 83 CVEsInfosecurity Magazine
January 13, 2021 – General
Healthcare Hit by 187 Million Monthly Web App Attacks in 2020 Full Text
Abstract
Imperva says attacks Surged 51% in December aloneInfosecurity Magazine
January 13, 2021 – Ransomware
Cybereason to Adopt Intel’s PC Hardware Ransomware Solution Full Text
Abstract
Cybereason will add the solution to its defense platformInfosecurity Magazine
January 13, 2021 – Malware
Lokibot Stealer Comes with Added Features to Hide Better While Attacking Targets Full Text
Abstract
The developers of one of the infamous information-stealers in the malware landscape have added a third stage to its process of compromising systems, along with more encryption, as a way to escape detection.Cyware Alerts - Hacker News
January 13, 2021 – General
Buyer’s Guide for Securing Internal Environment with a Small Cybersecurity Team Full Text
Abstract
Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your internal environment from breaches. The " buyer's guide for securing the internal environment with a small cybersecurity team ," includes a checklist of the most important things to consider when creating or re-evaluating the cybersecurity of your internal environment to ensure your team has it all covered. The buyer's guide is designed to help you choose the solution that will ensure you get complete visibility, accurately detect and mitigate threats, and make the most of your existing resources and skills. There are three key aspects that stand out when looking for the best way to protect your internal environment with a small team—visibility, automation, and eaThe Hacker News
January 13, 2021 – Business
Adobe Releases First Security Updates of 2021 as It Blocks Flash Content Full Text
Abstract
Adobe has patched a total of eight vulnerabilities across seven of its products, including Photoshop, Illustrator, Animate, Campaign Classic, InCopy, Captivate and Bridge.Security Week
January 13, 2021 – Criminals
Top Penetration Testing Toolkits Abused by Cybercriminals Full Text
Abstract
A security firm tracked tens and thousands of malware C&C servers used across over 80 malware families; more than a quarter of all the servers used Cobalt Strike and Metasploit.Cyware Alerts - Hacker News
January 13, 2021 – Ransomware
Egregor on an Attacking Spree Around the World Full Text
Abstract
A recent FBI advisory urges all private sector organizations to be on the alert for potential malicious activities from the threat actors behind Egregor ransomware.Cyware Alerts - Hacker News
January 13, 2021 – Privacy
Data collection cheat sheet: how Parler, Twitter, Facebook, MeWe’s data policies compare Full Text
Abstract
CyberNews researchers analyzed data from multiple social platforms like Parler, Twitter, Facebook, MeWe’s to compare data policies. Original Post at https://cybernews.com/privacy/how-parler-twitter-facebook-mewe-data-policies-compare/ Alternative...Security Affairs
January 13, 2021 – Vulnerabilities
Multiple Flaws With Fortinet FortiWeb WAF Would Allow Attackers to Hack Corporate Networks Full Text
Abstract
The cybersecurity researchers of Positives Technologies have detected some severe flaws in the Fortinet FotiWeb web application firewall. According to the security...Cyber Security News
January 13, 2021 – NIST
New NIST publication in HTML - NIST Special Publication 800-37, Risk Management Framework for Information Systems and Organizations Full Text
Abstract
As we push computers to “the edge,” building a complex world of interconnected information systems and devices, security and privacy risks (including supply chain risks) continue to be a large part of the national conversation and topics of great importance. The significant increase in the complexity of the hardware, software, firmware, and systems within the public and private sectors (including the U.S. critical infrastructure) represents a significant increase in attack surface that can be exploited by adversaries. Moreover, adversaries are using the supply chain as an attack vector and effective means of penetrating our systems, compromising the integrity of system elements, and gaining access to critical assets.NIST
January 13, 2021 – Attack
Google reveals sophisticated Windows and Android hacking operation Full Text
Abstract
Google published a six-part report today detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices.ZDNet
January 12, 2021 – Criminals
SolarLeaks site claims to sell data stolen in SolarWinds attacks Full Text
Abstract
A website named 'SolarLeaks' is selling data they claim was stolen from companies confirmed to have been breached in the SolarWinds attack.BleepingComputer
January 12, 2021 – General
Hillicon Valley: Fringe social networks boosted after Capitol attack | Planned protests spark fears of violence in Trump’s final days | Election security efforts likely to gain ground in Democrat-controlled Congress Full Text
Abstract
FRINGE PLATFORMS FEED OFF CAPITOL ATTACK: Fringe social media networks are seeing their user bases swell in the aftermath of last week’s insurrection at the Capitol building and the subsequent banning of President TrumpDonald TrumpHouse GOP leader tells members to quit spreading lies on riot, antifa DC attorney general says Trump Organization improperly paid K bill incurred during inauguration 70K QAnon Twitter accounts suspended in the wake of Capitol riot MORE and some of his loudest supporters from Facebook and Twitter.The Hill
January 12, 2021 – Attack
Sophisticated hacking campaign uses Windows and Android zero-days Full Text
Abstract
Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. The Google Project Zero team has recently launched an initiative aimed at devising new techniques to detect 0-day exploits employed...Security Affairs
January 12, 2021 – Business
Ubiquiti urges password reset, 2fa after breach Full Text
Abstract
IoT networking device vendor Ubiquiti experienced a breach of a web portal it uses to manage remote devices and as a support portal. The web servers stored information pertaining to user profiles for the account.ui.com portal that Ubiquiti makes available to customers who bought one of its router or webcam products, a ZDNet report said.…SCMagazine
January 12, 2021 – Covid-19
European agency says hackers leaked stolen COVID-19 vaccine data Full Text
Abstract
The European Medicines Agency (EMA) announced Tuesday that hackers had leaked information on COVID-19 vaccines stolen as part of a breach discovered late last year.The Hill
January 12, 2021 – General
Complexity and cost chip away at SOCs’ perceived return on investment Full Text
Abstract
51% of 17,200 surveyed IT and security practitioners said that their SOC’s ROI has gotten worse.SCMagazine
January 12, 2021 – Government
White House establishes national artificial intelligence office Full Text
Abstract
The White House Office of Science and Technology Policy (OSTP) on Tuesday announced the establishment of a National Artificial Intelligence Initiative Office as part of an effort by the Trump administration to prioritize AI.The Hill
January 12, 2021 – Covid-19
Senior intelligence official says China, Russia targeting COVID-19 vaccine supply chain Full Text
Abstract
William Evanina, the director of the National Counterintelligence and Security Center (NCSC), said Tuesday he was concerned about efforts by China and Russia to target the COVID-19 vaccine supply chain.The Hill
January 12, 2021 – Ransomware
Capcom: 390,000 people may be affected by ransomware data breach Full Text
Abstract
Capcom has released a new update for their data breach investigation and state that up to 390,000 people may now be affected by their November ransomware attack.BleepingComputer
January 12, 2021 – Policy and Law
Police took down DarkMarket, the world’s largest darknet marketplace Full Text
Abstract
The world's largest black marketplace on the dark web, DarkMarket, has been taken offline by law enforcement in an international operation. DarkMarket, the world's largest black marketplace on the dark web, has been taken offline as a result of an international...Security Affairs
January 12, 2021 – Hacker
SolarWinds attackers suspected in Microsoft authentication compromise Full Text
Abstract
Mimecast issued a new certificate and is urging affected customers to delete the old one after Microsoft warned of a compromise.SCMagazine
January 12, 2021 – Vulnerabilities
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes Full Text
Abstract
The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks.Threatpost
January 12, 2021 – General
Cybersecurity teams are struggling with burnout, but the attacks keep coming Full Text
Abstract
Cybersecurity teams are facing new challenges to how they work as the Covid-19 pandemic has forced many security operation centers (SOC) to work remotely while also having to deal with new threats.ZDNet
January 12, 2021 – Policy and Law
World’s Largest Illegal Dark Web Marketplace Taken Down Full Text
Abstract
International law enforcement operation takes DarkMarket offlineInfosecurity Magazine
January 12, 2021 – Breach
Some data from last month’s cyber attack leaked online, says EU drugs regulator Full Text
Abstract
The European Medicines Agency (EMA) did not provide details on which documents or data were made available online, but said necessary action was being taken by law enforcement authorities.Reuters
January 12, 2021 – Government
Agencies Propose Faster, Broader Reporting of Cyber Incidents for Banks Full Text
Abstract
Cyberspace Solarium Commission has called for a systematic way for critical private-sector entities to share cyber incidents toward gleaning more information about necessary defensive measures.Nextgov
January 12, 2021 – Breach
EMA: Some of Pfizer/BioNTech COVID-19 vaccine data was leaked online Full Text
Abstract
The European Medicines Agency (EMA) revealed that some of the Pfizer/BioNTech COVID-19 vaccine data were stolen from its servers. In December, a cyber attack hit the European Medicines Agency (EMA). At the time, the EMA did not provide technical details...Security Affairs
January 12, 2021 – Vulnerabilities
Microsoft January 2021 Patch Tuesday fixes 83 flaws, 1 zero-day Full Text
Abstract
Today is Microsoft's January 2021 Patch Tuesday, and it is the first Microsoft security update release in 2021, so please be very nice to your Windows administrators today.BleepingComputer
January 12, 2021 – Vulnerabilities
Microsoft patches Defender antivirus zero-day exploited in the wild Full Text
Abstract
Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released.BleepingComputer
January 12, 2021 – Privacy
Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack Full Text
Abstract
A sophisticated threat actor has hijacked email security connections to spy on targets.Threatpost
January 12, 2021 – APT
BumbleBee Opens Exchange Servers in xHunt Spy Campaign Full Text
Abstract
The BumbleBee web shell allows APT attackers to upload and download files, and move laterally by running commands.Threatpost
January 12, 2021 – Vulnerabilities
Microsoft January 2021 Patch Tuesday fixes 83 vulnerabilities, 1 zero-day Full Text
Abstract
Today is Microsoft's January 2021 Patch Tuesday, and it is the first Microsoft security update release in 2021, so please be very nice to your Windows administrators today.BleepingComputer
January 12, 2021 – Botnet
TeamTNT Botnet Further Evolves with Environment Setup Capabilities Full Text
Abstract
Researchers have linked recent TeamTNT botnet activity to extraction and stealing of Docker and AWS credentials. Previously, it would mine cryptocurrency only on misconfigured container platforms.Cyware Alerts - Hacker News
January 12, 2021 – Ransomware
Ryuk: This Criminal Enterprise has Earned Millions in Ransom Full Text
Abstract
The Ryuk operators are believed to have earned over $150 million in ransom payments from its attacks around the world, according to a new report by Advanced Intelligence and HYAS.Cyware Alerts - Hacker News
January 12, 2021 – Business
Ellicott City’s Huntress makes first cyber tech acquisition Full Text
Abstract
Ellicott City-based cybersecurity firm Huntress has made its first acquisition. The firm has acquired a technology and intellectual property portfolio from San Antonio-based startup Level Effect.Baltimore Business Journal
January 12, 2021 – APT
Researchers Caught a North Korean Group Trying Out a New Hiding Trick Full Text
Abstract
North Korean APT37 group was found targeting the South Korean government in a new campaign using malware that finds its way through the memory of Microsoft Office.Cyware Alerts - Hacker News
January 12, 2021 – Ransomware
Intel adds ransomware detection capabilities at the silicon level Full Text
Abstract
Intel announced it is adding ransomware detection capabilities to its new 11th Gen Core vPro processors through improvements to its Hardware Shield and Threat Detection Technology (TDT).ZDNet
January 12, 2021 – Business
Booz Allen Invests In Tracepoint Full Text
Abstract
The company, co-founded by Baton Rouge-based Plexos Group and several industry experts, specializes in supporting cyber insurance carriers, lawyers, brokers, and their clients through crises.CityBizList
January 12, 2021 – Breach
New Zealand Reserve Bank breached using bug patched on Xmas Eve Full Text
Abstract
A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day.BleepingComputer
January 12, 2021 – Attack
Colombian Energy, Metal Firms Under Attack in New Cyberespionage Campaign Full Text
Abstract
A wave of attacks against companies in Columbia uses a trio of RATs to steal confidential, sensitive data. The campaign, dubbed Operation Spalax, was revealed by ESET researchers on Tuesday.ZDNet
January 12, 2021 – Vulnerabilities
Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content Full Text
Abstract
Adobe issued patches for seven critical arbitrary-code-execution flaws plaguing Windows and MacOS users.Threatpost
January 12, 2021 – Privacy
New Android spyware targets users in Pakistan Full Text
Abstract
Cybercriminals have modified these otherwise legitimate apps (available on the Google Play Store) to add malicious features that seem completely focused on covert surveillance and espionage.Sophos
January 12, 2021 – Breach
Hackers leak stolen Pfizer COVID-19 vaccine data online Full Text
Abstract
The European Medicines Agency (EMA) today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online.BleepingComputer
January 12, 2021 – Vulnerabilities
GitLab addresses numerous vulnerabilities in latest security release Full Text
Abstract
Insufficient validation of authentication parameters in GitLab Page for GitLab versions 11.5 onwards gives potential attackers the ability to steal a user’s API access token through GitLab Pages.The Daily Swig
January 12, 2021 – Business
Atos to Acquire in Fidem to Reinforce Its Cybersecurity Position in the North American Market Full Text
Abstract
Founded in 2005 and headquartered in Montréal, In Fidem has expertise in cloud security, digital identity, risk management, security operations, digital forensics, and cyber breach response.AIThority
January 12, 2021 – Policy and Law
Europol Reveals Dismantling of ‘Largest’ Underground Marketplace Full Text
Abstract
Europol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace’s infrastructure, including more than 20 servers.Threatpost
January 12, 2021 – Vulnerabilities
Facebook Awards Big Bounties for Invisible Post and Account Takeover Vulnerabilities Full Text
Abstract
Bug bounty hunter Pouya Darabi discovered that an attacker could have created invisible posts on a Facebook page, including verified pages, without having any permissions on the targeted page.Security Week
January 12, 2021 – Vulnerabilities
Computer science student finds a bug in YouTube that allows users to watch private videos Full Text
Abstract
The bug was fixed in January 2020, after it was identified in December 2019, by David Schütz, a computer science student in Hungary, and reported to Google through the company's bug bounty program.The Register
January 12, 2021 – General
Twitter Cites Capitol Protests in Suspension of 70,000 User Accounts Full Text
Abstract
Social networking giant begins permanent suspension of accounts associated with QAnonInfosecurity Magazine
January 12, 2021 – Attack
Mimecast discloses Microsoft 365 SSL certificate compromise Full Text
Abstract
Email security company Mimecast has disclosed today that a "sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services.BleepingComputer
January 12, 2021 – General
Signal’s Downloads Up 4200% Full Text
Abstract
Surge in downloads of messaging apps Signal and TelegramInfosecurity Magazine
January 12, 2021 – Malware
This Android malware claims to give hackers full control of your smartphone Full Text
Abstract
The 'Rogue' RAT infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as financial data.ZDNet
January 12, 2021 – Privacy
Location Data from Muslim Prayer App Sold to Data Broker Full Text
Abstract
Revelation has led to fears the information could be abusedInfosecurity Magazine
January 12, 2021 – Breach
Ethical Hackers Breach U.N., Access 100,000 Private Records Full Text
Abstract
Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program.Threatpost
January 12, 2021 – Malware
New Sunspot malware found while investigating SolarWinds hack Full Text
Abstract
Cybersecurity firm CrowdStrike has discovered the malware used by the SolarWinds hackers to inject backdoors in Orion platform builds during the supply-chain attack that led to the compromise of several companies and government agencies.BleepingComputer
January 12, 2021 – Business
Microsoft Sysmon adds support for detecting Process Herpaderping attacks Full Text
Abstract
Microsoft has released a new version of the Sysinternals package and updated the Sysmon utility with the ability to detect Process Herpaderping and Process Hollowing attacks.ZDNet
January 12, 2021 – Government
Efforts to secure elections likely to gain ground in Democrat-controlled Congress Full Text
Abstract
Efforts to boost election security are likely to gain traction in the new Congress, as Democrats who have pushed for election reform take control of both chambers and the White House.The Hill
January 12, 2021 – Privacy
Warning — 5 New Trojanized Android Apps Spying On Users In Pakistan Full Text
Abstract
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Porta l, a Muslim prayer-clock app called Pakistan Salat Time , Mobile Packages Pakistan , Registered SIMs Checker , and TPL Insurance , the malicious variants have been found to obfuscate their operations to stealthily download a payload in the form of an Android Dalvik executable (DEX) file. "The DEX payload contains most of the malicious features, which include the ability to covertly exfiltrate sensitive data like the user's contact list and the full contents of SMS messages," Sophos threat researchers Pankaj Kohli and Andrew Brandt said. "The app then sends this information to one of a small number of command-and-control websites hosted on servers located in eastern Europe." Interestingly, tThe Hacker News
January 12, 2021 – General
Two-Thirds of Employees Don’t Consider Security Whilst Home Working Full Text
Abstract
Lack of awareness over security impact of home workingInfosecurity Magazine
January 12, 2021 – Malware
Sunspot, the third malware involved in the SolarWinds supply chain attack Full Text
Abstract
Cybersecurity firm CrowdStrike announced to have discovered a third malware strain, named Sunspot, directly involved in the SolarWinds supply chain attack. According to a new report published by the cybersecurity firm Crowdstrike, a third malware,...Security Affairs
January 12, 2021 – General
SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack Full Text
Abstract
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.Dark Reading
January 12, 2021 – Malware
Experts Sound Alarm On New Android Malware Sold On Hacking Forums Full Text
Abstract
Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages. The vendor, who goes by the name of " Triangulum " in a number of darknet forums, is alleged to be a 25-year-old man of Indian origin, with the individual opening up shop to sell the malware three years ago on June 10, 2017, according to an analysis published by Check Point Research today. "The product was a mobile RAT, targeting Android devices and capable of exfiltration of sensitive data from a C&C server, destroying local data – even deleting the entire OS, at times," the researchers said. An Active Underground Market for Mobile Malware Piecing together Triangulum's trail of activities, tThe Hacker News
January 12, 2021 – Breach
New Zealand Central Bank Breach Hit Other Companies Full Text
Abstract
Third-party file-sharing service from Accellion was targetedInfosecurity Magazine
January 12, 2021 – Breach
Networking and IoT Device Vendor Ubiquiti Networks Informs Customers of Data Breach Full Text
Abstract
"We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider," Ubiquiti said in emails sent to customers today.ZDNet
January 12, 2021 – Malware
Third Malware Strain Discovered as Part of SolarWinds Attack Full Text
Abstract
Sunspot used to inject Sunburst into Orion platform, says CrowdStrikeInfosecurity Magazine
January 12, 2021 – Ransomware
US Rail Operator OmniTRAX Impacted by Conti Ransomware Attack on its Parent Firm Broe Group Full Text
Abstract
Colorado-based short line rail operator and logistics provider OmniTRAX was hit by a recent ransomware attack and data theft that targeted its corporate parent, Broe Group.Yahoo! Finance
January 12, 2021 – Breach
Chinese Startup Leaks Social Profiles of 214 Million Users Full Text
Abstract
Cloud configuration snafu exposes scraped dataInfosecurity Magazine
January 12, 2021 – General
Biometric security technology could see growth in 2021 Full Text
Abstract
Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits.Tech Target
January 12, 2021 – General
Big Tech Bans Social Networking App Full Text
Abstract
Google, Apple, Amazon suspend appInfosecurity Magazine
January 12, 2021 – Privacy
Chinese Firm Socialarks Exposes Scraped Data of Over 200 Million Facebook, Instagram, and LinkedIn Users Full Text
Abstract
The company’s unsecured ElasticSearch database contained personally identifiable information (PII) from at least 214 million people from around the world using Facebook, Instagram, and LinkedIn.Safety Detectives
January 12, 2021 – Government
More federal victims of SolarWinds hacking likely to come forward, CISA chief says Full Text
Abstract
The number of U.S. federal agencies confirmed to have been breached in a suspected Russian espionage campaign will likely increase as the investigation continues, the head of the CISA said.Cyberscoop
January 12, 2021 – Malware
Third Malware Strain Sunspot Discovered in SolarWinds Supply Chain Attack Full Text
Abstract
CrowdStrike, one of the companies directly involved in investigating the SolarWinds supply chain attack, said today it identified a third malware strain directly involved in the recent hack.ZDNet
January 12, 2021 – Breach
New Zealand Central Bank System Hacked – Sensitive Information Accessed Full Text
Abstract
New Zealand’s central bank said Sunday that one of its data systems has been breached by an unidentified hacker who potentially accessed...Cyber Security News
January 12, 2021 – General
Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups Full Text
Abstract
Early-stage UK cyber-companies see funding fall by 96% since COVID-19 lockdownsInfosecurity Magazine
January 12, 2021 – General
From risk mitigation to business enabler: The role of CISOs in 2021 Full Text
Abstract
In 2021, CISOs and their security teams can expect to continue to show how vital their role is from risk mitigation to ROI, as they tackle challenges of supply chain hacks, ransomware, WFH, and more.CIO
January 12, 2021 – Ransomware
Bitdefender releases free decrypter for Darkside ransomware Full Text
Abstract
Security firm Bitdefender released a tool that allows victims of the Darkside ransomware to recover their files without paying the ransom. Good news for the victims of the Darkside ransomware, they could recover their files for free using a tool that...Security Affairs
January 12, 2021 – Business
SolarWinds details stealthy code used to launch hacking campaign Full Text
Abstract
The code was designed to inject another piece of custom malicious software into Orion, the SolarWinds software used by numerous Fortune 500 companies and federal agencies.Cyberscoop
January 12, 2021 – General
Why The Latest Cyberattack Was Different Full Text
Abstract
By compromising powerful governments and businesses, including some of the most successful technology companies, the SolarWinds exploit shatters the illusion of information security.Foreign Policy
January 12, 2021 – Breach
Juspay Hacked – Over 100 Million Users Data Leaked in Dark web Full Text
Abstract
The cybersecurity researchers have recently detected a data breach of Juspay's servers. And according to the experts' report, in this data breach,...Cyber Security News
January 11, 2021 – Malware
Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor Full Text
Abstract
As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform. Called " Sunspot ," the backdoor adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop. "This highly sophisticated and novel code was designed to inject the Sunburst malicious code into the SolarWinds Orion Platform without arousing the suspicion of our software development and build teams," SolarWinds' new CEO Sudhakar Ramakrishna explained . While preliminary evidence found that operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, the latest findings reveal a new timeline that establishes the first breach ofThe Hacker News
January 11, 2021 – Ransomware
Intel adds hardware-based ransomware detection to 11th gen CPUs Full Text
Abstract
Intel announced today at CES 2021 that they have added hardware-based ransomware detection to their newly announced 11th generation Core vPro business-class processors.BleepingComputer
January 11, 2021 – General
Longer-term Cybersecurity Implications of the Occupation of the Capitol—Beware of Fake Leaks Full Text
Abstract
There are many consquences of the rioters taking computers from Member's offices.Lawfare
January 11, 2021 – General
Hillicon Valley: Parler sues Amazon, asks court to reinstate platform | Twitter stock falls after Trump ban | Facebook pauses political spending in wake of Capitol attack Full Text
Abstract
PARLER VS AMAZON: Parler sued Amazon Monday after the company’s web hosting service dropped the controversial social media platform.The Hill
January 11, 2021 – General
‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform Full Text
Abstract
Users naïvely trust workplace communications platforms, despite phishing and impersonation threats.SCMagazine
January 11, 2021 – Ransomware
DarkSide decryptor unlocks systems without ransom payment – for now Full Text
Abstract
The decryptor works for all current DarkSide infections, but that will likely change soon as the group reacts and adapts to the disclosure.SCMagazine
January 11, 2021 – Breach
Ubiquiti discloses a data breach Full Text
Abstract
American technology company Ubiquiti Networks is disclosed a data breach and is notifying its customers via email. American technology vendor Ubiquiti Networks suffered a data breach and is sending out notification emails to its customers asking them...Security Affairs
January 11, 2021 – APT
Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group Full Text
Abstract
While researchers may want to invest time and energy towards attributing the latest high-profile attack to a particular adversary, more productive is the ability to see similarities in the underlying techniques employed in the attack were to prior attacks.SCMagazine
January 11, 2021 – Malware
Microsoft Sysmon now detects malware process tampering attempts Full Text
Abstract
Microsoft has released Sysmon 13 with a new security feature that detects if a process has been tampered using process hollowing or process herpaderping techniques.BleepingComputer
January 11, 2021 – Government
Feds will weigh whether cyber best practices were followed when assessing HIPAA fines Full Text
Abstract
Organizations that can show they did their due diligence in protecting medical information will be better off, should a breach occur.SCMagazine
January 11, 2021 – Phishing
Aliens and UFOs: A Final Frontier for Social Engineers Full Text
Abstract
The release of a CIA archive on UFOs is exactly the kind of headline-making event that phishing and scam actors long for.Threatpost
January 11, 2021 – Business
Microsoft releases Linux endpoint detection and response features Full Text
Abstract
Microsoft announced today that Microsoft Defender for Endpoint's detection and response (EDR) capabilities are now generally available on Linux servers.BleepingComputer
January 11, 2021 – APT
Connecting the dots between SolarWinds and Russia-linked Turla APT Full Text
Abstract
Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla's backdoor Kazuar. Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds...Security Affairs
January 11, 2021 – General
Longer-term Cybersecurity Implications of the Occupation of the Capitol—Beware of Fake Leaks Full Text
Abstract
There are many consquences of the rioters taking computers from Member's offices.Lawfare
January 11, 2021 – Business
Francisco Partners Completes Forcepoint Acquisition Full Text
Abstract
Global investment firm acquires cybersecurity vendor from Raytheon TechnologiesInfosecurity Magazine
January 11, 2021 – General
Researcher Builds Parler Archive Amid Amazon Suspension Full Text
Abstract
A researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google.Threatpost
January 11, 2021 – Breach
Networking giant Ubiquiti alerts customers of potential data breach Full Text
Abstract
Networking device maker Ubiquiti has announced a security incident that may have exposed its customers' data.BleepingComputer
January 11, 2021 – Education
(ISC)² Offers Online Exam Proctoring Full Text
Abstract
Online (ISC)² exam proctoring pilot program for cybersecurity certifications launches todayInfosecurity Magazine
January 11, 2021 – General
More Cybersecurity Problems After the Riot on the Capitol Full Text
Abstract
What devices and computers did the mob physically access during their breach of the countless desks and offices in the Capitol—And how did they use that access?Lawfare
January 11, 2021 – Breach
70TB of Parler Users’ Data Leaked by Security Researchers Full Text
Abstract
Parler, a social network platform in the news lately, has been hit by a massive data scrape. Security researchers collected swaths of user data before the network went dark Monday morning after Amazon, Google, and Apple booted the platform.Cyber News
January 11, 2021 – General
Windows 10 hardware security enabled by default on new Surface PC Full Text
Abstract
Microsoft has unveiled today the new Surface Pro 7+ for enterprise and educational customers, an ultra-light 2-in-1 device which comes with Windows Enhanced Hardware Security features enabled by default.BleepingComputer
January 11, 2021 – APT
SolarWinds Hack Potentially Linked to Turla APT Full Text
Abstract
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.Threatpost
January 11, 2021 – Malware
Mac malware uses ‘run-only’ AppleScripts to evade analysis Full Text
Abstract
A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it.BleepingComputer
January 11, 2021 – Ransomware
DarkSide ransomware decryptor recovers victims’ files for free Full Text
Abstract
Romanian cybersecurity firm Bitdefender has released a free decryptor for the DarkSide ransomware to allow victims to recover their files without paying a ransom.BleepingComputer
January 11, 2021 – Ransomware
Free decrypter released for victims of Darkside ransomware Full Text
Abstract
Cybersecurity firm Bitdefender has released today a free tool that can help victims of the Darkside ransomware recover their encrypted files for free, without paying the ransom demand.ZDNet
January 11, 2021 – Breach
Communauto hit by cyber attack Full Text
Abstract
“This cyber attack has … brought many of our activities to a halt, and this explains some delays in the management of accounts payable and invoicing,” Communauto CEO Benoît Robert said in a statement.Montreal Gazette
January 11, 2021 – Business
Accenture Acquires Real Protect, Brazil-Based Information Security Company Full Text
Abstract
Accenture has acquired Real Protect, a Brazil-based provider of managed security and cyber defense services (MSS), extending its cybersecurity presence and capabilities in Latin America.Yahoo! Finance
January 11, 2021 – Breach
1 million highly sensitive pictures leaked by Korean teen dating app Full Text
Abstract
CyberNews recently discovered an unsecured database that contains more than 1 million private photos, which appears to belong to the free Korean dating app ??? (aka Sweet Chat).CyberNews
January 11, 2021 – Vulnerabilities
Typeform fixes Zendesk Sell form data hijacking vulnerability Full Text
Abstract
Online survey and form creator Typeform has quietly patched a data hijacking vulnerability in its Zendesk Sell integration. If exploited, the vulnerability could let attacks redirect the form submissions containing potentially sensitive information to themselves.BleepingComputer
January 11, 2021 – Business
Bridewell Appoints Martin Riley as Director of Managed Security Services Full Text
Abstract
Riley will be responsible for growing Bridewell’s managed security service portfolioInfosecurity Magazine
January 11, 2021 – General
SolarWinds hack is the perfect foreword to new book on history’s biggest breaches Full Text
Abstract
SC Media spoke to author and former CISO Neil Daswani about his upcoming new book “Big Breaches: Cybersecurity Lessons for Everyone.”SCMagazine
January 11, 2021 – APT
Sunburst backdoor shares features with Russian APT malware Full Text
Abstract
Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows feature overlaps with Kazuar, a .NET backdoor tentatively linked to the Russian Turla hacking group.BleepingComputer
January 11, 2021 – Malware
xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement Full Text
Abstract
The actor used the BumbleBee webshell to upload and download files to and from the compromised Exchange server, but more importantly, to move laterally to other servers on the network.Palo Alto Networks
January 11, 2021 – Policy and Law
Russian hacker Andrei Tyurin sentenced to 12 years in prison Full Text
Abstract
A U.S. court on Thursday sentenced the Russian hacker Andrei Tyurin to 12 years in prison for his role in an international hacking campaign. A U.S. court sentenced this week Andrei Tyurin (37) to 12 years in prison for carrying out an international...Security Affairs
January 11, 2021 – General
Strike a chord: What cybersecurity can learn from music Full Text
Abstract
Cybersecurity as an industry must also look to harness the power of storytelling and so that it can become more relatable for the audience and make the subject matter easier to understand.Help Net Security
January 11, 2021 – Malware
Researchers Find Links Between Sunburst and Russian Kazuar Malware Full Text
Abstract
Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar , a .NET-based malware first documented by Palo Alto Networks in 2017. Disclosed early last month, the espionage campaign was notable for its scale and stealth, with the attackers leveraging the trust associated with SolarWinds Orion software to infiltrate government agencies and other companies so as to deploy a custom malware codenamed "Sunburst." Shared Features Between Sunburst and Kazuar Attribution for the SolarWinds supply-chain compromise has been difficult in part due to little-to-no clues linking the attack infrastructure to previous campaigns or other well-known threat groups. But Kaspersky's latest analysis of thThe Hacker News
January 11, 2021 – Government
A Role for the Vulnerabilities Equities Process in Securing Software Supply Chains Full Text
Abstract
The Biden administration has an important opportunity to rebuild and sustain trust in the software ecosystem by reforming the government vulnerability disclosure process into a more transparent and frequently used system.Lawfare
January 11, 2021 – Ransomware
Ragnar Locker Ransomware Attack Impacts Employee Records at Dassault Falcon Jet Full Text
Abstract
The incident also exposed information belonging to employees’ spouses and dependents, states the notice of data breach sent by the US subsidiary of French aerospace company Dassault Aviation.Security Affairs
January 11, 2021 – Privacy
WhatsApp group chat links seen again on Google Search Full Text
Abstract
WhatsApp is making several private groups available across the Web by indexing group chat invites, as their links can be accessed by anyone using a simple search on Google.The Times Of India
January 11, 2021 – Breach
Cybercriminals Accessed File Sharing Service Used by Reserve Bank of New Zealand Full Text
Abstract
New Zealand’s central bank says that one of its data systems has been breached by an unidentified hacker who potentially accessed commercially and personally sensitive information.The Guardian
January 11, 2021 – Government
US Announces Controversial State Department Cyber-Bureau Full Text
Abstract
Pompeo green lights CSET at eleventh hourInfosecurity Magazine
January 11, 2021 – Breach
Experts found gained access to the Git Repositories of the United Nations Full Text
Abstract
Researchers obtained gained access to the Git Repositories belonging to the United Nations, exposing staff records and credentials. The research group Sakura Samurai was able to access the repositories of the United Nations as part of the Vulnerability...Security Affairs
January 11, 2021 – Vulnerabilities
SQL injection: The bug that seemingly can’t be squashed Full Text
Abstract
It’s a common vulnerability that, despite being easily remedied, continues to plague our software and, if left undetected, provides a small window of opportunity to potential attackers.Help Net Security
January 11, 2021 – Breach
Over 100,000 UN Employee Records Accessed by Researchers Full Text
Abstract
Vulnerabilities allowed team to exfiltrate Git credentialsInfosecurity Magazine
January 11, 2021 – Business
Heather Hinton joins RingCentral as CISO Full Text
Abstract
Hinton previously spent 13 years in various leadership positions at IBM, most recently as vice president and IBM distinguished engineer, and CISO for it’s Cloud and Cognitive Software business unit.Help Net Security
January 11, 2021 – Policy and Law
High Court Rules Against Government Bulk Hacking Full Text
Abstract
Use of general warrants to target large numbers is illegalInfosecurity Magazine
January 11, 2021 – General
Cybersecurity Ethics: Establishing a Code for Your SOC Full Text
Abstract
One of the crucial components to building a successful CSIRT team or SOC are the people pulling the levers of this technology, and the culture in which they have to operate.Security Intelligence
January 11, 2021 – Ransomware
Some ransomware gangs are going after top execs to pressure companies into paying Full Text
Abstract
In recent intrusions, a group that has often used the Clop ransomware strain has been specifically searching for workstations inside a breached company that are used by its top managers.ZDNet
January 11, 2021 – General
HITRUST, AWS and Microsoft Azure publish Shared Responsibility Matrices for cloud security Full Text
Abstract
Developed with Amazon Web Services (AWS) and Microsoft Azure, each new HITRUST Shared Responsibility Matrix aligns with the cloud service provider's unique solution offering.Help Net Security
January 11, 2021 – Breach
United Nations data breach exposed over 100k UNEP staff records Full Text
Abstract
This week, researchers have responsibly disclosed a vulnerability by exploiting which they could access over 100K private records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories which let researchers clone Git repositories and gather PII of a large number of employees.BleepingComputer
January 11, 2021 – Malware
Source code for malware that targets Qiui Cellmate device was leaked online Full Text
Abstract
The source code for the ChastityLock ransomware that was used in attacks aimed at the users of the Qiui Cellmate adult toy is now publicly available. Recently a family of ransomware was observed targeting the users of the Bluetooth-controlled Qiui...Security Affairs
January 11, 2021 – Malware
Fake Trump’s Scandal Video Used to Deliver QNode Malware Full Text
Abstract
The cybersecurity researchers at Trustwave have identified a new Mailspam campaign while reviewing a spam trap. However, this campaign shares a remote...Cyber Security News
January 10, 2021 – Breach
New Zealand Reserve Bank suffers data breach via hacked storage partner Full Text
Abstract
The Reserve Bank of New Zealand, known as Te Pūtea Matua, has suffered a data breach after threat actors hacked a third-party hosting partner.BleepingComputer
January 10, 2021 – General
It is time to re-evaluate Cyber-defence solutions Full Text
Abstract
Security expert Stefan Umit Uygur, CEO and Co-Founder at 4Securitas Ltd, provided his vision about the Cyber-defence solutions on the market Just where is the Global Cyber-defense Market going, and why is it failing so spectacularly to protect the data...Security Affairs
January 10, 2021 – Ransomware
The Ransomware-Laden First Week of 2021 Full Text
Abstract
Looking at several organizations disclosing ransomware attacks at the beginning of the new year, the FBI issued a Private Industry Notification (PIN) warning private companies of Egregor ransomware attacks.Cyware Alerts - Hacker News
January 10, 2021 – Malware
Golang-based Malware Trends Among Cyberattackers Full Text
Abstract
The multi-variate language enables a single malware codebase to be compiled into versions for all major operating systems such as Linux, Windows, and Mac.Cyware Alerts - Hacker News
January 10, 2021 – Attack
New Zealand central bank hit by a cyber attack Full Text
Abstract
A cyber attack hit the New Zealand central bank, sensitive information has been potentially accessed by the intruders The New Zealand central bank announced today that a cyber attack hit its infrastructure. According to the Government organization,...Security Affairs
January 10, 2021 – General
Security Affairs newsletter Round 296 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. NCA arrested 21 customers of the WeLeakInfo serviceOver 200 million records of Chinese Citizens...Security Affairs
January 10, 2021 – General
Profiling Cyber Threat Modeling Methodologies to Secure IT Infrastructure Full Text
Abstract
Introduction Threat modeling is a systematic framework by which IT professionals can classify possible security threats and vulnerabilities, measure...Cyber Security News
January 10, 2021 – Botnet
TeamTNT botnet now steals Docker API and AWS credentials Full Text
Abstract
Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The...Security Affairs
January 10, 2021 – Privacy
WhatsApp Privacy Updates Force Users to Agree on New Privacy Policy to Continue Using The App Full Text
Abstract
Whatsapp is one of the famous messaging apps that have Billions of users, and we all know that Facebook owns Whatsapp, and...Cyber Security News
January 09, 2021 – Ransomware
Hacker used ransomware to lock victims in their IoT chastity belt Full Text
Abstract
The source code for the ChastityLock ransomware that targeted male users of a specific adult toy is now publicly available for research purposes.BleepingComputer
January 9, 2021 – Hacker
Hackers are Silently Piercing Through Retail Organizations Full Text
Abstract
The boom in online shopping has made the retail sector vulnerable to cyberattacks. A trend has been observed in how attackers are targeting users and pilfering card data.Cyware Alerts - Hacker News
January 09, 2021 – Government
Cyber czar to draw on new powers from defense bill Full Text
Abstract
New authorities from the recently enacted defense bill are expected to help the U.S. government in its response to the SolarWinds hack believed to be perpetrated by Russia.The Hill
January 9, 2021 – Hacker
Thallium Hacker Targeted Users of Private Stock Investment Messenger Full Text
Abstract
Researchers reported a supply chain attack campaign by a North Korean APT group aimed at the users of a private stock investment service.Cyware Alerts - Hacker News
January 9, 2021 – Ransomware
Dassault Falcon Jet hit by Ragnar Locker ransomware gang Full Text
Abstract
Dassault Falcon Jet has disclosed a data breach that exposed personal information belonging to current and former employees. In December Dassault, Dassault Falcon Jet (DFJ) was the victim of a cyber attack that may have exposed personal information...Security Affairs
January 9, 2021 – Hacker
SolarWinds hackers also used common hacker techniques, CISA revealed Full Text
Abstract
CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks. Cybersecurity and Infrastructure Security Agency (CISA) revealed that threat actors behind the SolarWinds supply chain attack...Security Affairs
January 09, 2021 – Government
Space Force joins US Intelligence Community to secure outer space Full Text
Abstract
Director of National Intelligence John Ratcliffe announced that the US Space Force (USSF) is the ninth Department of Defense component to join the US Intelligence Community (IC).BleepingComputer
January 9, 2021 – Business
Twitter has permanently suspended the account of President Donald Trump Full Text
Abstract
Twitter has permanently suspended the account of President Donald Trump on Friday, due to the risk of further incitement of violence. Twitter has permanently suspended President Donald Trump's account fearing his tweets may trigger a new wave of violence. In...Security Affairs
January 9, 2021 – Ransomware
FBI Warns of Egregor Ransomware Targets Businesses Worldwide Full Text
Abstract
Egregor Ransomware targets businesses worldwide, attempting to extort businesses by publicly releasing Exfiltrated Data. The US Federal Bureau of...Cyber Security News
January 9, 2021 – Malware
Emotet remains the biggest malicious threat to your network in 2021 Full Text
Abstract
A malicious spam campaign that targeted over a hundred thousand users a day over Christmas and New Year has seen Emotet secure its spot as the most prolific malware threat.ZDNet
January 9, 2021 – Government
State Department creates bureau to reduce ‘likelihood of cyber conflict’ Full Text
Abstract
Secretary of State Mike Pompeo announced on Thursday the creation of a new bureau inside the US Department of State dedicated to addressing cybersecurity as part of the US' foreign policy and diplomatic efforts.ZDNet
January 9, 2021 – Hacker
CISA: SolarWinds hackers also used password guessing to breach targets Full Text
Abstract
CISA said that the threat actor behind the SolarWinds hack also used password guessing and password spraying attacks to breach targets as part of its recent hacking campaign and didn't always rely on trojanized updates as its initial access vector.ZDNet
January 9, 2021 – Botnet
A crypto-mining botnet is now stealing Docker and AWS credentials Full Text
Abstract
Researchers have linked the botnet to a cybercrime operation known as TeamTNT; a group first spotted over the 2020 summer installing cryptocurrency-mining malware on misconfigured container platforms.ZDNet
January 08, 2021 – General
Hillicon Valley: Twitter permanently suspends Michael Flynn, Sidney Powell and others | Laptop stolen from Pelosi’s office during Capitol riots | Reddit bans r/DonaldTrump forum Full Text
Abstract
(BELATED) QANON CRACKDOWN: Twitter on Friday permanently suspended the accounts of three major sources of QAnon content: former national security adviser Michael Flynn, Pro-Trump lawyer Sidney Powell and former 8kun administrator Ron Watkins.The Hill
January 08, 2021 – Ransomware
The Week in Ransomware - January 8th 2021 - $150 million Full Text
Abstract
Even though the holidays are over in many countries, it has been a very quiet week for ransomware. Unfortunately, ransomware activity will likely pick up shortly.BleepingComputer
January 8, 2021 – Business
Legal recourse? Nissan balances competitive and security fallout from source code leak Full Text
Abstract
News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.SCMagazine
January 8, 2021 – Vulnerabilities
Nvidia releases security updates for GPU display driver and vGPU flaws Full Text
Abstract
Nvidia has released security updates to address high-severity vulnerabilities affecting the Nvidia GPU display driver and vGPU software. Nvidia has addressed a total of 16 flaws, including high-severity vulnerabilities affecting the Nvidia GPU display...Security Affairs
January 8, 2021 – Malware
Malware variant becomes world’s most popular, thanks to ransomware surge Full Text
Abstract
Ransomware actors are laundering hundreds of millions of dollars through pseudo-legitimate cryptocurrency exchanges, while early-stage malware that is often used to facilitate their attacks have become the most popular forms of malware in the world.SCMagazine
January 8, 2021 – Malware
Malicious Software Infrastructure Easier to Get and Deploy Than Ever Full Text
Abstract
Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces.Threatpost
January 8, 2021 – Malware
FBI Warns of Egregor Attacks on Businesses Worldwide Full Text
Abstract
The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior.Threatpost
January 8, 2021 – Ransomware
Ryuk Rakes in $150M in Ransom Payments Full Text
Abstract
An examination of the malware gang’s payments reveals insights into its economic operations.Threatpost
January 08, 2021 – Criminals
Laptop stolen from Pelosi’s office during Capitol riots Full Text
Abstract
An aide for Speaker Nancy Pelosi (D-Calif.) said Friday that a laptop was stolen from the Speaker's office during the riots in the Capitol earlier this week, adding to existing security concerns.The Hill
January 8, 2021 – Policy and Law
JPMorgan Chase Hacker Gets 12 Years Full Text
Abstract
US locks up Russian who hacked major financial institutions to steal dataInfosecurity Magazine
January 08, 2021 – Ransomware
Dassault Falcon Jet reports data breach after ransomware attack Full Text
Abstract
Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.BleepingComputer
January 8, 2021 – Government
Welcome Bureau of Cyberspace Security and Emerging Technologies (CSET) Full Text
Abstract
United States Department of State approved the creation of the Bureau of Cyberspace Security and Emerging Technologies (CSET). The United States Secretary of State Mike Pompeo approved the creation of the Bureau of Cyberspace Security and Emerging...Security Affairs
January 8, 2021 – Ransomware
2021 Sees its First Ransomware Family Full Text
Abstract
Researchers uncovered a new ransomware family called Babuk that has successfully encrypted systems of at least five online gambling companies in the first half of 2020.Cyware Alerts - Hacker News
January 8, 2021 – Ransomware
Ransomware Attack Costs Health Network $1.5m a Day Full Text
Abstract
October ransomware attack is costing Vermont health network millions in lost revenueInfosecurity Magazine
January 8, 2021 – Business
Red Hat to Acquire StackRox Full Text
Abstract
Kubernetes-native security startup StackRox to be acquired by open source solution provider Red HatInfosecurity Magazine
January 8, 2021 – APT
China-linked APT Groups Picking on Ransomware Attacks Full Text
Abstract
Security researchers shed a light on an investigation report involving financially-motivated ransomware actors from China targeting multiple companies.Cyware Alerts - Hacker News
January 8, 2021 – Malware
President Trump-themed Malspam Email Delivers QRat trojan Full Text
Abstract
Cybersecurity researchers revealed a new QRat malspam campaign purporting to contain a scandalous video of the U.S. President Donald Trump.Cyware Alerts - Hacker News
January 8, 2021 – Vulnerabilities
Linux machines again targeted by hackers with new memory loader Full Text
Abstract
The Ezuri loader filelessly executes malware on Linux machines from memory, using a technique that is more common in Windows.SCMagazine
January 08, 2021 – Attack
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys Full Text
Abstract
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it. The vulnerability (tracked as CVE-2021-3011 ) allows the bad actor to extract the encryption key or the ECDSA private key linked to a victim's account from a FIDO Universal 2nd Factor (U2F) device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections. "The adversary can sign in to the victim's application account without the U2F device, and without the victim noticing," NinjaLab researchers Victor Lomne and Thomas Roche said in a 60-page analysis. "In other words the adversary created a clone of the U2F device for the victim's application account. This clThe Hacker News
January 8, 2021 – Breach
Unsecured Git server exposed Nissan North America Full Text
Abstract
A misconfigured Git server is the root cause for the leak of source code of mobile apps and internal tools belonging to Nissan North America. A misconfigured Git server has caused the leak of the source code of mobile apps and internal software used...Security Affairs
January 8, 2021 – Vulnerabilities
Investigation launched into vulnerabilities found within US Judiciary case file system Full Text
Abstract
With the investigation ongoing, Judiciary said federal courts across the country will be adding new security procedures aimed at protecting highly sensitive confidential documents filed with courts.ZDNet
January 08, 2021 – Vulnerabilities
NVIDIA fixes high severity flaws affecting Windows, Linux devices Full Text
Abstract
NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software.BleepingComputer
January 8, 2021 – Malware
December 2020’s Most Wanted Malware: Emotet Returns as Top Malware Threat Full Text
Abstract
First identified in 2014, Emotet has been regularly updated by its developers. The DHS has estimated that each incident involving Emotet costs organizations upwards of $1 million dollars to rectify.Check Point Research
January 08, 2021 – Hacker
ALERT: North Korean hackers targeting South Korea with RokRat Trojan Full Text
Abstract
A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT). "The file contains an embedded macro that uses a VBA self decoding technique to decode itself within the memory spaces of Microsoft Office without writing to the disk. It then embeds a variant of the RokRat into Notepad," the researchers noted in a Wednesday analysis. Believed to be active at least since 2012, the Reaper APT is known for its focus on public and private entities primarily in South Korea, such as chemicals, electronics, manufacturing, aerospace, automotive, and healthcare entities. Since then, their victimization has expanded beyond the Korean peninsula to includeThe Hacker News
January 8, 2021 – Malware
Emotet Tops Malware Charts in December After Reboot Full Text
Abstract
Check Point reveals Trojan has had another makeoverInfosecurity Magazine
January 8, 2021 – Malware
Minecraft-Themed Fleeceware Apps Hide Steep Fees Full Text
Abstract
A fleeceware app isn’t traditional Android malware in the sense that it doesn’t contain malicious code. Instead, the threat comes from excessive subscription fees that it might not clearly advertise.Security Intelligence
January 8, 2021 – Business
Ping Identity Appoints Acclaimed CIO Paul Martin to Board of Directors Full Text
Abstract
Martin will help security firm enhance leadership strategy and IT innovationInfosecurity Magazine
January 8, 2021 – Business
RedHat is acquiring container security company StackRox Full Text
Abstract
The acquisition fits nicely with RedHat OpenShift, its container platform, but the company says it will continue to support StackRox usage on other platforms including AWS, Azure, and GCP.TechCrunch
January 8, 2021 – Ransomware
Ryuk Ransomware Attackers Have Made $150m Full Text
Abstract
Crime pays for infamous extortionists, researchers claimInfosecurity Magazine
January 8, 2021 – Malware
Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020 Full Text
Abstract
The penetration testing toolkits have been used to host more than a quarter of all the malware C&C servers deployed in 2020, threat intelligence firm Recorded Future said in a report today.ZDNet
January 8, 2021 – Phishing
We got used to SMS notifications and phishers are capitalizing on it Full Text
Abstract
The fake messages impersonate payment, package delivery and streaming services, government and healthcare organizations, popular IT providers, online retailers, hospitality organizations, and so on.Help Net Security
January 8, 2021 – Malware
Meet Oski Stealer: An In-depth Analysis of the Popular Credential Stealer Full Text
Abstract
The “customers,” also known as the attackers, contact Oski authors on underground forums to purchase the malware and, once purchased, they configure it and distribute it to their victims.Cyberark
January 8, 2021 – Ransomware
FBI Warns Private Sector Companies of Egregor Ransomware Attacks Full Text
Abstract
The Egregor ransomware first appeared on the threat landscape in September 2020, since then the gang claimed to have compromised over 150 firms, including Barnes and Noble, Kmart, Ubisoft, and more.Security Affairs
January 8, 2021 – Business
archTIS acquires Nucleus Cyber to expand global footprint Full Text
Abstract
According to the terms of the agreement, archTIS will acquire a 100 percent stake in Nucleus Cyber in an all-stock deal for a total consideration of around US$7.1 million.Help Net Security
January 8, 2021 – Malware
Ezuri memory loader used in Linux and Windows malware Full Text
Abstract
Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims' memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader...Security Affairs
January 8, 2021 – Vulnerabilities
Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 87 Update Full Text
Abstract
The most important of these use-after-free issues affect autofill, drag and drop, and media components, and are tracked as CVE-2021-21106, CVE-2021-21107, and CVE-2021-21108, respectively.Security Week
January 8, 2021 – Business
CEO Refutes Reports of Involvement in SolarWinds Campaign Full Text
Abstract
JetBrains boss Shafirov says no evidence of compromise in TeamCity toolInfosecurity Magazine
January 8, 2021 – Business
Owl Cyber Defense Solutions acquires Trident’s Assured Collaboration Systems Full Text
Abstract
Columbia, Maryland-based cybersecurity company Owl Cyber Defense Solutions LLC announced Tuesday it has acquired Fairfax-based Trident’s Assured Collaboration Systems (ACS) product line.Virginia Business
January 08, 2021 – Breach
Nissan NA source code leaked due to default admin:admin credentials Full Text
Abstract
Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials.BleepingComputer
January 8, 2021 – Vulnerabilities
Researchers Break Google Audio reCAPTCHA with Google’s own Speech to Text API Full Text
Abstract
The cybersecurity researcher Nikolai Tschacherthe has recently posted a proof-of-concept (POC) video of an attack that Breaks Google Audio reCAPTCHA with Google's...Cyber Security News
January 8, 2021 – Hacker
‘Earth Wendigo’ Hackers Exfiltrate Emails Through JavaScript Backdoor Full Text
Abstract
A newly identified malware attack campaign has been exfiltrating emails from targeted organizations using a JavaScript backdoor injected into a webmail system widely used in Taiwan.Security Week
January 8, 2021 – Vulnerabilities
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking Full Text
Abstract
Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.Threatpost
January 8, 2021 – Covid-19
What’s Trending? COVID-19 Vaccine Scams Full Text
Abstract
COVID-19 vaccines have been approved in some countries while many are conducting their trials. Cybercriminals are taking advantage of these much-awaited developments to steal credential and payment data from unsuspecting users.Cyware Alerts - Hacker News
January 8, 2021 – Ransomware
RansomExx newer variants adapted to Attack Linux servers Full Text
Abstract
RansomExx is a ransomware variant responsible for several high-profile attacks in 2020 and has revealed signs of further development and unhampered activity.Cyber Security News
January 7, 2021 – Government
Biden’s pick as White House cyber czar provides critical federal leadership and diversity Full Text
Abstract
When Joe Biden assumes the presidency 13 days from now, as government grapples with fallout from the SolarWinds breach and an attack on the U.S. Capitol, veteran intelligence expert Anne Neuberger likely will be by his side as deputy national security advisor for cybersecurity on the National Security Council (NSC). Naming Neuberger to the newly…SCMagazine
January 07, 2021 – Ransomware
Ryuk ransomware Bitcoin wallets point to $150 million operation Full Text
Abstract
Security researchers following the money circuit from Ryuk ransomware victims into the threat actor's pockets estimate that the criminal organization made at least $150 million.BleepingComputer
January 07, 2021 – General
Hillicon Valley: Facebook extends Trump’s suspension at least until Inauguration Day | Trump deletes tweets that led to Twitter lockout | Federal judiciary likely compromised as part of SolarWinds hack Full Text
Abstract
The Hill
January 7, 2021 – Ransomware
FBI alert warns private organizations of Egregor ransomware attacks Full Text
Abstract
The US Federal Bureau of Investigation (FBI) issued a security alert warning private sector companies of Egregor ransomware attacks. The US FBI has issued a Private Industry Notification (PIN) to warn private organizations of Egregor ransomware attacks. The...Security Affairs
January 7, 2021 – Government
CISA discovers SAML token abuse around SolarWinds hack, calls for full rebuild of affected networks Full Text
Abstract
The agency has found evidence of authentication token abuse in networks infected with corrupted versions of Orion software and say restoring integrity will require a full network rebuild in certain cases.SCMagazine
January 07, 2021 – Government
State Department sets up new bureau for cybersecurity and emerging technologies Full Text
Abstract
Secretary of State Mike Pompeo on Thursday approved the creation of a new office at the State Department to address cybersecurity and emerging technologies.The Hill
January 7, 2021 – Malware
Malspam campaign spoofs email chains to install IcedID info-stealer Full Text
Abstract
A phishing campaign has been disguising its spam as an email chain, using messages taken from email clients on previously compromised hosts.SCMagazine
January 7, 2021 – Government
The physical breach of the Capitol building opens a cybersecurity Pandora’s box Full Text
Abstract
The incident, as well as the response among those on Capitol Hill tasked with securing government technology assets, serves as a dramatic and evolving case study for public and private sector entities on the scope of the cybersecurity risk tied to a physical breach.SCMagazine
January 07, 2021 – Hacker
Hacker sells Aurora Cannabis files stolen in Christmas cyberattack Full Text
Abstract
A hacker is selling the data stolen from cannabis giant Aurora Cannabis after breaching their systems on Christmas day.BleepingComputer
January 7, 2021 – Ransomware
Ryuk ransomware operations already made over $150M Full Text
Abstract
The Ryuk ransomware had a disruptive impact on multiple industries around the world, operators already earned more than $150 million. The Ryuk ransomware gang is one of the most prolific criminal operations that caused destruction in multiple industries...Security Affairs
January 7, 2021 – Government
Biden to Appoint Cybersecurity Advisor to NSC – Report Full Text
Abstract
Anne Neuberger will join the National Security Council, according to sources.Threatpost
January 07, 2021 – Government
Warner says foreign adversaries ‘gained more’ from Capitol riot than from SolarWinds hack Full Text
Abstract
Sen. Mark Warner (Va.), the top Democrat and likely incoming chairman of the Senate Intelligence Committee, said Thursday that the nation’s adversaries “gained more” from rioters storming the Capitol than from the recently uncovered massive hack of the federal government.The Hill
January 7, 2021 – Malware
Trump Sex Scandal Video Is a RAT Full Text
Abstract
Cyber-attackers lure victims with promise of sex video starring President TrumpInfosecurity Magazine
January 7, 2021 – Vulnerabilities
Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws Full Text
Abstract
In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.Threatpost
January 07, 2021 – Vulnerabilities
Windows PsExec zero-day vulnerability gets a free micropatch Full Text
Abstract
A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform.BleepingComputer
January 07, 2021 – Criminals
SEO scammer extorts site owners using porn backlinks threat Full Text
Abstract
Website owners are receiving emails threatening to ruin their reputation if they do not post a five-star review for a cryptocurrency exchange.BleepingComputer
January 7, 2021 – Covid-19
Fired Healthcare Exec Stalls Critical PPE Shipment for Months Full Text
Abstract
A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.Threatpost
January 07, 2021 – Government
Federal judiciary likely compromised as part of SolarWinds hack Full Text
Abstract
The U.S. federal judiciary reported this week that it had suffered an “apparent compromise” as part of the recently discovered Russian hack of IT company SolarWinds.The Hill
January 07, 2021 – Government
US Judiciary adds safeguards after potential breach in SolarWinds hack Full Text
Abstract
The Administrative Office of the U.S. Courts is investigating a potential compromise of the federal courts' case management and electronic case files system which stores millions of highly sensitive and confidential judiciary records.BleepingComputer
January 7, 2021 – Government
Army Reserve Gets First Cyber General Full Text
Abstract
United States Army promotes first Army Reserve cyber officer to brigadier generalInfosecurity Magazine
January 7, 2021 – Government
Cybersecurity and the Occupation of the Capitol Full Text
Abstract
This siege has created potentially serious cyber risks for Congress and other affected offices.Lawfare
January 07, 2021 – Government
Senior Commerce cyber official resigns after Capitol riot Full Text
Abstract
John Costello, a senior official for intelligence and security operations at the Department of Commerce, on Thursday announced his resignation in the wake of the riots at the U.S. Capitol.The Hill
January 7, 2021 – Ransomware
Threatpost Poll: Weigh in on Ransomware Security Full Text
Abstract
Provide your views on ransomware and how to deal with it in our anonymous Threatpost poll.Threatpost
January 7, 2021 – APT
North Korea-linked APT37 targets South with RokRat Trojan Full Text
Abstract
Experts spotted the RokRat Trojan being used by North Korea-linked threat actors in attacks aimed at the South Korean government. On December 7 2020 researchers from Malwarebytes uncovered a campaign targeting the South Korean government with a variant...Security Affairs
January 7, 2021 – Skimming
US Jails Cuban Credit Card Skimming Crew Full Text
Abstract
Cyber-criminals jailed for $5m skimming attack on Virginia gas pumpsInfosecurity Magazine
January 7, 2021 – Business
Lacework raises $525 million to automate cloud security and compliance Full Text
Abstract
Lacework, which provides automated containerized workload defense, intrusion detection, and compliance solutions, announced its $525 million Series D funding round valuing it at over $1 billion.Venture Beat
January 7, 2021 – Vulnerabilities
Fortinet updates web application firewall to protect against SQL injection, denial-of-service attacks Full Text
Abstract
This vulnerability in the user interface of FortiWeb allowed an unauthenticated, remote attacker to execute arbitrary SQL queries or commands before it was resolved, an advisory from Fortinet admits.The Daily Swig
January 07, 2021 – Ransomware
FBI warns of Egregor ransomware extorting businesses worldwide Full Text
Abstract
The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.BleepingComputer
January 7, 2021 – Business
Dragos Hires Former PepsiCo Deputy CISO Steve Applegate Full Text
Abstract
Dragos has hired Steve Applegate, former VP and Deputy CISO at PepsiCo, as Chief Information Security Officer (CISO). The cybersecurity veteran took to LinkedIn to share the news this week.Security Week
January 7, 2021 – Breach
Data Stolen From London Council Published Online Full Text
Abstract
Data stolen from Hackney Council is allegedly available on the dark webInfosecurity Magazine
January 7, 2021 – Ransomware
The DCH Ransomware Attack: A Teachable Moment in Cyber-History Full Text
Abstract
In the early hours of October 1, 2019, Alabama’s DCH Health System fell victim to an extended ransomware attack which forced it to close all three of its state hospitals.Heimdal Security
January 7, 2021 – General
Ghidra 101: Slice Highlighting Full Text
Abstract
Program slicing is a way of abstracting code into smaller groups of statements called slices. Slices are formed by following how a particular variable’s value affects or is affected by other variablesTripwire
January 7, 2021 – Attack
TA551: Email Attack Campaign Switches from Valak to IcedID Full Text
Abstract
The recent campaign has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak.Palo Alto Networks
January 7, 2021 – Business
Panaseer Appoints Jonathan Gill as New CEO Full Text
Abstract
Gill succeeds Panaseer founder Nik Whitfield in the role, with the latter becoming chairmanInfosecurity Magazine
January 07, 2021 – Business
JetBrains denies involvement in the SolarWinds supply-chain hack Full Text
Abstract
JetBrains' CEO, Maxim Shafirov, denied reports from multiple news outlets that the company played a role in the SolarWinds supply chain attack.BleepingComputer
January 7, 2021 – Botnet
The Evolution of Bad Bots from Grinchbots to Parasitic Bots-as-a-Service Full Text
Abstract
The use of scalping bots was once the domain of tickets for sporting events or concerts. But recently, it has become increasingly prevalent in e-commerce and online retail.Imperva
January 07, 2021 – General
Creating A Strong Password Policy With Specops and NIST Guidelines Full Text
Abstract
End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your users may also inadvertently use breached passwords for their corporate account password. The National Institute of Standards and Technology (NIST) has a cybersecurity framework that helps organizations address common cybersecurity pitfalls in their environment, including weak, reused, and breached passwords. This post will take a closer look at the NIST password guidelines and see how you can effectively audit your password policies to ensure these meet the standards recommended by NIST. NIST Password Guidelines and Best Practices Specific guidance around passwords is addressed within the chapter titled Memorized Secret Verifiers . NIST has several recommendations in regards to passwordsThe Hacker News
January 7, 2021 – Deepfake
Deepfake Technologies Set to Become Major Threat to Businesses Full Text
Abstract
Deepfake video and audio technologies have accelerated during the COVID-19 pandemicInfosecurity Magazine
January 7, 2021 – Vulnerabilities
Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack Full Text
Abstract
An expert found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to hack. Andrey Medov, a security researcher at Positive Technologies, found multiple serious vulnerabilities...Security Affairs
January 07, 2021 – Malware
Linux malware authors use Ezuri Golang crypter for zero detection Full Text
Abstract
Multiple malware authors are using the "Ezuri" crypter and memory loader written in Go to evade detection by antivirus products. Source code for Ezuri is available on GitHub for anyone to use.BleepingComputer
January 7, 2021 – General
We Should Have Known SolarWinds Would Be a Target Full Text
Abstract
The risk of these supply chain hacks is much higher than previously acknowledged, due to the high level of connectivity across different critical infrastructure sectors in the economy.CFR
January 7, 2021 – Business
Kaspersky and Alias Robotics Partner to Secure Robots in OT Infrastructure Full Text
Abstract
Robots are a key component of Industry 4.0 and represent yet another endpoint in OT settingsInfosecurity Magazine
January 7, 2021 – Government
US Govt kicked off ‘Hack the Army 3.0’ bug bounty program Full Text
Abstract
The U.S. government is going to launch the 'Hack the Army 3.0' bug bounty program in collaboration with the HackerOne platform. The U.S. government launched Hack the Army 3.0, the third edition of its bug bounty program, in collaboration with the HackerOne...Security Affairs
January 7, 2021 – Breach
Git Repository Misconfiguration Leads to Nissan Source Code Leak Full Text
Abstract
The Git server, a Bitbucket instance, was taken offline yesterday after the data started circulating on Monday in the form of torrent links shared on Telegram channels and hacking forums.ZDNet
January 7, 2021 – Government
DoJ: SolarWinds Attackers Hit Thousands of O365 Inboxes Full Text
Abstract
Department first to reveal scope of the Russian campaignInfosecurity Magazine
January 7, 2021 – Government
Biden taps intelligence veteran for new White House cybersecurity role Full Text
Abstract
President-elect Joe Biden plans to pluck a career intelligence official from the National Security Agency to serve in a newly created cybersecurity role on his National Security Council.Politico
January 7, 2021 – General
Social Media Neuters Trump’s Accounts After Fans Storm Capitol Full Text
Abstract
Twitter soapbox may be pulled away for good after incitement to violenceInfosecurity Magazine
January 7, 2021 – Hacker
ShinyHunters Leaks 10 Million Records Allegedly Stolen From ClickIndia, ChqBook, and WedMeGood Full Text
Abstract
After hacking masked credit and debit card data of crores of Juspay users, the same hacker possibly known as 'ShinyHunters' is now selling databases belonging to three more Indian companies.The Times Of India
January 7, 2021 – General
Over a Third of TMT Firms Hit by Security Breach in 2020 Full Text
Abstract
Hiscox data reveals phishing accounted for majority of incidentsInfosecurity Magazine
January 7, 2021 – Skimming
Cuban Credit Card Skimming Crew Sentenced to Prison Full Text
Abstract
According to court documents, the six conspirators placed credit card skimming devices on gas pumps located in Northampton County within the Eastern District of Virginia.US Department of Justice
January 7, 2021 – Government
Why the UK’s National Cyber Force is an important step forward Full Text
Abstract
The UK’s vital ‘goal-line’ protection against such threats has also been well covered, especially since the creation of the UK’s innovative National Cyber Security Centre (NCSC).IISS
January 7, 2021 – Ransomware
Anti-Secrecy Activists DDoSecrets Publish a Terabyte of Ransomware Victims’ Data Full Text
Abstract
The DDoSecrets group is also offering to privately share an additional 1.9 terabytes of data from more than a dozen other firms with selected journalists or academic researchers.Wired
January 7, 2021 – General
What SolarWinds Hack Means for Campuses Full Text
Abstract
For months hackers have been poking around computer networks at U.S. government departments, Fortune 500 companies, and possibly higher education institutions and research organizations -- undetected.inside higher ed
January 7, 2021 – Malware
A Deep Dive into Lokibot Infection Chain Full Text
Abstract
This sample is using the known technique of blurring images in documents to encourage users to enable macros. While quite simple this is fairly common and effective against users.Talos
January 7, 2021 – Malware
Operation ElectroRAT – Attacker Creates Fake Companies to Steal Cryptocurrencies Full Text
Abstract
Security researchers at Intezer Labs had discovered a Remote Access Trojan (RAT). The attacker behind this operation has enticed cryptocurrency users to download...Cyber Security News
January 7, 2021 – Government
U.S. Government Announces ‘Hack the Army 3.0’ Bug Bounty Program Full Text
Abstract
Hack the Army 3.0, whose goal is to help the U.S. Army secure its digital assets and protect its systems against cyberattacks, takes place between January 6 and February 17.Security Week
January 7, 2021 – Government
Bug Bounty Program Launched to Discover US Army Vulnerabilities Full Text
Abstract
Defense Digital Service is working with HackerOne to launch the new programInfosecurity Magazine
January 7, 2021 – Government
SolarWinds hackers accessed some of the DOJ’s email accounts Full Text
Abstract
The DOJ learned of the hack on December 24th, at which point it closed the vulnerability. It said it doesn’t have any evidence that suggests the hackers accessed any classified information.Engadget
January 7, 2021 – Phishing
New bank-related phishing scam involves impersonation of Singapore government officials Full Text
Abstract
Scammers have been impersonating Singapore government officials since December in what police on Tuesday (Jan 5) described as a new variant of bank-related phishing scams.Straits Times
January 7, 2021 – General
Widely Used Software Company May Be Entry Point for Huge U.S. Hacking Full Text
Abstract
Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to federal government and private sector systems in the United States.New York Times
January 7, 2021 – Business
Sysnet raises $65m in debt funding and clinches another acquisition Full Text
Abstract
The latest funding comes in the form of $65m in debt financing from US investment firm Keybanc Capital Markets, the Irish Times reports. Sysnet also announced the acquisition of NuArx.Silicon Republic
January 06, 2021 – Government
SolarWinds Hackers Also Accessed U.S. Justice Department’s Email Server Full Text
Abstract
The U.S. Department of Justice on Wednesday became the latest government agency in the country to admit its internal network was compromised as part of the SolarWinds supply chain attack. "On December 24, 2020, the Department of Justice's Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others," DoJ spokesperson Marc Raimondi said in a short statement. "This activity involved access to the Department's Microsoft Office 365 email environment." Calling it a "major incident," the DoJ said the threat actors who spied on government networks through SolarWinds software potentially accessed about 3% of the Justice Department's email accounts, but added there's no indication they accessed classified systems. The disclosure comes a day after the Federal Bureau of Investigation (FBThe Hacker News
January 6, 2021 – Policy and Law
‘Ghosts of legislations past’: Policy predictions for 2021 Full Text
Abstract
If 2020 brought deadlines tied to various privacy and data protection policies, then 2021 means compliance – with less leniency for companies that fall short of regulations.SCMagazine
January 6, 2021 – General
Forrester offers six-step governance, risk and compliance program Full Text
Abstract
In a new report on governance, risk and compliance, Forrester advises top security officials that they have to prepare for more regulations around privacy and personal control over data, especially when it comes to handling medical data during the pandemic.SCMagazine
January 06, 2021 – General
Hillicon Valley: Twitter locks Trump’s account for 12 hours | Facebook, Twitter, YouTube remove Trump video on Capitol riots | Justice Department says employee emails were accessed as part of SolarWinds hack Full Text
Abstract
RESTRICTING TRUMP PART ONE: Twitter announced Wednesday night that President TrumpDonald TrumpWarnock defeats Loeffler in Georgia Senate runoff The Memo: Georgia voters deliver blow to Trump Eric Trump warns of primary challenges for Republicans who don't object to election results MORE’s account would be locked for 12 hours after the social media platform removed three of Trump’s tweets for “repeated and severe violations” of Twitter’s Civic Integrity policy.The Hill
January 06, 2021 – Disinformation
Krebs says Trump ‘fanned the flames’ of election disinformation with video Full Text
Abstract
Christopher Krebs, the nation’s former top cybersecurity official, slammed President Trump and supporters who have spread election disinformation, including Trump's video Wednesday telling rioters who stormed the Capitol that the November election was stolen.The Hill
January 6, 2021 – Hacker
SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes Full Text
Abstract
The US DoJ revealed that threat actors behind the SolarWinds attack have gained access to roughly 3% of the department's O365 mailboxes. The US Department of Justice (DoJ) published a press release to confirm that the threat actors behind the SolarWinds...Security Affairs
January 06, 2021 – Government
Justice Department confirms breach as part of SolarWinds hack, says emails were accessed Full Text
Abstract
The Justice Department on Wednesday confirmed that it was breached as part of the recently discovered Russian hack of IT company SolarWinds, with around 3 percent of agency employee emails accessed by the hackers.The Hill
January 6, 2021 – Attack
SolarWinds hack: Amid hardened security, attackers seek softer targets Full Text
Abstract
Experts disagree that election security efforts detracted from supply chain security. But there are still lessons to be learned.SCMagazine
January 6, 2021 – Government
NSA Urges SysAdmins to Replace Obsolete TLS Protocols Full Text
Abstract
The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols.Threatpost
January 6, 2021 – Privacy
WhatsApp will share your data with Facebook and its companies Full Text
Abstract
WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving them no choice. This is bad news for WhatsApp users and their privacy, the company is notifying them that starting February...Security Affairs
January 6, 2021 – Malware
It’s Not the Trump Sex Tape, It’s a RAT Full Text
Abstract
Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.Threatpost
January 06, 2021 – Hacker
SolarWinds hackers had access to over 3,000 US DOJ email accounts Full Text
Abstract
The US Department of Justice said that the attackers behind the SolarWinds supply chain attacks have gained access to roughly 3% of the department's Office 365 email inboxes.BleepingComputer
January 6, 2021 – General
Poor Software Quality Costs US $2.08tn Full Text
Abstract
ISQ estimates cost of poor software quality (CPSQ) in the US as $2.08tn in 2020Infosecurity Magazine
January 6, 2021 – Policy and Law
British Airways Plans £3bn Breach Settlement Full Text
Abstract
British Airways to start £3bn settlement discussions over data breaches affecting 500,000 customersInfosecurity Magazine
January 6, 2021 – Malware
ElectroRAT Drains Crypto Wallets Full Text
Abstract
Attacker creates fake companies and new remote access tool to steal cryptocurrency in year-long campaignInfosecurity Magazine
January 6, 2021 – Malware
New Golang Worm Drops XMRig Miner Full Text
Abstract
A new worm written in Golang turns Windows and Linux servers into XMRig Miner. Researchers say it may be preparing to target additional weak configured services in its future updates.Cyware Alerts - Hacker News
January 6, 2021 – Vulnerabilities
Google fixed a critical Remote Code Execution flaw in Android Full Text
Abstract
Google released an Android security update that addressed tens of flaws, including a critical Android remote code execution vulnerability. Google released an Android security update that addresses 43 flaws, including a critical remote code execution...Security Affairs
January 6, 2021 – APT
Hacker-for-Hire StrongPity APT Going Global with its New Infrastructure Full Text
Abstract
Experts reveal the StrongPity APT group could have links with state-sponsored campaigns with the ability to search and exfiltrate multiple files or documents from the victim’s machine.Cyware Alerts - Hacker News
January 6, 2021 – Hacker
FBI Warn Hackers are Using Hijacked Home Security Devices Full Text
Abstract
The U.S. Federal Bureau of Investigation has recently reported that the threat actors are hacking home security systems and applying them to...Cyber Security News
January 06, 2021 – Privacy
WhatsApp: Share your data with Facebook or delete your account Full Text
Abstract
After WhatsApp updated its Privacy Policy and Terms of Service on Monday with additional info on how it handles users' data, the company is now notifying users through the mobile app that, starting February, they will be required to share their data with Facebook.BleepingComputer
January 6, 2021 – Vulnerabilities
Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw Full Text
Abstract
More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.Threatpost
January 6, 2021 – Malware
Fake Trump sex video used to spread QNode RAT Full Text
Abstract
Researchers uncovered a malspam campaign that spreads the QNode remote access Trojan (RAT) using fake Trump's sex scandal video as bait. Security experts from Trustwave uncovered a malspam campaign that is delivering the QNode remote access Trojan...Security Affairs
January 6, 2021 – Privacy
Bug? No, Telegram exposing its users’ precise location is a feature working as ‘expected’ Full Text
Abstract
A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.The Register
January 6, 2021 – Breach
Aurora Cannabis breach exposes personal data of former, current workers Full Text
Abstract
A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company’s current and former employees, Marijuana Business Daily has learned.Marijuana Business Daily
January 6, 2021 – Government
Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack Full Text
Abstract
The widespread compromise affecting key government agencies is ongoing, according to the U.S. government.Threatpost
January 06, 2021 – Policy and Law
Trump bans China-linked apps for collecting Americans’ data Full Text
Abstract
United States President Donald Trump has signed an executive order banning eight Chinese apps considered to be a threat to US national security, economy, and foreign policy.BleepingComputer
January 6, 2021 – Government
White House unveils maritime cybersecurity standards for government and industry Full Text
Abstract
Contributing $5.4 trillion to the U.S. economy, the maritime transportation system will adhere to guidelines for threat information sharing, creating a cybersecurity workforce, and establishing a risk framework for operational technology.SCMagazine
January 6, 2021 – Covid-19
A COVID-19 shot for $150? Online scams surge as slow vaccine rollout frustrates Full Text
Abstract
COVID-19 vaccine scams offering cheap and quick shots are on the rise, according to European and U.S. government officials who are warning the public of fraudsters out for money and personal data.Reuters
January 6, 2021 – Business
Secure Chorus Transfers Ownership of Encrypted Messaging App Standards to ETSI Full Text
Abstract
Standards provide solutions which offer state-of-the-art end-to-end encryptionInfosecurity Magazine
January 6, 2021 – Vulnerabilities
Multiple vulnerabilities found in SoftMaker Office TextMaker Full Text
Abstract
Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document.Talos
January 06, 2021 – Malware
Hackers Using Fake Trump’s Scandal Video to Spread QNode Malware Full Text
Abstract
Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan (RAT) by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive (JAR) file called "TRUMP_SEX_SCANDAL_VIDEO.jar," which, when downloaded, installs Qua or Quaverse RAT ( QRAT ) onto the infiltrated system. "We suspect that the bad guys are attempting to ride the frenzy brought about by the recently concluded Presidential elections since the filename they used on the attachment is totally unrelated to the email's theme," Trustwave's Senior Security Researcher Diana Lopera said in a write-up published today. The latest campaign is a variant of the Windows-based QRAT downloader Trustwave researchers discovered in August. The infection chain starts with a spam message containing an embedded attachment or a link pointing to a mThe Hacker News
January 6, 2021 – Malware
Bogus CSS Injection Leads to Stolen Credit Card Details Full Text
Abstract
Attackers leverage holes in default security configurations on Magento stores to inject a CSS code that has the capability to siphon off the credit card details of unsuspecting users.Sucuri
January 6, 2021 – Business
BlueVoyant Enters Strategic Partnership with Third Party Risk Management Consultancy Full Text
Abstract
BlueVoyant will provide its cyber-risk management solutions to DVV Solutions customersInfosecurity Magazine
January 6, 2021 – Government
President Trump Releases the National Maritime Cybersecurity Plan Full Text
Abstract
The plan sets forth how the United States government will defend the American economy through enhanced cybersecurity coordination, policies and practices, aimed at mitigating maritime cyber risks.White House
January 6, 2021 – Covid-19
Dark Web User Numbers Spiked During #COVID19 Lockdown Full Text
Abstract
Surge in users means more cybercrime, says SixgillInfosecurity Magazine
January 6, 2021 – Vulnerabilities
Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack Full Text
Abstract
Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583,...Security Affairs
January 6, 2021 – Business
Caveonix raises $7.3M to continue innovation, market expansion and strategic partnership development Full Text
Abstract
Caveonix, which was founded in 2017, announced it has raised $7.3 million in Series A funding. The round was led by First In Capital, as well as other early investors in the company.Help Net Security
January 6, 2021 – Ransomware
Most Public Sector Victims Refuse to Pay Ransomware Gangs Full Text
Abstract
Veritas data suggests government orgs are best at recovering dataInfosecurity Magazine
January 6, 2021 – Malware
Researchers Disclose Details of FIN7 Hacking Group’s Malware Full Text
Abstract
Researchers at Morphisec Labs have published fresh details about a malware variant called JSSLoaderwritten in the .NET language, that the FIN7 hacking group has used for several years.Gov Info Security
January 6, 2021 – Government
US: Fewer Than 10 Govt Agencies Hit by SolarWinds Attack Full Text
Abstract
Government blames Russia for the first timeInfosecurity Magazine
January 6, 2021 – Business
Italian mobile operator offers to replace SIM cards after massive data breach Full Text
Abstract
Ho Mobile, an Italian mobile operator, owned by Vodafone, has confirmed a massive data breach on Monday and is now taking the rare step of offering to replace the SIM cards of all affected customers.ZDNet
January 06, 2021 – Privacy
WhatsApp Will Delete Your Account If You Don’t Agree Sharing Data With Facebook Full Text
Abstract
"Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy . "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The Facebook-owned messaging service is alerting users in India of an update to its terms of service and privacy policy that's expected to go into effect next month. The "key updates" concern how it processes user data, "how businesses can use Facebook hosted services to store and manage their WhatsApp chats," and "how we partner with Facebook to offer integrations across the Facebook Company Products." Users failing to agree to the revised terms by the cut-off date will have their accounts deleted, the company said in the notification. WhatsApp's Terms of Service was last updated on January 28, 2020, while its current PrivThe Hacker News
January 6, 2021 – General
The fight to stymie adversarial machine learning is on Full Text
Abstract
This development is being driven by the many immediate gains that can be achieved using machine learning models in diverse domains, from image recognition to credit risk prediction.Help Net Security
January 06, 2021 – Hacker
Hackers start exploiting the new backdoor in Zyxel devices Full Text
Abstract
Threat actors are actively scanning the Internet for open SSH devices and trying to login to them using a new recently patched Zyxel hardcoded credential backdoor.BleepingComputer
January 6, 2021 – Government
FBI, CISA, ODNI and NSA blames Russia for SolarWinds hack Full Text
Abstract
A joint statement issued by US security agencies confirmed that Russia was likely the origin of the SolarWinds supply chain attack. The US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply...Security Affairs
January 05, 2021 – Breach
Vodafone’s ho. Mobile admits data breach, 2.5m users impacted Full Text
Abstract
Vodafone Group's low-cost operator ho. Mobile announced that hackers stole part of its customer database thus obtaining personal user information and SIM technical data.BleepingComputer
January 05, 2021 – General
Hillicon Valley: US intel agencies blame Russia for massive SolarWinds hack | Website crashes mar early coronavirus vaccine rollouts | Google workers make waves with new union Full Text
Abstract
A RUSSIAN WHO-DONE-IT: A coalition of top intelligence agencies on Tuesday formally announced that Russia was behind the recently discovered hack of IT company SolarWinds that compromised much of the federal government and thousands of other groups.The Hill
January 5, 2021 – Vulnerabilities
RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework Full Text
Abstract
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.Threatpost
January 05, 2021 – Government
Officials see few security issues as voters go to the polls in Georgia Full Text
Abstract
Officials at the federal and state levels said that as of Tuesday afternoon, they were seeing few security concerns related to the hotly contested Georgia Senate runoff elections, as voters continued to make their ways to the polls.The Hill
January 5, 2021 – General
After widespread hospital attacks, targeting of health care industry continues to rise Full Text
Abstract
In the two months following a highly publicized series of ransomware attacks against UHS last year, cyber attacks of all stripes against healthcare facilities worldwide shot up 45%.SCMagazine
January 5, 2021 – Malware
Thousands infected by trojan that targets cryptocurrency users on Windows, Mac and Linux Full Text
Abstract
A new remote access trojan (RAT) lures cryptocurrency users to download trojanized apps by promoting the apps in dedicated online forums and on social media.SCMagazine
January 5, 2021 – Attack
Cyberattacks on Healthcare Spike 45% Since November Full Text
Abstract
The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike.Threatpost
January 5, 2021 – Malware
New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users Full Text
Abstract
Researchers uncovered a large scale operation targeting cryptocurrency users with a previously undetected multiplatform RAT named ElectroRAT. Security researchers from Intezer uncovered a large scale operation targeting cryptocurrency users with a previously...Security Affairs
January 05, 2021 – Government
US govt says Russian state hackers likely behind SolarWinds hack Full Text
Abstract
The Cyber Unified Coordination Group (UCG) said today that a Russian-backed Advanced Persistent Threat (APT) group is likely behind the SolarWinds hack.BleepingComputer
January 05, 2021 – Government
US intel agencies blame Russia for massive SolarWinds hack Full Text
Abstract
A group of U.S. intelligence agencies on Tuesday formally accused Russia of being linked to the recently discovered hack of IT group SolarWinds that compromised much of the federal government.The Hill
January 5, 2021 – Policy and Law
UK Jails Cyber-Voyeur Full Text
Abstract
Former civil servant jailed for hacking and cyber-exploitation of hundreds of women and girlsInfosecurity Magazine
January 5, 2021 – Vulnerabilities
Google Warns of Critical Android Remote Code Execution Bug Full Text
Abstract
Google’s Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.Threatpost
January 05, 2021 – Government
NSA shares guidance, tools to mitigate weak encryption protocols Full Text
Abstract
The National Security Agency has shared guidance on how to detect and replace outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants.BleepingComputer
January 05, 2021 – Government
Trump administration rolls out plan to secure maritime sector against cyber threats Full Text
Abstract
The White House on Tuesday rolled out a plan to secure the nation’s maritime sector against cybersecurity threats that could endanger national security.The Hill
January 05, 2021 – Ransomware
Babuk Locker is the first new enterprise ransomware of 2021 Full Text
Abstract
It's a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks.BleepingComputer
January 5, 2021 – Business
iboss Raises $145m in Funding Full Text
Abstract
Cloud security provider iboss raises millions in funding to support “rapid growth”Infosecurity Magazine
January 5, 2021 – Attack
FBI Warns of Swatting Attacks Full Text
Abstract
Swatting attacks targeting smart-home device users trigger public warning from FBIInfosecurity Magazine
January 5, 2021 – Vulnerabilities
Google Releases January 2021 Security Updates for Android Full Text
Abstract
Addressed as part of the 2021-01-01 security patch level and tracked as CVE-2021-0316, the most important of these flaws is a critical remote code execution bug in System.Security Week
January 5, 2021 – Ransomware
After refusing to pay ransom, US-based auto parts distributor has sensitive data leaked by cybercriminals Full Text
Abstract
The NameSouth archive leaked by NetWalker includes financial and accounting data, credit card statements, personally identifiable employee information, and various legal documents.CyberNews
January 5, 2021 – Attack
Cyberattacks Against K-12 Schools Expected to Rise in 2021, FBI Warns Full Text
Abstract
With students returning to online classrooms after the holidays, the FBI) expects a proliferation of cyber threats targeting K-12 schools and distance learning platforms.Bit Defender
January 5, 2021 – Attack
Supply Chain Issues Don’t Seem to Go Away Full Text
Abstract
Supply chain attacks have gained a lot of popularity among cybercriminals as inclusion or intrusion in a project can impact plenty of users and go undetected for a long time.Cyware Alerts - Hacker News
January 05, 2021 – Malware
Australian cybersecurity agency used as cover in malware campaign Full Text
Abstract
The Australian government warns of an ongoing campaign impersonating the Australian Cyber Security Centre (ACSC) to infect targets with malware.BleepingComputer
January 5, 2021 – General
Aspen Report Calls for Cyber Resilient Digital Infrastructure Full Text
Abstract
The agenda created by the Aspen Group aims to help federal lawmakers in prioritizing, strategizing, and implementing actionable cybersecurity initiatives.Cyware Alerts - Hacker News
January 05, 2021 – Attack
North Korean software supply chain attack targets stock investors Full Text
Abstract
North Korean hacking group Thallium aka APT37 has been targeting a private stock investment messenger service in a supply chain attack, as reported this week.BleepingComputer
January 5, 2021 – General
Buying a second-hand laptop? Here’s how to stop a bargain becoming a security disaster Full Text
Abstract
Users who sell their devices without wiping them first could be handing their personal information and passwords on to others who might be unscrupulous when dealing with that data.ZDNet
January 5, 2021 – Ransomware
Ransomware ‘businesses’: Does acting legitimate pay off? Full Text
Abstract
While ransomware is an act of extortion aimed at separating users and enterprises from their money, some operators appear to look at the relationship with victims as a kind of business partnership.Tech Target
January 5, 2021 – Privacy
Users can be manipulated to share private information online Full Text
Abstract
Online users are more likely to reveal private information based on how website forms are structured to elicit data, Ben-Gurion University of the Negev (BGU) researchers have determined.Help Net Security
January 5, 2021 – Government
The Dramatic Year of the Pentagon’s Contractor Cybersecurity Program Full Text
Abstract
Before the idea of CMMC, companies within the defense industrial base simply pledged their adherence to cybersecurity practices outlined by the National Institute of Standards and Technology.Nextgov
January 05, 2021 – Malware
Cross-platform ElectroRAT malware drains cryptocurrency wallets Full Text
Abstract
Security researchers have discovered a new remote access trojan (RAT) used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users.BleepingComputer
January 5, 2021 – Ransomware
The anatomy of a modern day ransomware conglomerate Full Text
Abstract
Egregor, in recent months, appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies, and financial institutions, according to security firm Sophos.Cyberscoop
January 05, 2021 – Malware
Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users Full Text
Abstract
Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems. Called ElectroRAT by Intezer, the RAT is written from ground-up in Golang and designed to target multiple operating systems such as Windows, Linux, and macOS. The apps are developed using the open-source Electron cross-platform desktop app framework. "ElectroRAT is the latest example of attackers using Golang to develop multi-platform malware and evade most antivirus engines," the researchers said . "It is common to see various information stealers trying to collect private keys to access victims wallets. However, it is rare to see tools written from scratch and targeting multiple operating systems for these purposes." The campaign, first detected in December, is believed to have claimed over 6,500 victims based on thThe Hacker News
January 5, 2021 – Malware
ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands Full Text
Abstract
At least 6,500 cryptocurrency users have been infected by new, ‘extremely intrusive’ malware that’s spread via trojanized macOS, Windows and Linux apps.Threatpost
January 5, 2021 – Breach
Over 200 Million+ Chinese Citizens Records for Sale on the Darkweb Full Text
Abstract
The cybersecurity researchers has discovered in daily routine monitoring that several posts are specifically being sold by hackers on the Dark web....Cyber Security News
January 5, 2021 – Breach
Amazon, Swiggy’s payment processor Juspay hit by data breach Full Text
Abstract
Payment services provider Juspay, which processes transactions for online giants like Amazon, Swiggy, and other companies, on Monday admitted to a data breach that took place in August 2020.The Times Of India
January 5, 2021 – Business
Ericom Appoints First Ever Chief Strategy Officer Full Text
Abstract
Dr Chase Cunningham is tasked with shaping Ericom’s strategic visionInfosecurity Magazine
January 05, 2021 – Hacker
Hacker posts data of 10,000 American Express accounts for free Full Text
Abstract
A threat actor has posted data of 10,000 American Express credit card holders on a hacker forum for free. In the same forum post, the actor is also claiming to sell more data of Mexican banking customers of American Express, Santander, and Banamex.BleepingComputer
January 5, 2021 – General
Analysis of 2020 Health Data Breach Trends Full Text
Abstract
Hacking incidents, including ransomware and phishing attacks, as well as security incidents involving vendors dominated the federal tally of major health data breaches in 2020.Gov Info Security
January 5, 2021 – General
Healthcare organizations faced a 45% increase in attacks since November Full Text
Abstract
According to a new report published by Check Point, organizations in the healthcare industry have faced a 45% increase in attacks since November. Check Point researchers reported a surge in the number of attacks against organizations in the healthcare...Security Affairs
January 5, 2021 – General
Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report Full Text
Abstract
The New York Times also learned that some SolarWinds software is maintained in Eastern Europe and investigators in the U.S. are now trying to determine if the breach originated there.Security Week
January 5, 2021 – Breach
Data from August Breach of Amazon Partner Juspay Dumped Online Full Text
Abstract
Researcher discovered info of 35 million credit-card users from an attack on the Indian startup, which handles payments for numerous online marketplaces.Threatpost
January 5, 2021 – Business
Thoma Bravo invests in Venafi to deliver machine identity protection to an expanded customer base Full Text
Abstract
Thoma Bravo announced the completion of its strategic growth investment in Venafi. J.P. Morgan Securities served as financial advisor to Venafi and Orrick served as its legal counsel.Help Net Security
January 5, 2021 – Vulnerabilities
Critical RCE, account takeover flaws patched in Rock RMS church management platform Full Text
Abstract
Rock RMS, a ‘relationship management system’ for churches, was affected by a pair of critical vulnerabilities that could lead to account takeover and remote code execution (RCE).The Daily Swig
January 5, 2021 – Government
Defense Funding Measure Includes 77 Cybersecurity Provisions Full Text
Abstract
Cyberspace Solarium Commission co-chairs called the legislation "the most comprehensive and forward-looking piece of national cybersecurity legislation in the nation's history."Gov Info Security
January 05, 2021 – Ransomware
Ryuk ransomware is the top threat for the healthcare sector Full Text
Abstract
Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent.BleepingComputer
January 5, 2021 – Ransomware
Ransomware Surge Drives 45% Increase in Healthcare Cyber-Attacks Full Text
Abstract
Check Point claims the sector is twice as badly hit as othersInfosecurity Magazine
January 5, 2021 – Vulnerabilities
Security cert expiration causes havoc for some Check Point VPN users Full Text
Abstract
It wasn't the best of New Year's Day mornings for some Check Point customers; in addition to possible hangovers, those who lagged with their patching had been left with inoperable systems.The Register
January 5, 2021 – Breach
Over 500,000 credentials for tens of gaming firm available in the Dark Web Full Text
Abstract
The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online. The gaming industry is a privileged target for threat actors, threat actors leaked online over 500,000 stolen...Security Affairs
January 05, 2021 – Breach
Indian government sites leaking patient COVID-19 test results Full Text
Abstract
Multiple Indian government department websites are leaking COVID-19 lab test results for patients online. These reports uploaded by testing labs across the country as part of the national 'test, trace, isolate' efforts, expose patient's details, test site location, COVID-19 test results, dates, and the healthcare provider's info.BleepingComputer
January 5, 2021 – Attack
Old Attack Method Against Google’s Audio-Based reCAPTCHA Resurrected Full Text
Abstract
An attack method called unCaptcha discovered in 2017 for defeating the audio version of Google’s reCAPTCHA system using speech-to-text services has once again been resurrected.Security Week
January 05, 2021 – General
Healthcare Industry Witnessed 45% Spike in Cyber Attacks Since Nov 20 Full Text
Abstract
Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally. According to a new report published by Check Point Research today and shared with The Hacker News, this increase has made the sector the most targeted industry by cybercriminals when compared to an overall 22% increase in cyberattacks across all industry sectors worldwide seen during the same time period. The average number of weekly attacks in the healthcare sector reached 626 per organization in November as opposed to 430 the previous month, with attack vectors ranging from ransomware, botnets, remote code execution, and distributed denial-of-service (DDoS) attacks. Ransomware attacks against hospitals also marked their biggest jump, with Ryuk and Sodinokibi emerging as the primary ransomware variants employed by various criminal groups. "The usage of Ryuk emphasizes the trend of having more targeted and tailored ransomware attacks rathThe Hacker News
January 5, 2021 – APT
Chinese APT Group Linked to Ransomware Attacks Full Text
Abstract
APT27 pegged for financially motivated raidsInfosecurity Magazine
January 5, 2021 – General
2021 key risk areas beyond the pandemic Full Text
Abstract
Unless resilience starts to be factored into the considerations of complex logistical networks behind the global economy, disruption to supply chains will remain a significant operational risk factor.Help Net Security
January 05, 2021 – Vulnerabilities
Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA Full Text
Abstract
A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept (PoC) of the attack on January 2. "The idea of the attack is very simple: You grab the MP3 file of the audio reCAPTCHA and you submit it to Google's own speech-to-text API," Tschacher said in a write-up. "Google will return the correct answer in over 97% of all cases." Introduced in 2014, CAPTCHAs (or Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge-response test designed to protect against automated account creation and service abuse by presenting users with a question that is easy for humans to solve but difficult for computers. reCAPTCHA is a popular version of the CAPTCHA technology that was acquired by Google in 2009. The search giant released the third iteration of reThe Hacker News
January 5, 2021 – Business
HelpSystems Acquires FileCatalyst to Boost Data Transfer Portfolio Full Text
Abstract
Deal will add to HelpSystems’ file transfer and process automation offeringsInfosecurity Magazine
January 5, 2021 – Malware
Malware uses WiFi BSSID for victim identification Full Text
Abstract
In a blog post last month, Xavier Mertens, a security researcher with the SANS Internet Storm Center, said he discovered a new malware strain that is using WiFi BSSID for victim identification.ZDNet
January 5, 2021 – Business
NYSE U-Turn Means Chinese Telcos Escape Delisting Full Text
Abstract
Executive order had sought to remove them on security groundsInfosecurity Magazine
January 5, 2021 – Business
Netwrix and Stealthbits Merge to Tackle Data Security Full Text
Abstract
Security companies Netwrix and Stealthbits today confirmed their merger. The new company will operate under the Netwrix name and sell seven core products focused on information security.Dark Reading
January 5, 2021 – Ransomware
Apex Laboratory Confirms Ransomware Gang Stole Patient Info in Cyberattack Full Text
Abstract
The New York-based clinical laboratory Apex fell victim to a cyberattack claimed by the DoppelPaymer ransomware gang on December 15, 2020, the company has confirmed in a notification on its website.Bit Defender
January 5, 2021 – Attack
How to bypass the Google Audio reCAPTCHA with a new version of unCaptcha2 attack Full Text
Abstract
A German security researcher demonstrated how to break, once again, the Google Audio reCAPTCHA with Google's own Speech to Text API. Back in 2017, researchers from the University of Maryland demonstrated an attack method, dubbed unCaptcha, against...Security Affairs
January 5, 2021 – Criminals
NCA Arrested 21 Customers who Advertised Stolen Personal Credentials Full Text
Abstract
Britain's National Crime Agency announced that 21 individuals have been arrested across the UK on suspicion of purchasing personally identifiable information from the WeLeakInfo...Cyber Security News
January 5, 2021 – APT
Experts linked ransomware attacks to China-linked APT27 Full Text
Abstract
Researchers from security firms Profero and Security Joes linked a series of ransomware attacks to the China-linked APT27 group. Security researchers from security firms Profero and Security Joes investigated a series of ransomware attacks against...Security Affairs
January 04, 2021 – General
Hillicon Valley: Google employees announce creation of union | GOP Facebook ads for Georgia runoffs contain misinformation, research finds | Mexico prepared to offer Assange asylum Full Text
Abstract
GOOGLERS UNIONIZE: As we kick off 2021, employees of one Big Tech giant are taking a stand.The Hill
January 4, 2021 – Business
Fourth breach at T-Mobile puts focus on security of post mergers Full Text
Abstract
T-Mobile reported a breach that compromised customer data – the company’s fourth in three years – raises questions about whether the mobile carrier’s massive merger with Sprint left the combined company more vulnerable. Indeed, when companies merge, particularly sizable ones, the integration of technology systems and networks can often introduce new security considerations. “The volume…SCMagazine
January 4, 2021 – Policy and Law
SolarWinds, top executives hit with class action lawsuit over Orion software breach Full Text
Abstract
Stockholders who purchased company shares in 2020 are suing the IT management software company for materially misleading investors about their security practices.SCMagazine
January 4, 2021 – Ransomware
Apex Laboratory disclose data breach after a ransomware attack Full Text
Abstract
At-home laboratory services provider Apex Laboratory discloses a ransomware attack and consequent data breach. Apex Laboratory, Inc. is a clinical laboratory that has been providing home laboratory services to homebound and Nursing Home patients in the NY Metropolitan...Security Affairs
January 4, 2021 - – Business
Microsoft doesn’t treat its source code like a trade secret. Is that smart? Full Text
Abstract
In the course of investigating the impacts of the SolarWinds breach, Microsoft security specialists discovered “unusual activity” within a number of internal accounts, including one that was used to view the company’s internal source code.SCMagazine
January 04, 2021 – Business
Microsoft Defender for Office 365 to allow testing without setup Full Text
Abstract
Microsoft wants to add a new Office 365 feature to allow customers to test Microsoft Defender email protection without actually having to configure the environment and devices for your organization.BleepingComputer
January 4, 2021 – Breach
T-Mobile Faces Yet Another Data Breach Full Text
Abstract
The cyberattack incident is the wireless carrier’s fourth in three years.Threatpost
January 4, 2021 – Attack
Cyber-Attack on US Laboratory Full Text
Abstract
Apex Laboratory discloses summertime cyber-attackInfosecurity Magazine
January 4, 2021 – Business
Netwrix and Stealthbits Announce Merger Full Text
Abstract
Cybersecurity companies merge “to address growing need for comprehensive data security”Infosecurity Magazine
January 04, 2021 – Ransomware
TransLink confirms ransomware data theft, still restoring systems Full Text
Abstract
Metro Vancouver's transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stolen employees' banking and social security information.BleepingComputer
January 4, 2021 – Policy and Law
UK Rejects Assange Extradition Request Full Text
Abstract
British court rules WikiLeaks founder should not be extradited to the United StatesInfosecurity Magazine
January 04, 2021 – Denial Of Service
Citrix adds NetScaler ADC setting to block recent DDoS attacks Full Text
Abstract
Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of NetScaler ADC devices as an amplification vector in DDoS attacks.BleepingComputer
January 04, 2021 – Vulnerabilities
Zend Framework remote code execution vulnerability revealed Full Text
Abstract
An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007.BleepingComputer
January 4, 2021 – Vulnerabilities
Secret Backdoor Found in Zyxel Firewall and AP Controllers Full Text
Abstract
The Niels Teusink of Dutch cybersecurity firm EYE has recently revealed a secret backdoor official account in the latest "4.60 patch 0"...Cyber Security News
January 4, 2021 – Policy and Law
British Court rejects the US’s request to extradite Julian Assange Full Text
Abstract
A British court has rejected the request of the US government to extradite Wikileaks founder Julian Assange to the country. WikiLeaks founder Julian Assange should not be extradited to the US to stand trial, the Westminster Magistrates' Court has rejected...Security Affairs
January 4, 2021 – General
The Sunburst hack was massive and devastating — 5 observations from a cybersecurity expert Full Text
Abstract
So much remains unknown about what is now being called the Sunburst hack, the cyberattack against U.S. government agencies and corporations. U.S. officials widely believe that Russian state-sponsored hackers are responsible.Salon
January 4, 2021 – General
From diversity efforts to pandemic recovery, workforce issues will evolve in 2021 Full Text
Abstract
Vaccine distribution could mean a return to offices, but most experts expect a new hybrid model to emerge. Pile that on top of the already challenging situation posed by a supposed skills gap and efforts to improve diversity, and the cybersecurity community may need to redefine workforce priorities.SCMagazine
January 04, 2021 – APT
China’s APT hackers move to ransomware attacks Full Text
Abstract
Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China.BleepingComputer
January 4, 2021 – Malware
SolarWinds mess flared in the holidays - company confirms malware targeted crocked Orion product Full Text
Abstract
The extent and impact of the SolarWinds hack became even more apparent – and terrifying – over the holiday break. On New Year’s Eve, SolarWinds confirmed that it has identified malware that exploited the flaws introduced to Orion products.The Register
January 04, 2021 – Policy and Law
British Court Rejects U.S. Request to Extradite WikiLeaks’ Julian Assange Full Text
Abstract
A British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates' Court today, Judge Vanessa Baraitser denied the extradition on the grounds that Assange is a suicide risk and extradition to the U.S. prison system would be oppressive. "I find that the mental condition of Mr. Assange is such that it would be oppressive to extradite him to the United States of America," judge Baraitser said in a 132-page ruling. The U.S. government is expected to appeal the decision. The case against Assange centers on WikiLeaks' publication of hundreds of thousands of leaked documents about the Afghanistan and Iraq wars, as well as diplomatic cables, in 2010 and 2011. The documents include "approximately 90,000 Afghanistan war-related significant activity reports, 400,0The Hacker News
January 4, 2021 – Hacker
Microsoft: SolarWinds Attackers Viewed Our Source Code Full Text
Abstract
Redmond says incident did not elevate cyber-riskInfosecurity Magazine
January 4, 2021 – General
SC Labs product reviews: Email security Full Text
Abstract
Editor’s Note: This set of reviews originally appeared in February 2020. To find out more about SC Labs, contact Adrian Sanabria at [email protected] The use of collaborative tools and technologies is on the rise with email topping the list. That explains why it faces such relentless attacks. Email communications are leveraged to keep businesses running…SCMagazine
January 4, 2021 – Malware
New alleged MuddyWater attack downloads a PowerShell script from GitHub Full Text
Abstract
This PowerShell script is also used by threat actors to download a legitimate image file from image hosting service Imgur and decode an embedded Cobalt Strike script to target Windows systems.Security Affairs
January 4, 2021 – Breach
One Million Compromised Accounts Found at Top Gaming Firms Full Text
Abstract
Kela researchers also discover 500,000 breached employee credentialsInfosecurity Magazine
January 4, 2021 – Malware
A closer look at fileless malware, beyond the network Full Text
Abstract
Fileless malware is a bit of a misnomer. While traditional malware contains the bulk of its malicious code within an executable file saved to the victim’s storage drive, fileless malware’s malicious actions reside solely in memory.Help Net Security
January 4, 2021 – Business
NYSE to Delist Chinese Telcos on National Security Grounds Full Text
Abstract
Presidential executive order warns of “unusual and extraordinary threat”Infosecurity Magazine
January 4, 2021 – Malware
New alleged MuddyWater attack downloads a PowerShell script from GitHub Full Text
Abstract
Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell...Security Affairs
January 4, 2021 – Criminals
Greedy Cybercriminals Stealthily Abuse GitHub Service to Host Malware Full Text
Abstract
In a recent report, Octoverse revealed that almost a fifth (around 17%) of all software bugs in GitHub were intentionally placed as backdoors by cybercriminals.Cyware Alerts - Hacker News
January 4, 2021 – Breach
Over 200 million records of Chinese Citizens for Sale on the Darkweb Full Text
Abstract
During a routine Dark web monitoring, the Research team at Cyble found multiple posts where threat actors are offering for sale alleged data leaks related to Chinese citizens.Security Affairs
January 4, 2021 – General
Cybersecurity firm FireEye says massive Russia hack was waged inside U.S. Full Text
Abstract
Russian hackers staged their attacks from servers inside the U.S. — sometimes using computers in the same town or city as the victims, cybersecurity company FireEye revealed to the New York Times.Axios
January 4, 2021 – APT
StrongPity APT Extends CyberAttack WorldWide with it’s New Infrastructure Full Text
Abstract
StrongPity or Promethium APT, also referred to as APT-C-41, has been active since 2012. It had been first publicly reported in October...Cyber Security News
January 03, 2021 – Phishing
Beware: PayPal phishing texts state your account is ‘limited’ Full Text
Abstract
A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft.BleepingComputer
January 3, 2021 – Criminals
Over 200 million records of Chinese Citizens for Sale on the Darkweb Full Text
Abstract
During a routine Dark web monitoring, the Research team at Cyble found threat actors selling 200 million+ Records of Chinese Citizens. During a routine Dark web monitoring, the Research team at Cyble found multiple posts where threat actors are offering...Security Affairs
January 3, 2021 – General
2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud Full Text
Abstract
Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.Threatpost
January 3, 2021 – General
Top data breaches of 2020 – Security Affairs Full Text
Abstract
Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020. Below a list of top incidents: There were a number of major data breaches that took place in 2020, in many cases stolen...Security Affairs
January 03, 2021 – Vulnerabilities
Google Chrome fixes antivirus ‘file locking’ bug on Windows 10 Full Text
Abstract
Google has fixed a Chromium bug to prevent antivirus programs running on Windows 10 from blocking new files and bookmarks.BleepingComputer
January 3, 2021 – General
Security Affairs newsletter Round 295 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. HackerOne announces first bug hunter to earn more than $2M in bug bountiesSolarWinds releases...Security Affairs
January 3, 2021 – Policy and Law
NCA arrested 21 customers of the WeLeakInfo service Full Text
Abstract
NCA arrested 21 people in the UK as part of an operation targeting customers of WeLeakInfo service that advertised stolen personal credentials. 21 people have been arrested in the UK as part of an operation against customers of the WeLeakInfo[.]com...Security Affairs
January 3, 2021 – Covid-19
COVID-19 themed attacks December 19, 2020– January 02, 2021 Full Text
Abstract
This post includes the details of the COVID-19 themed attacks launched from December 19, 2020– January 02, 2021. 25 December, 2020 - North Korea-linked Lazarus APT targets the COVID-19 research The North Korea-linked Lazarus APT group has recently...Security Affairs
January 02, 2021 – Vulnerabilities
Secret backdoor discovered in Zyxel firewall and AP controllers Full Text
Abstract
Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware.BleepingComputer
January 2, 2021 – Malware
A Credential Stealer Written in AutoHotkey Scripting Language Full Text
Abstract
Financial institutions in the U.S. and Canada are under threat from a new credential stealer that targets various browsers such as Chrome, Opera, and Microsoft Edge.Cyware Alerts - Hacker News
January 2, 2021 – Policy and Law
Ticketmaster will pay $10 Million fine over hacking a competitor Full Text
Abstract
Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. The news is disturbing, Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems...Security Affairs
January 02, 2021 – Policy and Law
Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company Full Text
Abstract
Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to "cut [the company] off at the knees." A subsidiary of Live Nation, the California-based ticket sales and distribution company used the stolen information to gain an advantage over CrowdSurge — which merged with Songkick in 2015 and later acquired by Warner Music Group (WMG) in 2017 — by hiring a former employee to break into its tools and gain insight into the firm's operations. "Ticketmaster employees repeatedly – and illegally – accessed a competitor's computers without authorization using stolen passwords to unlawfully collect business intelligence," said Acting U.S. Attorney Seth DuCharme. "Further, Ticketmaster's employees brazenly held a division-wide 'summit' at which the stolen passwords were used to access the victim company's computers, as if thThe Hacker News
January 2, 2021 – General
Top stories of 2020 Full Text
Abstract
Below the list of the top stories of 2020. December 21 - SUPERNOVA, a backdoor found while investigating SolarWinds hack While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked...Security Affairs
January 2, 2021 – IOT
FBI warns swatting attacks on owners of smart devices Full Text
Abstract
The Federal Bureau Investigation (FBI) is warning owners of smart home devices with voice and video capabilities of 'swatting' attacks. The FBI has recently issued an alert to warn owners of smart home devices with voice and video capabilities of so-called...Security Affairs
January 2, 2021 – Malware
AutoHotkey-Based credential stealer targets bank in the US and Canada Full Text
Abstract
Experts spotted a new credential stealer written in AutoHotkey (AHK) scripting language that is targeting the US and Canadian bank customers. Security experts from Trend Micro have discovered a new credential stealer written in AutoHotkey (AHK) scripting...Security Affairs
January 2, 2021 – Phishing
Facebook ads used to steal 615000+ credentials in a phishing campaign Full Text
Abstract
Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. Threat actors are using Facebook ads to redirect users to Github accounts hosting phishing pages used to steal victims’ login credentials.Security Affairs
January 2, 2021 – Covid-19
Alleged docs relating to Covid-19 vaccine leaked in darkweb Full Text
Abstract
Security experts from threat intelligence firm Cyble have found several documents relating to the Covid-19 vaccine allegedly stolen from the European Medicines Agency (EMA) leaked in the Darkweb.Security Affairs
January 01, 2021 – Ransomware
The Week in Ransomware - January 1st 2021 - New Year Edition Full Text
Abstract
This holiday edition cover the latest ransomware news from the past two weeks, including known ransomware attacks and law enforcement takedowns.BleepingComputer
January 1, 2021 – General
Cyber Attackers Still Punching Hard Against Healthcare Organizations Full Text
Abstract
From SolarWinds hack to vaccine-related attacks, the final weeks of a challenging year have proven even more difficult with the exposure of the latest serious nation-state cyberattack.Cyware Alerts - Hacker News
January 1, 2021 – Phishing
Facebook ads used to steal 615000+ credentials in a phishing campaign Full Text
Abstract
Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims’ login credentials. Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. Threat actors are using Facebook...Security Affairs
January 1, 2021 – Skimming
Magecart Active Again with New Multi-platform Skimmer Full Text
Abstract
Researchers have found a new credit card skimmer that is capable of affecting multiple e-commerce hosting platforms such as Shopify, Zencart, Woocommerce, and BigCommerce.Cyware Alerts - Hacker News
January 1, 2021 – Vulnerabilities
Expert found a secret backdoor in Zyxel firewall and VPN Full Text
Abstract
Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence...Security Affairs
January 1, 2021 – Malware
New Malware Strain Abuses GitHub and Imgur Full Text
Abstract
Researchers reported a new strand of malware, purportedly by the MuddyWater APT group, that downloads a PowerShell script from GitHub, Imgur to targeted systems.Cyware Alerts - Hacker News
January 1, 2021 – General
Today Adobe Flash Player reached the end of life (EOL) Full Text
Abstract
Today Adobe Flash Player has reached its end of life (EOL), its vulnerabilities were exploited by multiple threat actors in attacks in the wild over the years. Adobe Flash Player has reached the end of life (EOL) today, over the years, threat actors...Security Affairs
January 1, 2021 – Vulnerabilities
Google Docs Bug Let Hackers Hijack Screenshots Full Text
Abstract
Google has mentioned a flaw that has taken place recently in its feedback tool, and Google affirmed that there is a critical...Cyber Security News
January 01, 2021 – Vulnerabilities
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products Full Text
Abstract
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products. EYE researcher Niels Teusink reported the vulnerability to Zyxel on November 29, following which the company released a firmware patch (ZLD V4.60 Patch1) on December 18. According to the advisory published by Zyxel, the undocumented account ("zyfwp") comes with an unchangeable password (" PrOw!aN_fXp ") that's not only stored in plaintext but could also be used by a malicious third-party to login to the SSH server or web interface with admin privileges. Zyxel said the hardcoded credentials were put in place to deThe Hacker News
January 1, 2021 – Covid-19
Alleged docs relating to Covid-19 vaccine leaked in darkweb Full Text
Abstract
Experts from threat intelligence firm Cyble have found documents relating to Covid-19 vaccine of European Medicines Agency in the Darkweb Security experts from threat intelligence firm Cyble have found several documents relating to the Covid-19 vaccine...Security Affairs
January 1, 2021 – General
Inbox Attacks: The Miserable Year (2020) That Was Full Text
Abstract
Reflecting on 2020’s record-breaking year of spam and inbox threats.Threatpost
January 1, 2021 – Hacker
Microsoft says hackers viewed its source code Full Text
Abstract
The disclosure highlights the broad reach of the attackers, whom investigators have described as extremely sophisticated and well-resourced. And it suggests that corporate espionage may have been as much a motive as a hunt for government secrets.CNN Money
January 1, 2021 – Policy and Law
Ticketmaster pays $10M fine to settle charges of using stolen passwords to spy on rival company Full Text
Abstract
One of the biggest brands in the music and events business, Ticketmaster, has agreed to pay a $10 million fine for “computer intrusion and fraud offenses” after employees used stolen credentials to spy on a competitor.Cyberscoop