July, 2021
July 31, 2021 – Ransomware
DarkSide ransomware gang returns as new BlackMatter operation Full Text
Abstract
Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities.BleepingComputer
July 31, 2021 – Breach
Threat actors leaked data stolen from EA, including FIFA code Full Text
Abstract
Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed...Security Affairs
July 31, 2021 – Vulnerabilities
Remote print server gives anyone Windows admin privileges on a PC Full Text
Abstract
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver.BleepingComputer
July 31, 2021 – Breach
SolarWinds hackers breached 27 state attorneys’ offices Full Text
Abstract
Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns. The US Department of Justice revealed that the Microsoft Office 365 email accounts of...Security Affairs
July 31, 2021 – Criminals
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil Full Text
Abstract
A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations.BleepingComputer
July 31, 2021 – Government
FBI warns investors of fraudsters posing as brokers and advisers Full Text
Abstract
The FBI Criminal Investigative Division and Securities and Exchange Commission warn investors of fraudsters impersonating registered investment professionals such as investment advisers and registered brokers.BleepingComputer
July 31, 2021 – Breach
DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices Full Text
Abstract
The Russian hackers who orchestrated the SolarWinds supply chain attack pivoted to the internal network of the US DoJ, from where they gained access to Microsoft Office 365 email accounts belonging to employees at 27 state attorneys’ offices.The Record
July 31, 2021 – Malware
Android Banking Trojan Vultur uses screen recording for credentials stealing Full Text
Abstract
Experts spotted a new strain of Android banking Trojan dubbed Vultur that uses screen recording and keylogging for the capturing of login credentials. ThreatFabric researchers discovered a new Android banking Trojan, tracked as Vultur, that uses...Security Affairs
July 31, 2021 – Solution
Microsoft Shares More Information on Protecting Systems Against PetitPotam Attacks Full Text
Abstract
PetitPotam is the name assigned to a vulnerability that can be exploited by an unauthenticated attacker to get a targeted server to connect to an arbitrary server and perform NTLM authentication.Security Week
July 31, 2021 – Hacker
Evidence suggests Russia’s SVR is still using ‘WellMess’ malware, despite US warnings Full Text
Abstract
RiskIQ said in a report that it uncovered active hacking infrastructure that Western governments attributed last summer to the Russian SVR intelligence agency-linked APT29 or Cozy Bear, which it used at the time to try to steal Covid-19 research.Cyberscoop
July 31, 2021 – General
Ransomware attempt volume sets record, reaches more than 300 million for first half of 2021: SonicWall Full Text
Abstract
A new report from SonicWall found that attempted ransomware attacks skyrocketed in the first half of 2021, with 304.7 million attempted attacks seen by SonicWall's security researchers.ZDNet
July 31, 2021 – Malware
Microsoft: This Windows and Linux malware does everything it can to stay on your network Full Text
Abstract
Microsoft has continued its analysis of the LemonDuck malware, known for installing crypto-miners in enterprise environments. It makes a strong case for why it is worth removing it from your network.ZDNet
July 31, 2021 – General
Here’s 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ Full Text
Abstract
Details of 30 servers thought to be used by Russia's SVR spy agency (aka APT29) as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ.The Register
July 31, 2021 – Phishing
New PayPal Credential Phishing Scam Conducted Via Live Chat Service Full Text
Abstract
As credential phishing is usually conducted via a simple URL link, it is easy to overlook some subtle or exaggerated tactics that threat actors have been using to steal credentials from unsuspecting victims.Heimdal Security
July 30, 2021 – Hacker
SolarWinds hackers accessed over two dozen federal prosecutors’ offices: DOJ Full Text
Abstract
The Department of Justice (DOJ) said Friday that the hackers behind the major SolarWinds attack compromised employee accounts in more than two dozen federal prosecutors’ offices.The Hill
July 30, 2021 – Breach
DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices Full Text
Abstract
The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree.BleepingComputer
July 30, 2021 – Ransomware
The Week in Ransomware - July 30th 2021 - €1 billion saved Full Text
Abstract
Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands.BleepingComputer
July 30, 2021 – Vulnerabilities
Node.js fixes severe HTTP bug that could let attackers crash apps Full Text
Abstract
Node.js has released updates for a high severity vulnerability that could be exploited by attackers to crash the process and cause unexpected behaviors. The use-after-free vulnerability, tracked as CVE-2021-22930 is to do with how HTTP2 streams are handled in the language.BleepingComputer
July 30, 2021 – General
Hillicon Valley: Democrats urge tech CEOs to combat Spanish disinformation | Amazon fined $886M by EU regulators Full Text
Abstract
Social media platform Nextdoor has joined several other tech companies in facing scrutiny from congressional Democrats, who want to know how the platforms are working to combat the spread of disinformation in Spanish and other non-english languages.The Hill
July 30, 2021 – Government
CISA launches vulnerability disclosure platform for federal agencies Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) today launched a new vulnerability disclosure policy (VDP) platform for US federal civilian agencies.BleepingComputer
July 30, 2021 – Breach
The Life Cycle of a Breached Database – Krebs on Security Full Text
Abstract
When a website’s user database gets compromised, that information invariably turns up on hacker forums whereby cybercriminals can use their infrastructure to crack user passwords.Krebs on Security
July 30, 2021 – Vulnerabilities
Python team fixes bug that allowed takeover of PyPI repository Full Text
Abstract
The Python security team has fixed today three vulnerabilities impacting the Python Package Index (PyPI), including one that could have allowed a threat actor to take full control over the portal.The Record
July 30, 2021 – Business
Google claims no instances of foreign interference campaigns targeting Australia Full Text
Abstract
While conceding that foreign interference campaigns on its platforms targeting other jurisdictions have made their way to Australia, Google said none pursued the country specifically.ZDNet
July 30, 2021 – Government
MDBR Stops Ransomware, Phishing, Malware, and More Full Text
Abstract
The MDBR service from CIS is available at no cost to all U.S. SLTT organizations, as well as all public and private hospitals in the U.S., in partnership with technology provider Akamai.CIS
July 30, 2021 – General
Why isn’t cloud backup part of common security practices? Full Text
Abstract
A recent Sophos survey found that the average post-attack remediation costs, including lost business, grew to nearly $2 million in 2021, about 10 times the size of the ransom payment itself.Help Net Security
July 30, 2021 – Vulnerabilities
Remote Code Execution Flaws Patched in WordPress Download Manager Plugin Full Text
Abstract
A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at Defiant warns.Security Week
July 30, 2021 – Vulnerabilities
CVE-2021-3490 – Pwning Linux kernel eBPF on Ubuntu machines Full Text
Abstract
Researcher published an exploit code for a high-severity privilege escalation flaw (CVE-2021-3490) in Linux kernel eBPF on Ubuntu machines. The security researcher Manfred Paul of the RedRocket CTF team released the exploit code for a high-severity...Security Affairs
July 30, 2021 – Business
EY Australia acquires Melbourne MSP SecureWorx Full Text
Abstract
Based in Melbourne, SecureWorx specializes in multi-cloud services, managed security operations, and security advisory services for customers dealing with sensitive information.CRN
July 30, 2021 – Attack
An Indian firm facing 1,738 cyber attacks a week on average, claims report Full Text
Abstract
An organization in India faced cyberattack 1,738 times on average per week in the last six months compared to 757 attacks per organization globally, a report showed on Thursday.The Times Of India
July 30, 2021 – Government
Australia: Home Affairs asks for a rush on Critical Infrastructure Bill to allow ASD to act lawfully Full Text
Abstract
The Department of Home Affairs has requested a rush for the passage of the country's looming critical infrastructure Bill, saying the sector specific rules could be nutted out following Royal Assent.ZDNet
July 30, 2021 – Phishing
BazaCall: Phony call centers lead to exfiltration and ransomware Full Text
Abstract
If a target recipient does decide to call the phone number indicated in the email, they will speak with a real person from a fraudulent call center set up by BazaCall’s operators.Microsoft
July 30, 2021 – Business
Amazon gets $888 million GDPR fine for behavioral advertising Full Text
Abstract
Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising.BleepingComputer
July 30, 2021 – Vulnerabilities
Linux eBPF bug gets root privileges on Ubuntu - Exploit released Full Text
Abstract
A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines.BleepingComputer
July 30, 2021 – Business
ActiveFence comes out of the shadows with $100M in funding and tech that detects online harm, now valued at $500M+ Full Text
Abstract
ActiveFence has quietly built a tech platform to filter out threats as they are being formed and planned to make it easier for trust and safety teams to combat them on platforms.Yahoo! Finance
July 30, 2021 – General
Survey: Pandemic Has Left Public Sector IT Exposed Full Text
Abstract
Three in four public sector technology practitioners flag remote work policies as the top risk-inducing factor for cyberattacks, according to a survey released this week by IT firm SolarWinds.Nextgov
July 30, 2021 – Criminals
Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? Full Text
Abstract
A recent announcement on their forum indicates that the infamous Babuk ransomware operators are now expressly targeting Linux/UNIX systems, as well as ESXi and VMware systems.McAfee
July 30, 2021 – General
What Can Be Done to Enhance Electrical Grid Security? Full Text
Abstract
The lack of adequate security features in critical electrical grid equipment poses a serious U.S. cybersecurity threat, according to federal officials who testified at a US Congress hearing this week.Gov Info Security
July 30, 2021 – Malware
LockBit 2.0 Abuses Windows Domains to Propagate Full Text
Abstract
A new LockBit variant has been discovered that comes with automated encryption of a Windows domain. It has multiple advanced features and is now abusing the Active Directory group policies. The new tactics indicate that Lockbit developers are well versed with Windows OS and are leaving no ston ... Read MoreCyware Alerts - Hacker News
July 30, 2021 – Ransomware
Beware of AvosLocker, It’s Hiring! Full Text
Abstract
The ransomware first came to light in late June after an attack on the City of Geneva. Its operators are now searching for affiliates via several underground forums.Cyware Alerts - Hacker News
July 30, 2021 – Business
Google to block logins on old Android devices starting September Full Text
Abstract
Google is emailing Android users to let them know that, starting late September, they will no longer be able to log in to their Google accounts on devices running Android 2.3.7 (Gingerbread) and lower.BleepingComputer
July 30, 2021 – Government
India: Delhi government plans IT shield to ward off cyber threats Full Text
Abstract
Delhi government is going to carry out a major security audit of all its IT systems, websites, web-enabled applications, web services and mobile applications against any cyberattack or threat.The Times Of India
July 30, 2021 – Malware
Experts Uncover Several C&C Servers Linked to WellMess Malware Full Text
Abstract
Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said in a report shared with The Hacker News. APT29, the moniker assigned to government operatives working for Russia's Foreign Intelligence Service (SVR), is believed to have been the mastermind behind the massive SolarWinds supply chain attack that came to light late last year, with the U.K. and U.S. governments formally pinning the intrusions on Russia earlier this April. The activity is being tracked by the cybersecurity community under various codenames, including UNC2452 (FireEye), Nobelium (Microsoft), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), andThe Hacker News
July 30, 2021 – Criminals
Estonia ‘s police arrested a Tallin resident who stole 286K ID scans from a government DB Full Text
Abstract
Estonia 's police arrested a man from Tallinn that is suspected to be the hacker who stole 286K ID scans from the government systems. Estonian police arrested a man from Tallinn that is suspected to have stolen 286,438 belonging to Estonians citizens...Security Affairs
July 30, 2021 – Malware
PyPI packages caught stealing credit card numbers, Discord tokens Full Text
Abstract
The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting arbitrary code execution capabilities to attackers. These malicious packages were downloaded over 30,000 times according to the researchers who caught them.BleepingComputer
July 30, 2021 – Attack
Entertainment Tech Provider D-Box Discloses Ransomware Attack Impacting IT Systems Full Text
Abstract
In a recent statement, the Canadian immersive entertainment technology provider said it was “gradually resuming its activities following a ransomware cyber-attack” first publicly disclosed on July 14.The Daily Swig
July 30, 2021 – Malware
Several Malicious Typosquatted Python Libraries Found On PyPI Repository Full Text
Abstract
As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. "Lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them as a platform to spread malware, whether through typosquatting, dependency confusion, or simple social engineering attacks," JFrog researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe said Thursday. PyPI, short for Python Package Index, is the official third-party software repository for Python, with package manager utilities like pip relying on it as the default source for packages and their dependencies. The Python packages in question, which were found to be obfuscated using Base64 encoding, are listed below - pytagora (uploaded by leonora123) pytagora2 (uplThe Hacker News
July 30, 2021 – Attack
Meteor was the wiper used against Iran’s national railway system Full Text
Abstract
The recent attack against Iran’s national railway system was caused by a wiper malware dubbed Meteor and not by a ransomware as initially thought. According to research from Amnpardaz and SentinelOne, the recent attack...Security Affairs
July 30, 2021 – General
Dark web ads offering corporate network access increase seven-fold Full Text
Abstract
In the first quarter of 2021, the number of users who placed ads for buying and selling access and also for seeking hacking partners tripled compared to Q1 2020, according to Positive Technologies.Help Net Security
July 30, 2021 – Malware
A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System Full Text
Abstract
A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor." The campaign — dubbed " MeteorExpress " — has not been linked to any previously identified threat group or to additional attacks, making it the first incident involving the deployment of this malware, according to researchers from Iranian antivirus firm Amn Pardaz and SentinelOne. Meteor is believed to have been in the works over the past three years. "Despite a lack of specific indicators of compromise, we were able to recover most of the attack components," SentinelOne's Principal Threat Researcher, Juan Andres Guerrero-Saade, noted. "Behind this outlandish tale of stopped trains and glib trolls, we found the fingerprints of an unfamiliar attacker," adding the offensive is "designed tThe Hacker News
July 30, 2021 – Criminals
Arrests made over European ATM ‘jackpotting’ spree Full Text
Abstract
Two Belarusian nationals have been arrested in connection with a spate of ATM ‘jackpotting’ attacks in which cash machines across Europe were illegally induced into dispensing €230,000 ($273,000).The Daily Swig
July 30, 2021 – Ransomware
Ransomware can penetrate quickly, significantly damaging an organization Full Text
Abstract
A Cloudian survey found that traditional ransomware defenses are failing, with 54% of all victims having anti-phishing training and 49% having perimeter defenses in place at the time of attack.Help Net Security
July 30, 2021 – General
Why a Cyber Pearl Harbor Will Never Happen Full Text
Abstract
The easy answer is really a semantic one: nothing that can be done in cyber (information technology) is directly comparable to widespread kinetic destruction of military forces.Flying Penguin
July 30, 2021 – Malware
Researchers Discover New Solarmarker Malware Activity Focused on Credential and Information Theft Full Text
Abstract
The report by Cisco Talos added that Microsoft researchers believe the Solarmarker campaign is using SEO poisoning in order to make their dropper files highly visible in search engine results.ZDNet
July 30, 2021 – General
Phantom Warships Are Courting Chaos in Conflict Zones Full Text
Abstract
By international law, all but the smallest commercial ships have to install AIS transponders which broadcast their identity, position, course, and speed to other ships in the area every few seconds.Wired
July 30, 2021 – Breach
Calgary’s parking authority exposed drivers’ personal data and tickets Full Text
Abstract
A logging server, containing technical logs, parking tickets, and payment and driver information, used to monitor the authority’s parking system for bugs and errors was left exposed on the internet.TechCrunch
July 29, 2021 – Phishing
Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers Full Text
Abstract
An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are sent email messages informing them of a forthcoming subscription charge unless they call a specific phone number. By tricking the recipients into calling the number, the unsuspecting victims are connected with an actual human operator at a fraudulent call center, who then provide them with instructions to download the BazaLoader malware. BazaLoader (aka BazarBackdoor) is a C++-based downloader with the ability to install various types of malicious programs on infected computers, including deploying ransomware and other malware to steal sensitive data from victimized systems. FirstThe Hacker News
July 29, 2021 – General
Hillicon Valley: Poll finds Americans eager to regulate Big Tech | Protesters heap pressure onto ShotSpotter | Twitter debuts shopping feature Full Text
Abstract
A poll released today by CAP Action and Public Citizen shows just how far out of public favor America’s Big Tech companies have gotten. Not only are Americans worried about the size and influence of the companies but, according to the survey, they support taking steps to regulate them. In other news, activists in Chicago rallied Thursday calling on the city to end its contracts with the controversial gun detection company ShotSpotter.The Hill
July 29, 2021 – Criminals
Estonia arrests hacker who stole 286K ID scans from govt database Full Text
Abstract
A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS).BleepingComputer
July 29, 2021 – Breach
UC San Diego Health Breach Tied to Phishing Attack Full Text
Abstract
Employee email takeover exposed personal, medical data of students, employees and patients.Threatpost
July 29, 2021 – Government
CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer Full Text
Abstract
There are patches or remediations for all of them, but they’re still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do?Threatpost
July 29, 2021 – APT
Praying Mantis is now Preying on Microsoft’s IIS Servers Full Text
Abstract
Sygnia researchers reported a new APT group—Praying Mantis or TG1021—targeting Microsoft IIS web servers to reach victims’ internal networks to steal sensitive data. To stay protected, researchers recommend patching .NET deserialization vulnerabilities and scanning internet-facing IIS servers with ... Read MoreCyware Alerts - Hacker News
July 29, 2021 – Malware
Malware Hidden Inside Neural Network Models has Over 90% Efficacy Full Text
Abstract
A new research attack method demonstrated that replacing up to 50% of neurons in the AlextNet model with malware can go undetected under security tools, as the model’s accuracy remained above 93.1%. Popular technologies such as machine learning and neural networks are still at their nascent stage, ... Read MoreCyware Alerts - Hacker News
July 29, 2021 – Criminals
BlackMatter and Haron, two new ransomware gangs in the threat landscape Full Text
Abstract
The cyber threat landscape change continuously, recently two new ransomware-as-service (RaaS) operations named BlackMatter and Haron made the headlines. Recently, two new ransomware gangs, named BlackMatter and Haron, announced the beginning of the operations. The...Security Affairs
July 29, 2021 – Government
NSA shares guidance on how to secure your wireless devices Full Text
Abstract
The US National Security Agency (NSA) today published guidance on how to properly secure wireless devices against potential attacks targeting them when traveling or working remotely.BleepingComputer
July 29, 2021 – Vulnerabilities
Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors Full Text
Abstract
IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to French cybersecurity firm RandoriSec.Security Week
July 29, 2021 – Malware
New destructive Meteor wiper malware used in Iranian railway attack Full Text
Abstract
A new file wiping malware called Meteor was discovered used in the recent attacks against Iran's railway system.BleepingComputer
July 29, 2021 – Government
Israeli Government Agencies Visit NSO Group Offices Full Text
Abstract
Authorities opened an investigation into the secretive Israeli security firm.Threatpost
July 29, 2021 – Vulnerabilities
Critical flaw in Microsoft Hyper-V could allow RCE and DoS Full Text
Abstract
Researchers at Guardicore disclosed details about a critical flaw in Microsoft Hyper-V, tracked as CVE-2021-28476, which can trigger a DoS condition to execute arbitrary code.Security Affairs
July 29, 2021 – Breach
Chipotle’s marketing account hacked to send phishing emails Full Text
Abstract
Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails luring recipients to malicious links.BleepingComputer
July 29, 2021 – Business
Noetic Cyber raises $20M to automate cybersecurity remediation Full Text
Abstract
Noetic Cyber today emerged from stealth with $20 million, including $15 million in series A funding from Energy Impact Partners, TenEleven Ventures, and Glasswing Ventures.Venture Beat
July 29, 2021 – Vulnerabilities
RCE bug in Moodle e-learning platform could be abused to steal data, manipulate results Full Text
Abstract
A critical security vulnerability in a popular e-learning platform could be abused to allow access to students’ data and test papers – and possibly even manipulate exam results.The Daily Swig
July 29, 2021 – Denial Of Service
Analytical report on DDoS attacks in the second quarter of 2021 Full Text
Abstract
The month of April 2021 saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to its victims — that was distributed via YouTube and Discord.Kaspersky Labs
July 29, 2021 – Hacker
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs Full Text
Abstract
An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign. The backdoor is distributed via a decoy document named "Manifest.docx" that loads the exploit code for the vulnerability from an embedded template, which, in turn, executes shellcode to deploy the RAT, according to cybersecurity firm Malwarebytes, which spotted the suspicious Word file on July 21, 2021. The malware-laced document claims to be a "Manifesto of the inhabitants of Crimea" calling on the citizens to oppose Russian President Vladimir Putin and "create a unified platform called 'People's Resistance.'" The Internet Explorer flaw, tracked as CVE-2021-26411 , is notable for the fact that it was abused by theThe Hacker News
July 29, 2021 – Malware
Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them Full Text
Abstract
Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them.Threatpost
July 29, 2021 – Criminals
DoppelPaymer ransomware gang rebrands as the Grief group Full Text
Abstract
After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief).BleepingComputer
July 29, 2021 – Business
SolCyber emerges from stealth with $20M in funding from ForgePoint Full Text
Abstract
The managed security service provider SolCyber Managed Security Services Inc. launched out of stealth mode and announced that it has raised $20 million in Series A funding led by ForgePoint Capital.Silicon Angle
July 29, 2021 – Criminals
New Ransomware Gangs — Haron and BlackMatter — Emerge on Cybercrime Forums Full Text
Abstract
Two new ransomware-as-service (RaaS) programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil , the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months. "The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," the operators behind the new BlackMatter group said in their darknet public blog, making promises to not strike organizations in several industries, including healthcare, critical infrastructure, oil and gas, defense, non-profit, and government sectors. According to Flashpoint, the BlackMatter threat actor registered an account on Russian-language forums XSS and Exploit on July 19, quickly following it up with a post stating they are looking to purchase access to infected corporate networks comprising anywhere between 500 and 15,000 hosts in the U.S., Canada, Australia, and the U.The Hacker News
July 29, 2021 – Ransomware
LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains Full Text
Abstract
A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted...Security Affairs
July 29, 2021 – General
IBM Cost of Data Breach 2021 Report Pegs Incident Cost at $4.2 Million Full Text
Abstract
The U.S. suffered the highest data breach cost at $9.05 million per incident, followed by the Middle East at $6.93 million and Canada at $5.4 million.Cyware Alerts - Hacker News
July 29, 2021 – General
Best Practices to Thwart Business Email Compromise (BEC) Attacks Full Text
Abstract
Business email compromise (BEC) refers to all types of email attacks that do not have payloads. Although there are numerous types, there are essentially two main mechanisms through which attackers penetrate organizations utilizing BEC techniques, spoofing and account take-over attacks. In a recent study , 71% of organizations acknowledged they had seen a business email compromise (BEC) attack during the past year. Forty-three percent of organizations experienced a security incident in the last 12 months, with 35% stating that BEC/phishing attacks account for more than 50% of the incidents. The FBI's Internet Crime Complaint Center (IC3) reports that BEC scams were the most expensive of cyberattacks in 2020, with 19,369 complaints and adjusted losses of approximately $1.8 billion. Recent BEC attacks include spoofing attacks on Shark Tank Host Barbara Corcoran, who lost $380,000 ; the Puerto Rican government attacks that amounted to $4 million, and Japanese media giant, NikkeiThe Hacker News
July 29, 2021 – Vulnerabilities
Critical flaw in Microsoft Hyper-V could allow RCE and DoS Full Text
Abstract
Experts disclose details about a critical flaw in Microsoft Hyper-V, tracked as CVE-2021-28476, that can allow executing arbitrary code on it. Researchers Peleg Hadar of SafeBreach and Ophir Harpaz of Guardicore disclose details...Security Affairs
July 29, 2021 – Criminals
Cybercriminals Sell Data of Unknown Number of British Columbians Stolen from Homewood Health Full Text
Abstract
CTV News has confirmed at least some of the information leaked online is authentic, though the bulk of the data is still on the auction block at Marketo, a leaked data marketplace.CTV News
July 29, 2021 – Malware
New Android Malware Uses VNC to Spy and Steal Passwords from Victims Full Text
Abstract
A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was distributed via the official Google Play Store and masqueraded as an app named "Protection Guard," attracting over 5,000 installations. Banking and crypto-wallet apps from entities located in Italy, Australia, and Spain were the primary targets. "For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," researchers from ThreatFabric said in a write-up shared with The Hacker News. "The actors chose to steer away from the commoThe Hacker News
July 29, 2021 – Business
Microsoft Security: 5 Big Statements From Satya Nadella Full Text
Abstract
Microsoft CEO Satya Nadella touted the Redmond-based technology giant’s latest momentum in its cybersecurity business during the company’s fiscal fourth-quarter earnings call.CRN
July 29, 2021 – Vulnerabilities
Top 30 Critical Security Vulnerabilities Most Exploited by Hackers Full Text
Abstract
Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to weaponize publicly disclosed flaws to their advantage swiftly. "Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide," the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom's National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) noted . "However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system." The top 30 vulnerabilities span a wide range of software, including remote work, virtual priThe Hacker News
July 29, 2021 – Malware
New Vultur Android Malware Records Smartphones via VNC to Steal Passwords Full Text
Abstract
Researchers have discovered a new Android malware that uses the VNC technology to record and broadcast a victim’s smartphone activity, allowing attackers to collect keyboard presses and app passwords.The Record
July 29, 2021 – General
Over half a million cybersecurity incidents reported in India during first half of 2021: Govt Full Text
Abstract
The government informed that CERT-In has reported a total of 394,499, 1,158,208 and 607,220 cybersecurity incidents observed during the year 2019, 2020 and 2021 (upto June), respectively.The Times Of India
July 28, 2021 – Government
New US security memorandum bolsters critical infrastructure cybersecurity Full Text
Abstract
US President Joe Biden today issued a national security memorandum designed to help strengthen the security of critical infrastructure by setting baseline performance goals for critical infrastructure owners and operators.BleepingComputer
July 28, 2021 – General
Where does the SME fit into a supply chain attack? Full Text
Abstract
Every company has a duty to protect its customers from supply chain attacks while simultaneously taking action to prevent being a supply chain victim of its own suppliers.Help Net Security
July 28, 2021 – Government
Hillicon Valley: Biden moves to boost critical infrastructure cybersecurity | Activists protest Facebook’s ‘failure’ on disinformation | States appeal dismissal of Facebook antitrust case Full Text
Abstract
After major cybersecurity attacks, such as the one that impacted Colonial Pipeline, President BidenJoe BidenRealClearPolitics reporter says Freedom Caucus shows how much GOP changed under Trump Iowa governor suggests immigrants partially to blame for rising COVID-19 cases Biden officials pledge to confront cybersecurity challenges head-on MORE issued a national security memorandum to amp up cybersecurity infrastructure.The Hill
July 28, 2021 – Malware
UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild Full Text
Abstract
An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021. Italy's CERT-AGID, in late January, disclosed details about Oscorp , a mobile malware developed to attack multiple financial targets with the goal of stealing funds from unsuspecting victims. Its features include the ability to intercept SMS messages and make phone calls and perform Overlay Attacks for more than 150 mobile applications by making use of lookalike login screens to siphon valuable data. The malware was distributed through malicious SMS messages, with the attacks often conducted in real-time by posing as bank operators to dupe targets over the phone and surreptitiously gain access to the infected device via WebRTC protocol and ultimately conduct unauthorized bank transfers. While no new activities were reported since then, it appeThe Hacker News
July 28, 2021 – Government
US, UK, and Australian agencies warn of top routinely exploited issues Full Text
Abstract
A joint report published by US, UK, and Australian cyber security agencies warns of the top routinely exploited vulnerabilities in 2020. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC),...Security Affairs
July 28, 2021 – Government
Biden: Severe cyberattacks could escalate to ‘real shooting war’ Full Text
Abstract
President Joe Biden warned that cyberattacks leading to severe security breaches could lead to a "real shooting war" with another major world power.BleepingComputer
July 28, 2021 – General
Average time to fix high severity vulnerabilities grows from 197 days to 246 days in 6 months: report Full Text
Abstract
The latest AppSec Stats Flash report from NTT Application Security has found that the remediation rate for severe vulnerabilities is on the decline, while the average time to fix is on the rise.ZDNet
July 28, 2021 – Hacker
Hackers posed as flirtatious UK aerobics instructor while targeting US defense contractor’s employee Full Text
Abstract
Cybersecurity researchers said that hackers with ties to the Iranian government targeted U.S. defense contractors in attempts to install malware, including by posing as a United Kingdom-based aerobics instructor.The Hill
July 28, 2021 – Hacker
Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers Full Text
Abstract
A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems. Attributing the intrusions to a threat actor named PKPLUG (aka Mustang Panda and HoneyMyte), Palo Alto Networks' Unit 42 threat intelligence team said it identified a new version of the modular PlugX malware, called Thor, that was delivered as a post-exploitation tool to one of the breached servers. Dating back to as early as 2008, PlugX is a fully-featured second-stage implant with capabilities such as file upload, download, and modification, keystroke logging, webcam control, and access to a remote command shell. "The variant observed [...] is unique in that it contains a change to its core source code: the replacement of its trademark word 'PLUG' to 'THOR,'" Unit 42 researchers Mike Harbison anThe Hacker News
July 28, 2021 – Attack
Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers Full Text
Abstract
A China-linked cyberespionage group, tracked as PKPLUG, employed a previously undocumented strain of a RAT dubbed THOR in recent attacks. A China-linked cyberespionage group tracked as PKPLUG (aka Mustang Panda and HoneyMyte), which...Security Affairs
July 28, 2021 – Business
Google Play Protect fails Android security tests once more Full Text
Abstract
Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against.BleepingComputer
July 28, 2021 – Breach
Olympics Broadcaster Announces His Computer Password on Live TV Full Text
Abstract
In what is, at least so far, the biggest cybersecurity blunder of the Tokyo Olympics, an Italian TV announcer did not realize he was on air when he asked the password for his computer.Vice
July 28, 2021 – Government
Biden moves to boost critical infrastructure cybersecurity Full Text
Abstract
President Biden on Wednesday will sign a national security memorandum aimed at increasing cybersecurity for critical systems in the wake of major cyberattacks on companies such as Colonial Pipeline.The Hill
July 28, 2021 – Hacker
Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees Full Text
Abstract
An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider cybersecurity community under the monikers Tortoiseshell and Imperial Kitten. "Using the social media persona 'Marcella Flores,' TA456 built a relationship across corporate and personal communication platforms with an employee of a small subsidiary of an aerospace defense contractor," Proofpoint said in a report shared with The Hacker News. "In early June 2021, the threat actor attempted to capitalize on this relationship by sending the target malware via an ongoing email communication chain." Earlier this month, Facebook revealed it took steps to dismantle a &quoThe Hacker News
July 28, 2021 – General
IBM Cost of a Data Breach study: average Cost of Data Breach exceeds $4.2M Full Text
Abstract
The 'Cost of a Data Breach' report commissioned by IBM Security states that the cost of a data breach exceeded $4.2 million during the COVID19 pandemic. IBM Security presented today the annual study "Cost of Data Breach," conducted by Ponemon Institute...Security Affairs
July 28, 2021 – Vulnerabilities
Google Play Protect fails Android security tests once more Full Text
Abstract
Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against.BleepingComputer
July 28, 2021 – Government
Biden administration officials endorse ransomware reporting rules Full Text
Abstract
A handful of key Biden administration officials on Tuesday voiced support for legislation that would mandate certain businesses report ransomware attacks to the government.The Record
July 28, 2021 – Privacy
Google: Android apps must provide privacy information by April 2022 Full Text
Abstract
Google has announced today more details regarding their upcoming Google Play 'Safety section' feature that provides users information about the data collected and used by an Android app.BleepingComputer
July 28, 2021 – Business
Tencent suspends signups to WeChat, citing ‘security upgrade’ and need to comply with Chinese laws Full Text
Abstract
The upgrade is expected to conclude in "early August". Tencent hasn't defined a range of dates that fits within that phrase, leaving open the possibility that the suspension could last a week or more.The Register
July 28, 2021 – Vulnerabilities
Critical Microsoft Hyper-V bug could haunt orgs for a long time Full Text
Abstract
Technical details are now available for a vulnerability that affects Hyper-V, Microsoft's native hypervisor for creating virtual machines on Windows systems and in Azure cloud computing environment.BleepingComputer
July 28, 2021 – Attack
Axie Infinity Player Wallets Targeted by Poisoned Google Ads Content Full Text
Abstract
The top NFT Ethereum-based game Axie infinity, is a Pokemon-like play-to-earn game that lets its users earn SLP (Smooth Love Potion). Threat actors are targeting the players with a fake crypto wallet.Cyren
July 28, 2021 – Government
FBI reveals top targeted vulnerabilities of the last two years Full Text
Abstract
A joint security advisory issued today by several cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years.BleepingComputer
July 28, 2021 – Malware
Beware: Fake Windows 11 Installers Spreading Adware Full Text
Abstract
Kaspersky discovered a significant rise in malicious links for bogus Windows 11 installers. The primary purpose of the executable is to download different types of malicious software on the device. Therefore, it is recommended that users avoid downloading installations from third-party websites.Cyware Alerts - Hacker News
July 28, 2021 – Covid-19
Northern Ireland suspends vaccine passport system after data leak Full Text
Abstract
Northern Ireland's Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification web service and mobile apps following a data exposure incident.BleepingComputer
July 28, 2021 – Malware
Increasing Use of ‘Exotic’ Programming Languages for Malware Development Full Text
Abstract
Cybercriminals have been found using new 'exotic' programming languages for carrying out cyber attacks. A recently published report suggests that the use of a few specific languages is becoming a trend to develop new malware. To identify and prevent such threats, security researchers suggest ... Read MoreCyware Alerts - Hacker News
July 28, 2021 – General
The State of Web Application Security Full Text
Abstract
According to a report from the F5 Labs, web application exploits were used in 57% of the most significant cybersecurity incidents that occurred in the last five years.Cyware Alerts - Hacker News
July 28, 2021 – Hacker
Fake Software Cracks: A Shady Work of Threat Actors Full Text
Abstract
These types of software are distributed via shady sites, YouTube, and torrents to trick victims into believing that they are downloading the latest software or a game installer.Cyware Alerts - Hacker News
July 28, 2021 – Government
Experts Testify on Pipeline Cybersecurity Measures Full Text
Abstract
The Senate hearing came just one week after the TSA issued its second cybersecurity directive, requiring owners and operators of critical pipelines to implement cybersecurity controls.Gov Info Security
July 28, 2021 – Malware
BlackMatter ransomware targets companies with revenue of $100 million and more Full Text
Abstract
A new ransomware gang launched into operation this week, claiming to combine the best features of the now-defunct Darkside and REvil ransomware groups, Recorded Future analysts have discovered.The Record
July 28, 2021 – Criminals
BlackMatter ransomware group claims to be Darkside and REvil succesor Full Text
Abstract
BlackMatter ransomware gang, a new threat actor appears in the threat landscape and claims to combine TTPs of Darkside and REvil. BlackMatter is a new ransomware gang that started its activity this week, the cybercriminals group claims to be the successor...Security Affairs
July 27, 2021 – Ransomware
LockBit ransomware now encrypts Windows domains using group policies Full Text
Abstract
An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies.BleepingComputer
July 27, 2021 – Disinformation
Biden says Russia spreading misinformation ahead of 2022 elections Full Text
Abstract
President Biden said Tuesday that he has been briefed on Russian efforts to spread misinformation related to the 2022 midterm elections.The Hill
July 27, 2021 – Ransomware
LockBit ransomware automates Windows domain encryption via group policies Full Text
Abstract
An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies.BleepingComputer
July 27, 2021 – Breach
Indonesia’s BRI Life Probes Reported Data Leak of 2 Million Users Full Text
Abstract
BRI Life, the insurance arm of Indonesia's Bank Rakyat Indonesia (BRI), said that it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers.Reuters
July 27, 2021 – General
Hillicon Valley: Facebook tightens teen protections | FBI cautions against banning ransomware payments | Republicans probe White House-social media collaboration Full Text
Abstract
Under intense Congressional and regulatory scrutiny, Facebook tightened protections for teens across its platform Tuesday by limiting ad targeting. In the cyber world, the FBI cautioned against banning ransomware payments in a hearing after a spate of attacks.The Hill
July 27, 2021 – Vulnerabilities
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email Full Text
Abstract
Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in Zimbra 8.8.15 by researchers from code quality and security solutions provider SonarSource in May 2021. Mitigations have since been released in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16. CVE-2021-35208 (CVSS score: 5.4) - Stored XSS Vulnerability in ZmMailMsgView.java CVE-2021-35209 (CVSS score: 6.1) - Proxy Servlet Open Redirect Vulnerability "A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization," said SonarSource vulnerability researcher, Simon Scannell, who identifThe Hacker News
July 27, 2021 – Vulnerabilities
Flaws in Zimbra could allow to takeover webmail server of a targeted organization Full Text
Abstract
Researchers discovered flaws in Zimbra email collaboration software that could allow attackers to compromise email accounts by sending a malicious email. Cybersecurity researchers have discovered multiple security vulnerabilities, tracked as CVE-2021-35208 and CVE-2021-35208,...Security Affairs
July 27, 2021 – General
No More Ransom Saves Victims Nearly €1 Over 5 Years Full Text
Abstract
No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich.Threatpost
July 27, 2021 – Breach
UC San Diego Health discloses data breach after phishing attack Full Text
Abstract
UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts.BleepingComputer
July 27, 2021 – Solution
Microsoft Teams just got this new protection against phishing attacks Full Text
Abstract
The additional phishing protection in Microsoft Teams is available for organizations using Defender for Office 365 to guard against phishing attacks that use weaponized URLs.ZDNet
July 27, 2021 – Government
Top FBI official advises Congress against banning ransomware payments Full Text
Abstract
A senior FBI official advised members of the Senate Judiciary Committee on Tuesday against the idea of banning companies from paying hackers behind ransomware attacks, which have become a national security concern in recent months.The Hill
July 27, 2021 – Vulnerabilities
Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers Full Text
Abstract
The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.Threatpost
July 27, 2021 – Malware
Wiper Malware Riding the 2021 Tokyo Olympic Games Full Text
Abstract
In the wee hours of the Tokyo Olympic Games, an interesting Wiper malware surfaced that reminds of the same destructive malware that targeted the Pyeongchang Winter Games. This one is called “Olympic Destroyer.”Fortinet
July 27, 2021 – Hacker
Hackers flooded the Babuk ransomware gang’s forum with gay porn images Full Text
Abstract
At the end of May, the Babuk ransomware operators rebranded their ransomware leak site into Payload[.]bin and started offering the opportunity to other gangs to use it to leak data stolen from their victims.Security Affairs
July 27, 2021 – APT
APT Group Praying Mantis Hits IIS Web Servers with Deserialization Flaws and Memory Resident Malware Full Text
Abstract
A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET applications to deploy fileless malware.CSO Online
July 27, 2021 – Business
South Africa’s Transnet Declares Force Majeure at Container Terminals Full Text
Abstract
The document sent to customers and dated on Monday said the force majeure would be implemented with immediate effect. It would impact container terminals in Durban, Ngqura, Port Elizabeth, and Cape Town.Reuters
July 27, 2021 – Vulnerabilities
DIVD discloses three new unpatched Kaseya Unitrends zero-days Full Text
Abstract
Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service. The vulnerabilities include remote code execution and authenticated privilege escalation on the client side.Security Affairs
July 27, 2021 – General
How to prevent corporate credentials ending up on the dark web Full Text
Abstract
It’s not just small and medium-sized enterprises that are seeing their credentials shared on hacker forums. This year, SpyCloud found almost 26 million Fortune 1000 business accounts and 543 million employee credentials circulating on the dark web.Help Net Security
July 27, 2021 – Breach
Florida DEO Discloses Data Breach Affecting 58,000 Accounts Full Text
Abstract
The data breach has affected the unemployment benefits system and targeted 57,920 claimant accounts. The breach affected accounts within the Reemployment Assistance Claims and Benefits Information System, commonly known as CONNECT.Dark Reading
July 27, 2021 – Vulnerabilities
Google launches new Bug Hunters vulnerability rewards platform Full Text
Abstract
Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof.BleepingComputer
July 27, 2021 – Business
Cyber insurance startup At-Bay raises $185 million at $1.35 billion valuation Full Text
Abstract
Cyber insurance startup At-Bay said on Tuesday it raised $185 million at a $1.35 billion valuation to expand its business as many in the cyber industry face growing losses due to ransomware attacks.Reuters
July 27, 2021 – Vulnerabilities
Several Bugs Found in 3 Open-Source Software Used by Several Businesses Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM , Pimcore , and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework v3.0.0, Pimcore AdminBundle v6.8.0, and Akaunting v2.1.12, were fixed within a day of responsible disclosure, researchers Wiktor Sędkowski of Nokia and Trevor Christiansen of Rapid7 noted. Six of the nine flaws were uncovered in the Akaunting project. EspoCRM is an open-source customer relationship management (CRM) application, while Pimcore is an open-source enterprise software platform for customer data management, digital asset management, content management, and digital commerce. Akaunting, on the other hand, is an open-source and online accounting software designed for invoice and expeThe Hacker News
July 27, 2021 – Attack
South Africa’s logistics company Transnet SOC hit by a ransomware attack Full Text
Abstract
Transnet SOC Ltd, a large South African rail, port and pipeline company, announced it was hit by a disruptive cyber attack. South Africa’s logistics company Transnet SOC was hit last week by a disruptive cyberattack that halted its operations...Security Affairs
July 27, 2021 – Vulnerabilities
Apple Patches Actively Exploited Zero-Day in iOS, MacOS Full Text
Abstract
Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.Threatpost
July 27, 2021 – Solution
Microsoft Teams now automatically blocks phishing attempts Full Text
Abstract
Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks.BleepingComputer
July 27, 2021 – General
Why Are Users Ignoring Multi-Factor Authentication? Full Text
Abstract
In a new transparency report released this month, the social media giant Facebook said that barely 2.3 percent of all its active accounts have enabled at least one method of two-factor authentication between July and December last year.Security Week
July 27, 2021 – Malware
Hackers Turning to ‘Exotic’ Programming Languages for Malware Development Full Text
Abstract
Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of threat research at BlackBerry. "That tactic has multiple benefits from the development cycle and inherent lack of coverage from protective products." On the one hand, languages like Rust are more secure as they offer guarantees like memory-safe programming , but they can also be a double-edged sword when malware engineers abuse the same features designed to offer increased safeguards to their advantage, thereby making malware less susceptible to exploitation and thwart attempts to activate a kill-switch and render them powerless. Noting that binaries written iThe Hacker News
July 27, 2021 – Vulnerabilities
DIVD discloses three new unpatched Kaseya Unitrends zero-days Full Text
Abstract
Experts found three new zero-day flaws in the Kaseya Unitrends service and warn users to avoid exposing the service to the Internet. Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service. The vulnerabilities...Security Affairs
July 27, 2021 – Covid-19
NHS COVID passes targeted by scammers Full Text
Abstract
The CEO of Egress has warned that COVID passport phishing emails are circulating – and directed users to fake NHS websites. These passes allow people to show their vaccination details or test results, and are considered an official COVID-19 status.IT Security Guru
July 27, 2021 – Hacker
Hackers flooded the Babuk ransomware gang’s forum with gay porn images Full Text
Abstract
The Babuk ransomware operators seem to have suffered a ransomware attack, threat actors flooded their forum gay orgy porn images. At the end of June, the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version...Security Affairs
July 27, 2021 – General
36% of organizations suffered a serious cloud security data leak or a breach in the past year Full Text
Abstract
As cloud adoption accelerates, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey conducted by Fugue and Sonatype.Help Net Security
July 27, 2021 – Government
Israel defence minister to visit France to discuss NSO, Iran Full Text
Abstract
Israeli Defence Minister Benny Gantz will travel to France this week to discuss spyware sold by Israeli cyber firm NSO that was allegedly used to target French President Emmanuel Macron.Reuters
July 27, 2021 – Vulnerabilities
Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices Full Text
Abstract
Apple on Monday rolled out an urgent security update for iOS, iPadOS , and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory corruption issue ( CVE-2021-30807 ) in the IOMobileFrameBuffer component, a kernel extension for managing the screen framebuffer , that could be abused to execute arbitrary code with kernel privileges. The company said it addressed the issue with improved memory handling, noting it's "aware of a report that this issue may have been actively exploited." As is typically the case, additional details about the flaw have not been disclosed to prevent the weaponization of the vulnerability for additional attacks. Apple credited an anonymous researcher for discovering and reporting theThe Hacker News
July 27, 2021 – Malware
Hiding Malware inside a model of a neural network Full Text
Abstract
Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network models to evade the detection without impacting the performance of the network.Security Affairs
July 27, 2021 – Ransomware
Double Encryption: When Ransomware Recovery Gets Complicated Full Text
Abstract
In the Double extortion tactic, the cybercriminals demand two ransoms — one for a decryption utility and the other for the deletion of the victim’s stolen information from their servers.Security Intelligence
July 27, 2021 – Government
Brazil creates cyberattack response network Full Text
Abstract
Created through a presidential decree signed on July 16, the Federal Cyber Incident Management Network will encompass the Institutional Security Office of the presidency as well as all bodies and entities under the federal government administration.ZDNet
July 27, 2021 – Vulnerabilities
Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack Full Text
Abstract
The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.The Register
July 27, 2021 – Malware
Scammers are using fake Microsoft 11 installers to spread malware Full Text
Abstract
Security firm Kaspersky has warned that crooks were exploiting people overeager to get their hands on the Microsoft operating system update, due for fall release, with fake installers.Cyberscoop
July 27, 2021 – Business
18 Companies to Participate in NIST ‘Zero Trust’ Project Full Text
Abstract
The NIST has selected 18 technology companies to demonstrate "zero trust" security architectures as it prepares to draft guidance for use of the model by federal agencies, which the private sector can also follow.Gov Info Security
July 26, 2021 – Solution
Microsoft Defender ATP now secures removable storage, printers Full Text
Abstract
Microsoft has added new removable storage device and printer controls to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus.BleepingComputer
July 26, 2021 – General
Continuous Threats and Attacks Piercing Windows OS Full Text
Abstract
Multiple cyberattacks have been found targeting Windows OS. Its users were targeted, almost on a daily basis, with some new malware, vulnerability, or attack vector. Therefore, the best solution is to always stay updated and frequently install the latest patches.Cyware Alerts - Hacker News
July 26, 2021 – General
Hillicon Valley: Tech groups urge Congress to ‘dig deeper’ on Facebook role in Capitol riot | Kaseya denies paying hackers for decryption key | Tech coalition expands tracking of extremist content Full Text
Abstract
The day before members of a House select committee tasked with investigating the Jan. 6 Capitol riot are set to hold their first hearing, a group of tech accountability groups sent a report renewing their request for lawmakers to look into what they called Facebooks’s “significant responsibility” in the attack.The Hill
July 26, 2021 – General
BIMI: A Visual Take on Email Authentication and Security Full Text
Abstract
There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to quickly identify important information within emails using branding guidelines and visual cues found in logos. In recent years, users are often unsure about the authenticity of emails, and this has become a major issue for businesses fighting spam. BIMI gives email users access to information about a brand's identity. A company has complete control and freedom over what logo to attach to authenticated emails. Overall, BIMI acts as an additional layer of security to the existing email authentication process. What is BIMI, and how does it strengthen the security of your emails? BIMI is a standaThe Hacker News
July 26, 2021 – Vulnerabilities
Apple fixes CVE-2021-30807 flaw, the 13th zero-day this year Full Text
Abstract
Apple released a security update that addresses CVE-2021-30807 flaw in macOS and iOS that may have been actively exploited to deliver malware Apple addressed a security flaw, tracked as CVE-2021-30807, in macOS and iOS that may have been actively...Security Affairs
July 26, 2021 – IOT
Podcast: IoT Piranhas Are Swarming Industrial Controls Full Text
Abstract
Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure.Threatpost
July 26, 2021 – Vulnerabilities
Apple fixes zero-day affecting iPhones and Macs, exploited in the wild Full Text
Abstract
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs.BleepingComputer
July 26, 2021 – Vulnerabilities
Security vulnerabilities in IDEMIA access control devices could allow attackers to ‘remotely open doors’ Full Text
Abstract
Vulnerabilities in biometric access control devices manufactured by IDEMIA could lead to remote code execution (RCE), denial of service, and arbitrary file read/write, researchers have warned.The Daily Swig
July 26, 2021 – Business
Kaseya denies paying hackers for decryption key after ransomware attack Full Text
Abstract
Software company Kaseya on Monday strongly denied paying to get access to a key to decrypt its systems following a massive ransomware attack on the company that impacted up to 1,500 organizations earlier this month.The Hill
July 26, 2021 – Vulnerabilities
How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability Full Text
Abstract
Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack. Attackers can exploit this vulnerability to obtain hashed passwords stored in the Security Account Manager (SAM) and Registry, and ultimately run arbitrary code with SYSTEM privileges. SeriousSAM vulnerability, tracked as CVE-2021-36934 , exists in the default configuration of Windows 10 and Windows 11, specifically due to a setting that allows 'read' permissions to the built-in user's group that contains all local users. As a result, built-in local users have access to read the SAM files and the Registry, where they can also view the hashes. Once the attacker has 'User' access, they can use a tool such as Mimikatz to gain access to the ReThe Hacker News
July 26, 2021 – General
No More Ransom helped ransomware victims to save almost €1B Full Text
Abstract
The No More Ransom initiative celebrates its fifth anniversary, over 6 million victims of ransomware attacks recover their files for free saving almost €1 billion in payments. No More Ransom is celebrating its 5th anniversary, the initiative allowed...Security Affairs
July 26, 2021 – General
The True Impact of Ransomware Attacks Full Text
Abstract
Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations.Threatpost
July 26, 2021 – Vulnerabilities
Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities Full Text
Abstract
Security researchers warn of new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet.BleepingComputer
July 26, 2021 – General
What We Learn from MITRE’s Most Dangerous Software Weaknesses List Full Text
Abstract
The MITRE Top 25 list is compiled from NIST’s NVD database and the CVSS scores for each CVE, with a formula applied to score each weakness based on prevalence and severity.Security Week
July 26, 2021 – Malware
Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems Full Text
Abstract
An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. "LemonDuck, an actively updated and robust malware that's primarily known for its botnet and cryptocurrency mining objectives, followed the same trajectory when it adopted more sophisticated behavior and escalated its operations," Microsoft said in a technical write-up published last week. "Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity." The malware is notorious for its ability to propagate rapidly across an infected network to facilitate information theft anThe Hacker News
July 26, 2021 – Malware
Hiding Malware inside a model of a neural network Full Text
Abstract
Researchers demonstrated how to hide malware inside an image classifier within a neural network in order to bypass the defense solutions. Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network...Security Affairs
July 26, 2021 – General
No More Ransom saves almost €1 billion in ransomware payments in 5 years Full Text
Abstract
The No More Ransom project celebrates its fifth anniversary today after helping over six million ransomware victims recover their files and saving them almost €1 billion in ransomware payments.BleepingComputer
July 26, 2021 – Attack
Microsoft Warns of Weeks-long Malspam Campaign Abusing HTML Smuggling to Bypass Email Security Systems Full Text
Abstract
As explained by SecureTeam and Outflank, HTML smuggling is a technique that allows threat actors to assemble malicious files on users’ devices by clever use of HTML5 and JavaScript code.The Record
July 26, 2021 – Vulnerabilities
Signal fixes bug that sent random images to wrong contacts Full Text
Abstract
Signal has fixed a serious bug in its Android app that, in some cases, sent random unintended pictures to contacts without an obvious explanation. Although the issue was reported in December 2020, given the difficulty of reproducing the bug, it isn't until this month that a fix was pushed out.BleepingComputer
July 26, 2021 – Business
Dahua, Hikvision out of security camera industry group Full Text
Abstract
Both Dahua and Hickvision, two of China’s largest security camera makers, are no longer members of the Security Industry Association (SIA), the largest trade organization for surveillance vendors.The Record
July 26, 2021 – Solution
GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies Full Text
Abstract
What GitLab sets out to achieve with the new open source tool -- named Package Hunter -- is the detection of malicious code that would execute within an application’s dependencies.Security Week
July 26, 2021 – Breach
Mobile County Commission notifies employees of data breach Full Text
Abstract
The information that may have been exposed includes names, dates of birth, and Social Security numbers, as well as the health insurance contract numbers and routing numbers for direct deposit.WKRG News 5
July 26, 2021 – Solution
Microsoft publishes mitigations for the PetitPotam attack Full Text
Abstract
Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes. Microsoft has released mitigations for the recently discovered PetitPotam NTLM attack...Security Affairs
July 26, 2021 – Attack
New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains Full Text
Abstract
A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The issue, dubbed " PetitPotam ," was discovered by security researcher Gilles Lionel, who shared technical details and proof-of-concept (PoC) code last week, noting that the flaw works by forcing "Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function." MS-EFSRPC is Microsoft's Encrypting File System Remote Protocol that's used to perform "maintenance and management operations on encrypted data that is stored remotely and accessed over a network." Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authenThe Hacker News
July 25, 2021 – Attack
WhatsApp chief: US allies’ national security officials targeted with NSO malware Full Text
Abstract
High-ranking government officials around the world were targeted by governments using spyware from NSO Group, according to WhatsApp head Will Cathcart.The Hill
July 25, 2021 – Criminals
Threat actor offers Clubhouse secret database containing 3.8B phone numbers Full Text
Abstract
A threat actor is offering for sale on hacking forums the secret database Clubhouse containing 3.8B phone numbers. Clubhouse is a social audio app for iOS and Android where users can communicate in voice chat rooms that accommodate groups of thousands...Security Affairs
July 25, 2021 – Cryptocurrency
Crooks target Kubernetes installs via Argo Workflows to deploy miners Full Text
Abstract
Threat actors target Kubernetes installs via Argo Workflows to cryptocurrency miners, security researchers from Intezer warn. Researchers from Intezer uncovered new attacks on Kubernetes (K8s) installs via misconfigured Argo Workflows aimed at deploying...Security Affairs
July 25, 2021 – Malware
XCSSET MacOS malware targets Telegram, Google Chrome data and more Full Text
Abstract
XCSSET macOS malware continues to evolve, now it is able to steal login information from multiple apps, including Telegram and Google Chrome. Security researchers from Trend Micro continues to monitor the evolution of the XCSSET macOS malware, new variants...Security Affairs
July 25, 2021 – General
Security Affairs newsletter Round 324 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. HelloKitty...Security Affairs
July 24, 2021 – Solution
Microsoft shares mitigations for new PetitPotam NTLM relay attack Full Text
Abstract
Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers.BleepingComputer
July 24, 2021 – Attack
Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics Full Text
Abstract
Japanese researchers spotted an Olympics-themed wiper targeting Japanese users ahead of the 2021 Tokyo Olympics. Tokyo Olympics could be a great opportunity for cybercriminals and malware authors, the US FBI warned private US companies of cyberattacks...Security Affairs
July 24, 2021 – Attack
Obtaining password hashes of Windows systems with PetitPotam attack Full Text
Abstract
A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. Security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in the Windows...Security Affairs
July 24, 2021 – Criminals
AvosLocker enters the ransomware scene, asks for partners Full Text
Abstract
Avos is a relatively new ransomware, that was observed in late June and early July. Its authors announced recruitment for “pentesters with Active Directory network experience" and “access brokers."Malwarebytes Labs
July 24, 2021 – Outage
S.Africa’s Transnet says it has identified and isolated source of IT disruption Full Text
Abstract
South Africa’s state-owned firm Transnet said that it had identified and isolated the source of disruption to its IT systems that impacted its container terminals. As per Reuters, the freight logistics firm was hit by a suspected cyberattack.Reuters
July 24, 2021 – Government
Congress Focuses on Industrial Control System Security Full Text
Abstract
A bipartisan group of senators is pushing a bill that would require the CISA to identify and respond to vulnerabilities and threats that target industrial control systems. The House has already passed a similar measure.Gov Info Security
July 23, 2021 – Attack
New PetitPotam attack allows take over of Windows domains Full Text
Abstract
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain.BleepingComputer
July 23, 2021 – General
Hillicon Valley: Amazon employees petition company to investigate discrimination allegations | ACLU calls for investigation into Alaska official over tweets | Electric cars to outsell combustion vehicles by 2036 Full Text
Abstract
Amazon employees are pushing for the tech giant to investigate allegations of discrimination, with hundreds of employees taking a stand after multiple lawsuits and company leadership seeming to agree to look into their concerns.The Hill
July 23, 2021 – Botnet
Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet. Full Text
Abstract
Estonian hacker Pavel Tsurkan has pleaded guilty in a United States court to the counts of computer fraud and of creating and operating a proxy botnet. The Estonian national Pavel Tsurkan has pleaded guilty in a United States court to two counts of computer...Security Affairs
July 23, 2021 – General
Discord CDN and API Abuses Drive Wave of Malware Detections Full Text
Abstract
Targets of Discord malware expand far beyond gamers.Threatpost
July 23, 2021 – Malware
Fake Windows 11 installers now used to infect you with malware Full Text
Abstract
Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools.BleepingComputer
July 23, 2021 – General
5 Steps to Improving Ransomware Resiliency Full Text
Abstract
Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today.Threatpost
July 23, 2021 – Malware
MacOS malware steals Telegram accounts, Google Chrome data Full Text
Abstract
Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts.BleepingComputer
July 23, 2021 – Ransomware
The Week in Ransomware - July 23rd 2021 - Kaseya decrypted Full Text
Abstract
This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key.BleepingComputer
July 23, 2021 – Attack
Cyber attackers will have weaponised tech environments to harm or kill humans by 2025: Report Full Text
Abstract
In a new release from Gartner, researchers have estimated that cyberattackers will have weaponised operational technology (OT) environments to successfully harm or kill humans by the year 2025.The Times Of India
July 23, 2021 – Vulnerabilities
Apple fixes bug that breaks iPhone WiFi when joining rogue hotspots Full Text
Abstract
Apple has rolled out iOS 14.7 earlier this week with security updates to address dozens of iOS and macOS vulnerabilities, including a severe iOS bug dubbed WiFiDemon that could lead to denial of service or arbitrary code execution.BleepingComputer
July 23, 2021 – General
Financial services accounting for nearly 40% of all phishing URLs Full Text
Abstract
A Vade report revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June.Help Net Security
July 23, 2021 – Cryptocurrency
Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows Full Text
Abstract
Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes (K8s) clusters.BleepingComputer
July 23, 2021 – Vulnerabilities
Dozens of web apps vulnerable to DNS cache poisoning via ‘forgot password’ feature Full Text
Abstract
In a study of 146 web applications, Timo Longin, security researcher at SEC Consult, found misconfigurations that malicious actors could exploit to redirect password reset emails to their own servers.The Daily Swig
July 23, 2021 – General
More than half of all Aussies continue to encounter forms of cyber scams in 2021 Full Text
Abstract
Of those Australians who encountered a scam in 2021, 9% lost money as a result, a three percentage point increase on 2018, and slightly higher than the global average of 7%.ZDNet
July 23, 2021 – General
Twitter reveals surprisingly low two-factor auth (2FA) adoption rate Full Text
Abstract
Twitter has revealed in its latest transparency report that only 2.3% of all active accounts have enabled at least one method of two-factor authentication (2FA) between July and December 2020.BleepingComputer
July 23, 2021 – Breach
CRM Database of Guntrader Website Gets Breached and Leaks Information of 110,000 Users Full Text
Abstract
Cybercriminals hacked into a website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK.The Register
July 23, 2021 – Malware
Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software Full Text
Abstract
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual means of distribution that involved injecting a malicious payload into Xcode IDE projects that's executed at the time of building project files in Xcode. The malware comes with numerous capabilities, such as reading and dumping Safari cookies, injecting malicious JavaScript code into various websites, stealing information from applications, such as Notes, WeChat, Skype, Telegram, and encrypting user files. Earlier this April, XCSSET received an upgrade that enabled the malware authors to target macOS 11 Big Sur as well as Macs running on M1 chipset by circumventing new secuThe Hacker News
July 23, 2021 – Breach
Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach Full Text
Abstract
WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. Original post at https://www.wizcase.com/blog/us-municipality-breach-report/ ...Security Affairs
July 23, 2021 – Privacy
User data privacy decisions can be easily manipulated Full Text
Abstract
Research from Copenhagen Business School finds designers of cookie banners can affect privacy choices by manipulating choice architecture and with simple changes can increase absolute consent by 17%.Help Net Security
July 23, 2021 – Vulnerabilities
Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code Full Text
Abstract
After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs , and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no surprise: APIs seamlessly connect disparate apps and devices, bringing business synergies and efficiencies never witnessed before. However, APIs have vulnerabilities just like any other component of the software. Adding to that, if they aren't rigorously tested from a security standpoint, they can also introduce a whole new array of attack surfaces and expose you to unprecedented risks. If you wait until production to discover API vulnerabilities, you can incur substantial delays. APIs are attractive to attackers, not just businesses Keep in mind that APIs do more than simply connectThe Hacker News
July 23, 2021 – General
What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It? Full Text
Abstract
How businesses can benefit from the adoption of an identity and access management solution. Businesses that use outdated manual processes to grant and control access to their IT resources are getting left behind. This article describes what an identity...Security Affairs
July 23, 2021 – Attack
Significant Historical Cyber-Intrusion Campaigns Targeting ICS Full Text
Abstract
To raise awareness of the risks and improve the protection of critical infrastructure, CISA and the FBI have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories.US CERT
July 23, 2021 – Criminals
Dutch Police Arrest Two Hackers Tied to “Fraud Family” Cybercrime Ring Full Text
Abstract
Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation. The apprehended suspects, a 24-year-old software engineer and a 15-year-old boy, are said to have been the main developer and seller of the phishing frameworks that were employed to collect login data from bank customers. The attacks primarily singled out users in the Netherlands and Belgium. Believed to be active since at least 2020, the cybercriminal syndicate has been codenamed " Fraud Family " by cybersecurity firm Group-IB. The frameworks come with phishing kits, tools designed to steal information, and web panels, which allow the fraudsters to interact with the actual phishing site in real time and retrieve the stolen user data. "The phishing frameworks aThe Hacker News
July 23, 2021 – Attack
Kaseya obtained a universal decryptor for REvil ransomware attack Full Text
Abstract
The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware. Earlier this month, a massive supply chain attack conducted by the REvil ransomware gang hit the cloud-based managed service provider platform...Security Affairs
July 23, 2021 – Malware
Researchers Successfully Hide Malware Inside an AI Neural Network Full Text
Abstract
According to the study by Chinese researchers, malware can be embedded directly into the artificial neurons that make up machine learning models in a way that keeps them from being detected.Vice
July 23, 2021 – General
Threat Report Portugal: Q2 2021 Full Text
Abstract
The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2, of 2021 The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators...Security Affairs
July 23, 2021 – Business
Bug Bounty and VDP Platform YesWeHack Raises $18.8 Million Full Text
Abstract
The Series B funding round included investments from Banque des Territoires and Eiffel Investment Group, as well as existing investors Normandie Participations and CNP Assurances.Security Week
July 23, 2021 – Outage
Akamai software update triggered a bug that took offline major sites Full Text
Abstract
Multiple major websites, including Steam, AWS, Amazon, Google, and Salesforce, went offline due to Akamai DNS global outage. A software configuration update triggered a bug in the Akamai DNS which took offline major websites, including Steam, the PlayStation...Security Affairs
July 23, 2021 – Vulnerabilities
Popular Wi‑Fi routers still using default passwords making them susceptible to attacks Full Text
Abstract
A recent study by technology website Comparitech revealed one in 16 home Wi-Fi routers is still using the manufacturer’s default admin password and leaving the door open to cybercriminals.ESET Security
July 23, 2021 – Business
Cybereason acquires empow to enhance its XDR features Full Text
Abstract
Cybereason announced the acquisition of empow, a security analytics company based in Tel Aviv. The acquisition of empow will enable the integration of empow prediction technology into Cybereason XDR.Help Net Security
July 23, 2021 – Breach
Saudi Aramco Hit With $50 Million Cyber Extortion Demand over Stolen Data Full Text
Abstract
Saudi Aramco acknowledged that leaked data from the company being used in a cyber-extortion attempt involving a USD 50 million ransom demand likely came from one of its contractors.The Times Of India
July 23, 2021 – Business
Sysdig acquires Apolicy to help customers secure Infrastructure As Code and automate remediation Full Text
Abstract
The deal, the terms of which kept secret, will bolster Sysdig’s capabilities by strengthening cloud and container security with compliance and governance enforcement, Sysdig CEO Suresh Vasudevan said.Help Net Security
July 22, 2021 – General
Hillicon Valley: Democrats introduce bill to hold platforms accountable for misinformation during health crises | Website outages hit Olympics, Amazon and major banks Full Text
Abstract
Two Democratic senators introduced a new Section 230 reform bill Thursday that aims to hold tech companies accountable for spreading health misinformation, building off Democrats’ push to weed out false claims about COVID-19 vaccines as the Biden administration struggles to meet its goal of having 70 percent of Americans vaccinated.The Hill
July 22, 2021 – Phishing
Phish Swims Past Email Security With Milanote Pages Full Text
Abstract
The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease.Threatpost
July 22, 2021 – Business
Kaseya obtains universal decryptor for REvil ransomware victims Full Text
Abstract
Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free.BleepingComputer
July 22, 2021 – Government
Senators introduce bipartisan bill to secure critical groups against hackers Full Text
Abstract
The bipartisan leaders of two Senate committees on Thursday introduced legislation to shore up the cybersecurity of critical infrastructure after months of crippling cyberattacks.The Hill
July 22, 2021 – Outage
Akamai DNS global outage takes down major websites, online services Full Text
Abstract
Akamai is investigating an ongoing outage affecting many major websites and online services including Steam, the PlayStation Network, Newegg, AWS, Amazon, Google, and Salesforce.BleepingComputer
July 22, 2021 – Ransomware
Kaseya obtains key to decrypt systems weeks after ransomware attack Full Text
Abstract
Software company Kaseya on Thursday obtained a key to decrypt its systems and that of customers, which were locked down by a ransomware attack earlier this month.The Hill
July 22, 2021 – Criminals
Ransomware gang breached CNA’s network via fake browser update Full Text
Abstract
Leading US insurance company CNA Financial has provided a glimpse into how Phoenix CryptoLocker operators breached its network, stole data, and deployed ransomware payloads in a ransomware attack that hit its network in March 2021.BleepingComputer
July 22, 2021 – General
Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims Full Text
Abstract
Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack , the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the incident," the company said in a statement. "Kaseya obtained the tool from a third-party and have teams actively helping customers affected by the ransomware to restore their environments, with no reports of any problem or issues associated with the decryptor." It's not immediately unclear if Kaseya paid any ransom. It's worth noting that REvil affiliates had demanded a ransom of $70 million — an amount that was subsequently lowered to $50 million — but soon after, the ransomware gang mysteriously went off the grid , shutting down their payment sites and data leak portalThe Hacker News
July 22, 2021 – Vulnerabilities
Oracle fixes critical RCE vulnerabilities in Weblogic Server Full Text
Abstract
Oracle released its Critical Patch Update for July 2021, it fixes hundreds of flaws, including Critical Remotely Exploitable vulnerabilities in Weblogic Server. Oracle this week released its quarterly Critical Patch Update for July 2021 that contains...Security Affairs
July 22, 2021 – Criminals
FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics Full Text
Abstract
Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn.Threatpost
July 22, 2021 – Criminals
Group-IB helps Dutch police identify members of phishing developer gang Fraud Family Full Text
Abstract
Researchers from threat intelligence firm Group-IB helps Dutch police identify members of phishing developer gang known as Fraud Family. Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying...Security Affairs
July 22, 2021 – Vulnerabilities
Industrial Networks Exposed Through Cloud-Based Operational Tech Full Text
Abstract
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.Threatpost
July 22, 2021 – Vulnerabilities
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day Full Text
Abstract
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.Threatpost
July 22, 2021 – Vulnerabilities
MITRE updates list of top 25 most dangerous software bugs Full Text
Abstract
MITRE has shared this year's top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years.BleepingComputer
July 22, 2021 – Breach
TicketClub Italy Database of Over 340,000 Users Offered for Sale on Dark Web Forum Full Text
Abstract
The threat actor with the alias “bl4ckt0r” published the TicketClub Italy database with over 340,957 users for sale and released several meaningful data dumps which may confirm the breach.Security Affairs
July 22, 2021 – APT
APT Hackers Distributed Android Trojan via Syrian e-Government Portal Full Text
Abstract
An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu Dong, Fyodor Yarochkin, and Steven Du said in a technical write-up published Wednesday. StrongPity , also codenamed Promethium by Microsoft, is believed to have been active since 2012 and has typically focused on targets across Turkey and Syria. In June 2020, the espionage threat actor was connected to a wave of activities that banked on watering hole attacks and tampered installers, which abuse the popularity of legitimate applications, to infect targets with malware. "Promethium has been resilient over the years," Cisco Talos disclosed last year. "Its campaiThe Hacker News
July 22, 2021 – Government
CISA analyzed stealthy malware found on compromised Pulse Secure devices Full Text
Abstract
U.S. CISA released an alert today about several stealth malware samples that were found on compromised Pulse Secure devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security alert related to the discovery of 13 malware...Security Affairs
July 22, 2021 – Vulnerabilities
Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug Full Text
Abstract
A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems.Threatpost
July 22, 2021 – Vulnerabilities
Atlassian asks customers to patch critical Jira vulnerability Full Text
Abstract
Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI.BleepingComputer
July 22, 2021 – IOT
Rise in IoT Malware Attacks Raises Security Concerns Full Text
Abstract
Zscaler analyzed 575 million device transactions, along with 300,000 IoT-specific malware attack attempts. This revealed that IoT malware has witnessed a rise of 700% as compared to pre-pandemic numbers.Cyware Alerts - Hacker News
July 22, 2021 – General
Reduce End-User Password Change Frustrations Full Text
Abstract
Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges. This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions. One of the most common areas where security may cause challenges for end-users is password policies and password changes. What are these issues? How can organizations reduce end-user password change frustration? First, let's consider the standard password policy, its role, and general settings affecting end-users. What are password policies? Most organizations today have a password policy in place. So, what is a password policy? Password policies define the types and content of passwords allowed or required of end-users in an identity and access management system. Various aspects of the password that businesses control may include the password's requiredThe Hacker News
July 22, 2021 – Malware
Joker Malware Continues to Go Strong Against Android Users Full Text
Abstract
Zscaler’s ThreatLabZ research team recently observed a new Joker malware variant that was distributed via 11 different apps on Google Play Store.Cyware Alerts - Hacker News
July 22, 2021 – Vulnerabilities
Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws Full Text
Abstract
Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729 , a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication. It's worth noting that the weakness was originally addressed as part of an out-of-band security update in June 2019. Oracle WebLogic Server is an application server that functions as a platform for developing, deploying, and running enterprise Java-based applications. The flaw, which is rated 9.8 out of a maximum of 10 on the CVSS severity scale, affects WebLogic Server versions 11.1.2.4 and 11.2.5.0 and exists within the Oracle Hyperion Infrastructure Technology. Also fixed in WebLogic Server are six other flaws, three of which have been assigned a CVSS score of 9.8 outThe Hacker News
July 22, 2021 – Breach
Japanese Government Says Limited Number of Users Affected by Olympic Ticket Data Leak Full Text
Abstract
The news came one day after the FBI released a private industry alert urging organizations working with the Tokyo 2020 Summer Olympics to prepare for a wave of cyberattacks.ZDNet
July 22, 2021 – Breach
Sensitive medical data of cancer patients at Jefferson Health potentially breached following third-party hack Full Text
Abstract
For some patients, a Social Security number was also included, the healthcare provider said in a statement. Financial account, insurance, and payment card information was not involved, it added.The Daily Swig
July 22, 2021 – Breach
Medical Data of Over 6000 Humana Customers Leaked Online by Cybercriminals Full Text
Abstract
The leaked information includes patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data, and more. The data dates back to 2019.Security Affairs
July 22, 2021 – Vulnerabilities
cURL developers take a second shot at fixing information disclosure flaw Full Text
Abstract
The attempted resolution of the flaw (CVE-2021-22898) failed to address an almost identical bug in the software which also presented an information disclosure or potential data leak vulnerability.The Daily Swig
July 22, 2021 – Vulnerabilities
Ongoing Campaign Leveraging Exchange Vulnerability Potentially Linked to Iran Full Text
Abstract
Analysis by Secureworks CTU researchers suggests that an Iranian threat group, possibly Oilrig, was responsible for the activity that started with the compromise of the Exchange Servers.Secure Works
July 22, 2021 – Criminals
Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam Full Text
Abstract
A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor , 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish National Police made the arrest pursuant to a U.S. warrant. Besides his role in the Twitter hack, O'Connor is also charged with computer intrusions related to takeovers of TikTok and Snapchat user accounts and cyberstalking an unnamed juvenile victim. The great Twitter hack of July 15, 2020, emerged as one of the biggest security lapses in the social media platform's history after O'Connor, along with Mason Sheppard, Nima Fazeli, and Graham Ivan Clark , managed to gain access to Twitter's internal tools, abusing it to breach the accounts of politicians, celebritieThe Hacker News
July 22, 2021 – Breach
TicketClub Italy Database Offered in Dark Web Full Text
Abstract
A database belonging to TicketClub Italy, a company providing coupons platform for offline purchases, is available for sale on darkweb hacking forums. TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases....Security Affairs
July 22, 2021 – Breach
Thousands of Humana customers have their medical data leaked online by threat actors Full Text
Abstract
Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular...Security Affairs
July 21, 2021 – General
Hillicon Valley: Senators introduce bill to require some cyber incident reporting | UK citizen arrested in connection to 2020 Twitter hack | Officials warn of cyber vulnerabilities in water systems Full Text
Abstract
A much-anticipated bipartisan measure to respond to recent major cyberattacks on both the federal government and the private sector was rolled out by Senate Intelligence Committee leaders on Wednesday. The bill would increase the government’s visibility into cyberattacks by requiring some key companies to report breaches.The Hill
July 21, 2021 – Government
House committee approves slate of bills to improve telecom security Full Text
Abstract
The House Energy and Commerce Committee on Wednesday approved multiple pieces of legislation meant to strengthen telecommunications against cyberattacks.The Hill
July 21, 2021 – Criminals
TikTok, Snapchat account hijacker arrested for role in Twitter hack Full Text
Abstract
A fourth suspect has been arrested today for his role in the Twitter hack last year that gave attackers access to the company's internal network exposing high-profile accounts to hijacking.BleepingComputer
July 21, 2021 – Government
Officials warn of cybersecurity vulnerabilities in water systems Full Text
Abstract
Lawmakers and experts on Wednesday warned of gaping cybersecurity vulnerabilities in the nation’s critical water sector amid escalating attacks against a number of U.S. organizations.The Hill
July 21, 2021 – Government
CISA warns of stealthy malware found on hacked Pulse Secure devices Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products.BleepingComputer
July 21, 2021 – Malware
CISA warns of hacked Pulse Secure devices loaded with malware in disguise Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products.BleepingComputer
July 21, 2021 – Criminals
REvil’s Gone But its Technique is Relevant Full Text
Abstract
McAfee Labs described the use of DLL sideloading in REvil’s attacks after the group made a sudden exit that surprised everyone. Generally, this technique is used by APT groups to avoid raising any flags on security radars.Cyware Alerts - Hacker News
July 21, 2021 – Ransomware
Experts Confirm Diavol Ransomware Steals Data Full Text
Abstract
Security analysts provide proof of Diavol ransomware stealing data from infected systems as opposed to previous claims by the FortiGuard Labs’s researchers. The Diavol group is resilient and evasive in nature. Security professionals need to erect a robust security infra to avoid any unpleasant ... Read MoreCyware Alerts - Hacker News
July 21, 2021 – Hacker
TA2721: A New Threat Group Spreading Bandook Malware Full Text
Abstract
Proofpoint discovered a new threat group, TA2721, targeting global organizations across finance, entertainment, and other industries via malspam emails written in Spanish. A highly-targeted campaign by TA2721 suggests that the group has a clear goal and prepares well before launching attacks. Secur ... Read MoreCyware Alerts - Hacker News
July 21, 2021 – Phishing
Current State of Consent Phishing Emails Full Text
Abstract
Microsoft threat researchers are tracking an increased rise in consent phishing attacks that exploit OAuth request links. The threat actors are attempting to lure targets into providing permission to attacker-owned apps and eventually, sensitive information.Cyware Alerts - Hacker News
July 21, 2021 – APT
France ANSSI agency warns of APT31 campaign against French organizations Full Text
Abstract
French cyber-security agency ANSSI warned of an ongoing cyberespionage campaign aimed at French organizations carried out by China-linked APT31 group. The French national cyber-security agency ANSSI warned of ongoing attacks against a large number...Security Affairs
July 21, 2021 – Malware
NPM Package Steals Passwords via Chrome’s Account-Recovery Tool Full Text
Abstract
In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems.Threatpost
July 21, 2021 – Vulnerabilities
Microsoft shares workaround for Windows 10 SeriousSAM vulnerability Full Text
Abstract
Microsoft has shared a workaround for a Windows 10 zero-day vulnerability dubbed SeriousSAM that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.BleepingComputer
July 21, 2021 – General
Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say Full Text
Abstract
Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change.Threatpost
July 21, 2021 – Business
DNSFilter secures $30M Series A to step up fight against DNS-based threats Full Text
Abstract
DNSFilter, an artificial intelligence startup that provides DNS-based web content filtering and threat protection, has secured $30 million in Series A funding from Insight Partners.TechCrunch
July 21, 2021 – APT
StrongPity APT Group Deploys Android Malware for the First Time Full Text
Abstract
Trend Micro conducted an investigation into a malicious Android malware sample, which is believed to be linked to the StrongPity APT group, that was posted on the Syrian e-Gov website.Trend Micro
July 21, 2021 – Government
The White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is It Enough? Full Text
Abstract
The Biden administration should be applauded for building a broad coalition of allies to condemn China's dangerous cyber activity. Now, the White House should do what it has done to other U.S. adversaries and impose real costs on Beijing.Lawfare
July 21, 2021 – Botnet
Why Current Botnet Takedown Jurisprudence Should Not Be Replicated Full Text
Abstract
Restraining orders and other equitable mechanisms of relief were never designed to address such a unique challenge as global cybercrime.Lawfare
July 21, 2021 – Attack
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows Full Text
Abstract
Misconfigured permissions for Argo’s web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.Threatpost
July 21, 2021 – Vulnerabilities
Microsoft shares workarounds for SeriousSAM Windows 10 zero-day bug Full Text
Abstract
Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.BleepingComputer
July 21, 2021 – Vulnerabilities
Adobe Patches 21 Vulnerabilities Across Seven Products Full Text
Abstract
Seven vulnerabilities have been addressed in Adobe After Effects for Windows and macOS. Five of them can allow arbitrary code execution and they have been rated critical.Security Week
July 21, 2021 – Privacy
XLoader, a $49 spyware that could target both Windows and macOS devices Full Text
Abstract
Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. FormBook...Security Affairs
July 21, 2021 – APT
France warns of APT31 cyberspies targeting French organizations Full Text
Abstract
The French national cyber-security agency today warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APP31 cyberespionage group.BleepingComputer
July 21, 2021 – Hacker
Chinese state hackers breached over a dozen US pipeline operators Full Text
Abstract
Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees.BleepingComputer
July 21, 2021 – Vulnerabilities
Linux Systemd Security Hole Can Enable Unprivileged Users to Cause Denial of Service Full Text
Abstract
Successful exploitation of this newest vulnerability enables any unprivileged user to cause a denial of service via a kernel panic. Systemd is used in almost all modern Linux distributions.ZDNet
July 21, 2021 – Government
French Launch NSO Probe After Macron Believed Spyware Target Full Text
Abstract
Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware.Threatpost
July 21, 2021 – Malware
Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers Full Text
Abstract
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named " nodejs_net_server " and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent locations hosted on GitHub. "It isn't malicious by itself, but it can be when put into the malicious use context," ReversingLabs researcher Karlo Zanki said in an analysis shared with The Hacker News. "For instance, this package uses it to perform malicious password stealing and credential exfiltration. Even though this off-the-shelf password recovery tool comes with a graphical user interface, malware authors like to use it as it can also be run from the command line." While the first version of the package was published just to test the process ofThe Hacker News
July 21, 2021 – Business
Safe Security raises $33M to manage and mitigate cyber risk Full Text
Abstract
Safe Security, which provides a platform to measure cyber risk, today announced that it raised $33 million in a strategic investment from BT Group, the U.K.-based telecom provider.Venture Beat
July 21, 2021 – Malware
NPM package steals Chrome passwords on Windows via recovery tool Full Text
Abstract
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access.BleepingComputer
July 21, 2021 – Breach
Sensitive Information From Over 80 US Municipalities Left Vulnerable in Massive Data Breach at PeopleGIS Full Text
Abstract
WizCase’s team of ethical hackers, led by Ata Hakç?l, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities.WizCase
July 21, 2021 – Attack
Kaseya ransomware attack highlights cyber vulnerabilities of small businesses Full Text
Abstract
The recent ransomware attack on software group Kaseya hit small businesses especially hard, targeting companies that often have few resources to defend themselves and highlighting long-standing vulnerabilities.The Hill
July 21, 2021 – General
Tracking Malware and Ransomware Domains in 2021 Full Text
Abstract
Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic and how it correlates to ransomware attacks in the news.Threatpost
July 21, 2021 – Government
Biden official: ‘We don’t know exactly why’ ransomware gang vanished from the web Full Text
Abstract
The Biden administration does not know exactly why the ransomware gang REvil, thought to be based in Russia, has vanished from the dark web, a senior official said Tuesday.Politico
July 21, 2021 – Malware
Joker Billing Fraud Malware Apps with 30,000 Downloads Found in Google Play Store Full Text
Abstract
The Joker malware family is a well-known variant that focuses on compromising Android devices. It's designed to spy on its victims, steal information, harvest contact lists, and monitor SMS messaging.ZDNet
July 21, 2021 – Government
Senators introduce bill requiring some critical groups to report cybersecurity incidents Full Text
Abstract
Leaders of the Senate Intelligence Committee and other bipartisan lawmakers on Wednesday formally introduced legislation requiring federal contractors and critical infrastructure groups to report attempted breaches in the wake of months of escalating cyberattacks.The Hill
July 21, 2021 – Solution
Google Chrome now comes with up to 50x faster phishing detection Full Text
Abstract
Google Chrome now comes with up to 50 times faster phishing detection starting with the latest released version 92, promoted to the stable channel on Tuesday.BleepingComputer
July 21, 2021 – Government
Cybersecurity: DHS escalates mandates for key US pipelines in wake of ransomware attack Full Text
Abstract
The Department of Homeland Security mandated additional cybersecurity measures this week for critical US pipelines, a move meant to protect against ransomware and other known threats.CNN Money
July 21, 2021 – Government
U.S. Reveals China Breached Dozens of Pipeline Companies in Past Decade Full Text
Abstract
Overall, the U.S. government agencies identified and tracked 23 U.S. natural gas pipeline operators targeted from 2011 to 2013 in this spearphishing and intrusion campaign.US CERT
July 21, 2021 – Vulnerabilities
Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks Full Text
Abstract
A high-severity vulnerability affecting Rockwell Automation’s MicroLogix 1100 programmable logic controllers (PLCs) can be exploited to cause a device to enter a persistent fault condition.Security Week
July 21, 2021 – Solution
capa 2.0: Better, Faster, Stronger Full Text
Abstract
The open-source tool called capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering.FireEye
July 21, 2021 – Vulnerabilities
Researchers Found Flaws in Telegram’s Cryptographic Protocol Full Text
Abstract
These flaws could have enabled attackers to alter the sequences of the messages sent, identify encrypted messages of a client or a server, recover some plaintext from encrypted messages, and wage man-in-the-middle attacks.Info Risk Today
July 21, 2021 – Malware
XLoader malware steals logins from macOS and Windows systems Full Text
Abstract
A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems.BleepingComputer
July 21, 2021 – General
Google, Bloomberg and Facebook pledge support for second year of Security Training Scholarship Program for women Full Text
Abstract
The program, run by Women in Cybersecurity (WiCys) and the SANS Institute, is designed to help women advance their careers in cybersecurity by learning fundamental cybersecurity concepts and skills.ZDNet
July 21, 2021 – Malware
XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems Full Text
Abstract
Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system. The malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download and execute files from attacker-controlled domains. "For as low as $49 on the Darknet, hackers can buy licenses for the new malware, enabling capabilities to harvest log-in credentials, collect screenshots, log keystrokes, and execute malicious files," cybersecurity firm Check Point said in a report shared with The Hacker News. Distributed via spoofed emails containing malicious Microsoft Office documents, XLoader is estimated to infected victims spanning across 69 countries between December 1, 2020, and June 1, 2021, with 53% of the infections reported in theThe Hacker News
July 21, 2021 – Malware
Shlayer Malware: Continued Use of Flash Updates Full Text
Abstract
Recent Shlayer malvertising campaigns have gone back to using fake Flash updates and social engineering tactics to trick victims into manually installing the malware and compromising their systems.Crowdstrike
July 21, 2021 – Vulnerabilities
Several New Critical Flaws Affect CODESYS Industrial Automation Software Full Text
Abstract
Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely control a company's cloud OT implementation, and threaten any industrial process managed from the cloud," the New York-headquartered industrial security company Claroty said in a report shared with The Hacker News, adding they "can be used to target a cloud-based management console from a compromised field device, or take over a company's cloud and attack PLCs and other devices to disrupt operations." CODESYS is a development environment for programming controller applications, enabling easy configuration of PLCs in industrial control systems. WAGO PFC100/200 isThe Hacker News
July 21, 2021 – Vulnerabilities
MacOS Being Picked Apart by $49 XLoader Data Stealer Full Text
Abstract
Cheap, easy & prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes.Threatpost
July 21, 2021 – General
[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams Full Text
Abstract
Today's cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can't prevent these attacks from happening, what can lean security teams look forward to? Surprisingly, leaner teams have a much greater chance than they think. It might seem counterintuitive, but recent history has shown that large numbers and huge budgets aren't the difference-makers they once were. Indeed, having the right strategy in place is a clear indicator of an organization's success today. A new guide by XDR provider Cynet ( download it here ) looks to dispel the myth that bigger is always better and shows a smarter way forward for lean IT security teams. The new guide focuses on helping lean IT security teams plan strategies that can protect their organizations while reducing the level of stress they face. Due to the rise of cybThe Hacker News
July 21, 2021 – Government
Can the US Curb China’s Cyber Ambitions? Full Text
Abstract
Many security experts and analysts are applauding the U.S. for calling out China's cyber behavior, especially after the White House had focused so much attention on Russia's cyber activities.Gov Info Security
July 21, 2021 – Attack
Rail ticket machines in northern England hit by ransomware attack Full Text
Abstract
Ticket machines operated by the British government-run Northern Trains have been put out of action by a suspected cyber-attack intended to extort money, the company said on Monday.Reuters
July 21, 2021 – Vulnerabilities
Microsoft shares workarounds for new Windows 10 zero-day bug Full Text
Abstract
Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.BleepingComputer
July 21, 2021 – Government
French President Emmanuel Macron among 14 heads of states on potential spyware list Full Text
Abstract
French President Emmanuel Macron leads a list of 14 current or former heads of state who may have been targeted for hacking by clients of the notorious Israeli spyware firm NSO Group.AP News
July 21, 2021 – Vulnerabilities
Microsoft shares permissions fix for new Windows 10 zero-day Full Text
Abstract
Microsoft has shared a temporary fix for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.BleepingComputer
July 21, 2021 – Phishing
Beware, crypto-scammer seeks foreigner with blockchain account Full Text
Abstract
Researchers at Malwarebytes observed a 419-style scam (also known as an advance fee scam) which claims to deliver on the promise of cryptocurrency riches over a WhatsApp conversation.Malwarebytes Labs
July 21, 2021 – Policy and Law
Kelihos botmaster Peter Levashov gets time served Full Text
Abstract
A US federal judge sentenced Russian hacker Peter Levashov to 33 months, time served, and three years of supervised release for his role in operating the Kelihos botnet. The creator of the Kelihos Botnet, Peter Yuryevich Levashov (40), was sentenced...Security Affairs
July 21, 2021 – Vulnerabilities
LPE flaw in Linux kernel allows attackers to get root privileges on most distros Full Text
Abstract
Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia,...Security Affairs
July 20, 2021 – General
Hillicon Valley: Biden to appoint Big Tech critic to DOJ antitrust role | House passes host of bills to strengthen cybersecurity in wake of attacks | Bezos returns from flight to space Full Text
Abstract
President BidenJoe BidenAides who clashed with Giuliani intentionally gave him wrong time for Trump debate prep: book Biden says Eid al-Adha carries 'special meaning' amid pandemic Manchin to back nominee for public lands chief MORE on Tuesday declared his intent to nominate an individual to lead the Department of Justice’s antitrust division that has the backing of organizations looking to crackdown on anticompetitive behavior among Big Tech companies. Meanwhile, cybersecurity continues to be a hot topic in the nation’s capital, with the House approving a raft of bills Tuesday intended to shore up critical infrastructure against attacks, and the Transportation Security Administration putting out a new directive to protect pipelines from hackers. Outside of the beltway, Amazon founder and former CEO Jeff BezosJeffrey (Jeff) Preston BezosBezos: Critics of billionaires' 'joyrides' to space 'largely right' Bezos 'really excited to figure out' how trip to space changes him Equilibrium/ Sustainability — The gentler side of Shark Week MORE blasted off to the edge of space, drawing criticism from some officials for how funding was obtained.The Hill
July 20, 2021 – Government
House passes host of bills to strengthen cybersecurity in wake of attacks Full Text
Abstract
The House on Tuesday approved five bipartisan measures designed to enhance various aspects of the nation’s cybersecurity following recent major cyberattacks.The Hill
July 20, 2021 – Privacy
DuckDuckGo’s new email privacy service forwards tracker-free messages Full Text
Abstract
DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting.BleepingComputer
July 20, 2021 – Vulnerabilities
Zero-Day Flaws Ubiquitous in Active Attack Campaigns Full Text
Abstract
Google discovered four zero-day vulnerabilities existing in popular web browsers such as Chrome, Safari, and Internet Explorer. State-sponsored threat groups were observed exploiting these flaws in separate campaigns. Today, nation-state cybercriminals appear more interested in finding and exploiti ... Read MoreCyware Alerts - Hacker News
July 20, 2021 – Breach
Federal agencies say dozens of pipeline companies breached by Chinese hackers in 2011 Full Text
Abstract
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) disclosed Tuesday that multiple U.S. natural gas and oil pipeline companies were successfully breached by Chinese hackers for two years beginning in 2011.The Hill
July 20, 2021 – Vulnerabilities
16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers Full Text
Abstract
Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of printers have been released worldwide to date with the vulnerable driver in question. However, there is no evidence that the flaw was abused in real-world attacks. "A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege," according to an advisory published in May. The issue was reported to HP by threat intelligence researchers from SentinelLabs on February 18, 2021, following which remedies have been published for the affected printers as of May 19, 2021. SpecificThe Hacker News
July 20, 2021 – Vulnerabilities
A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide Full Text
Abstract
Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. Researchers from SentinelOne discovered a 16-year-old security vulnerability in an HP, Xerox,...Security Affairs
July 20, 2021 – Privacy
Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability Full Text
Abstract
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others.Threatpost
July 20, 2021 – Vulnerabilities
New Linux kernel bug lets you get root on most modern distros Full Text
Abstract
Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices.BleepingComputer
July 20, 2021 – Criminals
These are the Top Favorite CVEs of Cybercriminals Full Text
Abstract
An analysis of criminal forums, where experts studied 15 cybercrime forums from January 2020 to March 2021, reveals attackers' top favorite CVEs. As per them, most of the discovered CVEs were exploited by nation-state hackers and cybercriminals. At the least, organizations must locate these flaws a ... Read MoreCyware Alerts - Hacker News
July 20, 2021 – Government
Peters launches bipartisan investigation into increasing ransomware attacks Full Text
Abstract
Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) on Tuesday announced the launch of a bipartisan investigation into the recent string of debilitating ransomware attacks against U.S. companies.The Hill
July 20, 2021 – Malware
This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection Full Text
Abstract
Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed " MosaicLoader " that singles out individuals searching for cracked software as part of a global campaign. "The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers said in a report shared with The Hacker News. "The malware arrives on target systems by posing as cracked installers. It downloads a malware sprayer that obtains a list of URLs from the C2 server and downloads the payloads from the received links." The malware has been so named because of its sophisticated internal structure that's orchestrated to prevent reverse-engineering and evade analysis. Attacks involving MosaicLoader rely on a well-established tactic for malware delivery called search engine optimization (SEO) poisoning, wherein cybercriminals purcThe Hacker News
July 20, 2021 – Vulnerabilities
A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root Full Text
Abstract
Fortinet fixes a serious bug in its FortiManager and FortiAnalyzer network management solutions that could be exploited to execute arbitrary code as root. Fortinet has released security updates to address a serious bug, tracked as CVE-2021-32589,...Security Affairs
July 20, 2021 – General
Why Your Business Needs a Long-Term Remote Security Strategy Full Text
Abstract
Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches.Threatpost
July 20, 2021 – Government
FBI: Threat actors may be targeting the 2020 Tokyo Summer Olympics Full Text
Abstract
The Federal Bureau of Investigation (FBI) warns of threat actors potentially targeting the upcoming Olympic Games, although evidence of attacks planned against the Olympic Games Tokyo 2020 is yet to be uncovered.BleepingComputer
July 20, 2021 – Vulnerabilities
16 Years In Hiding – Millions of Printers Worldwide Vulnerable by Newly Discovered Flaw Full Text
Abstract
SentinelLabs has discovered a high severity flaw in HP, Samsung, and Xerox printer drivers. Since 2005 HP, Samsung, and Xerox have released millions of printers worldwide with the vulnerable driver.Sentinel One
July 20, 2021 – General
TSA issues second security directive to secure pipelines against cyberattacks Full Text
Abstract
The Transportation Security Administration (TSA) on Tuesday issued a second security directive meant to strengthen critical pipelines against cyberattacks in the wake of the crippling ransomware attack on Colonial Pipeline earlier this year.The Hill
July 20, 2021 – Attack
Microsoft secured court order to take down domains used in BEC campaign Full Text
Abstract
Microsoft has seized 17 malicious homoglyph domains used by crooks in a business email compromise (BEC) campaign targeting its users. Microsoft's Digital Crimes Unit (DCU) has seized 17 domains that were used by scammers in a business...Security Affairs
July 20, 2021 – General
A New Security Paradigm: External Attack Surface Management Full Text
Abstract
Advanced EASM solutions are crucial to automating the discovery of the downstream third-party (or fourth-party, or fifth-party, etc.) IT infrastructures that your organization is exposed to, and may be vulnerable to attack, posing a critical risk for your organization.Threatpost
July 20, 2021 – Vulnerabilities
16-year-old bug in printer software gives hackers admin rights Full Text
Abstract
A 16-year-old security vulnerability found in HP, Xerox, and Samsung printers drivers allows attackers to gain admin rights on systems using the vulnerable driver software.BleepingComputer
July 20, 2021 – Privacy
13 Heads of State and Governments Including Emmanuel Macron, Imran Khan, and Cyril Ramaphosa Among Those Targeted with Pegasus Full Text
Abstract
As per The Guardian, the leaked database at the heart of the Pegasus project includes the mobile phone numbers of the French president, Emmanuel Macron, and 13 other heads of state and heads of government.The Guardian
July 20, 2021 – Vulnerabilities
Fortinet fixes bug letting unauthenticated hackers run code as root Full Text
Abstract
Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges.BleepingComputer
July 20, 2021 – General
How China Transformed Into a Prime Cyber Threat to the U.S. Full Text
Abstract
Recent attacks for which the U.S. accused China were highly aggressive, and they reveal that China has transformed into a far more sophisticated and mature cyber adversary than a decade ago.New York Times
July 20, 2021 – Government
Iranian Spies Caught by Facebook Full Text
Abstract
Facebook revealed that it tracked and partly disrupted a cyber espionage campaign launched by Iranian hackers, collectively known as Tortoiseshell or Imperial Kitten.Cyware Alerts - Hacker News
July 20, 2021 – Breach
Online gamer spills classified docs in effort to win online argument Full Text
Abstract
A user of the Hungary-based game developer Gaijin Entertainment's combat simulator War Thunder tried to win an online argument by sharing classified documents in the company's game forums.The Register
July 20, 2021 – General
Software Supply Chain Attacks and What is Being Done to Counter Them Full Text
Abstract
With the growing use of technology in business processes, security concerns keep piling up. The same goes for the security of supply chains, especially after the devastating SolarWinds attack.Cyware Alerts - Hacker News
July 20, 2021 – General
Fighting an emerging cybercrime trend involving imposter domains Full Text
Abstract
On July 16, Microsoft’s Digital Crimes Unit (DCU) again secured a court order to take down malicious infrastructure used by cybercriminals to target users of the Office 365 suite.Microsoft
July 20, 2021 – Breach
Lake County Health Department announces two data breaches impacting nearly 25,000 patients Full Text
Abstract
Jefferson McMillan-Wilhoit, the Chief Health Informatics and Technology Officer for the Lake County Health Department, said the first breach was discovered on July 22, 2019.Lake & Mchenry County Scanner
July 20, 2021 – Malware
New MosaicLoader malware targets software pirates via online ads Full Text
Abstract
An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates' systems.BleepingComputer
July 20, 2021 – Vulnerabilities
WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE Full Text
Abstract
A recently discovered iPhone Wi-Fi bug that could crash the WiFi connectivity could be exploited by attackers to achieve remote code execution. In June, the researcher Carl Schou discovered a new bug in iPhone that can permanently break users’...Security Affairs
July 19, 2021 – Phishing
Microsoft takes down domains used to scam Office 365 users Full Text
Abstract
Microsoft's Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company's customers.BleepingComputer
July 19, 2021 – General
Financial Services Targeted, Work from Home to be Blamed Full Text
Abstract
Reliance on a handful of third parties can lead to a single failure point with possible adverse outcomes for financial firms. Moreover, this concentration risk has reportedly increased during the pandemic era.Cyware Alerts - Hacker News
July 19, 2021 – Hacker
Chinese hackers blamed for breach of Norwegian parliament email accounts Full Text
Abstract
The Norwegian government on Monday formally attributed a breach of email accounts associated with the Norwegian parliament, or the Storting, earlier this year to Chinese hackers involved in the exploitation of vulnerabilities in Microsoft’s Exchange Server.The Hill
July 19, 2021 – Cryptocurrency
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania Full Text
Abstract
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed " Diicot brute ," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to facilitate the intrusions, Bitdefender researchers said in a report published last week. While the goal of the campaign is to deploy Monero mining malware by remotely compromising the devices via brute-force attacks, the researchers connected the gang to at least two DDoS botnets, including a Demonbot variant called chernobyl and a Perl IRC bot , with the XMRig mining payload hosted on a domain named mexalz[.]us since February 2021. The Romanian cybersecurity technology company said it began its investigation into the group's cyber activities in May 2021, leading to the suThe Hacker News
July 19, 2021 – Criminals
Justice Department Charges Four Chinese Nationals Working for Global Intrusion Campaign Full Text
Abstract
On July 16, the Department of Justice unsealed a grand jury indictmentLawfare
July 19, 2021 – Policy and Law
US DoJ indicts four members of China-linked APT40 cyberespionage group Full Text
Abstract
US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S. Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope, TEMP.Jumper,...Security Affairs
July 19, 2021 – Attack
What’s Next for REvil’s Victims? Full Text
Abstract
Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil’s servers went up in smoke.Threatpost
July 19, 2021 – APT
US indicts members of Chinese-backed hacking group APT40 Full Text
Abstract
Today, the US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018.BleepingComputer
July 19, 2021 – Criminals
More Ransomware Gangs Use VMs to Obscure Attacks Full Text
Abstract
Ransomware operators are continually refining their tactics in a bid to evade detection. This has led to a growing number of attackers relying on Virtual Machines (VMs) to run their ransomware payloads on compromised computers.Cyware Alerts - Hacker News
July 19, 2021 – General
Hillicon Valley: US, allies blame China for Microsoft Exchange Server hack | Biden walks back criticism of Facebook COVID-19 misinformation Full Text
Abstract
The Biden administration, along with a coalition of allied nations, took a major coordinated step in calling out China for its behavior in cyberspace, formally attributing the Microsoft Exchange Server attack to Chinese-linked hackers. The move is likely to increase tensions between the two nations, which have been high under both the Trump and now Biden administrations.The Hill
July 19, 2021 – Vulnerabilities
Experts disclose critical flaws in Advantech router monitoring tool Full Text
Abstract
Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech. Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed...Security Affairs
July 19, 2021 – Botnet
TeaBot Trojan Striking Harder, Targeting More European Banks Full Text
Abstract
Prodaft researchers are warning of Android banking botnet dubbed Teabot or Anasta that has been targeting the customers of 60 banks in Europe and is growing rapidly. Moreover, the inclusion of several sophisticated tricks such as targeting crypto wallets and abusing Accessibility Services makes it ... Read MoreCyware Alerts - Hacker News
July 19, 2021 – Government
Biden opens new cyber fight with China Full Text
Abstract
President Biden is putting new pressure on China by publicly attributing the wide-ranging Microsoft Exchange Server cyberattack to hackers affiliated with Beijing.The Hill
July 19, 2021 – Breach
Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco Full Text
Abstract
A hacker claims to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant, Saudi Aramco. Threat actors that goes online with the moniker ZeroX claim to have stolen 1 TB of sensitive data from the Saudi Arabian...Security Affairs
July 19, 2021 – Criminals
HelloKitty Joins the Race of Ransomware Targeting VMware ESXi Servers Full Text
Abstract
HelloKitty ransomware actors were spotted leveraging a Linux variant to target VMware’s ESXi servers and virtual machines running on the platform. The notorious ransomware gang gained popularity after targeting the Polish gaming firm CD Projekt. Organizations using such servers should implement hig ... Read MoreCyware Alerts - Hacker News
July 19, 2021 – Privacy
Spyware targeted Khashoggi’s wife before his death: report Full Text
Abstract
Hanan Elatr, the wife of slain Saudi journalist Jamal Khashoggi, was targeted by the Israeli tech firm NSO Group’s Pegasus spyware just months before he was killed in 2018, The Washington Post reports.The Hill
July 19, 2021 – Government
White House formally blames China’s Ministry of State Security for Microsoft Exchange Hack Full Text
Abstract
The U.S. and a coalition of allies on Monday formally attributed the sweeping campaign against Microsoft Exchange email servers to hackers affiliated with China’s Ministry of State Security.The Record
July 19, 2021 – General
Half of organizations are ineffective at countering phishing and ransomware threats Full Text
Abstract
Half of US organizations are not effective at countering phishing and ransomware threats, a recent study by Osterman Research involving professionals from mid-sized and large organizations revealed.Help Net Security
July 19, 2021 – Breach
Saudi Aramco data breach sees 1 TB stolen data for sale Full Text
Abstract
Attackers have stolen 1 TB of proprietary data belonging to Saudi Aramco and are offering it for sale on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the largest public petroleum and natural gas companies in the world. The sales price, albeit negotiable, is set at $5 million.BleepingComputer
July 19, 2021 – Breach
Cloud Storage Misconfiguration at Artwork Archive Exposed Over 420GB User Data Full Text
Abstract
Campbell Conroy & O'Neil, P.C. (Campbell), a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 2021 ransomware attack.ZDNet
July 19, 2021 – Government
US, allies blame China-linked hackers for Microsoft Exchange breach Full Text
Abstract
The United States and several allied countries on Monday are publicly blaming hackers affiliated with the Chinese government for the Microsoft Exchange Server hack that left tens of thousands of organizations vulnerable to compromise earlier this year.The Hill
July 19, 2021 – Vulnerabilities
Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely Full Text
Abstract
The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month , stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any up-to-date iPhone that connected to any wireless access points with percent symbols in their names such as "%p%s%s%s%s%n." While the issue is remediable by resetting the network settings (Settings > General > Reset > Reset Network Settings), Apple is expected to push a patch for the bug in its iOS 14.7 update, which is currently available to developers and public beta testers. But in what could have had far-reaching consequences, researchers from mobile security automation firm ZecOps found that the same bug could be exploited to achieve remote code execution (RCE) onThe Hacker News
July 19, 2021 – Privacy
Pegasus Project – how governments use Pegasus spyware against journalists Full Text
Abstract
Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group's spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential...Security Affairs
July 19, 2021 – Government
US and allies officially accuse China of Microsoft Exchange attacks Full Text
Abstract
US and allies, including the European Union, the United Kingdom, and NATO, are officially blaming China for this year's widespread Microsoft Exchange hacking campaign.BleepingComputer
July 19, 2021 – Hacker
India: Hackers use ransomware to target techies, demand cryptocurrency Full Text
Abstract
The hackers targeted their data, especially important files that had been compressed by the techies to transmit from their laptops to their official clients or their offices.The Times Of India
July 19, 2021 – General
Five Critical Password Security Rules Your Employees Are Ignoring Full Text
Abstract
According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security's Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. about their work-related password habits -- and discovered that a lot of remote workers are letting password security go by the wayside. Here are 5 critical password security rules they're ignoring. 1 — Always use strong passwords Strong passwords are at least eight characters long (preferably more) and consist of random strings of letters, numerals, and special characters. Passwords should never include dictionary words, which are easy to guess, or personal details, which cybercriminals can scrape off social media channels. 37% of respondents to Keeper's survey saiThe Hacker News
July 19, 2021 – Vulnerabilities
Experts show how to bypass Windows Hello feature to login on Windows 10 PCs Full Text
Abstract
Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism. Security researchers at CyberArk Labs discovered a security bypass vulnerability, tracked as CVE-2021-34466, affecting...Security Affairs
July 19, 2021 – Privacy
iPhones running latest iOS hacked to deploy NSO Group spyware Full Text
Abstract
Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple's latest iOS release, hacked using zero-day zero-click iMessage exploits.BleepingComputer
July 19, 2021 – General
Application security tools ineffective against new and growing threats Full Text
Abstract
As organizations around the world are faced with the task to digitally transform, many of the traditional tools and services no longer support the needs and architectures of the digitized world.Help Net Security
July 19, 2021 – Malware
Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses Full Text
Abstract
Data leaked to a consortium of news organizations suggests that several countries use Pegasus, a powerful cyberespionage tool, to spy on rights activists, dissidents and journalists.New York Times
July 19, 2021 – Vulnerabilities
15 Yr-Old Linux Netfilter Bug Let Hackers Bypass All Security Mitigations Full Text
Abstract
An Information Security Engineer, Andy Nguyen has recently detected a 15-Year-Old Linux Netfilter vulnerability that allows any attackers to bypass all the modern security measures.GB Hackers
July 19, 2021 – Business
Enea acquires AdaptiveMobile Security to strengthen its 5G network security portfolio Full Text
Abstract
AdaptiveMobile Security announced that it has been acquired by Enea. The firm will continue to deliver software and services for messaging and signaling security in mobile core networks.Help Net Security
July 19, 2021 – Ransomware
REvil Ransomware Uses DLL Sideloading Full Text
Abstract
The infamous REvil malware uses DLL side-loading to execute the ransomware code. This attack technique allows the attacker to execute malicious DLLs that spoof legitimate ones.McAfee
July 19, 2021 – General
These Inc. 5000 companies are the most vulnerable to cyberattacks Full Text
Abstract
Such is the scale of the problem that recent data from Atlas VPN suggests that 34% of businesses in the UK are forced to close down after falling victim to a ransomware attack.Cyber News
July 19, 2021 – Vulnerabilities
Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments Full Text
Abstract
According to a report by Citizen Lab, the spyware, code-named DevilsTongue by Microsoft, exploited at least a pair of zero-day holes in Windows to infect particular targets' machines.The Register
July 18, 2021 – Vulnerabilities
Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability Full Text
Abstract
Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, yet another zero-day flaw in the same component has come to light, making it the fourth printer-related flaw to be discovered in recent weeks. "Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT Coordination Center's Will Dormann said in an advisory published Sunday. "Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process." An exploit for the vulnerability was disclosed by security researcher and Mimikatz creator Benjamin Delpy . #printnightmare - Episode 4 You know what is better than a Legit Kiwi Printer ? 🥝Another Legit Kiwi Printer...👍 No prerequiste at all, you even don't need to sign drivers/package🤪 pic.twitter.com/oInb5jm3tE — 🥝 Benjamin Delpy (The Hacker News
July 18, 2021 – Malware
New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally Full Text
Abstract
A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world. Dubbed the " Pegasus Project ," the investigation is a collaboration by more than 80 journalists from a consortium of 17 media organizations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, along with the technical support of Amnesty International. "The Pegasus Project lays bare how NSO's spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril," Amnesty International's Secretary-General, Agnès Callamard, said . "These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their teThe Hacker News
July 18, 2021 – Vulnerabilities
New Windows print spooler zero day exploitable via remote print servers Full Text
Abstract
Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature.BleepingComputer
July 18, 2021 – Vulnerabilities
Chinese government issues new vulnerability disclosure regulations Full Text
Abstract
Cyberspace Administration of China (CAC) issued new vulnerability disclosure regulations that oblige experts to report zero-days to the government. The Cyberspace Administration of China (CAC) has issued a new exacerbated vulnerability disclosure...Security Affairs
July 18, 2021 – Attack
Ransomware hits law firm counseling Fortune 500, Global 500 companies Full Text
Abstract
Campbell Conroy & O'Neil, P.C. (Campbell), a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 2021 ransomware attack.BleepingComputer
July 18, 2021 – Solution
Instagram implements ‘Security Checkup’ to help users recover compromised accounts Full Text
Abstract
Instagram introduced a new security feature dubbed "Security Checkup" to help users to recover their accounts that have been compromised. Good news for the owners of Instagram accounts that may have been compromised, the company launched a new feature...Security Affairs
July 18, 2021 – Attack
Comparis customers targeted by scammers after ransomware attack Full Text
Abstract
Leading Swiss price comparison platform Comparis has notified customers of a data breach following a ransomware attack that hit and took down its entire network last week.BleepingComputer
July 18, 2021 – Criminals
HelloKitty ransomware gang targets vulnerable SonicWall devices Full Text
Abstract
BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. SonicWall this week has issued an urgent security alert to warn companies of “an imminent ransomware...Security Affairs
July 18, 2021 – General
Security Affairs newsletter Round 323 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Biden discussed...Security Affairs
July 17, 2021 – Malware
BazarBackdoor Uses New Obfuscation Tricks to Challenge Security Full Text
Abstract
A new phishing campaign is delivering the BazarBackdoor malware and using the multi-compression method to hide the malware as an image file. This method tricks Secure Email Gateways (SEGs) into detecting malicious attachments as clean files. This makes it a worrisome threat and requires continuou ... Read MoreCyware Alerts - Hacker News
July 17, 2021 – Criminals
Mespinoza Group Uses Unique Tools to Target Organizations Full Text
Abstract
Palo Alto Networks provides details about the methods and tactics employed by the Mespinoza ransomware group that has been targeting multiple sectors across the globe with a focus on the education sector. The ransomware group carries out the initial access via public-facing RDP servers and prefers ... Read MoreCyware Alerts - Hacker News
July 17, 2021 – Botnet
Trickbot Thrives Again with Virtual Network Computing Module Full Text
Abstract
Recently, Trickbot actors were found adding new Virtual Network Computing (VNC) module into its arsenal that helps an actor monitor high-profile targets and gathers intelligence from them. The frequent developments in Trickbot’s lifecycle and an accelerated rate of propagation highlight the actual ... Read MoreCyware Alerts - Hacker News
July 17, 2021 – Ransomware
HelloKitty ransomware is targeting vulnerable SonicWall devices Full Text
Abstract
CISA is warning of threat actors targeting "a known, previously patched, vulnerability" found in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products with end-of-life firmware.BleepingComputer
July 17, 2021 – APT
LuminousMoth - Another Chinese APT Targeting Asian Governments Full Text
Abstract
Kaspersky discovered an ongoing, large-scale APT campaign named LuminousMoth with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities. The recent activities of the APT group indicate the wider interests of China-based hackers toward Southeast Asian gov ... Read MoreCyware Alerts - Hacker News
July 17, 2021 – Attack
Ecuador’s state-run CNT telco hit by RansomEXX ransomware Full Text
Abstract
Ecuador's state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support.BleepingComputer
July 17, 2021 – General
Overcoming Cyberthreat Intelligence-Sharing Hurdles Full Text
Abstract
Cyber fusion centers can help automate the sharing of cyber threat intelligence in a cross-sector environment, according to Errol Weiss of the Health Information Sharing & Analysis Center and Anuj Goel of Cyware.Gov Info Security
July 17, 2021 – Policy and Law
China’s New Law Requires Researchers to Report All Zero-Day Bugs to Government Full Text
Abstract
The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The " Regulations on the Management of Network Product Security Vulnerability " are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks. "No organization or individual may take advantage of network product security vulnerabilities to engage in activities that endanger network security, and shall not illegally collect, sell or publish information on network product security vulnerabilities," Article 4 of the regulation states. In addition to banning sales of previously unknown security weaknesses, the new rules also forbid vulnerabilities from beingThe Hacker News
July 17, 2021 – Government
US govt offers $10 million reward for info on nation-state cyber operations Full Text
Abstract
The US government is offering a $10 million reward to everyone that provides information on operations conducted by nation-state actors. The US government is offering a $10 million reward for information on campaigns conducted by state-sponsored hackers. The...Security Affairs
July 17, 2021 – Vulnerabilities
Cryptographers unearth vulnerabilities in Telegram’s encryption protocol Full Text
Abstract
An international team of computer scientists and researchers reported that they found four cryptographic security vulnerabilities in the popular encrypted message app Telegram.Cyberscoop
July 17, 2021 – General
Instagram Launches ‘Security Checkup’ to Help Users Recover Hacked Accounts Full Text
Abstract
Instagram earlier this week introduced a new " Security Checkup " feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them. In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact details such as phone numbers or email. Additionally, the Facebook-owned company is also "strongly" recommending users to turn on two-factor authentication for extra security and preventing unauthorized logins. On that front, Instagram also said it would allow users in selected countries to use their WhatsApp numbers to authenticate their accounts. Stressing that "Instagram will never send you a [direct message]," the social media platform cautioned users to be on the lookout for scams, wherein malicious accounts reach out via DMs to try and access sensitive information like account passThe Hacker News
July 17, 2021 – Vulnerabilities
Cisco fixes high-risk DoS flaw in ASA, FTD Software Full Text
Abstract
Cisco addressed a high severity DoS vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco this week released security updates for a high severity vulnerability in the Adaptive Security Appliance...Security Affairs
July 17, 2021 – Vulnerabilities
Google Chrome fixes a new zero-day exploited in the wild Full Text
Abstract
Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including a high severity zero-day vulnerability, tracked as CVE-2021-30563, that has been exploited in the wild.Security Affairs
July 17, 2021 – Vulnerabilities
CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks Full Text
Abstract
Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet. CDNJS is a free and open-source content delivery network (CDN) that serves about 4,041 JavaScript and CSS libraries , making it the second most popular CDN for JavaScript after Google Hosted Libraries. The weakness concerned an issue in the CDNJS library update server that could potentially allow an attacker to execute arbitrary commands, leading to a complete compromise. The vulnerability was discovered and reported by security researcher RyotaK on April 6, 2021. There is no evidence of in-the-wild attacks abusing this flaw. Specifically, the vulnerability works by publishing packages to Cloudflare's CDNJS using GitHub and npm, using it to trigger a path traversal vulnerability , and ultimately trick the server into executing arbitrary code, thus achieving remote code execution. It's worThe Hacker News
July 17, 2021 – Vulnerabilities
D-Link issues beta hotfix for multiple flaws in DIR-3040 routers Full Text
Abstract
Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities...Security Affairs
July 17, 2021 – Criminals
US government launches plans to cut cybercriminals off from cryptocurrency Full Text
Abstract
The updates on the White House’s plan to tackle ransomware comes on the heels of the third major ransomware attack to pose a serious threat to the U.S. national security in as many months.Cyberscoop
July 17, 2021 – Phishing
New LinkedIn phishing campaign found using Google Forms Full Text
Abstract
The new LinkedIn phishing email prompts users to verify their LinkedIn accounts with the subject line including the potential victim’s name as well to make it look more authentic.Hackread
July 17, 2021 – Government
Biden battles Russian hacking groups with restrictions on IT firms Full Text
Abstract
The United States took a new stab at Russia’s cybersecurity industry, restricting trade with four IT firms and two other entities over “aggressive and harmful” activities - including digital espionage - that US blames on the Russian government.Reuters
July 17, 2021 – Vulnerabilities
Another privilege escalation bug found in Windows Print Spooler service Full Text
Abstract
Microsoft has shared guidance revealing yet another vulnerability, identified as CVE-2021-34481, connected to its Windows Print Spooler service, saying it is "developing a security update."The Register
July 16, 2021 – General
Hillicon Valley: Biden: Social media platforms ‘killing people’ | Tech executives increased political donations amid lobbying push | Top House antitrust Republican forms ‘Freedom from Big Tech Caucus’ Full Text
Abstract
A day after the surgeon general issued an advisory labeling health misinformation an “urgent threat,” President BidenJoe BidenJ.D. Scholten: Democratic Party is 'getting blown out of the water' by not connecting to voters Children under 12 could be able to receive the COVID-19 vaccine by winter: report Georgia secretary of state calls for Fulton County elections officials to be fired MORE ramped up the pressure on tech companies, telling reporters social media platforms that allowing the spread of COVID-19 misinformation was “killing people.”The Hill
July 16, 2021 – Vulnerabilities
Critical Cloudflare CDN flaw allowed compromise of 12% of all sites Full Text
Abstract
Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN.BleepingComputer
July 16, 2021 – Ransomware
Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers Full Text
Abstract
HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs.Threatpost
July 16, 2021 – Criminals
Hacker is stealing the identities of victims, Surfside mayor says Full Text
Abstract
Surfside Mayor Charles Burkett said Friday that a hacker is stealing the identities of victims who died in the condominium collapse in his city.The Hill
July 16, 2021 – General
The Evolving Role of the CISO Full Text
Abstract
Curtis Simpson, CISO at Armis, discusses the top qualities that all CISOs need to possess to excel.Threatpost
July 16, 2021 – Criminals
Top CVEs Trending with Cybercriminals Full Text
Abstract
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.Threatpost
July 16, 2021 – Attack
Cyberattack on Moldova’s Court of Accounts destroyed public audits Full Text
Abstract
Moldova's "Court of Accounts" has suffered a cyberattack leading to the agency's public databases and audits being destroyed.BleepingComputer
July 16, 2021 – Ransomware
The Week in Ransomware - July 16th 2021 - REvil disappears Full Text
Abstract
Ransomware operations have been quieter this week as the White House engages in talks with the Russian government about cracking down on cybercriminals believed to be operating in Russia.BleepingComputer
July 16, 2021 – Government
US govt offers $10 million reward for tips on nation-state hackers Full Text
Abstract
The United States government has taken two more active measures to fight and defend against malicious cyber activities affecting the country's business and critical infrastructure sectors.BleepingComputer
July 16, 2021 – Vulnerabilities
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks Full Text
Abstract
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.Threatpost
July 16, 2021 – Vulnerabilities
Several Vulnerabilities Patched in ‘MDT AutoSave’ Industrial Automation Product Full Text
Abstract
The product is used by some of the world’s biggest manufacturers, including major car makers (Tesla, Kia, BMW, Hyundai, Honda), Coca Cola, P&G, Johnson & Johnson, AstraZeneca, and Nestlé Purina.Security Week
July 16, 2021 – Vulnerabilities
Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware Full Text
Abstract
Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world.Threatpost
July 16, 2021 – Ransomware
New Diavol Ransomware by the Wizard Spider Threat Group Steal Victims’ Data Full Text
Abstract
Diavol ransomware does not prevent their payloads from running on Russian targets by doing a locale check. This is notable because most ransomware will avoid Russian systems.Security Affairs
July 16, 2021 – Malware
TeaBot Mobile Banking Malware Targets Users Across Spain, Germany, Switzerland, and the Netherlands Full Text
Abstract
PRODAFT researchers said that the malware, also known as TeaBot/Anatsa, is part of a rising trend of mobile banking trojan attacking users across Spain, Germany, Switzerland, and the Netherlands.ZDNet
July 16, 2021 – Vulnerabilities
D-Link issues hotfix for hard-coded password router vulnerabilities Full Text
Abstract
D-Link has issued a hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router that can allow attackers to execute arbitrary code on unpatched routers, gain access to sensitive information, or crash the routers after triggering a denial of service state.BleepingComputer
July 16, 2021 – Vulnerabilities
Multiple vulnerabilities spotted in in D-LINK DIR-3040 wireless routers Full Text
Abstract
These vulnerabilities could allow an attacker to carry out a variety of malicious actions, including exposing sensitive information, causing a denial of service, and execute arbitrary code.Cisco Talos
July 16, 2021 – Solution
Microsoft Defender for Identity now detects PrintNightmare attacks Full Text
Abstract
Microsoft has added support for PrintNightmare exploitation detection to Microsoft Defender for Identity to help Security Operations teams detect attackers' attempts to abuse this critical vulnerability.BleepingComputer
July 16, 2021 – Vulnerabilities
Exploit broker Zerodium is looking for VMware vCenter Server exploits Full Text
Abstract
Zero-day exploit broker Zerodium announced it is looking for zero-day exploits for VMware vCenter Server. The company will pay up to $100,000 for zero-days in vCenter Server.Security Affairs
July 16, 2021 – Privacy
Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware Full Text
Abstract
Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally. The spyware vendor was also formally identified as the commercial surveillance company that Google's Threat Analysis Group (TAG) revealed as exploiting multiple zero-day vulnerabilities in Chrome browser to target victims located in Armenia, according to a report published by the University of Toronto's Citizen Lab. " Candiru 's apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab researchers said . "This case demonstrates, yet again, that in the absence of any international safeguardThe Hacker News
July 16, 2021 – Vulnerabilities
Microsoft alerts about a new Windows Print Spooler vulnerability Full Text
Abstract
Microsoft published guidance to mitigate the impact of a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed today. Microsoft published a security advisory for a new Windows Print Spooler vulnerability, tracked as CVE-2021-34481,...Security Affairs
July 16, 2021 – Vulnerabilities
Cloudflare fixes CDN code execution bug affecting 12.7% of all sites Full Text
Abstract
Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN.BleepingComputer
July 16, 2021 – Government
US Government Launches First One-Stop Ransomware Resource at StopRansomware.gov Full Text
Abstract
The new StopRansomware.gov is a collaborative effort across the federal government and is the first joint website created to help private and public organizations mitigate their ransomware risk.US Department of Justice
July 16, 2021 – APT
The Definitive RFP Templates for EDR/EPP and APT Protection Full Text
Abstract
Advanced Persistent Threats groups were once considered a problem that concerns Fortune 100 companies only. However, the threat landscape of the recent years tells otherwise—in fact, every organization, regardless of vertical and size is at risk, whether as a direct target, supply chain or collateral damage. The vast majority of security decision-makers acknowledge they need to address the APT risk with additional security solutions but struggle with mapping APT attack vectors to a clear-cut set of security product capabilities, which impairs their ability to choose the products that would best protect them. Cynet is now addressing this need with the definitive RFP templates for EDR/EPP and APT Protection , an expert-made security requirement list, that enables stakeholders to accelerate and optimize the evaluation process of the products they evaluate. These RFP templates aim to capture the widest common denominator in terms of security needs and deliver the essential that areThe Hacker News
July 16, 2021 – Vulnerabilities
Google Chrome 91.0.4472.164 fixes a new zero-day exploited in the wild Full Text
Abstract
Google Chrome 91.0.4472.164 addresses seven security vulnerabilities, including a high severity zero-day flaw exploited in the wild. Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including...Security Affairs
July 16, 2021 – Vulnerabilities
Google patches 8th Chrome zero-day exploited in the wild this year Full Text
Abstract
Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild.BleepingComputer
July 16, 2021 – Business
NortonLifeLock in Talks to Buy Antivirus Rival Avast Full Text
Abstract
NortonLifeLock on Wednesday issued a statement confirming that it is "in advanced discussions with the board of Avast regarding a possible combination of NortonLifeLock and Avast."Gov Info Security
July 16, 2021 – Hacker
Facebook Suspends Accounts Used by Iranian Hackers to Target US Military Personnel Full Text
Abstract
Facebook on Thursday disclosed it dismantled a "sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform. The social media giant pinned the attacks to a threat actor known as Tortoiseshell (aka Imperial Kitten) based on the fact that the adversary used similar techniques in past campaigns attributed to the threat group, which was previously known to focus on the information technology industry in Saudi Arabia, suggesting an apparent expansion of malicious activity. "This group used various malicious tactics to identify its targets and infect their devices with malware to enable espionage," said Mike Dvilyanski, Head of Cyber Espionage Investigations, and David Agranovich, Director, Threat Disruption, at Facebook. "This activity had the hallmarks of a well-resourced andThe Hacker News
July 16, 2021 – Malware
New enhanced Joker Malware samples appear in the threat landscape Full Text
Abstract
The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Experts reported an uptick in malicious Android apps on the official Google Play store laced with the Joker mobile...Security Affairs
July 16, 2021 – Breach
Full Source Code Dump of DDoS-Guard Service Put for Sale Online Full Text
Abstract
Alleged customer data from DDoS-Guard, a Russia-based company that offers defenses against distributed denial-of-service attacks, has been offered for sale on a cybercrime forum.Gov Info Security
July 16, 2021 – Insider Threat
57% of reported incidents are caused by insiders Full Text
Abstract
Insider data breaches were the top cause of data and cybersecurity incidents reported in the first quarter of 2021, according to the ICO, with over 1,000 incidents reported in the Q1 2021.Help Net Security
July 16, 2021 – Vulnerabilities
Are Your Employees’ Old Phone Numbers Creating Vulnerabilities? Full Text
Abstract
A study by Princeton University found that 100 of the 259 phone numbers they tested had linked login credentials online and that mobile carriers have weaknesses that make recycled numbers vulnerable.Security Intelligence
July 16, 2021 – Hacker
Facebook Discovers Highly Targeted Iran-linked Hacking Campaign Against Defense Sector Full Text
Abstract
The hacking group known as "Tortoiseshell" targeted nearly 200 individuals associated with the military as well as defense and aerospace companies in the U.S., and to a lesser extent in the U.K.CBS News
July 16, 2021 – Malware
IoT-Specific Malware Infections Jumped 700% Amid Pandemic Full Text
Abstract
New telemetry from Zscaler on Internet of Things (IoT) devices demonstrates a dramatic increase in attacks on those devices during the work-from-home phase of the COVID-19 pandemic.Dark Reading
July 15, 2021 – Vulnerabilities
Microsoft shares guidance on new Windows Print Spooler vulnerability Full Text
Abstract
Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight.BleepingComputer
July 15, 2021 – Vulnerabilities
Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild Full Text
Abstract
Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild. The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine ( CVE-2021-30563 ). The search giant credited an anonymous researcher for reporting the flaw on July 12. As is usually the case with actively exploited flaws, the company issued a terse statement acknowledging that "an exploit for CVE-2021-30563 exists in the wild" while refraining from sharing full details about the underlying vulnerability used in the attacks due to its serious nature and the possibility that doing so could lead to further abuse. CVE-2021-30563 also marks the ninth zero-day addressed by Google to combat real-world attacks against Chrome users since the start of the year — CVE-2021-21148 - Heap buffer overflow in V8 CVE-2021-21166 - ObjeThe Hacker News
July 15, 2021 – Vulnerabilities
Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability Full Text
Abstract
Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update. Tracked as CVE-2021-34481 (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher Jacob Baines for discovering and reporting the bug. "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges," the Windows maker said in its advisory. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." However, it's worth pointing out that successful exploitation of the vulnerability requires the attacker to have tThe Hacker News
July 15, 2021 – General
Hillicon Valley: Surgeon general issues health misinformation advisory | Biden administration stepping up efforts to respond to ransomware attacks | Cyber bills gain new urgency after rash of attacks Full Text
Abstract
The Biden administration put pressure Thursday on tech companies to do more to combat the spread of the misinformation on their platforms. Surgeon General Vivek MurthyVivek MurthyMurthy: COVID-19 vaccine development could bring 'cures and treatments for other illnesses much, much closer' Do you need a vaccine booster and other questions swirling around COVID Pfizer to brief US health officials on coronavirus booster shot: report MORE issued an advisory calling the spread of misinformation an “urgent threat to public health” — especially as the federal government pushes for more Americans to get coronavirus vaccines.The Hill
July 15, 2021 – Vulnerabilities
Windows print nightmare continues with malicious driver packages Full Text
Abstract
Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers.BleepingComputer
July 15, 2021 – Privacy
Israeli surveillance firm Candiru used Windows zero-days to deploy spyware Full Text
Abstract
Experts said that Israeli surveillance firm Candiru, tracked as Sourgum, exploited zero-days to deliver a new Windows spyware. Microsoft and Citizen Lab believe that the secretive Israel-based Israeli surveillance firm Candiru, tracked as Sourgum,...Security Affairs
July 15, 2021 – Hacker
Facebook disrupts Iranian hackers using platform to target US military personnel Full Text
Abstract
Facebook on Thursday announced that it had taken steps to disrupt a group of Iranian-based hackers that had leveraged the platform as part of a wider effort to target U.S. military personnel and the defense industry in other countries.The Hill
July 15, 2021 – Malware
Microsoft’s print nightmare continues with malicious driver packages Full Text
Abstract
Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers.BleepingComputer
July 15, 2021 – Vulnerabilities
Exploit broker Zerodium is looking for VMware vCenter Server exploits Full Text
Abstract
Zero-day exploit broker Zerodium is looking for 0day exploits for the VMware vCenter Server Zero-day exploit broker Zerodium announced it is looking for zero-day exploits for VMware vCenter Server. vCenter Server is the centralized management utility...Security Affairs
July 15, 2021 – Attack
SonicWall Warns Secure VPN Hardware Bugs Under Attack Full Text
Abstract
SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack.Threatpost
July 15, 2021 – Policy and Law
Ohio Introduces Data Privacy Legislation Full Text
Abstract
On July 13, Ohio Lieutenant Governor John Husted announced the introduction of the Ohio Personal Privacy Act, a comprehensive privacy framework following in the footsteps of several other states.The National Law Review
July 15, 2021 – Malware
SpearTip Finds New Diavol Ransomware Does Steal Data Full Text
Abstract
Security researchers have linked a new ransomware strain called Diavol to the Wizard Spider threat group behind the Trickbot botnet. BleepingComputer noted the ransomware families utilize the same I/O operations for file encryption queueing and use nearly...Security Affairs
July 15, 2021 – Ransomware
PYSA Ransomware Gang Using New Gasket Backdoor to Target U.S. Organizations Full Text
Abstract
As with other ransomware attacks, Mespinoza originates through exposed RDP servers, eliminating the need to craft phishing emails, perform social engineering, or exploit software vulnerabilities.The Register
July 15, 2021 – Privacy
Microsoft disrupts products from Israeli tech firm used to hack journalists, activists Full Text
Abstract
Microsoft on Thursday announced that it had disrupted the use of what it described as “cyberweapons” manufactured and sold by an Israeli-based company to target victims worldwide including journalists and human rights activists.The Hill
July 15, 2021 – APT
Charming Kitten APT is Now Targeting Middle-East Scholars Full Text
Abstract
Iranian state-aligned threat actor TA453 hacked a website pertaining to the University of London, to steal information of journalists, professors, and think tanks, under a campaign dubbed SpoofedScholars. The APT group is continuously innovating and developing new ways of attacking users. Organizat ... Read MoreCyware Alerts - Hacker News
July 15, 2021 – Government
U.S. offers $10 million for tips on foreign hackers Full Text
Abstract
The U.S. on Thursday offered up to $10 million for information that can identify or locate malicious cyber actors working at the behest of a foreign government to target critical U.S. infrastructure.Reuters
July 15, 2021 – Ransomware
HelloKitty ransomware now targets VMware ESXi servers Full Text
Abstract
HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang...Security Affairs
July 15, 2021 – Business
Microsoft: Israeli firm used Windows zero-days to deploy spyware Full Text
Abstract
Microsoft and Citizen Lab have linked Israeli spyware company Candiru (also tracked as Sourgum) to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities.BleepingComputer
July 15, 2021 – Business
Passwordless authentication platform Stytch raises $30M in Series A funding Full Text
Abstract
Stytch raised $30 million in its Series A funding led by Thrive Capital, which also included participation from Coatue Management and existing backers Benchmark and Index.TechCrunch
July 15, 2021 – Breach
Forefront Dermatology Clinic Chain Notifies 2.4 Million Patients, Employees, and Clinicians of Data Breach Full Text
Abstract
Forefront Dermatology S.C, a dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a recent hacking incident.DataBreach Today
July 15, 2021 – Vulnerabilities
WooCommerce fixes vulnerability exposing 5 million sites to data theft Full Text
Abstract
WooCommerce, the popular e-commerce plugin for the WordPress content management system has been updated to patch a serious vulnerability that could be exploited without authentication.BleepingComputer
July 15, 2021 – Government
CISA Releases Risk Vulnerability Assessment Report for FY2020 Full Text
Abstract
In the fiscal year 2020, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a risk assessment of 37 attack techniques mapped to six infection stages across multiple stakeholders in different sectors.Cyware Alerts - Hacker News
July 15, 2021 – Vulnerabilities
Multiple vulnerabilities spotted in Advantech R-SeeNet Full Text
Abstract
Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software. The vulnerabilities exist in various scripts inside of R-SeeNet's web applications.Cisco Talos
July 15, 2021 – Business
Cybereason raises $275M at Series F, adds Steven Mnuchin to board Full Text
Abstract
Cybereason, a U.S.-Israeli late-stage cybersecurity startup that provides extended detection and response (XDR) services, has secured $275 million in Series F funding led by Liberty Strategic Capital.TechCrunch
July 15, 2021 – Business
SonicWall Warns Firewall Hardware Bugs Under Attack Full Text
Abstract
SonicWall issued an urgent security alert warning customers that some of its current and legacy firewall appliances were under active attack.Threatpost
July 15, 2021 – Ransomware
Linux version of HelloKitty ransomware targets VMware ESXi servers Full Text
Abstract
The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage.BleepingComputer
July 15, 2021 – Phishing
Microsoft details the rise in consent phishing emails and potential mitigations Full Text
Abstract
Microsoft has tracked an increase in consent phishing emails that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data.Microsoft
July 15, 2021 – Business
Cybersecurity startup Virsec raises $100M in round led by BlueIO Full Text
Abstract
Cybersecurity startup Virsec Systems Inc. disclosed today that it has raised $100 million in new funding to hire more people, meet product demand and build out its customer support model.Silicon Angle
July 15, 2021 – Vulnerabilities
Software maker removes “backdoor” giving root access to radio devices Full Text
Abstract
The author of a popular software-defined radio (SDR) project has removed a "backdoor" from radio devices that granted root-level access. The backdoor had been, according to the author, present in all versions of KiwiSDR devices for the purposes of remote administration and debugging.BleepingComputer
July 15, 2021 – Criminals
Cybercriminals customizing malware for attacks on virtual infrastructure Full Text
Abstract
As per research by Positive Technologies, the number of attacks increased by 17% compared to Q1 2020, with 77% being targeted attacks, and incidents with individuals accounting for 12% of the total.Help Net Security
July 15, 2021 – Government
Biden administration stepping up efforts to respond to ransomware attacks Full Text
Abstract
The Biden administration on Thursday will announce new cross-agency measures to address the recent major ransomware attacks on companies including Colonial Pipeline and software group Kaseya.The Hill
July 15, 2021 – Government
China’s Cyberspies Targeting Southeast Asian Government Entities Full Text
Abstract
A sweeping and "highly active campaign" that originally set its sights on Myanmar has broadened its focus to strike a number of targets located in the Philippines, according to new research. Russian cybersecurity firm Kaspersky, which first spotted the infections in October 2020, attributed them to a threat actor it tracks as " LuminousMoth ," which it connected with medium to high confidence to a Chinese state-sponsored hacking group called HoneyMyte or Mustang Panda , given its observed victimology, tactics, and procedures. About 100 affected victims have been identified in Myanmar, while the number of victims jumped to nearly 1,400 in the Philippines, although the researchers noted that the actual targets were only a fraction of the initial numbers, including government entities located both within the two countries and abroad. The goal of the attacks is to affect a wide perimeter of targets with the aim of hitting a select few that are of strategic interesThe Hacker News
July 15, 2021 – Vulnerabilities
SonicWall warns of ‘imminent ransomware’ attacks on its EOL products Full Text
Abstract
SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some...Security Affairs
July 15, 2021 – Attack
Safari Zero-Day Used in Malicious LinkedIn Campaign Full Text
Abstract
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.Threatpost
July 15, 2021 – Government
White House announces ransomware task force — and hacking back is one option Full Text
Abstract
The Biden administration is promoting efforts to help agencies go on defense and offense against hackers whose economically paralyzing attacks pose a growing threat to the U.S.Politico
July 15, 2021 – Government
Cybersecurity bills gain new urgency after rash of attacks Full Text
Abstract
Bipartisan bills aimed at strengthening U.S. cybersecurity after a string of major attacks are making headway in both the House and Senate.The Hill
July 15, 2021 – Solution
New Zero-Trust API Offers Mobile Carrier Authentication to Developers Full Text
Abstract
Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators – without the overhead of processing or storing user data. Before we show you how it works and how to integrate it, let's start with the fundamental challenge. Zero Trust and Authentication The Zero Trust model of identity verification essentially means never trusting that a returning user is whom they claim to be, regardless of their location or previous successful attempts. Zero Trust is a strategic approach to access management that is vital for keeping out bad actors. As the world moves to the cloud, with an increasingly distributed network of employees, partners, and clients, tighter auth journeys become even more important. But with greater security comes greateThe Hacker News
July 15, 2021 – Malware
macOS: Bashed Apples of Shlayer and Bundlore Full Text
Abstract
Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer...Security Affairs
July 15, 2021 – General
22% of exploits for sale in underground forums are more than three years old Full Text
Abstract
Trend Micro released new research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years old.Help Net Security
July 15, 2021 – Attack
Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances Full Text
Abstract
Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances ( CVE-2019-7481 ) are being exploited as an initial access vector for ransomware attacks to breach corporate networks worldwide. "SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials," the company said . "The exploitation targets a known vulnerability that has been patched in newer versions of firmware." SMA 1000 series products are not affected by the flaw, SonicWall noted, urging businesseThe Hacker News
July 15, 2021 – Breach
Firm Hacked to Spread Ransomware Had Previous Security Flaws Full Text
Abstract
It turns out that the recent hack wasn’t the first major cybersecurity problem to hit Kaseya and its core product, which IT teams use to remotely monitor and administer workplace systems.Security Week
July 15, 2021 – Vulnerabilities
Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild Full Text
Abstract
Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks. The list of now-patched vulnerabilities is as follows - CVE-2021-1879 : Use-After-Free in QuickTimePluginReplacement (Apple WebKit) CVE-2021-21166 : Chrome Object Lifecycle Issue in Audio CVE-2021-30551 : Chrome Type Confusion in V8 CVE-2021-33742 : Internet Explorer out-of-bounds write in MSHTML Both Chrome zero-days — CVE-2021-21166 and CVE-2021-30551 — are believed to have been used by the same actor, and were delivered as one-time links sent via email to targets located in Armenia, with the links redirecting unsuspecting users to attacker-controlledThe Hacker News
July 15, 2021 – Vulnerabilities
Ransomware Attacks Targeting Unpatched Firmware Flaws in EOL SonicWall SMA and SRA Appliances Full Text
Abstract
Anyone using SRA 4600/1600 (EOL 2019), SRA 4200/1200 (EOL 2016), or SSL-VPN 200/2000/400 (EOL 2013/2014) should disconnect their appliances immediately and change all associated passwords.ZDNet
July 15, 2021 – Criminals
Spain arrests 16 for distributing the Mekotio and Grandoreiro banking trojans Full Text
Abstract
The suspects were arrested last week, had their house searched, and devices seized for investigation during raids part of an operation that authorities named Aguas Vivas (Living Waters).The Record
July 15, 2021 – Vulnerabilities
macOS: Bashed Apples of Shlayer and Bundlore Full Text
Abstract
These malware are the most predominant malware in macOS, also with a history of evading and bypassing the built-in Xprotect, Gatekeeper, Notarization, and File Quarantine security features of macOS.Security Affairs
July 15, 2021 – Cryptocurrency
Thousands of PS4s seized in Ukraine in illegal cryptocurrency mining sting Full Text
Abstract
Thousands of PlayStation 4 gaming consoles have been seized by Ukraine's Security Service after their discovery in an old warehouse, used to illicitly mine for cryptocurrency.ZDNet
July 14, 2021 – General
Hillicon Valley: Facebook petitions for FTC chair’s recusal in antitrust case | Olivia Rodrigo teams with White House to push for vaccines on social media | Twitter removing ‘Fleets’ function in August Full Text
Abstract
Facebook followed in Amazon’s footsteps Wednesday, filing a petition to seek Federal Trade Commission Chair Lina KhanLina KhanHillicon Valley: Biden warns Putin on Russian ransomware attacks | Biden signs sweeping order to boost competition| TikTok updates automated takedown system A new view of digital rights: Make them part of digital infrastructure Court ruling sets up ever more bruising fight over tech MORE’s recusal from participating in decisions about how the agency moves forward with its antitrust case against the social media giant. The petition seeking Khan’s recusal comes as the FTC faces an end-of-month deadline to file a new complaint after a judge dismissed the FTC’s original complaint in June.The Hill
July 14, 2021 – Vulnerabilities
Google: four zero-day flaws have been exploited in the wild Full Text
Abstract
Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been...Security Affairs
July 14, 2021 – Government
Senate committee advances bipartisan energy infrastructure bill Full Text
Abstract
Legislation that’s expected to be a key piece of the bipartisan infrastructure package moved forward on Wednesday as Democrats separately fleshed out their reconciliation infrastructure bill.The Hill
July 14, 2021 – Cryptocurrency
Cryptominer Farm Rigged with 3,800 PS4s Busted in Ukraine Full Text
Abstract
Ukrainian cops seize PlayStation 4 consoles, graphics cards, processors and more in cryptomining sting involving alleged electricity theft.Threatpost
July 14, 2021 – Attack
BazarBackdoor sneaks in through nested RAR and ZIP archives Full Text
Abstract
Security researchers caught a new phishing campaign that tried to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file.BleepingComputer
July 14, 2021 – Vulnerabilities
Microsoft warns zero-day in SolarWinds Serv-U software being exploited by Chinese threat group Full Text
Abstract
Microsoft says the flaw impacts the way Serv-U implements SSH and exploitation gives an attacker remote code execution privileges.SCMagazine
July 14, 2021 – General
CMS interoperability rule enacted: How providers should tackle API security Full Text
Abstract
As CMS developed its interoperability rule, stakeholders raised a number of security concerns posed by APIs. Imperva’s VP shares how providers can keep PHI secure.SCMagazine
July 14, 2021 – APT
China-linked LuminousMoth APT targets entities from Southeast Asia Full Text
Abstract
LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. Kaspersky experts uncovered an ongoing and large-scale cyber espionage campaign,...Security Affairs
July 14, 2021 – Vulnerabilities
SonicWall warns of ‘critical’ ransomware risk to EOL SMA 100 VPN appliances Full Text
Abstract
SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.BleepingComputer
July 14, 2021 – Criminals
Watch Out! Cybercriminals are Hitting Hard at Cryptocurrency Users Full Text
Abstract
Illicit cryptomining campaigns are growing strong as cybercriminals continue to evolve their attack techniques and malware. One of the main reasons for the rise is the rapidly growing investments in the cryptocurrency space.Cyware Alerts - Hacker News
July 14, 2021 – Solution
Strata automation tool looks to simplify cloud migration projects Full Text
Abstract
Users will be able to automatically discover and catalog on-premises identity systems that are nearing their end of life.SCMagazine
July 14, 2021 – Attack
AttackIQ raises $44M to fuel global growth and vision of security optimization Full Text
Abstract
AttackIQ announced a $44 million Series C funding round led by Atlantic Bridge. Also, Kevin Dillon, Co-Founder and Managing Partner at Atlantic Bridge, also joined the company's Board of Directors.Help Net Security
July 14, 2021 – Vulnerabilities
SolarWinds Zero-Day Vulnerability Under Active Attack Full Text
Abstract
SolarWinds has been notified by Microsoft of a critical zero-day vulnerability in its Serv-U product line. The research found a limited number of impacted customers. Organizations are suggested to follow the recommendations provided by security agencies and keep reviewing their cybersecurity p ... Read MoreCyware Alerts - Hacker News
July 14, 2021 – Criminals
Hancitor is Using Old but Tested Tricks to Spread Malware Full Text
Abstract
Mcafee Labs laid bare a new technique by Hancitor actors that involves the use of cookies to prevent URL scraping and also dropping malware such as CobaltStrike, Pony, Cuba, FickerStealer, and Zeppelin. Experts believe that it is expected to be used in future ransomware attacks and suggest erecting ... Read MoreCyware Alerts - Hacker News
July 14, 2021 – Solution
Google Chrome will add HTTPS-First Mode to keep your data safe Full Text
Abstract
Google will add an HTTPS-First Mode to the Chrome web browser to block attackers from intercepting or eavesdropping on users' web traffic.BleepingComputer
July 14, 2021 – Attack
Google: Russian SVR hackers targeted LinkedIn users with Safari zero-day Full Text
Abstract
Google security researcher shared more information on four security vulnerabilities also known as zero-days, unknown before they discovered them being exploited in the wild earlier this year.BleepingComputer
July 14, 2021 – Cryptocurrency
Linux-Focused Cryptojacking Gang Tracked to Romania Full Text
Abstract
The gang is using a new brute-forcer – “Diicot brute” – to crack passwords on Linux-based machines with weak passwords.Threatpost
July 14, 2021 – General
Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet Full Text
Abstract
Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks.Threatpost
July 14, 2021 – Government
House panel approves major funding boost for CISA in party-line vote Full Text
Abstract
The $52.8 billion budget approved by the House panel for DHS includes $2.42 billion for CISA, a hike of $397.4 million and $288.7 million above the Biden administration’s budget request.The Record
July 14, 2021 – Malware
Trickbot Malware Rebounds with Virtual-Desktop Espionage Module Full Text
Abstract
The attackers have spruced up the ‘vncDll’ module used for spying on targets and stealing data.Threatpost
July 14, 2021 – General
SonicWall warns of ‘critical’ ransomware risk to SMA 100 VPN appliances Full Text
Abstract
SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.BleepingComputer
July 14, 2021 – Policy and Law
New Law Will Help Chinese Government Stockpile Zero-Days Full Text
Abstract
Starting September 1, 2021, the Chinese government will require that any Chinese citizen who finds a zero-day vulnerability must pass the details to the Chinese government.Security Week
July 14, 2021 – Vulnerabilities
VMware Patches Vulnerabilities in ESXi, ThinApp Full Text
Abstract
VMware on Tuesday announced the availability of patches for vulnerabilities impacting its ESXi hypervisor, Cloud Foundation hybrid cloud platform, and ThinApp application virtualization tool.Security Week
July 14, 2021 – Vulnerabilities
Chinese government lays out new vulnerability disclosure rules Full Text
Abstract
The Cyberspace Administration of China (CAC) has published new regulations on Tuesday laying out stricter rules for vulnerability disclosure procedures inside the country’s borders.The Record
July 14, 2021 – Ransomware
Detonating Ransomware on My Own Computer (Don’t Try This at Home) Full Text
Abstract
Ransomware attacks are a daily occurrence, announcing new levels of danger and confusion to an already complicated business of protecting data. How it behaves can tell us lot about a ransomware attack - so I recently detonated Conti ransomware in a controlled environment to demonstrate the importance of proper cyber protection.BleepingComputer
July 14, 2021 – Criminals
Cybercriminals took advantage of WFH to target financial services companies, says Financial Stability Board report Full Text
Abstract
Criminals targeted security gaps at financial services firms as their staff moved to working from home, according to a report issued by the Financial Stability Board (FSB) on Tuesday.The Register
July 14, 2021 – Criminals
16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain Full Text
Abstract
Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda de Duero (Burgos) following a year-long investigation, the Civil Guard said in a statement. "Through malicious software, installed on the victim's computer by the technique known as 'email spoofing', [the group] would have managed to divert large amounts of money to their accounts," authorities noted . Computer equipment, mobile phones, and documents were confiscated, and more than 1,800 spam emails were analyzed, enabling law enforcement to block transfer attempts totaling €3.5 million successfully. The campaign is said to have netted the actors €276,470, of which €87,000 has beenThe Hacker News
July 14, 2021 – Attack
Trickbot improve its VNC module in recent attacks Full Text
Abstract
Trickbot botnet is back, its authors implemented updates for the VNC module used for remote control of infected systems. The Trickbot botnet continues to evolve despite the operations conducted by law enforcement aimed at dismantling it. The authors...Security Affairs
July 14, 2021 – Business
AWS offers free online training for cloud architects Full Text
Abstract
Amazon Web Services this week launched a new free online training series on Twitch that aims to build up the skills of cloud developers. The new series, the AWS Power Hour: Architecting, kicked off on Monday, July 12 and will run for six weeks. According to an AWS blog, the developer training is part of…SCMagazine
July 14, 2021 – APT
Chinese cyberspies’ wide-scale APT campaign hits Asian govt entities Full Text
Abstract
Kaspersky researchers have revealed an ongoing and large-scale advanced persistent threat (APT) campaign with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities.BleepingComputer
July 14, 2021 – Vulnerabilities
Encryption issues account for minority of flaws in encryption libraries – research Full Text
Abstract
An analysis of cryptographic libraries and the vulnerabilities affecting them has concluded that memory handling issues give rise to more vulnerabilities than encryption implementation errors.The Daily Swig
July 14, 2021 – Criminals
REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks Full Text
Abstract
REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, and payment portals, remained inaccessible, displaying an error message "Onionsite not found." The group's Tor network infrastructure on the dark web consists of one data leak blog site and 22 data hosting sites. It's not immediately clear what prompted the infrastructure to be knocked offline. REvil is one of the most prolific ransomware-as-a-service (RaaS) groups that first appeared on the threat landscape in April 2019. It's an evolution of the GandCrab ransomware, which hit the underground markets in early 2018. "If REvil has been permanently disrupted, it'll mark the end of a group which haThe Hacker News
July 14, 2021 – Hacker
China-linked hacking group DEV-0322 behind Solarwinds Serv-U zero-day attacks Full Text
Abstract
Microsoft attributes the recent attacks that have targeted SolarWinds file transfer servers to a China-linked APT group that the experts tracked as DEV-0322. Microsoft said that the recent attacks against SolarWinds file transfer servers were carried...Security Affairs
July 14, 2021 – Botnet
Trickbot updates its VNC module for high-value targets Full Text
Abstract
The Trickbot botnet malware that often distributes various ransomware strains, continues to be the most prevalent threat as its developers update the VNC module used for remote control over infected systems.BleepingComputer
July 14, 2021 – Malware
Malware-infected Documents Injected for Over Five Months on the Kazakhstan Government’s Portal Full Text
Abstract
T&T Security and Zerde Holding identified at least two documents uploaded on the government’s legal and budget-related sections that were installing a version of the Razy malware on users’ systems.The Record
July 14, 2021 – General
Use This Definitive RFP Template to Effectively Evaluate XDR solutions Full Text
Abstract
A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions. XDR has been referred to as the next step in the evolution of Endpoint Detection and Response (EDR) solutions. In fact, Gartner named XDR as the first of their Top 9 Security and Risk Trend for 2020. Because XDR represents a new solution category, there is no single accepted definition of what capabilities and features should (and shouldn't) be included. Each provider approaches XDR with different strengths and perspectives on how what an XDR solution should include. Therefore, selecting an XDR provider is quite challenging as organizations must organize and prioritize a wide range of capabilities that can differ significantly between providers. Cynet is nowThe Hacker News
July 14, 2021 – Ransomware
The infrastructure and websites used by REvil ransomware gang are not reachable Full Text
Abstract
The infrastructure and leak sites used by the REvil ransomware gang for its operations went offline last night. Starting last night, the infrastructure and the websites used by the REvil ransomware gang were mysteriously unreachable, BleepingComputer...Security Affairs
July 14, 2021 – General
Cyberattacks Should be Treated as a National Disaster in the U.S. Full Text
Abstract
Law enforcement officials have announced that a more widespread reaction will be forthcoming following the Kaseya ransomware attack that impacted over a thousand companies across the globe last week.Softpedia News
July 14, 2021 – Criminals
Cybercriminals Using Marvel’s Black Widow Movie to Spread Malware and Steal Payment Card Data Full Text
Abstract
According to Kaspersky, several Black Widow-themed phishing sites are operating to steal user credentials. One of the sites promised the users an early preview of the movie to lure users.Hackread
July 14, 2021 – Criminals
Ransom Negotiation and Data Leak Sites Operated by Attackers Behind Kaseya Hack Go Down Full Text
Abstract
The ransomware hacker gang REvil’s websites are offline, about a week and a half after its attack on IT software vendor Kaseya allowed the criminals to breach hundreds of companies around the world.Politico
July 14, 2021 – Ransomware
There’s a Clear Line From the REvil Ransomware to Russia Full Text
Abstract
A look at part of the REvil group's online infrastructure shows clear lines to Russian and U.K. service providers that, in theory, could help law enforcement agencies but don't appear eager to help.Gov Info Security
July 13, 2021 – General
Hillicon Valley: Russian hacking group believed to be behind Kaseya attack goes offline | DHS funding package pours millions into migrant surveillance | Jen Easterly sworn in as director of DHS cyber agency Full Text
Abstract
Websites used by the cyber criminal group known as REvil went dark Tuesday, just over a week after the group was linked by cybersecurity experts to the ransomware attack on software company Kaseya. While it is unknown why the websites went dark, President BidenJoe BidenDemocrats reach deal on .5T price tag for infrastructure bill Texas family arrested for role in Capitol riot Key Senate Democrats undecided on Biden's ATF nominee MORE last week urged Russian President Vladimir PutinVladimir Vladimirovich PutinHillicon Valley: Russian hacking group believed to be behind Kaseya attack goes offline | DHS funding package pours millions into migrant surveillance | Jen Easterly sworn in as director of DHS cyber agency Russia warns US against deploying troops in Central Asia after Afghanistan withdrawal Putin hosts Belarusian president for talks MORE to take further steps against hackers based in his country, and hinted to reporters that the U.S. had the option of disrupting the hackers’ servers.The Hill
July 13, 2021 – Vulnerabilities
Microsoft Crushes 116 Bugs, Three Actively Exploited Full Text
Abstract
Microsoft tackles 12 critical bugs, part of its July 2021 Patch Tuesday roundup, capping a ‘PrintNightmare’ month of headaches for system admins.Threatpost
July 13, 2021 – Hacker
Russian hacking group believed to be behind Kaseya cyber attack goes offline Full Text
Abstract
Websites on the dark web used by a criminal hacking group believed to be behind the recent massive ransomware attack on software company Kaseya went offline Tuesday.The Hill
July 13, 2021 – General
Websites repeatedly stalked by fraudulent copycats, say researchers Full Text
Abstract
Digital Shadows researchers found that over a four-month span, its clients on average had 90 fraudulent domains impersonating their websites and brands.SCMagazine
July 13, 2021 – Criminals
Ransomware Giant REvil’s Sites Disappear Full Text
Abstract
Just days after President Biden demanded that Russian President Putin shut down ransomware groups, the servers of one of the biggest groups mysteriously went dark.Threatpost
July 13, 2021 – Government
Jen Easterly sworn in as director of DHS cyber agency Full Text
Abstract
Jen Easterly was sworn in Tuesday as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), one day after the Senate unanimously approved her nomination.The Hill
July 13, 2021 – General
New open data project looks to gauge success, failure of ransomware policy Full Text
Abstract
A new website looks to aid ransomware policy discussions through open data, weeding out what works and what doesn’t.SCMagazine
July 13, 2021 – Breach
Guess Fashion Brand Deals With Data Loss After Ransomware Attack Full Text
Abstract
An attack on Guess compromised the personal and banking data of 1,300 victims.Threatpost
July 13, 2021 – Attack
Hackers use new SolarWinds zero-day to target US Defense orgs Full Text
Abstract
China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.BleepingComputer
July 13, 2021 – Vulnerabilities
Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days Full Text
Abstract
Microsoft rolled out Patch Tuesday updates for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems. Of the 117 issues, 13 are rated Critical, 103 are rated Important, and one is rated as Moderate in severity, with six of these bugs publicly known at the time of release. The updates span across several of Microsoft's products, including Windows, Bing, Dynamics, Exchange Server, Office, Scripting Engine, Windows DNS, and Visual Studio Code. July also marks a dramatic jump in the volume of vulnerabilities, surpassing the number Microsoft collectively addressed as part of its updates in May (55) and June (50). Chief among the security flaws actively exploited are as follows — CVE-2021-34527 (CVSS score: 8.8) - Windows Print Spooler Remote Code Execution Vulnerability (publicly disclosedThe Hacker News
July 13, 2021 – Breach
This couple lost £15,000 to scammers. We followed the money – and found millions in stolen crypto Full Text
Abstract
A CyberNews investigation uncovered a network of wallet addresses used by a scammer group to store and cash out millions in crypto stolen from thousands of victims. Original post @ https://cybernews.com/crypto/millions-of-stolen-crypto-found-investigation/ Mindaugas...Security Affairs
July 13, 2021 – Vulnerabilities
Microsoft fixes 117 vulnerabilities, four exploited in the wild Full Text
Abstract
This month’s Patch Tuesday from Microsoft comes just days after out-of-band updates were released to address PrintNightmare and other vulnerabilities.SCMagazine
July 13, 2021 – Vulnerabilities
Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader Full Text
Abstract
Adobe July patch roundup includes fixes for its ubiquitous and free PDF reader Acrobat 2020 and other software such as Illustrator and Bridge.Threatpost
July 13, 2021 – Solution
Amazon starts rolling out Ring end-to-end encryption globally Full Text
Abstract
Amazon-owned Ring has announced starting the worldwide roll out of video End-to-End Encryption (E2EE) to customers with compatible devices.BleepingComputer
July 13, 2021 – Attack
Chinese Hackers Exploit Latest SolarWinds 0-Day to Target U.S. Defense Firms Full Text
Abstract
Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution (RCE) exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322." The revelation comes days after the Texas-based IT monitoring software maker issued fixes for the flaw that could enable adversaries to remotely run arbitrary code with privileges, allowing them to perform actions like install and run malicious payloads or view and alter sensitive data. Tracked as CVE-2021-35211 , the RCE flaw resides in Serv-U's implementation of the Secure Shell (SSH) protocol. While it was previously revealed that the attacks were limited in scope, SolarWinds said it's "unaware of the identity of the potentially affected customers." Attributing the intrusions with high confidence to DEV-0322 (short for "Development Group 0322") based on observed victimology, tactics, and procedures, MicrThe Hacker News
July 13, 2021 – Vulnerabilities
Adobe patches critical vulnerabilities in Reader, Acrobat, and Illustrator Full Text
Abstract
Adobe addressed multiple critical vulnerabilities in several products, including Adobe Acrobat and Reader application. Adobe addressed multiple critical remote code execution and privilege escalation vulnerabilities in multiple products running on both...Security Affairs
July 13, 2021 – Attack
Fashion brand Guess hacked, DarkSide ransomware group the likely culprit Full Text
Abstract
The company’s investigation determined that social security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.SCMagazine
July 13, 2021 – APT
‘Charming Kitten’ APT Siphons Intel From Mid-East Scholars Full Text
Abstract
Professors, journalists and think-tank personnel, beware strangers bearing webinars: It’s the focus of a particularly sophisticated, and chatty, phishing campaign.Threatpost
July 13, 2021 – Vulnerabilities
Adobe updates fix 28 vulnerabilities in 6 programs Full Text
Abstract
Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge.BleepingComputer
July 13, 2021 – Vulnerabilities
Critical Flaws Reported in Etherpad — a Popular Google Docs Alternative Full Text
Abstract
Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor (version 1.8.13) that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and CVE-2021-34817 — were discovered and reported on June 4 by researchers from SonarSource, following which patches have been shipped for the latter in version 1.8.14 of Etherpad released on July 4. Etherpad is a real-time collaborative interface that enables a document to be edited simultaneously by multiple authors. It is an open-source alternative to Google Docs that can be self-hosted or used through one of the many third-party public instances available. "The XSS vulnerability allows attackers to take over Etherpad users, including admins. This can be used to steal or manipulate sensitive data," SonarSource vulnerability researcher Paul Gerste said in a report shared with TThe Hacker News
July 13, 2021 – Vulnerabilities
Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems Full Text
Abstract
The attack pairs a new vulnerability with older flaws that can be leveraged in new ways to attack a popular controller used across critical infrastructure sectors.SCMagazine
July 13, 2021 – Insider Threat
US indicts dark web user ‘The Bull’ for insider trading Full Text
Abstract
The U.S. Department of Justice (DoJ) has charged an individual for engaging in insider trading on the darknet. Greece-based Apostolos Trovias, known as the "The Bull" frequently used encrypted messaging services and the dark web for soliciting, exchanging and selling inside information.BleepingComputer
July 13, 2021 – General
Report: Cyberattacks drive 185% spike in health care data breaches in 2021 Full Text
Abstract
Malicious cyberattacks account for the vast majority of health care data breaches so far in 2021, while another report shows the sector will remain a prime target throughout the year.SCMagazine
July 13, 2021 – Vulnerabilities
Microsoft fixes Windows Hello authentication bypass vulnerability Full Text
Abstract
Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system.BleepingComputer
July 13, 2021 – Vulnerabilities
Microsoft July 2021 Patch Tuesday fixes 9 zero-days, 117 flaws Full Text
Abstract
Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured.BleepingComputer
July 13, 2021 – Government
CISA orders federal agencies to patch Windows PrintNightmare bug Full Text
Abstract
A new emergency directive ordered by the Cybersecurity and Infrastructure Security Agency (CISA) orders federal agencies to mitigate the actively exploited Window Print Spooler vulnerability on their networks.BleepingComputer
July 13, 2021 – Criminals
REvil ransomware gang’s web sites mysteriously shut down Full Text
Abstract
The infrastructure and websites for the REvil ransomware operation have mysteriously gone offline as of last night.BleepingComputer
July 13, 2021 – Privacy
Firefox 90 adds enhanced tracker blocking to private browsing Full Text
Abstract
Mozilla has introduced SmartBlock 2.0, the next version of its intelligent cross-site tracking blocking tech, with the release of Firefox 90.BleepingComputer
July 13, 2021 – Insider Threat
U.S. Prosecutors: Insider Trading Tips Sold on Darknet Sites Full Text
Abstract
A Greek national has been indicted by a federal grand jury on charges of selling insider trading tips and other proprietary financial data on darknet sites over several years, according to the DoJ.Gov Info Security
July 13, 2021 – Hacker
Iranian Hackers Posing as Scholars Target Professors and Writers in Middle-East Full Text
Abstract
A sophisticated social engineering attack undertaken by an Iranian-state aligned actor targeted think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies (SOAS). Enterprise security firm Proofpoint attributed the campaign — called " Operation SpoofedScholars " — to the advanced persistent threat tracked as TA453 , which is also known by the aliases APT35 (FireEye), Charming Kitten (ClearSky), and Phosphorous (Microsoft). The government cyber warfare group is suspected to carry out intelligence efforts on behalf of the Islamic Revolutionary Guard Corps (IRGC). "Identified targets included experts in Middle Eastern affairs from think tanks, senior professors from well-known academic institutions, and journalists specializing in Middle Eastern coverage," the researchers said in a technical write-up shared with The Hacker News. "TThe Hacker News
July 13, 2021 – Vulnerabilities
ModiPwn flaw in Modicon PLCs bypasses security mechanisms Full Text
Abstract
ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. Researchers at IoT security firm Armis discovered an authentication bypass vulnerability,...Security Affairs
July 13, 2021 – General
Non-profit Global Business Alliance launches supply chain subsidiary Full Text
Abstract
The Global Business Alliance, a non-profit devoted to raising foreign investment in U.S. industry, announced Tuesday a subsidiary to help international companies manage supply chain concerns. GBA Sentinel will assist international companies operating in the U.S. that face a growing understanding of risk from upstream partners in their supply chains and an increasingly complex regulatory space…SCMagazine
July 13, 2021 – Malware
New BIOPASS malware live streams victim’s computer screen Full Text
Abstract
Hackers compromised gambling sites to deliver a new remote access trojan (RAT) called BIOPASS that enables watching the victim's computer screen in real time by abusing popular live-streaming software.BleepingComputer
July 13, 2021 – Criminals
Cybercriminals steal millions in stolen crypto through scam impersonating Coinbase Full Text
Abstract
An investigation by CyberNews uncovered a network of crypto wallet addresses used by a scammer group to store and cash out millions in crypto stolen from thousands of victims.Cyber News
July 13, 2021 – Malware
Trickbot Malware Returns with a new VNC Module to Spy on its Victims Full Text
Abstract
Cybersecurity researchers have opened the lid on the continued resurgence of the insidious TrickBot malware , making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law enforcement. "The new capabilities discovered are used to monitor and gather intelligence on victims, using a custom communication protocol to hide data transmissions between [command-and-control] servers and victims — making attacks difficult to spot," Bitdefender said in a technical write-up published Monday, suggesting an increase in sophistication of the group's tactics. "Trickbot shows no sign of slowing down," the researchers noted. Botnets are formed when hundreds or thousands of hacked devices are enlisted into a network run by criminal operators, which are often then used to launch denial-of-network attacks to pummel businesses and critical infrastructure withThe Hacker News
July 13, 2021 – Outage
Social media partially disrupted in Cuba amid anti-government protests Full Text
Abstract
NetBlocks reported partial disruption to social media and messaging platforms in Cuba from 12 July 2021 shortly after Cubans went to the streets to protest the government. Security experts from NetBlocks are observing partial disruption to social...Security Affairs
July 13, 2021 – Vulnerabilities
Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities Full Text
Abstract
A vulnerability in Schneider Electric computer control systems popular in heating, air conditioning and other building systems could allow hackers to take control of them, researchers at Armis warned.Cyberscoop
July 13, 2021 – Breach
American retailer Guess discloses data breach after ransomware attack Full Text
Abstract
American clothing brand and retailer Guess discloses a data breach after the February ransomware attack and is notifying the affected customers. In February, American fashion brand Guess was hit by a ransomware attack, now the company is disclosing...Security Affairs
July 13, 2021 – Criminals
Scammers Poured Themselves a Glass and Got to Work on Wine-Themed Phishing Emails in 2020 Full Text
Abstract
2020 saw rising wine sales and digital scams to match. Researchers at Recorded Future and Area 1 Security witnessed an increase in wine-themed domain registrations and phishing emails since March.Security Intelligence
July 13, 2021 – Breach
Call Details of all Nepali Users Stolen in Cyberattack by Chinese Hackers on Nepal Telecom Full Text
Abstract
It has also been found that the data stolen from the telecom server has been kept on the dark web for sale. The CDR call data record of the telco was put for selling on June 29.The Times Of India
July 13, 2021 – Criminals
Eight arrests made as Eurojust dismantles $2.4 million e-commerce fraud operation Full Text
Abstract
The criminal network deployed phishing scams to dupe victims into paying for what they believed were goods and services via legitimate websites, including eBay, Amazon, and Airbnb.The Daily Swig
July 13, 2021 – Government
Senate confirms Jen Easterly as head of U.S. cyber agency Full Text
Abstract
The Senate on Monday confirmed Jen Easterly to lead the CISA, filling an eight-month leadership void at the top of an agency aiming to address widespread digital weaknesses across the country.Politico
July 13, 2021 – General
DNS-over-HTTPS takes another small step towards global domination Full Text
Abstract
Firefox recently announced that it will be rolling out DNS-over-HTTPS soon to one percent of its Canadian users as part of its partnership with the Canadian Internet Registration Authority (CIRA).Malwarebytes Labs
July 13, 2021 – Ransomware
Ransomware Landscape: REvil Is One of Many Operators Full Text
Abstract
Ransomware-as-a-service operations have grown rapidly, with cybersecurity firm Intel 471 late last year counting five major players, nine up-and-coming operations and 10 newcomers.Gov Info Security
July 12, 2021 – Vulnerabilities
Kaseya Patches Zero-Days Used in REvil Attacks Full Text
Abstract
The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers.Threatpost
July 12, 2021 – General
EDR (alone) won’t protect your organization from advanced hacking groups Full Text
Abstract
A team of academic researchers in Greece tested 11 different endpoint detection systems and found plenty of ways to evade them.SCMagazine
July 12, 2021 – Vulnerabilities
Critical RCE Flaw in ForgeRock Access Manager Under Active Attack Full Text
Abstract
Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely. "The [Australian Cyber Security Centre] has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," the organization said in an alert. ACSC didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them. Tracked as CVE-2021-35464 , the issue concerns a pre-authentication remote code execution (RCE) vulnerability in ForgeRock Access Manager identity and access management tool, and stems from an unsafe Java deserialization in the Jato framework used by the software. "An attacker exploiting the vulnerability will execute commands in the context of the current user, not as the root user (unless ForgeRoThe Hacker News
July 12, 2021 – Vulnerabilities
A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack Full Text
Abstract
SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring software maker that the flaw was being exploited in the wild. The threat actor behind the exploitation remains unknown as yet, and it isn't clear exactly how the attack was carried out. "Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability," SolarWinds said in an advisory published Friday, adding it's "unaware of the identity of the potentially affected customers." Affecting Serv-U version 15.2.3 HF1 and before, a successful exploitation of the shoThe Hacker News
July 12, 2021 – Government
Interpol urges police to unite against ‘potential ransomware pandemic’ Full Text
Abstract
Interpol (International Criminal Police Organisation) Secretary General Jürgen Stock urged police agencies and industry partners to work together to prevent what looks like a future ransomware pandemic.BleepingComputer
July 12, 2021 – Criminals
Bandidos Targeting Latin America, Spying on Victims Full Text
Abstract
ESET researchers took the wrap off of an ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, with a focus on Venezuela. The modifications made to this malware over the years show a keen interest of Bandidos cybercriminals to keep using this malware in future campa ... Read MoreCyware Alerts - Hacker News
July 12, 2021 – General
Hillicon Valley: World disgusted by racist abuse toward players | Senate unanimously approves Jen Easterly to lead DHS cyber agency | WhatsApp privacy update sparks complaint from EU consumer groups Full Text
Abstract
An onslaught of racist vitriol towards members of England’s soccer team flooded social media platforms, sparking fierce backlash. Twitter said it was taking action against the racist posts.The Hill
July 12, 2021 – General
Empty Threats and Warnings on Cyber Full Text
Abstract
On July 9, President Biden warned Russian President Vladimir Putin that the United States will take “any necessary action,” including imposing unspecified “consequences,” if Russia does not disrupt ransomware attacks from its soil. The problem with this warning is that the United States has been publicly pledging to impose “consequences” on Russia for its cyber actions for at least five years.Lawfare
July 12, 2021 – Government
After the Biden-Putin Summit, U.S.-Russia Expert Consultations Should Focus on the Financial Sector Full Text
Abstract
A bilateral agreement on cyberattacks against financial integrity would be an important first step that could help build confidence to make progress on other, more challenging areas. Yet, even for this issue, there are opportunities to make progress if expert consultations begin with a more narrowly defined policy problem.Lawfare
July 12, 2021 – Vulnerabilities
SolarWinds fixes critical Serv-U zero-day exploited in the wild Full Text
Abstract
SolarWinds confirmed that a threat actor is actively exploiting a new zero-day vulnerability in Serv-U products and urges customers to fix it. SolarWinds addressed a zero-day remote code execution flaw in Serv-U products which is actively...Security Affairs
July 12, 2021 – Ransomware
Could allowlisting reduce the impact of ransomware, cyberattacks on health care? Full Text
Abstract
Given health care’s reliance on tech, cyberattacks and ransomware can cause massive disruptions. PCMatic CEO thinks allowlisting could reduce the risk to patient safety.SCMagazine
July 12, 2021 – Malware
BIOPASS RAT Uses Live Streaming Steal Victims’ Data Full Text
Abstract
The malware has targeted Chinese gambling sites with fake app installers.Threatpost
July 12, 2021 – Breach
Fashion retailer Guess discloses data breach after ransomware attack Full Text
Abstract
American fashion brand and retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft.BleepingComputer
July 12, 2021 – Malware
Magecart Now Targeting Magento Credit Card Swipers Full Text
Abstract
Magecart is one of the most active and prominent threat actor groups targeting e-commerce websites. One of the Magecart groups heavily infected Magento e-commerce websites to steal credit card details using six different types of Magento credit card swipers.Cyware Alerts - Hacker News
July 12, 2021 – Government
Senate unanimously approves Jen Easterly to lead DHS cyber agency Full Text
Abstract
The Senate on Monday unanimously approved the nomination of Jen Easterly to serve as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).The Hill
July 12, 2021 – Hacker
Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again Full Text
Abstract
Researchers from Cyber News Team have spotted threat actors offering for sale 600 million LinkedIn profiles scraped from the platform, again. Original post: https://cybernews.com/news/threat-actors-scrape-600-million-linkedin-profiles-and-are-selling-the-data-online-again/ For...Security Affairs
July 12, 2021 – General
EDR (alone) won’t protect your organization from advanced hacking groups Full Text
Abstract
A team of academic researchers in Greece tested 11 different endpoint detection systems and found plenty of ways to evade them.SCMagazine
July 12, 2021 – Vulnerabilities
WordPress File Management Plugin Riddled with Critical Bugs Full Text
Abstract
The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.Threatpost
July 12, 2021 – Vulnerabilities
SolarWinds patches critical Serv-U vulnerability exploited in the wild Full Text
Abstract
SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers.BleepingComputer
July 12, 2021 – Government
China drafts new cyber-security industry plan Full Text
Abstract
China's Ministry of Industry and Information Technology has issued a draft 3-year action plan to develop the cybersecurity industry, estimating the sector may be worth over $38.6 billion by 2023.Reuters
July 12, 2021 – Government
Chris Inglis formally sworn in as national cyber director Full Text
Abstract
Former National Security Agency Deputy Director Chris Inglis was formally sworn in as the first White House national cyber director on Monday.The Hill
July 12, 2021 – Malware
BIOPASS malware abuses OBS Studio to spy on victims Full Text
Abstract
Researchers spotted a new malware, dubbed BIOPASS, that sniffs victim’s screen by abusing the framework of Open Broadcaster Software (OBS) Studio. Researchers from Trend Micro spotted a new malware, dubbed BIOPASS, that sniffs the victim’s...Security Affairs
July 12, 2021 – Privacy
Colorado’s new law ups need for privacy awareness training Full Text
Abstract
We often hear about security awareness training’s role in maintaining proper cyber hygiene, but what about privacy awareness programs? Experts largely agree that such training is integral to ensuring employees don’t run afoul of a growing array of legislations.SCMagazine
July 12, 2021 – General
Health insurers facing growing risk of customer data theft Full Text
Abstract
The U.S. health insurance industry is facing growing risks from cybersecurity threats due to the sophisticated techniques used by cybercriminals amid the expansion of remote healthcare delivery.Help Net Security
July 12, 2021 – Business
Microsoft aims to expand cloud security by acquiring RiskIQ Full Text
Abstract
Looking to strengthen its position in cloud security, Microsoft on Monday announced a definitive agreement to acquire RiskIQ, a cloud-based threat intelligence and attack surface management vendor best known for its PassiveTotal product. In a blog post, Eric Doerr, vice president of Microsoft Cloud Security, said companies need better visibility into their assets and exposure…SCMagazine
July 12, 2021 – General
New Eurocontrol Data Shows Airlines Increasingly Becoming Targets for Cyber Attacks Full Text
Abstract
Commercial airlines accounted for 61% of all detected aviation-related cyberattacks in 2020, according to new data collected by Eurocontrol analyzing rising levels of cyber risks for the industry.Aviation Today
July 12, 2021 – Vulnerabilities
PACS vulnerabilities, data breach spur lawsuit against radiology specialists Full Text
Abstract
A lawsuit against Northeast Radiology and Alliance HealthCare alleges negligence and inadequate security, following a nine-month data breach caused by PACS flaws.SCMagazine
July 12, 2021 – Vulnerabilities
Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems Full Text
Abstract
Mitsubishi Electric recently patched several vulnerabilities affecting many of its air conditioning products, mainly centralized controllers. CISA published advisories on the flaws this month.Security Week
July 12, 2021 – Business
VU raises $12M to remove cybersecurity friction from digital experiences Full Text
Abstract
The fraud and identity protection company announced $12 million in Series B funding from backers including Globant, Agrega Partners, NXTP Ventures, Bridge One, the IDB Lab, and Telefónica.TechCrunch
July 12, 2021 – Ransomware
Ransomware shows the power and weakness of the web Full Text
Abstract
Ransomware reflects the complexities and limitations of the web. We increasingly rely on computer systems that often have pretty shallow foundations when it comes to security and reliability.ZDNet
July 12, 2021 – Breach
Security Incident at Spreadshop Impacts Customers’ Payment Details, Emails, and Passwords Full Text
Abstract
Spreadshop was the victim of a cyberattack on July 8, 2021. In an update posted to its website, the platform confirmed that personal user data, including bank account details, were compromised.Privacy Sharks
July 12, 2021 – Breach
Threat actors scrape 600 million LinkedIn profiles and are selling the data online - again Full Text
Abstract
While not deeply sensitive, the information could still be used by malicious actors to quickly and easily find new targets based on the criminals’ preferred methods of social engineering.Cyber News
July 12, 2021 – General
Crafting a Custom Dictionary for Your Password Policy Full Text
Abstract
Modern password policies are comprised of many different elements that contribute to its effectiveness. One of the components of an effective current password policy makes use of what is known as a custom dictionary that filters out certain words that are not allowed as passwords in the environment. Using custom dictionaries, organizations can significantly improve their cybersecurity posture and filter out obvious passwords that provide poor security for user accounts. When using password dictionaries in your password policy, there are many different approaches to consider. First, let's consider crafting a custom dictionary for your password policy, including general guidance on how these are created, configured, and how you can easily use custom dictionaries in an active directory environment. Why customize your dictionary? Custom dictionaries are born from the need to "think as a hacker thinks." Compromised credentials are one of the leading causes of maliciousThe Hacker News
July 12, 2021 – Vulnerabilities
Kaseya releases patches for flaws exploited in massive ransomware supply-chain attack Full Text
Abstract
Kaseya has released a security update to address the VSA zero-day vulnerabilities exploited by REvil gang in the massive ransomware supply chain attack. Software vendor Kaseya has released a security update to fix the zero-day vulnerabilities in its VSA software...Security Affairs
July 12, 2021 – General
Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details Full Text
Abstract
The Stanford University student and security researcher Jack Cable launched a project dubbed “Ransomwhere” to track payments to bitcoin addresses associated with known ransomware gangs.Cyberscoop
July 12, 2021 – Malware
Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites Full Text
Abstract
Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software (OBS) Studio's live-streaming app to capture the screen of its victims to attackers. The attack involves deceiving gaming website visitors into downloading a malware loader camouflaged as a legitimate installer for popular-but-deprecated apps such as Adobe Flash Player or Microsoft Silverlight, only for the loader to act as a conduit for fetching next-stage payloads. Specifically, the websites' online support chat pages are booby-trapped with malicious JavaScript code, which is used to deliver the malware to the victims. "BIOPASS RAT possesses basic features found in other malware, such as file system assessment, remote desktop access, file exfiltration, and shell command eThe Hacker News
July 12, 2021 – Hacker
Magecart hackers hide stolen credit card data into images and bogus CSS files Full Text
Abstract
Magecart hackers continuously improve their exfiltration techniques to evade detection, they are hiding stolen credit card data into images. Magecart hackers have devised a new technique to obfuscating the malware within comment blocks and hide...Security Affairs
July 12, 2021 – Government
Interpol Calls For New Ransomware Mitigation Strategy Full Text
Abstract
Interpol announced that it will boost the role of country-specific National Central Bureaus, among other measures, to develop a global strategy for ransomware mitigation.Bank Info Security
July 12, 2021 – Business
Microsoft looks to boost your business security with reported RiskIQ bid Full Text
Abstract
Microsoft is planning to acquire the San Francisco-based cybersecurity firm RiskIQ and is likely to pay more than $500 million in cash for the company, according to people familiar with the matter.Tech Radar
July 12, 2021 – Breach
Cyberattack at Bank of Oak Ridge Exposes Customer Data and Certain Disrupts Banking Services Full Text
Abstract
Bank of Oak Ridge, a community bank in Piedmont-Triad, said an unauthorized actor accessed banking customer data in late April, leading the bank to launch an investigation into the incident.WFMY News2
July 12, 2021 – Vulnerabilities
Flaw in preprocessor language Less.js causes website to leak AWS secret keys Full Text
Abstract
A vulnerability in popular preprocessor language Less.js could be exploited to achieve remote code execution (RCE) against websites that allow users to input Less.js code, researchers have warned.The Daily Swig
July 12, 2021 – General
Former CISA chief makes case for including election systems as critical infrastructure Full Text
Abstract
"I think there are elements of the election administration function that should absolutely be considered critical infrastructure, and that is the administration element," Chris Krebs said.ZDNet
July 12, 2021 – Malware
BIOPASS RAT New Malware Sniffs Victims via Live Streaming Full Text
Abstract
BIOPASS RAT possesses features such as file system assessment, remote desktop access, file exfiltration, and shell command execution. It can also steal web browser and instant messaging client data.Trend Micro
July 12, 2021 – General
Fraudulent content has a direct impact on consumer loyalty Full Text
Abstract
Scams accounted for 59% of blocked user-generated malicious content during the first quarter of the year, according to a Sift report. 27% of consumers face fraudulent content on a daily/weekly basis.Help Net Security
July 11, 2021 – Outage
At long last: Kaseya restores VSA services shelved after ransomware row Full Text
Abstract
Kaseya released its long-awaited patch for on-premises versions of its VSA remote monitoring and management software on Sunday and began its rollout of the software-of-a-service version of the tool.SCMagazine
July 11, 2021 – Vulnerabilities
Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack Full Text
Abstract
Florida-based software vendor Kaseya on Sunday rolled out urgent updates to address critical security vulnerabilities in its Virtual System Administrator (VSA) solution that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack . Following the incident, the company had urged on-premises VSA customers to shut down their servers until a patch was available. Now, almost 10 days later the firm has shipped VSA version 9.5.7a (9.5.7.2994) with fixes for three new security flaws — CVE-2021-30116 - Credentials leak and business logic flaw CVE-2021-30119 - Cross-site scripting vulnerability CVE-2021-30120 - Two-factor authentication bypass The security issues are part of a total of seven vulnerabilities that were discovered and reported to Kaseya by the Dutch Institute for Vulnerability Disclosure ( DIVD ) earlier in April, of which four other weaknesses were remediated in previous releases —The Hacker News
July 11, 2021 – Vulnerabilities
Kaseya patches VSA vulnerabilities used in REvil ransomware attack Full Text
Abstract
Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers.BleepingComputer
July 11, 2021 – Government
Biden discussed Russian ransomware gangs with Putin in a phone call Full Text
Abstract
President Joe Biden expressed concerns about ransomware attacks carried out by Russian gangs during a phone call with President Vladimir Putin. The recent wave of ransomware attacks carried out by Russian gangs like REvil and Darkside worries US authorities...Security Affairs
July 11, 2021 – Breach
Hackers accessed Mint Mobile subscribers’ data and ported some numbers Full Text
Abstract
Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers' account information and ported phone numbers. Mint Mobile is an American telecommunications company which sells mobile phone services and operates as an MVNO...Security Affairs
July 11, 2021 – General
Security Affairs newsletter Round 322 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Coop supermarket...Security Affairs
July 10, 2021 – Breach
Mint Mobile hit by a data breach after numbers ported, data accessed Full Text
Abstract
Mint Mobile has disclosed a data breach after an unauthorized person gained access to subscribers' account information and ported phone numbers to another carrier.BleepingComputer
July 10, 2021 – Attack
Iran’s railroad system was hit by a cyberattack, hackers posted fake delay messages Full Text
Abstract
Iran's railroad system was hit by a cyberattack, hackers posted fake messages about delays or cancellations of the trains on display boards at stations across the country. Iran's railroad system was hit by a cyberattack, threat actors published fake...Security Affairs
July 10, 2021 – General
Biden asks Putin to crack down on Russian-based ransomware gangs Full Text
Abstract
President Biden asked Russian President Putin during a phone call today to take action against ransomware groups operating within Russia's borders behind the ongoing wave of attacks impacting the United States and other countries worldwide.BleepingComputer
July 10, 2021 – General
Cyber Polygon 2021: Towards Secure Development of Digital Ecosystems Full Text
Abstract
Cybersecurity is one of the most important topics on the global agenda, boosted by the pandemic. As the global digitalisation is further accelerating, the world is becoming ever more interconnected. Digital ecosystems are being created all around us: countries, corporations and individuals are taking advantage of the rapid spread of the Internet and smart devices. In this context, a single vulnerable link is enough to bring down the entire system, just like the domino effect.Threatpost
July 10, 2021 – Criminals
How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS Full Text
Abstract
Before claiming responsibility for a breach at the software company Kaseya, the group accounted for less than 10% of known ransomware victims, according to the threat intelligence firm Recorded Future. Now, it accounts for 42%.Cyberscoop
July 10, 2021 – Business
Kaseya warns customers of ongoing malspam campaign posing as security updates Full Text
Abstract
Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered...Security Affairs
July 10, 2021 – Business
Netskope’s valuation more than doubles to $7.5 bn in the latest $300 mn funding round Full Text
Abstract
Netskope's valuation more than doubled to $7.5 billion after a $300 million funding round led by ICONIQ Growth, highlighting massive demand for cloud security services as cyber-attacks increase in number and severity.Reuters
July 10, 2021 – Hacker
Hackers use a new technique in malspam attacks to disable Macro security warnings in weaponized docs Full Text
Abstract
Experts from McAfee Labs warn of a novel technique used by threat actors that are using non-malicious documents to disable security warnings prior to executing macro code on the recipient’s PC.Security Affairs
July 10, 2021 – Vulnerabilities
Philips Vue Vulnerabilities Could Let a Hacker to Perform Remote Code Execution Full Text
Abstract
15 Philips Vue Vulnerabilities located in the Philips Clinical Collaboration Platform Portal represent dangerous tools in the hands of a hacker as they could cause remote code execution cyberattacks.Heimdal Security
July 10, 2021 – Attack
Ransomware attack hits Swiss consumer outlet Comparis Full Text
Abstract
Comparis said its website - which lets consumers compare prices for goods and services - was working normally again, but access via e-mail and customer hotline may still be limited as it works with cybersecurity specialists on a complete recovery.Reuters
July 10, 2021 – Vulnerabilities
Dutch researchers shed new light on Kaseya vulnerabilities Full Text
Abstract
A team of researchers at the Dutch Institute for Vulnerability Disclosure posted a pair of articles outlining how and when they found a series of vulnerabilities in the tools Kaseya provides to managed service providers (MSPs).Tech Target
July 09, 2021 – Ransomware
The Week in Ransomware - July 9th 2021 - A flawed attack Full Text
Abstract
This week's news focuses on the aftermath of REvil's ransomware attack on MSPs and customers using zero-day vulnerabilities in Kaseya VSA. The good news is that it has not been as disruptive as we initially feared.BleepingComputer
July 09, 2021 – Attack
Ukraine says Russian-linked hackers attacked its navy’s website Full Text
Abstract
Ukraine said Friday that it believes Russian-linked hackers were responsible for hacking the Ukrainian navy's website and publishing a series of fake reports about its ongoing Sea Breeze military drills taking place in the Black Sea.The Hill
July 9, 2021 – General
CMS, NIH ERM programs failed to account for national security risks, says OIG Full Text
Abstract
Instead, Centers for Medicare and Medicaid Services policies and procedures rely on the enterprise risk management processes from the Department of Health and Human Services, rather than its own requirements.SCMagazine
July 09, 2021 – Government
FBI warns cryptocurrency owners, exchanges of ongoing attacks Full Text
Abstract
The Federal Bureau of Investigation (FBI) warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses.BleepingComputer
July 09, 2021 – General
Hillicon Valley: Biden warns Putin on Russian ransomware attacks | Biden signs sweeping order to boost competition| TikTok updates automated takedown system Full Text
Abstract
President BidenJoe BidenJohn Kerry to visit Moscow officials to discuss 'global climate ambition' Civil rights leaders find meeting with WH 'encouraging' amidst voting rights battle Pentagon eyes places to send Afghan interpreters as Biden pledges evacuations by end of July MORE rounded out a very active week in cybersecurity by calling Russian President Vladimir PutinVladimir Vladimirovich PutinJohn Kerry to visit Moscow officials to discuss 'global climate ambition' Hillicon Valley: Warren asks SEC to take closer look at cryptocurrency exchanges | Maryland town knocked offline as part of massive ransomware attack | Huawei hires three new lobbying firms The New START extension lacks critical points for strategic stability MORE to discuss concerns including recent Russian-linked ransomware attacks, urging him to take action to disrupt cyber criminal groups operating in his country. The call came a week after the ransomware attack on software group Kaseya that hit up to 1,500 companies.The Hill
July 9, 2021 – Attack
Kaseya attack spotlights potential gaps in managed service provider model Full Text
Abstract
Where are the failures in vendor and MSP relationships that could introduce risks, and what tactics could help close the gaps? SC Media spoke to supply chain experts to examine the complexities.SCMagazine
July 09, 2021 – Government
Biden warns Putin on Russian ransomware attacks Full Text
Abstract
President Biden spoke by phone with Russian President Vladimir PutinVladimir Vladimirovich PutinJohn Kerry to visit Moscow officials to discuss 'global climate ambition' Hillicon Valley: Warren asks SEC to take closer look at cryptocurrency exchanges | Maryland town knocked offline as part of massive ransomware attack | Huawei hires three new lobbying firms The New START extension lacks critical points for strategic stability MORE on Friday and urged him to take action to disrupt criminal groups operating in Russia that are behind recent ransomware attacks in the United States.The Hill
July 9, 2021 – Vulnerabilities
Four vulnerabilities found in Sage X3 ERP software could allow threat actors to run commands at will Full Text
Abstract
The vulnerabilities were fixed according to Rapid7’s vulnerability disclosure process and were patched in recent releases of Sage X3 Version 9.SCMagazine
July 9, 2021 – General
US urges mayors to confer with states on cyber posture, but can more be done? Full Text
Abstract
Municipalities still lack incentive to follow cyber best practices, notes former city CISO.SCMagazine
July 9, 2021 – Breach
Data of 1.2M patients stolen prior to third-party vendor ransomware attack Full Text
Abstract
This week’s health care data breach roundup includes attacks on Practicefirst, University Medical Center of Southern Nevada and Coastal Family Health Center.SCMagazine
July 9, 2021 – APT
WildPressure APT Group is Continuously Sharpening its Tools Full Text
Abstract
Kaspersky spotted WildPressure APT group deploying a new malware to target businesses in the oil and gas sector, through both Windows and macOS systems. Experts also noted some similarities in the techniques of the WildPressure APT and BlackShadow, which also targets organizations in the Middl ... Read MoreCyware Alerts - Hacker News
July 9, 2021 – Criminals
Operation Lyrebird - Unfolding the Secrets of Dr HeX Full Text
Abstract
INTERPOL arrested Dr. Hex under the operation Lyrebird. The accused was involved in attacks on 134 websites from 2009–2018 across multiple regions. This arrest comes as a breath of fresh air for the security community. The suspect is under investigation and more details may emerge in the futur ... Read MoreCyware Alerts - Hacker News
July 09, 2021 – Breach
Insurance giant CNA reports data breach after ransomware attack Full Text
Abstract
CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.BleepingComputer
July 9, 2021 – Ransomware
Conti Unpacked | Understanding Ransomware Development As a Response to Detection Full Text
Abstract
Conti is developed and maintained by the so-called TrickBot gang, and it is mainly operated through a RaaS affiliation model. The Conti ransomware is derived from the codebase of Ryuk.Sentinel One
July 09, 2021 – Hacker
Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration Full Text
Abstract
Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection. "One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion," Sucuri Security Analyst, Ben Martin, said in a write-up. "These can later be downloaded using a simple GET request at a later date." MageCart is the umbrella term given to multiple groups of cybercriminals targeting e-commerce websites with the goal of plundering credit card numbers by injecting malicious JavaScript skimmers and selling them on the black market. Sucuri attributed the attack to Magecart Group 7 based on overlaps in the tactics, techniques, and procedures (TTThe Hacker News
July 9, 2021 – Breach
Insurance firm CNA discloses data breach after March ransomware attack Full Text
Abstract
Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. The...Security Affairs
July 09, 2021 – Phishing
Kaseya warns of phishing campaign pushing fake security updates Full Text
Abstract
Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates.BleepingComputer
July 9, 2021 – Criminals
Hacker Deposited $1M on Popular Cybercrime Marketplace to Buy Zero-day Exploits Full Text
Abstract
According to experts, the member “integra” has joined the forum in September 2012 and has gained a high reputation over the course of time. The threat actor aims at buying malware with zero detection.Security Affairs
July 09, 2021 – General
New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021 Full Text
Abstract
For years, security professionals have recognized the need to enhance SaaS security. However, the exponential adoption of Software-as-a-Service (SaaS) applications over 2020 turned slow-burning embers into a raging fire. Organizations manage anywhere from thirty-five to more than a hundred applications. From collaboration tools like Slack and Microsoft Teams to mission-critical applications like SAP and Salesforce, SaaS applications act as the foundation of the modern enterprise. 2020 created an urgent need for security solutions that mitigate SaaS misconfiguration risks. Recognizing the importance of SaaS security, Gartner named a new category, SaaS Security Posture Management (SSPM), to distinguish solutions that have the capabilities to offer a continuous assessment of security risks arising from a SaaS application's deployment. To understand how security teams are currently dealing with their SaaS security posture and what their main concerns are, Adaptive Shield, a leading SThe Hacker News
July 9, 2021 – Hacker
Hackers use a new technique in malspam attacks to disable Macro security warnings in weaponized docs Full Text
Abstract
Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in malspam attacks. Most of the malspam campaigns leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients...Security Affairs
July 09, 2021 – Vulnerabilities
Microsoft: PrintNightmare security updates work, start patching! Full Text
Abstract
Microsoft says the emergency security updates released at the start of the week correctly patch the PrintNightmare Print Spooler vulnerability for all supported Windows versions and urges users to start applying the updates as soon as possible.BleepingComputer
July 9, 2021 – General
How virtual cyber fusion centre can streamline cybersecurity silos Full Text
Abstract
Virtual cyber fusion can help alleviate the limitations of manually-driven security strategies while leveraging threat intelligence and automation to help address a myriad of use cases.ExpressComputer
July 09, 2021 – Vulnerabilities
Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems Full Text
Abstract
Multiple security vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal (aka Vue PACS), some of which could be exploited by an adversary to take control of an affected system. "Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or affect system data integrity in such a way as to negatively impact the confidentiality, integrity, or availability of the system," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted in an advisory. The 15 flaws impact: VUE Picture Archiving and Communication Systems (versions 12.2.x.x and prior), Vue MyVue (versions 12.2.x.x and prior), Vue Speech (versions 12.2.x.x and prior), and Vue Motion (versions 12.2.1.5 and prior) Four of the issues (CVE-2020-1938, CVE-2018-12326, CVE-2018-11218, CVE-2020-4670, and CVE-2018-8014) have been given a CThe Hacker News
July 9, 2021 – Vulnerabilities
Microsoft says that the emergency patch recently released correctly fix the PrintNightmare flaw Full Text
Abstract
Microsoft confirmed that the emergency security updates (KB5005010) correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527). Microsoft says that the emergency security patches released early this week correctly address the PrintNightmare...Security Affairs
July 9, 2021 – Vulnerabilities
Cisco fixes High Severity issue in BPA and WSA Full Text
Abstract
Cisco released security patches for high severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks.Security Affairs
July 9, 2021 – Business
Cisco fixes High Severity issue in BPA and WSA Full Text
Abstract
Cisco addresses high severity privilege escalation vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks. Cisco released security patches for high severity vulnerabilities...Security Affairs
July 9, 2021 – Vulnerabilities
Coursera API vulnerabilities disclosed by researchers Full Text
Abstract
Checkmarx revealed multiple security flaws in the Coursera platform, including a BOLA flaw that may expose endpoints that handle object identifiers, potentially opening the door to wider attacks.ZDNet
July 9, 2021 – Malware
Zloader With a New Infection Technique Full Text
Abstract
The initial attack vector is a phishing email with a Microsoft Word document attachment. Upon opening the document, a password-protected Microsoft Excel file is downloaded from a remote server.McAfee
July 08, 2021 – Hacker
Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files Full Text
Abstract
While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing macro code to infect victims' computers. In yet another instance of malware authors continue to evolve their techniques to evade detection, researchers from McAfee Labs stumbled upon a novel tactic that "downloads and executes malicious DLLs (ZLoader) without any malicious code present in the initial spammed attachment macro." ZLoader infections propagated using this mechanism have been primarily reported in the U.S., Canada, Spain, Japan, and Malaysia, the cybersecurity firm noted. The malware — a descendant of the infamous ZeuS banking trojan — is well known for aggressively using macro-enabled Office documents as an initial attack vector to steal credentials and personallThe Hacker News
July 8, 2021 – Vulnerabilities
Multiple Sage X3 vulnerabilities expose systems to hack Full Text
Abstract
Rapid7 researchers discovered security vulnerabilities in the Sage X3 ERP product that could allow to take control of vulnerable systems. Researchers from Rapid7 discovered a total of four security vulnerabilities in the Sage X3 enterprise resource...Security Affairs
July 8, 2021 – Policy and Law
Proposed law seeks to boost federal cyber workforce through apprenticeships, training Full Text
Abstract
Pundits and cyber experts alike praise bill, which would empower CISA and the Department of Veterans Affairs to establish and operate the workforce development programs.SCMagazine
July 08, 2021 – General
Hillicon Valley: Warren asks SEC to take closer look at cryptocurrency exchanges | Maryland town knocked offline as part of massive ransomware attack | Huawei hires three new lobbying firms Full Text
Abstract
Sen. Elizabeth WarrenElizabeth WarrenBiden Education Department hires vocal proponent of canceling student debt First Republican announces run for Massachusetts governor Some Democrats put activism over climate action MORE (D-Mass.) on Thursday strongly urged a key regulatory agency to look into cryptocurrency exchanges, an issue that has gained prominence in recent years and particularly following the use of cryptocurrencies as part of ransomware attacks.The Hill
July 8, 2021 – Attack
Year-long spear-phishing campaign targets global energy industry Full Text
Abstract
Many of the spear-phishing emails show the threat actor did their homework, with procurement jargon and references to real executives and ongoing projects.SCMagazine
July 8, 2021 – Policy and Law
Trump Sues Facebook, Google and Twitter Full Text
Abstract
Former US president takes legal action against companies over alleged illegal censorshipInfosecurity Magazine
July 8, 2021 – Malware
Marvel Movie Malware Detected Full Text
Abstract
Black Widow malware masquerades as new movie to steal money and credentialsInfosecurity Magazine
July 8, 2021 – Attack
Online course provider Coursera hit with API issues, with cloud driving additional exposure Full Text
Abstract
APIs have been around for years, but the adoption of cloud and cloud services are leading drivers behind explosive use recently, enabling attackers to elevate privileges and move laterally throughout networks.SCMagazine
July 8, 2021 – General
Multi-Cloud Environments More Risky Full Text
Abstract
Security professionals say multi-cloud environments pose greater security challengesInfosecurity Magazine
July 08, 2021 – Attack
REvil victims are refusing to pay after flawed Kaseya ransomware attack Full Text
Abstract
The REvil ransomware gang's attack on MSPs and their customers last week outwardly should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments.BleepingComputer
July 8, 2021 – Attack
Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign Full Text
Abstract
A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs.Threatpost
July 8, 2021 – Breach
Kroger reaches $5M settlement with breach victims, as Supreme Court defines ‘actual harm’ Full Text
Abstract
Health care providers are increasingly facing the risk of lawsuits amid the rise in data breaches. The recent Supreme Court decision on “actual harm” may curtail the financial impact.SCMagazine
July 8, 2021 – Breach
Morgan Stanley discloses data breach after the hack of a third-party vendor Full Text
Abstract
The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. Investment banking firm Morgan Stanley has disclosed a data breach...Security Affairs
July 8, 2021 – Business
In video address, exhausted Kaseya CEO announces relaunch dates Full Text
Abstract
Kaseya CEO Fred Voccola said the company was confident in the July 11 date to relaunch VSA SaaS and on-premises services.SCMagazine
July 8, 2021 – Business
Coursera Flunks API Security Test in Researchers’ Exam Full Text
Abstract
The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data.Threatpost
July 8, 2021 – Policy and Law
U.K.’s Online Safety Bill: Not That Safe, After All? Full Text
Abstract
The U.K. government's long-awaited Online Safety Bill was published on May 12. What does it say?Lawfare
July 8, 2021 – Business
In video address, exhausted Kaseya CEO announces relaunch dates Full Text
Abstract
Kaseya CEO Fred Voccola said the company was confident in the July 11 date to relaunch VSA SaaS and on-premises services.SCMagazine
July 08, 2021 – Vulnerabilities
Windows security update KB5004945 breaks printing on Zebra printers Full Text
Abstract
Microsoft's recent out-of-band KB5004945 PrintNightmare security updates are preventing Windows users from printing to certain Zebra printers.BleepingComputer
July 8, 2021 – Botnet
How Fake Accounts and Sneaker-Bots Took Over the Internet Full Text
Abstract
Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis.Threatpost
July 08, 2021 – Policy and Law
Cyber Command lawyer calls for military operations against hackers Full Text
Abstract
The top lawyer for U.S. Cyber Command is calling for the United States to push back against transnational criminal hackers with military cyber operations.The Hill
July 08, 2021 – Outage
Maryland town knocked offline as part of massive ransomware attack Full Text
Abstract
A Maryland town was taken offline last week during the massive ransomware attack on through Miami-based technology firm Kaseya.The Hill
July 8, 2021 – General
Online brands prioritizing speed over security Full Text
Abstract
Consumers around the world fear that businesses are now compromising online security in their efforts to deliver seamless digital experiences, according to research by Trulioo.Help Net Security
July 8, 2021 – Business
NanoLock secures $11 million Series B to boost OT and IoT device-level protection Full Text
Abstract
NanoLock Security has secured an $11 million Series B round from new investors OurCrowd, HIVE2040 (by Avnon Group), and Atlantica Group as well as current investors AWZ Ventures.Calcalis Tech
July 8, 2021 – Vulnerabilities
Android Updates for July 2021 Patch Tens of High-Severity Vulnerabilities Full Text
Abstract
The most severe vulnerabilities affect the System component and could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.Security Week
July 08, 2021 – Breach
Morgan Stanley reports data breach after vendor Accellion hack Full Text
Abstract
Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third party vendor.BleepingComputer
July 8, 2021 – Vulnerabilities
Information disclosure, privilege escalation vulnerabilities spotted in IOBit Advanced SystemCare Ultimate Full Text
Abstract
Researchers from Cisco Talos recently discovered multiple vulnerabilities in IOBit Advanced SystemCare Ultimate. These vulnerabilities all exist in a monitoring driver in the software.Cisco Talos
July 08, 2021 – Government
WSJ to Biden: Inaction on Russian cyber attacks would prove your ‘words are empty’ Full Text
Abstract
The editorial board of the Wall Street Journal is imploring President Biden to take swift action and send a strong message to Russian and other foreign adversaries that the U.S. will not tolerate cybercrime or those who harbor cyber criminals.The Hill
July 08, 2021 – Vulnerabilities
Critical Flaws Reported in Sage X3 Enterprise Management Software Full Text
Abstract
Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems. These issues were discovered by researchers from Rapid7, who notified Sage Group of their findings on Feb. 3, 2021. The vendor has since rolled out fixes in recent releases for Sage X3 Version 9 (Syracuse 9.22.7.2), Sage X3 HR & Payroll Version 9 (Syracuse 9.24.1.3), Sage X3 Version 11 (Syracuse 11.25.2.6), and Sage X3 Version 12 (Syracuse 12.10.2.8) that were shipped in March. The list of vulnerabilities is as follows - CVE-2020-7388 (CVSS score: 10.0) - Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component CVE-2020-7389 (CVSS score" 5.5) - System "CHAINE" Variable Script Command Injection (No fix planned) CVE-2020-7387 (CVSS score: 5.3) - Sage X3 InsThe Hacker News
July 8, 2021 – General
Cybercrime Costs Organizations Nearly $1.79 Million Per Minute Full Text
Abstract
648 cyber-attacks per minute occurred in the past year, costing organizations $1.79 million every minuteInfosecurity Magazine
July 8, 2021 – Solution
Tor Browser 10.5 is out, it includes a new anti-censorship feature Full Text
Abstract
The Tor Project has released Tor Browser 10.5 which enhances an anti-censorship feature and warns of V2 onion URL deprecation. The Tor Project has released Tor Browser 10.5 which implements an improved anti-censorship feature and warns users of V2 onion...Security Affairs
July 8, 2021 – Phishing
‘How can I help you today?’ Scammers dupe online support agents through live chat platforms Full Text
Abstract
The scheme is yet another recent example of phishing campaigns leveraging communication mediums outside of email to catch prospective victims off-guard. And it works in part because website operators that use chat features are not always diligently scanning uploaded files for malware.SCMagazine
July 08, 2021 – Solution
Mozilla Firefox to roll out DNS over HTTPS for Canadian users Full Text
Abstract
Mozilla has decided to roll out the DNS over HTTPS (DoH) feature by default for Canadian Firefox users later this month. The move comes after DoH has already been offered to US-based Firefox users since 2020.BleepingComputer
July 8, 2021 – General
Critical infrastructure cyberattacks signaling the importance of prioritizing security Full Text
Abstract
As the U.S. looks at its vulnerable industries, the responsibility is falling on businesses to ensure that they are keeping the organization and employees safe and secure.Help Net Security
July 08, 2021 – Attack
Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America Full Text
Abstract
Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed " Bandidos " by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across manufacturing, construction, healthcare, software services, and retail sectors. Written in both Delphi and C++, Bandook has a history of being sold as a commercial remote access trojan (RAT) dating all the way back to 2005. Since then, numerous variants have emerged on the threat landscape and put to use in different surveillance campaigns in 2015 and 2017, allegedly by a cyber-mercenary group known as Dark Caracal on behalf of government interests in Kazakhstan and Lebanon. In a continuing resurgence of the Bandook Trojan, Check Point last year disclosed three new samples — oneThe Hacker News
July 8, 2021 – General
CTOs Keeping Quiet on Breaches to Avoid Cyber Blame Game Full Text
Abstract
Report finds 92% of UK organizations suffered a successful attack last yearInfosecurity Magazine
July 8, 2021 – Criminals
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits Full Text
Abstract
A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members. A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one...Security Affairs
July 8, 2021 – Insider Threat
Pentagon Office Left Military Designs for Body Armor, Vehicle Gear Unsecured Online Full Text
Abstract
The office in charge of the U.S. military’s 3D printing left designs for defense technology vulnerable to theft by hackers and adversaries, according to a DODIG report made public on Wednesday.Cyberscoop
July 08, 2021 – Education
Security Awareness Training is Broken. Human Risk Management (HRM) is the Fix Full Text
Abstract
Humans are an organization's strongest defence against evolving cyber threats, but security awareness training alone often isn't enough to transform user behaviour. In this guide, usecure looks at why Human Risk Management (HRM) is the new fix for building a security-savvy workforce. Don't be fooled... Businesses are investing more than ever into strengthening their employee security awareness efforts, but a big problem still plagues SMBs and enterprises in every sector — human-related data breaches . Even with more businesses rolling out staff security awareness training programs to combat evolving cyber threats, over 90% of data breaches still stem from human error. So, why are human-related data breaches still so prevalent? Access Now: Security Awareness Training is Broken. HRM is the Fix [Free eBook] → Security awareness training often isn't enough It's easy to think that rolling out some security awareness courses and sending a few email bulletins froThe Hacker News
July 8, 2021 – Government
Regulator Probes Former Health Secretary’s Use of Private Email Full Text
Abstract
Matt Hancock comes under investigation by the ICOInfosecurity Magazine
July 8, 2021 – Hacker
Experts bypassed Microsoft’s emergency patch for the PrintNightmare Full Text
Abstract
The emergency patch for the PrintNightmare vulnerability released by Microsoft is incomplete and still allows RCE. Yesterday, Microsoft has released an out-of-band KB5004945 security update to address the PrintNightmare vulnerability, unfortunately,...Security Affairs
July 8, 2021 – Attack
‘Apex predators’: Why the Kaseya ransomware attack has experts worried Full Text
Abstract
The REvil gang used a level of planning and sophistication closer to high-level, government-backed hackers, rather than a mere criminal operation, several cybersecurity experts say.NBC News
July 08, 2021 – Vulnerabilities
How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare Full Text
Abstract
This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we reported earlier , Microsoft already released a patch in June 2021, but it wasn't enough to stop exploits. Attackers can still use Print Spooler when connecting remotely. You can find all you need to know about this vulnerability in this article and how you can mitigate it (and you can). Print Spooler in a nutshell: Print Spooler is Microsoft's service for managing and monitoring files printing. This service is among Microsoft's oldest and has had minimal maintenance updates since it was released. Every Microsoft machine (servers and endpoints) has this feature enabled by default. PrintNightmare vulnerability: As soon as an attacker gains limited userThe Hacker News
July 8, 2021 – Vulnerabilities
New PrintNightmare Patch Can Be Bypassed, Say Researchers Full Text
Abstract
Point and Print function appears to be the problemInfosecurity Magazine
July 8, 2021 – Business
Sophos acquires Capsule8 for Linux security Full Text
Abstract
Acquired for an unknown sum, the acquisition will see Sophos integrate Capsule8 technology, which is aimed at Linux cybersecurity, to its Adaptive Cybersecurity Ecosystem.Channel Asia
July 08, 2021 – Criminals
SideCopy Hackers Target Indian Government Officials With New Malware Full Text
Abstract
A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs), signaling a "boost in their development operations." Attributed to a group tracked as SideCopy, the intrusions culminate in the deployment of a variety of modular plugins, ranging from file enumerators to browser credential stealers and keyloggers (Xeytan and Lavao), Cisco Talos said in a report published Wednesday. "Targeting tactics and themes observed in SideCopy campaigns indicate a high degree of similarity to the Transparent Tribe APT (aka APT36) also targeting India," researchers Asheer Malhotra and Justin Thattil said . "These include using decoys posing as operational documents belonging to the military and think tanks and honeytrap-based infections." First documented in September 2020 by Indian cybersecurity firm Quick Heal, SideCopy has aThe Hacker News
July 8, 2021 – Vulnerabilities
From Microsoft to QNAP, Multiple Firms Warn Against High-Severity Flaws Full Text
Abstract
Researchers are urging everyone to patch multiple critical and high-severity vulnerabilities found in Windows Print Spooler, QNAP devices, and other systems.Cyware Alerts - Hacker News
July 8, 2021 – Attack
India: SBI Customers Being Targeted by an OTP Scam Full Text
Abstract
The research wing of New Delhi-based think tank CyberPeace Foundation, along with Autobot Infosec Pvt Ltd, studied two such incidents on the name of SBI that were faced by some smartphone users.The Times Of India
July 8, 2021 – General
Australia: Tech giants say government cyber assistance would simply cause more problems Full Text
Abstract
The Security Legislation Amendment (Critical Infrastructure) Bill 2020 would allow government to provide "assistance" to entities in response to significant cyberattacks on Australian systems.ZDNet
July 7, 2021 – Solution
Kaseya offers pre-patch instructions for on-prem VSA customers Full Text
Abstract
Still struggling to manage the fallout from a ransomware attack that kicked off Friday, Kaseya was unable to relaunch the software-as-a-service VSA remote management product it took offline or provide a patch for its on-premises VSA customers Wednesday. But the company did release pre-patch instructions to prepare on-premises clients for the coming update.SCMagazine
July 07, 2021 – Vulnerabilities
Microsoft’s Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability Full Text
Abstract
Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems. On Tuesday, the Windows maker issued an emergency out-of-band update to address CVE-2021-34527 (CVSS score: 8.8) after the flaw was accidentally disclosed by researchers from Hong Kong-based cybersecurity firm Sangfor late last month, at which point it emerged that the issue was different from another bug — tracked as CVE-2021-1675 — that was patched by Microsoft on June 8. "Several days ago, two security vulnerabilities were found in Microsoft Windows' existing printing mechanism," Yaniv Balmas, head of cyber research at Check Point, told The HackeThe Hacker News
July 07, 2021 – Business
Huawei hires three new lobbying firms Full Text
Abstract
Embattled Chinese telecom Huawei recently hired three new lobbying firms, according to disclosure reports filed with Congress.The Hill
July 07, 2021 – General
Hillicon Valley: Trump files lawsuit against Facebook, Twitter, and Google | New cyberattacks ramp up tensions with Russia | 36 states, DC sue Google alleging antitrust violations in app store Full Text
Abstract
Former President TrumpDonald TrumpOver 535 charged six months after Jan. 6 riot: DOJ Pennsylvania dentist and Trump associate accused of groping patient TikTok names longtime Microsoft worker as top US lawyer MORE is lashing out at social media platforms again over their actions taken to ban and suspend his accounts, this time in the form of a lawsuit against Twitter, Google and Facebook as well as their CEOs. Legal experts, however, said the case will almost certainly be dismissed.The Hill
July 07, 2021 – Vulnerabilities
Microsoft: PrintNightmare now patched on all Windows versions Full Text
Abstract
Microsoft has released the KB5004948 emergency security update to address the Windows Print Spooler PrintNightmare vulnerability on all editions of Windows 10 1607 and Windows Server 2016.BleepingComputer
July 7, 2021 – Attack
Wiregrass Electric Cooperative hit by a ransomware attack Full Text
Abstract
Wiregrass Electric Cooperative, a rural Alabama electric cooperative was hit by a ransomware attack. Wiregrass Electric Cooperative, a rural Alabama electric cooperative that serves about 25,000 members, was hit by a ransomware attack. The cyberattack...Security Affairs
July 7, 2021 – Policy and Law
US Could Appeal Assange Extradition Refusal Full Text
Abstract
UK court grants United States permission to appeal decision not to extradite WikiLeaks founder Julian AssangeInfosecurity Magazine
July 7, 2021 – Vulnerabilities
Emergency ‘PrintNightmare’ patch said to fix RCEs, but not privilege escalation on Windows servers Full Text
Abstract
Failure to patch could lead to what one researcher described as “a catastrophic security incident such as data theft, financial fraud, or ransomware.”SCMagazine
July 07, 2021 – Ransomware
Ransomware code in Kaseya attack bypasses systems using Russian, related languages: report Full Text
Abstract
The Russian-linked cybercrime gang associated with carrying out a major ransomware attack against a software company used a code that avoids targeting systems that use Russian and other former Soviet-era languages as a default, according to a new report.The Hill
July 07, 2021 – Vulnerabilities
Cybersecurity researchers say they warned Kaseya of flaw in April Full Text
Abstract
The Miami-based technology firm at the center of the worldwide security breach carried out by Russia-linked hackers was warned in early April of the cybersecurity vulnerability that was ultimately taken advantage of by the cyber criminal gang.The Hill
July 07, 2021 – Government
Biden considering ‘range of options’ to respond to Russian cyberattacks Full Text
Abstract
President Biden and his administration are considering potential options for a response to new Russian-linked cyberattacks, the latest in a string of debilitating attacks linked to the country.The Hill
July 7, 2021 – Business
Cybersecurity companies are selling like hotcakes in post-pandemic investment market Full Text
Abstract
The red-hot cyber investment market in 2020 was replete with action from top dogs, both from outside the industry and within.SCMagazine
July 7, 2021 – Government
Biden Administration Cancels $10bn JEDI Contract Full Text
Abstract
Joint Enterprise Defense Infrastructure cloud contract axed, replaced with multi-vendor contractInfosecurity Magazine
July 7, 2021 – Insider Threat
Most Insider Data Breaches Aren’t Malicious Full Text
Abstract
New research finds 78% of reported breaches that involve an insider were not maliciousInfosecurity Magazine
July 7, 2021 – Hacker
Why I Love (Breaking Into) Your Security Appliances Full Text
Abstract
David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an enterprise through them.Threatpost
July 07, 2021 – Government
White House urges mayors to review local govts’ cybersecurity posture Full Text
Abstract
Following recent ransomware attacks, Deputy National Security Advisor Anne Neuberger asked US mayors to immediately hold a meeting with the heads of state agencies to evaluate their cybersecurity posture.BleepingComputer
July 7, 2021 – APT
WildPressure APT expands operations targeting the macOS platform Full Text
Abstract
WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Researchers from Kaspersky have spotted a new malware used by the WildPressure APT group...Security Affairs
July 7, 2021 – Vulnerabilities
Critical vulnerabilities in Philips Vue PACS devices could allow remote takeover Full Text
Abstract
Philips reported a range of 15 vulnerabilities in its Vue platform to CISA, four of which were ranked critical. A successful exploit could allow an attacker to take control of the PACS system.SCMagazine
July 7, 2021 – Malware
Fake Kaseya VSA Security Update Drops Cobalt Strike Full Text
Abstract
Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe.Threatpost
July 07, 2021 – Vulnerabilities
Microsoft’s incomplete PrintNightmare patch fails to fix vulnerability Full Text
Abstract
Researchers have bypassed Microsoft's emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed.BleepingComputer
July 7, 2021 – APT
MacOS Targeted in WildPressure APT Malware Campaign Full Text
Abstract
Threat actors enlist compromised WordPress websites in campaign targeting macOS users.Threatpost
July 7, 2021 – Vulnerabilities
Kaspersky Password Manager caught out making easily bruteforced passwords Full Text
Abstract
The big mistake made by KPM was using the current system time in seconds as the seed into a Mersenne Twister PRNG, meaning different instances will generate the same password at a given time.ZDNet
July 07, 2021 – Solution
Tor Browser adds new anti-censorship feature, V2 onion warnings Full Text
Abstract
The Tor Project has released Tor Browser 10.5 with V2 onion URL deprecation warnings, a redesigned Tor connection experience, and an improved anti-censorship feature.BleepingComputer
July 7, 2021 – Botnet
Mirai_ptea: The Latest Mirai-Inspired Botnet Full Text
Abstract
Cybersecurity researchers have spotted a new Mirai-inspired botnet, mirai_ptea, abusing an undisclosed vulnerability in KGUARD's Digital Video Recorders (DVR). Mirai’s source code was leaked several years ago, and since then multiple variants are still getting spotted on the threat landscape.Cyware Alerts - Hacker News
July 07, 2021 – Business
Microsoft urges users to update PCs in security warning Full Text
Abstract
Microsoft on Wednesday said that users of its Windows operating system should install updates after a cybersecurity company accidentally published a guide on how to exploit vulnerabilities in the service.The Hill
July 7, 2021 – Criminals
SideCopy cybercriminals use new custom Trojans in attacks against India’s military Full Text
Abstract
Cisco Talos said a recent surge in activity signals a boost in the APT's development of techniques, tactics, and tools, with multiple, new remote access trojans (RATs) and plugins now in play.ZDNet
July 07, 2021 – APT
WildPressure APT Emerges With New Malware Targeting Windows and macOS Full Text
Abstract
A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats. Russian cybersecurity firm attributed the attacks to an advanced persistent threat (APT) it tracks as " WildPressure ," with victims believed to be in the oil and gas industry. WildPressure first came to light in March 2020 based off of a malware operation distributing a fully-featured C++ Trojan dubbed "Milum" that enabled the threat actor to gain remote control of the compromised device. The attacks were said to have begun as early as August 2019. "For their campaign infrastructure, the operators used rented OVH and Netzbetrieb virtual private servers (VPS) and a domain registered with the Domains by Proxy anonymization service," Kaspersky researcher DenisThe Hacker News
July 7, 2021 – Phishing
Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing Full Text
Abstract
The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers’ bank-card data.Threatpost
July 07, 2021 – Vulnerabilities
Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform Full Text
Abstract
An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process. In light of the growing number of cyber incidents that target the software supply chain, there is an urgent need to assess such third-party modules for any security risks and minimize the attack surface, ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. NuGet is a Microsoft-supported mechanism for the .NET platform and functions as a package manager designed to enable developers to share reusable code. The framework maintains a central repository of over 264,000 unique packages that have collectively produced more than 109 billion package downloads. "All identified precompiled software components in our research were different versions of 7Zip, WinSCP and PuTThe Hacker News
July 07, 2021 – General
[Whitepaper] XDR vs. NDR/NTA – What do Organizations Truly Need to Stay Safe? Full Text
Abstract
Security teams whose organizations are outside the Fortune 500 are faced with a dilemma. Most teams will have to choose between deploying either a network traffic analysis (NTA) or network detection and response (NDR) tool or an endpoint detection and response (EDR) tool to supplement their existing stacks. On the other hand, some organizations are getting the best of both options by switching to extended detection and response (XDR) tools which often provide all these tools in one solution. This is the key takeaway of a new whitepaper by security provider Cynet ( download it here ). NDR tools have become more popular, and for a good reason. They offer organizations a variety of benefits and can help further secure an environment from lateral movement attacks and further infiltration if an initial attack succeeds. NDR tools can detect a wide range of malicious activities and anomalous behaviors. The question is whether the strengths of an NDR tool outweigh its limitations. TheThe Hacker News
July 7, 2021 – Hacker
Researchers Learn From Nation-State Attackers’ OpSec Mistakes Full Text
Abstract
In their investigation of the Charming Kitten group, IBM X-Force researchers investigated attackers' operational security errors to reveal the inner details of how they function and launch attacks.Dark Reading
July 7, 2021 – Breach
Ransomware-hit law firm gets court order asking crooks not to publish the data they stole Full Text
Abstract
A legal services firm, 4 New Square Chambers, hit by a ransomware attack has responded by getting a British High Court order demanding the criminals do not share stolen data.The Register
July 07, 2021 – General
Email fatigue among users opens doors for cybercriminals Full Text
Abstract
When it comes to email security, a one-and-done approach never works. Using this multi-layered approach, which includes URL filtering, can often block malicious domains and downloads of malware, preventing systems from being infected in the first place.BleepingComputer
July 7, 2021 – APT
Russian Cozy Bear APT Group Allegedly Breached Republican National Committee via Third-party Provider Full Text
Abstract
The hacker group has been tied to Russia’s foreign intelligence service and has previously been accused of breaching the Democratic National Committee in 2016 and SolarWinds more recently.Bloomberg
July 07, 2021 – General
New cyberattacks ramp up tensions with Russia Full Text
Abstract
The massive cyberattack on U.S. software company Kaseya, potentially impacting up to 1,500 businesses, is ramping up tensions between Washington and Moscow less than a month after President Biden pressed Russian President Vladimir PutinVladimir Vladimirovich PutinRNC says contractor breached in hack, GOP data secure Biden to meet with federal agencies to address ransomware concerns this week Up to 1,500 companies compromised by ransomware attack on Kaseya MORE to curb such attacks.The Hill
July 7, 2021 – Phishing
Over 170 Scam Cryptomining Apps Charge for Non-Existent Services Full Text
Abstract
Lookout claims users have lost over $350,000 to mobile fraudInfosecurity Magazine
July 7, 2021 – Criminals
Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya Full Text
Abstract
Resecurity® HUNTER, cyber threat intelligence and R&D unit, identified a strong connection to a cloud hosting and IoT company servicing the domain belonging to cybercriminals. According to the recent research published by ReSecurity on Twitter,...Security Affairs
July 7, 2021 – Attack
Phishing campaign looks to leverage Kaseya VSA fears Full Text
Abstract
A phishing campaign is taking advantage of Kaseya VSA customers eagerly awaiting a patch for the beleaguered remote monitoring and management application.SCMagazine
July 7, 2021 – Cryptocurrency
Cloud Cryptomining Swindle in Google Play Rakes in Cash Full Text
Abstract
At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.Threatpost
July 07, 2021 – Malware
Fake Kaseya VSA security update backdoors networks with Cobalt Strike Full Text
Abstract
Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates.BleepingComputer
July 7, 2021 – Attack
Kaseya Ransomware Attack Used to Fuel Malspam Campaign Full Text
Abstract
In a series of tweets from Malwarebytes, researchers have disclosed that a malspam campaign is taking advantage of the Kaseya ransomware attack to drop Cobalt Strike.Cyware Alerts - Hacker News
July 7, 2021 – Breach
Kremlin Hackers Reportedly Breached Republican National Committee Full Text
Abstract
Attempted holiday weekend raid came via third-party providerInfosecurity Magazine
July 7, 2021 – Vulnerabilities
Microsoft rolled out emergency update for Windows PrintNightmare zero-day Full Text
Abstract
Microsoft rolled out KB5004945 emergency update to address the actively exploited PrintNightmare zero-day vulnerability (CVE-2021-34527) in Print Spooler service. Microsoft has released the KB5004945 emergency security update to address the actively...Security Affairs
July 07, 2021 – Attack
Tens of thousands scammed using fake Android cryptomining apps Full Text
Abstract
Scammers tricked at least 93,000 people into buying fake Android cryptocurrency mining applications, as revealed by researchers from California-based cybersecurity firm Lookout.BleepingComputer
July 7, 2021 – Government
China reportedly warns local tech companies of increased cybersecurity oversight Full Text
Abstract
China has reportedly warned local companies it will tighten oversight of data security and overseas listings days after unveiling Didi has been subject to a government cybersecurity review.ZDNet
July 7, 2021 – Criminals
US: We May Take Unilateral Action Against Russian Cyber-Criminals Full Text
Abstract
White House says option remains if Kremlin doesn’t actInfosecurity Magazine
July 7, 2021 – Breach
Hacker leaks info of pro-Trump GETTR members online Full Text
Abstract
A hacker has leaked claims to have breached pro-Trump GETTR and leaked the private information of almost 90,000 members on a hacking forum. GETTR is a new pro-Trump social media platform created by Jason Miller, a former Trump advisor, the Twitter-like...Security Affairs
July 7, 2021 – Business
Kaseya’s VSA SaaS restart fails, service restoration delayed by at least ten hours Full Text
Abstract
Kaseya’s attempt to recover its SaaS services has suffered a setback. The recent breach has seen its VSA services offline since July 2nd and over 1,000 ransomware infections.The Register
July 7, 2021 – Breach
Data Breach at Third-party Provider Exposes Medical Data of Chicago-based Northwestern Memorial HealthCare Patients Full Text
Abstract
In its advisory, the healthcare provider said that the attackers made a copy of the datasets, which include patient names, dates of birth, SSNs, health insurance details, and medical record numbers.The Daily Swig
July 7, 2021 – Business
Zimperium Acquires Mobile Application Security Pioneer whiteCryption Full Text
Abstract
Zimperium will continue to support current whiteCryption customers and will integrate whiteCryption’s solutions into Zimperium’s Mobile Application Protection Suite (MAPS).Yahoo! Finance
July 7, 2021 – APT
WildPressure APT Group Targets the macOS Platform with New Python Trojan Full Text
Abstract
The versioning system shows that the malware used by WildPressure is still under active development. Besides commercial VPS, this time the operators used compromised legitimate WordPress websites.Kaspersky Labs
July 6, 2021 – General
As Kaseya works to bring SaaS servers online, experts laud precautionary measures as ‘opposite of complacency’ Full Text
Abstract
The decision to bring down SaaS severs as a precautionary measure while the company evaluated the full nature of the ransomware attacks is one that many security researchers endorse as a responsible maneuver, even if inconvenient for a segment of customers and partners.SCMagazine
July 6, 2021 – Breach
Pro-Trump ‘Gettr’ Social Platform Hacked On Day One Full Text
Abstract
The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users’ profiles defaced. Next, hackers posted its user database online.Threatpost
July 6, 2021 – Hacker
Hacker’s Mom Puts End to 10-Month Cyber-bullying Campaign Full Text
Abstract
Cyber-bully appears to stop online abuse of 6th grader after being caught in the act by momInfosecurity Magazine
July 6, 2021 – Breach
Official Formula 1 App Hacked Full Text
Abstract
Racing fans receive strange messages over holiday weekendInfosecurity Magazine
July 6, 2021 – Breach
BA Settles with Data Breach Victims Full Text
Abstract
Victims of 2018 British Airways data breach to receive confidential settlementInfosecurity Magazine
July 6, 2021 – General
Industry Must Drive Forward International Collaboration on Cyber Full Text
Abstract
Industry bodies need to take the lead in fostering international collaboration in cybersecurityInfosecurity Magazine
July 6, 2021 – General
Brits Lose Over £1bn in Fraud So Far This Year Full Text
Abstract
Brits have lost over £1bn to fraud in the first half of 2021, but cases fell significantly in Q2 compared to Q1Infosecurity Magazine
July 6, 2021 – Government
Japan Looks to Boost Military Cyber Experts Amid Security Threat Full Text
Abstract
China and Russia blamed for increasingly hostile activityInfosecurity Magazine
July 6, 2021 – Criminals
Suspected Cyber-Criminal “Dr Hex” Tracked Down Via Phishing Kit Full Text
Abstract
Group-IB researchers also benefitted from poor threat actor OpSecInfosecurity Magazine
July 6, 2021 – Criminals
REvil Group Demands $70 Million for ‘Universal Decryptor’ Full Text
Abstract
Researchers have detected 5000 attack attempts since July 2Infosecurity Magazine
July 06, 2021 – Vulnerabilities
Microsoft pushes emergency update for Windows PrintNightmare zero-day Full Text
Abstract
Microsoft has released the KB5004945 emergency security update to address the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. However, the patch is incomplete and the vulnerability can still be locally exploited to gain SYSTEM privileges.BleepingComputer
July 6, 2021 – Botnet
Trickbot Braces Up For Another Innings Full Text
Abstract
Kryptos Logic Threat Intelligence researchers have revealed a new report about a new TrickBot modulel that bears precise resemblance to the Zeus attack pattern.Cyware Alerts - Hacker News
July 06, 2021 – Breach
RNC says contractor breached in hack, GOP data secure Full Text
Abstract
The Republican National Committee (RNC) on Tuesday acknowledged that one of its contractors had been breached by hackers linked to Russia but said its data had not been accessed.The Hill
July 6, 2021 – Government
‘A uniquely bad idea’? Senators propose hack back study, but most experts’ minds are made up Full Text
Abstract
While lawmakers behind a new bipartisan bill argue that the use of offensive hacking could be a powerful deterrent, security experts worry that such reactionary legislation might do even more harm.SCMagazine
July 6, 2021 – Privacy
Android Apps in Google Play Harvest Facebook Credentials Full Text
Abstract
The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.Threatpost
July 06, 2021 – Government
US warns of action against ransomware gangs if Russia refuses Full Text
Abstract
White House Press Secretary Jen Psaki says that the US will take action against cybercriminal groups from Russia if the Russian government refuses to do so.BleepingComputer
July 6, 2021 – Malware
Malware Dropper: A Threat in Disguise That Cannot be Ignored Full Text
Abstract
Proofpoint researchers dissected a new variant of JSSLoader malware that offered threat actors to evade detections and load additional payloads.Cyware Alerts - Hacker News
July 06, 2021 – Government
Hillicon Valley: Biden to confront cyberattacks following Kaseya attack | JEDI contract axed | Tech giants warn Hong Kong Full Text
Abstract
White House press secretary Jen PsakiJen PsakiDeath toll rises to 27 in Florida condo collapse Try and try again: GOP tests out myriad attacks on Biden Biden names nominee for US ambassador to Germany MORE said President BidenJoe BidenFive big questions about the Jan. 6 select committee With Afghanistan left in limbo, can the global South trust the West? When should the president be able to fire a watchdog? MORE is scheduled to meet with leaders across federal agencies to discuss solutions to the spike in ransomware attacks. Psaki’s announcement about Biden’s meeting to address the issue came the same day software company Kaseya acknowledged that as many as 1,500 companies worldwide were potentially compromised in last week’s attack.The Hill
July 6, 2021 – Vulnerabilities
HHS urges providers to secure PACS vulnerabilities exposing medical images Full Text
Abstract
Following SC Media’s report on PACS vulnerabilities exposing millions of medical images, HHS is urging health care entities to review device inventories and secure system flaws.SCMagazine
July 06, 2021 – Breach
Hacker dumps private info of pro-Trump GETTR social network members Full Text
Abstract
Newly launched social site GETTR suffered a data breach after a hacker claimed to use an unsecured API to scrape the private information of almost 90,000 members and then shared the data on a hacking forum.BleepingComputer
July 6, 2021 – Attack
Attackers Accelerating Ransomware Attacks on ICS Networks Full Text
Abstract
Ransomware attacks are evolving rapidly to target ICS endpoints worldwide with a significant rise in activity during the past year. Four ransomware families, namely Ryuk, Nefilm, Revil, and LockBit, account for over half of these attacks, a new Trend Micro report says.Cyware Alerts - Hacker News
July 06, 2021 – Government
Biden to meet with federal agencies to address ransomware concerns this week Full Text
Abstract
President Biden on Wednesday will meet with officials at several federal agencies to discuss solutions for confronting the ongoing wave of ransomware attacks.The Hill
July 6, 2021 – Privacy
Malicious Privacy Tools Advertised to Extract Private Data Full Text
Abstract
Researchers uncovered a Privacy Tool campaign that purports to offer file protection via encryption and decryption services. In fact, it is loaded with malware. The latest campaign shed some light on the increasing amount of efforts attackers are putting into making such privacy-themed lures r ... Read MoreCyware Alerts - Hacker News
July 6, 2021 – Vulnerabilities
SonicWall addresses critical CVE-2021-20026 flaw in NSM devices Full Text
Abstract
Positive Technologies experts provide details about potential impact of a recently fixes command injection flaw in SonicWall NSM devices. Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection...Security Affairs
July 6, 2021 – Breach
Dominion National reaches $2M settlement over nine-year data breach Full Text
Abstract
Dominion National reached a settlement with the 2.9 million patients impacted by a data breach that went undetected for nine years and was reported in 2019.SCMagazine
July 6, 2021 – Vulnerabilities
Western Digital Users Face Another RCE Full Text
Abstract
Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.Threatpost
July 06, 2021 – Vulnerabilities
Microsoft 365 to let SecOps lock hacked Active Directory accounts Full Text
Abstract
Microsoft is updating Microsoft Defender for Identity to allow security operations (SecOps) teams to block attacks by locking a compromised user's Active Directory account.BleepingComputer
July 06, 2021 – Breach
Up to 1,500 companies compromised by ransomware attack on Kaseya Full Text
Abstract
As many as 1,500 companies around the world were potentially compromised by a ransomware attack late last week on software company Kaseya, the group acknowledged on Monday.The Hill
July 06, 2021 – Criminals
Hackers reportedly lower ransom demand to restore data to $50M Full Text
Abstract
The Russia-linked ransomware gang known as REvil has reportedly lowered the amount of money it is willing to accept in exchange for data belonging to hundreds of companies worldwide that it is holding hostage.The Hill
July 6, 2021 – Vulnerabilities
Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted Full Text
Abstract
REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.Threatpost
July 6, 2021 – Attack
WEC: No data compromised in ransomware attack Full Text
Abstract
While a ransomware attack was launched against the Alabama-based Wiregrass Electric Cooperative during the weekend, officials have verified that no data have been compromised.WTVY
July 6, 2021 – Attack
Healthcare Ransomware Attack Impacts Practice Management Software Vendor PracticeFirst Full Text
Abstract
Apart from PII, diagnoses, lab and treatment information, health insurance details, employee usernames and passwords, bank account information, and tax identification numbers were exposed.HealthITSecurity
July 06, 2021 – Attack
Kaseya: Roughly 1,500 businesses hit by REvil ransomware attack Full Text
Abstract
Kaseya says the REvil supply-chain ransomware attack breached the systems of roughly 60 of its direct customers using the company's VSA on-premises product.BleepingComputer
July 6, 2021 – Vulnerabilities
WAF bypass: ‘Severe’ OWASP ModSecurity Core Rule Set bug was present for several years Full Text
Abstract
A vulnerability in the OWASP ModSecurity Core Rule Set (CRS) project that could allow attackers to bypass security mechanisms was present for several years, the maintainers have admitted.The Daily Swig
July 06, 2021 – Criminals
Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities Full Text
Abstract
Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme. The two-year investigation, dubbed Operation Lyrebird by the international, intergovernmental organization, resulted in the arrest of a Moroccan citizen nicknamed Dr HeX, cybersecurity firm Group-IB disclosed today in a report shared with The Hacker News. Dr HeX is said to have been "active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims," the cybersecurity firm said . The cyber attacks involved deploying a phishing kit consisting of web pages that spoofed banking entities in the country, followed by sending mass emailsThe Hacker News
July 6, 2021 – Breach
Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya Full Text
Abstract
Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers. Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the...Security Affairs
July 6, 2021 – Business
Kaseya plans to bring SaaS servers back online Tuesday, with patch then expected within a day Full Text
Abstract
A patch for on-premises customers of the VSA product that was the source of a widespread ransomware attack since Friday is currently going through testing and validation.SCMagazine
July 6, 2021 – General
European Union Agency for Cybersecurity Publishes Cybersecurity Guide for SMEs Full Text
Abstract
The ENISA published a guide to provide SMEs with practical 12 high-level recommendations on how to improve the security of their infrastructure and their business processes.Security Affairs
July 06, 2021 – Attack
Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly Full Text
Abstract
U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that the ransomware gang might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack, it has since emerged that a never-before-seen security vulnerability ( CVE-2021-30116 ) in the software was leveraged to push ransomware to Kaseya's customers. "The attackers were able to exploit zero-day vulnerabilities in the VSA product to bypass authentication and run arbitrary command execution," the Miami-headquartered company noted in the incident analysis. "This allowed the attackers to leverage the standard VSA product functionality to deplThe Hacker News
July 6, 2021 – Criminals
Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide Full Text
Abstract
Group-IB supported INTERPOL in its Operation Lyrebird that allowed to identify a threat actor presumably responsible for multiple attacks. Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks,...Security Affairs
July 6, 2021 – Vulnerabilities
GitLab triages bug bounty-reported flaws with latest release Full Text
Abstract
GitLab has resolved a raft of vulnerabilities, including two high-impact web security flaws – a CSRF vulnerability and a DoS vulnerability, with an update to its software development platform.The Daily Swig
July 6, 2021 – Vulnerabilities
QNAP addressed a critical flaw that allows compromising NAS devices Full Text
Abstract
Taiwanese vendor QNAP addressed a critical flaw, tracked as CVE-2021-28809, that could be exploited to compromise vulnerable NAS devices. Taiwanese vendor QNAP fixed a critical vulnerability, tracked as CVE-2021-28809, that could be exploited by attackers...Security Affairs
July 6, 2021 – Criminals
Moroccan hacker Dr HeX arrested for phishing attacks, malware distribution Full Text
Abstract
Moroccan authorities arrested a hacker known as “Dr HeX” for allegedly conducting website defacement, phishing attacks, and malware distribution over 12 years, Interpol announced.The Record
July 6, 2021 – Government
ENISA publishes Cybersecurity guide for SMEs Full Text
Abstract
ENISA publishes Cybersecurity guide for SMEs, a document that aims at providing suggestions to secure their business During the COVID-19 pandemic, most of organizations increased their presence online, enlarging their surface of attacks. The surface...Security Affairs
July 6, 2021 – Attack
Kaseya Counts Up to 1,500 Businesses Affected by Ransomware Attack Full Text
Abstract
Between 800 and 1,500 businesses around the world have been affected by a ransomware attack centered on U.S. information technology firm Kaseya, its chief executive said on Monday.Reuters
July 6, 2021 – Hacker
Hackers Target Formula 1 Mobile Push Notification Service to Send Unexpected Notifications to Users Full Text
Abstract
The world of Formula 1 racing was livened up over the weekend as the sport's official app sent out some unexpected notifications to its mobile app users on the eve of the Austrian Grand Prix.The Register
July 6, 2021 – General
The mismanaging of secrets costs Organizations $1.2M per year Full Text
Abstract
As per a 1Password survey, for 10% of respondents who experienced secret leakage, their company lost more than $5 million. Over 60% of participants stated they had dealt with important data leakage.Heimdal Security
July 6, 2021 – Government
Japan to bolster national cybersecurity defence with 800 new hires: Report Full Text
Abstract
Japan's Ministry of Defense has announced plans to bolster its cybersecurity unit by bringing on additional personnel to help defend against increasingly sophisticated attacks.ZDNet
July 6, 2021 – General
Cyber insurance failing to live up to expectations Full Text
Abstract
Ransomware has become an existential threat for some insurers. At a time of mounting losses and rising public criticism, a RUSI paper argues for a reset in the cyber insurance industry.Help Net Security
July 05, 2021 – Vulnerabilities
QNAP fixes critical bug in NAS backup, disaster recovery app Full Text
Abstract
Taiwan-based network-attached storage (NAS) maker QNAP has addressed a critical security vulnerability enabling attackers to compromise vulnerable NAS devices' security.BleepingComputer
July 5, 2021 – Criminals
Diavol Ransomware’s Connection with Wizard Spider Revealed Full Text
Abstract
FortiGuard Lab associated Diavol ransomware with the Russian Wizard Spider threat actor. Experts revealed noticing Diavol and Conti payloads being used in ransomware attacks targeting different systems in early June. The connection of ransomware to already established cybercrime groups shows how ... Read MoreCyware Alerts - Hacker News
July 5, 2021 – Attack
The Kaseya Ransomware Attack is a Really Big Deal Full Text
Abstract
If you’re not already paying attention to the Kaseya ransomware incident, you should be.Lawfare
July 5, 2021 – Government
CISA, FBI share guidance for MSPs and their customers impacted in Kaseya attack Full Text
Abstract
CISA and the FBI published guidance for the victims impacted by the REvil supply-chain ransomware attack against Kaseya. CISA and the Federal Bureau of Investigation (FBI) have published guidance for the organizations impacted by the massive REvil supply-chain...Security Affairs
July 5, 2021 – Business
Kaseya won’t release on-prem patch before SaaS restoration starts Full Text
Abstract
The Kaseya board determined the company was not ready to begin the rollout of restoration of its software-as-a-service VSA remote monitoring and management tool following the ransomware incident. That decision appears to delay the release of a patch for on-premises clients.SCMagazine
July 5, 2021 – Attack
Kaseya Attack Fallout: CISA, FBI Offer Guidance Full Text
Abstract
Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.Threatpost
July 05, 2021 – Ransomware
CISA, FBI share guidance for victims of Kaseya ransomware attack Full Text
Abstract
CISA and the Federal Bureau of Investigation (FBI) have shared guidance for managed service providers (MSPs) and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya's cloud-based MSP platform.BleepingComputer
July 5, 2021 – Attack
Kubernetes Clusters Exploited to Perform Brute Force Attacks Full Text
Abstract
U.S. and U.K cybersecurity agencies jointly published an alert on a series of large-scale brute-force attacks sponsored by the Russia-linked APT28 group. Users are recommended to change all default credentials and use appropriate network segmentation, restrictions, and automated tools for auditing ... Read MoreCyware Alerts - Hacker News
July 5, 2021 – Cryptocurrency
Bitcoin cyber attacks surge following rising demand and increasing price of bitcoin Full Text
Abstract
Phishing impersonations and business email compromise (BEC) attacks designed to steal victims’ bitcoin surged by 192% between October 2020 and May 2021, according to analysis by Barracuda Networks.Help Net Security
July 5, 2021 – Breach
Ransomware attack may have exposed information on over 16,000 workers, state says Full Text
Abstract
Pacific Market Research (PMR) “recently notified” the Washington state Department of Labor and Industries, one of its clients, about the May 22 attack, according to a Thursday L&I news release.The News Tribune
July 5, 2021 – Attack
US Water Company WSSC Water Suffers Ransomware Attack Full Text
Abstract
Maryland-based WSSC Water is investigating a ransomware attack that took place on May 24 and that targeted a portion of their network that operates non-essential business systems.Security Affairs
July 5, 2021 – Criminals
Ransomware Gangs Creating Their Own Websites to Promote Their Businesses Full Text
Abstract
Two ransomware gangs Himalaya and LockBit were found promoting encryption tools on their own site after the recent ban of ransomware ads on well-known Russian-speaking cybercrime forums. To attract affiliates, the LockBit developers claim to offer the fastest encryption and file-stealing (StealBit) ... Read MoreCyware Alerts - Hacker News
July 05, 2021 – Criminals
REvil ransomware asks $70 million to decrypt all Kaseya attack victims Full Text
Abstract
REvil ransomware has set a price for decrypting all systems locked during the Kaseya supply-chain attack. The gang wants $70 million in Bitcoin for the tool that allows all affected businesses to recover their files.BleepingComputer
July 5, 2021 – Vulnerabilities
A speciifc network name can completely disable Wi-Fi on your iPhone Full Text
Abstract
Researcher Carl Schou tweeted that if an iPhone comes in range of a Wi-Fi network named ‘%secretclub%power’, then that iPhone will no longer be able to use Wi-Fi or Wi-Fi related features.9to5 Mac
July 05, 2021 – Business
Getting Started with Security Testing: A Practical Guide for Startups Full Text
Abstract
A common misconception among startup founders is that cybercriminals won't waste time on them, because they're not big or well known enough yet. But just because you are small doesn't mean you're not in the firing line . The size of a startup does not exempt it from cyber-attacks – that's because hackers constantly scan the internet looking for flaws that they can exploit; one slip up, and your business can become front-page news, for the wrong reasons. Fortunately, buyers are also becoming increasingly aware of the importance of cybersecurity and are commonly asking startups about the processes they use to secure their data - meaning cybersecurity is now becoming an important business enabler. So if you're a CTO thinking about ramping up your web or mobile apps' cybersecurity posture, then you are already on the right track, but with so many options, where should you start? To help you get going, we created this guide that covers the following crucialThe Hacker News
July 5, 2021 – Criminals
Revil ransomware gang hit Spanish telecom giant MasMovil Full Text
Abstract
Revil ransomware gang hit Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group. MasMovil is one of the largest Spanish telecom operators, last week the group was hit by the REvil ransomware gang that claims to have...Security Affairs
July 5, 2021 – General
Ransomware Defense: Top 5 Things to Do Right Now Full Text
Abstract
Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.Threatpost
July 5, 2021 – Policy and Law
How U.S. cyber policy changed after SolarWinds Full Text
Abstract
The Biden Administration imposed sanctions on Russia, ordered new cybersecurity standards for federal contracts with software companies, and chose the nation's first National Cyber Director.CBS News
July 05, 2021 – Botnet
TrickBot Botnet Found Deploying A New Ransomware Called Diavol Full Text
Abstract
Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named "Diavol," according to the latest research. Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this month, researchers from Fortinet's FortiGuard Labs said last week. TrickBot, a banking Trojan first detected in 2016, has been traditionally a Windows-based crimeware solution, employing different modules to perform a wide range of malicious activities on target networks, including credential theft and conduct ransomware attacks. Despite efforts by law enforcement to neutralize the bot network, the ever-evolving malware has proven to be a resilient threat , what with the Russia-based operators — dubbed " Wizard Spider " — quickly adapting new tools to carry out further attacks. Diavol is said to have been deployed in the wild in one incident to date. The sourcThe Hacker News
July 5, 2021 – Ransomware
REvil ransomware gang demanded $70M for universal decryptor for Kaseya victims Full Text
Abstract
REvil ransomware is demanding $70 million for decrypting all systems locked during the Kaseya supply-chain ransomware attack. REvil ransomware is asking $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware...Security Affairs
July 5, 2021 – Attack
REvil’s New Supply Chain Attack Takes Down 1,000s of Businesses Full Text
Abstract
A ransomware attack by REvil group paralyzed the networks of thousands of companies from the U.S. to Sweden. Hackers exploited Kaseya's systems management platform called VSA. The gang has allegedly demanded millions in ransom to restore the data. Organizations are suggested to implement adequ ... Read MoreCyware Alerts - Hacker News
July 5, 2021 – Outage
Swedish Supermarket Chain Coop Forced to Close 800 Stores Following Kaseya Ransomware Attack Full Text
Abstract
Coop, a Swedish supermarket store chain, shut down nearly 800 stores across the country after one of its contractors was hit by ransomware in the aftermath of the Kaseya security incident on Friday.The Record
July 5, 2021 – Government
After crackdown on Didi, China opens cybersecurity probes into 3 more tech firms Full Text
Abstract
The Cyberspace Administration of China (CAC) has opened a cybersecurity review into Yunmanman and Huochebang, subsidiaries of companies of the New York-listed Full Truck Alliance and Boss Zhipin.CNBC
July 5, 2021 – Government
White House reaching out with assistance to latest ransomware victims Full Text
Abstract
Senior White House cyber official, Anne Neuberger, said in a statement that the FBI and the CISA "will reach out to identified victims to provide assistance based upon an assessment of national risk."Reuters
July 5, 2021 – Denial Of Service
Investigation links DDoS attack on Filipino media outlets to government agencies Full Text
Abstract
A Swedish digital rights nonprofit said on Thursday that it has observed a targeted campaign of DDoS attacks that appear to be linked to the Department of Science and Technology (DOST) and Army.The Record
July 5, 2021 – Malware
Mysterious Node.js malware puzzles security researchers Full Text
Abstract
The malware was first spotted in February 2021, being installed as a second-stage payload via GCleaner, a shady software maker that has been seen renting access to users’ devices to malware groups.The Record
July 5, 2021 – Attack
US water company WSSC Water hit by a ransomware attack Full Text
Abstract
US water company WSSC Water is investigating a ransomware attack that affected non-essential business systems in May. WSSC Water is investigating a ransomware attack that took place on May 24 and that targeted a portion of their network that operates...Security Affairs
July 04, 2021 – Vulnerabilities
Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw Full Text
Abstract
Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core. The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn't impacted by the flaw. Built on the .NET Common Language Runtime (CLR), PowerShell is a cross-platform task automation utility that consists of a command-line shell, a scripting language, and a configuration management framework. "A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed," the company noted in an advisory published earlier this April, adding that the problem resides in the " System.Text.Encodings.Web " package, which provides types for encoding and escaping strings for use in JavaScript, HTML, and URLs. System.Text.The Hacker News
July 04, 2021 – Vulnerabilities
REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom Full Text
Abstract
Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack. The Dutch Institute for Vulnerability Disclosure (DIVD) on Sunday revealed it had alerted Kaseya to a number of zero-day vulnerabilities in its VSA software (CVE-2021-30116) that it said were being exploited as a conduit to deploy ransomware. The non-profit entity said the company was in the process of resolving the issues as part of a coordinated vulnerability disclosure when the July 2 attacks took place. More specifics about the flaws were not shared, but DIVD chair Victor Gevers hinted that the zero-days are trivial to exploit. At least 1,000 businesses are said to have been affected by the attacks, with victims identified in at least 17 countries, including the U.K., South Africa, Canada, Argentina, Mexico, IndonesiThe Hacker News
July 04, 2021 – Criminals
REvil is increasing ransoms for Kaseya ransomware attack victims Full Text
Abstract
The REvil ransomware gang is increasing the ransom demands for victims encrypted during Friday's Kaseya ransomware attack.BleepingComputer
July 04, 2021 – Hacker
Hackers zero in on Tokyo Olympics Full Text
Abstract
Experts are sounding the alarm about potential cyberattacks on the Tokyo Summer Olympics from those looking to create chaos at the already embattled event.The Hill
July 4, 2021 – Criminals
REvil gang exploited a zero-day in the Kaseya supply chain attack Full Text
Abstract
Kaseya was addressing the zero-day vulnerability that REvil ransomware gang exploited to breach on-premise Kaseya VSA servers. A new supply chain attack made the headlines, on Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform...Security Affairs
July 4, 2021 – Business
Kaseya to meet Monday to determine fate of SaaS VSA tool Full Text
Abstract
In the latest update following a widespread ransomware attack that hit managed service providers, Kaseya announced that its executive team would meet Monday to discuss bringing the software-as-a-service VSA remote monitoring and management tool back online. The company also said Monday would be the day it disclosed a timeline for the release of a patched on-premises VSA product.SCMagazine
July 04, 2021 – Attack
Kaseya was fixing zero-day just as REvil ransomware sprung their attack Full Text
Abstract
The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform their massive Friday attack.BleepingComputer
July 4, 2021 – Criminals
Hackers spread backdoor after compromising the Mongolian CA MonPass Full Text
Abstract
Threat actors compromised the servers of Mongolian certificate authority (CA) MonPass and used its website to spread malware. Hackers compromised the servers of the Mongolian certificate authority (CA) MonPass and used its website to spread malware,...Security Affairs
July 4, 2021 – Solution
Kaseya announces breach detection tool in VSA ransomware fight Full Text
Abstract
According to a company update Saturday night, Kaseya only received a single report of a new infection Saturday from a client who left their VSA server on.SCMagazine
July 4, 2021 – General
Security Affairs newsletter Round 321 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Crackonosh Monero...Security Affairs
July 4, 2021 – Outage
Coop supermarket closes hundreds of stores after Kaseya supply chain ransomware attack Full Text
Abstract
Swedish supermarket chain Coop is the first company to disclose the impact of the recent supply chain ransomware attack that hit Kaseya. The supermarket chain Coop shut down approximately 500 stores as a result of the supply chain ransomware attack...Security Affairs
July 03, 2021 – Government
Biden: ‘Initial thinking’ recent ransomware attack not by Russian government Full Text
Abstract
President Biden said Saturday that the “initial thinking” is that the Russian government is not behind a ransomware attack that targeted a tool provided by Miami-based IT software management company Kaseya.The Hill
July 03, 2021 – Ransomware
The Week in Ransomware - July 2nd 2021 - MSPs under attack Full Text
Abstract
Friday afternoon, we saw the largest ransomware attack ever conducted after the REvil ransomware gang used a zero-day vulnerability in the Kaseya VSA management software to encrypt MSPs and their customers worldwide.BleepingComputer
July 3, 2021 – Attack
‘Turn off your heart’: Kaseya VSA ransomware hits MSPs in a vital organ Full Text
Abstract
The flurry of ramsomware attacks starting Friday, targeting on-premises Kaseya VSA applications, are particularly frightening to managed service providers, because they strike at software at the center of the enterprise: the remote monitoring and management (RMM) platform.SCMagazine
July 3, 2021 – Attack
Kaseya VSA supply-chain ransomware attack hit hundreds of companies Full Text
Abstract
A supply attack by REvil ransomware operators against Kaseya VSA impacted multiple managed service providers (MSPs) and their clients. A new supply chain attack made the headlines, this afternoon, the REvil ransomware gang hit the cloud-based MSP platform...Security Affairs
July 3, 2021 – Criminals
Kaseya VSA criminals may have ‘weaponized’ links in ransom negotiations Full Text
Abstract
Ransomware attacks leveraging a zero-day in the on-premises Kaseya VSA remote IT management product started Friday afternoon and struck dozens of managed service providers and thousands of those MSPs customers. As one cyber expert noted: “I don’t think I have seen a ransomware gang use a 0-Day in an attack before.”SCMagazine
July 03, 2021 – Outage
Coop supermarket closes 500 stores after Kaseya ransomware attack Full Text
Abstract
Swedish supermarket chain Coop has shut down approximately 500 stores after they were affected by an REvil ransomware attack targeting managed service providers through a supply-chain attack.BleepingComputer
July 3, 2021 – Business
China investigates Didi over cybersecurity days after its huge IPO Full Text
Abstract
Didi Global's shares fell more than 10% in New York on Friday after China's cyberspace agency said it had launched an investigation into the Chinese ride-hailing giant to protect national security and the public interest.Reuters
July 03, 2021 – Malware
Android Apps with 5.8 million Installs Caught Stealing Users’ Facebook Passwords Full Text
Abstract
Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials. "The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts," researchers from Dr. Web said . "The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions." The offending apps masked their malicious intent by disguising as photo-editing, rubbish cleaner, fitness, and astrology programs, only to trick victims into logging into their Facebook account and hijack the entered credentials via a piece of JavaScript code received from an adversary-controlled server. TheThe Hacker News
July 3, 2021 – Ransomware
Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang? Full Text
Abstract
Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. Researchers from Fortinet reported that a new ransomware family, tracked as Diavol,...Security Affairs
July 03, 2021 – Ransomware
US chemical distributor shares info on DarkSide ransomware data theft Full Text
Abstract
World-leading chemical distribution company Brenntag has shared additional info on what data was stolen from its network by DarkSide ransomware operators during an attack from late April 2021 that targeted its North America division.BleepingComputer
July 3, 2021 – Government
Director of Cybersecurity at NSA Gets Dedicated Twitter Account Full Text
Abstract
The account, @NSA_CSDirector, is currently being used by Joyce, but it will likely be passed on to future NSA cybersecurity directors, similar to the @POTUS Twitter account used by the president of the United States.Security Week
July 03, 2021 – Attack
Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware Full Text
Abstract
The threat actors behind the REvil ransomware gang appear to have pushed ransomware via an update for Kaseya's IT management software, hitting around 40 customers worldwide, in what's an instance of a widespread supply-chain ransomware attack. "Beginning around mid-day (EST/US) on Friday, July 2, 2021, Kaseya's Incident Response team learned of a potential security incident involving our VSA software," the company's CEO Fred Voccola said in a statement shared late Friday. Following the incident, the IT and security management services company said it took immediate steps to shut down our SaaS servers as a precautionary measure, in addition to notifying its on-premises customers to shut down their VSA servers to prevent them from being compromised. Voccola also said the company has identified the source of the vulnerability and that it's readying a patch to mitigate the ongoing issues. In the interim, the company also noted it intends to keep all onThe Hacker News
July 3, 2021 – Breach
Hackers breached several MPs’ email accounts, Poland says Full Text
Abstract
The email accounts of about a dozen members of parliament were hacked recently, Polish counter-intelligence said on Friday, disclosing further details of one of the biggest cyberattacks on the country in recent years.Reuters
July 03, 2021 – Education
Learn to Code — Get 2021 Master Bundle of 13 Online Courses @ 99% OFF Full Text
Abstract
Whether you are looking to turn into a full-time developer or simply increasing your earnings in your current niche, learning to code can be a smart move. It is a well-known fact that recruiters strive to recruit people with technical skills, and these skills are a great way to build your own startup. Featuring 13 courses, The Master Learn to Code 2021 Certification Bundle is a great way to get started. This bundle covers a range of popular programming languages and frameworks — and it's now only $34.99 at The Hacker News Deals. Every large company today makes decisions based on data, whether it is financial or marketing. Moreover, they are able to predict future trends with sophisticated algorithms and build computer programs that automate their daily tasks. With over 119 hours of hands-on training provided in this bundle, you will learn to handle all of these projects. The instructions in these video tutorials will set you up with a thorough understanding of Python, JavaScrThe Hacker News
July 3, 2021 – Business
Kaseya, a Software Provider, Investigates Potential Cyberattack Full Text
Abstract
Kaseya, a software company that provides services to more than 40,000 organizations around the world, said on Friday that it was investigating the possibility that it had been the victim of a cyberattack.New York Times
July 3, 2021 – Ransomware
Babuk Ransomware Is Back Targeting Corporate Networks With A New Version Full Text
Abstract
After the Babuk ransomware operators have announced that they decided to close the affiliate program and move to data theft extortion, the group seems to have returned to their previous methods of encrypting corporate systems.Heimdal Security
July 3, 2021 – Vulnerabilities
Microsoft confirms presence of vulnerable code in all versions of Windows Full Text
Abstract
Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as "PrintNightmare" and confirmed that the offending code is lurking in all versions of Windows.The Register
July 02, 2021 – Attack
Ransomware attack hits software manager, affecting 200 companies Full Text
Abstract
A Miami-based IT software management company announced Friday that a ransomware attack may have targeted one of its tools used by its clients, potentially affecting some 200 businesses.The Hill
July 2, 2021 – Criminals
Revisiting a Framework on Military Takedowns Against Cybercriminals Full Text
Abstract
The U.S. military’s mission is not to carry out military operations. Its mission is to defend the nation. Cyberspace offers the military an incredibly useful capability to advance national security. Cybersecurity is national security.Lawfare
July 2, 2021 – Criminals
Research partnership to examine how fraudsters abuse financial tech innovations Full Text
Abstract
Federal Reserve Bank of Atlanta and GSU team will study P2P and mobile payments, e-wallets, and central bank digital currencies.SCMagazine
July 02, 2021 – General
Hillicon Valley: Antitrust leaders demand regulators pursue Facebook | FTC charges chipmaker | GoPuff workers speak out Full Text
Abstract
A district court judge’s decision earlier this week to dismiss the Federal Trade Commission’s complaint against Facebook remained in the spotlight Friday, with congressional leaders on antitrust urging the agency to keep pursuing the case. Meanwhile, the FTC pushed forward with a different antitrust case — charging chip supplier Broadcom with monopolizing the market.The Hill
July 2, 2021 – Vulnerabilities
Microsoft urges Azure users to update PowerShell to fix RCE flaw Full Text
Abstract
Microsoft is urging Azure users to update PowerShell to address a remote code execution vulnerability that was fixed earlier this year. Microsoft is recommending its Azure users to update PowerShell versions 7.0 and 7.1 to protect against a high severity...Security Affairs
July 2, 2021 – Outage
Kaseya VSA systems under active attack, as company tells customers to shutdown Full Text
Abstract
There is some dispute over the number of managed service providers under attack by the ransomware group, each of whom has many customers of its own.SCMagazine
July 02, 2021 – Attack
REvil ransomware hits 200 companies in MSP supply-chain attack Full Text
Abstract
A massive REvil ransomware attack affects multiple managed service providers and their clients through a reported Kaseya supply-chain attack.BleepingComputer
July 02, 2021 – Government
Moscow denies US, British hacking allegations Full Text
Abstract
Moscow is denying new hacking allegations detailed Thursday by the U.S. and United Kingdom.The Hill
July 2, 2021 – General
Cyber Defense Magazine – July 2021 has arrived. Enjoy it! Full Text
Abstract
Cyber Defense Magazine July 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 158 pages of excellent content. In this edition: Colonial Pipeline, JBS Cyber Attacks Shine Spotlight on Operational Technology Vulnerabilities...Security Affairs
July 2, 2021 – Phishing
Phishing attack targets DocuSign and SharePoint users Full Text
Abstract
Researchers said most of the emails use COVID-19 as a way to dupe users into clicking on a bogus document. For example, the email will ask the user to review a “Covid 19 relief fund as approved by the board of directors.”SCMagazine
July 02, 2021 – Vulnerabilities
Actively exploited PrintNightmare zero-day gets unofficial patch Full Text
Abstract
Free micropatches addressing the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service are now available through the 0patch platform.BleepingComputer
July 02, 2021 – Botnet
New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks Full Text
Abstract
Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "mirai_ptea" that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks. Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021. The Mirai botnet, since emerging on the scene in 2016, has been linked to a string of large-scale DDoS attacks, including one against DNS service provider Dyn in October 2016, causing major internet platforms and services to remain inaccessible to users in Europe and North America. Since then, numerous variants of Mirai have sprung up on the threat landscape, in part due to the availability of its source code on the Internet. Mirai_ptea is no exception. Not much has been disclosed about the security flaw in an attThe Hacker News
July 2, 2021 – Attack
Experts warn of Babuk Locker attacks with recently leaked ransomware builder Full Text
Abstract
The recently leaked Babuk Locker ransomware builder was used by a threat actor in an ongoing campaign targeting victims worldwide. At the end of June, The Record first reported that the builder for the Babuk Locker ransomware was leaked online allowing...Security Affairs
July 2, 2021 – General
Health care organizations struggle to balance breach notification requirements with customer expectations Full Text
Abstract
The same regulations that require swift reporting of breaches demand only modest details to be delivered to customers. That leaves health care organizations to decide for themselves how transparent they choose to be – and to manage the consequences of those decisions.SCMagazine
July 02, 2021 – Vulnerabilities
Microsoft warns of critical PowerShell 7 code execution vulnerability Full Text
Abstract
Microsoft warns of a critical .NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in in .NET 5 and .NET Core.BleepingComputer
July 02, 2021 – Breach
Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software Full Text
Abstract
In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass , one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries. The trojanized client was available for download between February 8, 2021, and March 3, 2021, said Czech cybersecurity software company Avast in a report published Thursday. In addition, a public webserver hosted by MonPass was infiltrated potentially as many as eight separate times, with the researchers uncovering eight different web shells and backdoors on the compromised server. Avast's investigation into the incident began after it discovered the backdoored installer and the implant on one of its customers' systems. "The malicious installer is an unsigned [Portable Executable] file," the researchers said. "It starts by downloading the legitimate version of the installer from the MonPass official website. This legitimate versiThe Hacker News
July 2, 2021 – Government
CISA alert urges to disable Windows Print Spooler to percent PrintNightmare attacks Full Text
Abstract
CISA issued a security alert to warn admins to disable the Windows Print Spooler service on servers not used for printing due to PrintNightmare zero-day. CISA issued an alert to warn admins to disable the Windows Print Spooler on servers not used...Security Affairs
July 02, 2021 – Breach
US insurance giant AJG reports data breach after ransomware attack Full Text
Abstract
Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September.BleepingComputer
July 02, 2021 – Solution
New Google Scorecards Tool Scans Open-Source Software for More Security Risks Full Text
Abstract
Google has launched an updated version of Scorecards , its automated security tool that produces a "risk score" for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis. "With so much software today relying on open-source projects, consumers need an easy way to judge whether their dependencies are safe," Google's Open Source Security Team said Thursday. "Scorecards helps reduce the toil and manual effort required to continually evaluate changing packages when maintaining a project's supply chain." Scorecards aims to automate analysis of the security posture of open source projects as well as use the security health metrics to proactively improve the security posture of other critical projects. To date, the tool has been scaled up to evaluate security criteria for over 50,000 open source projects. Some of the new additions include checks for contributions from maliThe Hacker News
July 02, 2021 – Vulnerabilities
Microsoft shares mitigations for Windows PrintNightmare zero-day bug Full Text
Abstract
Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare.BleepingComputer
July 2, 2021 – Hacker
Cobalt Strike Becomes One of the Go-To Tools for Hackers Full Text
Abstract
Cobalt Strike has become one of the most misused tools in the cybercrime world as a recent report showed a 161% year-pn-year increase in cyberattacks using this tool. T his tool is now used by general commodity malware operators rather than espionage threat actors and APTs, which makes it a worris ... Read MoreCyware Alerts - Hacker News
July 1, 2021 – Breach
Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web Full Text
Abstract
LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline.Threatpost
July 1, 2021 – Ransomware
Babuk Ransomware Builder Mysteriously Appears in VirusTotal Full Text
Abstract
The gang’s source code is now available to rivals and security researchers alike – and a decryptor likely is not far behind.Threatpost
July 01, 2021 – Government
NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers Full Text
Abstract
An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the U.K.'s National Cyber Security Centre (NCSC) formally attributed the incursions to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The threat actor is also tracked under various monikers, including APT28 (FireEye Mandiant), Fancy Bear (CrowdStrike), Sofacy (Kaspersky), STRONTIUM (Microsoft), and Iron Twilight (Secureworks). APT28 has a track record of using password spray and brute-force login attempts to steal login credentials. In November 2020, Microsoft disclosed cyberattacks staged by the adversary aimed at companies involved in reThe Hacker News
July 01, 2021 – Vulnerabilities
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild Full Text
Abstract
Microsoft on Thursday officially confirmed that the "PrintNightmare" remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw. The company is tracking the security weakness under the identifier CVE-2021-34527 . "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," Microsoft said in its advisory. "An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." "An attack must involve an authenticated user calling RpcAddPrinterDriverEx()," the Redmond-based firm added. The acknowledgment comes after rThe Hacker News
July 01, 2021 – Ransomware
Babuk ransomware is back, uses new version on corporate networks Full Text
Abstract
After announcing their exit from the ransomware business in favor of data theft extortion, the Babuk gang appears to have slipped back into their old habit of encrypting corporate networks.BleepingComputer
July 1, 2021 – General
Did Western Digital Fall Prey to Meow Attacks? Full Text
Abstract
A mysterious group frantically issued a factory reset command for all the files pertaining to MyBook Live and Book Live DUO users, locking them out of their devices.Cyware Alerts - Hacker News
July 01, 2021 – General
Hillicon Valley: FTC votes to expand antitrust enforcement powers | US, UK agencies warn of Russian hackers using ‘brute force’ to target hundreds of groups | Trump allies launch new social media platform Full Text
Abstract
The Federal Trade Commission took a major step on Thursday to hit back against anti-competitive behavior, voting to expand its enforcement powers in a party-line vote. Meanwhile, a group of U.S. agencies and authorities in the United Kingdom came together to warn of ongoing cybersecurity attacks linked to the Russian government, which will likely serve to only further escalate tensions between the U.S. and Russia after ongoing cyber incidents.The Hill
July 01, 2021 – APT
IndigoZebra APT Hacking Campaign Targets the Afghan Government Full Text
Abstract
Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014. Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under the moniker "IndigoZebra," with past activity aimed at other central-Asian countries, including Kyrgyzstan and Uzbekistan. "The threat actors behind the espionage leveraged Dropbox, the popular cloud-storage service, to infiltrate the Afghan National Security Council (NSC)," the researchers said in a technical write-up shared with The Hacker News, adding they "orchestrated a ministry-to-ministry style deception, where an email is sent to a high-profile target from the mailboxes of another high-profile victim." IndigoZebra first came to light in August 2017 when Kaspersky detailed a covert operation that singleThe Hacker News
July 1, 2021 – Government
Cybersecurity Advisory on Russian GRU Led Gobal Brute Force Campaign Full Text
Abstract
On July 1, 2021, the National Security Agency, Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation and the United Kingdom's National Cyber Security CentreLawfare
July 1, 2021 – APT
UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT Full Text
Abstract
US and UK cybersecurity agencies said the Russia-linked APT28 group is behind a series of large-scale brute-force attacks.US and UK cybersecurity agencies said today that a Russian military cyber unit has been behind a series of brute-force attacks that...Security Affairs
July 1, 2021 – Business
Preventing another Equifax breach: Sevco Security wants to transform asset management Full Text
Abstract
The company’s vision, says CEO J.J Guy, is to transform how asset inventory is managed for better visibility into potential security gaps in the infrastructure.SCMagazine
July 1, 2021 – Malware
Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices Full Text
Abstract
Criminals behind the potent REvil ransomware have ported the malware to Linux for targeted attacks.Threatpost
July 01, 2021 – Criminals
Trickbot cybercrime group linked to new Diavol ransomware Full Text
Abstract
FortiGuard Labs security researchers have linked a new ransomware strain dubbed Diavol to Wizard Spider, the cybercrime group behind the Trickbot botnet.BleepingComputer
July 1, 2021 – Business
SentinelOne closes up 21% in NYSE debut as highest-valued cybersecurity IPO ever Full Text
Abstract
Shares of cybersecurity company SentinelOne closed up more than 20% in its market debut Wednesday on the New York Stock Exchange, going public under the ticker symbol “S.”CNBC
July 01, 2021 – Government
New bill aims to secure federal government IT against cyberattacks Full Text
Abstract
A bipartisan bill introduced in the Senate on Thursday would attempt to address cybersecurity threats to the federal government stemming from the use of potentially insecure third party services.The Hill
July 01, 2021 – General
Rethinking Application Security in the API-First Era Full Text
Abstract
Securing applications it the API-first era can be an uphill battle. As development accelerates, accountability becomes unclear, and getting controls to operate becomes a challenge in itself. It's time that we rethink our application security strategies to reflect new priorities, principles and processes in the API-first era. Securing tomorrow's applications begins with assessing the business risks today. The trends and risks shaping today's applications As the world continues to become more and more interconnected via devices — and the APIs that connect them — individuals are growing accustomed to the frictionless experience that they provide. While this frictionless reality is doubtlessly more user-friendly, i.e., faster and more convenient, it also requires a trade-off. This convenience demands openness, and openness is a risk when it comes to cybersecurity. According to Sidney Gottesman , Mastercard's SVP for Security Innovation, the above situation leads to oneThe Hacker News
July 1, 2021 – Breach
Hackers breached a data server of the University Medical Center Full Text
Abstract
The University Medical Center hospital discloses a data breach after threat actors published online images of stolen personal information as proof of the hack. The University Medical Center hospital, in Nevada, discloses a security breach, the hackers...Security Affairs
July 1, 2021 – Insider Threat
Feds file new charges against Amazon employee that leveraged server access to hack Capital One Full Text
Abstract
The Amazon employee used knowledge she gained working at the company, along with scripts, to scan Amazon Web Service servers for misconfigured web application firewalls.SCMagazine
July 1, 2021 – Ransomware
Defeating Ransomware-as-a-Service? Think Intel-Sharing Full Text
Abstract
Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs, explains the rise of RaaS and the critical role of threat intel in effectively defending against it.Threatpost
July 01, 2021 – Criminals
VirusTotal ordered to reveal private info of stolen HSE data downloaders Full Text
Abstract
An Irish court has ordered VirusTotal to provide the information of subscribers who downloaded or uploaded confidential data stolen from Ireland's national health care service during a ransomware attack.BleepingComputer
July 1, 2021 – Vulnerabilities
Major Linux RPM problem uncovered Full Text
Abstract
Dmitry Antipov, a Linux developer at CloudLinux, AlmaLinux OS's parent company, first spotted the problem in March 2021. Antipov found that RPM would work with unauthorized RPM packages.ZDNet
July 01, 2021 – Government
US, UK agencies warn Russian hackers using ‘brute force’ to target hundreds of groups Full Text
Abstract
A group of top agencies in the United States and United Kingdom on Thursday warned of an ongoing campaign by Russian government-backed hackers using “brute force” hacking techniques to target hundreds of organizations around the world.The Hill
July 01, 2021 – Policy and Law
Facebook Sues 4 Vietnamese for Hacking Accounts and $36 Million Ad Fraud Full Text
Abstract
Facebook on Tuesday revealed it filed two separate legal actions against perpetrators who abused its ad platform to run deceptive advertisements in violation of the company's Terms and Advertising Policies . "In the first case, the defendants are a California marketing company and its agents responsible for a bait-and-switch advertising scheme on Facebook," the social media giant's Director of Platform Enforcement and Litigation, Jessica Romero, said . "In the second case, the defendants are a group of individuals located in Vietnam who got users to self-compromise their Facebook accounts and ran millions of dollars of unauthorized ads." As part of the fraudulent activity, the marketing company, N&J USA Incorporated, promoted the sale of merchandise such as clothing, watches, and toys through misleading ads that, when clicked, redirected users to other e-commerce websites to complete the purchase, only to either receive nothing or get deliverThe Hacker News
July 1, 2021 – Vulnerabilities
Microsoft found auth bypass, system hijack flaws in Netgear routers Full Text
Abstract
Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. Microsoft researchers discovered multiple vulnerabilities in the firmware of the Netgear DGN-2200v1...Security Affairs
July 1, 2021 – Solution
Built to ease SOC analysts’ burdens, Kestrel threat-hunting language gains an audience Full Text
Abstract
Newly embraced by the Open Cybersecurity Alliance, Kestrel is open source and platform-agnostic, and leverages automation.SCMagazine
July 1, 2021 – General
Data Exfiltration: What You Should Know to Prevent It Full Text
Abstract
Data leaks are a serious concern for companies of all sizes; if one occurs, it may put them out of business permanently. Here’s how you can protect your organization from data theft.Threatpost
July 01, 2021 – Government
CISA: Disable Windows Print Spooler on servers not used for printing Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing.BleepingComputer
July 1, 2021 – General
Protect The Business Full Text
Abstract
A survey by Armis found that over 21% of respondents have not heard about the cyberattack on Colonial Pipeline, and 24% believe the hack won't have long-lasting effects on the nation's fuel industry.Dark Reading
July 01, 2021 – Hacker
Researchers uncover effort by Chinese-speaking hackers to target Afghan government Full Text
Abstract
Chinese-speaking hackers recently targeted the top tiers of the Afghan government, along with the governments of other nearby nations, research published Thursday found.The Hill
July 01, 2021 – General
3 Steps to Strengthen Your Ransomware Defenses Full Text
Abstract
The recent tsunami of ransomware has brought to life the fears of downtime and data loss cybersecurity pros have warned about, as attacks on the energy sector, food supply chain, healthcare industry, and other critical infrastructure have grabbed headlines. For the industry experts who track the evolution of this threat, the increased frequency, sophistication, and destructiveness of ransomware suggests that businesses still have some major gaps in their defense strategies. It's no surprise that a new, multi-layered approach to protection is needed to stem the damage caused by ransomware. But what changes should an IT team implement to close those gaps? During a recent panel, a team of cybersecurity experts outlined a three-step plan to do just that -- centered around embracing new technologies, improving security processes, and ensuring their people know how to help curb the threat. 1 — New Strains Overwhelm Old Defenses Many new ransomware strains now act like advanced peThe Hacker News
July 1, 2021 – Solution
US CISA releases a Ransomware Readiness Assessment (RRA) tool Full Text
Abstract
The US CISA has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware...Security Affairs
July 1, 2021 – General
Strong medical device security awareness stifled by inventory, knowledge gaps Full Text
Abstract
Most providers are aware of the importance of medical device security. But that acknowledgement hasn’t translated into stronger processes for inventory or response.SCMagazine
July 1, 2021 – Attack
Dropbox Used to Mask Malware Movement in Cyberespionage Campaign Full Text
Abstract
The IndigoZebra APT is targeting the Afghan government using Dropbox as an API that leaves no traces of communications with weirdo websites.Threatpost
July 01, 2021 – Hacker
NSA: Russian GRU hackers use Kubernetes to run brute force attacks Full Text
Abstract
The National Security Agency (NSA) warns that Russian nation-state hackers are conducting brute force attacks to access US networks and steal email and files.BleepingComputer
July 1, 2021 – Botnet
Alert! Mirai Botnet is Active and So are its Dozen Other Variants Full Text
Abstract
Mirai botnet has been a constant threat since its emergence in 2016. A recent report by McAfee attributed the surge in attacks on IoT (55%) and Linux (38%) systems to Mirai and its variants.Cyware Alerts - Hacker News
July 1, 2021 – Breach
Freshly scraped LinkedIn data of 88,000 US business owners shared online Full Text
Abstract
About a week after scraped data from more than 700 million LinkedIn profiles were put for sale online, it seems that threat actors have no intention of stopping their abuse of the social media platform’s scrape-friendly systems. Hours...Security Affairs
July 1, 2021 – Government
Hawaii looks to fill DoD cyber standards gap Full Text
Abstract
A partnership of non-profit groups hopes to bring SMBs in Hawaii up to snuff with Defense Department cyber standards, and if that succeeds, export the program nationwide.SCMagazine
July 01, 2021 – Business
Google Chrome will get an HTTPS-Only Mode for secure browsing Full Text
Abstract
Google is working on adding an HTTPS-Only Mode to the Chrome web browser to protect users' web traffic from eavesdropping by upgrading all connections to HTTPS.BleepingComputer
July 1, 2021 – Malware
Backdoored Client Discovered from Mongolian CA MonPass Full Text
Abstract
Avast discovered an installer downloaded from the official website of MonPass, a major certification authority (CA) in Mongolia in East Asia that was backdoored with Cobalt Strike binaries.Avast
July 1, 2021 – Hacker
Enterprise and cloud environments have been under siege from Russian hackers since 2019 Full Text
Abstract
Hackers at Russia’s GRU have carried out a years-long, stealthy espionage campaign that targets enterprise and cloud environments in the U.S.SCMagazine
July 01, 2021 – Solution
Twitter now lets you use security keys as the only 2FA method Full Text
Abstract
Twitter now lets users use security keys as the only two-factor authentication (2FA) method while having all other methods disabled, as the social network announced three months ago, in March.BleepingComputer
July 1, 2021 – General
New data security rules instituted for US payment processing system Full Text
Abstract
New data security rules governing how money is processed by US firms have gone into effect today, forcing digital money processors to render deposit account data unreadable in electronic storage.ZDNet
July 1, 2021 – Covid-19
Covid-19 Variant Malware Evades Multiple SEGs Full Text
Abstract
The Cofense Phishing Defense Center (PDC) has recently derived a stealthy malware campaign that is believed to share an abundance of attributes with the malware-as-a-service Buer Loader.Cofense
July 1, 2021 – Botnet
Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability Full Text
Abstract
Researchers from 360 Netlab discovered a variant of the Mirai botnet named mirai_ptea was found exploiting a previously unknown vulnerability in KGUARD DVR for launching DDoS attacks.Netlab
July 1, 2021 – Malware
Malware Actors Have Begun Using AutoHotkey Scripts For Attacks Full Text
Abstract
One of the first reported attacks involving AutoHotkey was a credential stealer written in AutoHotkey found in March 2018. It disguised itself as an Antivirus app and spread via infected USB devices.Security Intelligence