June, 2021
June 30, 2021 – Vulnerabilities
Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers Full Text
Abstract
Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers , which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since been fixed by the company in December 2020 as part of a coordinated vulnerability disclosure process. "The rising number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating system layer," Microsoft 365 Defender Research Team's Jonathan Bar Or said . "As these types of attacks become more common, users must look to secure even the single-purpose software that run their hardware—like routers." In a nutshell, the flaws allow accessing router management paThe Hacker News
June 30, 2021 – Criminals
Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia Full Text
Abstract
Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu (aka "Virus"), the individual in question, was detained at the El Dorado airport in Bogotá, the Office of the Attorney General of Colombia said . Paunescu was previously charged by the U.S. Department of Justice (DoJ) in January 2013 for operating a bulletproof hosting service that "enabled cyber criminals to distribute the Gozi Virus, the Zeus Trojan and other notorious malware, and conduct other sophisticated cyber crimes." He was arrested in Romania in December 2012 but managed to avoid extradition to the U.S. "Through this service, Paunescu, like other bulletproof hosts, knowingly provided critical online infrastructure to cyber criminals that allowed them to commit online criminal activity with little fear of detection by law enforcement,&The Hacker News
June 30, 2021 – General
When it’s personal: Dueling attitudes emerge toward paying ransomware demands Full Text
Abstract
72% of school district parents would support paying, while 79% of online poll respondents are against it. One possible reason for the disparity: having something personally at stake. So what are businesses’ customer expectations?SCMagazine
June 30, 2021 – Ransomware
Leaked Babuk Locker ransomware builder used in new attacks Full Text
Abstract
A leaked tool used by the Babuk Locker operation to create custom ransomware executables is now being used by another threat actor in a very active campaign targeting victims worldwide.BleepingComputer
June 30, 2021 – General
Hillicon Valley: Lina Khan faces major FTC test | Amazon calls for her recusal | Warren taps commodities watchdog to probe Google Full Text
Abstract
Lina KhanLina KhanProtect and regulate the internet's hidden power brokers Tech industry pushes for delay in antitrust legislation GOP divided over bills targeting tech giants MORE will face her first big hurdle as the chair of the Federal Trade Commission after a federal judge gave the agency 30 days to amend their antitrust case against Facebook. The Big Tech critic is already drawing fire from Amazon, which is asking the agency to recuse her from cases against it because of her past writings. In other news, Sen. Elizabeth WarrenElizabeth WarrenMcConnell has tough choices to make on deal Headaches mount for Biden in spending fight Senate plants a seed for bipartisan climate solutions MORE is calling on the CFTC to involve itself in digital markets by opening an investigation into Google’s ad tech.The Hill
June 30, 2021 – Outage
NewsBlur hit by ransomware because of Docker glitch, but restores service in 10 hours Full Text
Abstract
The actual database exposure was caused by a persistent problem with Docker, an issue that’s been fairly well-known in the Linux community for several years.SCMagazine
June 30, 2021 – Attack
Hackers hit a televised phone-in between President Putin and citizens at a TV show Full Text
Abstract
A massive cyber attack attempted to disrupt a televised phone-in between Russian President Vladimir Putin and the Rossiya 24 network. Hackers launched a massive cyberattack against the state-broadcast Rossiya 24 network while transmitting a show in which...Security Affairs
June 30, 2021 – Government
CISA releases new ransomware self-assessment security audit tool Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET).BleepingComputer
June 30, 2021 – Vulnerabilities
Windows Print Spooler flaw could make a bad compromise much worse Full Text
Abstract
A flaw in Windows Print Spooler is causing alarm in the information security community after new research found it leaves domain controllers susceptible to remote code execution.SCMagazine
June 30, 2021 – Attack
Indexsinas SMB Worm Campaign Infests Whole Enterprises Full Text
Abstract
The self-propagating malware’s attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines.Threatpost
June 30, 2021 – Solution
Windows 11 makes TPM Diagnostics tool its first optional feature Full Text
Abstract
Windows 11 comes with a new optional feature called 'TPM Diagnostics' that allows administrators to query the data stored on a device's TPM security processor.BleepingComputer
June 30, 2021 – Business
Windows 11 makes TPM Diagnostics tool its first optional feature Full Text
Abstract
Windows 11 comes with a new optional feature called 'TPM Diagnostics' that allows administrators to query the data stored on a device's TPM security processor.BleepingComputer
June 30, 2021 – General
Vendor incidents lead the 10 biggest health care data breaches of 2021 so far Full Text
Abstract
60 percent of the largest health care data breaches reported during the first half of 2021 were tied to vendor-related incidents, spotlighting the need to review third-party relationships.SCMagazine
June 30, 2021 – Government
Indian military personnel to train in US on cybersecurity, command in the offing Full Text
Abstract
India's Department of Military Affairs (DMA) is planning to send up to 100 personnel to the US to train in the latest cybersecurity technology and artificial intelligence (AI) for future warfare.Hindustan Times
June 30, 2021 – Breach
Babuk Locker’s Code Leak - More Trouble for Security Agencies Full Text
Abstract
The builder for the Babuk Locker ransomware was leaked online. This could allow any cybercriminal group to create their custom ransomware variants. The leak of such advanced ransomware is a grave cause of concern for cybersecurity experts. Thus, it is best for organizations to proactively apply sec ... Read MoreCyware Alerts - Hacker News
June 30, 2021 – Malware
REvil Linux Variant Now Eying ESXi Virtual Machines Full Text
Abstract
MalwareHunterTeam is alerting about the Linux version of the REvil ransomware that purportedly targets VMware ESXi servers. By targeting virtual machines, REvil can encrypt multiple servers with just a single command. Experts recommend installing VMware (ESXi) in high-security mode and impleme ... Read MoreCyware Alerts - Hacker News
June 30, 2021 – Ransomware
Epsilon Red Ransomware is Hunting Full Text
Abstract
According to researchers, Epsilon Red operations are ongoing and more than 3,500 Microsoft Exchange servers are still vulnerable. Written in Go, the latest Epsilon Red strain launches mass server exploitation campaigns and tries to expose companies’ information for revenue. Therefore, for ampl ... Read MoreCyware Alerts - Hacker News
June 30, 2021 – Vulnerabilities
Microsoft finds Netgear router bugs enabling corporate breaches Full Text
Abstract
Attackers could use critical firmware vulnerabilities discovered by Microsoft in some NETGEAR router models as a stepping stone to move laterally within enterprise networks.BleepingComputer
June 30, 2021 – Vulnerabilities
Public Windows PrintNightmare 0-day exploit allows domain takeover Full Text
Abstract
Technical details and proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution.BleepingComputer
June 30, 2021 – Attack
University Medical Center reports suspicious activity, possible cyberattack Full Text
Abstract
UMC's found suspicious activity on its computer network in mid-June. UMC quickly restricted external access to servers and it continues to work with law enforcement to fully investigate the activity.KTNV
June 30, 2021 – Policy and Law
Facebook sues hackers who hijacked advertising agencies’ accounts Full Text
Abstract
Facebook has filed lawsuits against two groups of suspects who took over advertising agency employees' accounts and abused its ad platform to run unauthorized or deceptive ads.BleepingComputer
June 30, 2021 – Breach
UK Arm of International Charity The Salvation Army Compromised by Ransomware Attackers Full Text
Abstract
The Salvation Army in the UK was hit with ransomware. The organization refused to give any further information, such as the identity of the attackers, or the volume and type of data accessed by them.The Register
June 30, 2021 – General
Why MTTR is Bad for SecOps Full Text
Abstract
Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior.Threatpost
June 30, 2021 – Breach
Zero-Day Used to Wipe My Book Live Devices Full Text
Abstract
Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.Threatpost
June 30, 2021 – Criminals
Colombian authorities arrested hacker behind the Gozi Virus Full Text
Abstract
Colombian authorities arrested a Romanian hacker who is wanted in the U.S. for distributing the Gozi virus that already infected more than a million computers. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted...Security Affairs
June 30, 2021 – Breach
Freshly Scraped LinkedIn Data of 88,000 US Business Owners Leaked on Hacker Forum Full Text
Abstract
The database includes full names, email addresses, workplace information, and other data available publicly on their LinkedIn profiles. The archive was posted on a hacker forum for anyone to access.Cyber News
June 30, 2021 – Business
Enterprise API security startup Noname Security raises $60M Full Text
Abstract
Enterprise application programming security startup Noname Security today announced it has raised $60 million in new funding amid fast growth. Insight Partners led the Series B round.Silicon Angle
June 30, 2021 – Vulnerabilities
Multiple vulnerabilities in WordPress plugin pose website remote code execution risk Full Text
Abstract
The plugin in question is ProfilePress (formerly named WP User Avatar) which facilitates the uploading of WordPress user profile images. The plugin has a total of more than 40,000 installs.The Daily Swig
June 30, 2021 – Attack
The “WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight Full Text
Abstract
The campaign was designed to deliver over 900 pieces of malware with highly dangerous capabilities, enabling the threat actor to conduct both digital and environmental monitoring of their victims.Yoroi
June 30, 2021 – Government
Senators propose bill to help private sector defend against hackers Full Text
Abstract
Sens. Steve Daines (R-Mont.) and Sheldon WhitehouseSheldon WhitehouseCongress needs to push Garland to unravel DOJ surveillance scandal The weird story behind Sheldon Whitehouse's beach club furor The Hill's Sustainability Report — Presented by NextEra Energy — Philippine flies turn trash into beef MORE (D-R.I.) on Wednesday introduced a bill that would take steps to potentially allow private sector companies to strike back at hackers launching attacks against their operations.The Hill
June 30, 2021 – Criminals
Authorities Seize DoubleVPN Service Used by Cybercriminals Full Text
Abstract
A coordinated international law enforcement operation resulted in the takedown of a VPN service called DoubleVPN for providing a safe haven for cybercriminals to cover their tracks. "On 29th of June 2021, law enforcement took down DoubleVPN," the agencies said in a seizure notice splashed on the now-defunct site. "Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. DoubleVPN's owners failed to provide the services they promised." The criminal investigation was conducted by agencies from Bulgaria, Canada, Germany, Italy, Sweden, Switzerland, the Netherlands, U.K., and the U.S., alongside authorities from Eurojust and Europol's European Cybercrime Centre (EC3). DoubleVPN is said to have been heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators andThe Hacker News
June 30, 2021 – Policy and Law
Russian-based DoubleVPN seized by law enforcement Full Text
Abstract
Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that...Security Affairs
June 30, 2021 – Government
UN Security Council Confronts Growing Threat of Cyber Attacks Full Text
Abstract
The UN Security Council on Tuesday will hold its first formal public meeting on cybersecurity, addressing the growing threat of hacks to countries' critical infrastructure.Security Week
June 30, 2021 – Criminals
[Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web Full Text
Abstract
Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems. Today, there are hundreds of groups devoted to infiltrating almost every industry, constantly devising more sophisticated methods to attack organizations. It's even more troubling to note that some groups have started to collaborate, creating complex and stealthy tactics that leave even the best security teams scrambling to respond. Such is the case noted by XDR Provider Cynet, as the company observes in its newest Research Webinar ( register here ). Cynet's research team noted that two of the most infamous attack groups – Lunar Spider and Wizard Spider – have started working together to infect organizations with ransomware. The development is certainly troubling, and theThe Hacker News
June 30, 2021 – Breach
SolarWinds Hackers Compromised Denmark’s Central Bank and Remained Hidden for Months Full Text
Abstract
The network intrusion was revealed by the technology outlet Version2, which obtained official documents from the Danish central bank through a freedom of information request.Security Affairs
June 30, 2021 – Vulnerabilities
Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability Full Text
Abstract
A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as CVE-2021-1675 , the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading the appropriate printer drivers, and scheduling the print job for printing, among others. Print Spooler flaws are concerning, not least because of the wide attack surface, but also owing to the fact that it runs at the highest privilege level and is capable of dynamically loading third-party binaries. "Either the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimateThe Hacker News
June 30, 2021 – Government
Report Urges NASA to Improve Cybersecurity Risk Management Full Text
Abstract
The GAO is urging NASA's administrator to make multiple improvements to its cybersecurity and risk management policies to counter threats to it's network infrastructure and data, as per a new report.Gov Info Security
June 30, 2021 – Malware
PJobRAT Disguised as Android Dating App Steals Contacts, SMS, and GPS Data Full Text
Abstract
The cybersecurity experts at Cyble along with 360 Core Security Lab have recently detected the PJobRAT spyware in dating and instant messaging apps stealing contacts, SMSes, and GPS data.GB Hackers
June 30, 2021 – Criminals
Ransomware group ‘Hades’ claims more victims as investigators seek answers Full Text
Abstract
The Hades ransomware group, which is involved in big game hunting against billion-dollar companies, has claimed to have hit at least seven victims since its discovery late last year.Cyberscoop
June 30, 2021 – Vulnerabilities
EA ignored domain vulnerabilities for months despite warnings and breaches Full Text
Abstract
Officials from Cyberpion approached EA late last year to inform them of multiple domains that could be subject to takeovers as well as misconfigured and potentially unknown assets.ZDNet
June 30, 2021 – Solution
GitHub Launches ‘Copilot’ — AI-Powered Code Completion Tool Full Text
Abstract
GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot , as the code synthesizer is called, has been developed in collaboration with OpenAI , and leverages Codex, a new AI system that's trained on publicly available source code and natural language with the goal of translating comments and code written by a user into auto-generated code snippets. "GitHub Copilot draws context from the code you're working on, suggesting whole lines or entire functions," GitHub CEO Nat Friedman said in a blog post. "It helps you quickly discover alternative ways to solve problems, write tests, and explore new APIs without having to tediously tailor a search for answers on the internet." Despite its function as an AI-based autocomplete for writing boilerplate code, the MicrThe Hacker News
June 30, 2021 – Criminals
SolarWinds hackers remained hidden in Denmark’s central bank for months Full Text
Abstract
Russia-linked threat actors compromised Denmark’s central bank (Danmarks Nationalbank) and remained in its systems for months. Russia-linked threat actors infected the systems of Denmark’s central bank (Danmarks Nationalbank) and maintained access...Security Affairs
June 29, 2021 – Solution
Lorenz ransomware decryptor recovers victims’ files for free Full Text
Abstract
Dutch cybersecurity firm Tesorion has released a free decryptor for the Lorenz ransomware, allowing victims to recover some of their files for free without paying a ransom.BleepingComputer
June 29, 2021 – Solution
Apple encrypts its iCloud data on Google, AWS clouds Full Text
Abstract
Apple had become Google’s largest customer of cloud data services, with the company’s encryption standards viewed as a positive development by some security researchers, who said more companies need to take the shared responsibility model with cloud service providers seriously.SCMagazine
June 29, 2021 – Hacker
Hackers use zero-day to mass-wipe My Book Live devices Full Text
Abstract
A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss.BleepingComputer
June 29, 2021 – Phishing
Parcel delivery scammers targeting people with personalised messages Full Text
Abstract
A recent parcel delivery scam has adopted new tricks with scammers sending out personalized messages to the targeted victims to defraud them of up to thousands of dollars.Times of Malta
June 29, 2021 – General
Hillicon Valley: Administration to release attribution for Microsoft vulnerabilities in ‘coming weeks’ | Facebook rolling out new newsletter feature | Parler refused Trump demand to ban his critics: book Full Text
Abstract
A top Biden administration official on Tuesday teased the upcoming attribution of the exploitation of vulnerabilities in Microsoft’s Exchange Server, saying that there would be further details on who was behind the attack “in the coming weeks.” The administration previously called out Russia for being behind the SolarWinds hack, and Microsoft in March said a Chinese state-sponsored hacking group was likely exploiting the Microsoft vulnerabilities.The Hill
June 29, 2021 – Breach
New LinkedIn breach exposes data of 700 Million users Full Text
Abstract
A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users. A new massive LinkedIn breach made the headlines, a database containing data of 700M users, more than 92% of the total...Security Affairs
June 29, 2021 – General
Industry groups worry that cyber may get lost amid the contracting morass of federal orders Full Text
Abstract
Industry groups are concerned that contractors may lack crucial details, context and authority for reporting requirements in the cyber executive order.SCMagazine
June 29, 2021 – General
Users Clueless About Cybersecurity Risks: Study Full Text
Abstract
The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack.Threatpost
June 29, 2021 – Solution
Windows 11 includes the DNS-over-HTTPS privacy feature - How to use Full Text
Abstract
Microsoft has added a privacy feature to Windows 11 called DNS-over-HTTPS, allowing users to perform encrypted DNS lookups to bypass censorship and Internet activity.BleepingComputer
June 29, 2021 – Vulnerabilities
NFC flaws let researchers hack an ATM by waving a phone Full Text
Abstract
Researcher Josep Rodriguez has reported several security vulnerabilities in the near-field communications (NFC) reader chips used in millions of ATMs and point-of-sale systems worldwide.Ars Technica
June 29, 2021 – Government
House lawmakers propose major budget increase for key cyber agency Full Text
Abstract
The House Appropriations Committee on Tuesday included almost $400 million more than last year for the Cybersecurity and Infrastructure Security Agency (CISA) in its budget proposal for the upcoming year.The Hill
June 29, 2021 – Vulnerabilities
PoC exploit for CVE-2021-1675 RCE started circulating online Full Text
Abstract
Proof-of-concept exploit code for CVE-2021-1675 flaw, an attacker could exploit it to compromise Windows systems. Proof-of-concept exploit code for the CVE-2021-1675 flaw has been published online, the flaw impacts the Windows Print Spooler service...Security Affairs
June 29, 2021 – Privacy
Pandemic hasn’t stemmed the rise of privacy salaries, but there is still some work to do Full Text
Abstract
A new report from the IAPP notes the average salary for a privacy pro in 2021 is $140,529 – a jump of more than $6,000 since 2019. That said, a gender gap persists.SCMagazine
June 29, 2021 – Vulnerabilities
Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks Full Text
Abstract
The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.Threatpost
June 29, 2021 – Breach
Russian hackers had months-long access to Denmark’s central bank Full Text
Abstract
Russian state hackers compromised Denmark's central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected.BleepingComputer
June 29, 2021 – Vulnerabilities
Malvuln Project Catalogues 260 Vulnerabilities Found in Malware Full Text
Abstract
Malvuln, a project started by security researcher John Page (aka hyp3rlinx), has enlisted vulnerabilities across 105 individual malware families and shown how they can be exploited.Security Week
June 29, 2021 – Vulnerabilities
Administration to release attribution for Microsoft vulnerabilities in ‘coming weeks’ Full Text
Abstract
The Biden administration is working to formally attribute the exploitation of vulnerabilities in Microsoft’s Exchange Server application, which left thousands of organizations vulnerable to attack, “in the coming weeks,” a top official said Tuesday.The Hill
June 29, 2021 – General
More ‘actionable’ intel needed from HHS to support health IT security Full Text
Abstract
While the HHS threat sharing efforts are off to a sound start, the GAO found key coordination areas the agency should improve to better support overall health IT security in the sector.SCMagazine
June 29, 2021 – Policy and Law
DoubleVPN servers, logs, and account info seized by law enforcement Full Text
Abstract
Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities.BleepingComputer
June 29, 2021 – Solution
Experts developed a free decryptor for the Lorenz ransomware Full Text
Abstract
Like other ransomware gangs, Lorenz operators also implement a double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom.Security Affairs
June 29, 2021 – General
Neuberger: Banning ransom payments is a ‘difficult policy position’ Full Text
Abstract
Banning ransomware payments is one of the most common and most controversial mechanisms proposed to curtail the recent growth of criminal incidents and the national security problems they cause. Neuberger, a key Biden advisor, offered some insight into the conversation happening behind closed doors.SCMagazine
June 29, 2021 – Vulnerabilities
High-Severity Vulnerabilities Found in Several Phoenix Contact Industrial Products Full Text
Abstract
The industrial solutions provider Phoenix Contact alerted its customers of 10 security vulnerabilities in its TC router, FL MGUARD modules, ILC 2050 BI building controllers, and PLCNext products.Security Week
June 29, 2021 – Business
Accenture Acquires 40th Company In 10 Months With Sentor Buy Full Text
Abstract
Accenture Tuesday unveiled its acquisition of Sweden-based Sentor, a provider of cyberdefense and managed security services. The financial terms of the Sentor deal were not disclosed.CRN
June 29, 2021 – APT
Cobalt Strike: Favorite Tool from APT to Crimeware Full Text
Abstract
Cobalt Strike is a legitimate penetration testing tool used by security professionals to emulate malicious activity in a network. However, threat actors are increasingly abusing the tool.Proofpoint
June 29, 2021 – Government
NIST Releases ‘Critical Software’ Definition for US Agencies Full Text
Abstract
The NIST published its definition of what "critical software" means for the U.S. government, as the agency begins working on the requirements laid by the President's executive order on cybersecurity.Bank Info Security
June 29, 2021 – Breach
Microsoft’s Halo dev site breached using dependency hijacking Full Text
Abstract
Microsoft has once again been successfully hit by a dependency hijacking attack. This month, another researcher found an npm internal dependency being used by an open-source project. After publishing a public dependency by the same name, he began receiving messages from Microsoft's Halo game dev servers.BleepingComputer
June 29, 2021 – Ransomware
New Ransomware Variant Uses Golang Packer Full Text
Abstract
CrowdStrike recently observed a ransomware sample borrowing implementations from previous HelloKitty and FiveHands variants and using a Golang packer compiled with the most recent version of Golang.Crowdstrike
June 29, 2021 – Vulnerabilities
Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine Full Text
Abstract
An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in an analysis published Friday. "By mounting this exploit, the attacker can grant access to themselves over SSH (public key authentication) so then they can login as the root user." Google Compute Engine ( GCE ) is an infrastructure-as-a-service (IaaS) component of Google Cloud Platform that enables users to create and launch virtual machines (VMs) on demand. GCE provides a method for storing and retrieving metadata in the form of the metadata server , which offers a central point to set metadata in the form of key-value pairs that's then provided to virtual machines at runtime. According to the researcher, the issue is a consequence of weak pseudo-randomThe Hacker News
June 29, 2021 – Ransomware
Linux version of REvil ransomware targets ESXi VM Full Text
Abstract
The REvil ransomware operators added a Linux encryptor to their arsenal to encrypt Vmware ESXi virtual machines. The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises. The...Security Affairs
June 29, 2021 – Criminals
Ursnif Operators Leverage Cerberus to Automate Fraudulent Bank Transfers in Italy Full Text
Abstract
A variant of Ursnif Trojan is being used in the wild to target online banking users in Italy. As a part of the attack, the trojan tricks desktop users into downloading an app from a fake Google Play page to infect their mobile device with the Cerberus malware. Users are recommended to avoid clickin ... Read MoreCyware Alerts - Hacker News
June 29, 2021 – Solution
New API Lets App Developers Authenticate Users via SIM Cards Full Text
Abstract
Online account creation poses a challenge for engineers and system architects: if you put up too many barriers, you risk turning away genuine users. Make it too easy, and you risk fraud or fake accounts. The Problem with Identity Verification The traditional model of online identity – username/email and password – has long outlived its usefulness. This is how multi-factor or two-factor authentication (MFA or 2FA) has come into play, to patch up vulnerabilities of the so-called knowledge-based model, usually by SMS passcode to verify possession of a mobile phone number. The simplicity of SMS-based verification has taken apps by storm – it's the default option, as most users have a mobile phone. Yet bad actors have learned how to exploit this verification method, leading to the menace of SIM swap fraud , which is alarmingly easy to pull off and rising rapidly in incidents. There's been no lack of effort in finding a more secure factor that is still universal. For example, bThe Hacker News
June 29, 2021 – Solution
Experts developed a free decryptor for the Lorenz ransomware Full Text
Abstract
Researchers analyzed a recently discovered threat, the Lorenz ransomware, and developed a free decryptor for the victims of this new operation. The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding...Security Affairs
June 29, 2021 – Malware
Pirated Games Spreading Cryptojacking Malware Full Text
Abstract
Avast stumbled across the Crackonosh malware operation that helped cybercriminals yield at least $2 million in illegal Monero mining by compromising over 222,000 systems worldwide. Therefore, users are recommended to use genuine software to prevent any cyber-incidents.Cyware Alerts - Hacker News
June 29, 2021 – Solution
Google now requires app developers to verify their address and use 2FA Full Text
Abstract
Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace, Google Play Trust and Safety team said. As part of the changes, individual users and businesses in possession of Google Play developer accounts will be asked to specify an account type (personal or organization), a contact name, their physical address, as well as verifying the email address and phone number provided during account creation. In addition, the search giant is also mandating users of Google Play Console to sign in using Google's 2-Step Verification to prevent account takeover attacks. According to the timeline shared by Google, developer account owners will be able to declare their account type aThe Hacker News
June 29, 2021 – Vulnerabilities
GitHub paid out over $500K through its bug bounty program for 203 flaws in 2020 Full Text
Abstract
Code repository hosting service GitHub announced that it has paid out more than $1.5 million through its bug bounty program since 2016. Code repository hosting service GitHub announced that it has paid $524,250 through its bug bounty program for 203 vulnerabilities...Security Affairs
June 29, 2021 – Attack
Threat Actors are Targeting Firewall and VPN Devices Full Text
Abstract
Networking equipment vendor Zyxel has emailed customers to alert them about a cyberattack targeting its high-end enterprise-focused firewall and VPN server products. Attacks against firewalls, VPN servers, and load balancers have become common. Such attacks are becoming prominent and being carried ... Read MoreCyware Alerts - Hacker News
June 29, 2021 – General
Watch Out for Cascading Extortion Threats! Full Text
Abstract
Ransomware operators are resorting to different extortion tactics to intensify the stress on victims for greater ransom payouts. There are four new extortion tactics observed by the Hong Kong CERT Coordination Centre.Cyware Alerts - Hacker News
June 29, 2021 – Phishing
Spear Phishing Campaign with New Techniques Takes Aim at Aviation Companies Full Text
Abstract
In this campaign, a malicious link that distributes an AsyncRAT payload is sent to aviation companies with a well-crafted message. AsyncRAT is used to steal credentials and other sensitive data.Fortinet
June 29, 2021 – Business
Google to require 2FA and a physical address from Android app devs Full Text
Abstract
After seeing an increase in fraud and malicious developer accounts, Google announced plans to require additional identity verification from developers who want to list apps on the official Play Store.The Record
June 28, 2021 – General
Could curtailing cryptocurrency calm cyber crime wave? Full Text
Abstract
One of the most widely circulated policy ideas to curtail ransomware would be to treat cryptocurrencies as a bonafide component of the financial system: require cryptocurrency exchanges to abide by regulations that reduce anonymity and prevent money laundering. SC Media broke down the potential.SCMagazine
June 28, 2021 – Malware
Microsoft Signs Malware That Spreads Through Gaming Full Text
Abstract
The driver, called “Netfilter,” is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers’ geo-locations to cheat the system and play from anywhere, Microsoft said.Threatpost
June 28, 2021 – Criminals
Could curtailing cryptocurrency calm cyber crimewave? Full Text
Abstract
One of the most widely circulated policy ideas to curtail ransomware would be to treat cryptocurrencies as a bonafide component of the financial system: require cryptocurrency exchanges to abide by regulations that reduce anonymity and prevent money laundering. SC Media broke down the potential.SCMagazine
June 28, 2021 – Breach
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground Full Text
Abstract
After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it’s happened again – with big security ramifications.Threatpost
June 28, 2021 – Breach
Attackers Breach Microsoft Customer Service Accounts Full Text
Abstract
American IT companies and government have been targeted by the Nobelium state-sponsored group.Threatpost
June 28, 2021 – General
Hillicon Valley: Court dismisses FTC, state antitrust cases against Facebook | YouTube ‘mistakenly’ suspends Right Wing Watch | Report finds costs of cyberattacks could exceed natural disasters Full Text
Abstract
Washington’s crackdown on the market power of Big Tech hit a roadblock Monday, after a D.C. federal court dismissed two antitrust cases brought against Facebook. The update comes after the House Judiciary Committee last week advanced six bills aimed at giving regulators more authority to rein in the power of the tech companies, and supporters of the bills are using the dismissal to boost the bills as they head to a full floor vote (see top Republican on the House antitrust subcommittee Colorado Rep. Ken BuckKenneth (Ken) Robert BuckCalifornia Democrats clash over tech antitrust fight Tech antitrust bills create strange bedfellows in House markup Tech industry pushes for delay in antitrust legislation MORE’s reaction here).The Hill
June 28, 2021 – General
Scant evidence that cyber insurance boom is leading to better security Full Text
Abstract
A British study calls for a ‘reset’ in cyber insurance, calling the current model unsustainable and possibly ineffective.SCMagazine
June 28, 2021 – General
Report estimates major cyberattack could cost more than recovering from natural disasters Full Text
Abstract
The cost of a major cyberattack on a critical major U.S. utility or service provider could equate to that of a natural disaster such as a hurricane, a report released Monday found.The Hill
June 28, 2021 – Ransomware
REvil ransomware’s new Linux encryptor targets ESXi virtual machines Full Text
Abstract
The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines.BleepingComputer
June 28, 2021 – 5G
5G Security Vulnerabilities Fluster Mobile Operators Full Text
Abstract
A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).Threatpost
June 28, 2021 – Breach
Mercedes-Benz cloud data exposure shines spotlight on third-party risk Full Text
Abstract
The Mercedes-Benz leak highlights an issue that security teams keep seeing time and again: Private data that’s accidentally left publicly accessible on a cloud storage platform by a vendor.SCMagazine
June 28, 2021 – Vulnerabilities
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug Full Text
Abstract
A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.Threatpost
June 28, 2021 – Criminals
Ransomware gangs now creating websites to recruit affiliates Full Text
Abstract
Ever since two prominent Russian-speaking cybercrime forums banned ransomware-related topics [1, 2], criminal operations have been forced to promote their service through alternative methods.BleepingComputer
June 28, 2021 – Government
US the Only Top Tier Cyber-power Full Text
Abstract
Report finds other countries lag behind US when it comes to cyber prowessInfosecurity Magazine
June 28, 2021 – Outage
NewsBlur Restores Service After Hacker Wipes Database Full Text
Abstract
The hacker was able to gain access to the database while the RSS reader was being transitioned to Docker, which circumvented some firewall rules and opened the NewsBlur MongoDB database to the public.Security Week
June 28, 2021 – General
Costs from ransomware attack against Ireland health system reach $600M Full Text
Abstract
Ireland Health Service Executive, which is still operating under electronic health record downtime six weeks after the attack, intends to implement a security operation center able to better monitor the network for potential threats.SCMagazine
June 28, 2021 – Solution
Sizing Up the Security Features Slated for Windows 11 Full Text
Abstract
Microsoft's decision to offload more security requirements onto hardware is the right move, some security experts say. But many firms running older gear could have a hard time taking advantage of it.Bank Info Security
June 28, 2021 – Vulnerabilities
Zero-day Exploit Found in Adobe Experience Manager Full Text
Abstract
Ethical hackers find bug in popular content management solutionInfosecurity Magazine
June 28, 2021 – Breach
Personal Details of Over 200,000 Students Leaked After Cyberattack on AcadeME Full Text
Abstract
The group claimed that they leaked emails, passwords, first and last names, addresses, and even phone numbers of over 200,000 students who were registered on AcadeME since 2014.The Jerusalem Post
June 28, 2021 – General
Critical CISO Initiatives for the Second Half of 2021 Full Text
Abstract
Nilesh Dherange, CTO at Gurucul, goes over what defenses CISOs need now, and how and why to prioritize the options.Threatpost
June 28, 2021 – Government
US Secret Service Releases ‘Most Wanted’ Cyber Fugitive List Full Text
Abstract
The Secret Service is offering rewards of up to $1 million for information leading to the arrests of two suspects who allegedly targeted the U.S. SEC's EDGAR system server in 2016.Bank Info Security
June 28, 2021 – Breach
Kentucky Healthcare System Exposes Patients’ PHI Full Text
Abstract
UofL Health sends PHI of 42,000 patients to incorrect email addressesInfosecurity Magazine
June 28, 2021 – Business
AWS Acquires Encrypted Communications Service Wickr Full Text
Abstract
Amazon’s AWS subsidiary on Friday announced the acquisition of Wickr, a late-stage startup that sells end-to-end encrypted communications tools. Financial terms of the transaction were not released.Security Week
June 28, 2021 – Government
Seamless EU-UK Data Flows to Continue Following Adequacy Decisions Full Text
Abstract
The move will allow the flow of personal data between the two regions to continue seamlesslyInfosecurity Magazine
June 28, 2021 – Hacker
Microsoft investigates threat actor distributing malicious Netfilter Driver Full Text
Abstract
Microsoft is investigating an strange attack, threat actor used a driver signed by the company, the Netfilter Driver, to implant a Rootkit. Microsoft announced it is investigating a threat actor distributing malicious drivers in attacks aimed at the gaming...Security Affairs
June 28, 2021 – General
An ‘operational imperative and competitive advantage’: CEOs must lead whole of nation response to ransomware Full Text
Abstract
Former DHS CIO Karen Evans and Parham Eftekhari of the Cybersecurity Collaborative and ICIT detail how business leaders can prioritize cybersecurity alongside traditional corporate objectives.SCMagazine
June 28, 2021 – Business
Bit Discovery Banks $4 Million for Attack Surface Management Tech Full Text
Abstract
The Series B funding round was led by Mighty Capital and return investor Aligned Partners and includes smaller investments from prominent security practitioners including Alex Stamos and Jeff Moss.Security Week
June 28, 2021 – Vulnerabilities
Microsoft Edge Bug Could’ve Let Hackers Steal Your Secrets for Any Site Full Text
Abstract
Microsoft last week rolled out updates for the Edge browser with fixes for two security issues , one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that's triggered when automatically translating web pages using the browser's built-in feature via Microsoft Translator . Credited for discovering and reporting CVE-2021-34506 are Ignacio Laurence as well as Vansh Devgan and Shivam Kumar Singh with CyberXplore Private Limited. "Unlike the common XSS attacks, UXSS is a type of attack that exploits client-side vulnerabilities in the browser or browser extensions in order to generate an XSS condition, and execute malicious code," CyberXplore researchers said in a write-up shared with The Hacker News. "When such vulnerabilities are found and exploited,The Hacker News
June 28, 2021 – Covid-19
Reported HMRC-Branded Phishing Scams Grew by 87% During COVID-19 Full Text
Abstract
Phishing scams impersonating the UK’s tax, payments and customs authority surgeInfosecurity Magazine
June 28, 2021 – Breach
The builder for Babuk Locker ransomware was leaked online Full Text
Abstract
The builder for the Babuk Locker ransomware was leaked online, threat actors can use it to create their own ransomware strain. The Record first reported that the builder for the Babuk Locker ransomware was leaked online, threat actors could use it to create...Security Affairs
June 28, 2021 – General
An ‘operational imperative and competitive advantage’: CEOs must lead whole of nation response to ransomware Full Text
Abstract
Former DHS CIO Karen Evans and Parham Eftekhari of the Cybersecurity Collaborative and ICIT detail how business leaders can prioritize cybersecurity alongside traditional corporate objectives.SCMagazine
June 28, 2021 – Breach
New Hive Ransomware Group Hive Leaks Stolen Files From Altus Group Full Text
Abstract
On June 14th, Altus Group, a commercial real estate software solutions company, has announced that its data was breached. A week later, they reported “no evidence of impact”.Security Affairs
June 28, 2021 – Hacker
Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware Full Text
Abstract
Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China. The driver, called " Netfilter ," is said to target gaming environments, specifically in the East Asian country, with the Redmond-based firm noting that "the actor's goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere." "The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers," Microsoft Security Response Center (MSRC) said . The rogue code signing was spotted by Karsten Hahn, a malware analyst at German cybersecurity company G Data, who shared additional details of the rootkit, including a dropper , which is used to deploy and install Netfilter on the system. Upon succThe Hacker News
June 28, 2021 – Breach
Mercedes Benz Data Leak Includes Card and Social Security Details Full Text
Abstract
Customer data was exposed via an insecure cloud storage serviceInfosecurity Magazine
June 28, 2021 – Cryptocurrency
Six typosquatting packages in PyPI repository laced with crypto miner Full Text
Abstract
Researchers discovered six rogue packages in the official Python programming language’s PyPI repository containg cryptocurrency mining malware. Experts from security firm Sonatype have uncovered six typosquatting packages in the official Python...Security Affairs
June 28, 2021 – Ransomware
Leaked Builder for Babuk Locker Ransomware Can be Used to Create Custom Ransomware Variants Full Text
Abstract
The leak of the Babuk Locker builder comes two months after the Babuk Locker ransomware gang announced that it was retiring after an attack on the Washington, DC police department in late April.The Record
June 28, 2021 – General
DMARC: The First Line of Defense Against Ransomware Full Text
Abstract
There has been a lot of buzz in the industry about ransomware lately. Almost every other day, it's making headlines. With businesses across the globe holding their breath, scared they might fall victim to the next major ransomware attack, it is now time to take action. The FBI IC3 report of 2020 classified Ransomware as the most financially damaging cybercrime of the year, with no major improvement in 2021. Wouldn't it be nice if you could prevent a ransomware attack from occurring in the first place? DMARC can make this seemingly impossible claim a possibility for domain owners! Multiple benefits arise from your DMARC implementation over time, including an increase in the deliverability of your email as well as a higher domain reputation. DMARC is also known as the first line of defense against Ransomware. Let's take a closer look. What are the Risks Associated with Ransomware? Ransomware is malicious software that installs itself on your computer without your pThe Hacker News
June 28, 2021 – Breach
Sensitive Defense Documents Found at Bus Stop Full Text
Abstract
UK's Ministry of Defence launches investigation after worrying discoveryInfosecurity Magazine
June 28, 2021 – General
Why Security is Paramount in a Digital-First Economy? Full Text
Abstract
CISOs are looking for scalable, long-term strategies that could proactively protect their enterprise environment and prevent cybercriminals from exploiting vulnerabilities during crisis situations.The Times Of India
June 28, 2021 – Insider Threat
Former Health Secretary Faces Probe Over Use of Personal Emails Full Text
Abstract
Experts say move could have exposed UK government to increased cyber-riskInfosecurity Magazine
June 28, 2021 – General
India fails in cybersecurity literacy test: Study Full Text
Abstract
Scoring just 51.2 points out of 100 (14 points below the global average), India ranked 19 out of 21 countries in the National Privacy Test conducted recently by global VPN service provider NordVPN.The Times Of India
June 28, 2021 – Privacy
Many companies believe it is important to protect employee privacy, yet few are effective in doing so Full Text
Abstract
As per a new survey, 63% of respondents say it is important or very important to protect employee privacy in the workforce, but only 34% of organizations are effective or very effective in doing so.Help Net Security
June 28, 2021 – Attack
Nefilim Ransomware Attack Through a MITRE Att&ck Lens Full Text
Abstract
It is operated by a group tracked under the intrusion set "Water Roc". This group combines advanced techniques with legitimate tools to make them harder to detect and respond before it is too late.Trend Micro
June 28, 2021 – Malware
Malware Written in GoLang – A Growing Trend Full Text
Abstract
Several threat actors are increasingly writing malicious codes in GoLang. Recently, the PYSA group was found deploying ChaChi, a remote access trojan written in Go.Cyware Alerts - Hacker News
June 27, 2021 – Vulnerabilities
Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online Full Text
Abstract
A security vulnerability in Cisco Adaptive Security Appliance (ASA) that was addressed by the company last October and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept (PoC) exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers are chasing after an exploit for the bug. "Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild," the cyber exposure company said . Tracked as CVE-2020-3580 (CVSS score: 6.1), the issue concerns multiple vulnerabilities in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software that could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks on an affected device. As of July 2020, there were a little over 85,000 ASA/FTD devices , 398 of which are spread acrossThe Hacker News
June 27, 2021 – Breach
SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers Full Text
Abstract
In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. "This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date," the tech giant's Threat Intelligence Center said Friday. "All customers that were compromised or targeted are being contacted through our nation-state notification process." The development was first reported by news service Reuters. The names of the victims were not revealed. The latest wave in a series of intrusions is said to have primarily targeted IT companies, followed by government agencies, non-governmental organizations, think tanks, and financThe Hacker News
June 27, 2021 – Vulnerabilities
Cisco ASA vulnerability actively exploited after exploit released Full Text
Abstract
Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter.BleepingComputer
June 27, 2021 – Cryptocurrency
Crackonosh Monero miner made $2M after infecting 222,000 Win systems Full Text
Abstract
Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that...Security Affairs
June 27, 2021 – General
Security Affairs newsletter Round 320 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Norway blames...Security Affairs
June 27, 2021 – Hacker
Hackers target Cisco ASA devices after a PoC exploit code was published online Full Text
Abstract
Experts warn of attacks against Cisco ASA devices after researchers have published a PoC exploit code on Twitter for a known XSS vulnerability. Experts warn of attacks against Cisco ASA devices after researchers from Positive Technologies have published...Security Affairs
June 26, 2021 – Malware
Two New IcedID Campaigns Making Rounds in the Wild Full Text
Abstract
A new variant of the IcedID banking trojan has been discovered that spreads via two new spam campaigns. These campaigns are hitting more than 100 detections a day. The best way to stay protected from such threats is to stay alert while receiving emails from unknown senders.Cyware Alerts - Hacker News
June 26, 2021 – Hacker
Nobelium hackers accessed Microsoft customer support tools Full Text
Abstract
Microsoft says they have discovered new attacks conducted by the Russian state-sponsored Nobelium hacking group, including a hacked Microsoft support agent's computer that exposed customer's subscription information.BleepingComputer
June 26, 2021 – Breach
Mercedes-Benz data breach impacted roughly 1000 individuals Full Text
Abstract
Mercedes-Benz USA disclosed a data breach that impacted 1.6 million customers, exposed data includes financial data and social security numbers (SSNs). Mercedes-Benz USA disclosed on Friday a data breach that impacted some of its customers and potential...Security Affairs
June 26, 2021 – Breach
Microsoft: Russia-linked SolarWinds hackers breached three new entities Full Text
Abstract
Microsoft discovered that Russia-linked SolarWinds hackers, tracked as Nobelium, have breached the network of three new organizations. Microsoft revealed on Friday that Russia-linked SolarWinds hackers, tracked as Nobelium or APT29, have conducted...Security Affairs
June 26, 2021 – Criminals
New ransomware group Hive leaks Altus group sample files Full Text
Abstract
On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. On June 14th, Altus Group, a commercial real estate software solutions company, has announced that...Security Affairs
June 26, 2021 – Malware
Microsoft admits to signing rootkit malware in supply-chain fiasco Full Text
Abstract
Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control IPs.BleepingComputer
June 26, 2021 – Vulnerabilities
MyBook Users Urged to Unplug Devices from Internet Full Text
Abstract
Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw.Krebs on Security
June 26, 2021 – Vulnerabilities
Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable Full Text
Abstract
CyberNews researchers analyzed the recently discovered Epsilon Red operations and found that more than 3.5K servers are still vulnerable Several weeks later, security researchers from Sophos have discovered a new ransomware variant known...Security Affairs
June 26, 2021 – General
Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable Full Text
Abstract
Seemingly, a variant of the ransomware, Epsilon Red, relies on vulnerable Microsoft Exchange servers. Threat actors use them to launch mass server exploitation campaigns and try to expose companies’ information for revenue.Security Affairs
June 26, 2021 – Phishing
.WIM Files Attachment Is Being Used in Phishing Attacks Full Text
Abstract
The researchers at Trustwave have disclosed in a recent report that threat actors are starting to utilize WIM (Windows Imaging Format) attachments in order to distribute the Agent Tesla remote access trojan.Heimdal Security
June 26, 2021 – Malware
Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency Full Text
Abstract
Researchers have discovered a strain of cryptocurrency-mining malware that abuses Windows Safe mode during attacks. The malware, dubbed Crackonosh by researchers at Avast, spreads through pirated and cracked software.ZDNet
June 26, 2021 – Malware
DarkSide Created a Linux Version of Its Ransomware Full Text
Abstract
The DarkSide Russian-speaking cybercrime group, which announced it was closing its ransomware-as-a-service operation, had earlier completed a Linux version of its malware designed to target ESXi servers hosting VMware virtual machines.Info Risk Today
June 26, 2021 – Breach
Microsoft says new breach discovered in probe of suspected SolarWinds hackers Full Text
Abstract
Microsoft said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers.Reuters
June 25, 2021 – Ransomware
The Week in Ransomware - June 25th 2021 - Back in Business Full Text
Abstract
It has been relatively quiet this week, with few attacks revealed and few new ransomware variants released. However, some interesting information came out that we have summarized below.BleepingComputer
June 25, 2021 – General
Hillicon Valley: UK watchdog to investigate Google, Amazon over fake reviews | Google to warn users about unreliable information during certain events | Senators roll out cyber workforce bill Full Text
Abstract
There’s more trouble for Amazon and Google across the pond, with the United Kingdom’s competition watchdog announcing an investigation into fake reviews on the platforms.The Hill
June 25, 2021 – Government
Senators propose bill to help tackle cybersecurity workforce shortage Full Text
Abstract
Sens. Maggie Hassan (D-N.H.) and John CornynJohn CornynThe Afghan Air Force: When 'Buy American' goes wrong Senators say White House aides agreed to infrastructure 'framework' Cornyn calls on Biden and Harris to visit southern border: 'Y'all come visit' MORE (R-Texas) on Friday introduced legislation meant to tackle parts of the government’s cyber workforce shortage.The Hill
June 25, 2021 – General
PS3 Players Ban: Latest Victims of Surging Attacks on Gaming Industry Full Text
Abstract
Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network.Threatpost
June 25, 2021 – Criminals
Marketo Marketplace – Cybercriminals are targeting major law firms Full Text
Abstract
Cybercriminals published for sale in Dark Web 58GB of data stolen from Hollingsworth LLP. One of the emerging underground marketplaces of stolen data 'Marketo' available in TOR network announced the publication of data presumably stolen from Hollingsworth...Security Affairs
June 25, 2021 – Attack
Attacks against game companies are up. But why? Full Text
Abstract
Malicious hackers are increasingly mobbing the video game industry, but security experts can’t pinpoint a single explanation for the surge.SCMagazine
June 25, 2021 – Breach
Mercedes-Benz data breach exposes SSNs, credit card numbers Full Text
Abstract
Mercedes-Benz USA has just disclosed a data breach impacting under 1,000 customers and potential buyers that exposed their credit card information, social security numbers, and driver license numbers.BleepingComputer
June 25, 2021 – General
Young Americans Twice as Likely to Cyber-stalk Full Text
Abstract
Gen Z and Millennials more likely than those aged over 40 to cyber-stalk exes and current partnersInfosecurity Magazine
June 25, 2021 – Business
AWS acquires encrypted comms platform Wickr to support shift to hybrid work environments Full Text
Abstract
AWS CISO Stephen Schmidt said that the move to a hybrid work environment due in part to the pandemic has led to a need among companies and government agencies to protect their communications across multiple remote locations.SCMagazine
June 25, 2021 – General
Ignorance is not a legal excuse for paying sanctioned ransomware groups Full Text
Abstract
Newly emergent Grief ransomware is another example of how cybercriminal groups change names and coding to confuse victims and circumvent federal restrictions.SCMagazine
June 25, 2021 – Attack
A New Attack on AI-driven Facial Recognition Systems Full Text
Abstract
Researchers developed an attack technique named Adversarial Octopus that could perform a targeted attack on AI-based facial recognition systems. This attack shows that AI systems require much more attention at the security front, and such new attack methods will help raise awareness.Cyware Alerts - Hacker News
June 25, 2021 – Breach
Data of 500K patients accessed, stolen after eye clinic ransomware attack Full Text
Abstract
This week’s breach roundup is led by a ransomware attack against Wolfe Eye Clinic in Iowa. An attacker accessed and likely stole the data of 500,000 patients.SCMagazine
June 25, 2021 – General
Recent Arrests Probably Weren’t Able to Stop Cl0p Ransomware Full Text
Abstract
Cl0p ransomware hackers just dumped stolen data on their dark website claiming it was stolen from a new victim. Several gang members of the group were detained by Ukrainian police last week but it seems the group is still active. Organizations are advised to proactively follow adequate security mea ... Read MoreCyware Alerts - Hacker News
June 25, 2021 – Hacker
Hackers exploit 3-years old flaw to wipe Western Digital devices Full Text
Abstract
Threat actors are wiping many Western Digital (WD) My Book Live and My Book Live Duo NAS devices likely exploiting an old vulnerability. Owners of Western Digital (WD) claim that their My Book Live and My Book Live Duo network-attached storage (NAS)...Security Affairs
June 25, 2021 – Policy and Law
FIN7 ‘Pen Tester’ Headed to Jail Amid $1B in Payment-Card Losses Full Text
Abstract
One of the Carbanak cybergang’s highest-level hackers is destined to serve seven years while making $2.5 million in restitution payments.Threatpost
June 25, 2021 – Malware
JSSLoader: Recoded and Reloaded | Proofpoint US Full Text
Abstract
After a months-long absence, the malware loader JSSLoader returned in June 2021 cyberattack campaigns by TA543 threat actor, rewritten from the .NET programming language to C++.Proofpoint
June 25, 2021 – Criminals
FIN7 Pen Tester to Serve Seven Years Full Text
Abstract
US sends down high-level member of hacking group behind $1bn card-stealing schemeInfosecurity Magazine
June 25, 2021 – Business
World’s Largest E-tailers to be Investigated Over Fake Reviews Full Text
Abstract
UK’s Competition and Markets Authority announces probe into how Amazon and Google combat fake reviewsInfosecurity Magazine
June 25, 2021 – Business
Threat Monitoring Firm FYEO Announces Acquisition as It Emerges From Stealth Full Text
Abstract
Threat monitoring and identity access management provider FYEO on Wednesday announced that it emerged from stealth mode with the acquisition of threat intelligence company Intelliagg.Security Week
June 25, 2021 – Business
Drata lands $25M for its automated cybersecurity compliance platform Full Text
Abstract
Drata Inc., a new startup working to make it easier for companies to comply with cybersecurity standards, today announced that it has raised a $25 million funding round led by GGV Capital.Silicon Angle
June 25, 2021 – Criminals
Crackonosh Malware Author Minted $2 Million in Cryptocurrency After Infecting 222,000 Windows Systems Full Text
Abstract
It has done so by hiding its malware in pirated and cracked copies of popular software, Daniel Beneš, a malware analyst for antivirus maker Avast, said in a report today.The Record
June 25, 2021 – Breach
My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks Full Text
Abstract
“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There’s an exploit.Threatpost
June 25, 2021 – Vulnerabilities
Western Digital: Disconnect My Book Live drives immediately Full Text
Abstract
Western Digital is asking customers to disconnect My Book Live hard drives from the internet to prevent malware from wiping them of data.SCMagazine
June 25, 2021 – Vulnerabilities
Vulnerabilities Expose Fortinet Firewalls to Remote Attacks Full Text
Abstract
A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall (WAF) can be exploited to execute arbitrary commands and can be chained with other security holes.Security Week
June 25, 2021 – Business
Cloud Application Security Firm Anjuna Raises $30 Million Full Text
Abstract
The funding round was led by Insight Partners and is expected to help the company bring its Confidential Cloud Software Platform to market and support technology development and innovation.Security Week
June 25, 2021 – Business
Windows 11 won’t work without a TPM - What you need to know Full Text
Abstract
Windows 11 requires a TPM security processor to install or upgrade to Windows 11. Unfortunately, there has been a lot of confusion about what type of TPM you need and why you need it in the first place.BleepingComputer
June 25, 2021 – Phishing
Phishing Campaign Exploits Housing Boom Full Text
Abstract
The phishing emails in this campaign purportedly contain a link to home purchase closing documents from First American, a company whose services include real estate title and settlement.Cofense
June 25, 2021 – Business
Google Extends Support for Tracking Party Cookies Until 2023 Full Text
Abstract
Google's sweeping proposals to deprecate third-party cookies in Chrome browser is going back to the drawing board after the company announced plans to delay the rollout from early 2022 to late 2023, pushing back the project by nearly two years. "While there's considerable progress with this initiative, it's become clear that more time is needed across the ecosystem to get this right," Chrome's Privacy Engineering Director, Vinay Goel, said Thursday. In buying extra time, the search giant said it hopes to arrive at a consensus on the right solutions, while simultaneously engaging with regulators, and enabling publishers and the advertising industry to migrate their services to privacy-preserving technologies that prevent "alternative forms of individual tracking, and discourage the rise of covert approaches like fingerprinting ." The revised timelines comes close on the heels of a fresh regulatory setback in the European Union, after the EurThe Hacker News
June 25, 2021 – Business
AWS BugBust Aims to Fix One Million Vulnerabilities Globally Full Text
Abstract
Cloud giant wants to save $100 million in technical debtInfosecurity Magazine
June 25, 2021 – Vulnerabilities
Flaws in FortiWeb WAF expose Fortinet devices to remote hack Full Text
Abstract
Fortinet has recently fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote attackers to execute arbitrary commands. Fortinet has recently addressed a high-severity vulnerability...Security Affairs
June 25, 2021 – Hacker
Hackers Crack Pirated Games with Cryptojacking Malware Full Text
Abstract
Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.Threatpost
June 25, 2021 – General
FBI director Chris Wray urges companies stop paying ransoms to hackers Full Text
Abstract
FBI Director Chris Wray on Wednesday pleaded with public companies and other hacking victims to avoid paying ransom, saying he fears it will only embolden cyber criminals to ramp up future attacks.CNBC
June 25, 2021 – Attack
Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack Full Text
Abstract
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet. "The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as 'zyxel_slIvpn', 'zyxel_ts', or 'zyxel_vpn_test', to manipulate the device's configuration," Zyxel said in an email message , which was shared on Twitter. As of writing, it's not immediately known if the attacks are exploiting previously known vulnerabilitiesThe Hacker News
June 25, 2021 – Vulnerabilities
Newly Discovered Dell Bugs Impact 30 Million PCs Full Text
Abstract
Four vulnerabilities could enable complete remote control of 129 modelsInfosecurity Magazine
June 25, 2021 – Policy and Law
Clop gang members recently arrested laundered over $500M in payments Full Text
Abstract
The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors. The members of the Clop ransomware gang that were recently arrested in Ukraine laundered over $500M for several cybercrime...Security Affairs
June 25, 2021 – Solution
Google rolls out a unified security vulnerability schema for open-source software Full Text
Abstract
Now the OSV and the schema has been expanded to several new key open-source ecosystems: Go, Rust, Python, and DWF. This expansion unites and aggregates their vulnerability databases.ZDNet
June 25, 2021 – Malware
Crackonosh virus mined $2 million of Monero from 222,000 hacked computers Full Text
Abstract
A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros ($2 million) in illegal profits. Dubbed " Crackonosh ," the malware is distributed via illegal, cracked copies of popular software, only to disable antivirus programs installed in the machine and install a coin miner package called XMRig for stealthily exploiting the infected host's resources to mine Monero. At least 30 different versions of the malware executable have been discovered between Jan. 1, 2018, and Nov. 23, 2020, Czech cybersecurity software company Avast said on Thursday, with a majority of the victims located in the U.S., Brazil, India, Poland, and the Philippines. Crackonosh works by replacing critical Windows system files such as serviceinstaller.msi and maintenance.vbs to cover its tracks and abuses the safe mode , which prevents antivirus software from working, to delete Windows DefenderThe Hacker News
June 25, 2021 – Breach
Cloud Database Exposes 800M+ WordPress Users’ Records Full Text
Abstract
Misconfiguration at hosting provider DreamHost led to the privacy breachInfosecurity Magazine
June 25, 2021 – Breach
Stolen Data of 3.4 Million Customers of Indian Trading Platform Sold Online Full Text
Abstract
The compromised information included Personal Identifiable Information (PII) such as names, customer IDs, contact numbers, email IDs, trade login IDs, branch IDs, city, and country.The Times Of India
June 25, 2021 – Policy and Law
FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards Full Text
Abstract
A Ukrainian national and a mid-level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov , 33, was arrested in Spain on June 28, 2018, and subsequently extradited to the U.S. the following year on June 1, 2019. In June 2020, Kolpakov pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. The Western District of Washington also ordered Kolpakov to pay $2.5 million in restitution. The defendant, who was involved with the group from April 2016 until his arrest, managed other hackers who were tasked with breaching the point-of-sale systems of companies, both in the U.S. and elsewhere, to deploy malware capable of stealing financial information. FIN7 , also called Anunak, Carbanak Group , and the Navigator Group,The Hacker News
June 25, 2021 – General
Irish Ransomware Attack Recovery Cost Estimate: $600 Million Full Text
Abstract
The recovery costs for the May ransomware attack on Health Service Executive, Ireland's publicly funded healthcare system, is likely to total $600 million, says Paul Reid, HSE's director general.Bank Info Security
June 25, 2021 – Breach
Mercedes-Benz USA Accidentally Exposes Sensitive Personal Information of Nearly 1,000 Customers Full Text
Abstract
The data comprised self-reported credit scores, driver licenses, social security numbers, and credit card information which was entered by customers and interested buyers on dealer and company websites between January 2014 and June 2017.Reuters
June 25, 2021 – Vulnerabilities
Report picks holes in the Linux kernel release signing process Full Text
Abstract
A report has highlighted a range of areas for improvement, from failing to mandate the use of hardware security keys for authentication to the use of static keys for SSH access.The Register
June 24, 2021 – Criminals
Clop Gang Partners Laundered $500 Million in Ransomware Payments Full Text
Abstract
The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities. "The group — also known as FANCYCAT — has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger; and laundering money from dark web operations and high-profile cyber attacks such as Cl0p and Petya ransomware," popular cryptocurrency exchange Binance said Thursday. On June 16, the Ukraine Cyber Police nabbed six individuals in the city of Kyiv, describing the arrests as resulting from an international operation involving law enforcement authorities from Korea, the U.S., and Interpol. While the bust was seen as a major blow to the operations of the Clop gang, the hackers published earlier this week a fresh batch of confidential employee records stolen fromThe Hacker News
June 24, 2021 – Malware
Spam Downpour Drips New IcedID Banking Trojan Variant Full Text
Abstract
The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.Threatpost
June 24, 2021 – Vulnerabilities
Flaws in Dell BIOSConnect feature affect 128 device models Full Text
Abstract
Flaws affecting the BIOSConnect feature of Dell Client BIOS could be exploited by a privileged attacker to execute arbitrary code at the BIOS/UEFI level of the impacted device. Researchers from cybersecurity firm Eclypsium discovered multiple vulnerabilities...Security Affairs
June 24, 2021 – General
Hillicon Valley: House advances six bills targeting Big Tech after overnight slugfest | Google to delay cookie phase out until 2023 | Appeals court rules against Baltimore Police Department aerial surveillance program Full Text
Abstract
House Judiciary Committee members wrapped up a marathon markup Thursday afternoon, advancing six antitrust bills that target the largest tech companies in the country. The two-day affair highlighted divisions in each party, with some California lawmakers on both sides of the aisle opposing the bills and previewing future hurdles for the legislation going forward.The Hill
June 24, 2021 – Business
Splunk expands into cloud security space with new platform Full Text
Abstract
Splunk, best known for its analytics software, delved deeper into the security realm this week when it released its new Splunk Security Cloud, a security operations platform that consists of security analytics, automated security operations, and integrated threat intelligence. The move to a cloud-based platform reflects Splunk’s recognition that the migration to remote work last…SCMagazine
June 24, 2021 – Vulnerabilities
New BIOS vulnerabilities impact tens of millions of Dell computer hardware Full Text
Abstract
The vulnerabilities, discovered by security researchers at Eclypsium, attack the BIOSConnect feature within Dell Client BIOS and affects 30 million devices across 128 different Dell models, including laptops, desktops and tablets.SCMagazine
June 24, 2021 – Government
‘We desperately need a director’: Cyber advocates sound off as senator delays CISA confirmation Full Text
Abstract
The lack of a permanent individual to act as the bridge to the private sector only delays efforts to address critical security efforts, cyber leaders say.SCMagazine
June 24, 2021 – Privacy
Security pros struggle to balance monitoring of remote workforces with privacy expectations Full Text
Abstract
Sixty-five percent of surveyed IT and security pros said their companies have increased monitoring of remote workers, but only 46% said their businesses are transparent about how.SCMagazine
June 24, 2021 – Criminals
Cyber-stalker Blackmailed Nebraska Legislature Candidate’s Wife Full Text
Abstract
Nebraskan found guilty of sending indecent images and threatening emails to Diane ParrisInfosecurity Magazine
June 24, 2021 – Breach
WD My Book NAS devices are being remotely wiped clean worldwide Full Text
Abstract
Western Digital My Book NAS owners worldwide are finding that their devices have been mysteriously factory reset and all of their files deleted.BleepingComputer
June 24, 2021 – Vulnerabilities
Atlassian Bugs Could Have Led to 1-Click Takeover Full Text
Abstract
A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.Threatpost
June 24, 2021 – Criminals
Binance exchange helped track down Clop ransomware money launderers Full Text
Abstract
Cryptocurrency exchange service Binance played an important part in the recent arrests of Clop ransomware group members, helping law enforcement in their effort to identify, and ultimately detain the suspects.BleepingComputer
June 24, 2021 – Breach
Data Breach at WorkForce West Virginia Full Text
Abstract
Mountain State governor confirms data breach impacting jobseekers’ databaseInfosecurity Magazine
June 24, 2021 – Attack
Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims Full Text
Abstract
The infamous ransomware group hit two big-name companies within hours of each other.Threatpost
June 24, 2021 – Policy and Law
Linguist Jailed for Sharing US Defense Secrets Full Text
Abstract
Defense Department employee who passed secrets to Hizballah is sentenced to 23 years in prisonInfosecurity Magazine
June 24, 2021 – Cryptocurrency
Malicious Cryptominers Target Software Repositories to Burn a Hole in Your Wallet Full Text
Abstract
Sonatype researchers have recently discovered malicious packages in PyPI, a software code repository, that turns developers’ workstations into cryptomining machines.Cyware Alerts - Hacker News
June 24, 2021 – General
Manufacturing Sector Still Not Safe from Cyberattacks Full Text
Abstract
Manufacturers are still pelted by cyberattacks left, right, and center. A survey published by Morphisec has found that one in five manufacturing companies in the sector has been compromised in a cyber incident.Cyware Alerts - Hacker News
June 24, 2021 – Ransomware
The Linux Version of DarkSide Ransomware Full Text
Abstract
Experts analyzed a Linux version of the DarkSide ransomware, the group responsible for the Colonial Pipeline attack, and claimed that it targeted VMware virtual machines. Though DarkSide has purportedly shut down its operations, organizations are recommended to implement adequate security measures ... Read MoreCyware Alerts - Hacker News
June 24, 2021 – Policy and Law
House lawmakers introduce bill to increase American awareness of cyber threats Full Text
Abstract
A group of bipartisan House lawmakers on Thursday introduced legislation to step up cybersecurity literacy and increase awareness among the American public amid a spike in cyber threats against critical infrastructure.The Hill
June 24, 2021 – General
Health care’s security challenges spurred by constrained resources, limited staffing Full Text
Abstract
F-Secure’s Andrew Neville sheds light on ongoing resource and staffing issues contributing to health care’s security challenges. “What’s actually going on? We’re looking at the wrong problems,” he told SC Media.SCMagazine
June 24, 2021 – Attack
Zyxel says a threat actor is targeting its enterprise firewall and VPN devices Full Text
Abstract
Zyxel has emailed customers this week to alert them about a series of attacks that have been targeting some of the company’s high-end enterprise-focused firewall and VPN server products.The Record
June 24, 2021 – Business
Google Pushes Back Cookie Removal Plans to 2023 Full Text
Abstract
Google's plan to deprecate third-party tracking cookies from its Chrome browser delayed to 2023Infosecurity Magazine
June 24, 2021 – Vulnerabilities
VMware releases patches for critical flaw in Carbon Black App Control Full Text
Abstract
VMware released security patches to address an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) for Windows. VMware released security patches for an authentication bypass vulnerability, tracked as CVE-2021-21998, in Carbon...Security Affairs
June 24, 2021 – Malware
Malicious spam campaigns delivering banking Trojans Full Text
Abstract
In mid-March 2021, Kaspersky researchers observed two new spam campaigns. The messages in both cases were written in English and contained ZIP attachments or links to ZIP files.Kaspersky Labs
June 24, 2021 – Phishing
US brokerage firms warned of ‘FINRA Support’ phishing attacks Full Text
Abstract
US securities industry regulator FINRA is warning brokerage firms of an ongoing phishing attack pretending to be from 'FINRA Support.'BleepingComputer
June 24, 2021 – Criminals
Arrested Clop gang members laundered over $500M in ransomware payments Full Text
Abstract
The members of the Cl0p ransomware gang that were arrested in Ukraine as part of an international law enforcement action also operated money laundering services for multiple cybercrime groups.The Record
June 24, 2021 – Vulnerabilities
BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models Full Text
Abstract
Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating system and undermine fundamental trust in the device," researchers from enterprise device security firm Eclypsium said . "The virtually unlimited control over a device that this attack can provide makes the fruit of the labor well worth it for the attacker." In all, the flaws affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices. Worse, the weaknesses also impact computers that have Secure Boot enabled, a security feature designed to prevent rootkits from being installed at bootThe Hacker News
June 24, 2021 – General
Ransomware Attacks Decline as Gangs Focus on Lucrative Targets Full Text
Abstract
The volume of ransomware attacks fell by 50% in Q1 2021, with a shift to targeting fewer, larger targetsInfosecurity Magazine
June 24, 2021 – Attack
Zyxel warns customers of attacks on its enterprise firewall and VPN devices Full Text
Abstract
Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting...Security Affairs
June 24, 2021 – Phishing
Hybrid phishing and vishing attacks imitate business workflows Full Text
Abstract
Vishing attacks have grown in numbers since COVID-19 forced employees home, often replicating the frequency emails sent from businesses and employers related to password resets, security alerts, locked accounts, order confirmations and invoices.SCMagazine
June 24, 2021 – Cryptocurrency
Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising Full Text
Abstract
Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit.Threatpost
June 24, 2021 – Vulnerabilities
A Google Drive security update will break some of your shared links Full Text
Abstract
An upcoming security update for Google Drive will increase the security of your shared documents but likely break many of your shared links.BleepingComputer
June 24, 2021 – Malware
New GoLang-based ChaChi Trojan Used as Part of Ransomware Campaigns Against US Schools Full Text
Abstract
The research team from BlackBerry Threat Research and Intelligence said on Wednesday that the malware, dubbed ChaChi, is also being used as a key component in launching ransomware attacks.ZDNet
June 24, 2021 – General
Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements Full Text
Abstract
Enterprise applications used to live securely in data centers and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe. All that changed in the last 18 months. Businesses and employees had to adapt quickly to cloud technology and remote work. The cloud gave businesses the agility to respond faster to change and the scale to accommodate rapid growth. Remote work boosted productivity by letting employees access cloud data from anywhere on any device. This is not business as usual. The data center and the perimeter security are no longer the center of the universe. Now remote workers, personal mobile devices, applications, and data are in the middle. Although employees, applications, and data have left the building, IT security teams still shoulder the responsibility for protecting confidential data and ensuring compliance with strict privacy regulations. The risk of not doing soThe Hacker News
June 24, 2021 – General
Ransom Leak Sites Reveal 422% Annual Increase in Victims Full Text
Abstract
News comes as most infosec professionals want to see ransom payments bannedInfosecurity Magazine
June 24, 2021 – Malware
ChaChi, a GoLang Trojan used in ransomware attacks on US schools Full Text
Abstract
A new Trojan written in the Go programming language, tracked as ChaChi, was involved in ransomware attacks against government agencies and US schools. Researchers from BlackBerry Threat Research and Intelligence spotted a new RAT written in the Go programming...Security Affairs
June 24, 2021 – Vulnerabilities
Critical VMware Carbon Black Bug Allows Authentication Bypass Full Text
Abstract
The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.Threatpost
June 24, 2021 – Phishing
Phishing attack’s unusual file attachment is a double-edged sword Full Text
Abstract
A threat actor uses an unusual attachment to bypass security software that is a double-edged sword that may work against them.BleepingComputer
June 24, 2021 – Breach
Hackers leak 260,000 accounts from Pakistani music streaming site Patari Full Text
Abstract
Patari.pk, a Pakistani music streaming site has suffered a data breach in which its database containing personal data and login credentials of over 257,000 users has been leaked on hacker forums.Hackread
June 24, 2021 – Vulnerabilities
One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account Full Text
Abstract
Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on ( SSO ) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information, such as security issues on Atlassian cloud, Bitbucket and on premise products," Check Point Research said in an analysis shared with The Hacker News. After the issues were reported to Atlassian on Jan. 8, 2021, the Australian company deployed a fix as part of its updates rolled out on May 18 . The sub-domains affected by the flaws include - jira.atlassian.com confluence.atlassian.com getsupport.atlassian.com partners.atlassian.com developer.atlassian.com support.atlassian.com training.atlassian.com Successful exploitation of these flaws could result in a supply-chThe Hacker News
June 24, 2021 – Policy and Law
Nuisance Call Company Fined £130,000 After Eight-Month Blitz Full Text
Abstract
East Sussex-based firm made nearly one million unwanted callsInfosecurity Magazine
June 24, 2021 – Breach
Tulsa’s Police-Citation Data Leaked by Conti Gang Full Text
Abstract
A May 6 ransomware attack caused disruption across several of the municipality’s online services and websites.Threatpost
June 24, 2021 – Vulnerabilities
Dell SupportAssist bugs put over 30 million PCs at risk Full Text
Abstract
Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices.BleepingComputer
June 24, 2021 – Breach
Fashion Firm French Connection Suffers Breach of Internal Data Due to REvil-linked Ransomware Attack Full Text
Abstract
French Connection has become the latest victim of ransomware, with a gang understood to be linked to REvil having penetrated its back-end - making off with a selection of private internal data.The Register
June 24, 2021 – Vulnerabilities
Critical Auth Bypass Bug Affects VMware Carbon Black App Control Full Text
Abstract
VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and affects App Control (AppC) versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x. Carbon Black App Control is a security solution designed to lock down critical systems and servers to prevent unauthorized changes in the face of cyber-attacks and ensure compliance with regulatory mandates such as PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC. "A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate," the California-based cloud computing and virtualization technology company said in an advisory. CVE-2021-21998 is thThe Hacker News
June 24, 2021 – Government
Cyber-Attacks Are Primary Funding Source for North Korea Full Text
Abstract
Venafi warns other sanctioned countries could follow suitInfosecurity Magazine
June 24, 2021 – Malware
Ursnif Leverages Cerberus Android Malware to Automate Fraudulent Bank Transfers in Italy Full Text
Abstract
Once infected by Ursnif and upon attempting to access their banking account, victims are advised that they won’t be able to continue to use their bank’s services without downloading a security app.Security Intelligence
June 24, 2021 – General
VMs Help Ransomware Attackers Evade Detection, but It’s Uncommon Full Text
Abstract
While effective in hiding ransomware activity, the tactic of using virtual machines is more complex than a traditional ransomware attack and may hamper the attackers' efforts.Dark Reading
June 24, 2021 – Vulnerabilities
Researchers Discover New DNS Name Server Hijack Attack That Exposes Businesses, Government Agencies Full Text
Abstract
Researchers found a novel class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers.Dark Reading
June 24, 2021 – General
Global Surge in Ransomware Attacks: To pay or not to pay is not the only question - Check Point Software Full Text
Abstract
The number of ransomware attacks is growing for a simple reason, hackers are getting paid. The willingness to pay creates a dangerous loop and increases the motivation of attackers.Check Point Research
June 24, 2021 – Attack
Cyberattack at IT Service Provider InfoSolutions Impacts Swedish COVID-19 Testing Lab Full Text
Abstract
Even though the motive behind the breach is not clear, local media reports that it is suspected to be a warning shot from hackers as the little noticeable damage has yet to come out from the breach.Cyber News
June 23, 2021 – General
Dangers Posed by Evidentiary Software—and What to Do About It Full Text
Abstract
It's well known the code is buggy; that's why software updates for anything from apps to operating systems are now the norm. But if the public understands this, the courts have not followed suit.Lawfare
June 23, 2021 – General
Antivirus Pioneer John McAfee Found Dead in Spanish Jail Full Text
Abstract
Controversial mogul and antivirus pioneer John McAfee on Wednesday died by suicide in a jail cell in Barcelona, hours after reports that he would be extradited to face federal charges in the U.S. McAfee was 75. He is said to have died by hanging "as his nine months in prison brought him to despair," according to McAfee's lawyer Javier Villalba, Reuters reported . Security personnel at the Brians 2 prison tried to revive McAfee, but he was eventually declared dead, per Associated Press . News of his death comes after Spain's National Court approved his extradition to the U.S. to face federal criminal tax evasion charges. McAfee worked for NASA, Xerox, and Lockheed Martin before launching the world's first commercial antivirus software in 1987. He later resigned from the namesake security firm in 1994. The former cybersecurity tycoon turned fugitive was detained in Spain last October for " willful failure to file tax returns ," with the U.S. DeparThe Hacker News
June 23, 2021 – General
Hillicon Valley: Tech antitrust bills create strange bedfellows in House markup | Rick Scott blocks Senate vote on top cyber nominee until Harris visits border | John McAfee dies Full Text
Abstract
The tech world had its eyes on the House Judiciary Committee (for most of the day — and night) as members marked up the bipartisan antitrust agenda that targets Apple, Google, Facebook and Amazon. The meeting continued well into the evening, with lawmakers on both sides of the aisle raising concerns over the implications of the bills that aim to rein in the power of tech platforms.The Hill
June 23, 2021 – Government
FBI asks Congress for $40M to help combat wave of ransomware attacks Full Text
Abstract
FBI Director Christopher Wray on Wednesday told a Senate panel that a request for a $40 million increase in its cybersecurity budget for the upcoming fiscal year would go in part towards combating increasing and damaging ransomware attacks.The Hill
June 23, 2021 – General
John McAfee found dead in prison cell ahead of extradition to US Full Text
Abstract
One of the fathers of antivirus software, the entrepreneur John McAfee has been found dead in a Barcelona prison cell while he was waiting for extradition to the US. The popular cybersecurity entrepreneur John McAfee has been found dead in a Barcelona...Security Affairs
June 23, 2021 – Government
Rick Scott blocks Senate vote on top cyber nominee until Harris visits border Full Text
Abstract
Sen. Rick Scott (R-Fla.) on Wednesday blocked a proposed unanimous consent vote on President Biden’s nominee to lead the Cybersecurity and Infrastructure Security Agency (CISA) until Vice President Harris visits the U.S.-Mexico border later this week.The Hill
June 23, 2021 – Attack
Healthcare giant Grupo Fleury hit by REvil ransomware attack Full Text
Abstract
Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline.BleepingComputer
June 23, 2021 – Business
Anti-virus Pioneer John McAfee Found Dead in Spanish Prison Cell Full Text
Abstract
McAfee, of the antivirus firm that bore his name, allegedly committed suicide while in holding awaiting extradition to the U.S. for tax evasionInfosecurity Magazine
June 23, 2021 – Business
Symmetry Systems lands $15 million in Series A funding to solve data visibility issues Full Text
Abstract
Said Mohit Tiwari, the company’s co-founder and CEO: “Given that so many organizations are moving to the cloud, this is a once in a generation opportunity to reset security so it’s answering questions about data. Our goal is to map data and track data flows – at scale.”SCMagazine
June 23, 2021 – Vulnerabilities
Dangers Posed by Evidentiary Software—and What to Do about It Full Text
Abstract
It's well known the code is buggy; that's why software updates for anything from apps to operating systems are now the norm. But if the public understands this, the courts have not followed suit.Lawfare
June 23, 2021 – Government
The European Commission proposed to launch the new Joint Cyber Unit Full Text
Abstract
The European Union Agency for Cybersecurity welcomes the European Commission proposal to launch the new Joint Cyber Unit. The European Commission proposed on Wednesday the creation of a new Joint Cyber Unit that aims at providing a coordinated response...Security Affairs
June 23, 2021 – Encryption
Quantum computing may transform cybersecurity eventually – but not yet Full Text
Abstract
While government agencies and standards bodies are racing to test and vet new quantum resistant algorithms for widespread consumption, a small but growing industry of vendors has popped up offering to sell such protections to the broader public. What should potential buyers make of such offerings?SCMagazine
June 23, 2021 – Vulnerabilities
Dangers Posed by Evidentiary Software—and What to Do about It Full Text
Abstract
It's well known the code is buggy; that's why software updates for anything from apps to operating systems are now the norm. But if the public understands this, the courts have not followed suit.Lawfare
June 23, 2021 – Ransomware
Senator: Is it time to treat ransomware like piracy, using military to make operators walk the plank? Full Text
Abstract
Said Sen. Mike Rounds, R-S.D.: “The Department of Defense clearly has a role to play” in addressing the threat of ransomware.SCMagazine
June 23, 2021 – Attack
Healthcare giant Grupo Fleury hit by alleged REvil ransomware attack Full Text
Abstract
Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline.BleepingComputer
June 23, 2021 – Phishing
Phishing Campaign Bypasses SEG to Target Office365 Users Full Text
Abstract
A new phishing campaign that counterfeits an Outlook Security update email is luring employees to open a New Policy PDF to harvest their Office 365 credentials. There is a dire need for a continuously evolving security strategy which also highlights the importance of having multiple layers of secur ... Read MoreCyware Alerts - Hacker News
June 23, 2021 – Policy and Law
Mr. Double’s Operator Jailed Full Text
Abstract
Prison for Texan behind website that published stories describing the torture and murder of childrenInfosecurity Magazine
June 23, 2021 – Malware
sLoad Malware Moving to European Targets Full Text
Abstract
Starslord loader has been reported active again with its target in the U.K and Italy. The malware creator is regularly changing the first stage script, while the main module largely remains the same. sLoad is a potential threat; it is important that organizations take this threat more seriously and ... Read MoreCyware Alerts - Hacker News
June 23, 2021 – Disinformation
Iran Media Websites Seized by U.S. in Disinformation Campaign Full Text
Abstract
DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.Threatpost
June 23, 2021 – Criminals
LV ransomware operators repurposed a REvil binary to launch a new RaaS Full Text
Abstract
The LV ransomware operators repurposed a REvil binary to create their own strain and launch a ransomware-as-a-service (RaaS). A threat actor known as LV ransomware gang is trying to enter the cybercrime arena, it repurposed a REvil binary almost to create...Security Affairs
June 23, 2021 – Breach
Cyber-attack Exposes Eye Clinic Patient Data Full Text
Abstract
Around 500k patient records may have been exposed in cyber-attack on Iowa’s Wolfe Eye ClinicInfosecurity Magazine
June 23, 2021 – Policy and Law
Spanish court approves extradition of John McAfee to US Full Text
Abstract
Spain’s National Court approved the extradition of anti-virus software pioneer John McAfee for tax evasion charges.The Hill
June 23, 2021 – Covid-19
A COVID-19-Themed Campaign Delivering Agent Tesla Full Text
Abstract
Cybercriminals are fooling Windows users under the guise of a COVID-19 vaccination registration to infect their machines with a new version of the Agent Tesla RAT. It indicates that existing vaccination campaigns and COVID-19 are being exploited by cybercriminals, and users need to stay alert ... Read MoreCyware Alerts - Hacker News
June 23, 2021 – Attack
Adversarial Octopus – Attack Demo for AI-driven Facial Recognition Engine Full Text
Abstract
This type of attack may lead to dire consequences and may be used in both poisoning scenarios by subverting computer vision algorithms and evasion scenarios like making stealth deepfakes.Security Affairs
June 23, 2021 – Vulnerabilities
VMware fixes authentication bypass in Carbon Black App Control Full Text
Abstract
VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability that allows access to the server without authentication.BleepingComputer
June 23, 2021 – Criminals
Ransomware Gang Cl0p Announces New Victim After Police Bust Full Text
Abstract
Recent arrests of Cl0p members were seen as a victory against the gang that has hit dozens of victims, including U.S. bank Flagstar, law firm Jonesday, Shell, and some universities in the U.S.Vice
June 23, 2021 – Vulnerabilities
OIG: CMS lacks protocol to assess networked medical device cybersecurity in hospitals Full Text
Abstract
A lack of real-time data on inventories, connections, and device communications, combined with reliance on legacy platforms and slow patch management processes have resulted in many providers leaving the door open to attackers.SCMagazine
June 23, 2021 – Privacy
Employee Privacy Gap Discovered Full Text
Abstract
Barely a third of companies are protecting the privacy of their workersInfosecurity Magazine
June 23, 2021 – Criminals
Scammer arrested for phishing operation, sent 25,000 texts in a day Full Text
Abstract
The police has arrested an individual last week for sending fraudulent text messages to thousands of people to obtain banking details and defraud them.BleepingComputer
June 23, 2021 – Policy and Law
Scammer sends over 25,000 phishing texts in a day, arrested Full Text
Abstract
The police has arrested an individual last week for sending fraudulent text messages to thousands of people to obtain banking details and defraud them.BleepingComputer
June 23, 2021 – Vulnerabilities
VMware fixes privilege escalation issue in VMware Tools for Windows Full Text
Abstract
VMware patched a high-severity vulnerability in VMware Tools for Windows that attackers could exploit to execute arbitrary code with elevated privileges. VMware patched a high-severity local privilege escalation vulnerability, tracked as CVE-2021-21999,...Security Affairs
June 23, 2021 – Vulnerabilities
SonicWall ‘Botches’ October Patch for VPN Bug Full Text
Abstract
Company finally rolls out the complete fix this week for a flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.Threatpost
June 23, 2021 – General
Pandemic-Bored Attackers Pummeled Gaming Industry Full Text
Abstract
Akamai’s 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.Threatpost
June 23, 2021 – Government
House panel includes $500 million election security grant in proposed appropriations bill Full Text
Abstract
The House Appropriations Committee on Wednesday included $500 million for election security grants in one of the proposed appropriations bills for next year.The Hill
June 23, 2021 – Ransomware
REvil Ransomware Code Ripped Off by Rivals Full Text
Abstract
The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.Threatpost
June 23, 2021 – General
Majority of Web Apps in 11 Industries Are Vulnerable All the Time Full Text
Abstract
Two-thirds of the applications deployed by the utility sector and 63% of those deployed by public administration organizations have a serious vulnerability, according to a report by WhiteHat Security.Dark Reading
June 23, 2021 – General
Gaming Industry Experiences 340% Spike in Web App Attacks Full Text
Abstract
Web app attacks surged by 340% in 2020 compared to 2019, according to a new study from AkamaiInfosecurity Magazine
June 23, 2021 – Breach
Tulsa warns of data breach after Conti ransomware leaks police citations Full Text
Abstract
The City of Tulsa, Oklahoma, is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.BleepingComputer
June 23, 2021 – Breach
Personal Information of 500,000 Patients of Iowa-based Wolfe Eye Clinic Accessed in Cyberattack Full Text
Abstract
The records of roughly 500,000 patients of an eye clinic with locations throughout Iowa may have been stolen as part of a ransomware attack on the business earlier this year.AP News
June 23, 2021 – Government
Amid big hacks, U.S. spy agency touts collaboration center with private industry Full Text
Abstract
The U.S. National Security Agency, in a rare move, on Tuesday showcased a new office aimed at greater collaboration with U.S. private sector defense, technology and telecommunications companies.Reuters
June 23, 2021 – Vulnerabilities
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE Full Text
Abstract
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts — with no patches in sight.Threatpost
June 23, 2021 – Breach
City of Tulsa Reports Cyber Incident Potentially Affecting Personal Information of Residents Full Text
Abstract
The city announced Tuesday that hackers obtained more than 18,000 city files. The leaked files are mostly police citations and internal department files, officials said in a press release.CNN Money
June 23, 2021 – Government
Russian intelligence service chief says Moscow will work with US to find hackers Full Text
Abstract
Sources familiar with United States thinking on the matter believe Russia has in the past used information shared about domestic criminals as a recruitment tool, and Russia has been known to push the boundaries of other reciprocity agreements, using Interpol to pursue dissidents for example.SCMagazine
June 23, 2021 – Malware
PYSA ransomware backdoors education orgs using ChaChi malware Full Text
Abstract
The PYSA ransomware gang has been using a remote access Trojan (RAT) dubbed ChaChi to backdoor the systems of healthcare and education organizations and steal data that later gets leveraged in double extortion ransom schemes.BleepingComputer
June 23, 2021 – Attack
Ireland: Three quarters of HSE IT servers decrypted following crippling cyberattack Full Text
Abstract
At least 75% of the HSE’s IT servers have been decrypted and 70% of the health service’s computer devices have been restored to use following a cyber attack nearly six weeks ago.The Journal
June 23, 2021 – Hacker
Pakistan-linked hackers targeted Indian power company with ReverseRat Full Text
Abstract
A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. "Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday analysis. "The potentially compromised victims aligned with the government and power utility verticals." Some of the victims include a foreign government organization, a power transmission organization, and a power generation and transmission organization. The covert operation is said to have begun at least in January 2021. The intrusions are notable for a number of reasons, not least because in addition to its highly-targeted nature, the tactics, techniques, and procedures (TTPs) adopted by the adversary rely on repurposed open-source code and the use of compromised domThe Hacker News
June 23, 2021 – Government
EU Proposes Joint Cyber Unit Amid Rising Attacks Full Text
Abstract
The proposed Joint Cyber Unit aims to enable a coordinated response to cyber incidentsInfosecurity Magazine
June 23, 2021 – Ransomware
Clop ransomware is back into action after the recent police operation Full Text
Abstract
A week after the law enforcement operation that targeted the Clop ransomware operators, the gang is back into action. A week after the international operation conducted by law enforcement that targeted several members of the Clop ransomware gang,...Security Affairs
June 23, 2021 – Government
Apple warns of sideloading risk as lawmakers consider third-party app stores Full Text
Abstract
Lawmakers and rival companies have said that @Apple’s control of the App Store allows the company to charge excessive fees to list apps or limit competitors to Apple services. Apple says it’s for the sake of security.SCMagazine
June 23, 2021 – Criminals
Clop ransomware is back in business after recent arrests Full Text
Abstract
The Clop ransomware operation is back in business after recent arrests and has begun listing new victims on their data leak site again.BleepingComputer
June 23, 2021 – Ransomware
New LV Ransomware Variant Hijacks Malicious Binaries Used by REvil Operators Full Text
Abstract
The LV variant operators have been observed in the wild since October 2020, deploying a tweaked version of REvil’s binary with references to REvil’s C2 and data exfiltration infrastructure removed.The Register
June 23, 2021 – General
[Whitepaper] Automate Your Security with Cynet to Protect from Ransomware Full Text
Abstract
It seems like every new day brings with it a new ransomware news item – new attacks, methods, horror stories, and data being leaked. Ransomware attacks are on the rise, and they've become a major issue for organizations across industries. A recent report estimated that by 2031, ransomware attacks would cost the world over $260 billion. A new whitepaper from XDR provider Cynet demonstrates how the company's platform can help organizations mitigate the impact of ransomware ( download here ). Today, attackers have shown themselves to be less interested in ignoring the most vulnerable sectors, such as health care providers and hospitals. With a parallel increase in the number of variants – Wastedlocker, FTCode, Tycooon, TrickBot, REvil, and many others – it's becoming harder to defend against the growing threat of ransomware. Ransomware operates by using a variety of infection and encryption techniques to steal or barricade companies' files behind hard paywalls. Even tThe Hacker News
June 23, 2021 – General
UK Banks Drive £77 Million Reduction in European Fraud Losses Full Text
Abstract
British lenders helped continent despite rises in many countriesInfosecurity Magazine
June 23, 2021 – Vulnerabilities
Palo Alto Networks fixes critical flaw (CVE-2021-3044) in Cortex XSOAR Full Text
Abstract
Palo Alto Networks addresses a critical improper authorization vulnerability (CVE-2021-3044) affecting its Cortex XSOAR security orchestration solution, automation and response (SOAR) platform. Researchers from Palo Alto Networks discovered and addresses...Security Affairs
June 23, 2021 – Policy and Law
Lawsuits filed on behalf of Scripps Health patients in cyber attack Full Text
Abstract
A pair of lawsuits have been filed on behalf of former and current Scripps Health patients who allege their personal information may have been compromised during the recent ransomware attack.10 News
June 23, 2021 – Vulnerabilities
Patch Tor Browser Bug to Prevent Tracking of Your Online Activities Full Text
Abstract
Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to updating Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches rolled out by Mozilla for several security vulnerabilities addressed in Firefox 89. Chief among the rectified issues is a new fingerprinting attack that came to light last month. Dubbed scheme flooding , the vulnerability enables a malicious website to leverage information about installed apps on the system to assign users a permanent unique identifier even when they switch browsers, use incognito mode, or a VPN. Put differently, the weakness takes advantage of custom URL schemes in apps as an attack vector, allowing a bad actor to track a device's user between different browsersThe Hacker News
June 23, 2021 – General
Nearly 10% of SMB Defense Contractors Show Evidence of Compromise Full Text
Abstract
BlueVoyant uncovers widespread cyber-risk and malicious activity in US defense supply chainInfosecurity Magazine
June 23, 2021 – Vulnerabilities
SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day Full Text
Abstract
A critical vulnerability, tracked as CVE-2021-20019, in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. In October last year, experts reported a critical stack-based Buffer...Security Affairs
June 23, 2021 – Government
NSA Funds Development & Release of D3FEND Framework Full Text
Abstract
The National Security Agency today announced it is funding the development and release of D3FEND, a framework for security pros to tailor their defenses against specific security threats.Dark Reading
June 23, 2021 – General
Councils Reported Over 700 Data Breaches in 2020 Full Text
Abstract
Redscan study claims 40% of UK councils spent no money on security trainingInfosecurity Magazine
June 23, 2021 – Business
MITRE adds D3FEND defensive cybersecurity techniques to ATT&CK Framework Full Text
Abstract
D3FEND is a new project promoted by MITRE Corporation to add defensive cybersecurity techniques to the ATT&CK Framework. D3FEND is a new project promoted by MITRE Corporation aimed to add a knowledge graph of cybersecurity countermeasures to the ATT&CK...Security Affairs
June 23, 2021 – Criminals
FIN7 Cybercriminals Impersonated SEC Officials, Sick Restaurant Customers to Lure Victims Full Text
Abstract
FIN7 impersonated angry restaurant customers and targeted specific individuals with access to financial information, U.S. prosecutors argue in a court filing that sheds new light on the hacker group.Cyberscoop
June 23, 2021 – Business
Colonial Pipeline Sued for Gas Crisis From Ransomware Attack Full Text
Abstract
Colonial Pipeline Co. was sued by a gas station seeking to represent thousands more over the ransomware attack in May that paralyzed the U.S. East Coast’s flow of gasoline, diesel, and jet fuel.Yahoo! Finance
June 23, 2021 – General
Shame culture is the biggest roadblock to increasing security posture Full Text
Abstract
Phishing simulations don’t increase cyber-resilience as much as they make them view the IT teams negatively, thereby making it more challenging to get them on board with strategic initiatives.Help Net Security
June 22, 2021 – Vulnerabilities
SonicWall bug affecting 800K firewalls was only partially fixed Full Text
Abstract
New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched. Tracked as CVE-2020-5135, when exploited, the bug allows unauthenticated remote attackers to execute arbitrary code on the impacted devices.BleepingComputer
June 22, 2021 – Vulnerabilities
SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks Full Text
Abstract
A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22. Tracked as CVE-2021-20019 (CVSS score: 5.3), the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure. It's worth noting that SonicWall's decision to hold back the patch comes amid multiple zero-day disclosures affecting its remote access VPN and email security products that have been exploited in a series of in-the-wild attacks to deploy backdoors and a new strain of ransomware called FIVEHANDS. Howevere, there is no evidence that the flaw is being exploited in the wild. Memory Dump PoC "SonicWalThe Hacker News
June 22, 2021 – Government
House passes bill to bolster state plans to ward off infrastructure attacks Full Text
Abstract
The House passed bipartisan legislation on Tuesday to provide federal guidance and resources to states vulnerable to attacks on their infrastructure following the ransomware cyber attack on the Colonial Pipeline last month.The Hill
June 22, 2021 – General
Hillicon Valley: Tech industry pushes for delay in antitrust legislation | EU regulators investigating Google’s digital ad business | YouTube wins EU court case over copyright violations Full Text
Abstract
Developments across the pond took the spotlight Tuesday, with the European Commission announcing it had opened an antitrust investigation into Google’s ad business, and Europe’s top court ruled that platforms are not liable for certain copyright violations.The Hill
June 22, 2021 – Government
US Cyber Command leads competition in effort to strengthen nation’s cybersecurity Full Text
Abstract
Cyber professionals from the U.S. and multiple other countries are in the midst of an annual competition led by U.S. Cyber Command meant to enhance the nation’s cybersecurity in wake of months of devastating attacks.The Hill
June 22, 2021 – General
Could better cyber hygiene have prevented the SolarWinds attack? Full Text
Abstract
CISA says blocking SolarWinds Orion servers from outbound internet traffic could have helped prevent the supply chain attack. But cybersecurity experts say that alone would not have protected organizations from being infiltrated.SCMagazine
June 22, 2021 – Ransomware
Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers Full Text
Abstract
DarkRadiation is a new strain of ransomware implemented in Bash that targets Linux and Docker cloud containers and leverages Telegram for C2. Trend Micro researchers spotted a new strain of ransomware, dubbed DarkRadiation, which is writted in Bash...Security Affairs
June 22, 2021 – General
BEC Losses Top $1.8B as Tactics Evolve Full Text
Abstract
BEC attacks getting are more dangerous, and smart users are the ones who can stop it.Threatpost
June 22, 2021 – General
50% of CISOs say the push for rapid growth and digital transformation stalls cloud security Full Text
Abstract
Digital transformation often means decentralized purchasing of cloud-based applications, which results in a disparate landscape of best-of-breed software with less oversight from security and IT.SCMagazine
June 22, 2021 – Attack
Lawsuits filed against Scripps Health following ransomware attack, data theft Full Text
Abstract
Noteworthy is that Scripps maintained open transparency and communication for each step of recovery after a ransomware attack exposed protected health information of 150,000 patients – a decision that is actually not required under HIPPA.SCMagazine
June 22, 2021 – Vulnerabilities
Unpatched Supply-Chain Flaw Affects ‘Pling Store’ Platforms for Linux Users Full Text
Abstract
Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply chain attacks and achieve remote code execution (RCE). "Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for a supply chain attack," Positive Security co-founder Fabian Bräunlein said in a technical write-up published today. "The native PlingStore application is affected by an RCE vulnerability, which can be triggered from any website while the app is running." The Pling-based app stores impacted by the flaw include — appimagehub.com store.kde.org gnome-look.org xfce-look.org pling.com PlingStore allows users to search and install Linux software, themes, icons, and other add-ons that may not be available for download through the distribution's software center. TThe Hacker News
June 22, 2021 – Policy and Law
French Teens on Trial for Cyber-bullying Full Text
Abstract
Landmark Parisian trial could mean prison for teens convicted of online abuseInfosecurity Magazine
June 22, 2021 – Cryptocurrency
Cryptominers Slither into Python Projects in Supply-Chain Campaign Full Text
Abstract
These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications.Threatpost
June 22, 2021 – Privacy
Brave launches its privacy-focused no-tracking search engine Full Text
Abstract
Today, Brave launched their non-tracking privacy-centric search engine to bring another alternative to finding the information you want on the web without giving up your data.BleepingComputer
June 22, 2021 – Vulnerabilities
SonicWall bug that affected 800K firewalls was only partially fixed Full Text
Abstract
New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched. Tracked as CVE-2020-5135, when exploited, the bug allows unauthenticated remote attackers to execute arbitrary code on the impacted devices.BleepingComputer
June 22, 2021 – Government
NIST Publishes Ransomware Guidance Full Text
Abstract
Draft Cybersecurity Framework Profile for Ransomware Risk Management releasedInfosecurity Magazine
June 22, 2021 – Business
SEC Probes SolarWinds Breach Disclosure Failures Full Text
Abstract
Companies being investigated on suspicion of hiding the fact they got hackedInfosecurity Magazine
June 22, 2021 – Malware
Vigilante Malware Prevent Access to Piracy Sites Full Text
Abstract
Experts uncovered an attack campaign that targets users of pirated software. The Vigilante malware blocks users' access to websites hosting pirated software. Users are requested to stay protected by avoiding the download of pirated software or clicking on links from unknown users.Cyware Alerts - Hacker News
June 22, 2021 – Ransomware
DarkRadiation Ransomware and an SSH Worm Full Text
Abstract
DarkRadiation ransomware has started targeting Linux and Docker containers. It relies on messaging service Telegram for C2C communications. Experts suggest attackers are probably trying to use low-profile tools to stay hidden from security agencies.Cyware Alerts - Hacker News
June 22, 2021 – APT
South Korean Nuclear Research Agency Targeted by APT Group Full Text
Abstract
Nuclear energy and arms-related organizations are under attack from several other APT groups across the globe. A North Korean APT group recently breached the internal network of the Korea Atomic Energy Research Institute (KAERI), South Korea through a vulnerability in a VPN server last month.Cyware Alerts - Hacker News
June 22, 2021 – Hacker
RedFoxtrot Group Linked to Unit 69010 from China Full Text
Abstract
Cyberespionage campaigns spread across several years were linked to the Chinese military group PLA Unit 69010. Dubbed RedFoxtrot, the threat actor focused on gathering military intelligence from various countries. Learn how PLA-affiliated groups are operating and targeting victims.Cyware Alerts - Hacker News
June 22, 2021 – Ransomware
Darkside RaaS in Linux version Full Text
Abstract
Unlike the Windows version of the malware that targets any Windows endpoint, Darkside Linux version is mostly targeting ESXi servers and is believed to be deployed manually.AT&T Cybersecurity
June 22, 2021 – Vulnerabilities
Zephyr RTOS fixes Bluetooth bugs that may lead to code execution Full Text
Abstract
The Zephyr real-time operating system (RTOS) for embedded devices received an update earlier this month that fixes multiple vulnerabilities that can cause a denial-of-service (DoS) condition and potentially lead to remote code execution.BleepingComputer
June 22, 2021 – General
Maryland says it has detected more than a half million ‘potentially fraudulent’ jobless claims since May Full Text
Abstract
Maryland labor officials said Monday that they have found 508,000 “potentially fraudulent” unemployment claims in the past six weeks, the latest response from the Hogan administration.Washington Post
June 22, 2021 – Vulnerabilities
Email Bug Allows Message Snooping, Credential Theft Full Text
Abstract
A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.Threatpost
June 22, 2021 – Attack
ADVERSARIAL OCTOPUS – ATTACK DEMO FOR AI-DRIVEN FACIAL RECOGNITION ENGINE Full Text
Abstract
Researchers from Adversa devised an attack technique, dubbed ADVERSARIAL OCTOPUS, against Facial Recognition systems. THE INTENTION BEHIND THIS PROJECT Driven by our mission to increase trust in AI, Adversa’s AI Red Team is constantly exploring...Security Affairs
June 22, 2021 – General
Do you want speed or security as expected? Spectre CPU defenses can cripple performance on Linux in tests Full Text
Abstract
The mitigations applied to prevent Spectre vulnerability exploits from computers hinder performance enough that disabling protection for the sake of speed may be preferable for some.The Register
June 22, 2021 – Attack
A ransomware attack disrupted the IT network of the City of Liege Full Text
Abstract
Belgium city of Liege has suffered today a ransomware attack that has disrupted the IT network of the municipality and its online services. Liege, one of the biggest cities in Belgium, was hit by a ransomware attack that has disrupted the IT network...Security Affairs
June 22, 2021 – General
Most Developers Never Update Third-Party Libraries in Their Software: Report Full Text
Abstract
Most developers never update third-party libraries after including them in their software, a new report from Veracode reveals. 79% of libraries are never updated after being included in software.Security Week
June 22, 2021 – Attack
Cyberattack on Polish government officials linked to Russian hackers Full Text
Abstract
A recent string of cyberattacks targeted at thousands of Polish email users, including government officials, have been linked by the Polish intelligence services to a Russian hacking group.The Hill
June 22, 2021 – Outage
Municipality IT Network at Belgium’s Third-largest City Disrupted by Ransomware Attack Full Text
Abstract
While officials only described the incident as a “computer attack,” two Belgian radio and TV stations reported that the cyberattack was the work of the Ryuk ransomware gang.The Record
June 22, 2021 – Outage
Georgia St. Joseph’s/Candler health system shifts to downtime procedures amid ransomware attack Full Text
Abstract
The health system has remained open primarily thanks to previously established downtime procedures, for which the workforce received training prior the attack.SCMagazine
June 22, 2021 – Privacy
Kids’ Apps on Google Play Rife with Privacy Violations Full Text
Abstract
One in five of the most-popular apps for kids under 13 on Google Play don’t comply with COPPA regulations on how children’s information is collected and used.Threatpost
June 22, 2021 – Vulnerabilities
Lexmark Printers Open to Arbitrary Code-Execution Zero-Day Full Text
Abstract
“No remedy available as of June 21, 2021,” according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.Threatpost
June 22, 2021 – Business
Pondurance Acquires Bearing Cybersecurity to Help Customers Better Assess and Remediate Security Gaps Full Text
Abstract
Pondurance, a Managed Detection and Response (MDR) service provider, today announced the acquisition of Rockwall, Texas-based advisory and assessment services provider Bearing Cybersecurity.Yahoo! Finance
June 22, 2021 – Malware
NukeSped Copies Fileless Code From Bundlore, Leaves It Unused Full Text
Abstract
While investigating samples of NukeSped, a remote access trojan (RAT), Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped.Trend Micro
June 22, 2021 – Solution
Tool lets users supplement Mitre ATT&CK knowledge base with their own threat intel Full Text
Abstract
The tool ultimately enables companies to create their own customized repository of cyber threat information.SCMagazine
June 22, 2021 – Business
Transmit Security raises $543M Series A to kill off the password Full Text
Abstract
Transmit Security said it has a pre-money valuation of $2.2 billion, and will use the new funds to expand its reach and investing in key global areas to grow the organization.TechCrunch
June 22, 2021 – Criminals
Mysterious ransomware payment traced to a sensual massage site Full Text
Abstract
A ransomware targeting an Israeli company has led researchers to track a portion of a ransom payment to a website promoting sensual massages.BleepingComputer
June 22, 2021 – Business
Did Companies Fail to Disclose Being Affected by SolarWinds Breach? Full Text
Abstract
The US Securities and Exchange Commission (SEC) has reportedly opened a probe into whether some companies that were affected by the SolarWinds breach failed to disclose that fact.Dark Reading
June 22, 2021 – Ransomware
Wormable DarkRadiation Ransomware Targets Linux and Docker Instances Full Text
Abstract
Cybersecurity researchers have disclosed a new ransomware strain called " DarkRadiation " that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. "The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions," researchers from Trend Micro said in a report published last week. "The malware uses OpenSSL's AES algorithm with CBC mode to encrypt files in various directories. It also uses Telegram's API to send an infection status to the threat actor(s)." As of writing, there's no information available on the delivery methods or evidence that the ransomware has been deployed in real-world attacks. The findings come from an analysis of a collection of hacking tools hosted on the unidentified threat actor's infrastructure (IP address "185.141.25.168") in a directory calledThe Hacker News
June 22, 2021 – Solution
New Tool Launched to Remove Nude Images of Children Online Full Text
Abstract
Children worried about nude content appearing online can now access a tool to restrict content being sharedInfosecurity Magazine
June 22, 2021 – Botnet
DirtyMoe botnet infected 100,000+ Windows systems in H1 2021 Full Text
Abstract
DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Researchers from Avast are warning of the rapid growth of the DirtyMoe botnet (PurpleFox, Perkiler,...Security Affairs
June 22, 2021 – Vulnerabilities
Complex supply chain logistics are leaving defense contractors vulnerable Full Text
Abstract
An evaluation of 300 small and medium defense companies suggests contractors have prioritized interoperability with outside systems over security.SCMagazine
June 22, 2021 – Privacy
Six Flags to Pay $36M Over Collection of Fingerprints Full Text
Abstract
Illinois Supreme Court rules in favor of class action against company’s practice of scanning people’s fingers when they enter amusement parks.Threatpost
June 22, 2021 – Cryptocurrency
Malicious PyPI packages hijack dev devices to mine cryptocurrency Full Text
Abstract
This week, multiple malicious packages were caught in the PyPI repository for Python projects that turned developers' workstations into cryptomining machines.BleepingComputer
June 22, 2021 – Phishing
It’s Not Safe: “Security Update” Goes Phishing via PDF Full Text
Abstract
Cofense has observed an Office 365 credential phishing campaign, masquerading as an Outlook Security update email from the IT Security department to lure employees to open a “New Policy” PDF.Cofense
June 22, 2021 – Vulnerabilities
NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws Full Text
Abstract
U.S. graphics chip specialist NVIDIA has released software updates to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, and Nano and Nano 2GB running all Jetson Linux versions prior to 32.5.1. The company credited Frédéric Perriot of Apple Media Products for reporting all the issues. The NVIDIA Jetson line consists of embedded Linux AI and computer vision compute modules and developer kits that primarily caters to AI-based computer vision applications and autonomous systems such as mobile robots and drones. Chief among the vulnerabilities is CVE‑2021‑34372 (CVSS score: 8.2), a buffer overflow flaw in its Trusty trusted execution environment (TEE) that could result in informatioThe Hacker News
June 22, 2021 – General
Fifth of Google Play Apps Violate Child Protection Law Full Text
Abstract
One in five apps designed for children contravened the Children's Online Privacy Protection Act (COPPA)Infosecurity Magazine
June 22, 2021 – Vulnerabilities
Tor Browser 10.0.18 fixes a bug that allows to track users by fingerprinting installed apps Full Text
Abstract
The Tor Project released Tor Browser 10.0.18 that addresses a flaw that allows sites to track users by fingerprinting the installed apps. The Tor Project has released Tor Browser 10.0.18, the new version of the popular browser addresses multiple flaws,...Security Affairs
June 22, 2021 – Vulnerabilities
Intent redirection vulnerabilities in popular Android apps spotlight danger of dynamic code loading, warn researchers Full Text
Abstract
App developers have been urged not to load code dynamically because of the heightened risk of code execution vulnerabilities. Recently, one such intent redirection flaw was fixed in the Google app.The Daily Swig
June 22, 2021 – Business
Ransomware Payments Could Be Tax Deductible - Report Full Text
Abstract
Another silver lining for firms that choose to pay their extortersInfosecurity Magazine
June 22, 2021 – Malware
DroidMorph tool generates Android Malware Clones that Full Text
Abstract
Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. A group of researchers from Adana Science and Technology University (Turkey) and the National...Security Affairs
June 22, 2021 – Business
Ping Identity acquires SecuredTouch for bot detection Full Text
Abstract
Ping Identity on Monday announced it's acquired SecuredTouch, a fraud and bot detection firm based in Tel Aviv. The financial terms of the acquisition deal were not disclosed.ZDNet
June 22, 2021 – General
Three-Quarters of SMBs Can’t Repel Cyber-Attacks Full Text
Abstract
Two-fifths admit alert overload is a significant challengeInfosecurity Magazine
June 22, 2021 – General
Protect The Business Full Text
Abstract
When attackers gain access, they most often install cryptominer software or attempt to escape the container and compromise the host system, says Assaf Morag, lead data analyst at Aqua Security.Dark Reading
June 22, 2021 – Breach
Asia Pacific Network Information Centre Leaves SQL Dump From Whois Database Publicly Exposed on Google Cloud Bucket Full Text
Abstract
The Asia Pacific Network Information Centre (APNIC) has admitted it left at least a portion of its Whois SQL database, which contains sensitive information, unsecured for three months.The Register
June 21, 2021 – Botnet
50% of misconfigured containers hit by botnets in under an hour Full Text
Abstract
Aqua Security reported that data it collected from honeypots protecting containers over a six-month period revealed that 50% of misconfigured Docker APIs are attacked by botnets within 56 minutes of being set up.SCMagazine
June 21, 2021 – General
Would companies even abide by a ransomware payments ban? Full Text
Abstract
A new poll found that 44% of firms would consider paying at least 10% of yearly revenue to resolve a ransom, while 20% of firms are willing to pay 20% of their revenue or more.SCMagazine
June 21, 2021 – General
Hillicon Valley: Cyber agency says SolarWinds hack could have been deterred | Civil rights groups urge lawmakers to crack down on Amazon’s ‘dangerous’ worker surveillance | Manchin-led committee puts forth sprawling energy infrastructure proposal Full Text
Abstract
The key federal cybersecurity agency acknowledged the massive SolarWinds hack, which led to the compromise of nine federal agencies by Russian hackers, might have been deterred if a basic security measure had been put in place. The breach is considered one of the largest in U.S. history, and chilled relations between the U.S. and Russia even further.The Hill
June 21, 2021 – Breach
Wegmans Exposes Customer Data in Misconfigured Databases Full Text
Abstract
Cleanup in aisle “Oops”: The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.Threatpost
June 21, 2021 – Vulnerabilities
Tor Browser fixes vulnerability that tracks you using installed apps Full Text
Abstract
The Tor Project has released Tor Browser 10.0.18 to fix numerous bugs, including a vulnerability that allows sites to track users by fingerprinting the applications installed on their devices.BleepingComputer
June 21, 2021 – Government
Manchin-led committee puts forth sprawling energy infrastructure proposal Full Text
Abstract
A Senate committee that’s led by key swing vote Sen. Joe Manchin (D-W.Va.) has released a 400-page energy infrastructure proposal that it will weigh later this week.The Hill
June 21, 2021 – Breach
Ragnar Locker ransomware leaked data stolen from ADATA chipmaker Full Text
Abstract
The Taiwanese memory and storage chip maker ADATA was hit by the Ragnar Locker ransomware gang that also published more than 700GB of stolen data. The Ragnar Locker ransomware gang has published on its leak sites more than 700GB of data stolen from...Security Affairs
June 21, 2021 – Breach
OnlyFans, Twitter ban users for leaking politician’s BDSM video Full Text
Abstract
This week, Twitter and OnlyFans have banned user accounts that illicitly leaked a BSDM video featuring a New York City city council candidate. As reported by Motherboard, the video of 26-year old Zack Weiner began circulating on Twitter and OnlyFans via accounts with identical usernames and profile pictures.BleepingComputer
June 21, 2021 – Breach
Embryology Data Breach Follows Fertility Clinic Ransomware Hit Full Text
Abstract
Approximately 38,000 of RBA’s customers had their embryology data stolen by a ransomware gang.Threatpost
June 21, 2021 – Breach
OnlyFans, Twitter bans users for leaking politician’s BDSM video Full Text
Abstract
This week, Twitter and OnlyFans have banned user accounts that illicitly leaked a BSDM video featuring a New York City city council candidate. As reported by Motherboard, the video of 26-year old Zack Weiner began circulating on Twitter and OnlyFans via accounts with identical usernames and profile pictures.BleepingComputer
June 21, 2021 – Government
California Cops Launch ALPR Transparency Portal Full Text
Abstract
Piedmont police share data on Automated License Plate Recognition technology useInfosecurity Magazine
June 21, 2021 – Breach
Ohio Medicaid Provider Suffers Data Breach Full Text
Abstract
Personal data could have been stolen in unauthorized access incident at MaximusInfosecurity Magazine
June 21, 2021 – Criminals
Lazarus Sub-group Evolves to Target South Korea Full Text
Abstract
This year in April, a suspicious Word document was spotted that had a Korean file name and decoy. On analysis, researchers found a unique infection pattern and an unknown payload.Cyware Alerts - Hacker News
June 21, 2021 – Breach
Millions of medical images, patient data remain exposed via PACS flaws Full Text
Abstract
U.S. health systems have failed to take action, two years after a report exposed potential privacy violations.SCMagazine
June 21, 2021 – Business
Finger Scanning Costs Six Flags $36m Full Text
Abstract
American amusement park agrees to $36m settlement over use of finger-scan entry gatesInfosecurity Magazine
June 21, 2021 – Ransomware
Evolving Ransomware Strategies to be Wary of Full Text
Abstract
Ransomware campaigns are now rarely being propagated via emails due to improved detection capabilities. The shift to downloaders as the first-stage payload offers ransomware operators better flexibility and choice.Cyware Alerts - Hacker News
June 21, 2021 – Government
Cyber agency says SolarWinds hack could have been deterred by simple security measures Full Text
Abstract
The SolarWinds hack, one of the largest cybersecurity incidents in U.S. history, may have been deterred or minimized if basic security measures had been put in place, a top government official acknowledged earlier this month.The Hill
June 21, 2021 – Breach
Millions of medical images, patient data remain exposed via PACS flaws Full Text
Abstract
U.S. health systems have failed to take action, two years after a report exposed potential privacy violations.SCMagazine
June 21, 2021 – Attack
Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light Full Text
Abstract
The organization in April surveyed 606 individuals working at water and wastewater utilities in the U.S. to get a better understanding of the sector in terms of cybersecurity.Security Week
June 21, 2021 – Attack
Threat actors in January attempted to poison the water at a US facility Full Text
Abstract
Threat actors in January attempted to poison the water at a US facility, a circumstance that highlights the importance of cybersecurity for water and wastewater utilities. The news that a threat actor in January attempted to poison the water at a facility...Security Affairs
June 21, 2021 – Hacker
Molerats Hackers Actively Targeting Middle East Governments Full Text
Abstract
Proofpoint discovered that the MoleRATs hacking group, which has become active again after a two-month break, is infiltrating government networks in the Middle East. The group has constantly been targeting entities working with the government or other geopolitical entities in the region.Cyware Alerts - Hacker News
June 21, 2021 – Phishing
Agent Tesla RAT Returns in COVID-19 Vax Phish Full Text
Abstract
An unsophisticated campaign shows that the pandemic still has long legs when it comes to being social-engineering bait.Threatpost
June 21, 2021 – Business
CyberSmart secures $10m Series A funding round Full Text
Abstract
CyberSmart, a cybersecurity technology firm for SMEs, has announced the completion of its Series A funding round led by IQ Capital, bringing the total raised to over $10 million.Business Leader
June 21, 2021 – Vulnerabilities
iPhone Wi-Fi Crushed by Weird Network Full Text
Abstract
… until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not.Threatpost
June 21, 2021 – Criminals
Cybecriminals Claim to Plant Backdoor and Steal Data From NATO’s Cloud Platform Full Text
Abstract
Cybercriminals claim that they managed to make copies of the data on the SOA & IdM platform used by NATO by planting a malware backdoor and that they tried to blackmail Everis.Softpedia News
June 21, 2021 – Breach
ADATA suffers 700 GB data leak in Ragnar Locker ransomware attack Full Text
Abstract
The Ragnar Locker ransomware gang have published download links for more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA.BleepingComputer
June 21, 2021 – Policy and Law
Info-sharing pact will help electric companies comply with DOE’s 100-day plan Full Text
Abstract
E-ISAC’s members will benefit from the analysis of pooled threat data, says CEO Manny Cancel.SCMagazine
June 21, 2021 – Criminals
Data leak marketplace pressures victims by emailing competitors Full Text
Abstract
The Marketo data theft marketplace is applying maximum pressure on victims by emailing their competitors and offering sample packs of the stolen data.BleepingComputer
June 21, 2021 – Malware
Sload Targeting Europe Again Full Text
Abstract
Sload (aka Starslord loader) is one of the most dangerous types of malware in recent years. It usually functions as a downloader with an aim to assess the target and drop a more significant payload.Minerva Labs
June 21, 2021 – Vulnerabilities
Security Vulnerability in Wire Messaging App Allowed Attackers to Fully Control User Accounts Full Text
Abstract
The maintainers of the Wire secure messaging app have patched the software against two security vulnerabilities, one of which could have allowed an attacker to “fully control” user accounts.The Daily Swig
June 21, 2021 – Criminals
Inside a ransomware attack: how dark webs of cybercriminals collaborate to pull one off Full Text
Abstract
Not only is a ransomware attack a blended crime, including different offenses across different bodies of law, but also a crime that straddles the remit of different policing agencies and countries.The Times Of India
June 21, 2021 – Vulnerabilities
Researcher Finds Several Vulnerabilities in Cisco Small Business Switches Full Text
Abstract
A researcher has identified several vulnerabilities in Cisco’s Small Business 220 series smart switches. The company this week informed customers about the availability of patches for these flaws.Security Week
June 21, 2021 – General
5 Critical Steps to Recovering From a Ransomware Attack Full Text
Abstract
Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities. A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020 , while Cybersecurity Venture predicts that a ransomware attack will occur every 11 seconds in 2021. Businesses must prepare for the possibility of a ransomware attack affecting their data, services, and business continuity. What steps are involved in recovering from a ransomware attack? Isolate and shutdown critical systems Enact your business continuity plan Report the cyberattack Restore from backup Remediate, patch, and monitor Isolate and shutdown critical systems The first important step is to isolate and shut down business-critical systems. There is a chance the ransomware has not affected all accessible data and systems. Shutting down and isolating both infected systems and healthy systems helps contain malicious code. From the first evidence of ransomwaThe Hacker News
June 21, 2021 – Breach
UK Parliamentary Staffers Lost 96 Devices in Past Two Years Full Text
Abstract
Fears have been raised that sensitive public data has fallen into the hands of cyber-criminalsInfosecurity Magazine
June 21, 2021 – Government
NSA releases guidance for securing Unified Communications and VVoIP Full Text
Abstract
The US National Security Agency (NSA) released guidance for securing Unified Communications/Voice and Video over IP Systems (VVoIP). NSA last week released guidance for securing their communication systems, specifically Unified Communications (UC)...Security Affairs
June 21, 2021 – General
Lies my vendor told me: sorting through the deceptions and misconceptions in SIEM Full Text
Abstract
Says Forrester’s Allie Mellen, “it’s fun to say that SIEMs are bad; everybody laughs.” But it actually plays a pivotal role.SCMagazine
June 21, 2021 – Vulnerabilities
A security bug in Google’s Android app put users’ data at risk Full Text
Abstract
Google’s Android app, which has more than five billion installs to date, had a vulnerability that could have allowed an attacker to quietly steal personal data from a victim’s device.TechCrunch
June 21, 2021 – Vulnerabilities
DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps Full Text
Abstract
A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. "Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by signature based detectors," the researchers said . "This attack of clones seriously threatens all the mobile platforms, especially Android." The findings were published in a study last week by researchers from Adana Science and Technology University, Turkey, and the National University of Science and Technology, Islamabad, Pakistan. Unlike iOS, apps can be downloaded from third-party sources on Android devices, raising the possibility that unwitting users can install unverified and lookalike apps that clone a legitimate app's functionality but are built to trick tarThe Hacker News
June 21, 2021 – Phishing
Amazon Prime Day - Beware of Phishing Deluge, Experts Warn Full Text
Abstract
Shoppers urged not to click on links in unsolicited emails and textsInfosecurity Magazine
June 21, 2021 – Criminals
Ransomware Actors Evolved Operations in 2020 Full Text
Abstract
Over the last several years, cybercrime adversaries that engage in big game hunting ransomware attacks have advanced rapidly in terms of their capabilities and sophistication.Crowdstrike
June 21, 2021 – General
Beware! Connecting to This Wireless Network Can Break Your iPhone’s Wi-Fi Feature Full Text
Abstract
A wireless network naming bug has been discovered in Apple's iOS operating system that effectively disables an iPhone's ability to connect to a Wi-Fi network. The issue was spotted by security researcher Carl Schou , who found that the phone's Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name " %p%s%s%s%s%n " even after rebooting the phone or changing the network's name (i.e., service set identifier or SSID). The bug could have serious implications in that bad actors could exploit the issue to plant fraudulent Wi-Fi hotspots with the name in question to break the device's wireless networking features. After joining my personal WiFi with the SSID "%p%s%s%s%s%n", my iPhone permanently disabled it's WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3 — Carl Schou (@vm_call) June 18, 2021 The issue stems from a string formatting bug in the manner iOS parses thThe Hacker News
June 21, 2021 – Breach
Over 30,000 Fertility Clinic Patients Hit by Ransomware Data Breach Full Text
Abstract
Atlanta-based Reproductive Biology Associates claims data has been deletedInfosecurity Magazine
June 21, 2021 – General
Major Cyberattack on Poland Came from Russian Territory: Kaczynski Full Text
Abstract
A recent "large scale" cyberattack targeting top Polish politicians was launched from Russia, Jaroslaw Kaczynski, the leader of Poland's governing right-wing party, said on Friday. ]Security Week
June 21, 2021 – Breach
Nuclear Research Institute Breached by Suspected North Korean Hackers Full Text
Abstract
South Korea’s KAERI investigating attack that exploited VPN bugInfosecurity Magazine
June 21, 2021 – Vulnerabilities
Vulnerabilities in Open Design Alliance SDK Impact Siemens, Other Vendors Full Text
Abstract
Eight security vulnerabilities discovered in the Drawings software development kit (SDK) made by Open Design Alliance (ODA) impact products from Siemens and likely other vendors.Security Week
June 21, 2021 – APT
Norway blames China-linked APT31 for 2018 government hack Full Text
Abstract
Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government’s IT network back in 2018.Security Affairs
June 21, 2021 – Breach
South Korea’s Nuclear Research Agency Breached by North Korea-affiliated Cyberattackers Full Text
Abstract
South Korean officials have admitted that the government nuclear think tank Korea Atomic Energy Research Institute was hacked in May 2021 by North Korea’s Kimsuky group. The Korean news outlet that broke the story has accused KAERI of a cover-up.The Register
June 21, 2021 – Government
MI5 seized Boris Johnson’s phone over security risk fears Full Text
Abstract
The British Security Service, also known as MI5, has seized the mobile devices used by PM Boris Johnson over concerns that were raised after the discovery of the availability of its number online for the last 15 years.Security Affairs
June 21, 2021 – Government
NSA releases guidance for securing Unified Communications and VVoIP Full Text
Abstract
UC and VVOIP platforms are widely used in government agencies and by organizations in the supply chain of several government offices. For this reason, the agency wants to support them in securing their infrastructure.Security Affairs
June 21, 2021 – Government
MI5 seized Boris Johnson’s phone over security risk fears Full Text
Abstract
The British intelligence agency MI5 seized Boris Johnson 's phone over concerns related to the availability of his number online for the last 15 years. The British Security Service, also known as MI5, has seized the mobile devices used by PM Boris...Security Affairs
June 20, 2021 – Breach
Fertility clinic discloses data breach exposing patient info Full Text
Abstract
A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack.BleepingComputer
June 20, 2021 – Vulnerabilities
A specific network name can completely disable Wi-Fi on your iPhone Full Text
Abstract
A security researcher has found that a carefully crafted network name causes a bug in the networking stack of iOS and can completely disable your iPhone’s ability to connect to Wi-Fi.9to5 Mac
June 20, 2021 – Attack
Poland: The leader of the PiS party blames Russia for the recent attack Full Text
Abstract
Jaroslaw Kaczynski, the leader of the Poland Law and Justice party, blames Russia for the recent cyberattack targeting top Polish politicians. Jaroslaw Kaczynski, the leader of the Poland Law and Justice party (PiS), blames Russia for the recent...Security Affairs
June 20, 2021 – APT
Norway blames China-linked APT31 for 2018 government hack Full Text
Abstract
Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack...Security Affairs
June 20, 2021 – Vulnerabilities
This bug can permanently break iPhone WiFi connectivity Full Text
Abstract
A new bug in iPhone can permanently break users' WiFi by disabling it, the issue could be triggered by simply connecting to a rogue hotspot. The researcher Carl Schou discovered a new bug in iPhone that can permanently break users' WiFi by disabling...Security Affairs
June 20, 2021 – General
Security Affairs newsletter Round 319 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. APWG: Phishing...Security Affairs
June 19, 2021 – Covid-19
Google force installs Massachusetts MassNotify Android COVID app Full Text
Abstract
Google is force-installing a Massachusetts COVID-19 tracking app on residents' Android devices without an easy way to uninstall it.BleepingComputer
June 19, 2021 – Government
Senate confirms Chris Inglis as Biden’s top cyber adviser Full Text
Abstract
Inglis’ new White House office was one of several policy reforms recommended by the congressional chartered Cyberspace Solarium Commission and incorporated into the fiscal 2021 defense policy bill.Politico
June 19, 2021 – APT
North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI Full Text
Abstract
North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. South Korean representatives declared on Friday that North Korea-linked APT group Kimsuky is believed to have breached...Security Affairs
June 19, 2021 – Breach
South Korea’s Nuclear Research agency hacked using VPN flaw Full Text
Abstract
South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability.BleepingComputer
June 19, 2021 – Breach
This Agency’s Computers Hold Secrets. Hackers Got In With One Password. Full Text
Abstract
New York City’s Law Department holds some of the city’s most closely guarded secrets. But all it took for a hacker to infiltrate the 1,000-lawyer agency’s network early this month was one worker’s pilfered email passwordNew York Times
June 19, 2021 – Hacker
RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec Full Text
Abstract
Experts attribute a series of cyber-espionage campaigns dating back to 2014, and focused on gathering military intelligence, to China-linked Unit 69010. Experts from Recorded Future’s Insikt Group linked a series of attacks, part of RedFoxtrot China-linked...Security Affairs
June 19, 2021 – Vulnerabilities
iPhone bug breaks WiFi when you join hotspot with unusual name Full Text
Abstract
A new iPhone bug has come to light that breaks your iPhone's wireless functionality by merely connecting to a certain WiFi hotspot.. Once triggered, the bug would render your iPhone unable to establish a WiFi connection, even if it is rebooted or the WiFi hotspot is renamed.BleepingComputer
June 19, 2021 – Malware
Matanbuchus Loader: A New Malware-as-a-Service Full Text
Abstract
Researchers identified a threat actor targeting multiple organizations including large universities and high schools in the U.S., along with high-tech organizations in Belgium.Cyware Alerts - Hacker News
June 19, 2021 – Ransomware
Conti Ransomware Gang: An Overview Full Text
Abstract
The Conti ransomware group has spent more than a year attacking organizations where IT outages can have life-threatening consequences such as hospitals, 911 dispatch carriers, emergency medical services, and law enforcement agencies.Palo Alto Networks
June 19, 2021 – Attack
Cyber attack on Polish officials came from Russia, Kaczynski says Full Text
Abstract
Top Polish government officials have been hit by a far-reaching cyber attack conducted from Russian territory, Poland's de facto leader Jaroslaw Kaczynski said on Friday in his first official statement on an email hacking incident this month.Reuters
June 19, 2021 – Malware
Vigilante malware stops victims from visiting piracy websites Full Text
Abstract
Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from visiting a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system.Security Affairs
June 19, 2021 – Vulnerabilities
Expert found multiple flaws in Cisco Small Business 220 series Full Text
Abstract
The vulnerabilities impact devices running firmware versions prior 1.2.0.6 and which have the web-based management interface enabled. The expert pointed out that the interface is enabled by default.Security Affairs
June 19, 2021 – Criminals
A deep dive into the operations of the LockBit ransomware group Full Text
Abstract
Forensic investigations of machines attacked by LockBit affiliates show that threat groups will often first try to identify "mission-critical" systems including NAS devices, backup servers, and domain controllers.ZDNet
June 18, 2021 – Vulnerabilities
North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute Full Text
Abstract
South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses , one of which — "27.102.114[.]89" — has been previously linked to a state-sponsored threat actor dubbed Kimsuky . KAERI, established in 1959 and situated in the city of Daejeon, is a government-funded research institute that designs and develops nuclear technologies related to reactors, fuel rods, radiation fusion, and nuclear safety. Following the intrusion, the think tank said it took steps to block the attacker's IP addresses in question and applied necessary security patches to the vulnerable VPN solution. "Currently, the Atomic Energy Research Institute is investigating the subject of the haThe Hacker News
June 18, 2021 – Hacker
Cyber espionage by Chinese hackers in neighbouring nations is on the rise Full Text
Abstract
A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as " RedFoxtrot " to the People's Liberation Army (PLA) Unit 69010 operating out of Ürümqi, the capital of the Xinjiang Uyghur Autonomous Region in the country. Previously called the Lanzhou Military Region's Second Technical Reconnaissance Bureau, Unit 69010 is a military cover for a Technical Reconnaissance Bureau (TRB) within China's Strategic Support Force (SSF) Network Systems Department ( NSD ). The connection to PLA Unit 69010 stems from what the researchers said were "lax operational security measures" adopted by an unnamed suspected RedFoxtrot threat actThe Hacker News
June 18, 2021 – Malware
Vigilante malware stops victims from visiting piracy websites Full Text
Abstract
This strange malware stops you from visiting pirate websites Sophos researchers uncovered a malware campaign that aims at blocking infected users' from being able to visit a large number of piracy websites. Sophos researchers uncovered a malware...Security Affairs
June 18, 2021 – Ransomware
The Week in Ransomware - June 18th 2021 - Law enforcement strikes back Full Text
Abstract
Compared to the last few weeks, it has been a relatively quiet week with no ransomware attacks causing widespread disruption.BleepingComputer
June 18, 2021 – Breach
Poland blames Russia for breach, theft of Polish officials’ emails Full Text
Abstract
Poland's deputy prime minister Jarosław Kaczyński says last week's breach of multiple Polish officials' private email accounts was carried out from servers within the Russian Federation.BleepingComputer
June 18, 2021 – Criminals
Ferocious Kitten Uses MarkiRAT to Target Iranian Regime Full Text
Abstract
An APT group based out of Iran is actively targeting Iranian users to deliver MarkiRAT that records keystrokes and clipboard content. Two suspicious documents related to it were uploaded to VirusTotal. It appears attackers are trying to enhance their arsenal with new tools to make their attack ... Read MoreCyware Alerts - Hacker News
June 18, 2021 – Breach
Carnival Cruise says customer data exposed in breach Full Text
Abstract
Carnival Cruise says customer and employee data may have been exposed in a data breach in March.The Hill
June 18, 2021 – Government
Russia bans VyprVPN, Opera VPN services for not complying with blacklist request Full Text
Abstract
Russia's telecommunications and media regulator Roskomnadzor (RKN) on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021," the state agency said in a statement. The watchdog described them as threats in accordance with the Decree of the Government of the Russian Federation No. 127 dated February 12, adding the restrictions will not affect Russian companies using VPN services in continuous technological processes. The development comes a little over a month after RKN sent a request to enterprises and organizations that use the two VPN services to inform the Center for Monitoring and Management of the Public Telecommunications Network and seek eThe Hacker News
June 18, 2021 – Criminals
Texan Admits Data Center Bomb Plot Full Text
Abstract
Wichita Falls man hoped to “kill off 70% of the internet” by obliterating Virginia data centerInfosecurity Magazine
June 18, 2021 – Breach
US supermarket chain Wegmans discloses data breach Full Text
Abstract
The supermarket chain Wegmans US Wegmans discloses a data breach, customers information was exposed on the Internet due to a misconfiguration issue. Wegmans Food Markets disclosed a data breach, the supermarket chain notified customers that some of their...Security Affairs
June 18, 2021 – Accident
Wegmans reports misconfigurations on two cloud databases Full Text
Abstract
Another company was caught in a cloud misconfiguration issue as Wegmans Food Markets on Thursday notified its customers that two of its cloud databases were left open to potential outside access. In a notice released to its customers, Wegmans said the type of customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers,…SCMagazine
June 18, 2021 – General
What’s Making Your Company a Ransomware Sitting Duck Full Text
Abstract
What’s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?Threatpost
June 18, 2021 – Criminals
Fake DarkSide gang targets energy, food industry in extortion emails Full Text
Abstract
Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors.BleepingComputer
June 18, 2021 – Phishing
Scammers Using Tampered Ledger Devices to Steal Cryptocurrency Full Text
Abstract
Users and security experts have uncovered a scam involving the delivery of fake replacement Ledger devices to customers to steal cryptocurrency. Customers using Ledger devices are recommended to beware of any unwanted email, package, or text.Cyware Alerts - Hacker News
June 18, 2021 – Policy and Law
Lawmakers rally around cyber legislation following string of attacks Full Text
Abstract
Lawmakers on Capitol Hill are scrambling to introduce legislation to address a devastating spike in ransomware and other cyberattacks on critical organizations such as Colonial Pipeline and JBS USA.The Hill
June 18, 2021 – Solution
Google Releases New Framework to Prevent Software Supply Chain Attacks Full Text
Abstract
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called " Supply chain Levels for Software Artifacts " (SLSA, and pronounced "salsa"), the end-to-end framework aims to secure the software development and deployment pipeline — i.e., the source ➞ build ➞ publish workflow — and mitigate threats that arise out of tampering with the source code, the build platform, and the artifact repository at every link in the chain. Google said SLSA is inspired by the company's own internal enforcement mechanism called Binary Authorization for Borg , a set of auditing tools that verifies code provenance and implements code identity to ascertain that the deployed production software is properly reviewed and authorized. "In its current state, SLSA is a set of incrementally adoptableThe Hacker News
June 18, 2021 – Policy and Law
New Jersey Councilor Charged with Cyber-harassment Full Text
Abstract
Cape May councilman charged with stalking and cyber-harassing former girlfriendInfosecurity Magazine
June 18, 2021 – Vulnerabilities
Expert found multiple flaws in Cisco Small Business 220 series Full Text
Abstract
A researcher discovered multiple vulnerabilities in smart switches of Cisco’s Small Business 220 series, including some issues rated as high severity. Security researcher Jasper Lievisse Adriaanse has discovered multiple vulnerabilities Cisco’s...Security Affairs
June 18, 2021 – Solution
Researchers offer advice on how to block WFH employees from downloading pirated software Full Text
Abstract
Security teams looking to prevent work-from-home and remote users from downloading potentially trojanized pirated software will find Thursday’s research by Sophos of interest. In a blog post, Sophos researchers reported on a curious malware program that comes disguised as pirated copies of software, but actually modifies infected users’ HOSTS file to blocks them from visiting…SCMagazine
June 18, 2021 – Government
Russia bans Opera VPN and VyprVPN, classifies them as threats Full Text
Abstract
Roskomnadzor, Russia's telecommunications watchdog, has banned the use of Opera VPN and VyprVPN after classifying them as threats according to current Russian law.BleepingComputer
June 18, 2021 – Criminals
A deep dive into the operations of the LockBit ransomware group Full Text
Abstract
An investigation revealed that LockBit affiliates most often will buy RDP access to servers as an initial attack vector, although they may also use typical phishing and credential stuffing techniques.ZDNet
June 18, 2021 – Privacy
Colorado Passes New Privacy Act Full Text
Abstract
Comprehensive data privacy law awaits signature of state governorInfosecurity Magazine
June 18, 2021 – Breach
Cruise operator Carnival discloses a security breach Full Text
Abstract
Carnival Corp. said that the data breach it has suffered in March might have impacted its customers and employees. Carnival Corp. this week confirmed that the data breach that took place in March might have exposed personal information about customers...Security Affairs
June 18, 2021 – Breach
Alina Lodge notifies patients of data breach tied to 2020 Blackbaud incident Full Text
Abstract
This week’s breach roundup is led by a Alina Lodge breach notice stemming from the massive 2020 Blackbaud security incident and data theft.SCMagazine
June 18, 2021 – Breach
US supermarket chain Wegmans notifies customers of data breach Full Text
Abstract
Wegmans Food Markets notified customers that some of their information was exposed after the company became aware that two of its databases were publicly accessible on the Internet because of a configuration issue.BleepingComputer
June 18, 2021 – Government
NSA Releases Guidance for Securing Enterprise Communication Systems Full Text
Abstract
The NSA on Thursday released guidance to help organizations secure their communication systems, specifically Unified Communications (UC) and Voice and Video over IP (VVoIP).Security Week
June 18, 2021 – Business
Google Spices Up Supply Chain Security with SLSA Framework Full Text
Abstract
Certification will give customers confidence software hasn't been tampered withInfosecurity Magazine
June 18, 2021 – Outage
Akamai outage was caused by an issue with its Prolexic DDoS protection service Full Text
Abstract
An outage suffered by CDN, cybersecurity and cloud services provider Akamai was caused by an issue with its Prolexic DDoS attack protection service. CDN, cybersecurity and cloud services provider Akamai revealed that the recent outage suffered by the company...Security Affairs
June 18, 2021 – Education
New alliance exposes underserved groups to cyber training, job opportunities Full Text
Abstract
Nearly 30 organizations have agreed to make IBM’s skills-building platform available to the vulnerable populations they serve.SCMagazine
June 18, 2021 – Business
Threatray Raises $2.7M in Funding Full Text
Abstract
The Switzerland-based Threatray raised $2.7 million in funding led by Verve Ventures, with participation from existing investors Hammer Team, SICTIC, BackBone Ventures, and the Innofund by SZKB.FinSMEs
June 18, 2021 – General
Infosecurity Europe 2021 Postpones Live Event Full Text
Abstract
Infosecurity Europe has announced that it is postponing the live event due to run at London Olympia in July, following the government’s delay in lifting the final COVID-19 restrictionsInfosecurity Magazine
June 18, 2021 – APT
The return of TA402 Molerats APT after a short pause Full Text
Abstract
TA402 APT group (aka Molerats and GazaHackerTeam) is back after two-month of silence and is targeting governments in the Middle East. The TA402 APT group (aka Molerats and Gaza Cybergang) is back after a two-month of apparent inactivity, it is targeting...Security Affairs
June 18, 2021 – Government
Inglis confirmed as first national cyber director Full Text
Abstract
The Senate quietly confirmed Chris Inglis as the first-ever national cyber director by voice vote on Thursday, adding a new White House resource amid a tumultuous year of ransomware, espionage and other cybersecurity concerns. “After 11 long years, I’m thrilled the U.S. finally has a Senate-confirmed national cyberdirector in the White House,” tweeted Rep. Jim…SCMagazine
June 18, 2021 – Malware
Newly Discovered Vigilante Malware Rats Out Software Pirates and Blocks Them Full Text
Abstract
Vigilante, as SophosLabs Principal Researcher Andrew Brandt is calling the malware, gets installed when victims download and execute what they think is pirated software or games.Ars Technica
June 18, 2021 – Phishing
Novel Phishing Attack Abuses Google Drive and Docs Full Text
Abstract
Simple technique bypasses static link scanning, researchers warnInfosecurity Magazine
June 18, 2021 – Criminals
Threat Actors in Recent Campaign Pose as Darkside to Target Energy and Food Sectors Full Text
Abstract
The content of the emails led researchers to believe that they did not come from Darkside, but from an attacker trying to profit off the current situation around DarkSide ransomware activities.Trend Micro
June 18, 2021 – Breach
Carnival Confirms Another Breach Impacting Staff and Passengers Full Text
Abstract
Cruise line giant reveals personal information may have been takenInfosecurity Magazine
June 18, 2021 – Attack
Freeport town computer network back up following ransomware attack Full Text
Abstract
The town’s municipal computer network is back up and running after a cyberattack one week ago that has been linked to Russian criminals and a global ransomware group, the town manager said Tuesday.Press Herald
June 17, 2021 – General
[eBook] 7 Signs You Might Need a New Detection and Response Tool Full Text
Abstract
It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes obsolete, often overnight. This combination usually results in one of two things – organizations make less than ideal choices about the software and tools they're adding, or security leaders simply cannot stay abreast of new developments and opt to stay put with their existing stack. The problem is that once you let one update pass you by, you're suddenly miles behind. A new eBook from XDR provider Cynet ( download here ) offers insights into factors that are clear signs organizations need to upgrade their detection and response tools to stay with the times. The eBook highlights several factors and questions that companies can ask themselves to determine whether they are okayThe Hacker News
June 17, 2021 – Vulnerabilities
Update Your Chrome Browser to Patch Yet Another 0-Day Exploited in-the-Wild Full Text
Abstract
Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as CVE-2021-30554 , the high severity flaw concerns a use after free vulnerability in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser. Successful exploitation of the flaw could mean corruption of valid data, leading to a crash, and even execution of unauthorized code or commands. The issue was reported to Google anonymously on June 15, Chrome technical program manager Srinivas Sista noted , adding the company is "aware that an exploit for CVE-2021-30554 exists in the wild." While it's usually the norm to limit details of the vulnerability until a majority of users are updated with the fix, the development comes less than 10 days after Google addressed another zero-day vulnerability exploited in actThe Hacker News
June 17, 2021 – Breach
Eggfree Cake Box suffer data breach exposing credit card numbers Full Text
Abstract
Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers.BleepingComputer
June 17, 2021 – Breach
Carnival discloses new data breach on email accounts Full Text
Abstract
Carnival has been hit by multiple cyberattacks since 2019, including a ransomware incident last summer.SCMagazine
June 17, 2021 – Solution
A look at Google’s new project to boost security for open source (and other) software code Full Text
Abstract
The tech giant’s new software security framework is a roadmap to help developers defend against common attacks at every link in the development and production chain.SCMagazine
June 17, 2021 – Phishing
Attackers create phishing lures with standard tools in Google Docs to steal credentials Full Text
Abstract
Researchers on Thursday reported that hackers are using standard tools within Google Docs/Drive to lead unsuspecting victims to fraudulent websites, stealing credentials in the process. In a blog post, Avanan said hackers are bypassing static link scanners by hosting their attacks on publicly-known services. Gil Friedrich, co-founder and CEO of Avanan, said his team has…SCMagazine
June 17, 2021 – General
Hillicon Valley: Senate unanimously confirms Chris Inglis as first White House cyber czar | Scrutiny mounts on Microsoft’s surveillance technology | Senators unveil bill to crack down on cyber criminals Full Text
Abstract
The Senate on Thursday quietly approved the nomination of Chris Inglis as the nation’s first White House national cyber director, with the approval coming hot on the heels of months of escalating cyberattacks. One of the key champions of the cyber czar position, Rep. Jim LangevinJames (Jim) R. LangevinLawmakers urge Biden to be tough on cybersecurity during summit with Putin Colonial Pipeline may use recovered ransomware attack funds to boost cybersecurity New Russian hacks spark calls for tougher Biden actions MORE (D-R.I.), celebrated Inglis’s confirmation into a role that will see many roles and responsibilities placed on him.The Hill
June 17, 2021 – Breach
Egg free Cake Box suffer data breach exposing credit card numbers Full Text
Abstract
Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers.BleepingComputer
June 17, 2021 – Breach
Over a billion records belonging to CVS Health exposed online Full Text
Abstract
Researchers discovered an unprotected database belonging to CVS Health that was exposed online containing over a billion records. This week WebsitePlanet along with the researcher Jeremiah Fowler discovered an unsecured database, belonging to the US healthcare...Security Affairs
June 17, 2021 – General
Clop Raid: A Big Win in the War on Ransomware? Full Text
Abstract
Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.Threatpost
June 17, 2021 – Government
FCC votes to advance proposed ban on Chinese telecom equipment Full Text
Abstract
The Federal Communications Commission (FCC) voted unanimously Thursday to explore a proposal that would ban U.S. companies from buying telecommunications equipment that poses national security risks.The Hill
June 17, 2021 – Government
Senate confirms Chris Inglis as first White House cyber czar Full Text
Abstract
The Senate on Thursday unanimously confirmed former National Security Agency (NSA) Deputy Director Chris Inglis as the first White House national cyber director.The Hill
June 17, 2021 – Vulnerabilities
Google fixes seventh Chrome zero-day exploited in the wild this year Full Text
Abstract
Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild.BleepingComputer
June 17, 2021 – Vulnerabilities
Cisco Smart Switches Riddled with Severe Security Holes Full Text
Abstract
The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.Threatpost
June 17, 2021 – Privacy
HHS unveils patient matching standards, guidance to boost patient privacy Full Text
Abstract
HHS developed patient matching standards in coordination with industry stakeholders and standards development entities, including HL7.SCMagazine
June 17, 2021 – Breach
Audi, Volkswagen customer data being sold on a hacking forum Full Text
Abstract
Audi and Volkswagen customer data is being sold on a hacking forum after allegedly being stolen from an exposed Azure BLOB container.BleepingComputer
June 17, 2021 – Breach
A Billion CVS Records Exposed Full Text
Abstract
Misconfiguration error leaves CVS database without password protectionInfosecurity Magazine
June 17, 2021 – APT
Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran Full Text
Abstract
Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets' devices. Researchers from Kaspersky reported that Iran-linked threat actors, tracked as Ferocious...Security Affairs
June 17, 2021 – Government
NSA shares guidance on securing voice, video communications Full Text
Abstract
The National Security Agency (NSA) has shared mitigations and best practices that systems administrators should follow when securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems.BleepingComputer
June 17, 2021 – Breach
Inside the Market for Cookies That Lets Hackers Pretend to Be You Full Text
Abstract
Genesis Market is an invite-only underground marketplace where cybercriminals can source cookies that have been lifted from hacked computers for a cornucopia of services.Vice
June 17, 2021 – Covid-19
VPN Attacks: A Rising Threat for Remote Work in the COVID-19 Era Full Text
Abstract
In a recent report, Nuspire revealed that attacks against Fortinet’s SSL-VPN had jumped to 1,916% in the first quarter of 2021. It was also identified that there was a 1,527% spike in attacks against Pulse Secure VPN.Cyware Alerts - Hacker News
June 17, 2021 – Outage
Australia Suffers Widespread Internet Outage Full Text
Abstract
Akamai issue causes Aussie mail service, airlines, banks, and other businesses to lost internetInfosecurity Magazine
June 17, 2021 – Government
State and local officials push for cyber grants to protect critical services Full Text
Abstract
One issue states have traditionally faced with grant funding is that one time payments cannot fund projects requiring long term employement, training and equipment upgrades.SCMagazine
June 17, 2021 – Criminals
Senators unveil legislation to crack down on cyber criminals Full Text
Abstract
A bipartisan group of senators on Thursday unveiled legislation intended to crack down on cyber criminals, who have increasingly posed a threat to critical U.S. organizations.The Hill
June 17, 2021 – Malware
Matanbuchus: Malware-as-a-Service with Demonic Intentions Full Text
Abstract
Unit42 researchers found several organizations impacted by Matanbuchus including a large university and high school in the United States, as well as a high-tech organization in Belgium.Palo Alto Networks
June 17, 2021 – Attack
Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes Full Text
Abstract
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft’s native email controls.Threatpost
June 17, 2021 – Phishing
Threat Actors Use Google Docs to Host Phishing Attacks Full Text
Abstract
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.Threatpost
June 17, 2021 – General
BackdoorDiplomacy - Trouble Brewing in Africa and the Middle East Full Text
Abstract
The APT group is capable of stealing victims’ system information, take screenshots, and write, move, or delete files. A subset of the victims were targeted with data collection executables that sought out removable media.Cyware Alerts - Hacker News
June 17, 2021 – Breach
CVS Health Records for 1.1 Billion Customers Exposed Full Text
Abstract
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.Threatpost
June 17, 2021 – Breach
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise Full Text
Abstract
Mandiant determined the installers were malicious in early June and notified the victim of a potential website compromise, which may have allowed UNC2465 to replace the legitimate downloads.FireEye
June 17, 2021 – Vulnerabilities
Hackers Can Spy on Peloton Workouts Full Text
Abstract
Researchers find flaw enabling hackers to remotely access Peloton bike screensInfosecurity Magazine
June 17, 2021 – Breach
Carnival Cruise hit by data breach, warns of data misuse risk Full Text
Abstract
Carnival Corporation, the world's largest cruise ship operator, has disclosed a data breach after attackers breached some email accounts and accessed personal, financial, and health information belonging to customers, employees, and crew.BleepingComputer
June 17, 2021 – Government
Senators draft bill that would require many entities to report cyber breaches within 24 hours Full Text
Abstract
The bipartisan draft by Senators Mark Warner, Marco Rubio, and Susan Collins, reflects a renewed effort by Congress to pass long-awaited federal rules surrounding cybersecurity breach notifications.CNN Money
June 17, 2021 – Malware
Vigilante malware blocks victims from downloading pirated software Full Text
Abstract
A vigilante developer turns the tables on software pirates by distributing malware that prevents them from accessing pirated software sites in the future.BleepingComputer
June 17, 2021 – Business
LORCA Announces New Intensive Program for Most Promising Cyber Startups Full Text
Abstract
LORCA Ignite is a new intensive program that will help six of the most promising cyber startups in the UK achieve rapid growthInfosecurity Magazine
June 17, 2021 – Vulnerabilities
Critical flaws in defibrillator management tool pose account takeover, credential risk for hospitals Full Text
Abstract
The half-dozen flaws are found in all versions of the ZOLL Defibrillator Dashboard prior to 2.2. It would take a low-skill level to exploit and could enable an attacker to gain access to credentials or impact the confidentiality, integrity, and availability of the application.SCMagazine
June 17, 2021 – Government
House lawmakers roll out legislation to protect schools against hackers Full Text
Abstract
A group of bipartisan House members led by Rep. Doris Matsui (D-Calif.) on Thursday introduced legislation intended to protect K-12 institutions from cyberattacks, which spiked during the COVID-19 pandemic.The Hill
June 17, 2021 – Hacker
Suspected Iranian Hackers Exploit Chrome, Telegram, VPN Apps to Spy Over Dissidents Full Text
Abstract
For the last six years, hackers have stalked Iranian dissidents with spying tools that mimic the software those dissidents use to protect their communications, security firm Kaspersky said Wednesday.Cyberscoop
June 17, 2021 – Outage
Internet outages hit airlines, financial institutions Full Text
Abstract
Airlines, financial institutions and other companies around the world on Thursday reported that they were experiencing technical difficulties due to a brief series of internet outages.The Hill
June 17, 2021 – Criminals
Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments Full Text
Abstract
A Middle Eastern advanced persistent threat (APT) group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month. Sunnyvale-based enterprise security firm Proofpoint attributed the activity to a politically motivated threat actor it tracks as TA402 , and known by other monikers such as Molerats and GazaHackerTeam. The threat actor is believed to be active for a decade, with a history of striking organizations primarily located in Israel and Palestine, and spanning multiple verticals such as technology, telecommunications, finance, academia, military, media, and governments. The latest wave of attacks commenced with spear-phishing emails written in Arabic and containing PDF attachments that come embedded with a malicious geofenced URL to selectively direct victims to a password-protected archive only if the source IP aThe Hacker News
June 17, 2021 – Malware
Puzzling New Malware Blocks Access to Piracy Sites Full Text
Abstract
Newly discovered threat could be the work of an anti-piracy vigilanteInfosecurity Magazine
June 17, 2021 – Breach
Cosmolog Kozmetik Data Breach: Hundreds of Thousands of Customers impacted Full Text
Abstract
The securWizCase experts found a major breach that affected the popular online retailer Cosmolog Kozmetik. WizCase’s security team, led by Ata Hakçıl, has found a major breach in popular online retailer Cosmolog Kozmetik’s database....Security Affairs
June 17, 2021 – Government
Without specifics, Putin says U.S.-Russia reached an agreement to consult on cybersecurity Full Text
Abstract
Russian President Vladimir Putin on Wednesday said his country and the United States had agreed to enter into "consultations" on cybersecurity following his summit with President Joe Biden.Politico
June 17, 2021 – Privacy
A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran Full Text
Abstract
Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat (APT) group it tracks as Ferocious Kitten, a group that has singled out Persian-speaking individuals allegedly based in the country while successfully operating under the radar. "The targeting of Psiphon and Telegram, both of which are quite popular services in Iran, underlines the fact that the payloads were developed with the purpose of targeting Iranian users in mind," Kaspersky's Global Research and Analysis Team (GReAT) said . "Moreover, the decoy content displayed by the malicious files often made use of political themes and involved images or videos of resistance basThe Hacker News
June 17, 2021 – General
60% of Businesses Would Consider Paying a Ransomware Demand Full Text
Abstract
One in five businesses are also prepared to spend 20% or more of their annual revenueInfosecurity Magazine
June 17, 2021 – Policy and Law
Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet Full Text
Abstract
Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting...Security Affairs
June 17, 2021 – Business
Industrial Cybersecurity Firm Claroty Raises $140 Million in Series D Funding Full Text
Abstract
The latest funding round was co-led by Bessemer Venture Partners’ Century II fund and 40 North Ventures, with participation from I Squared Capital’s ISQ Global InfraTech Fund and previous investors.Security Week
June 17, 2021 – General
Strengthen Your Password Policy With GDPR Compliance Full Text
Abstract
A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory requirements. Companies in the EU must have password policies that are compliant with the General Data Protection Regulation (GDPR). Even if your company isn't based in the EU, these requirements apply if you have employees or customers residing in the EU or customers purchasing there. In this post, we will look at GDPR requirements for passwords and provide practical tips on how to design your password policy. Remember, even if GDPR isn't required for you now, the fundamentals of a data protection regulation plan can help strengthen your organization's security. Password requirements for GDPR compliance You may be surprised to discover that the GDPR laws do not actually mentioThe Hacker News
June 17, 2021 – Breach
Amazon Web Services Misconfiguration Exposes Half a Million Cosmetics Customers Full Text
Abstract
Turkish firm Cosmolog Kozmetik's error leaks personal information en masseInfosecurity Magazine
June 17, 2021 – Criminals
UNC2465 cybercrime group launched a supply chain attack on CCTV vendor Full Text
Abstract
UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. An affiliate of the Darkside ransomware gang, tracked as UNC2465, has conducted a supply chain attack against...Security Affairs
June 17, 2021 – Attack
Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority Full Text
Abstract
An organisation whose network was infected by Ryuk ransomware has spent $8.1m over seven months recovering from it – and that’s still not the end of it, according to US news reports.The Register
June 17, 2021 – Malware
Researchers Uncover ‘Process Ghosting’ — A New Malware Evasion Technique Full Text
Abstract
Cybersecurity researchers have disclosed a new executable image tampering attack dubbed "Process Ghosting" that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system. "With this technique, an attacker can write a piece of malware to disk in such a way that it's difficult to scan or delete it — and where it then executes the deleted malware as though it were a regular file on disk," Elastic Security researcher Gabriel Landau said . "This technique does not involve code injection, Process Hollowing, or Transactional NTFS (TxF)." Process Ghosting expands on previously documented endpoint bypass methods such as Process Doppelgänging and Process Herpaderping , thereby enabling the veiled execution of malicious code that may evade anti-malware defenses and detection. Process Doppelgänging, analogous to Process Hollowing , involves injecting arbitrary code in the address space ofThe Hacker News
June 17, 2021 – Government
US Warns Russia of Cyber-Attack No-Go List Full Text
Abstract
Presidents Biden and Putin will now work on a deeper cybersecurity arrangementInfosecurity Magazine
June 17, 2021 – Attack
UK’s Gateley Says Cyberattack Affects Small Portion of Its Data Full Text
Abstract
The commercial legal services firm said it had informed relevant regulators and law enforcement agencies along with the country's Information Commissioner's office about the breach.US News
June 17, 2021 – General
Is an Attacker Living Off Your Land? Full Text
Abstract
Malware and all of its various forms has grown increasingly stealthy and sophisticated in recent years. Also on the rise: Its ability to fly under cybersecurity software's radar.Dark Reading
June 17, 2021 – Attack
Poland Institutions and Individuals Targeted by an Unprecedented Series of Cyberattacks Full Text
Abstract
Last week, hackers breached the private email account of Michal Dworczyk, the head of the Polish Prime Minister’s office and member of the ruling Law and Justice party (PiS).Security Affairs
June 17, 2021 – Criminals
Cybercriminals Go After Amazon Prime Day Shoppers with Spoofed Domains Full Text
Abstract
In the last 30 days, over 2300 new domains were registered about Amazon, a 10% increase from the previous Amazon Prime Day, where the majority now are either malicious or suspicious.Check Point Research
June 16, 2021 – Cryptocurrency
Criminals are mailing altered Ledger devices to steal cryptocurrency Full Text
Abstract
Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets.BleepingComputer
June 16, 2021 – Government
Cyber concerns dominate Biden-Putin summit Full Text
Abstract
President Biden used a summit with Russian President Vladimir PutinVladimir Vladimirovich PutinHillicon Valley: Big Tech critic Lina Khan named chair of the FTC | Lawmakers urge Biden to be tough on cyber during summit with Putin | TSA working on additional security regulations following Colonial Pipeline hack Overnight Defense: Top admiral shoots back at criticism of 'woke' military | Military guns go missing | New White House strategy to battle domestic extremism Lawmakers urge Biden to be tough on cybersecurity during summit with Putin MORE to confront Moscow over its aggressive behavior in cyberspace and communicate that there would be future consequences if Russian state-backed cyberattacks continue.The Hill
June 16, 2021 – General
How AI is Transforming Data Governance in today’s World Full Text
Abstract
How AI is Transforming Data Governance? Consumers are becoming more aware of their rights, making data governance more relevant across organizations. Data governance is a set of standards, metrics, and processes that allow organizations to responsibly...Security Affairs
June 16, 2021 – Attack
Poland institutions and individuals targeted by an unprecedented series of cyber attacks Full Text
Abstract
Poland 's government announced that it was targeted by an 'Unprecedented' series of cyber attacks, hackers hit against institutions and individuals. Poland's parliament had a closed-door session to discuss an unprecedented wave of cyber attacks that...Security Affairs
June 16, 2021 – General
Hillicon Valley: Biden, Putin agree to begin work on addressing cybersecurity concerns | Senate panel unanimously advances key Biden cyber nominees | Rick Scott threatens to delay national security nominees until Biden visits border Full Text
Abstract
President BidenJoe BidenMellman: Trump voters cling to 2020 tale FDA authorizes another batch of J&J vaccine Cotton warns of China collecting athletes' DNA at 2022 Olympics MORE and Russian President Vladimir PutinVladimir Vladimirovich PutinHillicon Valley: Big Tech critic Lina Khan named chair of the FTC | Lawmakers urge Biden to be tough on cyber during summit with Putin | TSA working on additional security regulations following Colonial Pipeline hack Overnight Defense: Top admiral shoots back at criticism of 'woke' military | Military guns go missing | New White House strategy to battle domestic extremism Lawmakers urge Biden to be tough on cybersecurity during summit with Putin MORE met face-to-face in Geneva, the first in-person interaction between the leaders since Biden took office. Cybersecurity was at the top of the agenda after a bumpy few months of escalating Russian-linked attacks on the U.S.The Hill
June 16, 2021 – Vulnerabilities
Vulnerability in Peloton bikes one example of a more widespread security issue Full Text
Abstract
Many Android device OEMs may have offerings with similar flaws, any of which could provide an avenue in to home networks and even enterprise resources.SCMagazine
June 16, 2021 – Phishing
Scammers mail fake Ledger devices to steal your cryptocurrency Full Text
Abstract
Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets.BleepingComputer
June 16, 2021 – General
Why backups are not the panacea for recovery from a ransomware attack Full Text
Abstract
The most pervasive wisdom about preventing damage from ransomware is to backup systems. FujiFilm and Colonial Pipeline in fact, restored from back-ups. So in an era of increased concern about ransomware, is solving the ransomware scourge as simple as investing in some backups? “If it was that easy, it just wouldn’t be an issue,” said…SCMagazine
June 16, 2021 – Criminals
An international joint operation resulted in the arrest of Clop ransomware members Full Text
Abstract
Ukraine police arrested multiple individuals that are believed to be linked to the Clop ransomware gang as part of an international joint operation. Ukraine police arrested multiple individuals that are believed to be linked to the Clop ransomware...Security Affairs
June 16, 2021 – Attack
New threat intel framework takes aim at bot-fueled business logic attacks Full Text
Abstract
BLADE addresses scenarios in which bots exploit apps and websites – using them as they were intended, but for malicious purposes like credential stuffing and account takeovers.SCMagazine
June 16, 2021 – Attack
Health care ransomware attacks: Oklahoma health system driven to EHR downtime Full Text
Abstract
The incident is the latest in what appears to be another ransomware wave, after a previous onslaught of attacks and EHR outages in the fall of 2020.SCMagazine
June 16, 2021 – Government
Biden, Putin agree to begin work on addressing cybersecurity concerns Full Text
Abstract
President Biden and Russian President Vladimir Putin on Wednesday said they agreed to work together to outline what cybersecurity concerns, such as ransomware attacks on critical infrastructure, would be considered red lines for the two countries.The Hill
June 16, 2021 – Criminals
Avaddon Ransomware Gang Evaporates Amid Global Crackdowns Full Text
Abstract
Ransomware group releases decryptors for nearly 3,000 victims, forfeiting millions in payouts.Threatpost
June 16, 2021 – Policy and Law
US Convicts Russian Malware-masker Full Text
Abstract
Federal jury convicts operator of crypting service used to conceal Kelihos malwareInfosecurity Magazine
June 16, 2021 – Privacy
IKEA Fined $1.2M for Elaborate ‘Spying System’ Full Text
Abstract
A French court fined the furniture giant for illegal surveillance on 400 customers and staff.Threatpost
June 16, 2021 – Criminals
Gold Winter is the Group Behind Hades Ransomware Full Text
Abstract
Researchers took the wraps off the operators of the Hades ransomware as they came across a new adversary group Gold Winter, whose behavior coincides with the former. The recent finding suggests that threat actors may be deliberately trying to find ways to look different or evolve their attack techn ... Read MoreCyware Alerts - Hacker News
June 16, 2021 – Ransomware
Paradise Ransomware’s Source Code Now Available on a Hacker Forum Full Text
Abstract
Experts are concerned as the source code of the .NET version of Paradise ransomware was found to have been leaked on a hacker forum. Such leaks could prove to be devastating as any interested attacker can create their own ransomware version to target victims.Cyware Alerts - Hacker News
June 16, 2021 – Business
Deloitte Acquires Terbium Labs Full Text
Abstract
Baltimore-based digital risk protection company Terbium Labs is acquired by DeloitteInfosecurity Magazine
June 16, 2021 – Criminals
Avaddon Ransomware Calls it Quit, Distributes Keys for Free Full Text
Abstract
The Avaddon ransomware gang has shared 2,934 decryption keys , with Bleeping Computer, shrouded in an anonymous tip pretending to be from the FBI. The team soon shared it with Emsisoft, who confirmed the legitimacy of the keys.Cyware Alerts - Hacker News
June 16, 2021 – Breach
IAB Tech Lab Accused of “World’s Largest Data Breach” Full Text
Abstract
Irish civil liberties group sues non-profit digital media consortium over real-time biddingInfosecurity Magazine
June 16, 2021 – General
Ransomware Poll: 80% of Victims Don’t Pay Up Full Text
Abstract
Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said were hit by a second attack.Threatpost
June 16, 2021 – Breach
Over One Billion Records Belonging to CVS Health Exposed Online Full Text
Abstract
On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health that was not password-protected.ZDNet
June 16, 2021 – Breach
Alibaba-owned Shopping Platform Falls Victim to Chinese Web Crawler in Large Data Leak Full Text
Abstract
A Chinese software developer trawled Alibaba’s popular Taobao shopping website for eight months, clandestinely collecting more than 1.1 billion pieces of user information.The Wall Street Journal
June 16, 2021 – Government
Rick Scott threatens to delay national security nominees until Biden visits border Full Text
Abstract
Sen. Rick Scott (R-Fla.) threatened Wednesday to delay President Biden’s national security nominees, saying he would place a hold on Department of Homeland Security (DHS) positions until the president visits the southern border.The Hill
June 16, 2021 – General
Researchers: Booming Cyber-Underground Market for Initial-Access Brokers Full Text
Abstract
Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from ‘vendors’ that have previously installed backdoors on targets.Threatpost
June 16, 2021 – Cryptocurrency
Cryptocurrency and Ransomware Attacks - What’s the Connection? Full Text
Abstract
Cryptocurrencies are an extortionist’s dream come true. It is very difficult to trace adversaries based on bitcoin addresses. Moreover, bitcoin has become essential on the dark web as it is easy to acquire and use.Cyware Alerts - Hacker News
June 16, 2021 – Education
Takeaways from the Colonial Pipeline Ransomware Attack Full Text
Abstract
The incident showcases basic steps that organizations can take to protect themselves as ransomware gangs get smarter.Threatpost
June 16, 2021 – Vulnerabilities
We’ve found another reason not to use Microsoft’s Paint 3D – researchers Full Text
Abstract
The vulnerability, designated CVE-2021-31946, could let miscreants execute arbitrary code on affected versions of Paint 3D when visiting a malicious page or opening a malicious file.The Register
June 16, 2021 – Criminals
Members of Clop Ransomware Gang Arrested in Ukraine Full Text
Abstract
A police operation in Ukraine has led to the arrest of six people allegedly part of the notorious Clop ransomware groupInfosecurity Magazine
June 16, 2021 – Botnet
US convicts Russian national behind Kelihos botnet crypting service Full Text
Abstract
Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypter service used by the Kelihos botnet to obfuscate malware payloads and evade detection.BleepingComputer
June 16, 2021 – Ransomware
CISA Warns of Threat Posed by Ransomware to Industrial Systems Full Text
Abstract
The fact sheet released by CISA provides a summary of the steps organizations should take to improve their resilience against ransomware attacks and gives links to more detailed guidance.Security Week
June 16, 2021 – General
Euros-Driven Football Fever Nets Dumb Passwords Full Text
Abstract
The top easy-to-crack, football-inspired password in a database of 1 billion unique, clear-text, breached passwords? You probably guessed it: “Football.”Threatpost
June 16, 2021 – Criminals
Cl0p affiliated hackers exposed in Ukraine Full Text
Abstract
Ukrainian police reported uncovering a group of hackers who used the Cl0p ransomware to extort money from foreign businesses, mainly in the United States and South Korea.Cyber News
June 16, 2021 – Government
Senate panel unanimously advances key Biden cyber nominees Full Text
Abstract
The Senate Homeland Security and Governmental Affairs Committee on Wednesday unanimously approved two of President Biden's nominees to serve in the nation's top cybersecurity positions.The Hill
June 16, 2021 – Policy and Law
Law enforcement raids ransomware group that counted US universities among its targets Full Text
Abstract
One of the group’s most notable incidents took place earlier this year when they attempted to extort major companies like Shell, Qualys, Jones Day, Flagstar and others who utilized the Accellion file transfer system.SCMagazine
June 16, 2021 – Hacker
Ferocious Kitten: 6 years of covert surveillance in Iran Full Text
Abstract
Interestingly, some of the TTPs used by this threat actor are reminiscent of other groups that are active against a similar set of targets, such as Domestic Kitten and Rampant Kitten.Kaspersky Labs
June 16, 2021 – Vulnerabilities
Cybersecurity vulnerability discovered in Peloton products Full Text
Abstract
A cybersecurity vulnerability in some Peloton bike products may have enabled hackers to install malware and potentially spy on riders, according to software security company McAfee.The Hill
June 16, 2021 – General
Corporate attack surfaces growing concurrently with a dispersed workforce Full Text
Abstract
Coupled with increased reliance on public cloud services and vulnerable enterprise VPNs, large organizations not using zero trust security became more vulnerable to network intrusion attacks.Help Net Security
June 16, 2021 – Malware
DirtyMoe: Introduction and General Overview of Modularized Malware Full Text
Abstract
The aim of this malware is focused on Cryptojacking and DDoS attacks. DirtyMoe is run as a Windows service under system-level privileges via EternalBlue and at least three other exploits.Avast
June 16, 2021 – Criminals
Ukraine Police Arrest Cyber Criminals Behind Clop Ransomware Attacks Full Text
Abstract
Ukrainian law enforcement officials on Wednesday announced the arrest of the Clop ransomware gang, adding it disrupted the infrastructure employed in attacks targeting victims worldwide since at least 2019. As part of a joint operation between the National Police of Ukraine and authorities from the Republic of Korea and the U.S., six defendants have been accused of running a double extortion scheme wherein victims refusing to pay a ransom were threatened with the leak of sensitive financial, customer, or personal data stolen from them prior to encrypting the files. The ransomware attacks amount to $500 million in monetary damages, the National Police said , noting that "law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies." Law enforcement officers are said to have conducted 21 searches in the Ukrainian capital and Kyiv region, including the homes of the defendanThe Hacker News
June 16, 2021 – Criminals
Ukraine arrests Clop ransomware gang members, seizes servers Full Text
Abstract
Ukrainian law enforcement arrested cybercriminals associated with the Clop ransomware gang and shut down infrastructure used in attacks targeting victims worldwide since at least 2019.BleepingComputer
June 16, 2021 – Denial Of Service
100% increase in daily DDoS traffic in 2020 as potential grows for 10 Tbps attack: Nokia Full Text
Abstract
An analysis by Nokia Deepfield found that there has been a massive increase in high-bandwidth, volumetric DDoS attacks, the majority of which originate from just a few dozen hosting companies.ZDNet
June 16, 2021 – Policy and Law
Ukrainian police say hackers who targeted US firms with ransomware have been uncovered Full Text
Abstract
Ukrainian police have identified a group of six hackers who engaged in ransomware targeting the servers of companies from South Korea and the U.S.The Hill
June 16, 2021 – Attack
Malware Attack on South Korean Entities Was Work of Andariel Group Full Text
Abstract
A malware campaign targeting South Korean entities that came to light earlier this year has been attributed to a North Korean nation-state hacking group called Andariel, once again indicating that Lazarus attackers are following the trends and their arsenal is in constant development . "The way Windows commands and their options were used in this campaign is almost identical to previous Andariel activity," Russian cybersecurity firm Kaspersky said in a deep-dive published Tuesday. Victims of the attack are in the manufacturing, home network service, media, and construction sectors. Designated as part of the Lazarus constellation, Andariel is known for unleashing attacks on South Korean organizations and businesses using specifically tailored methods created for maximum effectivity. In September 2019, the sub-group, along with Lazarus and Bluenoroff, was sanctioned by the U.S. Treasury Department for their malicious cyber activity on critical infrastructure. AndaThe Hacker News
June 16, 2021 – Business
NHS Test and Trace Bolsters its Cybersecurity Full Text
Abstract
NHS Test and Trace appoints UK cyber startup Risk Ledger to manage its supply chain risksInfosecurity Magazine
June 16, 2021 – Vulnerabilities
A flaw in Peloton Bike+ could allow hackers to control it Full Text
Abstract
A flaw in the Peloton Bike+ could be exploited by an attacker with initial physical access to gain root entry to the interactive tablet, taking complete control of the system. A vulnerability in the popular Peloton Bike+ could have allowed an attacker...Security Affairs
June 16, 2021 – General
5 Tips to Prevent and Mitigate Ransomware Attacks Full Text
Abstract
Ransomware attacks are increasing in frequency, and the repercussions are growing more severe than ever. Here are 5 ways to prevent your company from becoming the next headline.Threatpost
June 16, 2021 – Business
How FireEye attributed the SolarWinds hacking campaign to Russian spies Full Text
Abstract
The first revelations about the campaign, which hit nine government agencies and around 100 companies, came in December 2020, when FireEye disclosed that hackers had stolen its security testing tools.Cyberscoop
June 16, 2021 – Criminals
Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets Full Text
Abstract
As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets. "Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains," researchers from Proofpoint said in a write-up shared with The Hacker News. "Cybercriminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network." Besides angling for a piece of the illegal profits, the email and cloud security firm said it is currently tracking at least 10 different threat actors who play the role of "initial access facilitators" to supply affiliates and other cybercrime groups with an eThe Hacker News
June 16, 2021 – General
Football Fever Puts Password Security at Risk Full Text
Abstract
With Euro 2020 underway, research uncovers one million football-related passwordsInfosecurity Magazine
June 16, 2021 – Vulnerabilities
Instagram Flaw Allowed Anyone to View Private or Archived Posts, Stories of Users Without Following Them Full Text
Abstract
Researcher Mayur Fartade has found a vulnerability in Instagram that allowed anyone to access private accounts, viewing archived posts and stories without having to follow them.Security Affairs
June 16, 2021 – General
Most Ransomware Victims Are Hit Again After Paying Full Text
Abstract
In half of cases, victim organizations were attacked by the same groupInfosecurity Magazine
June 16, 2021 – Business
Web app and API protection startup ThreatX raises $10M to expand US operations Full Text
Abstract
Web application and API protection startup ThreatX Inc. revealed that it has raised $10 million in new Series B funding to accelerate business growth and expand U.S. operations.Silicon Angle
June 16, 2021 – IOT
IoT Supply Chain Bug Hits Millions of Cameras Full Text
Abstract
Critical vulnerability could allow attackers to eavesdrop on usersInfosecurity Magazine
June 16, 2021 – Solution
TimeCache aims to block side-channel cache attacks – without hurting performance Full Text
Abstract
Researchers from the University of Rochester have created TimeCache, an approach to system security claimed to protect against side-channel attacks without the usual deleterious impact on performance.The Register
June 16, 2021 – Criminals
Andariel Threat Group Evolves to Target South Korean Entities with Custom Ransomware Full Text
Abstract
The threat actor has been spreading the third stage payload from the middle of 2020 onwards and leveraged malicious Word documents and files mimicking PDF documents as infection vectors.Kaspersky Labs
June 16, 2021 – Business
Forcepoint Acquiring Deep Secure to Extend Portfolio Full Text
Abstract
The acquisition will allow Forcepoint to extend the capabilities of its Cross Domain Solutions portfolio to secure the critical data of governments in the United States and beyond.channelfutures
June 16, 2021 – Encryption
Can Homomorphic Encryption Bring Down The Curtain On POS Malware? Full Text
Abstract
In standard encryption, we need to decrypt the ciphertext to process data at a destination, but in this case, this encryption can work on the same ciphertext and produce the same output as clear text.Forbes
June 16, 2021 – Vulnerabilities
CISA Warns Manufacturers of ThroughTek P2P Vulnerability Which Could Leak to Data and Video Leakage Full Text
Abstract
CISA has released a new ICS advisory about a vulnerability found in a widely-used ThroughTek tool that gives attackers access to audio and video feeds as well as other sensitive information.ZDNet
June 16, 2021 – Government
Texas Joins Other States with New Texas Data Breach Notification Requirement: Is This a New Trend? Full Text
Abstract
The Texas Legislature pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law.The National Law Review
June 16, 2021 – Vulnerabilities
Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit (SDK) that could be abused by an adversary to gain improper access to audio and video streams. "Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds," CISA said in the alert. ThroughTek's point-to-point ( P2P ) SDK is widely used by IoT devices with video surveillance or audio/video transmission capability such as IP cameras, baby and pet monitoring cameras, smart home appliances, and sensors to provide remote access to the media content over the internet. Tracked as CVE-2021-32934 (CVSS score: 9.1), the shortcoming affects ThroughTek P2P products, versions 3.1.5 and before as well as SDK versions with nossl tag, and stems from a lack of sufficient protection when transferring data betweenThe Hacker News
June 16, 2021 – Malware
Cyberium malware-hosting domain employed in multiple Mirai variants campaigns Full Text
Abstract
A new variant of the Mirai botnet, tracked as Moobot, was spotted scanning the Internet for vulnerable Tenda routers. Researchers from AT&T Alien Lab have spotted a new variant of the Mirai botnet, tracked asu Moobot, which was scanning the Internet...Security Affairs
June 16, 2021 – Vulnerabilities
Peloton Bike+ vulnerability allowed complete takeover of devices Full Text
Abstract
A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone.BleepingComputer
June 15, 2021 – General
Hillicon Valley: Big Tech critic Lina Khan named chair of the FTC | Lawmakers urge Biden to be tough on cyber during summit with Putin | TSA working on additional security regulations following Colonial Pipeline hack Full Text
Abstract
Prominent tech critic Lina Khan was named chair of the Federal Trade Commission on Tuesday, following the bipartisan vote confirming her to the agency. Meanwhile, lawmakers on both sides of the aisle made the case for President BidenJoe BidenFormer Rep. Rohrabacher says he took part in Jan. 6 march to Capitol but did not storm building Saudis picked up drugs in Cairo used to kill Khashoggi: report Biden looking to build momentum for Putin meeting MORE to put recent cyberattacks high on his agenda to discuss with Russian President Vladimir PutinVladimir Vladimirovich PutinFormer Rep. Rohrabacher says he took part in Jan. 6 march to Capitol but did not storm building Biden looking to build momentum for Putin meeting Hillicon Valley: NATO members agree to new cyber defense policy | YouTube banning politics, elections in masthead ads | 50 groups urge Biden to fill FCC position to reinstate net neutrality rules MORE during their meeting this week, and a top TSA official teased a new cybersecurity directive for pipeline companies.The Hill
June 15, 2021 – Business
Deloitte acquires online antifraud firm Terbium Labs Full Text
Abstract
The startup creates digital fingerprints of sensitive data and uses machine learning to scan the open and dark web for signs of a breach.SCMagazine
June 15, 2021 – Government
Lawmakers urge Biden to be tough on cybersecurity during summit with Putin Full Text
Abstract
Lawmakers on both sides of the aisle on Tuesday urged President Biden to use his upcoming meeting with Russian President Vladimir Putin to strongly push back against recent Russia-linked cyberattacks.The Hill
June 15, 2021 – Government
State and local governments granted free access to timely, in-depth cyber intel Full Text
Abstract
Deloitte forges what it calls a “first-of-its-kind” relationship with MS-ISAC.SCMagazine
June 15, 2021 – Ransomware
Avaddon ransomware’s exit sheds light on victim landscape Full Text
Abstract
A new report analyzes the recently released Avaddon ransomware decryption keys to shed light on the types of victims targeted by the threat actors and potential revenue they generated throughout their operation.BleepingComputer
June 15, 2021 – Policy and Law
TSA working on additional pipeline security regulations following Colonial Pipeline hack Full Text
Abstract
The Transportation Security Administration (TSA) is working on an additional cybersecurity directive for pipeline companies in the wake of the ransomware attack on Colonial Pipeline.The Hill
June 15, 2021 – General
TSA offers peek at second pipeline directive Full Text
Abstract
At a joint hearing of the House Homeland Security subcommittees on transportation and cybersecurity, a representative of the Transportation Security Agency outlined what to expect from an upcoming security directive for oil and gas pipelines. The TSA is the agency tasked with pipeline security. After the Colonial Pipeline ransomware incident, it took a landmark step…SCMagazine
June 15, 2021 – Attack
Fujifilm restores operations after recent ransomware attack Full Text
Abstract
Japanese multinational conglomerate Fujifilm announced that it has restored operations following the recent ransomware attack. On June 4, the Japanese multinational conglomerate Fujifilm announced that it was hit by a ransomware attack and shut down...Security Affairs
June 15, 2021 – Solution
UChecker tool from CloudLinux scans Linux servers Full Text
Abstract
For security administrators, the tool covers more than one Linux distribution in a scripted fashion.SCMagazine
June 15, 2021 – Privacy
Millions of Connected Cameras Open to Eavesdropping Full Text
Abstract
A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.Threatpost
June 15, 2021 – APT
Microsoft Defender ATP now warns of jailbroken iPhones, iPads Full Text
Abstract
Microsoft has added support for detecting jailbroken iOS devices to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus.BleepingComputer
June 15, 2021 – Attack
Verizon, water agency targeted in Chinese cyber espionage campaign: report Full Text
Abstract
Verizon and one of the country’s largest water agencies were reportedly included among the groups targeted in the hacking of Pulse Connect Secure devices, a hack blamed on China that came to light in April.The Hill
June 15, 2021 – Government
US, EU establish trade and technology council to compete with China Full Text
Abstract
The United States and European Union on Tuesday formally established a Trade and Technology Council (TTC) to coordinate on critical technology issues such as the development of semiconductors, research into emerging fields, and securing supply chains.The Hill
June 15, 2021 – General
C-suites adapt to ransomware as a cost of doing business Full Text
Abstract
Tangible impacts to corporate earnings, combined with the multi-million dollar ransom payouts by Colonial Pipeline and JBS, demonstrate a reality that more and more in the cybersecurity community are beginning to acknowledge: Ransomware is emerging as a cost of doing business, grabbing the attention not just of security leaders, but the entire C-suite, boards, and even Wall Street investors.SCMagazine
June 15, 2021 – Ransomware
The source code of the Paradise Ransomware was leaked on XSS hacking forum Full Text
Abstract
The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors...Security Affairs
June 15, 2021 – Malware
TeaBot Trojan Spreads via Fake Antivirus Apps Full Text
Abstract
Malware actors increasingly luring victims under the pretense of popular apps and brands. A malware infection impersonating Kaspersky’s antivirus product for Android was launched attacks against its users via third-party app marketplaces.Cyware Alerts - Hacker News
June 15, 2021 – Policy and Law
“Homeless Hacker” Arrested Full Text
Abstract
Alleged Santa Cruz County DDoS attacker arrested in Mexico after years on the runInfosecurity Magazine
June 15, 2021 – Policy and Law
Marketplace Selling Stolen Credentials Is Dismantled Full Text
Abstract
International operation takes down virtual Slilpp store selling over 80 million allegedly stolen credentialsInfosecurity Magazine
June 15, 2021 – Ransomware
Source code for Paradise ransomware leaked on hacking forums Full Text
Abstract
The code, which was shared on a Russian-speaking forum called XSS, represents the second major ransomware strain whose source code was leaked in recent years after the Dharma code leak in early 2020.The Record
June 15, 2021 – Malware
Moobot Targeting Tenda Router Bugs for Distribution Full Text
Abstract
Underground malware domain Cyberium was spotted hosting an active Mirai variant to exploit an RCE in Tenda routers. Experts found several campaigns going back to as early as May 2020. It has been in action for the past year and appears to be still active.Cyware Alerts - Hacker News
June 15, 2021 – Ransomware
Paradise Ransomware source code released on a hacking forum Full Text
Abstract
The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation.BleepingComputer
June 15, 2021 – Criminals
Iranian State-Sponsored Cybercriminal Hacked Former Israeli Defense Chief Full Text
Abstract
Yaser Balaghi, a cybercriminal working for Iran attacked the computer of a former IDF chief of staff and gained access to his entire computer database, says Times of Israel.Softpedia
June 15, 2021 – Ransomware
Experts Shed Light On Distinctive Tactics Used by Hades Ransomware Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures (TTPs) adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER . "In many ways, the GOLD WINTER threat group is a typical post-intrusion ransomware threat group that pursues high-value targets to maximize how much money it can extort from its victims," researchers from SecureWorks Counter Threat Unit (CTU) said in an analysis shared with The Hacker News. "However, GOLD WINTER's operations have quirks that distinguish it from other groups." The findings come from a study of incident response efforts the Atlanta-based cybersecurity firm engaged in the first quarter of 2021. Since first emerging in the threat landscape in December 2020, Hades has been classified as INDRIK SPIDER's successor to WastedLocker ransomware with "additional code oThe Hacker News
June 15, 2021 – Privacy
IKEA Fined $1.2m for Spying on Employees Full Text
Abstract
French court fines Swedish furnishing giant and hands former IKEA France boss suspended prison sentenceInfosecurity Magazine
June 15, 2021 – General
Protecting the Critical of Critical: What Is Systemically Important Critical Infrastructure? Full Text
Abstract
The U.S. government does not have a reliable method to identify, support, and secure the most “critical of critical” infrastructure. But, the Cyberspace Solarium Commission’s 2020 report addresses just that.Lawfare
June 15, 2021 – Criminals
Former NSA contractor Reality Winner who leaked gov report will be released on November Full Text
Abstract
Reality Winner, a former NSA contractor who leaked classified documents to the press in 2017, has been released from prison to home confinement. Reality Winner is a former NSA intelligence contractor who leaked a classified hacking report to the press...Security Affairs
June 15, 2021 – Malware
Malicious PDFs Flood the Web, Lead to Password-Snarfing Full Text
Abstract
SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware.Threatpost
June 15, 2021 – Breach
Largest US propane distributor discloses ‘8-second’ data breach Full Text
Abstract
America's largest propane provider, AmeriGas, has disclosed a data breach that lasted ephemerally but impacted 123 employees and one resident. AmeriGas servers over 2 million customers in all 50 U.S. states and has over 2,500 distribution locations.BleepingComputer
June 15, 2021 – Ransomware
Unique TTPs link Hades ransomware to new threat group Full Text
Abstract
Researchers claim to have discovered the identity of the operators of Hades ransomware, exposing the distinctive tactics, techniques, and procedures (TTPs) they employ in their attacks.CSO Online
June 15, 2021 – Vulnerabilities
Instagram Bug Allowed Anyone to View Private Accounts Without Following Them Full Text
Abstract
Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. "This bug could have allowed a malicious user to view targeted media on Instagram," Mayur Fartade said in a Medium post today. "An attacker could have been able to see details of private/archived posts, stories, reels, IGTV without following the user using Media ID." Fartade disclosed the issue to Facebook's security team on April 16, 2021, following which the shortcoming was patched on June 15. He was also awarded $30,000 as part of the company's bug bounty program. Although the attack requires knowing the media ID associated with an image, video, or album, by brute-forcing the identifiers, Fartade demonstrated that it was possible to craft a POST request to a GraphQL endpoint and retrieve sensitive data. As a consequence of the flaw, details such as like/comment/save count, display_url, and image.uri cThe Hacker News
June 15, 2021 – Government
NATO Warns it Will Consider a Military Response to Cyber-Attacks Full Text
Abstract
NATO has issued a communique stating it will consider invoking Article 5 in response to cyber-attacks on a case by case basisInfosecurity Magazine
June 15, 2021 – Privacy
Instagram flaw allowed to see private, archived Posts/Stories of users without following them Full Text
Abstract
Instagram has addressed a new flaw that allowed anyone to access private accounts viewing archived posts and stories without having to follow them. Researcher Mayur Fartade has found a vulnerability in Instagram that allowed anyone to access private...Security Affairs
June 15, 2021 – Phishing
Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign Full Text
Abstract
Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations.Threatpost
June 15, 2021 – Phishing
Google Workspace adds new phishing protection, client-side encryption Full Text
Abstract
Google Workspace (formerly G Suite) has been updated with client-side encryption and new Google Drive phishing and malware content protection.BleepingComputer
June 15, 2021 – Business
Zero trust networking startup Elisity raises $26M Full Text
Abstract
Elisity today announced that it raised $26 million in its Series A funding round led by Two Bear Capital and AllegisCyber Capital, with participation from Atlantic Bridge.Venture Beat
June 15, 2021 – General
Fake Online Reviews Linked to $152 Billion in Global Purchases Full Text
Abstract
Around 4% of internet reviews are fakes, undermining trust in e-commerceInfosecurity Magazine
June 15, 2021 – Hacker
Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web Full Text
Abstract
The MASQ tool could be used by attackers to emulate device fingerprints thus allowing them to bypass fraud protection controls The Resecurity® HUNTER unit has identified a new tool available for sale in the Dark Web called MASQ, enabling bad actors...Security Affairs
June 15, 2021 – Insider Threat
Insider Risks In the Work-From-Home World Full Text
Abstract
Forcepoint’s Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk, particularly with pandemic-expanded network perimeters.Threatpost
June 15, 2021 – Vulnerabilities
Apple fixes ninth zero-day bug exploited in the wild this year Full Text
Abstract
Apple has fixed two iOS zero-day vulnerabilities that "may have been actively exploited" to hack into older iPhone, iPad, and iPod devices.BleepingComputer
June 15, 2021 – Breach
Cyber Analytics Firm Cognyte’s Unsecured Database Exposes 5 Billion Records Online Full Text
Abstract
A researcher recently discovered online an unsecured database operated by cybersecurity analytics firm Cognyte that left some 5 billion records collected from a range of data incidents exposed online.Dark Reading
June 15, 2021 – General
Third of Staff Use Security Workarounds at Home Full Text
Abstract
Younger employees are most likely to engage in risky online behaviorInfosecurity Magazine
June 15, 2021 – Criminals
REvil ransomware gang hit US nuclear weapons contractor Sol Oriens Full Text
Abstract
The REvil ransomware gang made the headlines again, the group hit the US nuclear weapons contractor Sol Oriens and stole the victim's data. US nuclear weapons contractor Sol Oriens was hit by a cyberattack carried out by the REvil ransomware operators,...Security Affairs
June 15, 2021 – General
SASE & Zero Trust: The Dream Team Full Text
Abstract
Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real.Threatpost
June 15, 2021 – Government
IRS, GAO at odds over cybersecurity requirements on tax preparers Full Text
Abstract
The government watchdog recommended the IRS establish a security structure for tax preparers in a 2019 report, but the agency contended Congress would need to take action to give the IRS more power.Cyberscoop
June 15, 2021 – Attack
No Two REvil Attacks Are the Same, Experts Warn Full Text
Abstract
The ransomware affiliate model drives a challenging variety of threats for defenders to tackleInfosecurity Magazine
June 15, 2021 – Business
Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data Full Text
Abstract
Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles.Threatpost
June 15, 2021 – Breach
Seattle-based SEIU 775 Benefits Group Reports Data Breach Affecting 140,000 Individuals Full Text
Abstract
SEIU 775, a Seattle-based benefits administrator for unionized home healthcare and nursing home workers has reported a hacking incident affecting 140,000 people that involved deleting certain data.Gov Info Security
June 14, 2021 – Vulnerabilities
Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild Full Text
Abstract
Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update, iOS 12.5.4 , comes with three security fixes, including a memory corruption issue in the ASN.1 decoder (CVE-2021-30737) and two flaws concerning the WebKit browser engine that could be abused to achieve remote code execution — CVE-2021-30761 - A memory corruption issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was addressed with improved state management. CVE-2021-30762 - A use-after-free issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was resolved with improved memory management. Both CVE-2021-30761 and CVE-2021-30762 were reported to Apple anonymously, with the Cupertino-based company stating in its advisory that it's aware of reports that the vThe Hacker News
June 14, 2021 – Attack
REvil ransomware hits US nuclear weapons contractor Full Text
Abstract
US nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly at the hands of the REvil ransomware gang, which claims to be auctioning data stolen during the attack.BleepingComputer
June 14, 2021 – Vulnerabilities
Security Vulnerability in Facebook’s Messenger Rooms Could Expose Users’ Private Photos and Videos Full Text
Abstract
A security vulnerability in Facebook’s Messenger Rooms video chat feature meant attackers could access a victim’s private Facebook photos and videos, and submit posts, via their locked Android screen.The Daily Swig
June 14, 2021 – General
Hillicon Valley: NATO members agree to new cyber defense policy | YouTube banning politics, elections in masthead ads | 50 groups urge Biden to fill FCC position to reinstate net neutrality rules Full Text
Abstract
NATO member states, including the U.S., agreed to a new cyber defense policy that could lead to more consequences for cyberattacks by adversary nations. Meanwhile, YouTube announced a ban on certain political ads, and dozens of advocacy groups pressed President BidenJoe BidenBiden prepares to confront Putin Ukrainian president thanks G-7 nations for statement of support Biden aims to bolster troubled Turkey ties in first Erdoğan meeting MORE to nominate a candidate to fill an open spot at the Federal Communications Commission in order to bring back net neutrality.The Hill
June 14, 2021 – Encryption
Google Workspace Now Offers Client-side Encryption For Drive and Docs Full Text
Abstract
Google on Monday announced that it's rolling out client-side encryption to Google Workspace (formerly G Suite), thereby giving its enterprise customers direct control of encryption keys and the identity service they choose to access those keys. "With client-side encryption, customer data is indecipherable to Google, while users can continue to take advantage of Google's native web-based collaboration, access content on mobile devices, and share encrypted files externally," the search giant said . "When combined with our other encryption capabilities, customers can add new levels of data protection for their Google Workspace data." The development coincides with the Google Workspace and Google Chat's broader availability to all users with a Google account. Workspace is the company's enterprise offering consisting of Gmail, Chat, Calendar, Drive, Docs, Sheets, Slides, Meet, and other tools. Businesses using Google Workspace have the choice oThe Hacker News
June 14, 2021 – Vulnerabilities
VW Vendor Leaves Data Unsecured Full Text
Abstract
Breach of unsecured data stored by Volkswagen vendor affects 3.3 million people in North AmericaInfosecurity Magazine
June 14, 2021 – Government
Congress Has Already Authorized the President to Require Reporting of Foreign Cyberattacks Full Text
Abstract
Congress long ago gave the president broad authority under the International Emergency Economic Powers Act to require record-keeping and reporting on foreign cyberattacks.Lawfare
June 14, 2021 – Vulnerabilities
Apple fixed 2 WebKit flaws exploited to target older iPhones Full Text
Abstract
Apple released an out-of-band iOS update for older iPhones and iPads and warned that threat actors are actively exploiting two flaws in WebKit. Apple released an out-of-band iOS update ( iOS 12.5.4 patch) for older iPhones and iPad, the IT giant...Security Affairs
June 14, 2021 – General
Online map visualizes the widespread presence of automated ransomware Full Text
Abstract
Sourced via open port scanning, map data serves as a reminder for companies to ensure that their security perimeters are secured.SCMagazine
June 14, 2021 – Ransomware
G7 leaders ask Russia to hunt down ransomware gangs within its borders Full Text
Abstract
G7 (Group of 7) leaders have asked Russia to urgently disrupt ransomware gangs believed to be operating within its borders, following a stream of attacks targeting organizations from critical sectors worldwide.BleepingComputer
June 14, 2021 – Business
Cyber resilience company Immersive Labs announces $75 million Series C round Full Text
Abstract
Cybersecurity readiness firm Immersive Labs has announced a $75 million Series C round, with investments from Citi Ventures, Menlo Ventures, and follow-on from Goldman Sachs Asset Management.ZDNet
June 14, 2021 – Government
NATO members agree to new cyber defense policy Full Text
Abstract
The United States and other North Atlantic Treaty Organization nations endorsed a new cyber defense policy Monday as part of the NATO summit in Brussels.The Hill
June 14, 2021 – Attack
NoxPlayer Supply-Chain Attack is Likely the Work of Gelsemium Hackers Full Text
Abstract
A new cyber espionage group named Gelsemium has been linked to a supply chain attack targeting the NoxPlayer Android emulator that was disclosed earlier this year. The findings come from a systematic analysis of multiple campaigns undertaken by the APT crew, with evidence of the earliest attack dating back all the way to 2014 under the codename Operation TooHash based on malware payloads deployed in those intrusions. "Victims of these campaigns are located in East Asia as well as the Middle East and include governments, religious organizations, electronics manufacturers and universities," cybersecurity firm ESET said in an analysis published last week. "Gelsemium's whole chain might appear simple at first sight, but the exhaustive configurations, implanted at each stage, modify on-the-fly settings for the final payload, making it harder to understand." Targeted countries include China, Mongolia, North and South Korea, Japan, Turkey, Iran, Iraq, SaudiThe Hacker News
June 14, 2021 – Attack
REvil Claims Responsibility for Invenergy Hack Full Text
Abstract
Ransomware group that attacked JBS says it also hacked Chicago-based clean energy companyInfosecurity Magazine
June 14, 2021 – Phishing
Microsoft experts disrupted a large-scale BEC campaign Full Text
Abstract
Microsoft disrupted a large-scale business email compromise (BEC) campaign that used forwarding rules to access messages related to financial transactions. Microsoft researchers announced to have disrupted the cloud-based infrastructure used by crooks...Security Affairs
June 14, 2021 – Business
ServiceNow partners with ZScaler for remote access security Full Text
Abstract
Amit Raikar, vice president of technology alliances and business development at ZScaler, said the new integrations will enable ServiceNow users to access only company-owned devices. And by setting appropriate policies, ServiceNow users will only have access to the data they need to do their jobs.SCMagazine
June 14, 2021 – Phishing
Microsoft: Scammers bypass Office 365 MFA in BEC attacks Full Text
Abstract
Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise (BEC) campaign.BleepingComputer
June 14, 2021 – Vulnerabilities
Codecov to retire the Bash script responsible for supply chain attack wave Full Text
Abstract
The San Francisco-based DevOps tool provider said in a blog post that the new NodeJS-based uploader will be shipped as a static binary executable suitable for Windows, Linux, Alpine Linux, and macOS.ZDNet
June 14, 2021 – General
Cybersecurity Executive Order 2021: What It Means for Cloud and SaaS Security Full Text
Abstract
In response to malicious actors targeting US federal IT systems and their supply chain, the President released the " Executive Order on Improving the Nation's Cybersecurity (Executive Order)." Although directed at Federal departments and agencies, the Executive Order will likely have a ripple effect through the Federal technology supply stream. Private companies and enterprises will look to the Executive Order to build their best practices. At a high level, the Executive Order includes information-sharing requirements, a push toward cloud and Zero Trust architectures, and enhancing transparency throughout the software supply chain. Understanding the fundamentals of the White House Executive Order on Improving the Nation's Cybersecurity The bulk of the Executive Order focuses on administrative tasks associated with it, including redefining contract language, setting timelines, and defining agency roles and responsibilities. For enterprises that don't supply technologThe Hacker News
June 14, 2021 – Criminals
Biden Opposes Conditional Handover of Cyber-criminals Full Text
Abstract
Biden snuffs out Putin’s proposal to agree to conditional handover of cyber-criminals between Russia and USInfosecurity Magazine
June 14, 2021 – Malware
SEO poisoning campaign aims at delivering RAT, Microsoft warns Full Text
Abstract
Microsoft spotted a series of attacks that use SEO poisoning to deliver a remote access trojan (RAT) used by threat actors to steal sensitive data. Microsoft is monitoring a wave of cyber attacks that leverages SEO poisoning to deliver a remote access...Security Affairs
June 14, 2021 – Criminals
One of ransomware’s top negotiators would rather you not have to hire him Full Text
Abstract
Kurtis Minder, CEO of threat intelligence firm GroupSense, has received a lot of press as a top negotiator in ransomware cases. But he’d rather you not hire him to negotiate. Instead, he says, he’d much rather you stop the ransomware attack before you’d ever need to call him in.SCMagazine
June 14, 2021 – Malware
Microsoft: SEO poisoning used to backdoor targets with malware Full Text
Abstract
Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan (RAT) capable of stealing the victims' sensitive info and backdooring their systems.BleepingComputer
June 14, 2021 – General
SEC Plans Rules on Climate Disclosures, Cyber Risks This Fall (1) Full Text
Abstract
The SEC is also looking to shore up public companies’ disclosures on how they oversee cybersecurity risks, according to another new item on its rulemaking agenda. A proposal is expected by October.Bloomberg Law
June 14, 2021 – General
54% of Senior Executives Struggling to Keep up with Threat Landscape Full Text
Abstract
Organizations are at higher risk of cyber-attacks due to shifting to remote work, according to Fujitsu reportInfosecurity Magazine
June 14, 2021 – Government
G7 calls on Russia to dismantle operations of ransomware gangs within its borders Full Text
Abstract
The member states of the G7 group have called on Russia and other states to dismantle operations of the ransomware gangs operating within their countries. G7 member states have called on Russia and other states to dismantle operations of ransomware...Security Affairs
June 14, 2021 – Attack
Fujifilm resumes normal operations after ransomware attack Full Text
Abstract
Japanese multinational conglomerate Fujifilm says that it has resumed normal business and customer operations following a ransomware attack that forced it to shut the entire network on June 4.BleepingComputer
June 14, 2021 – Malware
Malware hosting domain Cyberium fanning out Mirai variants Full Text
Abstract
AT&T Alien Labs observed Moobot, a Mirai variant botnet, scanning for known but uncommon vulnerabilities in Tenda routers and also discovered a malware-hosting domain distributing few Mirai variants.AT&T Cybersecurity
June 14, 2021 – Government
Government Wants Startups to Build a More Secure Nation Full Text
Abstract
Applications are now open for NCSC for Startups programInfosecurity Magazine
June 14, 2021 – Denial Of Service
Major blackouts across Puerto Rico. Are the DDoS and the fire linked? Full Text
Abstract
A fire and cyberattack hit an electrical substation for the electricity provider Luma Energy, causing major blackouts across Puerto Rico. A large fire at the Luma's Monacillo electrical substation in San Juan for Puerto Rico's new electricity provider,...Security Affairs
June 14, 2021 – Government
G7 Turns Up the Heat on Putin Over Ransomware Attacks Full Text
Abstract
Leaders urge Russia to hold cyber-criminals to accountInfosecurity Magazine
June 14, 2021 – Phishing
Global Police Close Record Number of Fake Pharma Sites Full Text
Abstract
Operation also leads to seizure of $9m in counterfeit pills and devicesInfosecurity Magazine
June 13, 2021 – Criminals
Chinese Hackers Believed to be Behind Second Cyberattack on Air India Full Text
Abstract
Even as a massive data breach affecting Air India came to light the previous month, India's flag carrier airline appears to have suffered a separate cyber assault that lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41. Group-IB dubbed the campaign "ColunmTK" based on the names of command-and-control (C2) server domains that were used for facilitating communications with the compromised systems. "The potential ramifications of this incident for the entire airline industry and carriers that might yet discover traces of ColunmTK in their networks are significant," the Singapore-headquartered threat hunting company said . While Group-IB alluded that this may have been a supply chain attack targeting SITA, the Swiss aviation information technology company told The Hacker News that they are two different security incidents.The Hacker News
June 13, 2021 – Policy and Law
Interpol shuts down thousands of fake online pharmacies Full Text
Abstract
The Interpol (International Criminal Police Organisation) has taken down thousands of online marketplaces that posed as pharmacies and pushed dangerous fake and illicit drugs and medicine.BleepingComputer
June 13, 2021 – Government
G-7 agrees to fight forced labor, ransomware, corruption Full Text
Abstract
Group of Seven (G-7) leaders on Sunday announced their commitments to cutting forced labor practices out of global supply chains in a shot at China, as well as efforts to stop ransomware attacks and root out corruption.The Hill
June 13, 2021 – APT
BackdoorDiplomacy APT targets diplomats from Africa and the Middle East Full Text
Abstract
ESET researchers discovered an advanced persistent threat (APT) group, tracked as BackdoorDiplomacy, that is targeting diplomats across Africa and the Middle East. ESET researchers spotted a new state-sponsored group, dubbed BackdoorDiplomacy,...Security Affairs
June 13, 2021 – General
APWG: Phishing maintained near-record levels in the first quarter of 2021 Full Text
Abstract
The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first...Security Affairs
June 13, 2021 – General
Security Affairs newsletter Round 318 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. REvil Ransomware...Security Affairs
June 12, 2021 – Cryptocurrency
Fresh Crypto Attacks Targeting Kubernetes Clusters Full Text
Abstract
Microsoft is warning against a new adversarial campaign that attempts to hijack Azure’s machine learning infrastructure to deploy cryptomining workloads. The recent attacks show how cybercriminals are increasingly targeting Kubernetes clusters and their surrounding ecosystem.Cyware Alerts - Hacker News
June 12, 2021 – Breach
Audi, Volkswagen data breach affects 3.3 million customers Full Text
Abstract
Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet.BleepingComputer
June 12, 2021 – Breach
McDonald’s discloses data breach in US, Taiwan and South Korea Full Text
Abstract
McDonald's fast-food chain disclosed a data breach, hackers have stolen information belonging to customers and employees from the US, South Korea, and Taiwan. McDonald's, the world's largest restaurant chain by revenue, has disclosed a data breach...Security Affairs
June 12, 2021 – Breach
Intuit notifies customers of hacked TurboTax accounts Full Text
Abstract
Financial software company Intuit has notified TurboTax customers that some of their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks.BleepingComputer
June 12, 2021 – Breach
Volkswagen discloses data breach, 3.3 million customers impacted Full Text
Abstract
Volkswagen America discloses a data breach at a third-party vendor that exposed the personal details of more than 3.3 million of its customers. Volkswagen America discloses a data breach suffered by a third-party vendor used by the car vendor for sales...Security Affairs
June 12, 2021 – Solution
Codecov ditches Bash Uploader for a NodeJS executable Full Text
Abstract
Codecov has now introduced a new cross-platform uploader meant to replace its former Bash Uploader. The new uploader is available as a static binary executable currently supporting the Windows, Linux, and macOS operating systems. However, some have raised concerns with the new uploader and the many dependencies it contains.BleepingComputer
June 12, 2021 – Vulnerabilities
CVE-2021-3560 flaw in polkit auth system service affects most of Linux distros Full Text
Abstract
An authentication bypass flaw in the polkit auth system service used on most Linux distros can allow to get a root shell. An authentication bypass vulnerability in the polkit auth system service, tracked as CVE-2021-3560, which is used on most...Security Affairs
June 12, 2021 – Attack
Details Emerge on How Gaming Giant EA Was Hacked Full Text
Abstract
The group stole the source code for FIFA 21 and related tools that match players with other players, as well as the source code for the Frostbite engine that powers games like Battlefield and other internal game development tools.Dark Reading
June 12, 2021 – Attack
Ransomware attack hit Teamsters in 2019 — but they refused to pay Full Text
Abstract
Unlike many of the companies hit by high-profile ransomware attacks in recent months, the union declined to pay, despite the FBI's advice to do so, three sources familiar with the previously unreported cyberattack told NBC News.NBC News
June 12, 2021 – Government
Italy Sets Up Cybersecurity Agency After Russia Warnings Full Text
Abstract
Italy has created a national cybersecurity agency following warnings by Prime Minister Mario Draghi that Europe needed to protect itself from Russian "interference." The new agency was approved in a cabinet meeting this week.Security Week
June 12, 2021 – Vulnerabilities
GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability Full Text
Abstract
The vulnerability, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions.Security Week
June 12, 2021 – Government
UK tells UN that nation-states should retaliate against cyber badness with no warning Full Text
Abstract
A statement made by UK diplomats to the UN's Group of Governmental Experts on Advancing Responsible State Behaviour in the Context of International Security (UN GGE) called for international law to permit retaliation for cyberattacks with no notice.The Register
June 11, 2021 – Attack
Motives for ransomware attack against nuclear contractor Sol Oriens remain unclear Full Text
Abstract
Sol Oriens’ work around nuclear weapons raises concerns about the implications of a ransomware attack, though most experts still believe the motivations are financial.SCMagazine
June 11, 2021 – Criminals
Avaddon ransomware gang shuts down their operations and releases decryption keys Full Text
Abstract
The Avaddon ransomware gang has shut down its operations and released the decryption keys to allow victims to recover their files for free. Good news for the victims of the Avaddon ransomware gang, the cybercrime group has shut down its operations...Security Affairs
June 11, 2021 – Ransomware
The Week in Ransomware - June 11th 2021 - Under Pressure Full Text
Abstract
It has been quite the week when it comes to ransomware, with ransoms being paid, ransoms being taken back, and a ransomware gang shutting down.BleepingComputer
June 11, 2021 – General
Hillicon Valley: House targets tech giants with antitrust bills | Oversight chair presses JBS over payment to hackers | Trump spokesman to join tech company | YouTube suspends GOP senator Full Text
Abstract
Top lawmakers on the House Judiciary Antitrust Subcommittee released a long-awaited antitrust agenda including five bills aimed at reining in the power of tech giants. Meanwhile, House Oversight and Reform Committee Chair Carolyn MaloneyCarolyn MaloneyOvernight Health Care: Fauci urges vaccination to protect against Delta variant | White House: 'Small fraction' of COVID-19 vaccine doses will be unused Tlaib, Democrats slam GOP calls for border oversight to fight opioid crisis Maloney presses for action on bill focused on accountability in opioid crisis MORE (D-N.Y.) is pressing JBS USA to explain why it paid $11 million in ransom to a criminal group, and longtime Trump aide Jason Miller is on the move and will be taking a job at a tech start-up.The Hill
June 11, 2021 – Government
How far apart are the US and Russia from agreeing to cyber rules? Full Text
Abstract
Harvard’s Belfer Center on Friday published a unique paper where U.S. and Russian researchers separately explained their nation’s perspective on a potential negotiation, what both sides actually want, and what would benefit both sides. SC Media spoke to one of the featured researchers.SCMagazine
June 11, 2021 – Breach
Notification no-nos: What to avoid when alerting customers of a breach Full Text
Abstract
Experts revealed to SC Media what they believe are some of the biggest errors companies can make when notifying the public of a breach, from revealing too little or too much, to scapegoating or downplaying the incident.SCMagazine
June 11, 2021 – Vulnerabilities
Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC Full Text
Abstract
A trio of security flaws open the door to remote-code execution and a malware tsunami.Threatpost
June 11, 2021 – Attack
Teamsters refused to pay a ransomware attack in 2019 Full Text
Abstract
The Teamsters labor union was hit with a ransomware attack in 2019 but refused to pay the seven-figure payment demanded by hackers, despite being advised by the FBI to do so, a Teamsters spokesperson confirmed to The Hill.The Hill
June 11, 2021 – General
Cloud Security Alliance releases new security guidance for telehealth organizations Full Text
Abstract
Developed by the CSA’s Health Information Management Working Group, the Telehealth Risk Management publication offers best practices for the creation, storage, use, sharing, archiving, and potential destruction of data in three specific domains: governance, privacy, and security.SCMagazine
June 11, 2021 – General
CEO-Level Guide to Prevent Data Hacking Technologies & Incidents Full Text
Abstract
The current era, where all data is digital, the threats of fraud, breach and data sprawl are more of a reality than ever. In these times, organizations not only take a hit because of the breached data and cyber threats, but also are heavily fined...Security Affairs
June 11, 2021 – Policy and Law
Security company exec and founder charged with facilitating cyber attack on Georgia hospital Full Text
Abstract
Organizations often look to cybersecurity companies to protect them, but the Department of Justice and prosecutors in Georgia are pursuing criminal charges against a executive of a security company for aiding an alleged cyberattack on a Georgia medical center in 2018.SCMagazine
June 11, 2021 – Breach
Hackers steal game source code from EA Full Text
Abstract
Popular video game maker Electronic Arts (EA) recently suffered a breach by hackers who stole data including game source code.The Hill
June 11, 2021 – Denial Of Service
Fancy Lazarus is Active with Ransom DDoS Attacks Full Text
Abstract
Proofpoint reported about a new DDoS extortion activity by a threat actor group called Fancy Lazarus. It was observed extorting funds from various organizations operating in the energy, financial, and manufacturing sectors, among others.Cyware Alerts - Hacker News
June 11, 2021 – Policy and Law
COO Charged in Georgia Hospital Cyber-attack Full Text
Abstract
Federal grand jury indicts security startup COO over 2018 attack on Gwinnett Medical CenterInfosecurity Magazine
June 11, 2021
US Launches National AI Task Force Full Text
Abstract
Biden administration creates national artificial intelligence research resource task forceInfosecurity Magazine
June 11, 2021 – Attack
Monumental Supply-Chain Attack on Airlines Traced to State Actor Full Text
Abstract
Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks.Threatpost
June 11, 2021 – Policy and Law
Police Grab Slilpp, Biggest Stolen-Logins Market Full Text
Abstract
There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.Threatpost
June 11, 2021 – Attack
Gelsemium Group Linked to NoxPlayer Supply-Chain Attack Full Text
Abstract
Experts took the wraps off of activities of Gelsemium APT, which uses state-of-the-art supply chain attack techniques against targets, including electronics manufacturers, in East Asia and the Middle East. Its attack strategy indicates that the group is predetermined about its targets and cou ... Read MoreCyware Alerts - Hacker News
June 11, 2021 – Breach
Baby Clothes Giant Carter’s Leaks 410K Customer Records Full Text
Abstract
Purchase automation software delivered shortened URLs without protections.Threatpost
June 11, 2021 – General
How the FBI Recovered Bitcoin Ransom Paid to Darkside Ransomware Gang Full Text
Abstract
The DOJ has seized approximately $2.3 million ransom amount in BTC paid to DarkSide by Colonial Pipeline last month. The FBI used a bitcoin private key to prevent the transaction.Cyware Alerts - Hacker News
June 11, 2021 – Attack
REvil Hits US Nuclear Weapons Contractor: Report Full Text
Abstract
“We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)” REvil reportedly wrote.Threatpost
June 11, 2021 – Attack
Diving Into the Roots of the Relentless Ransomware Catastrophe Full Text
Abstract
The REvil ransomware gang recently attacked JBS, the world’s largest meat processing company. The attack forced the company to shut down its Australian and North American IT systems.Cyware Alerts - Hacker News
June 11, 2021 – Breach
McDonald’s Suffers Data Breach Full Text
Abstract
Burger chain breach impacts US operations and employees and diners in South Korea and TaiwanInfosecurity Magazine
June 11, 2021 – Government
Italy announced its Cybersecurity Agency Full Text
Abstract
Italy announced the creation of the national cybersecurity agency, a move aimed at increase the level of cyber security of its infrastructure The Italian government has announced the creation of a new agency focused on cybersecurity, Prime Minister...Security Affairs
June 11, 2021 – General
Fighting Insider Abuse After Van Buren Full Text
Abstract
A win for civil libertarians does not mean a loss for data owners.Lawfare
June 11, 2021 – Breach
McDonald’s discloses data breach after theft of customer, employee info Full Text
Abstract
McDonald's, the largest fast-food chain globally, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan.BleepingComputer
June 11, 2021 – Breach
Cyberpunk 2077 Hacked Data Circulating Online Full Text
Abstract
CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer.Threatpost
June 11, 2021 – Breach
Iranian Hackers Compromise Websites of a US Federal Library and an African Bank Full Text
Abstract
Hackers claiming to be from Iran attacked the websites of Sierra Leone Commercial African Bank and the United States Federal Depository Library Program and posted pro-Iranian comments and graphics.Softpedia
June 11, 2021 – Criminals
Avaddon ransomware shuts down and releases decryption keys Full Text
Abstract
The Avaddon ransomware gang has shut down operation and released the decryption keys for their victims to BleepingComputer.com.BleepingComputer
June 11, 2021 – Breach
Cybercriminals Steal Some McDonald’s U.S. Business Information and Customer Data in South Korea and Taiwan Full Text
Abstract
Hackers stole data, including customer emails, phone numbers, and addresses, from McDonald’s computer systems in the U.S., South Korea, and Taiwan, according to the Wall Street Journal.Axios
June 11, 2021 – Breach
Update: Internal data from breach circulating online -CD Projekt Full Text
Abstract
Internal company data leaked during a February security breach is now being circulated on the internet, Polish video games maker CD Projekt said in a statement published on Thursday.Reuters
June 11, 2021 – Vulnerabilities
Google fixes actively exploited Chrome zero‑day Full Text
Abstract
Google has rolled out an update for its Chrome web browser to fix a bunch of security flaws, including a zero-day vulnerability that is known to be actively exploited by threat actors.ESET Security
June 11, 2021 – General
Oversight chair presses JBS on why it paid ransom over cyberattack Full Text
Abstract
The chairwoman of the House Oversight and Reform Committee is pressing JBS USA to explain why it paid $11 million in ransom to a criminal group earlier this year.The Hill
June 11, 2021 – Business
McDonalds says data breach targeted South Korea and Taiwan operations Full Text
Abstract
McDonald’s said that it was the target of a data breach affecting its markets in South Korea and Taiwan.The Hill
June 11, 2021 – Policy and Law
Network security firm COO charged with medical center cyberattack Full Text
Abstract
The former chief operating officer of Securolytics, a network security company providing services for the health care industry, was charged with allegedly conducting a cyberattack on Georgia-based Gwinnett Medical Center (GMC).BleepingComputer
June 11, 2021 – Criminals
US Department of Justice, International Law Enforcement Disrupt Major Marketplace for Cybercriminals Full Text
Abstract
The US Justice Department partnered with international law enforcement to take down an online marketplace offering stolen login credentials for various accounts including bank and online payment.Cyberscoop
June 11, 2021 – Privacy
Mozilla Says Google’s New Ad Tech—FLoC—Doesn’t Protect User Privacy Full Text
Abstract
Google's upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users. "FLoC is premised on a compelling idea: enable ad targeting without exposing users to risk," said Eric Rescorla, author of TLS standard and chief technology officer of Mozilla. "But the current design has a number of privacy properties that could create significant risks if it were to be widely deployed in its current form." Short for Federated Learning of Cohorts, FLoC is part of Google's fledgling Privacy Sandbox initiative that aims to develop alternate solutions to satisfy cross-site use cases without resorting to third-party cookies or other opaque tracking mechanisms. Essentially, FLoC allows marketers to guess users' interests without having to uniquely identify them, thereby eliThe Hacker News
June 11, 2021 – Breach
Gaming Giant EA Suffers Major Data Breach Full Text
Abstract
Hackers stole 780GB of data, including source code for the popular football game FIFA 21Infosecurity Magazine
June 11, 2021 – Breach
Mysterious custom malware used to steal 1.2TB of data from million PCs Full Text
Abstract
Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Researchers from NordLocker have discovered an unsecured database containing 1.2-terabyte of stolen data....Security Affairs
June 11, 2021 – Vulnerabilities
Linux system service bug lets you get root on most modern distros Full Text
Abstract
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions.BleepingComputer
June 11, 2021 – General
54% of all employees reuse passwords across multiple work accounts Full Text
Abstract
Since the start of the pandemic, employees have been engaging in poor cybersecurity practices on work devices, with business owners and C-level executives also failing to maintain cyber hygiene.Help Net Security
June 11, 2021 – Privacy
Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users Full Text
Abstract
Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices. "The impact of these bugs could have allowed an attacker to access and edit the victim's contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device's settings," Sergey Toshin, founder of mobile security startup Oversecured, said in an analysis published Thursday. Toshin reported the flaws to Samsung in February 2021, following which patches were issued by the manufacturer as part of its monthly security updates for April and May. The list of the seven vulnerabilities is as follows - CVE-2021-25356 - third-party authentication bypass in Managed Provisioning CVE-2021-25388 - Arbitrary app installationThe Hacker News
June 11, 2021 – Government
#G7UK: UK and US Strike New Agreements on Cybersecurity Full Text
Abstract
UK and US agree to cooperate more closely on improving cyber resilience and combating cyber-criminalsInfosecurity Magazine
June 11, 2021 – Attack
Al Jazeera detected and blocked disruptive cyberattacks Full Text
Abstract
Qatari government-funded international Arabic news channel Al Jazeera announced to have blocked a series of disruptive cyberattacks aimed at its news publishing platform. Qatari government-funded international Arabic news channel Al Jazeera announced...Security Affairs
June 11, 2021 – Denial Of Service
‘Fancy Lazarus’ Criminal Group Launches DDoS Extortion Campaign Full Text
Abstract
A cybercriminal group with a rotating list of names has resurfaced with a new email attack campaign threatening to launch a DDoS attack against target organizations that refuse to pay a ransom.Dark Reading
June 11, 2021 – General
Live Cybersecurity Webinar — Deconstructing Cobalt Strike Full Text
Abstract
Organizations' cybersecurity capabilities have improved over the past decade, mostly out of necessity. As their defenses get better, so do the methods, tactics, and techniques malicious actors devise to penetrate their environments. Instead of the standard virus or trojan, attackers today will deploy a variety of tools and methods to infiltrate an organization's environment and attack it from the inside. In an interesting twist of fate, one of the tools organizations have used to audit and improve their defenses has also become a popular tool attackers use to infiltrate. Cobalt Strike is an Adversary Simulation and Red Team Operations tool that allows organizations to simulate advanced attacks and test their security stacks in a close-to-real-world simulation. A new research webinar from XDR provider Cynet ( register here ) offers a better look at Cobalt Strike. The webinar, led by Cyber Operations Analyst for the Cynet MDR Team Yuval Fischer, will take a deep dive into the thrThe Hacker News
June 11, 2021 – Vulnerabilities
Unknown Attacker Chains Chrome and Windows Zero-Days Full Text
Abstract
Kaspersky has branded the threat actor “PuzzleMaker”Infosecurity Magazine
June 11, 2021 – Policy and Law
DoJ announced to have shut down Slilpp marketplace in international operation Full Text
Abstract
The US Department of Justice seized the servers and domains of the popular cybercrime marketplace SlilPP. The US Department of Justice announced to have seized the infrastructure of SlilPP, a popular marketplace used by cybercriminals to buy and sell...Security Affairs
June 11, 2021 – Phishing
Global Scamdemic: Scams Become Number One Online Crime Full Text
Abstract
According to Group-IB, fraud accounts for 73% of all online attacks. 56% are scams that result in the victims disclosing sensitive data and 17% are phishing attacks involving theft of payment details.Security Affairs
June 11, 2021 – Vulnerabilities
7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access Full Text
Abstract
A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user. Tracked as CVE-2021-3560 (CVSS score: 7.8), the flaw affects polkit versions between 0.113 and 0.118 and was discovered by GitHub security researcher Kevin Backhouse, who said the issue was introduced in a code commit made on Nov. 9, 2013. Red Hat's Cedric Buissart noted that Debian-based distributions, based on polkit 0.105, are also vulnerable. Polkit (née PolicyKit) is a toolkit for defining and handling authorizations in Linux distributions, and is used for allowing unprivileged processes to communicate with privileged processes. "When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privilegThe Hacker News
June 11, 2021 – Policy and Law
China’s New “Anti-Sanctions” Law Means Headache for Foreign Firms Full Text
Abstract
Beijing could seize assets or ban entities from doing business thereInfosecurity Magazine
June 11, 2021 – Criminals
Cybercriminals Sell Access to FIFA 21 Matchmaking Servers After Attack on Electronic Arts Full Text
Abstract
Electronic Arts, the maker of popular video games including FIFA, Madden, Sims, and others, said Thursday that it was investigating an intrusion that led to the leak of game source code and tools.New York Times
June 11, 2021 – Criminals
New Cyber Espionage Group Targeting Ministries of Foreign Affairs Full Text
Abstract
Cybersecurity researchers on Thursday took the wraps off a new cyberespionage group that has been behind a series of targeted attacks against diplomatic entities and telecommunication companies in Africa and the Middle East since at least 2017. Dubbed " BackdoorDiplomacy ," the campaign involves targeting weak points in internet-exposed devices such as web servers to perform a panoply of cyber hacking activities, including laterally moving across the network to deploy a custom implant called Turian that's capable of exfiltrating sensitive data stored in removable media. "BackdoorDiplomacy shares tactics, techniques, and procedures with other Asia-based groups. Turian likely represents a next stage evolution of Quarian , the backdoor last observed in use in 2013 against diplomatic targets in Syria and the U.S," said Jean-Ian Boutin, head of threat research at Slovak cybersecurity firm ESET. Engineered to target both Windows and Linux operating systems, theThe Hacker News
June 11, 2021 – Encryption
Quantum Breakthrough in Britain Creates 600km Secure Link Full Text
Abstract
The breakthrough by Toshiba will enable long-distance quantum-secured information transferInfosecurity Magazine
June 11, 2021 – Breach
CoWIN not hacked, 150 million Indians’ data safe: Researcher Full Text
Abstract
A hacker group going by the name of "Dark Leak Market" had claimed that they have a database of about 150 million Indians who registered themselves on the CoWIN portal and are reselling it.The Times Of India
June 11, 2021 – Encryption
One step closer to quantum-secure conference calls Full Text
Abstract
The Quantum Key Distribution (QKD) technology deployed in this demonstration harnesses the properties of quantum physics to facilitate guaranteed secure distribution of cryptographic keys.Help Net Security
June 11, 2021 – Government
Malicious web link targets Indian Government officials Full Text
Abstract
The malicious link was shared through WhatsApp, SMS, and email on June 9. Some officials even received phone calls where the caller said he was calling from an Army Hospital.Secure Reading
June 11, 2021 – Vulnerabilities
Cisco Smart Install Protocol Still Abused in Attacks, 5 Years After First Warning Full Text
Abstract
Cisco’s Smart Install protocol is still being abused in attacks — five years since it issued its first warning — and there are still 18,000 internet-exposed devices that could be targeted by hackers.Security Week
June 10, 2021 – Vulnerabilities
Chrome Browser Bug Under Active Attack Full Text
Abstract
Google has patched its Chrome browser, fixing one critical cache issue and a second bug being actively exploited in the wild.Threatpost
June 10, 2021 – Cryptocurrency
Microsoft: Big Cryptomining Attacks Hit Kubeflow Full Text
Abstract
Misconfigured dashboards are yet again at the heart of a widespread, ongoing cryptocurrency campaign squeezing Monero and Ethereum from Kubernetes clusters.Threatpost
June 10, 2021 – Malware
Steam Gaming Platform Hosting Malware Full Text
Abstract
Emerging malware is lurking in Steam profile images.Threatpost
June 10, 2021 – Policy and Law
U.S. Authorities Shut Down Slilpp—Largest Marketplace for Stolen Logins Full Text
Abstract
The U.S. Department of Justice (DoJ) Thursday said it disrupted and took down the infrastructure of an underground marketplace known as " Slilpp " that specialized in trading stolen login credentials as part of an international law enforcement operation. Over a dozen individuals have been charged or arrested in connection with the illegal marketplace. The cyber crackdown, which involved the joint efforts of the U.S., Germany, the Netherlands, and Romania, also commandeered a set of servers hosting its infrastructure as well as the multiple domains the group operated. Operational since 2012, Slilpp was an marketplace for allegedly stolen online account login credentials belonging to 1,400 companies worldwide, offering for sale more than 80 million plundered usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts, which were abused to conduct unauthorized transactions, such as wire transfers, frThe Hacker News
June 10, 2021 – Attack
Foodservice supplier Edward Don hit by a ransomware attack Full Text
Abstract
Foodservice supplier Edward Don has suffered a ransomware attack that has caused the company to shut down portions of the network to prevent the attack's spread.BleepingComputer
June 10, 2021 – Government
Bipartisan senators introduce bill to protect small businesses from cyberattacks Full Text
Abstract
A bipartisan group of senators Thursday introduced a bill intended to protect small businesses from cyberattacks after hacks crippled some of the country’s largest companies.The Hill
June 10, 2021 – Breach
CD Projekt: Data stolen in ransomware attack now circulating online Full Text
Abstract
CD Projekt is warning today that internal data stolen during their February ransomware attack is circulating on the Internet.BleepingComputer
June 10, 2021 – Malware
Victory Backdoor Targeting Southeast Asian Governments Full Text
Abstract
A surveillance operation by SharpPanda APT is active right now and targeting the Southeast Asian government. According to researchers, malware has been under development for the past three years. Additionally, attackers behind this campaign are using anti-analysis and anti-debugging techniques to i ... Read MoreCyware Alerts - Hacker News
June 10, 2021 – General
Hillicon Valley: Advocacy groups target Facebook employees in push to keep Trump off platform | Senior Biden cyber nominees sail through Senate hearing | State Dept. urges Nigeria to reverse Twitter ban Full Text
Abstract
More than 30 advocacy groups are organizing to encourage Facebook employees to keep former President TrumpDonald TrumpFormer House Republican to challenge DeWine for Ohio gubernatorial nomination GOP senators press Justice Department to compare protest arrests to Capitol riot Overnight Defense: Austin directs classified initiatives to counter China | Biden emphasizes alliances in speech to troops | Lockdown lifted at Texas base after reported shooting MORE off the platform permanently. Meanwhile, President BidenJoe BidenWhite House announces major boost to global vaccine supply U.S. in talks to buy Moderna's COVID-19 vaccine to send abroad: report Pentagon to consider authorizing airstrikes in Afghanistan if country falls into crisis: report MORE’s nominees to hold the two most senior cyber positions in the federal government faced little opposition during their nomination hearing Thursday, and the State Department urged Nigeria to reverse its decision to suspend Twitter in the country.The Hill
June 10, 2021 – Policy and Law
IT Administrator Sentenced for Sabotaging Employer Full Text
Abstract
Terminated employee who deleted former employer's file server is placed in lockdownInfosecurity Magazine
June 10, 2021 – Phishing
Global Scamdemic: Scams Become Number One Online Crime Full Text
Abstract
Threat hunting and adversarial cyber intelligence company Group-IB published a comprehensive analysis of fraud cases on a global scale. Group-IB, a global threat hunting and adversarial cyber intelligence company specializing in the investigation...Security Affairs
June 10, 2021 – Attack
‘Nameless’ malware attacks 1.2TB database in the cloud Full Text
Abstract
The virus escaped with 6 million files that it grabbed from desktop and downloads folders. Screenshots made by the malware revealed that it spread via illegal Adobe PhotoShop software, Windows cracking tools, and pirated games.SCMagazine
June 10, 2021 – Criminals
‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoS Efforts Full Text
Abstract
The group, known for masquerading as various APT groups, is back with a spate of attacks on U.S. companies.Threatpost
June 10, 2021 – Policy and Law
Slilpp, the largest stolen logins market, seized by law enforcement Full Text
Abstract
The US Justice Department has announced today that a multinational operation took down Slillpp, the largest online marketplace of stolen login credentials.BleepingComputer
June 10, 2021 – Phishing
Scams and Phishing Attacks Witness Explosion Full Text
Abstract
Phishing scams witnessed a staggering 974% spike, the majority of which were aimed at male-sounding names within an organization. Is it time organizations rethink their IT operations and risk-management strategies to effectively manage phishing threats?Cyware Alerts - Hacker News
June 10, 2021 – Government
Senior Biden cyber nominees sail through Senate hearing Full Text
Abstract
The nominees selected by President Biden to fill the top two cybersecurity positions in the federal government faced little opposition during their Senate nomination hearing on Thursday amid growing bipartisan concerns about increasing cyber threats.The Hill
June 10, 2021 – Policy and Law
Arrest Made Over Multi-million-dollar BEC Scam Full Text
Abstract
Texas cops arrest man who allegedly defrauded businesses and individuals out of $2.2mInfosecurity Magazine
June 10, 2021 – Breach
Hackers stole data from the network of the gaming giant Electronic Arts Full Text
Abstract
Hackers breached the network of the gaming giant Electronic Arts (EA) and have stolen roughly 780 GB of data, including game source code and tools. Hackers have compromised the network of the gaming giant Electronic Arts (EA) and claim to have...Security Affairs
June 10, 2021 – General
Can machine learning help detect zero day malware? Full Text
Abstract
The models have limitations, but researchers reported improvements in detection across a wide range of malware families.SCMagazine
June 10, 2021 – Vulnerabilities
STEM Audio Table Rife with Business-Threatening Bugs Full Text
Abstract
The desktop conferencing IoT gadget allows remote attackers to install all kinds of malware and move laterally to other parts of enterprise networks.Threatpost
June 10, 2021 – Breach
Hackers breach gaming giant Electronic Arts, steal game source code Full Text
Abstract
Hackers have breached the network of gaming giant Electronic Arts (EA) and claim to have stolen roughly 750 GB of data, including game source code and debug tools.BleepingComputer
June 10, 2021 – Malware
SteamHide Malware Hides Inside Steam Profile Images Full Text
Abstract
Researchers found a new malware that relies on the Steam gaming platform for distributing its payload. It uses Steam profile images to evade detection.Cyware Alerts - Hacker News
June 10, 2021 – Government
Texas to Publish Data Breach Notifications Full Text
Abstract
New law requires data breaches affecting 250 or more Texas residents to be posted onlineInfosecurity Magazine
June 10, 2021 – Business
JBS paid $11 million to REvil ransomware out of $22.5M requested Full Text
Abstract
The beef producer JBS has admitted to have paid an $11 million ransom to the REvil ransomware gang after the group initially demanded $22.5 million. The meat processing giant JBS confirmed it paid the REvil ransomware gang $11 million in bitcoins...Security Affairs
June 10, 2021 – Government
Cyber nominees try to define their roles, and what that may mean for private sector partnership Full Text
Abstract
National cyber director nominee, Chris Inglis, pointed to three ways that more widespread adoption of cyber best practices could take hold: “One is enlightened self interest; that’s apparently not working. The second is market forces; that’s apparently not working. And the third is some imposition of standards or regulation on top of that.”SCMagazine
June 10, 2021 – Business
JBS Paid $11M to REvil Gang Even After Restoring Operations Full Text
Abstract
The decision to pay the ransom demanded by the cybercriminal group was to avoid any further issues or potential problems for its customers, according to the company’s CEO.Threatpost
June 10, 2021 – Privacy
Hackers can exploit bugs in Samsung pre-installed apps to spy on users Full Text
Abstract
Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system.BleepingComputer
June 10, 2021 – Criminals
Evil Corp Rebranded its Ransomware Operation Again Full Text
Abstract
The most-wanted Russian hacking group recently rebranded itself as new PayloadBIN ransomware to evade sanctions imposed by the U.S. Treasury. Previously, the gang had mimicked the Hades ransomware to bypass U.S. sanctions. The gang started rebranding its ransomware operations to different names (Ha ... Read MoreCyware Alerts - Hacker News
June 10, 2021 – General
#Infosec21: Lack of Vision Explains Cyber Skills Shortage Full Text
Abstract
Cisco's Wendy Nather argues that it is not a pipeline problem but a lack of vision in the industryInfosecurity Magazine
June 10, 2021 – Vulnerabilities
Google Patches Chrome zero-day actively exploited Full Text
Abstract
Google this week addressed 14 vulnerabilities in the Chrome browser, including a zero-day flaw that has been exploited in the wild. Google released security updates to address 14 vulnerabilities in the Chrome browser, including a zero-day issue that...Security Affairs
June 10, 2021 – Solution
Meet ViVian, a new ID crime chatbot that may be used for future B2B cyber applications Full Text
Abstract
Resource-depleted businesses could use version of this tool to field help desk calls and reports of cyber incidents.SCMagazine
June 10, 2021 – Phishing
Now you can add cryptojacking, reverse proxy phishing to list of cryptocurrency threats Full Text
Abstract
The most common attack methods dominating the conversation in cybercriminal forums are reverse proxy phishing, cryptojacking, dusting, and clipping, according to a new study from Digital Shadows.ZDNet
June 10, 2021 – General
Enhancing cyber resilience: What your team needs to know Full Text
Abstract
By focusing on the “where” or “who,” organizations can often end up neglecting to analyze the nature of past attacks and discover the lessons that can be learned from them.Help Net Security
June 10, 2021 – Vulnerabilities
Most mobile finance apps vulnerable to data breaches Full Text
Abstract
The Intertrust report comes at a time where finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020.Help Net Security
June 10, 2021 – Solution
ACSC scanning is allowing Commonwealth entities to avoid being hacked Full Text
Abstract
Under its Cyber Hygiene Improvement Programs (CHIPs), the ACSC was able to identify vulnerable, internet-exposed MobileIron systems across Commonwealth, state and territory, and local governments.ZDNet
June 10, 2021 – Ransomware
JBS paid $11 million to REvil ransomware, $22.5M first demanded Full Text
Abstract
JBS, the world's largest beef producer, has confirmed that they paid an $11 million ransom after the REvil ransomware operation initially demanded $22.5 million.BleepingComputer
June 10, 2021 – Business
Meat processor JBS paid $11 million in ransom to hackers Full Text
Abstract
The F.B.I. said last week that it believed REvil, a Russian-based group that is one of the most prolific ransomware organizations, was responsible for the attack on the meat processing giant.New York Times
June 10, 2021 – Ransomware
Emerging Ransomware Targets Dozens of Businesses Worldwide Full Text
Abstract
An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational, riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, " Prometheus " is an offshoot of another well-known ransomware variant called Thanos , which was previously deployed against state-run organizations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America, according to new research published by Palo Alto Networks' Unit 42 threat intelligence team. Like other ransomware gangs, Prometheus takes advantage of double-extortion tactics and hosts a dark web leak site, where it names and shames new victims and makes stolenThe Hacker News
June 10, 2021 – Outage
Schools Forced to Shut Following Critical Ransomware Attack Full Text
Abstract
The ransomware attack has encrypted and stolen sensitive data from two schools in EnglandInfosecurity Magazine
June 10, 2021 – Breach
Russia-linked APT breached the network of Dutch police in 2017 Full Text
Abstract
Russia-linked cyberspies breached the internal network of Dutch police in 2017 while the authorities were investigating the crash of the MH-17. Russia-linked threat actors breached the internal network of Dutch police in 2017 during the investigation...Security Affairs
June 10, 2021 – Government
CISA launches platform to let hackers report security bugs to US federal agencies Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency has launched a vulnerability disclosure program allowing ethical hackers to report security flaws to federal agencies.TechCrunch
June 10, 2021 – General
Using Breached Password Detection Services to Prevent Cyberattack Full Text
Abstract
Bolstering password policies in your organization is an important part of a robust cybersecurity strategy. Cybercriminals are using compromised accounts as one of their favorite tactics to infiltrate business-critical environments; as we've seen in recent news, these attacks can be dangerous and financially impactful. Unfortunately, account compromise is a very successful attack method and requires much less effort than other attack vectors. One of the essential types of password protection recommended by noted cybersecurity standards is breached password detection . Hackers often use known breached password lists in credential stuffing or password spraying attacks. Here are some critical criteria to consider when your sysadmins are evaluating breached password protection solutions. Breached password recommendations In the last few years, password security recommendations have evolved past the traditional recommendations regarding password security. Businesses have used MThe Hacker News
June 10, 2021 – Breach
High Street Banks Exposing Customers to Phishing Attacks Full Text
Abstract
Banks should do more to protect their customers from criminals trying to steal sensitive information, Which? research findsInfosecurity Magazine
June 10, 2021 – Hacker
Hacker Known as Max Is a 55-Year-Old Woman, Prosecutors Say Full Text
Abstract
Alla Witte, now 55, assumed the identity “Max” and started writing illicit code, according to a federal indictment unsealed on February 8 after she was detained in Miami.Bloomberg
June 10, 2021 – Business
JBS Admits Paying REvil Ransomware Group $11 Million Full Text
Abstract
The meat processing giant claims to have paid Russian-speaking hackers millions in bitcoin to restore servicesInfosecurity Magazine
June 10, 2021 – Business
RSA Security spins out its Fraud & Risk Intelligence business into standalone company called Outseer Full Text
Abstract
RSA Security is spinning out its anti-fraud and payments security business into a new standalone company called Outseer. The new organization will be led by CEO Reed Taussig.ZDNet
June 10, 2021 – Breach
Hackers Linked to Russian Intelligence Agencies Breached Dutch Police Systems Full Text
Abstract
The intrusion was uncovered by the Dutch intelligence service AIVD after it saw a Dutch police IP address communicating with known malicious servers operated by Russian state-sponsored threat actors.The Record
June 10, 2021 – Cryptocurrency
Microsoft: ML infrastructure under atack from cryptomining gangs again Full Text
Abstract
Microsoft said it detected a new malicious campaign that is hijacking Azure infrastructure typically used for machine learning operations in order to deploy cryptocurrency mining workloads.The Record
June 10, 2021 – Denial Of Service
Organizations Warned About DoS Flaws in Popular Open Source Message Brokers Full Text
Abstract
A type of malformed message that causes a DoS condition has been identified for RabbitMQ, EMQ X, and VerneMQ, but there does not appear to be a single message that impacts all three brokers.Security Week
June 10, 2021 – Hacker
This is how fast a password leaked on the web will be tested out by hackers Full Text
Abstract
In a new study, Agari researchers found that the accounts are actively accessed within hours of the login credentials being posted online on phishing websites and forums.ZDNet
June 9, 2021 – Breach
DarkSide Pwned Colonial With Old VPN Password Full Text
Abstract
Attackers accessed a VPN account that was no longer in use to freeze the company’s network in a ransomware attack whose repercussions are still vibrating.Threatpost
June 09, 2021 – Business
Beef Supplier JBS Paid Hackers $11 Million Ransom After Cyberattack Full Text
Abstract
Meat processing company JBS on Wednesday confirmed it paid extortionists $11 million in bitcoins to regain access to its systems following a destructive ransomware attack late last month. "In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated," JBS USA said in a statement, with CEO Andre Nogueira adding the firm made the "very difficult decision" to prevent any potential risk for its customers. Stating that third-party forensic investigations into the incident are still ongoing, the company noted that no company, customer, or employee data was compromised as a consequence of the breach. The FBI officially discourages victims from paying ransoms because doing so can establish a profitable criminal marketplace. JBS, the world's largest meat company by sales, on May 30 disclosed it fell prey to an "orgThe Hacker News
June 09, 2021 – Vulnerabilities
New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP! Full Text
Abstract
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. Google on Wednesday rolled out an urgent update for Chrome browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild. Tracked as CVE-2021-30551 , the vulnerability stems from a type confusion issue in its V8 open-source and JavaScript engine. Sergei Glazunov of Google Project Zero has been credited with discovering and reporting the flaw. Although the search giant's Chrome team issued a terse statement acknowledging "an exploit for CVE-2021-30551 exists in the wild," Shane Huntley, Director of Google's Threat Analysis Group, hinted that the vulnerability was leveraged by the same actor that abused CVE-2021-33742 , an actively exploited remote code execution flaw in Windows MSHTML platform that was adThe Hacker News
June 9, 2021 – Policy and Law
The Supreme Court Reins In the CFAA in Van Buren Full Text
Abstract
The Supreme Court handed down its first major decision construing the Computer Fraud and Abuse Act last week. The decision is a major victory for those of us who favor a narrow reading of the CFAA. It doesn't answer everything. But it answers a lot.Lawfare
June 09, 2021 – Vulnerabilities
Google fixes sixth Chrome zero-day exploited in the wild this year Full Text
Abstract
Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.BleepingComputer
June 9, 2021 – Malware
Siloscape is Backdooring Clusters via Windows Containers Full Text
Abstract
For the first time, a new malware strain has been found targeting Windows containers to disrupt Kubernetes cloud environments. Named Siloscape, it opens a backdoor for all kinds of malicious activity without limiting itself to any particular infection goal. Kubernetes admins are recommended to ... Read MoreCyware Alerts - Hacker News
June 09, 2021 – Business
JBS paid $11 million to hackers to resolve ransomware attack Full Text
Abstract
Major meat producer JBS USA said it paid the equivalent of $11 million to hackers to resolve a ransomware attack that forced the company to shut down its beef plants.The Hill
June 09, 2021 – Attack
New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites Full Text
Abstract
Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security (TLS) servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been dubbed ALPACA , short for "Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication," by a group of academics from Ruhr University Bochum, Münster University of Applied Sciences, and Paderborn University. "Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session," the study said. "This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer." TLS is a cryptographic protocol underpinning several application layer protocols like HTTPS, SMTP, IMAP, POP3, and FTP to secure comThe Hacker News
June 9, 2021 – Breach
Probe into Leak of Cuomo Accuser’s Personnel File Full Text
Abstract
New York Attorney General’s Office investigating legality of releasing Lindsey Boylan’s recordsInfosecurity Magazine
June 9, 2021 – Cryptocurrency
How to Start Disrupting Cryptocurrencies: “Mining” Is Money Transmission Full Text
Abstract
Making cryptocurrency mining illegal won’t stop all mining, but it will seriously disrupt it.Lawfare
June 9, 2021 – Cryptocurrency
Crypto-mining campaign targets Kubeflow installs on a large scale Full Text
Abstract
Microsoft uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine cryptocurrency. Microsoft researchers uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that...Security Affairs
June 9, 2021 – Solution
Infoblox ups integration across on-premises, cloud and remote office environments Full Text
Abstract
The combination of three pieces of information runs on DDI (DNS, DHCP, IPAM) technology, which delivers this granular data to administrators so they can solve networking and security issues.SCMagazine
June 09, 2021 – Phishing
FBI warns of BEC scammers impersonating construction companies Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned private sector companies of scammers impersonating construction companies in business email compromise (BEC) attacks targeting organizations from multiple US critical infrastructure sectors.BleepingComputer
June 9, 2021 – Ransomware
BlackCocaine: Another New Golang Ransomware in Play Full Text
Abstract
A ransomware group targeted an India-based IT company in the banking and financial services sector, Nucleus Software Exports. The malware is the latest addition to the ransomware family and has displayed exceptional sophistication in its tactics, techniques, and procedures.Cyware Alerts - Hacker News
June 09, 2021 – General
Hillicon Valley: Biden gives TikTok and WeChat a reprieve | Colonial Pipeline CEO addresses Congress again | Thomson Reuters shareholders want review of ICE ties Full Text
Abstract
President BidenJoe BidenHouse Judiciary Democrats call on DOJ to reverse decision on Trump defense Democratic super PAC targets Youngkin over voting rights Harris dubs first foreign trip a success amid criticism over border MORE replaced former President TrumpDonald TrumpJack Ciattarelli wins GOP primary in New Jersey governor's race House Judiciary Democrats call on DOJ to reverse decision on Trump defense Democratic super PAC targets Youngkin over voting rights MORE’s executive orders targeting TikTok and WeChat with one directing a review of risks posed by apps developed by foreign adversaries in its place. The Colonial Pipeline CEO testified that the company may use the recovered funds paid out to cyber criminals as part of last month’s ransomware attack to increase cybersecurity. Meanwhile, a majority of independent shareholders of Thomson Reuters voted in favor of a proposal that would have the company assess and report on the potential human rights abuses of its work with Immigrations and Customs Enforcement (ICE).The Hill
June 09, 2021 – Attack
Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official Docker Hub account. However, the container images were configured to execute rogue commands that mine cryptocurrencies. Microsoft said the deployments witnessed an uptick towards the end of May. Kubeflow is an open-source machine learning platform designed to deploy machine learning workflows on Kubernetes , an orchestration service used for managing and scaling containerized workloads across a cluster of machines. The deployment, in itself, was achieved by taking advantage of Kubeflow, which exposes its UI functionality via a dashboard that is deployed in the cluster. In the attack observed by Microsoft, the adversaries used the centralized dashboard as an ingress point to create aThe Hacker News
June 9, 2021 – Breach
Nebraska Medicine Data Breach Settlement Approved Full Text
Abstract
Judge approves preliminary settlement in data breach lawsuit brought against Nebraska MedicineInfosecurity Magazine
June 9, 2021 – Attack
Hackers hit Spain’s Ministry of Labor and Social Economy Full Text
Abstract
The Spanish Ministry of Labor and Social Economy (MITES) was hit by a cyberattack and is working to restore impacted services. Spain's Ministry of Labor and Social Economy (MITES) was hit by a cyberattack on Wednesday and is working to restore impacted...Security Affairs
June 9, 2021 – Vulnerabilities
Microsoft fixes 50 vulnerabilities for June, but patch first the six exploited in the wild Full Text
Abstract
Allan Liska of Recorded Future’s computer security incident response team, lists out the reasons why security teams should take the six exploited vulnerabilities seriously.SCMagazine
June 09, 2021 – Cryptocurrency
Microsoft warns of cryptomining attacks on Kubernetes clusters Full Text
Abstract
Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning (ML) instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency.BleepingComputer
June 9, 2021 – Vulnerabilities
Siemens, Schneider Electric Inform Customers About Tens of Vulnerabilities Full Text
Abstract
Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products.Security Week
June 09, 2021 – Business
Colonial Pipeline may use recovered ransomware attack funds to boost cybersecurity Full Text
Abstract
Colonial Pipeline may use the recovered funds paid out to cyber criminals as part of a ransomware attack last month to increase cybersecurity, Joseph Blount, the company's president and CEO, said Wednesday.The Hill
June 09, 2021 – General
EBook – Creating a Large Company Security Stack on a Lean Company Budget Full Text
Abstract
The speed at which malicious actors have improved their attack tactics and continue to penetrate security systems has made going bigger the major trend in cybersecurity. Facing an evolving threat landscape, organizations have responded by building bigger security stacks, adding more tools and platforms, and making their defenses more complex—a new eBook from XDR provider Cynet ( read it here ). Organizations find themselves in a virtual arms race with malicious actors. Attackers find new, stealthier ways to penetrate an organization's defenses, and organizations build higher walls, buy more technologies to protect themselves, and expand their security stacks. Money is a key component of security success – a tough reality for leaner organizations that might not have the seemingly endless budgets of larger corporations and enterprises. The question of what leaner security teams could do about it used to be "not a lot," but today, that's hardly the case. Even thoughThe Hacker News
June 9, 2021 – Policy and Law
Pennsylvanian Charged over Trump Impersonation Fraud Full Text
Abstract
Man allegedly posed as Trump family members on social media to fraudulently obtain financial donationsInfosecurity Magazine
June 9, 2021 – Vulnerabilities
Google fixes a critical Android RCE flaw in the System component Full Text
Abstract
Google’s June security bulletin addresses more than 90 vulnerabilities in Android and Pixel devices, including a Critical RCE (CVE-2021-0507). Google’s June security bulletin addresses more than 90 vulnerabilities in Android and Pixel devices,...Security Affairs
June 9, 2021 – Business
‘I did not like handing that money over to criminals’: Colonial CEO touts corporate cyber transparency, defends his own Full Text
Abstract
The hearing touched on the internal and external debates that face most executives during a crippling cyberattack: How fast should a company act, and what decisions should be made internally versus in consultation with external advisers or the federal government.SCMagazine
June 09, 2021 – Criminals
Stealthy Gelsemium cyberspies linked to NoxPlayer supply-chain attack Full Text
Abstract
ESET researchers have linked a stealthy cyberespionage group known as Gelsemium to the NoxPlayer Android emulator supply-chain attack that targeted gamers earlier this year.BleepingComputer
June 9, 2021 – Vulnerabilities
Adobe Patches Major Security Flaws in PDF Reader, Photoshop Full Text
Abstract
Adobe’s product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products.Security Week
June 9, 2021 – Outage
Single Fastly Customer Sparked Global Internet Meltdown Full Text
Abstract
Fastly says blackout that hit many high-profile websites on Tuesday caused by a software bugInfosecurity Magazine
June 9, 2021 – Vulnerabilities
Microsoft June 2021 Patch Tuesday addresses 6 zero-days actively exploited Full Text
Abstract
Microsoft's June 2021 Patch Tuesday addressed 50 vulnerabilities, including six zero-day issues that are being actively exploited in the wild. Microsoft's June 2021 Patch Tuesday addresses 50 vulnerabilities in Microsoft Windows, .NET Core and Visual...Security Affairs
June 9, 2021 – Solution
As clouds get more complex, companies are struggling to adapt legacy security tooling Full Text
Abstract
2020 could be a tipping point for cloud adoption, but its bringing more complexity and causing companies to reevaluate their old security stack.SCMagazine
June 09, 2021 – Attack
Spain’s Ministry of Labor and Social Economy hit by cyberattack Full Text
Abstract
The Spanish Ministry of Labor and Social Economy (MITES) is working on restoring services after being hit by a cyberattack on Wednesday.BleepingComputer
June 9, 2021 – Attack
Memory and Storage Manufacturer ADATA Struck by Ragnar Locker Ransomware Attack Full Text
Abstract
Leading Taiwan-based memory and storage manufacturer ADATA was forced to take its systems offline after it was targeted by a ransomware attack in late May, the company has admitted.Tech Radar
June 9, 2021 – Covid-19
#Infosec21: NCSC Outlines Biggest Cyber Threats During COVID19 Full Text
Abstract
NCSC's Eleanor Fairford reveals the three biggest cyber threats since the start of COVID-19Infosecurity Magazine
June 9, 2021 – Attack
Security researcher says attacks on Russian government have Chinese fingerprints – and typos, too Full Text
Abstract
An advanced persistent threat that Russia found inside government systems was too crude to have been the work of a Western nation, says security researcher Juan Andrés Guerrero-Saade.The Register
June 9, 2021 – General
A Third of Execs Plan to Spy on Staff to Guard Trade Secrets Full Text
Abstract
Most senior executives believe more money is needed to protect trade secrets, and many are prepared to spy on staffInfosecurity Magazine
June 9, 2021 – Criminals
Cybercriminals Impersonate FINRA to Target Members Firms via Targeted Phishing Attacks Full Text
Abstract
FINRA reminded financial industry firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments, or clicking on any embedded links.FINRA
June 9, 2021 – Vulnerabilities
Microsoft Fixes Seven Zero-Days This Patch Tuesday Full Text
Abstract
The 50 security fixes will resolve critical issues, including actively exploited seven-day vulnerabilitiesInfosecurity Magazine
June 9, 2021 – Government
US government launches first VDP for federal civilian agencies Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has launched its first federal civilian security vulnerability disclosure program (VDP) in partnership with Bugcrowd.The Daily Swig
June 9, 2021 – Policy and Law
Police Access Encrypted Devices in Major Global Crime Bust Full Text
Abstract
Over 800 suspected criminals have been arrested after being tricked into using a messaging app owned by the FBIInfosecurity Magazine
June 9, 2021 – General
Healthcare Sector Gasps due to Ransomware Attacks Full Text
Abstract
According to IC3 data analysis by Crowdstrike, healthcare-related losses for victims in the U.S. surged by a whopping 2,473% during 2020 as the COVID-19 pandemic swept through the world.Cyware Alerts - Hacker News
June 09, 2021 – Vulnerabilities
GitHub now scans for accidentally-exposed PyPI, RubyGems secrets Full Text
Abstract
GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python developers who may inadvertently be committing secrets and credentials to their public GitHub repos.BleepingComputer
June 08, 2021 – Vulnerabilities
Update Your Windows Computers to Patch 6 New In-the-Wind Zero-Day Bugs Full Text
Abstract
Microsoft on Tuesday released another round of security updates for Windows operating systems and other supported software, squashing 50 vulnerabilities, including 6 zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code - Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop. Of these 50 bugs, five are rated Critical, and 45 are rated Important in severity, with three of the issues publicly known at the time of release. The vulnerabilities that being actively exploited are listed below - CVE-2021-33742 (CVSS score: 7.5) - Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2021-33739 (CVSS score: 8.4) - Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2021-31199 (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation oThe Hacker News
June 08, 2021 – General
Hillicon Valley: Colonial Pipeline CEO grilled over ransomware attack | Senate debates sweeping Chinese competitiveness bill | Ohio files lawsuit to declare Google a public utility Full Text
Abstract
Colonial Pipeline’s top executive appeared on Capitol Hill Tuesday at the first of two hearings on the recent ransomware attack that forced the company to shut down operations and led to gas shortages. Meanwhile, the Senate debated approving the massive bipartisan U.S. Innovation and Competition Act, and Ohio Attorney General Dave Yost (R) filed a lawsuit to classify Google as a public utility and make it subject to government regulation.The Hill
June 8, 2021 – Solution
Proofpoint rolls out full-featured, cloud-native security platform Full Text
Abstract
The company’s new cloud platform was developed from its extensive experience managing and analyzing email traffic. Proofpoint claims that every day it analyzes more than 2.2 billion email messages, 35 billion URLs, 200 million attachments, and 35 million cloud accounts.SCMagazine
June 8, 2021 – Vulnerabilities
Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws Full Text
Abstract
Researchers discovered a highly targeted malware campaign launched in April, in which a new, unknown threat actor used two of the vulnerabilities that Microsoft said are under active attack.Threatpost
June 8, 2021 – General
2021 Women in IT Security: Call for nominations Full Text
Abstract
SC Media is pleased to announce that we are accepting nominations for our Women in IT Security program, now in its eighth year, honoring those that demonstrate through their own expertise, commitment, influence and resilience the power of gender diversity across the cybersecurity community.SCMagazine
June 8, 2021 – Vulnerabilities
4 issues in Microsoft Office component allow weaponizing docs Full Text
Abstract
Experts found four security flaws in the Microsoft Office suite that cloud allow attackers to weaponize Word and Excel docs. Experts from Check Point discovered four security vulnerabilities in the Microsoft Office suite that an attacker could exploit...Security Affairs
June 8, 2021 – Policy and Law
TrickBot Coder Faces Decades in Prison Full Text
Abstract
A Latvian malware developer known as “Max” has been arraigned on 19 counts related to fraud, identity theft, information theft and money laundering.Threatpost
June 08, 2021 – Vulnerabilities
Intel fixes 73 vulnerabilities in June 2021 Platform Update Full Text
Abstract
Intel has addressed 73 security vulnerabilities as part of the June 2021 Patch Tuesday, including high severity ones impacting some versions of Intel's Security Library and the BIOS firmware for Intel processors.BleepingComputer
June 8, 2021 – Vulnerabilities
Google Patches Critical Android RCE Bug Full Text
Abstract
Google’s June security bulletin addresses 90+ bugs in Android and Pixel devices.Threatpost
June 08, 2021 – Vulnerabilities
Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days Full Text
Abstract
Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide.BleepingComputer
June 8, 2021 – General
Hackers vs. lawyers: Security research stifled in key situations Full Text
Abstract
Many in the security research community continue to be frustrated with the legal walls that prevent them from sharing their findings with both other companies and the outside world.Tech Target
June 08, 2021 – Business
Colonial Pipeline CEO grilled over ransomware attack Full Text
Abstract
Colonial Pipeline President and CEO Joseph Blount was grilled by lawmakers Tuesday on his decision to pay hackers in a ransomware attack that forced a temporary shutdown of operations — and led to gas shortages in parts of the country.The Hill
June 8, 2021 – Hacker
TeamTNT Attempting to Reign on Cloud-based Platforms Full Text
Abstract
TeamTNT is targeting the credentials of 16 cloud-based platforms, including AWS and Google Cloud, which it uses for its illegitimate cryptojacking operations. Organizations are recommended to proactively block the network connections and C2 endpoints associated with TeamTNT.Cyware Alerts - Hacker News
June 8, 2021 – Policy and Law
MoviePass Operators Settle Data Security Allegations Full Text
Abstract
Operators of defunct app settle alleged fraud and data security failures with FTCInfosecurity Magazine
June 08, 2021 – Vulnerabilities
Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days, 50 flaws Full Text
Abstract
Today is Microsoft's June 2021 Patch Tuesday, and with it comes fixes for seven zero-day vulnerabilities and a total of 50 flaws, so Windows admins will be scrambling to get devices secured.BleepingComputer
June 8, 2021 – General
Cyberattacks on Transportation and Logistics System Witness a Surge Full Text
Abstract
In the past few months, organizations in the transportation and logistics sector saw several cyberattacks seeking disruption of operations and services. Metropolitan Transit Authority (MTA) became the most recent victim of such an attack.Cyware Alerts - Hacker News
June 08, 2021 – Vulnerabilities
Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days Full Text
Abstract
Today is Microsoft's June 2021 Patch Tuesday, and with it comes seven zero-day vulnerabilities, so Windows admins will be scrambling to get devices secured.BleepingComputer
June 8, 2021 – Malware
SteamHide: Hiding Malware in Plain Sight Full Text
Abstract
SteamHide abuses the gaming platform Steam to serve payloads for malware downloaders. Malware operators can also update already infected machines by adding new profile images to Steam.G-Data Security Blog
June 8, 2021 – Attack
Cyber-attack on NYC Law Department Full Text
Abstract
FBI is investigating unauthorized access into New York City Law Department’s IT systemInfosecurity Magazine
June 8, 2021 – General
Unauthorized access accounts for 43% of all breaches globally Full Text
Abstract
There has been a 450% surge in breaches containing usernames and passwords globally and unauthorized access accounted for 43% of all breaches globally, according to a ForgeRock report.Help Net Security
June 08, 2021 – Ransomware
Computer memory maker ADATA hit by Ragnar Locker ransomware Full Text
Abstract
Taiwan-based leading memory and storage manufacturer ADATA says that a ransomware attack forced it to take systems offline after hitting its network in late May.BleepingComputer
June 8, 2021 – Vulnerabilities
WAGO Controller Flaws Can Allow Hackers to Disrupt Industrial Processes Full Text
Abstract
Two flaws discovered in WAGO industrial controllers can be exploited to disrupt technological processes, which in some cases could lead to industrial accidents, according to Positive Technologies.Security Week
June 8, 2021 – Policy and Law
‘An0m’ Encrypted-Chat Sting Leads to Arrest of 800 Full Text
Abstract
The FBI and Australian law enforcement set up the encrypted chat service and ran it for over 3 years, seizing weapons, drugs and over $48m in cash.Threatpost
June 08, 2021 – Vulnerabilities
Adobe issues security updates for 41 vulnerabilities in 10 products Full Text
Abstract
Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in ten applications, including Adobe Acrobat, Reader, and Photoshop.BleepingComputer
June 8, 2021 – Malware
FreakOut Reloaded with New Exploits to Target its Victims Full Text
Abstract
FreakOut, the multi-platform Python-based malware that targets Windows and Linux devices, has been updated. The malware is now upgraded to worm its way into publicly exposed unpatched VMware servers.Cyware Alerts - Hacker News
June 8, 2021 – General
#Infosec21: Cybersecurity to Become a “Matter of Life and Death” Full Text
Abstract
Mikko Hypponen warns that cybersecurity will become a matter of life and death due to growing reliance on the internetInfosecurity Magazine
June 8, 2021 – Malware
SystemBC Malware Hides Behind Socks5 Proxy Full Text
Abstract
The injector used by the malware is also obfuscated with a compiler-based technique named control flow flattening, which modifies the normal flow of the program and makes static analysis impossible.Minerva Labs
June 8, 2021 – Attack
Illinois County Stricken with Grief Full Text
Abstract
Grief ransomware gang claims to have stolen 2.5GB of personal data from St. ClairInfosecurity Magazine
June 8, 2021 – Government
States Bolster Data Security Technology in Response to Covid-19, Survey Finds Full Text
Abstract
Some 75% of states in a recent NASTD survey say the pandemic had an impact on their remote access security, and almost half said they expanded their existing data loss protection technology.Nextgov
June 08, 2021 – Privacy
Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals Full Text
Abstract
In a huge sting operation, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an "encrypted chat" service called ANoM for almost 3 years to intercept 27 million messages between criminal gang members globally. Dubbed Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI), the long-term covert probe into transnational and serious organized crime culminated in the arrests of 224 offenders on 526 charges in Australia, with 55 luxury vehicles, eight tons of cocaine, 22 tons of cannabis and cannabis resin, 250 firearms, and more than $48 million in various currencies and cryptocurrencies seized in raids around the world. A total of more than 800 arrests have been reported across 18 countries, including New Zealand, Germany, and Sweden. Europol called it the "biggest ever law enforcement operation against encrypted communication." The communications allegedly involved plots to kill, mThe Hacker News
June 8, 2021 – APT
New SkinnyBoy Malware Linked with APT28 Full Text
Abstract
Cluster25 found a new SkinnyBoy malware that has been used by the APT28 group in multiple spear-phishing campaigns against military and government institutions in the U.S. and Europe. The malware has a low level of sophistication, however, it can not be taken lightly as this could be in its early s ... Read MoreCyware Alerts - Hacker News
June 08, 2021 – General
US brokerage firms warned of ongoing phishing with penalty threats Full Text
Abstract
FINRA, the US securities industry regulator, has warned brokerage firms of an ongoing phishing campaign threatening recipients with penalties unless they provide the information requested by the attackers.BleepingComputer
June 8, 2021 – Hacker
Hacking space: How to pwn a satellite Full Text
Abstract
The first bad thing that can make lots of other bad things happen is to block communication to the device, since it makes it unusually difficult to fly up to troubleshoot on the remote end.ESET Security
June 08, 2021 – Business
Colonial CEO apologizes for pipeline attack’s impact Full Text
Abstract
Colonial Pipeline CEO Joseph Blount apologized on Tuesday for the impact of a cyberattack that shut down the major fuel provider last month.The Hill
June 8, 2021 – Phishing
Nearly Two Percent of Top-Grossing Apps on App Store Found Siphoning Off $48 Million From Users Full Text
Abstract
Of the highest 1,000 grossing apps on the App Store, nearly two percent are scams, according to an analysis by The Washington Post. These apps have resulted in $48 million worth of losses for users.Washington Post
June 08, 2021 – Vulnerabilities
Microsoft Office MSGraph vulnerability could lead to code execution Full Text
Abstract
Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine.BleepingComputer
June 8, 2021 – Vulnerabilities
Organizations without vulnerability disclosure policies failing to address researchers’ security warnings Full Text
Abstract
Up to a third of all security flaws reported to organizations with no vulnerability disclosure policy (VDP) are not being patched due to failings in the disclosure process, a new report suggests.The Daily Swig
June 8, 2021 – Business
Horizon3.ai looks to expand NodeZero tech with new funding Full Text
Abstract
Horizon3.ai wants to change the way companies address cyberattacks through automation, announcing a new round of funding of $8.5 million led by SignalFire. The cash infusion is a combination of two rounds of funding – a seed funding of $3 million and Series A funding of $5.5 million. According to Antani, the funding will be…SCMagazine
June 08, 2021 – Government
FBI and AFP created a fake encrypted chat platform to catch criminals Full Text
Abstract
In the largest and most sophisticated law enforcement operations to date, a joint international law enforcement created a fake end-to-end encrypted chat platform designed solely to catch criminals.BleepingComputer
June 8, 2021 – Outage
New York City’s Law Department Suffers Network Outage Following Ransomware Attack Full Text
Abstract
City officials said they had disconnected the Law Department computers from the city’s larger network on Sunday afternoon. It remained unclear who was behind the incident, according to an official.New York Times
June 08, 2021 – Outage
StackOverflow, Twitch, Reddit, others down in Fastly CDN outage Full Text
Abstract
Major websites around the world are either completely down or not loading properly in a global outage.BleepingComputer
June 8, 2021 – Vulnerabilities
Security vulnerability in Hyperkitty could expose private data Full Text
Abstract
Hyperkitty, a web interface for the popular open source mailing list and newsletter management service Mailman, has patched a critical bug that revealed private mailing lists while importing them.The Daily Swig
June 08, 2021 – Government
Five key parts of the Senate’s sweeping China competitiveness bill Full Text
Abstract
The Senate is poised to approve bipartisan legislation Tuesday afternoon that would invest billions to put the U.S. on more even footing with China on a range of emerging technology issues, including addressing the semiconductor shortage and funding critical research.The Hill
June 08, 2021 – Vulnerabilities
New UAF Vulnerability Affecting Microsoft Office to be Patched Today Full Text
Abstract
Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers from Check Point research said in a report published today. Three of the four flaws — tracked as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 — have been fixed by Microsoft as part of its Patch Tuesday update for May 2021, with the fourth patch (CVE-2021-31939) to be issued in June's update rolling out later today. In a hypothetical attack scenario, the researchers said the vulnerability could be triggered as simply as opening a malicious Excel (.XLS) file that's served via a download link or an email. Arising out of parsing mistakes made in legacy code found in Excel 9The Hacker News
June 8, 2021 – Outage
Large Parts of Internet Offline Today Following Cloud Provider Issue Full Text
Abstract
A failure in Fastly's CDN system led to a number of major websites going offline earlier todayInfosecurity Magazine
June 8, 2021 – Outage
Spotify, PayPal, GitHub, and other major websites down due to Fastly CDN outage Full Text
Abstract
A large number of popular websites including Reddit, Spotify, PayPal, GitHub, gov.uk, CNN, and the BBC are currently facing problems due to a glitch at Fastly CDN provider. A large number of popular websites, including BCC, CNN, GitHub, gov.uk, HBO Max,...Security Affairs
June 8, 2021 – Government
DHS chooses companies to run civilian agency vulnerability disclosure programs Full Text
Abstract
The Department of Homeland Security announced Tuesday that it will partner with vulnerability disclosure platform Bugcrowd and government technology, environmental and safety services contractor EnDyna to provide a civilian agency vulnerability disclosure program platform.SCMagazine
June 8, 2021 – Business
Billions of Compromised Records and Counting: Why the Application Layer is Still the Front Door for Data Breaches Full Text
Abstract
Security teams should brace for an unsettling and unprecedented year, as we’re on pace to see 40 billion records compromised by the end of 2021. Imperva’s Terry Ray explains what security teams need to do to bolster their defenses.Threatpost
June 8, 2021 – Business
Seattle cybersecurity startup ExtraHop to be acquired by private equity firms in $900M deal Full Text
Abstract
ExtraHop uses machine learning to help companies prevent, detect, and eliminate threats on their networks, operating in a sector of cybersecurity called “network detection and response.”Geek Wire
June 08, 2021 – Ransomware
Capitol Hill vendor hit by ransomware attack: report Full Text
Abstract
A tech vendor used by dozens of House offices on Capitol Hill for constituent outreach services has reportedly been hit by a ransomware attack, becoming the latest victim in a series of cyberattacks to target U.S.-based entities.The Hill
June 08, 2021 – Privacy
Top 10 Privacy and Security Features Apple Announced at WWDC 2021 Full Text
Abstract
Apple on Monday announced a number of privacy and security-centric features to its upcoming versions of iOS and macOS at its all-online Worldwide Developers Conference. Here is a quick look at some of the big-ticket changes that are expected to debut later this fall: 1 — Just Patches, Not Entire OS Update Every Time: As rumored before , users now have a choice between two software update versions in the Settings app. Users can either opt to update to the latest version of iOS 15 for all the latest features and most complete set of security updates or continue on iOS 14 and still get important security updates until they are ready to migrate to the next major version. 2 — Built-in 2-Factor Authenticator: The new versions of iOS and macOS come with new options that allow users to generate two-factor authentication codes for each of the online accounts saved to iCloud Keychain (Settings > Passwords) without the need for downloading additional apps like Google AuthenticaThe Hacker News
June 8, 2021 – Criminals
Evil Corp Rebrands Ransomware to Escape Sanctions Full Text
Abstract
Notorious threat group copies name of new Babuk "PayloadBin" leak siteInfosecurity Magazine
June 8, 2021 – Policy and Law
Trojan Shield, the biggest ever police operation against encrypted communications Full Text
Abstract
Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The US Federal Bureau of Investigation (FBI), the Dutch National Police (Politie), and the Swedish...Security Affairs
June 8, 2021 – Hacker
Evil Corp Impersonates PayloadBin Group to Avoid Federal Sanctions Full Text
Abstract
The cybercriminals try to pin new ransomware on Babuk Locker in an effort to fly under the radar of an ongoing FBI investigation.Threatpost
June 8, 2021 – Malware
Gootkit: the cautious Trojan Full Text
Abstract
Initially, it was distributed via spam and exploits kits such as Spelevo and RIG. Using spam campaigns, attackers later switched to compromised sites which trick victims into downloading the malware.Kaspersky Labs
June 08, 2021 – Accident
News, social media sites hit by global internet outage Full Text
Abstract
Multiple news and social media websites were unavailable Tuesday morning, with some reports suggesting a global internet outage may have forced the sites offline.The Hill
June 08, 2021 – Policy and Law
U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers Full Text
Abstract
In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins (currently valued at $2.3 million) paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California. The ransomware attack also hobbled the pipeline company's fuel supply, prompting the government to issue an emergency declaration , even as the company shelled out a ransom amount of approximately 75 bitcoins ($4.4 million as of May 8) to regain access to its systems. A week after the highly publicized incident, the ransomware-as-a-service syndicate disbanded with a May 14 farewell message to affiliates, stating that its internet servers and cryptocurrency stash were seized by unknown law enforcement entities. While DarkSide's announcement was perceived as an exit scam, the latest move from DoJ confirms earlier speculations of law enforcement involvement. Stating that "The Hacker News
June 8, 2021 – Policy and Law
French Antitrust Regulator Slaps $268 Million Fine on Google Full Text
Abstract
The tech giant has been fined for favoring its own Google Ad Manager technologiesInfosecurity Magazine
June 8, 2021 – Government
US authorities recovered most of the ransom paid by Colonial Pipeline Full Text
Abstract
US officials announced to have recovered most of the $4.3 million ransom that Colonial Pipeline paid to the DarkSide ransomware gang last month. During a video press conference, US officials announced to have recovered most of the $4.3 million ransomware...Security Affairs
June 8, 2021 – Attack
Military Vehicles Maker Navistar Reports Data-Theft Cyberattack Full Text
Abstract
In a Form 8-K filing with the Securities and Exchange Commission (SEC), Navistar said it learned of a credible potential cybersecurity threat to its information technology system on May 20, 2021.Security Week
June 8, 2021 – General
DoJ Seizes Millions in Ransom Paid by Colonial Pipeline to Darkside Hackers Full Text
Abstract
The Justice Department recovered roughly $2.3 million of the $4.4 million reportedly paid to the Russian groupInfosecurity Magazine
June 8, 2021 – Government
Energy Chief Cites Risk of Cyberattacks Crippling Power Grid Full Text
Abstract
Energy Secretary Jennifer Granholm called for more public-private cooperation on cyber defenses and said adversaries already are capable of using cyber intrusions to shut down the U.S. power grid.Security Week
June 8, 2021 – Policy and Law
FBI and Australian police ran an encrypted chat platform to catch criminal gangs Full Text
Abstract
The FBI and Australian Federal Police ran an encrypted chat platform and intercepted secret messages between criminal gang members from all over the world for more than three years.The Record
June 8, 2021 – Criminals
Cybercriminals Publish Largest Ever Password Compilation with 8.4 Billion Entries on Hacker Forum Full Text
Abstract
Since most people reuse their passwords across multiple apps and websites, the number of accounts affected by credential stuffing and password spraying attacks in the wake of this leak is likely huge.Security Affairs
June 8, 2021 – Breach
Ransomware Operators Struck Another Pipeline Firm LineStar Integrity Services and Leaked 70GB of Data Full Text
Abstract
Xing Team posted to its dark web site a collection of files stolen from LineStar Integrity Services, which provides auditing, compliance, maintenance, and technology services to pipeline customers.Wired
June 8, 2021 – Phishing
Online Casino Users Receive Deceptive Emails Saying They Won The Big Prize Full Text
Abstract
In this campaign, the spammers are exploiting affiliate programs to advertise online casinos such as Ducky Luck, Raging Bull Casino, Sports and Casino, using deceptive emails.Heimdal Security
June 07, 2021 – General
Hillicon Valley: Cryptocurrency recovered from Colonial deal | Google settles French ad case | Republicans under pressure over tech donations Full Text
Abstract
Millions of dollars in cryptocurrency paid out by Colonial Pipeline have been recovered, American authorities announced Monday; reports have suggested that roughly $2.3 million were gotten back from the DarkSide network. In other news, Google settled an antitrust case with French authorities over its ad market dominance.The Hill
June 7, 2021 – Breach
RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries Full Text
Abstract
RockYou2021, the largest password compilation of all time has been leaked on a popular hacker forum, it contains 8.4 billion entries of passwords. Original post at: https://cybernews.com/security/rockyou2021-alltime-largest-password-compilation-leaked/ What...Security Affairs
June 7, 2021 – Hacker
TeamTNT attacks IAM credentials of AWS and Google Cloud Full Text
Abstract
Threat actors that targeted AWS cloud environments are now also targeting the credentials of 16 additional applications, including the AWS apps as well as Google Cloud credentials.SCMagazine
June 7, 2021 – Policy and Law
Feds recover $2.3 million from Colonial Pipeline ransom Full Text
Abstract
The announcement is compelling, as the public and private sector alike struggle to manage the response to a recent surge of ransomware attacks. More frequent recovery of funds after a ransom payment could shift the risk dynamic associated with these attacks for the business community, while also removing the financial incentive for attackers.SCMagazine
June 7, 2021 – Government
FBI Claws Back Millions of DarkSide’s Ransom Profits Full Text
Abstract
The tables have been turned, the FBI & DOJ said after announcing the use of blockchain technology to track down the contents of DarkSide’s cryptocurrency wallet.Threatpost
June 7, 2021 – General
New grant program will split $3M in cyber services among six US school districts Full Text
Abstract
Fifty percent of the districts that applied for the grant said they have less than $100,000 allocated annually toward cybersecurity.SCMagazine
June 07, 2021 – Attack
US recovers most of Colonial Pipeline’s $4.4M ransomware payment Full Text
Abstract
The US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation.BleepingComputer
June 7, 2021 – Hacker
Hacker Group Gunning for Musk Full Text
Abstract
Anonymous blasts billionaire for “superiority complex” and alleged Bitcoin trollingInfosecurity Magazine
June 07, 2021 – General
US recovers millions in cryptocurrency paid to Colonial Pipeline hackers: report Full Text
Abstract
U.S. investigators have recovered millions of dollars in cryptocurrency that Colonial Pipeline paid hackers last month to end a ransomware attack on its systems, according to CNN.The Hill
June 7, 2021 – Malware
Siloscape, first known malware that drops a backdoor into Kubernetes clusters Full Text
Abstract
Siloscape is a new strain of malware that targets Windows Server containers to execute code on the underlying node and spread in the Kubernetes cluster. Researchers from Palo Alto Networks have spotted a piece of malware that targets Windows Server...Security Affairs
June 7, 2021 – APT
Novel ‘Victory’ Backdoor Spotted in Chinese APT Campaign Full Text
Abstract
Researchers said the malware has been under development for at least three years.Threatpost
June 07, 2021 – Cryptocurrency
Hands on with Norton antivirus Ethereum mining: The good and the bad Full Text
Abstract
Last week, NortonLifelock announced that the Norton 360 antivirus suite would soon be able to mine Ethereum cryptocurrency while the computer is idle. In this article, we go hands-on with the new 'Norton Crypto' feature to show what's good about it and what's bad.BleepingComputer
June 7, 2021 – Malware
Windows Container Malware Targets Kubernetes Clusters Full Text
Abstract
“Siloscape”, the first malware to target Windows containers, breaks out of Kubernetes clusters to plant backdoors and raid nodes for credentials.Threatpost
June 7, 2021 – General
The cost of ransomware attacks worldwide will go beyond $265 billion in the next decade Full Text
Abstract
Ransomware is one of the most potentially damaging and very popular types of malware. The cost of ransomware incidents worldwide is expected to spiral out of control, exceeding $265 billion by 2031.ZDNet
June 7, 2021 – Privacy
Google’s FLoC: Privacy Gone Amok? Full Text
Abstract
Google’s cookie replacement, FLoC, is coming under heavy criticism from privacy experts.Infosecurity Magazine
June 07, 2021 – Breach
US truck and military vehicle maker Navistar discloses data breach Full Text
Abstract
Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered at the end of last month.BleepingComputer
June 7, 2021 – Vulnerabilities
NSW Health confirms data breached due to Accellion vulnerability Full Text
Abstract
The Accellion FTA file sharing system was widely used to share and store files by organizations around the world, including NSW Health, the government entity said on Friday afternoon.ZDNet
June 7, 2021 – Business
CloudQuest Acquired by Deloitte Full Text
Abstract
Deloitte snaps up Silicon Valley–based security posture management providerInfosecurity Magazine
June 7, 2021 – Attack
California City Hid Cyber-attack Full Text
Abstract
Azusa kept quiet about ransomware attack that netted cyber-criminals $65KInfosecurity Magazine
June 7, 2021 – Malware
New Siloscape malware targets Windows containers and highlights security pitfalls Full Text
Abstract
Researchers at Palo Alto Unit 42 have discovered what they think is the first malware strain known to target Windows cloud containers. In new research unveiled June 7, senior security researcher Daniel Prizmant wrote that the malware, called Siloscape, attacks misconfigured Kubernetes clusters and allows for the creation of malicious containers that a threat actor…SCMagazine
June 7, 2021 – Phishing
Ukrainian Organizations Hit by Massive Russian Spear-Phishing Campaign Full Text
Abstract
The spear-phishing attack campaign took place in early June last week, according to alerts published by the Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine.The Record
June 07, 2021 – General
Shifting the focus from reactive to proactive, with human-led secure coding Full Text
Abstract
The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now, a new research study points to a new, human-led direction. The following discusses insights derived from a study conducted by Secure Code Warrior with Evans Data Corp titled 'Shifting from reaction to prevention: The changing face of application security' (2021) exploring developers attitudes towards secure coding, secure code practices, and security operations. Read the report. In the study, developers and development managers were asked about their common secure coding practices. The top three methods highlighted were: Scanning applications for irregularities or vulnerabilities after they are deployed Scrutinizing write code to inspect for irregularities or vulnerabilities The reuse of pre-approved code thThe Hacker News
June 7, 2021 – General
Finally! A Cybersecurity Safety Review Board Full Text
Abstract
The creation of the Cyber Safety Review Board is a good first step, but additional action can magnify the value the board offers.Lawfare
June 7, 2021 – Covid-19
South Korea Under Major Cyberattacks in Pandemic’s Era Full Text
Abstract
South Korea Ransomware attacks have escalated over the past year in South Korea, crippling hospitals and shopping malls, as the coronavirus outbreak has increased Internet activity, according to Ciso.Softpedia
June 07, 2021 – Malware
New Kubernetes malware backdoors clusters via Windows containers Full Text
Abstract
New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities.BleepingComputer
June 7, 2021 – Business
Identity verification company Trulioo lands $394M Full Text
Abstract
Online identity verification platform Trulioo has closed a $394 million series D round of funding at a $1.75 billion valuation. The round was led by growth equity firm TCV.Venture Beat
June 07, 2021 – Malware
Researchers Discover First Known Malware Targeting Windows Containers Full Text
Abstract
Security researchers have discovered the first known malware, dubbed " Siloscope ," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher Daniel Prizmant. "Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers such as, but not limited to, cryptojackers." Siloscape, first detected in March 2021, is characterized by several techniques, including targeting common cloud applications such as web servers to gain an initial foothold via known vulnerabilities, following which it leverages Windows container escape techniques to break out of the confines of the container and gain remote code execution on the underlying node. A container is an isolated, lightweight silo for running an application on the host operating system. The malware&The Hacker News
June 7, 2021 – Business
Qualys Announces Passing of Philippe Courtot, it’s CEO of the Past 20 Years Full Text
Abstract
Courtot became CEO of Qualys in 2001, leading its global expansionInfosecurity Magazine
June 7, 2021 – Phishing
Russia behind a massive spear-phishing campaign that hit Ukraine Full Text
Abstract
Ukraine warned of a “massive” spear-phishing campaign carried out by Russia-linked threat actors against its government and private businesses. Three Ukrainian cybersecurity agencies (Ukrainian Secret Service, Ukrainian Cyber Police, and CERT...Security Affairs
June 7, 2021 – Vulnerabilities
Critical zero-day vulnerabilities found in ‘unsupported’ Fedena school management software Full Text
Abstract
Fedena, an open-source school and college management system, contains seven security vulnerabilities, including two critical vulnerabilities that can be exploited without authentication.The Daily Swig
June 07, 2021 – Breach
Hackers Breached Colonial Pipeline Using Compromised VPN Password Full Text
Abstract
The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed. The development, which was reported by Bloomberg on Friday, involved gaining an initial foothold into the networks as early as April 29 through the VPN account, which allowed employees to access the company's networks remotely. The VPN login was unused but active at the time of the attack, the report said, adding the password has since been discovered inside a batch of leaked passwords on the dark web, suggesting that an employee of the company may have reused the same password on another account that was previously breached. It's, however, unclear how the password was obtained, Charles Carmakal, senior vice president at the cybersecurity firm Mandiant, was quoted as saying to the publication. The FireEye-owned subsidiThe Hacker News
June 7, 2021 – Attack
Colonial Pipeline Incident Sparks ‘Help Desk’ Phishing Attacks Full Text
Abstract
Cyberattackers are now using the notoriety of the Colonial Pipeline ransomware attack to wage further phishing campagnsInfosecurity Magazine
June 7, 2021 – Vulnerabilities
Experts found an RCE vulnerability in QNAP Q’center Full Text
Abstract
Researchers at cybersecurity firm Shielder discovered a remote code execution on QNAP Q’center through a manipulated QPKG installation package. Researchers at cybersecurity firm Shielder discovered a remote code execution flaw on QNAP Q’center...Security Affairs
June 7, 2021 – General
Australians spent $20.5m in cryptocurrency to pay scammers in 2020 Full Text
Abstract
Australians in 2020 reported losses to scams totaled $660 million, with $99.36 million lost to BEC, $6.52 million classed as remote access scams, and $2.41 million as a result of identity theft.ZDNet
June 07, 2021 – Policy and Law
Latvian Woman Charged for Her Role in Creating Trickbot Banking Malware Full Text
Abstract
The U.S. Department of Justice (DoJ) on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware. The woman in question, Alla Witte , aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6. Witte has been charged with 19 counts, including conspiracy to commit computer fraud and aggravated identity theft, wire and bank fraud affecting a financial institution, and money laundering. According to heavily redacted court documents released by the DoJ, Witte and 16 other unnamed cohorts have been accused of running a transnational criminal organization to develop and deploy a digital suite of malware tools with an aim to target businesses and individuals worldwide for theft and ransom. Since its origin as a banking Trojan in late 2015, TrickBot has evolved into a " crimeware-as-a-service " capable of pilfering valuable personal and financial information and even droppiThe Hacker News
June 7, 2021 – Policy and Law
Latvian Woman Charged with Developing Malware for Trickbot Full Text
Abstract
The indictment claimed that Alla Witte helped to develop code related to the control, deployment and payments of ransomwareInfosecurity Magazine
June 7, 2021 – Cryptocurrency
Russian cybercrime forums launch contests for cryptocurrency hacks Full Text
Abstract
Cybercriminals in Russian underground forums have been invited to take part in competitions for hacking cryptocurrency and NFT. Several Russian underground forums have launched competitions for hacking cryptocurrency schema and Non-fungible token...Security Affairs
June 7, 2021 – Government
Ransomware attacks ‘are here to stay,’ Commerce secretary says Full Text
Abstract
US Commerce Secretary Gina Raimondo argued that the good news in all this was that businesses can make relatively simple changes to protect themselves against such attacks.Politico
June 7, 2021 – Ransomware
Warning of New Ransomware Surge in Education Sector Full Text
Abstract
Ransomware has led to the loss of student coursework, school financial records and data relating to COVID-19 testingInfosecurity Magazine
June 7, 2021 – Malware
US Justice Department accuses Latvian national of deploying Trickbot malware Full Text
Abstract
The DoJ charged a Latvian woman for her alleged role in creating and deploying Trickbot, the computer banking trojan that has evolved to become a highly popular form of malware among cybercriminals.ZDNet
June 7, 2021 – Denial Of Service
STUN Servers Increasingly Exploited for DDoS-for-Hire Services Full Text
Abstract
NETSCOUT warned organizations that STUN servers have been increasingly abused for DDoS attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors.Security Week
June 7, 2021 – Ransomware
EpsilonRed Ransomware Group Targets India-based Financial Software Provider Nucleus Software Exports Full Text
Abstract
An Indian company that provides lending software to banks and retail stores suffered a major ransomware attack that crippled some of its internal networks and encrypted sensitive business information.The Record
June 7, 2021 – APT
Kimsuky APT Group is Evolving; A Matter to be Worried About Full Text
Abstract
North Korean APT group Kimsuky, also known as Thallium, Black Banshee, and Velvet Chollim, has been found adopting new TTPs as it continues to launch espionage attacks.Cyware Alerts - Hacker News
June 7, 2021 – Covid-19
New Covid vaccine SMS scam targets Indian users Full Text
Abstract
A new Android malware is spreading through SMS by luring people to click on a link impersonating a free registration website for the COVID-19 vaccination program in India.The Times Of India
June 06, 2021 – Ransomware
New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions Full Text
Abstract
The new PayloadBIN ransomware has been attributed to the Evil Corp cybercrime gang, rebranding to evade sanctions imposed by the US Treasury Department's Office of Foreign Assets Control (OFAC).BleepingComputer
June 6, 2021 – General
Are We Waiting for Everyone to Get Hacked? Full Text
Abstract
In just the past few months, hackers — we still don’t know who — were caught messing with the chemical controls at a water treatment plant in Florida, in what appeared to be an attempt to contaminate the water supply just ahead of Super Bowl weekend.New York Times
June 06, 2021 – General
Warner: Debate on making it illegal to pay ransoms ‘worth having’ Full Text
Abstract
Sen. Mark Warner (D-Va.), the chairman of the Senate Intelligence Committee, said on Sunday that it is worth debating whether to make paying ransoms illegal after cyberattacks disrupted operations at energy and meat production firms in the U.S.The Hill
June 6, 2021 – APT
Chinese SharpPanda APT developed a new backdoor in the last 3 years Full Text
Abstract
Check Point Research (CPR) said that the Chinese APT group SharpPanda spent three years developing a new backdoor to spy on Asian governments. Researchers from Check Point Research (CPR) discovered a new backdoor while investigating a cyber espionage...Security Affairs
June 06, 2021 – Business
Signal app safety numbers do not always change — here’s why Full Text
Abstract
This week, security researchers have steered attention towards an interesting finding while using Signal apps across multiple platforms. When you or your contact reinstall the Signal app or switch over to a new device, the Signal safety number between you two does not always change.BleepingComputer
June 6, 2021 – General
Ransomware attacks are closing schools, delaying chemotherapy and derailing everyday life Full Text
Abstract
Ransomware attacks are not new. The money at stake has changed drastically, however, inflating from thousands to millions of dollars, and the targets are more sophisticated as well.Anchorage Daily News
June 6, 2021 – General
Security Affairs newsletter Round 317 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Facefish Backdoor...Security Affairs
June 06, 2021 – Solution
Google, Microsoft, and Mozilla work together on better browser extensions Full Text
Abstract
Google, Microsoft, Apple, and Mozilla have launched the WebExtensions Community Group (WECG) to collaborate on standardizing browser extensions to enhance both security and performance.BleepingComputer
June 6, 2021 – General
Americans face mounting risk of hackers taking over brokerage accounts, regulators say Full Text
Abstract
The Financial Industry Regulatory Authority said in a recent notice that it has “received an increasing number of reports regarding customer account takeover incidents, which involve bad actors using compromised customer information.”Market Watch
June 6, 2021 – Ransomware
REvil Ransomware spokesman releases an interview on recent attacks Full Text
Abstract
The REvil ransomware operators said in an interview on the "Russian OSINT" Telegram channel that they accidentally targeted United States-based firms. The recent attack against JBS Foods conducted by REvil ransomware gang (aka Sodinokibi) triggered...Security Affairs
June 06, 2021 – Business
Amazon to share your Internet with neighbors on Tuesday - How to opt out Full Text
Abstract
Amazon will be launching the Amazon Sidewalk service on Tuesday that automatically opts-in your Echo and Ring devices into a new feature that shares your Internet with your neighbors. Here's more about this new feature and how to opt-out of sharing your bandwidth with other Amazon devices.BleepingComputer
June 6, 2021 – Ransomware
A favor from Russian ransomware hackers Full Text
Abstract
When President Joe Biden meets with Russian President Vladimir Putin later this month, he will undoubtedly bring up -- as he should -- the matter of repeated ransomware attacks against US targets by Russian-based hackers.CNN Money
June 05, 2021 – Business
GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks Full Text
Abstract
Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service. "We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits," the Microsoft-owned company said . "We understand that many security research projects on GitHub are dual-use and broadly beneficial to the security community. We assume positive intention and use of these projects to promote and drive improvements across the ecosystem." Stating that it will not allow the use of GitHub in direct support of unlawful attacks or malware campaigns that cause technical harm, the company said it may take steps to disrupt ongoing attacks that leverage the platform as an exploit or a malware content delivery network (CDN). To that end, users are refrained from uploading, posting, hosting, or transmitting any coThe Hacker News
June 05, 2021 – Government
Senate sergeant at arms says cyberattack more worrisome than repeat of Jan. 6 insurrection Full Text
Abstract
Senate Sergeant at Arms Karen Gibson said Saturday she is more concerned about a cyberattack on the government than another insurrection like the one that rocked Capitol Hill on Jan. 6.The Hill
June 05, 2021 – Education
Break Into Ethical Hacking With 18 Training Courses For Just $42.99 Full Text
Abstract
It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-One 2021 Super-Sized Ethical Hacking Bundle helps you gain both, with 18 courses covering all aspects of cybersecurity. Normally, you pay $3,284 for this training, but you can get it now for only $42.99 via The Hacker New Deals. The purpose of ethical hacking is to find weaknesses in the system that a malicious hacker may exploit. A certified expert can work either full-time or freelance, earning up to $149,000 a year, according to PayScale. This bundle would be perfect for anyone interested in the field of cybersecurity, offering the opportunity to start off on the right foot. Starting with the fundamentals, the beginner-friendly instruction will take you all the way to high-level teThe Hacker News
June 05, 2021 – Business
TikTok Quietly Updated Its Privacy Policy to Collect Users’ Biometric Data Full Text
Abstract
Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform. The policy change, first spotted by TechCrunch , went into effect on June 2. TikTok users who reside in the European Economic Area (EEA), the U.K., Switzerland, and other geographies (excluding India) where the service operates are exempted from the changes. "We may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection," the ByteDance-owned company said in a newly introduced section called "Image and Audio Information." On top of this, the company's privacy policy also notes that it may collect information about "the nature of theThe Hacker News
June 05, 2021 – Vulnerabilities
ALERT: Critical RCE Bug in VMware vCenter Server Under Active Attack Full Text
Abstract
Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. The ongoing activity was detected by Bad Packets on June 3 and corroborated yesterday by security researcher Kevin Beaumont. "Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution," tweeted Troy Mursch, chief research officer at Bad Packets. The development follows the publication of a proof-of-concept (PoC) RCE exploit code targeting the VMware vCenter bug. Tracked as CVE-2021-21985 (CVSS score 9.8), the issue is a consequence of a lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which could be abused by an attacker to execute commands with unrestricted privileges on the underlying operating system that hosts the vCenter Server. Although the flaw was rectified by VMwarThe Hacker News
June 5, 2021 – Policy and Law
US arrested Latvian woman who developed part of Trickbot malware Full Text
Abstract
The US Department of Justice (DOJ) announced the arrest of a Latvian woman for her alleged role in the development of the Trickbot malware. The US Department of Justice (DOJ) announced the arrest of Alla Witte (aka Max), a Latvian woman that was charged...Security Affairs
June 05, 2021 – Business
GitHub’s new policies allow removal of PoC exploits used in attacks Full Text
Abstract
GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service.BleepingComputer
June 5, 2021 – Botnet
TeaBot and FluBot - Thugs in Banker’s Disguise Full Text
Abstract
Security researchers have found a new batch of malicious Android applications trying to lure victims by impersonating popular applications. The targeted applications were mostly from renowned financial institutions while spreading TeaBot and FluBot trojans. The use of fake or lookalike malicious a ... Read MoreCyware Alerts - Hacker News
June 5, 2021 – Ransomware
BlackCocaine Ransomware, a new malware in the threat landscape Full Text
Abstract
Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021,...Security Affairs
June 05, 2021 – Disinformation
Watch out: These online casino emails never pay what they promise Full Text
Abstract
Spammers are abusing affiliate programs to promote online casinos, such as Raging Bull Casino, Sports and Casino, Ducky Luck, and Royal Ace Casino, with misleading emails.BleepingComputer
June 5, 2021 – Criminals
Cybercriminals Target Retail Chains and Food Joints Full Text
Abstract
Almost all retail businesses today depend on the internet for most of their operations. While they invest in state-of-the-art platforms, meeting adequate security protocols appears to be a blockage. Retail firms are recommended to invest regularly in their existing security solutions and stay ... Read MoreCyware Alerts - Hacker News
June 5, 2021 – Policy and Law
DoJ: Investigations into ransomware attacks must have similar priority as terrorism Full Text
Abstract
The U.S. Department of Justice was to assign investigation on ransomware attacks the same priority as terrorism in the wake of the Colonial Pipeline hack. The U.S. Department of Justice plans to equate investigations into ransomware attacks with investigations...Security Affairs
June 5, 2021 – Malware
New Techniques Allow Malware to Bypass Antivirus Defenses Full Text
Abstract
Academics from two European universities devised Cut-and-Mouse and Ghost Control attack techniques that affect the protected folder feature offered by antivirus programs. Malware authors are continuously attempting to sneak past security defenses and the discovery of attack scenarios like these can ... Read MoreCyware Alerts - Hacker News
June 5, 2021 – Government
US CISA published a guide to better use the MITRE ATT&CK framework Full Text
Abstract
The U.S. CISA announced the availability of a new guide for cyber threat intelligence experts on the use of the MITRE ATT&CK framework. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released a new guide for cyber threat...Security Affairs
June 5, 2021 – Breach
Hackers Breached Colonial Pipeline Using Compromised Password Full Text
Abstract
The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.Bloomberg Quint
June 5, 2021 – Vulnerabilities
Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE Full Text
Abstract
The flaw is caused by the lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in the vCenter Server. The vulnerability has received a CVSS score of 9.8 and impacts vCenter Server 6.5, 6.7, and 7.0.Security Affairs
June 5, 2021 – Attack
German cooperative banks hit by DDoS hack attack on IT provider Full Text
Abstract
A German company that operates technology for the nation’s cooperative banks said on Friday that a cyber attack disrupting more than 800 financial institutions appeared to be easing.Reuters
June 5, 2021 – Hacker
TeamTNT Operations Actively Enumerating Cloud Environments Full Text
Abstract
TeamTNT operations have targeted and, after compromise, exfiltrated AWS credentials, targeted Kubernetes clusters, and created new malware called Black-T that integrates open source cloud-native tools to assist in their cryptojacking operations.Palo Alto Networks
June 5, 2021 – General
The rise of cybersecurity debt Full Text
Abstract
Once again, amid this flurry of malicious cyber activity, we must ask or answer a fundamental question about the state of our cybersecurity defense: Why does this keep happening?TechCrunch
June 5, 2021 – Outage
Cybersecurity issues close Des Moines Area Community College Full Text
Abstract
Des Moines Area Community College closed Friday following a cybersecurity issue impacting its IT system. According to an update on the DMACC Facebook page, a “security incident” on Wednesday caused the school to shut down parts of its network.KCCI
June 5, 2021 – General
TV news stations become apparent target in next cyberattack Full Text
Abstract
ABC affiliate WFTV in Orlando, Florida, and NBC affiliate WPXI in Pittsburgh, which are both owned by the Cox Media Group, were told Thursday by managers to shut down company computers and phones.NBC News
June 04, 2021 – Ransomware
The Week in Ransomware - June 4th 2021 - Where’s the beef? Full Text
Abstract
Ransomware has continued to be part of the 24-hour news cycle as another significant attack against critical infrastructure took place this week.BleepingComputer
June 04, 2021 – Vulnerabilities
Attackers are scanning for vulnerable VMware servers, patch now! Full Text
Abstract
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago.BleepingComputer
June 4, 2021 – Vulnerabilities
Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE Full Text
Abstract
Hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware. Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution...Security Affairs
June 04, 2021 – Policy and Law
US charges Latvian for helping develop the Trickbot malware Full Text
Abstract
The US Department of Justice announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization.BleepingComputer
June 04, 2021 – General
Hillicon Valley: Facebook suspending Trump until at least 2023 | FBI director draws ‘parallels’ between ransomware attacks and 9/11 | Reports: Cox Media Group websites hacked in ransomware attack Full Text
Abstract
Former President TrumpDonald TrumpFacebook to end policy shielding politicians from content moderation rules: reports US government found no evidence that Navy UFO sightings were alien spacecraft: report More than a dozen police officers still on medical leave from Jan. 6 injuries MORE will not be allowed back on Facebook for at least two years, according to the company’s Friday announcement that also included new enforcement protocol. Meanwhile, FBI Director Christopher Wray compared the increasing ransomware hacks to the Sept. 11, 2001 terrorist attacks. And Facebook was hit with new antitrust probes abroad from the European Union and the United Kingdom.The Hill
June 4, 2021 – General
Employees rely too much on threat hunting teams to protect their own inboxes Full Text
Abstract
Research finds 67.6% of email security incidents are discovered by internal threat hunting teams, while 24% are found and reported by employees.SCMagazine
June 4, 2021 – General
Will feds mandate third-party code reviews? Developers and cyber experts are skeptical Full Text
Abstract
Some industry groups are warning the U.S. government that third-party testing or review would be overly intrusive and might not add much benefit, especially if the focus is on source code or earlier stages of the development process.SCMagazine
June 4, 2021 – Outage
Cyberattack Suspected in Cox TV and Radio Outages Full Text
Abstract
Cox Media Group tv, radio station streams affected by a reported ransomware attack.Threatpost
June 4, 2021 – Solution
‘Gatekeeper’ Google aims for safer extension installs, fewer phishing attacks Full Text
Abstract
As one researcher warned, being in the gatekeeper position of determining what’s trustworthy gives tremendous influence to an organization that owns more than three-quarters of browser market.SCMagazine
June 04, 2021 – Government
FBI director draws ‘parallels’ between ransomware attacks and 9/11 Full Text
Abstract
FBI Director Christopher Wray is comparing the increasing ransomware hacks on critical U.S. companies to the September 11, 2001 terrorist attacks.The Hill
June 04, 2021 – Phishing
Phishing uses Colonial Pipeline ransomware lures to infect victims Full Text
Abstract
The recent ransomware attack on Colonial Pipeline inspired a threat actor to create create a new phishing lure to trick victims into downloading malicious files.BleepingComputer
June 4, 2021 – Government
US to Treat Ransomware Like Terrorism Full Text
Abstract
Department of Justice says ransomware attacks to be prioritized similarly to terrorist strikesInfosecurity Magazine
June 04, 2021 – Vulnerabilities
Attackers scan for unpatched VMware vCenter servers, PoC exploit available Full Text
Abstract
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago.BleepingComputer
June 4, 2021 – Botnet
Necro Python bot now enhanced with new VMWare, server exploits Full Text
Abstract
Operators behind the Necro Python botnet have added new features to their bot, including VMWare and server exploits. Experts from Cisco Talos have recently observed a new Necro Python bot campaign and noticed that its developers have improved its capabilities. The...Security Affairs
June 4, 2021 – Ransomware
Fujifilm confirms ransomware attack on systems in Japan Full Text
Abstract
In a statement today, the company also said that the impact of the unauthorized access was confined to a specific network in Japan and that they had started to bring network, servers and computers confirmed as safe back into operation.SCMagazine
June 4, 2021 – General
More US Kids Warned About Internet Than Unsafe Sex Full Text
Abstract
American parents prioritize internet safety education ahead of sexual safety awarenessInfosecurity Magazine
June 4, 2021 – General
Managing security in the spotlight: TikTok’s CSO Roland Cloutier to kick off InfoSec World Full Text
Abstract
The opening keynote for InfoSec World 2021 will feature Roland Cloutier, chief security officer of TikTok, who will share specific strategies to gain and maintain consumer trust – particularly following security mishaps and political turmoil.SCMagazine
June 04, 2021 – Business
Google announces new experimental Abuse Research Grants Program Full Text
Abstract
Google has announced a new experimental Abuse Research Grants Program for abuse-related issues and tactics outside the scope of existing Vulnerability Research Grants and the Vulnerability Reward Program (VRP).BleepingComputer
June 4, 2021 – Government
Biden Expands Trump’s Investment Ban on Chinese Firms Full Text
Abstract
US entities barred from investing in PRC companies with alleged defense and surveillance tech linksInfosecurity Magazine
June 04, 2021 – Privacy
Google to Let Android Users Opt-Out to Stop Ads From Tracking Them Full Text
Abstract
Google is tightening the privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The change will go into effect sometime in late 2021. The development, which mirrors Apple's move to enable iPhone and iPad users to opt-out of ad tracking, was first reported by the Financial Times. Once the revised policy goes live, Google is expected to completely cut off developers' access to the so-called "Advertising IDs," showing a "string of zeros" in its place. The Google Advertising ID (AAID), analogous to Apple's IDFA , is a unique device identifier that can be used by app developers to track users as they move between apps to target ads better and measure the effectiveness of marketing campaigns. "Starting in late 2021, when a user opts out of interest-based advertising or ads personalization, the advertising identifier will not be available,&qThe Hacker News
June 4, 2021 – General
Artificial Intelligence Act: What Is the European Approach for AI? Full Text
Abstract
The European Commission has unveiled its Artificial Intelligence Act. What's in it?Lawfare
June 4, 2021 – Policy and Law
Supreme Court Limits Scope of Controversial Hacking Law Full Text
Abstract
Judges rule that Georgia police officer did not violate CFAA when he accessed law-enforcement data in exchange for bribe money, a ruling that takes heat off ethical hackers.Threatpost
June 4, 2021 – Business
Colorado-based Cybersecurity Company Coalfire Acquires Denim Group Full Text
Abstract
The company is keeping all employees on staff and moving forward with the continued leadership of Denim Group's Principals John Dickson, Dan Cornell, and Sheridan Chambers.coalfire
June 4, 2021 – Cryptocurrency
Cryptoscammers target ICO investors in Discord Full Text
Abstract
Following the helicopter money and fake cryptocurrency exchange scams, the Discord scam saga continues, this time with cybercriminals targeting online ICO investor communities.Kaspersky Lab
June 4, 2021 – Phishing
Hackers use Colonial pipeline ransomware news for phishing attack Full Text
Abstract
Cyberattackers are now using the notoriety of the Colonial Pipeline ransomware attack to leverage further phishing attacks, according to the findings of a cybersecurity company.ZDNet
June 04, 2021 – Business
Reports: Cox Media Group websites hacked in ransomware attack Full Text
Abstract
Cox Media Group, which owns television and radio stations in 20 media markets around the U.S., was the victim of a ransomware hack Thursday, according to several reports.The Hill
June 04, 2021 – Outage
Fujifilm confirms ransomware attack disrupted business operations Full Text
Abstract
Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations.BleepingComputer
June 4, 2021 – Vulnerabilities
Cisco fixes High-severity issues in Webex, SD-WAN, ASR 5000 software Full Text
Abstract
The IT giant fixed three high-severity vulnerabilities affecting Webex Player for Windows and macOS. Two of these are memory corruption vulnerabilities impacting releases 41.4 and later.Security Affairs
June 04, 2021 – Vulnerabilities
10 Critical Flaws Found in CODESYS Industrial Automation Software Full Text
Abstract
Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from Positive Technologies said . "The main cause of the vulnerabilities is insufficient verification of input data, which may itself be caused by failure to comply with the secure development recommendations." The Russian cybersecurity firm noted that it detected the vulnerabilities on a PLC offered by WAGO, which, among other automation technology companies such as Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, use CODESYS software for programming and configuring the controllers. CODESYS offers a development environment for programming controller applications for use in indusThe Hacker News
June 4, 2021 – General
CISOs Agree That Traditional Application Security Measures Don’t Work Full Text
Abstract
Alert overload and legacy tooling cited as major DevSecOps challengesInfosecurity Magazine
June 4, 2021 – Hacker
China-linked attackers breached Metropolitan Transportation Authority (MTA) using Pulse Secure zero-day Full Text
Abstract
China-linked APT breached New York City's Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. China-linked threat actors breached the network of the New York City's Metropolitan Transportation Authority (MTA)...Security Affairs
June 04, 2021 – Malware
FreakOut malware worms its way into vulnerable VMware servers Full Text
Abstract
A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability.BleepingComputer
June 4, 2021 – Outage
Live Streams Suffer Downtime Across Cox Radio & TV Stations After Potential Ransomware Attack Full Text
Abstract
Live streams for some of the impacted TV stations have returned online, according to checks performed by The Record, but most of the Cox radio streams are still offline at the time of writing.The Record
June 4, 2021 – General
Campaigners Request Meeting with Home Secretary as Part of Computer Misuse Act Review Full Text
Abstract
Many argue that the cyber and technology landscape has changed substantially since the act was introduced in 1990Infosecurity Magazine
June 4, 2021 – General
The dark web index 2021, report Full Text
Abstract
PrivacyAffairs released the Dark Web Index 2021, the document provides the prices for illegal services/products available in the black marketplaces. Over the last couple of years, we've all had our attention fixed on one of two things: the global...Security Affairs
June 04, 2021 – Ransomware
Meat giant JBS now fully operational after ransomware attack Full Text
Abstract
JBS, the world's largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend.BleepingComputer
June 4, 2021 – Outage
UK Retailer Furniture Village Discloses Cyberattack Behind Week-long Systems Outage Full Text
Abstract
Furniture Village – the UK's largest independent furniture retailer with 54 stores nationwide – has been hit by a disruptive cyberattack, the company confirmed to The Register.The Register
June 4, 2021 – General
DNS Attacks on the Rise, Costing $1 Million Each Full Text
Abstract
Cyber-attacks using DNS channels have grown in volume and cost throughout the pandemicInfosecurity Magazine
June 4, 2021 – Vulnerabilities
Trend Micro details CVE-2021-30724 privilege escalation flaw in macOS, iOS Full Text
Abstract
Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724, that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked...Security Affairs
June 4, 2021 – Government
U.S. Department of Justice to Give Ransomware Investigations Similar Priority as Terrorism Full Text
Abstract
Internal guidance sent on Thursday to U.S. attorney's offices said information about ransomware investigations should be centrally coordinated with a recently created task force in Washington.Reuters
June 4, 2021 – Breach
Chinese Actors Reportedly Breached America’s Largest Transport Network Full Text
Abstract
The attack compromised three computer systems belonging to New York's Metropolitan Transporation Authority's (MTA).Infosecurity Magazine
June 4, 2021 – Breach
Health Data for Millions Deleted From Cloud Bucket Full Text
Abstract
20/20 Hearing Care Network is notifying nearly 3.3 million individuals that their personal and health information was accessed or downloaded - and then deleted - by an "unknown" actor in January.Info Risk Today
June 4, 2021 – Vulnerabilities
Apache Pulsar bug allowed account takeovers in certain configurations Full Text
Abstract
The bug was initially reported as high severity. But Sijie Guo, a member of the Apache Pulsar Project Management Committee (PMC), told The Daily Swig that the real-world impact of the bug is minimal.The Daily Swig
June 4, 2021 – Phishing
Team of romance scammers defrauded US victims out of $2.5M since 2016, DOJ says Full Text
Abstract
U.S. prosecutors have charged nine people in connection with a scheme to defraud elderly Americans out of more than $2.5 million by pretending to be friends or romantic partners online.Cyberscoop
June 4, 2021 – Breach
UK Special Forces soldiers’ personal data was floating around WhatsApp in a leaked Army spreadsheet Full Text
Abstract
The file leaked details of 1,182 UK soldiers recently promoted from corporal to sergeant – including those in the Special Air Service, Special Boat Service, and the Special Reconnaissance Regiment.The Register
June 4, 2021 – General
Breached companies facing higher interest rates and steeper collateral requirements Full Text
Abstract
Henry Huang, the co-author of the study and an associate professor of accounting at Yeshiva University, said he wanted to find a way of quantifying the financial consequences of breaches.ZDNet
June 4, 2021 – Cryptocurrency
NFTs Give Rise to New Crypto-Security Risks Full Text
Abstract
In a very short time, NFTs have gained huge popularity and have become one of the most promising utilizations of blockchain technology. However, they come with significant security risks.Cyware Alerts - Hacker News
June 03, 2021 – Policy and Law
US Supreme Court restricts broad scope of CFAA law Full Text
Abstract
Today, the US Supreme Court restricted the scope of the federal Computer Fraud and Abuse Act after overturning the conviction of a Georgia police officer who searched a police database for money.BleepingComputer
June 03, 2021 – General
Hillicon Valley: Biden steps up pressure on Russia to go after cyber criminals | All JBS facilities up and running after ransomware attack | Justice Dept. gives ransomware same priority as terrorism Full Text
Abstract
The Biden administration is taking more steps to confront Russia and other nations harboring malicious hackers following increasing ransomware attacks. These include the attack on JBS USA, and the company announced Thursday that all U.S. facilities are back up and running, while the White House outlined how the private sector can protect itself against future attacks, and the Justice Department elevated the priority level of ransomware investigations.The Hill
June 3, 2021 – Hacker
Supreme Court narrows interpretation of CFAA, to the relief of ethical hackers Full Text
Abstract
Individuals do not exceed authorized computer access if they obtain data to which they are entitled for improper reasons, 6-3 majority rules.SCMagazine
June 03, 2021 – Business
All global JBS facilities up and running following ransomware attack Full Text
Abstract
JBS USA and Pilgrim’s on Thursday afternoon announced that all global facilities were functioning normally, days after JBS was hit by a ransomware attack believed to have been carried out by Russia-based hackers.The Hill
June 3, 2021 – Solution
Self-service tool claims to execute cloud-based data access in five minutes Full Text
Abstract
DevSecOps company Satori announced a self-service data access capability that it says cuts down cloud-based data access from a manual, three-week process that requires database administrators to a five-minute task that any business user can do.SCMagazine
June 3, 2021 – Breach
‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles Full Text
Abstract
Unprotected server exposes AMT Games server containing user emails and purchase information.Threatpost
June 03, 2021 – Business
Maloney grills Colonial Pipeline on decision to pay ransom to hackers Full Text
Abstract
House Oversight and Reform Committee Chairwoman Carolyn Maloney (D-N.Y.) on Thursday grilled Colonial Pipeline and insurance group CNA Financial Corporation for their recent decisions to pay hackers in order to regain access to their networks following ransomware attacks.The Hill
June 03, 2021 – Solution
Microsoft Teams calls are getting end-to-end encryption in July Full Text
Abstract
Microsoft Teams is getting better security and privacy next month with the addition of end-to-end encrypted 1:1 voice calls.BleepingComputer
June 3, 2021 – Government
Post Colonial and JBS, Biden presses Russia to stop harboring ransomware gangs Full Text
Abstract
Comments Wednesday were the most coordinated and forceful the White House has been about Russia allowing cybercrime within its borders. Cybersecurity leaders see this as progress toward more formidable moves from the administration.SCMagazine
June 03, 2021 – Attack
UF Health Florida hospitals back to pen and paper after cyberattack Full Text
Abstract
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.BleepingComputer
June 03, 2021 – Policy and Law
Justice Dept. to give ransomware attacks same priority as terrorism Full Text
Abstract
The Justice Department announced this week that it will begin elevating ransomware investigations to a similar level of priority as terrorist attacks.The Hill
June 3, 2021 – Vulnerabilities
Chinese hackers used Pulse Secure zero day vulnerability to infiltrate MTA systems Full Text
Abstract
Hackers used vulnerabilities in the Pulse Secure VPN to plant web shells on servers in MTA’s environment.SCMagazine
June 03, 2021 – Vulnerabilities
WordPress force installs Jetpack security update on 5 million sites Full Text
Abstract
Automattic, the company behind the WordPress content management system, force deploys a security update on over five million websites running the Jetpack WordPress plug-in.BleepingComputer
June 3, 2021 – Attack
Museum Website Vandalized with X-Rated Ads Full Text
Abstract
Cyber-criminals take over Scottish tourism site and flood it with pornographic adwareInfosecurity Magazine
June 3, 2021 – Privacy
Missing Toddler Chat Group Banned Full Text
Abstract
Parents of vanished boy reach partial settlement in Facebook chat group cyber-bullying caseInfosecurity Magazine
June 3, 2021 – Government
White House Issues Open Letter on Ransomware Full Text
Abstract
US companies urged to take ransomware threat more seriously after deluge of cyber-attacksInfosecurity Magazine
June 3, 2021 – Hacker
Chinese Cyberspies UNC2630 Targeting US and EU Organizations Full Text
Abstract
Experts laid bare the tactics adopted by Chinese threat actors to consistently exploit Pulse Secure VPN devices and drop malware to exfiltrate sensitive information. Looking at the scenario, security agencies need to buckle up for more challenging events and detect such threats to stay protect ... Read MoreCyware Alerts - Hacker News
June 3, 2021 – Attack
Half-Double - A New Variant of Rowhammer Attack Full Text
Abstract
Google researchers detail Half-Double, another Rowhammer attack technique, that could help criminals bypass current defenses and steal or manipulate data stored in memory. This recent study on the new Rowhammer bug variant is expected to help both researchers and industry partners to work toge ... Read MoreCyware Alerts - Hacker News
June 3, 2021 – Vulnerabilities
Cisco fixes High-severity issues in Webex, SD-WAN, ASR 5000 software Full Text
Abstract
Cisco addressed multiple security flaws, including high-severity vulnerabilities, in Webex Player, SD-WAN software, and ASR 5000 series software. Cisco has addressed multiple vulnerabilities in its products, including high-risk flaws in Webex Player,...Security Affairs
June 3, 2021 – Malware
Google PPC Ads Used to Deliver Infostealers Full Text
Abstract
The crooks pay top dollar for Google search results for the popular AnyDesk, Dropbox & Telegram apps that lead to a malicious, infostealer-packed website.Threatpost
June 03, 2021 – Breach
Scripps Health notifies patients of data breach after ransomware attack Full Text
Abstract
Nonprofit healthcare provider, Scripps Health in San Diego, has disclosed a data breach exposing patient information after suffering a ransomware attack last month.BleepingComputer
June 03, 2021 – Malware
Google Chrome now warns you of extensions from untrusted devs Full Text
Abstract
Google has added new protection capabilities for Enhanced Safe Browsing users in Chrome, warning them when installing untrusted extensions and allowing them to request more in-depth scans of downloaded files.BleepingComputer
June 03, 2021 – Malware
Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities Full Text
Abstract
New upgrades have been made to a Python-based "self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control (C2) communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code," researchers from Cisco Talos said in a deep-dive published today. Said to be in development as far back as 2015, Necro (aka N3Cr0m0rPh) targets both Linux and Windows devices, with heightened activity observed at the start of the year as part of a malware campaign dubbed " FreakOut " that was found exploiting vulnerabilities in network-attached storage (The Hacker News
June 3, 2021 – Malware
Necro Python bot adds new exploits and Tezos mining to its bag of tricks Full Text
Abstract
Although the bot was first discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different C2 communications and the addition of new exploits for spreading.Cisco Talos
June 3, 2021 – Outage
Fujifilm Shuts Down Servers to Investigate Possible Ransomware Attack Full Text
Abstract
The company is investigating possible unauthorized access and has partially shut down its serversInfosecurity Magazine
June 03, 2021 – Attack
Chinese threat actors hacked NYC MTA using Pulse Secure zero-day Full Text
Abstract
Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet.BleepingComputer
June 3, 2021 – Breach
Customer Data from Electronics Retailer Audio House Reports Possibly Stolen by Hackers Full Text
Abstract
The Altdos hacker group claimed to have accessed the retailer's membership database, stolen information from it, and used the data to blackmail Audio House, the retailer added.Straits Times
June 03, 2021 – Hacker
New SkinnyBoy malware used by Russian hackers to breach sensitive orgs Full Text
Abstract
Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28.BleepingComputer
June 3, 2021 – Malware
Mustang Panda Cyber Espionage Group Plants Malware Backdoor on Myanmar President’s Website Full Text
Abstract
A cyber-espionage hacking group is believed to have hacked the website of the Myanmar president’s office and planted a backdoor trojan inside a localized Myanmar font package.The Record
June 3, 2021 – Business
Mandiant to Re-Emerge After $1.2 Billion FireEye Sale Full Text
Abstract
The deal will see STG acquire FireEye’s network, email, endpoint and cloud security productsInfosecurity Magazine
June 3, 2021 – Vulnerabilities
Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications Full Text
Abstract
Researchers found multiple flaws in the Realtek RTL8170C Wi-Fi module that could be exploited to elevate privileges and hijack wireless communications. Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C...Security Affairs
June 3, 2021 – Business
Enterprise Mobile Security Startup Hypori Raises $20 Million Full Text
Abstract
Founded in 2013, the Austin, Texas-based company provides organizations with security and management solutions to keep corporate apps and data protected on employees’ personal mobile devices.Security Week
June 03, 2021 – Government
White House urges businesses to “take ransomware crime seriously” Full Text
Abstract
The White House has urged business leaders and corporate executives to "take ransomware crime seriously" in a letter issued by Anne Neuberger, the National Security Council's chief cybersecurity adviser.BleepingComputer
June 3, 2021 – General
1 Indian firm paying average $75,000 after ransomware attack Full Text
Abstract
The recovery cost of a ransomware attack tripled from $1.1m in 2020 to $3.38m in 2021 as India topped the list of 30 countries worldwide for ransomware attacks, a new report said on Tuesday.The Times Of India
June 03, 2021 – Government
White House sends out memo to private sector on cyber attack protections Full Text
Abstract
The White House has sent out recommendations to the private sector over how to protect themselves from cyber intrusions after a series of attacks left companies and government agencies vulnerable.The Hill
June 03, 2021 – Vulnerabilities
The Vulnerabilities of the Past Are the Vulnerabilities of the Future Full Text
Abstract
Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical. May had the fewest vulnerabilities, with a total of 55 and only four considered critical. The problem is that the critical vulnerabilities are things we have seen for many years, like remote code execution and privilege escalation. Microsoft isn't the only big name regularly patching major vulnerabilities: We see monthly security updates coming from Apple, Adobe, Google, Cisco, and others. Everything old is new again With major vulnerabilities in so many applications, is there any hope for a secure future? The answer is, of course, yes, but that does not mean there won't be challenges getting there. The vulnerabilities being seen may not be new to those of us who have been defending against attackers for years or even decades, but the adversaries continualThe Hacker News
June 3, 2021 – Business
Secureworks Appoints Wendy Thomas as CEO as Michael Cote Announces Retirement Full Text
Abstract
Current CEO Michael Cote will retire on September 3, 2021, following nearly 20 years at the company.Infosecurity Magazine
June 3, 2021 – Criminals
FBI confirmed that JBS was hit by the REvil ransomware gang Full Text
Abstract
The US FBI announced that REvil ransomware gang (also known as Sodinokibi) is behind the attack that hit JBS Foods. On May 30, the American food processing giant JBS Foods, the world’s largest processor of fresh beef, was forced to shut down production at...Security Affairs
June 3, 2021 – General
Then and Now: Securing Privileged Access Within Healthcare Orgs Full Text
Abstract
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, discusses best practices for securing healthcare data against the modern threat landscape.Threatpost
June 03, 2021 – Attack
Massachusetts’ largest ferry service hit by ransomware attack Full Text
Abstract
The Steamship Authority, Massachusetts' largest ferry service, was hit by a ransomware attack that led to ticketing and reservation disruptions.BleepingComputer
June 3, 2021 – Outage
Fujifilm Faces Network Outage After Suspected Ransomware Attack Full Text
Abstract
The company said it has been aware of the possibility of a ransomware attack since the late evening of June 1, 2021, and that they have taken steps to suspend all affected systems.Softpedia
June 03, 2021 – Government
Biden steps up pressure on Russia to go after cyber criminals Full Text
Abstract
The ransomware attacks on meatpacker JBS and Colonial Pipeline are prompting the Biden administration to confront nations like Russia and China on harboring hackers who cause major disruptions overseas.The Hill
June 03, 2021 – Vulnerabilities
Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module Full Text
Abstract
A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. "Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module," researchers from Israeli IoT security firm Vdoo said in a write-up published yesterday. The Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform equipped with peripheral interfaces for building a variety of IoT applications by devices spanning across agriculture, automotive, energy, healthcare, industrial, security, and smart home sectors. The flaws affect all embedded and IoT devices that use the component to connect to Wi-Fi networks and would require an attacker to be on the same Wi-Fi network as the devices that use the RTL8710C module or know the neThe Hacker News
June 3, 2021 – Breach
Ransomware Disrupts Largest Ferry Service in Massachusetts Full Text
Abstract
Wednesday's attack is the latest cyber assault affecting logistics and services in the U.S.Infosecurity Magazine
June 3, 2021 – Breach
AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed Full Text
Abstract
WizCase’s security team discovered an unsecured ElasticSearch server owned by AMT Games which exposed 1.47 TB of data. This leak exposed users’ email addresses, IP addresses, Facebook data, and more to potential attack. The leaked data...Security Affairs
June 03, 2021 – Business
ARIN will take down its RPKI for 30 minutes to test your BGP routes Full Text
Abstract
ARIN plans on performing unannounced maintenance of its RPKI, sometime in July, for about thirty minutes to check if networks are adhering to BGP best practices.BleepingComputer
June 3, 2021 – Phishing
Email spoofing: how attackers impersonate legitimate senders Full Text
Abstract
SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no protection against spoofing, so it is fairly easy to spoof the sender’s address.Kaspersky Labs
June 03, 2021 – General
Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia Full Text
Abstract
An ongoing cyber-espionage operation with suspected ties to China has been found targeting a Southeast Asian government to deploy spyware on Windows systems while staying under the radar for more than three years. "In this campaign, the attackers utilized the set of Microsoft Office exploits and loaders with anti-analysis and anti-debugging techniques to install a previously unknown backdoor on victim's machines," researchers from Check Point Research said in a report published today. The infection chain works by sending decoy documents, impersonating other entities within the government, to multiple members of the Ministry of Foreign Affairs, which, when opened, retrieves a next-stage payload from the attacker's server that contains an encrypted downloader. The downloader, in turn, gathers and exfiltrates system information to a remote server that subsequently responds back with a shellcode loader. The use of weaponized copies of legitimate-looking official docThe Hacker News
June 3, 2021 – General
Three-Quarters of Security Leaders Report Increase in Cyber-Attacks in Past Year Full Text
Abstract
Four out of five security leaders suffered a breach in the past 12 monthsInfosecurity Magazine
June 3, 2021 – General
Cyber Defense Magazine – June 2021 has arrived. Enjoy it! Full Text
Abstract
Cyber Defense Magazine June 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with over 129 pages of excellent content. Cyber Defense Magazine June 2021 129 PAGES GRAB THIS VERSION TO HELP FUND OUR OPERATIONS:CLICK...Security Affairs
June 3, 2021 – Breach
Database, Source Code of Bulletproof Hosting Service DDoS-Guard Allegedly Posted on Cybercrime Forum Full Text
Abstract
Group-IB has discovered a database and source code allegedly belonging to a bulletproof hosting provider named DDoS-Guard posted for sale on a cybercrime forum on May 26.Security Affairs
June 3, 2021 – Criminals
FBI: REvil Ransomware Group Behind JBS Attack Full Text
Abstract
The FBI said it would be working to bring the REvil group to justice for the hack on JBSInfosecurity Magazine
June 3, 2021 – General
Malware-related attacks jump by 54% Full Text
Abstract
The total number of incidents grew by 51% since 2019. Seven out of 10 attacks were targeted. The most popular targets were governments (19%), industrial companies (12%), and medical institutions (9%).Help Net Security
June 3, 2021 – Breach
New York’s Metropolitan Transportation Authority Breached by China-linked Hackers Full Text
Abstract
The hackers did not gain access to systems that control train cars and rider safety was not at risk, transit officials said, adding that the intrusion appeared to have done little, if any, damage.New York Times
June 3, 2021 – APT
Chinese APT Groups Launching Backdoor Attacks to Spy on Southeast Asian Governments Full Text
Abstract
Check Point Research said that the backdoor has been designed, developed, tested, and deployed over the past three years to compromise a Southeast Asian nation's Ministry of Foreign Affairs.ZDNet
June 3, 2021 – Business
FireEye is selling its products business and name for $1.2 billion Full Text
Abstract
FireEye said Wednesday it’s selling its products business, including the FireEye name, to a consortium led by private-equity firm Symphony Technology Group for $1.2 billion in cash.CNBC
June 3, 2021 – Business
Update: Largest meat producer getting back online after cyberattack Full Text
Abstract
The world’s largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.NBC News
June 3, 2021 – Phishing
Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers Full Text
Abstract
The PPC ads targeted specific IP ranges in the US and probably some other countries. Non-targeted IPs are redirected to legitimate pages that download the correct applications.Morphisec
June 2, 2021 – Criminals
REvil Ransomware Ground Down JBS: Sources Full Text
Abstract
Responsible nations don’t harbor cybercrooks, the Biden administration admonished Russia, home to the gang that reportedly froze the global food distributor’s systems.Threatpost
June 02, 2021 – Criminals
FBI: REvil cybergang behind the JBS ransomware attack Full Text
Abstract
The Federal Bureau of Investigations has officially stated that the REvil operation, aka Sodinokibi, is behind the ransomware attack targeting JBS, the world's largest meat producer.BleepingComputer
June 02, 2021 – Hacker
New York subway system was targeted by Chinese-linked hackers in April Full Text
Abstract
New York’s subway system was targeted by hackers with links to the Chinese government in April, according to an MTA document reported on by The New York Times.The Hill
June 02, 2021 – Outage
FUJIFILM shuts down network after suspected ransomware attack Full Text
Abstract
FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread.BleepingComputer
June 2, 2021 – General
DarkSide - The RaaS Threat That Created Ripples Globally Full Text
Abstract
DarkSide’s attack on Colonial Pipeline did not just thrust the gang onto the international stage but also cast a spotlight on a rapidly expanding criminal industry based primarily in Russia.Cyware Alerts - Hacker News
June 02, 2021 – Government
FBI says Russia-linked group behind JBS hack Full Text
Abstract
The FBI has identified a Russia-linked group as the entity behind the cyberattack on the meat producing group JBS USA.The Hill
June 2, 2021 – Policy and Law
Sextortion Lands Inmate in Federal Prison Full Text
Abstract
South Carolina inmate sentenced over deadly sextortion scheme targeting military membersInfosecurity Magazine
June 2, 2021 – Vulnerabilities
Critical 0day in the Fancy Product Designer WordPress plugin actively exploited Full Text
Abstract
A critical zero-day vulnerability in the Fancy Product Designer WordPress plugin exposes more than 17,000 websites to attacks. Researchers from the Wordfence team at WordPress security company Defiant warn that a critical zero-day vulnerability, tracked...Security Affairs
June 2, 2021 – General
Only 17% of organizations encrypt at least half of their sensitive cloud data Full Text
Abstract
New research by Thales on security trends one year into the pandemic found that about half of businesses store more than 40% of their data in external cloud environments. The percentages for encryption of sensitive data in the cloud is less encouraging however.SCMagazine
June 2, 2021 – Ransomware
Podcast: The State of Ransomware Full Text
Abstract
In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline.Threatpost
June 02, 2021 – Cryptocurrency
Norton 360 antivirus now lets you mine Ethereum cryptocurrency Full Text
Abstract
NortonLifelock has added the ability to mine Ethereum cryptocurrency directly within its Norton 360 antivirus program as a way to "protect" users from malicious mining software.BleepingComputer
June 2, 2021 – APT
Another APT Group Piercing into U.S. Local Government Networks Full Text
Abstract
Foreign hackers made their way into the webserver of a local U.S. municipal government after exploiting vulnerabilities in an unpatched Fortinet VPN appliance. The FBI shared IOCs for the same.Cyware Alerts - Hacker News
June 02, 2021 – General
Hillicon Valley: Massachusetts ferry operator hit by ransomware attack | Trump blog page is permanently shut down | Amazon takes big step in e-book deal with libraries, but activists seek more Full Text
Abstract
A ransomware attack hit the largest ferry service operator to Martha’s Vineyard and Nantucket. Meanwhile, former President TrumpDonald TrumpRNC warns it will advise presidential candidates against future debates if panel doesn't make changes Washington Post issues correction on 2020 report on Tom Cotton, lab-leak theory National Enquirer publisher fined for breaking law with McDougal payment: WSJ MORE’s blog permanently shut down after its 29-day run, and Amazon agreed to a deal to license the books it publishes to libraries but activists say the deal doesn't go far enough.The Hill
June 2, 2021 – Policy and Law
Teen Crashes Florida School District’s Network Full Text
Abstract
High school hacker facing felony charges after knocking 145 schools offlineInfosecurity Magazine
June 2, 2021 – Cryptocurrency
$280 million stolen per month from crypto transactions Full Text
Abstract
CyberNews researchers found that front-runners are abusing decentralized cryptocurrency exchanges by draining hundreds of millions in crypto from trader transactions on the Ethereum network. Unsuspecting traders can lose as much as $280 million to front-runners...Security Affairs
June 2, 2021 – Education
Cyber certification program for SMBs emphasizes leadership, reducing risk Full Text
Abstract
Program will focus on challenges that small businesses have in distilling key cyber risk information “and making it relevant and accessible.”SCMagazine
June 2, 2021 – General
Effective Adoption of SASE in 2021 Full Text
Abstract
In this Threatpost podcast, Forcepoint’s SASE and Zero Trust director describes how the pandemic jump-started SASE adoption.Threatpost
June 02, 2021 – Hacker
Hacker forum contest gives $100K for new ways to steal digital assets Full Text
Abstract
The administrator of a Russian-speaking cybercriminal forum has held a contest for the community to share uncommon methods to target cryptocurrency-related technology.BleepingComputer
June 2, 2021 – Cryptocurrency
Cryptojacking - The Most Common Cloud Threat Full Text
Abstract
Misconfigured Docker daemon is a well-known security issue. Palo Alto Networks deployed a honeypot mimicking a misconfigured Docker daemon and found that three-fourth of attacks were cryptojacking attacks.Cyware Alerts - Hacker News
June 02, 2021 – Ransomware
Massachusetts ferry operator hit by ransomware attack Full Text
Abstract
The largest ferry service operator to Martha’s Vineyard and Nantucket was hit by a ransomware attack Wednesday that hampered some operations, the latest in a string of cyberattacks in recent weeks.The Hill
June 2, 2021 – Breach
Scripps Notifying 147K People of Data Breach Full Text
Abstract
Healthcare provider shares news of ransomware attack that exposed patient dataInfosecurity Magazine
June 2, 2021 – Breach
Database, source code allegedly related to bulletproof hosting, once Parler’s service provider, up for sale on hacker forum Full Text
Abstract
Group-IB discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum. Group-IB, a global threat hunting and adversary-centric cyber intelligence company specializing in investigating...Security Affairs
June 2, 2021 – Business
FireEye to split from Mandiant in $1.2B deal Full Text
Abstract
FireEye announced its products and name will be sold to a consortium led by private equity firm Symphony Technology Group in a $1.2 billion dollar acquisition announced June 2.SCMagazine
June 2, 2021 – Covid-19
Banking Attacks Surge Along with Post-COVID Economy Full Text
Abstract
FinTech fraud spikes 159 percent in Q1 2021 along with stimulus spending.Threatpost
June 02, 2021 – Solution
Kali Linux 2021.2 released with new tools, improvements, and themes Full Text
Abstract
Kali Linux 2021.2 was released today by Offensive Security and includes new themes and features, such as access to privileged ports, new tools, and a console-based configuration utility.BleepingComputer
June 2, 2021 – Malware
Threat Actors Use Mockups of Popular Apps to Spread Teabot and Flubot Malware on Android Full Text
Abstract
Bitdefender researchers have discovered a batch of new malicious Android applications that impersonate real ones from popular brands but with a twist to spread TeaBot and FluBot malware.Bitdefender
June 2, 2021 – Business
Microsoft acquires firmware analysis company ReFirm, eying edge IoT security Full Text
Abstract
ReFirm provides drag-and-drop automated firmware analysis, which Microsoft hopes will provide security insight for industrial IoT products, where security personnel often struggle to look inside built-in hardware.SCMagazine
June 02, 2021 – Vulnerabilities
Huawei USB LTE dongles are vulnerable to privilege escalation attacks Full Text
Abstract
This week, a Trustwave security researcher disclosed a privilege escalation flaw in Huawei's USB LTE dongles.BleepingComputer
June 2, 2021 – Attack
Massachusetts Steamship Authority hit by ransomware attack Full Text
Abstract
The Steamship Authority said a team of IT professionals was assessing the impact of the attack. "Additional information will be provided upon completion of the initial assessment," the company said.WCVB
June 2, 2021 – Denial Of Service
How ransomware actors are adding DDoS attacks to their arsenals Full Text
Abstract
Many cybercriminals who sell ransomware-as-a-service campaigns offer a DDoS attack as an extra service. "It's a little bit ransom, a little bit DDoS extortion, and a lot of trouble," NETSCOUT said.Tech Republic
June 2, 2021 – Hacker
This is how attackers bypass AMSI anti-malware scanning protection Full Text
Abstract
AMSI's integration with Office 365 was recently upgraded to include Excel 4.0 (XLM) macro scanning to try and combat the increase of malicious macros as an infection vector.ZDNet
June 2, 2021 – Breach
Update: Scripps begins notifying more than 147,000 people of ransomware records breach Full Text
Abstract
Scripps Health announced that it has begun notifying nearly 150,000 individuals that their personal information was stolen by hackers during the ransomware attack on May 1.San Diego Union Tribune
June 2, 2021 – Denial Of Service
Blizzard Experiences High Latency and Disconnections Due to Massive DDoS Attack Full Text
Abstract
According to Blizzard, they are under massive DDoS attack, which may cause significant latency and disconnections for some gamers. The company also says that it's working hard to address this issue.Softpedia
June 2, 2021 – Vulnerabilities
Industrial Switches From Several Vendors Affected by Same Vulnerabilities Full Text
Abstract
An attacker with network access to the targeted device can make unauthorized changes to its configuration, cause it to enter a DoS condition, and obtain sensitive information.Security Week
June 02, 2021 – Criminals
Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks Full Text
Abstract
A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and wallets, in addition to covering unusual cryptocurrency mining software, smart contracts, and non-fungible tokens (NFTs). The contest , which is likely to continue till September 1, will see total prize money of $115,000 awarded to the best research. "So far, the top candidates (according to forum member voting) include topics like generating a fake blockchain front-end website that captures sensitive information such as private keys and balances, creating a new cryptocurrency blockchain from scratch, increasing the hash rate speed of mining farms and botnets, aThe Hacker News
June 2, 2021 – General
Banking Fraud up 159% as Transactions Hit Pre-Pandemic Volumes Full Text
Abstract
Banking fraud attempts soared in 2021 as scammers sought to hide their attack in legitimate online activityInfosecurity Magazine
June 2, 2021 – Vulnerabilities
Exploit broker Zerodium is looking for Pidgin 0day exploits Full Text
Abstract
Zero-day exploit broker Zerodium is looking for 0day exploits affecting the IM client tool Pidgin on Windows and Linux. Zero-day exploit broker Zerodium announced it is looking for 0day exploits affecting the IM client tool Pidgin on Windows and Linux....Security Affairs
June 2, 2021 – General
For the advancement of theft: Black hat cons issue call for papers as part of criminal forum Full Text
Abstract
Researchers called the move a sign that criminal hackers as lone wolves is long over. Instead, defenders are up against hacker ecosystems working in concert.SCMagazine
June 2, 2021 – Vulnerabilities
OpenPGP library RNP updates after Thunderbird decrypt-no-recrypt bug squashed Full Text
Abstract
OpenPGP project RNP has patched its flagship product in the newest version 0.15.1, after Mozilla Thunderbird, a major user, was found to be saving users’ private keys in plain text.The Register
June 02, 2021 – Hacker
Researchers Uncover Hacking Operations Targeting Government Entities in South Korea Full Text
Abstract
A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Korea Internet and Security Agency (KISA), Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency (IAEA) Nuclear Security Officer, Deputy Consul General at Korean Consulate General in Hong Kong, Seoul National University, and Daishin Securities. The development is only the latest in a series of surveillance efforts aimed at South Korea. Believed to be operating on behalf of the North Korean regime, Kimsuky (aka Velvet Chollima, Black Banshee, and Thallium) has a track record of singling out South Korean entities while expanding theirThe Hacker News
June 2, 2021 – Vulnerabilities
Critical Zero-Day in WordPress Plugin Under Active Attack Full Text
Abstract
Vulnerability in Fancy Product Designer could enable full site takeover.Infosecurity Magazine
June 2, 2021 – APT
US seizes 2 domains used by APT29 in a recent phishing campaign Full Text
Abstract
The US DoJ seized two domains used by APT29 group in recent attacks impersonating the U.S. USAID to spread malware. The US Department of Justice (DoJ) and the Federal Bureau of Investigation have seized two domains used by the Russia-linked APT29...Security Affairs
June 2, 2021 – Vulnerabilities
Vulnerability in Lasso Library Impacts Products From Cisco, Akamai Full Text
Abstract
A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions.Security Week
June 02, 2021 – General
The Incident Response Plan - Preparing for a Rainy Day Full Text
Abstract
The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening. Just as it wasn't raining when Noah built the ark, companies must face the fact that they need to prepare - and educate the organization on - a well-thought-out response plan if a successful cyberattack does occur. Obviously, the worst time to plan your response to a cyberattack is when it happens. With so many companies falling victim to cyberattacks, an entire cottage industry of Incident Response (IR) services has arisen. Thousands of IR engagements have helped surface best practices and preparedness guides to help those that have yet to fall victim to a cyberattack. Recently, cybersecurity company Cynet provided an Incident Response plan Word template to help comThe Hacker News
June 2, 2021 – Breach
Battle for the Galaxy: 6 Million Gamers Hit by Data Leak Full Text
Abstract
1.5TB of data exposed, including users’ email addresses, IP addresses, Facebook data, and more.Infosecurity Magazine
June 2, 2021 – Criminals
Hacking Outfit Linked to Russia Is Behind JBS Cyberattack Full Text
Abstract
REvil, a notorious Russia-linked hacking group is behind the cyberattack against JBS SA, according to four people familiar with the assault who were not authorized to speak publicly on the matter.Bloomberg
June 02, 2021 – Vulnerabilities
Hackers Actively Exploiting 0-Day in WordPress Plugin Installed on Over 17,000 Sites Full Text
Abstract
Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has been acknowledged, it's yet to be addressed. Fancy Product Designer is a tool that enables businesses to offer customizable products, allowing customers to design any kind of item ranging from T-shirts to phone cases by offering the ability to upload images and PDF files that can be added to the products. "Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed," WordfenceThe Hacker News
June 2, 2021 – Vulnerabilities
Kaspersky: Exploits for MS Office Flaws Most Popular in Q1 2021 Full Text
Abstract
Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.Security Week
June 2, 2021 – Malware
Poisoned Installers Discovered During Analysis of SolarWinds Hackers Toolkit Full Text
Abstract
The ongoing multi-vendor investigations into the SolarWinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks.Security Week
June 2, 2021 – Ransomware
Are Ransomware Attacks Impeding Criminal Prosecutions? Full Text
Abstract
Any information related to a criminal investigation that is stolen and publicly posted not only endangers those involved but can result in failed prosecutions, says Brett Callow, analyst at Emsisoft.Gov Info Security
June 2, 2021 – APT
Kimsuky APT Continues to Target South Korean Government Using AppleSeed Backdoor Full Text
Abstract
The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. It conducts cyber espionage operations against South Korea.Malwarebytes Labs
June 2, 2021 – Vulnerabilities
Zerodium acquiring zero-days in Pidgin, an IM client popular with cybercriminals Full Text
Abstract
Cybercriminals preferred it as they could register an XMPP/Jabber ID on a secure server that did not save logs and use it to reach out and talk to each other to arrange operations or business deas.The Record
June 1, 2021 – Policy and Law
SolarWinds lawsuit claims private equity owners ‘sacrificed cybersecurity to boost short-term profits’ Full Text
Abstract
The class action lawsuit and its claims highlight the role that top-down, short-term business strategies from investors, particularly in the private equity space, play in the cybersecurity investments that companies make.SCMagazine
June 01, 2021 – Policy and Law
US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks Full Text
Abstract
Days after Microsoft , Secureworks , and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign. The court-authorized domain seizure 1m took place on May 28, the DoJ said, adding the action was aimed at disrupting the threat actors' follow-on exploitation of victims as well as block their ability to compromise new systems. The department, however, cautioned that the adversary might have deployed additional backdoor accesses in the interim period between when the initial compromises occurred, and the seizures took place last week. "[The] action is a continued demonstration of the Department's commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation," said Assistant AttorneyThe Hacker News
June 01, 2021 – Attack
All JBS beef plants in US forced to halt production after cyberattack Full Text
Abstract
All JBS beef plants in the U.S. were forced to shut down production following a cyberattack on the meat producer over the weekend, a union representing workers at the facilities said Tuesday.The Hill
June 01, 2021 – General
Hillicon Valley: Meat producer JBS USA hit by cyberattack | White House says JBS hack likely from Russia | Report finds Amazon injury rate above warehouse standard Full Text
Abstract
The largest beef supplier in the U.S. was hit by a ransomware attack over the weekend that disrupted operations in North America and Australia, with the White House announcing Tuesday that the company believes Russian-based hackers to be responsible. Meanwhile, a new report concluded that injury rates at Amazon were nearly double those at other warehouses over the past few years, and a Defense Department report concluded that drones made by a Chinese group were not as much of a threat as some officials have feared.The Hill
June 1, 2021 – General
JBS attack has likely a Russian origin Full Text
Abstract
White House spokeswoman speculates threat actors behind the JBS ransomware attack have a Russian origin. The American food processing giant JBS Foods, the world’s largest processor of fresh beef, was forced to shut down production at multiple sites...Security Affairs
June 01, 2021 – Policy and Law
DOJ seizes domains used to launch malicious emails posing as USAID Full Text
Abstract
The Department of Justice (DOJ) on Tuesday announced that the U.S. has obtained court orders to seize control of two online domains used by suspected Russian hackers to send malicious emails to organizations posing as the U.S. Agency for International Development (USAID).The Hill
June 1, 2021 – Business
SOAR company led by former Facebook exec lands $35 million in Series B funding Full Text
Abstract
Max Kelly, co-founder and CEO of [redacted], explained that the company’s unified SOAR platform and services handle the whole spectrum of security needs from attack prevention, detection and response to damage mitigation.SCMagazine
June 1, 2021 – Denial Of Service
DoD needs carrots rather than sticks to garner support for contractor threat hunting program Full Text
Abstract
Companies that participate in a potential Pentagon program to conduct threat hunting across the defense industrial base should be protected from legal liability and be given additional financial or technical support to ensure small businesses aren’t crowded out.SCMagazine
June 01, 2021 – APT
US seizes domains used by APT29 in recent USAID phishing attacks Full Text
Abstract
The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development (USAID) to distribute malware and gain access to internal networks.BleepingComputer
June 1, 2021 – General
Cyber-Insurance Fuels Ransomware Payment Surge Full Text
Abstract
Companies relying on their cyber insurance policies to pay off ransomware criminals is being blamed for a recent uptick in ransomware attacks.Threatpost
June 1, 2021 – General
Colonial Pipeline led to a cyber order for sector operators. Will JBS lead to more? Full Text
Abstract
The string of incidents leaves many in both public and private sector questioning how government and industry alike can better tackle increasingly glaring security gaps throughout critical infrastructure.SCMagazine
June 01, 2021 – Criminals
US: Russian threat actors likely behind JBS ransomware attack Full Text
Abstract
White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia.BleepingComputer
June 01, 2021 – Attack
US: World’s largest beef producer JBS was hit by ransomware Full Text
Abstract
White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia.BleepingComputer
June 1, 2021 – Ransomware
New Epsilon Red Ransomware appears in the threat landscape Full Text
Abstract
Researchers spotted a new piece of ransomware named Epsilon Red that was employed at least in an attack against a US company. Researchers from Sophos spotted a new piece of ransomware, named Epsilon Red, that infected at least one organization in the hospitality...Security Affairs
June 01, 2021 – Solution
Microsoft adds Automatic HTTPS in Edge for secure browsing Full Text
Abstract
Microsoft Edge now can automatically switch users to a secure HTTPS connection when visiting websites over HTTP, after enabling Automatic HTTPS.BleepingComputer
June 01, 2021 – Government
White House says cyberattack on meat producer JBS likely from Russia Full Text
Abstract
The White House said Tuesday that a cyberattack on major meat producer JBS USA this week likely originated from Russia, saying it is engaging with Moscow to hold accountable the hackers believed to be responsible for the attack.The Hill
June 1, 2021 – Phishing
Nobelium Active Again With New Phishing Campaign Full Text
Abstract
Nobelium is now gaining access to the infrastructure of genuine technology providers and targeting their customers. The Russian gang behind SolarWinds’ supply chain attack, recently infiltrating the accounts of the United States Agency for International Development’s (USAID) on an email market ... Read MoreCyware Alerts - Hacker News
June 1, 2021 – Policy and Law
Rhode Islander Charged with Phishing Political Candidates Full Text
Abstract
Woman allegedly spoofed Microsoft in attempt to steal political candidates’ credentialsInfosecurity Magazine
June 1, 2021 – General
Regulatory Alchemy: Turning Cybersecurity Guidelines Into Rules Full Text
Abstract
A new directive on pipeline security issued by the TSA may signal a wider change in the government’s approach to cybersecurity policy.Lawfare
June 1, 2021 – General
Where Bug Bounty Programs Fall Flat Full Text
Abstract
Some criminals package exploits into bundles to sell on cybercriminal forums years after they were zero days, while others say bounties aren’t enough .Threatpost
June 1, 2021 – Ransomware
Privateers: A New Type of Ransomware Syndicate Full Text
Abstract
Researchers identified a new type of cybercrime groups, dubbed privateers, that have partial support from global governments as they remain financially motivated and act upon their own agendas. Though these groups fall below those tier1 APT groups sponsored by governments, they have the potential t ... Read MoreCyware Alerts - Hacker News
June 01, 2021 – Vulnerabilities
Critical WordPress plugin zero-day under active exploitation Full Text
Abstract
Threat actors are scanning for sites running the Fancy Product Designer plug-in to exploit a zero-day bug allowing them to upload malware.BleepingComputer
June 1, 2021 – General
EUCC receives first EU cybersecurity certification scheme Full Text
Abstract
In July 2019, the EUCC was the first candidate cybersecurity certification scheme request received by the EU Agency for Cybersecurity (ENISA) under the Cybersecurity Act.Help Net Security
June 1, 2021 – Policy and Law
US Convicts “King of Fraud” Full Text
Abstract
Cyber-criminal who scammed US companies out of millions is convicted by federal juryInfosecurity Magazine
June 1, 2021 – General
The human cost of understaffed SOCs Full Text
Abstract
SOC and IT security teams are suffering from high levels of stress outside of the working day – with alert overload a prime culprit, a recent Trend Micro research reveals.Help Net Security
June 1, 2021 – Ransomware
Epsilon Red: A New Ransomware in the Threat Landscape Full Text
Abstract
Security experts are warning about new ransomware written in the Go language called Epsilon Red. It reportedly targeted a U.S.-based business in the hospitality industry. It is expected to expand to other countries and sectors as well.Cyware Alerts - Hacker News
June 1, 2021 – Policy and Law
Brazil approves stricter legislation to tackle online crime Full Text
Abstract
The law also relates to theft through fraud via an electronic device, with or without the violation of security mechanisms in place, or through use of malicious software, or by any other means.ZDNet
June 1, 2021 – Business
Redacted comes out of stealth with $60M in funding and a new take on fighting cybercrime Full Text
Abstract
The Series B funding is being led by Ten Eleven Ventures, with participation from Valor Equity Partners and SVB Capital. It brings the total raised by Redacted to $60 million.TechCrunch
June 1, 2021 – Breach
Model Sues Law Firm Over Data Breach Full Text
Abstract
Goldberg Segalla accused of leaking fashion model’s personal information on PACERInfosecurity Magazine
June 1, 2021 – Outage
American food processing giant JBS Foods halts production after cyberattack Full Text
Abstract
The American food processing company and meat producer JBS Foods was forced to shut down production at multiple sites worldwide following a cyberattack. The American food processing giant JBS Foods, the world's largest processor of fresh beef, was forced...Security Affairs
June 01, 2021 – Vulnerabilities
Windows 10’s package manager flooded with duplicate, malformed apps Full Text
Abstract
Microsoft's Windows 10 package manager Winget's GitHub has been flooded with duplicate apps and malformed manifest files raising concerns among developers with regards to the integrity of apps.BleepingComputer
June 01, 2021 – Privacy
Firefox now blocks cross-site tracking by default in private browsing Full Text
Abstract
Mozilla says that Firefox users will be protected against cross-site tracking automatically while browsing the Internet in Private Browsing mode.BleepingComputer
June 1, 2021 – Business
Cybersecurity startup Exabeam raises $200 mln, valued at $2.4 bln Full Text
Abstract
Exabeam, a startup that helps companies automate the analysis and monitoring of their cybersecurity data, said it raised $200 million in its latest funding round which valued it at $2.4 billion.Reuters
June 01, 2021 – Attack
Major meat producer JBS USA hit by cyberattack Full Text
Abstract
One of the largest meat suppliers in the country was hit on Sunday by a cyberattack that impacted operations, with the attack coming just weeks after Colonial Pipeline was forced to temporarily shut down operations due to a similar attack.The Hill
June 01, 2021 – Malware
Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions Full Text
Abstract
Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed at circumventing the protected folder feature offered by antivirus programs to encrypt files (aka "Cut-and-Mouse") and disabling their real-time protection by simulating mouse "click" events (aka "Ghost Control"). "Antivirus software providers always offer high levels of security, and they are an essential element in the everyday struggle against criminals," said Prof. Gabriele Lenzini, chief scientist at the Interdisciplinary Center for Security, Reliability, and Trust at the University of Luxembourg. "But they are competing with criminals whiThe Hacker News
June 1, 2021 – Business
Microsoft Convenes Asia Pacific Info-Sharing Council Full Text
Abstract
The initiative aims to build a strong response against cyberattacks across seven markets in the regionInfosecurity Magazine
June 1, 2021 – Malware
Russian hacker Pavel Sitnikov arrested for distributing malware via Telegram Full Text
Abstract
The popular Russian hacker Pavel Sitnikov was arrested by Russian authorities on charges of distributing malware via his Telegram channel. Pavel Sitnikov (@Flatl1ne), a prominent figure of the hacking underground, was arrested earlier this month by Russian...Security Affairs
June 1, 2021 – Vulnerabilities
House bill would require federal contractors to put in place vulnerability disclosure programs Full Text
Abstract
Though contracts would not require remediation of vulnerabilities brought in through the programs, the government would be able to not renew contracts with companies whose handling of vulnerabilities raised researchers’ ire.SCMagazine
June 1, 2021 – General
How Mobile Ad Fraud has Evolved in the Year of the Pandemic Full Text
Abstract
Mobile ad fraud has always been a challenge for network operators in all parts of the globe, but the pandemic has made users more vulnerable than ever before due to the sheer amount of time they now spend with their devices.Threatpost
June 1, 2021 – Vulnerabilities
EPUB Vulnerabilities in Electronic Reading Systems Lead to Risk of User Data Exposure Full Text
Abstract
The EPUB format relies primarily on XHTML and CSS to construct e-books, with browser engines often used to render their contents, which leads to browser-like vulnerabilities.The Daily Swig
June 01, 2021 – Privacy
Report: Danish Secret Service Helped NSA Spy On European Politicians Full Text
Abstract
The U.S. National Security Agency (NSA) used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based on interviews with nine unnamed sources, all of whom are said to have access to classified information held by the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste or FE). German Chancellor Angela Merkel, the then-German Foreign Minister Frank-Walter Steinmeier, and the opposition leader at the time, Peer Steinbrück, are said to have been targeted through the Danish-American pact. Using the telephone numbers of politicians as search parameters, the report alleged that the NSA "intercepted everything from text messages to phone calls that passed through the caThe Hacker News
June 1, 2021 – Outage
Meat Processing Giant JBS Pulls IT Plug After Cyber-Attack Full Text
Abstract
JBS has been forced to cut its servers after an organized cyber-attackInfosecurity Magazine
June 1, 2021 – Criminals
Prometheus and Grief – two new emerging ransomware gangs targeting enterprises. Mexican Government data is published for sale. Full Text
Abstract
"Prometheus" and "Grief" - a multi-billion dollar ransomware market obtained two new emerging players. In today's world, information and data means money and the people that are stealing the information have now reached new levels of sophistication....Security Affairs
June 1, 2021 – Malware
Revisiting the NSIS-based crypter Full Text
Abstract
It is a free and powerful tool, making the distribution of software easier. Unfortunately, its qualities are known not only to legitimate developers but also to malware distributors.Malwarebytes Labs
June 1, 2021 – Policy and Law
Interpol Seizes $83 Million Headed for Online Scammers Full Text
Abstract
APAC’s six-month HAECHI-I operation branded a successInfosecurity Magazine
June 1, 2021 – Criminals
Prometheus and Grief Ransomware Gangs Release Data From Mexican Government and Private Firm for Sale Full Text
Abstract
Prometheus published a stolen data allegedly belonging to the Mexican Government, possibly becoming the first cybercriminal group that has touched a major state in Latin America on such a level.Security Affairs
June 1, 2021 – Phishing
$7 Million Digital Advertising Scam: Russian Man Convicted Full Text
Abstract
The gang allegedly referred to its scheme as "Metan" - the Russian word for methane - although it's also been referred to as Methbot by the FBI and prosecutors, and later as Media Methane.Info Risk Today
June 1, 2021 – Breach
New Zeeland’s Reserve Bank Taking Action to Respond to Data Breach Reports Full Text
Abstract
The Reserve Bank of New Zealand has announced the findings of two independent investigations into an illegal data breach related to a third-party application and the handling of sensitive information.Softpedia
June 1, 2021 – Phishing
SolarWinds Hackers Used Constant Contact Email Service In Phishing Attack Full Text
Abstract
Nobelium launched this week’s attacks not through the SolarWinds Orion network monitoring tool but by gaining access to the Constant Contact account of the USAID, Microsoft said.CRN