March, 2021

March 31, 2021 – Government

National infrastructure plan could strain CISA despite modernizing systems Full Text

Abstract

Plans to upgrade the electric grid, revitalize manufacturing and secure U.S. supply chains will have a palpable impact on cybersecurity.

SCMagazine

March 31, 2021 – Encryption

In wake of PHP Git server attack, researcher advises developers to enable encryption Full Text

Abstract

Had two malicious commits not been caught, they could have infected scores of websites using the programming language.

SCMagazine

March 31, 2021 – Hacker

Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts Full Text

Abstract

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and LinkedIn in an attempt to trick unsuspecting researchers into visiting the company's booby-trapped website "where a browser exploit was waiting to be triggered." "The new website claims the company is an offensive security company located in Turkey that offers pentests, software security assessments and exploits," TAG's Adam Weidemann said . The website is said to have gone live on March 17. A total of eight Twitter profiles and seven LinkedIn profiles, who claimed to be vulnerability researchers and human resources personnel at different security firms (inclu

The Hacker News

March 31, 2021 – Denial Of Service

800Gbps DDoS extortion attack hits gambling company Full Text

Abstract

Distributed denial-of-service (DDoS) attacks started strong this year, setting new records and taking the extortion trend that started last August to the next level.

BleepingComputer

March 31, 2021 – Vulnerabilities

VMware Fixes Critical Flaw that Let Attackers Steal Admin Credentials Full Text

Abstract

VMware security teams announced the release of security patches to fix a severe flaw in vRealize Operations whose exploit would allow threat...

Cyber Security News

March 31, 2021 – General

Attack Trends in 2020 - A Boom in Double-Extortion Ransomware Full Text

Abstract

Last year, 15 ransomware families used the double-extortion approach, in comparison to only one in 2019. In addition, around 40% of newly discovered ransomware families utilized the tactic in 2020.

Cyware Alerts - Hacker News

March 31, 2021 – General

Hillicon Valley: DHS chief lays out actions to boost cybersecurity after major hacks | Facebook removes video of Trump citing suspension from platform | Battle rages over vaccine passports Full Text

Abstract

Homeland Security Secretary Alejandro MayorkasAlejandro MayorkasGOP lawmakers ask Mayorkas for documents on warnings from DHS to Biden on immigration Officials say executive order with 'a dozen' actions forthcoming after SolarWinds, Microsoft breaches UK considering 'extreme' measures to deal with asylum seekers; pay attention — Biden may follow suit MORE on Wednesday laid out a roadmap for federal cybersecurity while teasing an upcoming cyber executive order. Facebook enforced its indefinite suspension on former President TrumpDonald TrumpThe Hill's Morning Report - Biden seeks expanded government, tax hikes Georgia voter limits take root amid weakened Justice Department Battle rages over vaccine passports MORE by removing a video posted by Lara Trump of a sit down interview with the former president. President BidenJoe BidenThe Hill's Morning Report - Biden seeks expanded government, tax hikes Five things to watch on Biden infrastructure plan GOP seeks new line of attack on Biden economic plans MORE proposed billions in funding to boost research and development of emerging technologies, and Republicans pushed back on the idea of so-called vaccine passports.

The Hill

March 31, 2021 – Phishing

IRS Warns of Higher Education Phishing Scam Full Text

Abstract

Cyber-attackers impersonate IRS to scam university students and staff

Infosecurity Magazine

March 31, 2021 – General

Lawfare Lecture: Paul Rosenzweig on Enterprise Cybersecurity Measurement Full Text

Abstract

Join us for a live presentation on measuring cybersecurity.

Lawfare

March 31, 2021 – Hacker

North Korea-linked hackers target security experts again Full Text

Abstract

Researchers from Google's Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. The cyberspies used fake Twitter and LinkedIn social media accounts to get in contact with the victims....

Security Affairs

March 31, 2021 – Government

National infrastructure plan could replace insecure old equipment, but also strain CISA Full Text

Abstract

Plans to upgrade the electric grid, revitalize manufacturing and secure U.S. supply chains will have a palpable impact on cybersecurity.

SCMagazine

March 31, 2021 – Government

CISA gives federal agencies 5 days to find hacked Exchange servers Full Text

Abstract

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days.

BleepingComputer

March 31, 2021 – APT

Calypso APT Eyes Microsoft Exchange Vulnerabilities Full Text

Abstract

The China-linked Calypso APT group was observed to be targeting vulnerable Microsoft Exchange servers to deploy web shells and eventually load the PlugX malware.

Cyware Alerts - Hacker News

March 31, 2021 – Government

DHS chief lays out actions to strengthen cybersecurity in wake of major hacks Full Text

Abstract

Homeland Security Secretary Alejandro Mayorkas on Wednesday issued a “call for action” to confront mounting cybersecurity threats to the federal government, laying out a plan to combat hacking efforts following two major foreign cyberattacks.

The Hill

March 31, 2021 – Government

CISA and RH-ISAC to Run Cybersecurity Drill Full Text

Abstract

First retail, hospitality, and travel industry–wide cybersecurity exercise announced

Infosecurity Magazine

March 31, 2021 – Government

President Biden extended Executive Order 13694 regarding cyberattack sanctions Full Text

Abstract

President Joe Biden has extended Executive Order 13694, issued in 2015 by President Obama, regarding sanctions issued in response to cyberattacks. President Joe Biden this week has extended Executive Order 13694 regarding sanctions issued in response...

Security Affairs

March 31, 2021 – General

New CISOs should focus more on people and less on tech, report finds Full Text

Abstract

A new CISO must take steps to build relationships, while also making sure not to alienate other business units or harm the security team’s brand.

SCMagazine

March 31, 2021 – Hacker

Google: North Korean hackers target security researchers again Full Text

Abstract

Google's Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts.

BleepingComputer

March 31, 2021 – Breach

In Yet Another Supply Chain Attack, PHP’s Git Server Gets Compromised Full Text

Abstract

To compromise the PHP codebase, two malicious commits were pushed to a Git repository maintained by the PHP development team.

Cyware Alerts - Hacker News

March 31, 2021 – Phishing

Reality Show Members Charged with Telemarketing Scam Full Text

Abstract

Real Housewives of Salt Lake City stars face money laundering and wire fraud charges

Infosecurity Magazine

March 31, 2021 – Criminals

5-star customer service: fraudsters launch massive campaign against Indonesia’s major banks on Twitter Full Text

Abstract

Experts warn that cybercriminals are targeting Indonesia’s major banks posing as bank representatives or customer support team members on Twitter. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, warns of an ongoing...

Security Affairs

March 31, 2021 – Encryption

In wake of PHP Git server attack, researcher advises developers to enable encryption Full Text

Abstract

Had two malicious commits not been caught, they could have infected scores of websites using the programming language.

SCMagazine

March 31, 2021 – Malware

BazarCall malware uses malicious call centers to infect victims Full Text

Abstract

For the past two months, security researchers have been waging an online battle against a new 'BazarCall' malware that uses call centers to distribute some of the most damaging Windows malware.

BleepingComputer

March 31, 2021 – Malware

Hundreds of Fleeceware Apps Earning Millions of Dollars Full Text

Abstract

Avast researchers have found a total of 204 fleeceware apps on both Apple and Google stores which have earned an estimated over $400 million to date for their developers.

Cyware Alerts - Hacker News

March 31, 2021 – Education

New MITRE ATT&CK certification course could boost framework’s adoption Full Text

Abstract

But unusual recertification process must avoid becoming burdensome for busy security professionals.

SCMagazine

March 31, 2021 – Malware

Malware hidden in game cheats and mods used to target gamers Full Text

Abstract

Threat actors target gamers with backdoored game tweaks, patches, and cheats hiding malware capable of stealing information from infected systems.

BleepingComputer

March 31, 2021 – Breach

New York charity leaves sensitive patients’ data unsecured Full Text

Abstract

The unsecured database contained over 2,000 CSV and TXT files, each with thousands of entries on medical records, children’s legal guardians, caseworkers, doctors, and other child welfare specialists.

Cyber News

March 31, 2021 – Hacker

Iranian credential thieves targeting medical researchers Full Text

Abstract

In late 2020, a well-known hacker group believed to be sponsored by the Iranian government started a credential harvesting campaign targeting United States and Israeli medical personnel, according to new research from Proofpoint.

SCMagazine

March 31, 2021 – Ransomware

Update: Cl0p ransomware gang leaks sensitive data from 6 US universites Full Text

Abstract

In a recent update, the infamous Cl0p ransomware group claimed to gain access to financial documents and passport information belonging to students and staff from six top universities in the US.

Hackread

March 31, 2021 – Hacker

Adversaries are using backdoored video game cheat engines and modding tools Full Text

Abstract

Talos detected a new cryptor used in several different malware campaigns hidden in files that users would usually download to install cheat codes into video games or other visual and game mods.

Cisco Talos

March 31, 2021 – Phishing

Scammers steal New Yorkers’ private info for benefits fraud Full Text

Abstract

New York's Department of Financial Services (DFS) warns of an ongoing series of attacks resulting in the theft of personal information belonging to hundreds of thousands of New Yorkers.

BleepingComputer

March 31, 2021 – Malware

Docker Hub Image that Downloaded Over 20 Million Times Come with Cryptominers Full Text

Abstract

Malicious Docker Hub containers infect 20 million with cryptomining malware. Aviv Sasson, part of the Palo Alto Networks threat intelligence team, Unit...

Cyber Security News

March 31, 2021 – Business

Critical Infrastructure Protection Firm OPSWAT Secures $125 Million Growth Funding Full Text

Abstract

Critical infrastructure protection firm OPSWAT has secured $125 million growth funding from Brighton Park Capital, to accelerate its global growth, invest in R&D, and pursue strategic acquisitions.

Security Week

March 31, 2021 – Hacker

Iranian hackers targeting US, Israeli medical researchers: analysis Full Text

Abstract

A hacking group associated with the Iranian government targeted senior medical researchers in the U.S. and Israel over the past few months, new research released Wednesday found.

The Hill

March 31, 2021 – General

Decided to move on from your NGAV/EDR? A Guide for Small Security Teams to What’s Next Full Text

Abstract

You're fully aware of the need to stop threats at the front door and then hunt any that got through that first gate, so your company installed an EPP/ EDR solution. But like most companies, you've already come across its shortcoming – and these are amplified since you have a small security team. More than likely, you noticed that it has its share of detection blind spots and limitations for which you need to tack on more detection technologies. Remediation requires manual effort, and in terms of operation, it's become too much of an investment on your already resource-constrained staff. Deployment took you ages, so you're somewhat wary of introducing new technology and going through that process again. What should you do – fight for more resources, flight from the EDR/ EPP combo to other technological solutions, or freeze by accepting this painful situation and updating the board that your risk levels remain high? When fight and freeze are typically the directio

The Hacker News

March 31, 2021 – General

Winner Crowned in “Hacker Games” Contest Promoting Secure Coding Skills Full Text

Abstract

University of Warwick achieves first place in Veracode’s inaugural Hacker Games

Infosecurity Magazine

March 31, 2021 – Government

What Did Gen. Nakasone Say About Defense Department Operations (Not Just Cyber Operations)? Full Text

Abstract

Some notes on a curious comment from Gen. Paul Nakasone, commander of U.S. Cyber Command.

Lawfare

March 31, 2021 – Vulnerabilities

Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape Full Text

Abstract

Researchers have reported to Google a sandbox escape vulnerability in the Chrome web browser to Google that awarded them $20,000. Experts from the Chinese cybersecurity company Qihoo 360 have reported to Google another sandbox escape vulnerability...

Security Affairs

March 31, 2021 – General

Iranian credential thieves targeting medical researchers Full Text

Abstract

SCMagazine

March 31, 2021 – APT

APT Charming Kitten Pounces on Medical Researchers Full Text

Abstract

Researchers uncover a credential-stealing campaign targeting genetic, neurology and oncology professionals.

Threatpost

March 31, 2021 – Vulnerabilities

Fake jQuery files infect WordPress sites with malware Full Text

Abstract

Researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. These files are named jquery-migrate.js & jquery-migrate.min.js and present at the exact locations where JavaScript files are normally present on WordPress sites but are malicious.

BleepingComputer

March 31, 2021 – Breach

Whistleblower claims Ubiquiti Networks data breach was ‘catastrophic’ Full Text

Abstract

A whistleblower involved in the response to a data breach suffered by networking equipment provider Ubiquiti Networks has claimed the incident was downplayed and could be described as "catastrophic."

ZDNet

March 31, 2021 – Hacker

Hackers are implanting multiple backdoors at industrial targets in Japan Full Text

Abstract

Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan. Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attacks undertaken by APT10 (aka Stone Panda or Cicada) using previously undocumented malware to deliver as many as three payloads such as SodaMaster, P8RAT, and FYAnti. The long-running intelligence-gathering operation first came into the scene in March 2019, with activities spotted as recently as November 2020, when reports emerged of Japan-linked companies being targeted by the threat actor in over 17 regions worldwide. The fresh attacks uncovered by Kaspersky are said to have occurred in January 2021. The infection chain leverages a multi-stage attack process, with the initial intrusion happening via abuse of SSL-VPN by exploiting unpatched vulnerabilities or stolen credential

The Hacker News

March 31, 2021 – Vulnerabilities

Most Global Chip Companies Show Signs of Compromise Full Text

Abstract

BlueVoyant report reveals widespread vulnerabilities and open ports

Infosecurity Magazine

March 31, 2021 – Breach

Email accounts of DHS members were compromised in the SolarWinds hack Full Text

Abstract

Russian hackers accessed the email accounts of US Department of Homeland Security (DHS) officials as a result of the SolarWinds hack. Russia-linked hackers were able to access email accounts belonging to US Department of Homeland Security (DHS) officials...

Security Affairs

March 31, 2021 – Vulnerabilities

Google Chrome for Linux is getting DNS-over-HTTPS, but there’s a catch Full Text

Abstract

Google Chrome developers have announced plans to roll out DNS-over-HTTPS (DoH) support to Chrome web browser for Linux. DoH has been supported on Google Chrome for other platforms, including Android, since at least 2020. But, there's a catch.

BleepingComputer

March 31, 2021 – General

Board directors need to play an active role in protecting their org from cyber risks Full Text

Abstract

A new report by WEF reveals that boards of directors need to play a more active role in protecting their organization from cyber risks – and provides a solution to this fragmentation.

Help Net Security

March 31, 2021 – Government

UK Cyber Security Council Officially Launches as Independent Body Full Text

Abstract

The council will be working on boosting professional standards in the cybersecurity industry

Infosecurity Magazine

March 31, 2021 – Vulnerabilities

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions Full Text

Abstract

IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms and mechanisms The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security...

Security Affairs

March 31, 2021 – Policy and Law

Pair accused of turning photos into vids to crack tax dept facial recognition system in China Full Text

Abstract

According to Xinhua, the suspects tricked the State Taxation Administration platform’s identity verification system by manipulating photos with a widely available app that turns photos into videos.

The Register

March 31, 2021 – Business

James Reynolds Joins SecureAge Technology to Lead Security Product Strategy Full Text

Abstract

Reynolds brings 30 years of IT experience to the data security firm

Infosecurity Magazine

March 31, 2021 – General

Microsoft: Firmware Attacks Outpacing Security Investments Full Text

Abstract

According to a new Security Signals report released Tuesday by Microsoft, a whopping 80 percent of businesses reported “at least one firmware attack” in the past two years.

Security Week

March 31, 2021 – Insider Threat

Three-Quarters of Legal Breaches Caused by Insiders Full Text

Abstract

NetDocuments FOI data shows scale of employee threat

Infosecurity Magazine

March 31, 2021 – General

APAC firms face growing cyberattacks, take more than a week to remediate Full Text

Abstract

Some 68% of businesses across six Asian markets say they have been breached, up from 32% in 2019, with an average 60.83% admitting to taking more than a week to remediate cybersecurity attacks.

ZDNet

March 31, 2021 – General

NHS Reduces Cyber-Skills Shortages but Breach Problems Remain Full Text

Abstract

Redscan study shows improvement but plenty still to do

Infosecurity Magazine

March 31, 2021 – General

Lack of IT-OT collaboration holding back smart factory security projects Full Text

Abstract

61% of firms have experienced cybersecurity incidents in their smart factories and are struggling to deploy the technology needed to effectively manage cyber risk, as per a Vanson Bourne survey.

Help Net Security

March 30, 2021 – Policy and Law

Palo Alto Networks latest security giant accused of patent infringement Full Text

Abstract

Centripetal claims Palo Alto executives used a series of meetings and technical demonstrations to gain insight into the company’s network security innovations, before incorporating them into a wide range of Palo Alto products. The situation highlights the potential risks for both parties if early stage partnership discussions are not handled with care.

SCMagazine

March 30, 2021 – General

Report: Healthcare haunted by account security Full Text

Abstract

A new study found that one in five files in health care are visible to all employees – including one in eight containing sensitive information. And more than three-quarters of organizations in the sector had at least 500 accounts that expire, and even more than that had at least a thousand “ghost accounts” of former employees that were never closed.

SCMagazine

March 30, 2021 – General

Hillicon Valley: Officials say cyber executive order with ‘a dozen’ actions forthcoming | Epic Games submits Apple complaint to UK watchdog | Facebook’s chief revenue officer to leave company Full Text

Abstract

Top federal officials teased an upcoming executive order to improve federal cybersecurity in the wake of two major international hacking incidents. Meanwhile, Epic Games filed a complaint about Apple’s “monopolistic” aspects with a British watchdog group, and a top Facebook official announced his departure.

The Hill

March 30, 202 – Government

Officials say executive order with ‘a dozen’ actions forthcoming after SolarWinds, Microsoft breaches Full Text

Abstract

Officials at the Department of Homeland Security (DHS) on Tuesday said that the Biden administration is working on “close to a dozen” action items to be included in an upcoming executive order meant to strengthen federal cybersecurity in the wake of two major breaches.

The Hill

March 30, 2021 – Government

The Cyberlaw Podcast: Can Editorial Middleware Cut the Power of the Big Platforms? Full Text

Abstract

The latest episode of the Cyberlaw Podcast.

Lawfare

March 30, 2021 – Ransomware

Ziggy Ransomware Gang Offers Refund to Victims Full Text

Abstract

Ziggy joins Fonix ransomware group and shuts down, with apologies to targets.

Threatpost

March 30, 2021 – Malware

Malicious Docker Cryptomining Images Rack Up 20M Downloads Full Text

Abstract

Publicly available cloud images are spreading Monero-mining malware to unsuspecting cloud developers.

Threatpost

March 30, 2021 – Solution

New ‘digital trust exchange’ removes risks of managing PII of job applicants Full Text

Abstract

The onus of responsible data stewardship fall on employing organizations, when in reality they’d probably prefer to move that burden elsewhere. Raj Ananthanpillai, CEO of Endera, believes he has created a solution to this problem.

SCMagazine

March 30, 2021 – Vulnerabilities

VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials Full Text

Abstract

VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published security updates to address multiple vulnerabilities in VMware vRealize Operations that...

Security Affairs

March 30, 2021 – Government

US govt warns that buying fake COVID-19 vaccine cards is a crime Full Text

Abstract

US federal agencies have warned today against making or selling fake COVID-19 vaccination record cards as this is breaking the law.

BleepingComputer

March 30, 2021 – General

What Would Happen If States Started Looking at Cyber Operations as a “Threat” to Use Force? Full Text

Abstract

States and other stakeholders can use Article 2(4) of the U.N. Charter to bar not just uses of force in cyberspace but also threats of such force by equal measure.

Lawfare

March 30, 2021 – Malware

New Android Malware Spotted Posing as System Update Full Text

Abstract

This RAT abuses Accessibility Services to gain access to instant messenger apps. Moreover, if the victim device is rooted, the spyware can collect database records too.

Cyware Alerts - Hacker News

March 30, 2021 – General

Cyberbullying Linked to Social Media Addiction Full Text

Abstract

University study finds social media addicts more likely to be cyber-bullies

Infosecurity Magazine

March 30, 2021 – Phishing

Crypto Scams: Past and Future Full Text

Abstract

In 2020, more than 400,000 crypto scams were observed. This was a 40% surge from 2019. The scams that topped the charts include giveaways, fake prizes, and sweepstakes.

Cyware Alerts - Hacker News

March 30, 2021 – Vulnerabilities

VMware fixes bug allowing attackers to steal admin credentials Full Text

Abstract

VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers.

BleepingComputer

March 30, 2021 – Education

Dog Helps Kids Stay Safe Online Full Text

Abstract

Lacey the dog teaches children about cybersecurity awareness in new book by CISO

Infosecurity Magazine

March 30, 2021 – Hacker

SolarWinds Attackers Accessed DHS Emails, Report Full Text

Abstract

Current and former administration sources say the nation-state attackers were able to read the Homeland Security Secretary’s emails, among others.

Threatpost

March 30, 2021 – Phishing

Scammers target universities in ongoing IRS phishing attacks Full Text

Abstract

The Internal Revenue Service (IRS) is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions.

BleepingComputer

March 30, 2021 – Criminals

#LORCALive: Nation State Cooperation Essential to Fighting Scourge of Cybercrime Full Text

Abstract

Can more dialogue be promoted between rival nations?

Infosecurity Magazine

March 30, 2021 – Ransomware

Younger Ransomware Victims More Likely to Pay Up Full Text

Abstract

Research finds fewer ransomware victims over the age of 55 pay to recover their data

Infosecurity Magazine

March 30, 2021 – General

New U.K. NCSC chief stresses on the importance of investing in cybersecurity hygiene Full Text

Abstract

So-called cyber-attack insurance "cannot be a substitute for better basic cybersecurity," the National Cyber Security Centre's chief exec has said in her first major speech since taking office.

The Register

March 30, 2021 – Breach

US: DeKalb County schools notify parents about data breach Full Text

Abstract

Some students at the DeKalb County School District may have their personal information exposed in a 2019 security breach at PCS Revenue Control Systems, a school nutrition technology services firm.

AJC

March 30, 2021 – Breach

Leading Indian fintech platform MobiKwik denies data breach Full Text

Abstract

Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers.

BleepingComputer

March 30, 2021 – General

52% of Indian firms report cyberattack in the last 12 months Full Text

Abstract

About 52 percent of Indian organizations said they fell victim to a successful cybersecurity attack in the last 12 months, according to a survey released on Tuesday by Sophos.

The Times Of India

March 30, 2021 – Vulnerabilities

Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites Full Text

Abstract

Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites. On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress...

Security Affairs

March 30, 2021 – Phishing

Australian telcos have blocked over 55 million scam calls since December Full Text

Abstract

Australian Communications Minister Paul Fletcher said on Tuesday that Australian telcos have blocked over 55 million scam calls since the industry got a new scam call code in December.

ZDNet

March 30, 2021 – Denial Of Service

Akamai Sees Largest DDoS Extortion Attack Known to Date Full Text

Abstract

Distributed denial of service (DDoS) attacks are growing bigger in volume, and they have also become more targeted and increasingly persistent, according to web security services provider Akamai.

Security Week

March 30, 2021 – Business

Multi-Cloud Data Protection Vendor HYCU Closes $87.5M Funding Round Full Text

Abstract

HYCU, which was founded in April 2018, managed to stay completely private for a very long time before working with Bain Capital Ventures, which is leading the A funding round, said CEO Simon Taylor.

CRN

March 30, 2021 – General

Microsoft Exchange attacks increase while WannaCry gets a restart Full Text

Abstract

The recently patched vulnerabilities in Microsoft Exchange have sparked new interest among cybercriminals, who increased the volume of attacks focusing on this particular vector.

BleepingComputer

March 30, 2021 – Breach

MobiKwik Data Breach – Hackers Selling Over 8TB of Users Personal and Financial Data Full Text

Abstract

Threat actor offers to sell 8 TB of MobiKwik’s personal and financial data on almost 100M consumers. MobiKwik is India’s leading fintech...

Cyber Security News

March 30, 2021 – Ransomware

Ransomware negotiations: An inside look at the process Full Text

Abstract

Cyber insurance carriers typically have lists or "panels" of approved vendors for various incident response services that address breaches and ransomware attacks, including ransomware negotiations.

Tech Target

March 30, 2021 – Ransomware

Double-Extortion Ransomware Attacks Surged in 2020 Full Text

Abstract

15 ransomware families were observed using double-extortion tactics last year, compared to just one in 2019

Infosecurity Magazine

March 30, 2021 – Vulnerabilities

Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations Full Text

Abstract

Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Kernel updates released in March have addressed a couple of vulnerabilities that could...

Security Affairs

March 30, 2021 – Policy and Law

Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website Full Text

Abstract

A class-action suit in Florida accuses the tech giant of unlawfully intercepting communications by using session-replay software to capture the interaction of people visiting the corporate homepage Intel.com.

Threatpost

March 30, 2021 – Breach

PHP Git Server Hacked – Attackers Insert Secret Backdoor to Its Source Code Full Text

Abstract

Threat actors have recently managed to gain control of PHP's Git repository by implementing two back doors to the code. However, the...

Cyber Security News

March 30, 2021 – Phishing

Steam users: Don’t fall for the “I accidentally reported you” scam Full Text

Abstract

The fraudsters behind the “I accidentally reported you” Steam scam usually approach their targets under the pretext that they need something, or they have something to say.

Malwarebytes Labs

March 30, 2021 – General

Concern as Ransomware and Exchange Server Attacks Surge Full Text

Abstract

Check Point urges admins to patch now

Infosecurity Magazine

March 30, 2021 – Vulnerabilities

Hundreds of thousands of projects affected by a flaw in netmask npm package Full Text

Abstract

A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could be exploited by attackers to conduct a variety of attacks. A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could expose private networks to multiple...

Security Affairs

March 30, 2021 – General

Manufacturing Firms Learn Cybersecurity the Hard Way Full Text

Abstract

Manufacturing firms have become a top target of cybercriminals and nation-state groups, with 61% of firms experiencing a security incident affecting their factories, as per a report by Trend Micro.

Dark Reading

March 30, 2021 – Malware

Fileless Malware Detections Soar 900% in 2020 Full Text

Abstract

Attackers continue to look for ways to evade detection

Infosecurity Magazine

March 30, 2021 – Attack

30 Docker images downloaded 20M times in cryptojacking attacks Full Text

Abstract

Experts discovered that 30 malicious Docker images with a total number of 20 million pulls were involved in cryptomining operations. Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million...

Security Affairs

March 30, 2021 – Outage

London-based Multi-Academy Trust Harris Federation Suffers System Outage Due to Ransomware Attack Full Text

Abstract

Once discovered the ransomware infection, the IT staff at the nonprofit organization has taken its systems offline along with the email and landline phone systems, and students’ devices.

Security Affairs

March 30, 2021 – Hacker

SolarWinds Attackers Accessed DHS Secretary’s Emails — Report Full Text

Abstract

Trump administration’s security boss and staff compromised

Infosecurity Magazine

March 30, 2021 – Ransomware

Ransomware Attack at New York-based Personal Touch Holding Corp Affects Over 753,000 Patients, Employees Full Text

Abstract

A home healthcare company says a data breach affecting more than 753,000 patients, employees and former workers stems from a ransomware attack on its private cloud hosted by managed service providers.

Info Risk Today

March 30, 2021 – Ransomware

Clop Ransomware Group Leaks Data Allegedly Stolen from Universities of Maryland, California Full Text

Abstract

The Clop ransomware group has posted financial documents and passport information allegedly belonging to the University of Maryland and the University of California online.

ZDNet

March 30, 2021 – General

Australia investigates reported hacks aimed at parliament, media Full Text

Abstract

Australian officials are investigating two apparent security issues that have resulted in downtime for a parliamentary email system, and technical issues for a popular television broadcaster.

Cyberscoop

March 30, 2021 – Policy and Law

US charges close to 500 individuals for COVID-19 fraud, criminal activity Full Text

Abstract

In an update published last week, the DoJ said that 474 defendants to date have been publicly charged "with criminal offenses based on fraud schemes connected to the COVID-19 pandemic."

ZDNet

March 30, 2021 – Vulnerabilities

Researchers discover SAML XML Injection vulnerability Full Text

Abstract

The flaw could allow an attacker to modify SAML responses generated by an Identity Provider, and thereby gain unauthorized access to user accounts, or to escalate privileges within an application.

NCC Group

March 29, 2021 – Breach

MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed Full Text

Abstract

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal information such as: customer names, hashed passwords, email addresses, residential addresses, GPS locations, list of installed apps, partially-masked credit card numbers, connected bank accounts and associated account numbers, and know your customer (KYC) documents of 3.5 million users. Even worse, the leak also shows that MobiKwik does not delete the card information from its servers even after a user has removed them, in what's likely a breach of government regulations. New guidelines issued by India's apex banking institution, the Reserve Bank of India, prohibit online merchants, e-commerce websites, and payment aggregators from storing card details of a customer online.

The Hacker News

March 29, 2021 – Vulnerabilities

Apple patches zero-day targeted for iPhones, iPads and its popular watches Full Text

Abstract

Apple on Friday said it patched a zero-day cross-site scripting vulnerability affecting iPhones, iPads, the iPod touch and Apple watches that was actively exploited in the wild – the company’s seventh such announcement of a zero-day patch in the past five months. The Cybersecurity and Infrastructure Security Agency (CISA) issued a release on the bug…

SCMagazine

March 29, 2021 – General

Hillicon Valley: Amazon union vote count to start for Alabama warehouse | Hackers accessed emails of top DHS officials as part of SolarWinds breach: report | Ex-Google exec launches left-leaning tech coalition Full Text

Abstract

The contentious unionization vote at Amazon’s Alabama warehouse is pushing forward with ballots set to be tabulated starting this week. Fallout from what has become known as the SolarWinds breach continued with news of hackers reportedly breaching email accounts of top Department of Homeland Security officials. Meanwhile, a former Google executive on Monday launched a new tech coalition backed by some of the top companies in the industry amid mounting scrutiny from Washington.

The Hill

March 29, 2021 – Policy and Law

Judge denies Cisco new trial, upholds judgement in patent infringement suit Full Text

Abstract

A district judge summarily dimissed the company’s request for a new trial, writing that the “most compelling evidence [for infringement] originated in Cisco’s own technical documents introduced at trial by Centripetal.”

SCMagazine

March 29, 2021 – General

Time suck: Security awareness pros are getting sidetracked from core functions Full Text

Abstract

A new report urges awareness program leaders to delegate and outsource tasks that are not central to their main responsibilities.

SCMagazine

March 29, 2021 – Ransomware

London-based academies Harris Federation hit by ransomware attack Full Text

Abstract

Harris Federation, the multi-academy trust of 50 primary and secondary academies in and around London, was hit by a ransomware attack. A ransomware attack hit the IT systems of London-based nonprofit multi-academy trust Harris Federation on Saturday,...

Security Affairs

March 29, 2021 – Ransomware

Hades Ransomware Gang Exhibits Connections to Hafnium Full Text

Abstract

There could be more than immediately meets the eye with this targeted attack group.

Threatpost

March 29, 2021 – Policy and Law

US Imprisons BEC Scammer Full Text

Abstract

Texas resident scammed schools, senior citizens, and charity supporting families of the terminally ill

Infosecurity Magazine

March 29, 2021 – Malware

Docker Hub images downloaded 20M times come with cryptominers Full Text

Abstract

Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years.

BleepingComputer

March 29, 2021 – Ransomware

Beware of Mamba Ransomware - FBI Alerts Full Text

Abstract

Mamba ransomware is being used to target local governments, tech services, legal services, public transportation agencies, and industrial, construction, manufacturing, and commercial businesses.

Cyware Alerts - Hacker News

March 29, 2021 – Phishing

The Next Wave of Scams is Bleeding Internet Users Full Text

Abstract

Rampant scams continue to diddle thousands of online users worldwide. L osses from these financially motivated BEC and EAC scams surpassed $1.86 billion in 2020.

Cyware Alerts - Hacker News

March 29, 2021 – Ransomware

Evil Corp is Now Using Hades Ransomware to Evade Sanctions Full Text

Abstract

Operators behind Hades ransomware are getting their hands even dirtier as they attempt to bypass the sanctions put by federal agencies. Recently, it compromised three major companies in the U.S.

Cyware Alerts - Hacker News

March 29, 2021 – General

Educational Institutions Getting No Break from Cyberattacks Full Text

Abstract

Experts warn of a spike in cybercriminals targeting schools, colleges, and universities. Stakeholders are recommended to devise a robust strategy to parry attacks.

Cyware Alerts - Hacker News

March 29, 2021 – Ransomware

Harris Federation hit by ransomware attack affecting 50 schools Full Text

Abstract

The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday.

BleepingComputer

March 29, 2021 – Malware

Rise of Linux Malware, Spoofing, and COVID-19 Full Text

Abstract

Based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries, IBM's new report underlines top trends from the last year.

Cyware Alerts - Hacker News

March 29, 2021 – General

More Solutions Doesn’t Mean More Protection Full Text

Abstract

Data loss struck over 50% of organizations last year despite most running up to 10 cybersecurity solutions

Infosecurity Magazine

March 29, 2021 – APT

China-linked RedEcho APT took down part of its C2 domains Full Text

Abstract

China-linked APT group RedEcho has taken down its attack infrastructure after it was exposed at the end of February by security researchers. China-linked APT group RedEcho has taken down its attack infrastructure after security experts have exposed...

Security Affairs

March 29, 2021 – Breach

Hackers accessed emails of top DHS officials as part of SolarWinds breach: report Full Text

Abstract

Hackers involved in what has become known as the SolarWinds breach accessed email accounts of top officials at the Department of Homeland Security (DHS) along with other personal information of senior federal officials, the Associated Press reported Monday.

The Hill

March 29, 2021 – Education

Bumble Launches Online Safety Guide Full Text

Abstract

Dating app starts Stand for Safety initiative to protect women from online abuse

Infosecurity Magazine

March 29, 2021 – General

#LORCALive: More Work Required to Realize the Potential of AI in Cybersecurity Full Text

Abstract

What are the main concerns regarding the use of AI in cybersecurity?

Infosecurity Magazine

March 29, 2021 – Vulnerabilities

Patched Linux bugs nix Spectre mitigations Full Text

Abstract

Spectre is a flaw in speculative execution in Intel, ARM and AMD processors that first came to light in 2018. The vulnerability could ultimately reveal the contents of memory.

SCMagazine

March 29, 2021 – Hacker

RedEcho group parks domains after public exposure Full Text

Abstract

RedEcho, which was linked to a campaign that targeted India’s power grid, has taken down its attack infrastructure after having its operations exposed at the end of February 2021.

The Record

March 29, 2021 – General

In wake of giant software hacks, application security tactics due for an overhaul Full Text

Abstract

Rising rates of vulnerabilities, a more complex development environment and a lack of industry standards are putting software applications at risk. Can newer security tools and processes turn the tide?

SCMagazine

March 29, 2021 – Malware

PHP Infiltrated with Backdoor Malware Full Text

Abstract

The server for the web-application scripting language was compromised on Sunday.

Threatpost

March 29, 2021 – Attack

PHP’s Git server hacked to add backdoors to PHP source code Full Text

Abstract

In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if they were made by known PHP developers.

BleepingComputer

March 29, 2021 – Malware

New Advanced Android Malware Poses as “System Update” to Steal Messages, Images and Taking Control of Android Phones Full Text

Abstract

Zimperium zLabs researchers revealed unsecured cloud configurations exposing information in thousands of legitimate iOS and Android apps. zLabs is warning Android users...

Cyber Security News

March 29, 2021 – Breach

Call Center Provider Experiences Major Data Leak Full Text

Abstract

From the time when it was exposed till when it was secured again, the database logged 1.48 million robocalls altogether and the majority of the calls were outgoing but some callbacks were also logged.

Hackread

March 29, 2021 – Vulnerabilities

Flaws in Ovarro TBox RTUs Could Open Industrial Systems to Remote Attacks Full Text

Abstract

As many as five vulnerabilities have been uncovered in Ovarro's TBox remote terminal units (RTUs) that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. "Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory published on March 23. TBox is an "all-in-one" solution for automation and control systems for supervisory control and data acquisition ( SCADA ) applications, with its telemetry software used for remote control and monitoring of assets in a number of critical infrastructure sectors, such as water, power, oil and gas, transportation, and process industries. TBox devices can be programmed using a software suite called TWinSoft, which allows for the creation of interactive web pages, where users

The Hacker News

March 29, 2021 – Business

ClubCISO Appoints Stephen Khan as its New Chair Full Text

Abstract

Khan replaces Dr Jessica Barker in the role

Infosecurity Magazine

March 29, 2021 – Breach

Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code Full Text

Abstract

Threat actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. Unknown attackers hacked the official Git server of the PHP programming language and pushed unauthorized...

Security Affairs

March 29, 2021 – General

Meet the 2021 SC Awards judges Full Text

Abstract

Introducing our esteemed panel of judges for the SC Trust and Excellence Awards, cybersecurity leaders contributing from health care, engineering, finance, education, manufacturing, non profit, and consulting, among others.

SCMagazine

March 29, 2021 – Insider Threat

SpaceX Engineer Pleads Guilty for Insider Trading on the Dark Web Full Text

Abstract

A SpaceX engineer pleaded guilty for exchanging insider trading tips on the dark web. James Roland Jones, aged 33, of Hermosa Beach,...

Cyber Security News

March 29, 2021 – Malware

A new Android spyware masquerades as a ‘system update’ Full Text

Abstract

The spyware can steal messages, contacts, device details, browser bookmarks and search history, record calls and ambient sound from the microphone, and take photos using the phone’s cameras.

TechCrunch

March 29, 2021 – Vulnerabilities

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems Full Text

Abstract

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions. While CVE-2020-27170 can be abused to reveal content from any location within the kernel memory, CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory. First documented in January 2018, Spectre and Meltdown take advantage of flaws in modern processors to leak data that are currently processed on the computer, thereby allowing

The Hacker News

March 29, 2021 – Ransomware

Hades Ransomware Linked to Hafnium and Exchange Attacks Full Text

Abstract

Awake Security report claims ransom may not be group’s primary goal

Infosecurity Magazine

March 29, 2021 – Ransomware

Ziggy ransomware admin announced it will refund victims who paid the ransom Full Text

Abstract

Administrator of Ziggy ransomware recently announced the end of the operation, and now is promising that its victims will have back their money. In an unusual move, the administrator of Ziggy ransomware after the announcement of the end of the operation...

Security Affairs

March 29, 2021 – Outage

Live Broadcast at Australia’s Channel Nine Goes Down due to Cyberattack Full Text

Abstract

The broadcaster was unable to air its Sunday morning news program, which runs from 7:00 AM to 1:00 PM from Sidney. The 5:00 PM news program, which is transmitted from Melbourne, did not go to air too.

Security Affairs

March 29, 2021 – Phishing

How to Effectively Prevent Email Spoofing Attacks in 2021? Full Text

Abstract

Email spoofing is a growing problem for an organization's security. Spoofing occurs when a hacker sends an email that appears to have been sent from a trusted source/domain. Email spoofing is not a new concept. Defined as "the forgery of an email address header to make the message appear as if it was sent from a person or location other than the actual sender," it has plagued brands for decades. When an email is sent, the From address doesn't show which server the email was actually sent from - instead, it shows the domain that was entered when the address was created so as not to arouse suspicion among recipients. With the amount of data flowing through email servers these days, it should come as no surprise that spoofing is a problem for businesses. At the end of 2020, we found that phishing incidents were up a staggering 220% year-over-year at the height of the global pandemic scare. Since not all spoofing attacks are large-scale, the actual number could be muc

The Hacker News

March 29, 2021 – General

#IMOS21: Infosecurity Magazine Spring Online Summit Now Available On-Demand Full Text

Abstract

Full event now available to watch anytime, anywhere!

Infosecurity Magazine

March 29, 2021 – Malware

New Purple Fox version includes Rootkit and implements wormable propagation Full Text

Abstract

Researchers from Guardicore have spotted a new variant of the Purple Fox Windows malware that implements worm-like propagation capabilities. Researchers from Guardicore have discovered a new version of the Purple Fox Windows malware that implements...

Security Affairs

March 29, 2021 – Breach

BackBlaze Mistakenly Shared Backup Meta Data with Facebook Full Text

Abstract

Earlier this month, a user reported to Backblaze the fact that the B2 web UI looked like it was submitting all of the names and sizes of his files in the B2 bucket to Facebook.

Heimdal Security

March 29, 2021 – Insider Threat

UK’s CNI Security Threatened by Staff Burnout Full Text

Abstract

IT skills shortage could also weaken Britain’s defense against attacks on critical national infrastructures

Infosecurity Magazine

March 29, 2021 – Vulnerabilities

No, I Did Not Hack Your MS Exchange Server — Krebs on Security Full Text

Abstract

The motivations of the cybercriminals behind the Krebonsecurity dot top domain are unclear, but the domain itself has a recent association with other cybercrime activity — and harassing this author.

Krebs on Security

March 29, 2021 – Phishing

German MPs Hit by Russian-Backed Phishing Attacks Full Text

Abstract

GRU-linked Ghostwriter group pegged for involvement

Infosecurity Magazine

March 29, 2021 – Outage

Aussie TV Network Taken Off Air by Ransomware Full Text

Abstract

No ransom demand could indicate state involvement

Infosecurity Magazine

March 28, 2021 – Breach

PHP’s Git Server Hacked to Insert Secret Backdoor to Its Source code Full Text

Abstract

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted "php-src" repository hosted on the git.php.net server, illicitly using the names of Rasmus Lerdorf, the author of the programming language, and Nikita Popov, a software developer at Jetbrains. The changes are said to have been made yesterday on March 28. "We don't yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account)," Popov said in an announcement. The changes, which were committed as " Fix Typo " in an attempt to slip through undetected as a typographical correction, involved provisions for execution of arbitrary PHP code. "This line executes PHP code fro

The Hacker News

March 28, 2021 – Ransomware

Ransomware admin is refunding victims their ransom payments Full Text

Abstract

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back.

BleepingComputer

March 28, 2021 – Vulnerabilities

Critical netmask networking bug impacts thousands of applications Full Text

Abstract

Popular npm component netmask has a critical networking vulnerability, CVE-2021-28918. netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads.

BleepingComputer

March 28, 2021 – APT

MuddyWater APT Goes Ham on its Targets Full Text

Abstract

This month, Trend Micro attributed the politically-motivated hacking group to a newly discovered cyber espionage campaign dubbed Earth Vetala.

Cyware Alerts - Hacker News

March 28, 2021 – Vulnerabilities

Experts found two flaws in Facebook for WordPress Plugin Full Text

Abstract

A critical flaw in the official Facebook for WordPress plugin could be abused exploited for remote code execution attacks. Researchers at Wordfence have discovered two vulnerabilities in the Facebook for WordPress plugin, which has more than 500,000...

Security Affairs

March 28, 2021 – Vulnerabilities

QNAP NAS Devices: A Juicy Target for Cryptominers Full Text

Abstract

A group of researchers from Qihoo 360 found QNAP’s unpatched NAS devices targeted by a newly discovered malware named UnityMiner.

Cyware Alerts - Hacker News

March 28, 2021 – Outage

Hackers disrupted live broadcasts at Channel Nine. Is it a Russian retaliation? Full Text

Abstract

A cyber attack has disrupted the Australian Channel Nine's live broadcasts, the company was unable to transmit its Sunday morning news program. A cyber attack has hit the Australian Channel Nine's live broadcasts causing the disruption of its operations....

Security Affairs

March 28, 2021 – Ransomware

CompuCom MSP expects over $20M in losses after ransomware attack Full Text

Abstract

American managed service provider CompuCom is expecting losses of over $20 million following this month's DarkSide ransomware attack that took down most of its systems.

BleepingComputer

March 28, 2021 – Vulnerabilities

Over 62,000 Microsoft Exchange Servers, Still Left unpatched Full Text

Abstract

Microsoft has recently published a very new, one-click mitigation tool, as Microsoft has recently identified various 0-day exploits that are generally being...

Cyber Security News

March 28, 2021 – Vulnerabilities

QNAP urges users to take action to protect devices against Brute-Force attacks Full Text

Abstract

Taiwanese manufacturer QNAP published an alert urging its customers to secure their devices after a growing number of users reported that their devices have been hit by brute-force attacks. This week the Taiwanese vendor QNAP has published an alert...

Security Affairs

March 28, 2021 – General

Security Affairs newsletter Round 307 Full Text

Abstract

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. CISA releases...

Security Affairs

March 28, 2021 – Government

US Gov Executive Order would oblige to disclose security breach impacting gov users Full Text

Abstract

According to a proposed executive order of the Biden administration, software vendors would have to disclose breaches to U.S. government users. The Reuters agency revealed that an executive order proposed by the Biden administration will oblige software...

Security Affairs

March 27, 2021 – Denial Of Service

New DCCP Request-based DDoS Attack Vector Emerges Full Text

Abstract

The protocol abused is known as Datagram Congestion Control Protocol (DCCP) that offers data congestion procedures for UDP-based communications.

Cyware Alerts - Hacker News

March 27, 2021 – Attack

Instagram Business Accounts Under Attack by CopperStealer Full Text

Abstract

This malware is now targeting Instagram and Facebook business accounts to steal passwords stored in Edge, Chrome, Opera, Firefox, and Yandex.

Cyware Alerts - Hacker News

March 27, 2021 – Vulnerabilities

DearCry Enters the Threat Landscape to Exploit Exchange Servers Full Text

Abstract

The encryption approach taken by this ransomware matches that of WannaCry, however, not other similarities have been observed between the two.

Cyware Alerts - Hacker News

March 27, 2021 – Ransomware

Clop Ransomware gang now contacts victims’ customers to force victims into pay a ransom Full Text

Abstract

Clop ransomware operators now email victim's customers and ask them to demand a ransom payment to protect their privacy to force victims into paying the ransom. Clop ransomware operators are switching to a new tactic to force victims into paying the ransom...

Security Affairs

March 27, 2021 – Malware

Experts spotted a new advanced Android spyware posing as “System Update” Full Text

Abstract

Researchers spotted a sophisticated Android spyware that implements exfiltration capabilities and surveillance features, including recording audio and phone calls. Experts from security firm Zimperium have spotted a new sophisticated Android spyware...

Security Affairs

March 27, 2021 – Ransomware

FatFace sends controversial data breach email after ransomware attack Full Text

Abstract

British clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a ransomware attack earlier this year.

BleepingComputer

March 27, 2021 – Privacy

Watch Out! That Android System Update May Contain A Powerful Spyware Full Text

Abstract

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices. "The spyware creates a notification if the device's screen is off when it receives a command using the Firebase messaging service," Zimperium researchers said in a Friday analysis. "The 'Searching for update..' is not a legitimate notification from the operating system, but the spyware." Once installed, the sophisticated spyware campaign sets about its task by registering the device with a Firebase command-and-control (C2) server with information such as battery percentage, sto

The Hacker News

March 27, 2021 – Vulnerabilities

Apple released out-of-band updates for a new Zero‑Day actively exploited Full Text

Abstract

Apple has released new out-of-band updates for iOS, iPadOS, macOS and watchOS to address another zero‑day flaw, tracked CVE-2021-1879, actively exploited. Apple has released a new set of out-of-band patches for iOS, iPadOS, macOS and watchOS to address...

Security Affairs

March 27, 2021 – Malware

New Android malware spies on you while posing as a System Update Full Text

Abstract

New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is read to be exfiltrated.

BleepingComputer

March 26, 2021 – Vulnerabilities

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack Full Text

Abstract

Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Tracked as CVE-2021-1879 , the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks. "This issue was addressed by improved management of object lifetimes," the iPhone maker noted. Apple has credited Clement Lecigne and Billy Leonard of Google's Threat Analysis Group for discovering and reporting the issue. While details of the flaw have not been disclosed, the company said it's aware of reports that CVE-2021-1879 may have been actively exploited. Updates are available for the following devices: iOS 12.5.2 - Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6t

The Hacker News

March 26, 2021 – Ransomware

Ransomware gang urges victims’ customers to demand a ransom payment Full Text

Abstract

A ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy.

BleepingComputer

March 26, 2021 – Vulnerabilities

Apple fixes a iOS zero-day vulnerability actively used in attacks Full Text

Abstract

Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.

BleepingComputer

March 26, 2021 – Ransomware

Microsoft: Black Kingdom ransomware group hacked 1.5K Exchange servers Full Text

Abstract

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks.

BleepingComputer

March 26, 2021 – Ransomware

The Week in Ransomware - March 26th 2021 - Attacks increase Full Text

Abstract

Ransomware attacks against the enterprise continue in the form of Accellion data leaks, full-fledged ransomware attacks, and more ransomware gangs targeting Microsoft Exchange.

BleepingComputer

March 26, 2021 – Breach

Feedzai Lands $200M in Series C Funding Full Text

Abstract

Feedzai, a late-stage fintech startup, is the latest entrant into cybersecurity’s unicorn club after snagging a new $200 million funding round that values the company at more than $1 billion.

Security Week

March 26, 2021 – General

Hillicon Valley: Parler claims it alerted FBI to threats before Capitol riot | Warner presses Zuckerberg to tackle vaccine misinfo on Facebook, Instagram | U.S. schools increasingly resuming in-person learning Full Text

Abstract

Social media platform Parler revealed that it flagged concerning material for the FBI ahead of the January 6 U.S. Capitol riot. Meanwhile, a leading senator expressed serious concerns around Facebook’s handling of COVID-19 vaccine misinformation on both Facebook and Instagram, and new data shows schools are increasingly moving back into in-person learning.

The Hill

March 26, 2021 – Vulnerabilities

OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities Full Text

Abstract

The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450 , both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL 1.1.1 versions, CVE-2021-3450 impacts OpenSSL versions 1.1.1h and newer. OpenSSL is a software library consisting of cryptographic functions that implement the Transport Layer Security protocol with the goal of securing communications sent over a computer network. According to an advisory published by OpenSSL, CVE-2021-3449 concerns a potential DoS vulnerability arising due to NULL pointer dereferencing that can cause an OpenSSL TLS server to crash if in the course of renegotiation the client transmits a malicious "ClientHello" message during the handshake between the server and

The Hacker News

March 26, 2021 – Phishing

Phished Healthcare Provider Takes Legal Action Against Amazon Full Text

Abstract

SalusCare turns to the law after Amazon denies request to view storage buckets allegedly housing healthcare provider’s stolen data

Infosecurity Magazine

March 26, 2021 – General

Enterprise Cybersecurity Measurement Full Text

Abstract

Enterprises can manage, mitigate and monitor their cyber risks by mapping threats and adversary tactics, techniques and procedures to known vulnerabilities. Ultimately, the goal is to have a scalable, reproducible metric for risk.

Lawfare

March 26, 2021 – Attack

German Parliament Bundestag targeted again by Russia-linked hackers Full Text

Abstract

Several members of the German Parliament (Bundestag) and other members of the state parliament were hit by a targeted attack allegedly launched by Russia-linked hackers. German newspaper Der Spiegel revealed that email accounts of multiple members...

Security Affairs

March 26, 2021 – Vulnerabilities

New, critical vulnerability discovered that could let attackers gain entry to SolarWinds systems Full Text

Abstract

While not great news for SolarWinds, it’s also not surprising, say researchers, considering that the software has been under the spotlight for months.

SCMagazine

March 26, 2021 – Ransomware

Ransomware gang urges victims’ customers to fight for their privacy Full Text

Abstract

A ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy.

BleepingComputer

March 26, 2021 – Government

Watch out for Russia and China, UK’s cyber security boss says Full Text

Abstract

Russia poses the most acute immediate threat to the United Kingdom in cyberspace while China’s ambition to be dominant in a host of new technologies will transform the 21st Century world we live in, the head of Britain’s cybersecurity center said.

Reuters

March 26, 2021 – Disinformation

Warner presses Zuckerberg to tackle vaccine misinformation on Facebook, Instagram Full Text

Abstract

Senate Intelligence Committee Chairman Mark Warner (D-Va.) on Friday pressed Facebook to do more to combat the spread of COVID-19 vaccine misinformation on both its platform and Instagram.

The Hill

March 26, 2021 – Policy and Law

NGA Picks Four States for Academy on Cybersecurity Policy Full Text

Abstract

Kansas, Missouri, Montana, and Washington to work with National Governors Association

Infosecurity Magazine

March 26, 2021 – Ransomware

Hades ransomware gang targets big organizations in the US Full Text

Abstract

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. Accenture's Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams published an...

Security Affairs

March 26, 2021 – Business

FatFace disclosure a case study in ‘bungling the process’ Full Text

Abstract

U.K.-clothing retailer FatFace has egg on its face after a botched disclosure letter customers and security professionals consider too late, too secretive and too hard to confirm.

SCMagazine

March 26, 2021 – Attack

German Parliament targeted again by Russian state hackers Full Text

Abstract

Email accounts of multiple German Parliament members were targeted in a spearphishing attack. It is not yet known if any data was stolen during the incident.

BleepingComputer

March 26, 2021 – Hacker

Suspected Chinese Group Exploiting Microsoft Exchange Servers Full Text

Abstract

Beginning on March 1, 2021, Recorded Future’s Insikt Group identified a large increase in victim communications to PlugX command and control (C2) infrastructure publicly attributed to the suspected Chinese state-sponsored group Calypso APT.

Recorded Future

March 26, 2021 – Ransomware

FBI Issues Mamba Alert Full Text

Abstract

Feds flag danger of ransomware that weaponizes DiskCryptor

Infosecurity Magazine

March 26, 2021 – Vulnerabilities

Companies don’t bother to patch. Should MSPs cut them out of decision process? Full Text

Abstract

Companies continue to be exploited via Microsoft Exchange vulnerabilities due to inaction.

SCMagazine

March 26, 2021 – Vulnerabilities

Apple fixes iOS zero-day vulnerability exploited in the wild Full Text

Abstract

Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.

BleepingComputer

March 26, 2021 – Ransomware

Sierra Wireless partially restores network following ransomware attack Full Text

Abstract

The Canadian company Sierra Wireless became the victim of a ransomware attack against its IT systems on March 20, disrupting internal operations and production facilities.

ZDNet

March 26, 2021 – Ransomware

Microsoft: Black Kingdom ransomware hacked 1.5K Exchange servers Full Text

Abstract

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks.

BleepingComputer

March 26, 2021 – Malware

Trickbot Malware Is Now Spreading Via Phishing Emails Full Text

Abstract

As per a joint statement of the FBI and the CISA, one of the most widespread and powerful forms of malware, Trickbot malware, is now being used in spear-phishing campaigns in an attempt to infect PCs.

Heimdal Security

March 26, 2021 – Ransomware

Hades ransomware operators are hunting big game in the US Full Text

Abstract

Accenture's Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams has published an analysis into the latest Hades campaign which has been operating since at least December 2020 until this month.

ZDNet

March 26, 2021 – Vulnerabilities

Vulnerabilities Can Allow Attackers to Remotely Gain Control of Weintek HMIs Full Text

Abstract

A cybersecurity researcher who specializes in industrial control systems (ICS) has identified three types of critical vulnerabilities in products made by human-machine interface (HMI) manufacturer Weintek.

Security Week

March 26, 2021 – Vulnerabilities

SolarWinds patches critical code execution bug in Orion Platform Full Text

Abstract

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two o them allowing remote attackers to execute arbitrary code following exploitation.

BleepingComputer

March 26, 2021 – Vulnerabilities

Nearly Half of Popular Android Apps Built With High-Risk Components Full Text

Abstract

Almost all of the most popular Android applications use open source components, but many of those components are outdated and have at least one high-risk vulnerability, as per an analysis by Synopsys.

Dark Reading

March 26, 2021 – General

UK Security Chief: CEOs Must Get Closer to Their CISOs Full Text

Abstract

Lindy Cameron to make first speech as NCSC boss today

Infosecurity Magazine

March 26, 2021 – Vulnerabilities

Solarwinds Orion Platform updates fix two remote code execution issues Full Text

Abstract

Solarwinds released security updates that address multiple vulnerabilities, including two flaws that be exploited by attackers for remote code execution. Solarwinds has released a major security update to address multiple security vulnerabilities...

Security Affairs

March 26, 2021 – Vulnerabilities

OpenSSL Project released 1.1.1k version to fix two High-severity flaws Full Text

Abstract

The issue affects servers running OpenSSL 1.1.1 versions with TLS 1.2 and renegotiation enabled, which is the default configuration. The vulnerability was reported by two researchers from Nokia.

Security Affairs

March 26, 2021 – Insider Threat

Burned Out Employees Put Corporate Security at Risk Full Text

Abstract

Remote workers are making mistakes and using shadow IT

Infosecurity Magazine

March 26, 2021 – Business

Google Announces the Android Ready SE Alliance Full Text

Abstract

Google announced the formation of the Android Ready SE Alliance. SE vendors are joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets.

Chrome Releases

March 26, 2021 – Vulnerabilities

Patch Facebook for WordPress to Fix Site Takeover Bugs Full Text

Abstract

Wordfence reveals new vulnerabilities in popular plugin

Infosecurity Magazine

March 26, 2021 – General

How Personally Identifiable Information Can Put Your Company at Risk Full Text

Abstract

PII security has to be a priority all the time — it's not enough to make sure employees are using good password hygiene, avoiding malicious links and attachments in emails, and so on.

Dark Reading

March 26, 2021 – Business

Hornetsecurity Acquires Zerospam Full Text

Abstract

Hornetsecurity Group, a Hanover, Germany-based cloud email security provider, acquired Zerospam, a Montreal, Canada-based email protection company, in a bid to extend its presence in North America.

FinSMEs

March 26, 2021 – Breach

Digital Marketing Company Apollo Hit by Breach Impacting 11 Million French Users Full Text

Abstract

The archive, containing the purportedly stolen data of 10,930,000 France-based users, includes their names, phone numbers, location coordinates, workplace information, social media profiles, and more.

Cyber News

March 26, 2021 – Government

Exec Order Could Force Software Vendors to Disclose Breaches to Federal Gov’t Customers Full Text

Abstract

In wake of the SolarWinds hack, the White House is prepping an executive order to require software vendors to notify federal government customers if they experience a breach.

Dark Reading

March 26, 2021 – Ransomware

Babuk Locker Ransomware Gang Leaks Data from US Military Contractor PDI Group Full Text

Abstract

The Ohio-based PDI Group, a major supplier of military equipment to the US Air Force and militaries across the globe appears to have fallen victim to a Babuk Locker ransomware attack.

The Record

March 26, 2021 – Breach

30 Million Americans’ Data from Astoria Company Sold on Dark Web Marketplace Full Text

Abstract

Night Lion's analysis revealed the data of 10 million people, including SSNs, bank accounts, and drivers license numbers, and millions more with credit history, medical, and vehicle data.

Security Affairs

March 26, 2021 – Ransomware

Black Kingdom ransomware foiled through Mega password change Full Text

Abstract

Black Kingdom ransomware, which was detected in recent ProxyLogon attacks against Microsoft Exchange servers was, at least temporarily, foiled through a simple password change.

Tech Target

March 26, 2021 – Business

Kroll Acquires Redscan to Expand Cyber-Risk Offering Full Text

Abstract

Senior Redscan execs to stay on as part of the deal

Infosecurity Magazine

March 26, 2021 – Business

Cybersecurity startup Morphisec reels in $31M funding round Full Text

Abstract

Morphisec Ltd., a cybersecurity startup with offices in the U.S. and Israel, today said that it has nabbed $31 million in Series C funding to support expansion initiatives.

Silicon Angle

March 26, 2021 – Ransomware

FBI exposes weakness in Mamba ransomware, DiskCryptor Full Text

Abstract

An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom.

BleepingComputer

March 26, 2021 – Vulnerabilities

Severe vulnerabilities patched in Facebook for WordPress Plugin Full Text

Abstract

The plugin (formerly called Official Facebook Pixel) is used to capture user actions when they visit a page and to monitor site traffic and has been installed on over 500,000 websites.

ZDNet

March 26, 2021 – Vulnerabilities

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks Full Text

Abstract

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were collectively designated as CVD-2021-0047. 5G is an evolution of current 4G architectures and is based on what's called a service-based architecture (SBA) that provides a modular framework to deploy a set of interconnected network functions, allowing consumers to discover and authorize their access to a plethora of services. The network functions are also responsible for registering subscribers, managing sessions and subscriber profiles, storing subscriber data, and connecting the users (UE or user equipment) to the internet via a base station (gNB). What's more, each network function of

The Hacker News

March 26, 2021 – Ransomware

FBI published a flash alert on Mamba Ransomware attacks Full Text

Abstract

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware...

Security Affairs

March 26, 2021 – Breach

Air Charter Firm Solairus Aviation Suffers Data Breach Full Text

Abstract

Private aviation services provider Solairus Aviation on Tuesday announced that some employee and customer data was compromised in a security incident at third-party vendor Avianis.

Security Week

March 26, 2021 – Ransomware

FBI sends out private industry alert about Mamba ransomware Full Text

Abstract

The US Federal Bureau of Investigations has sent out this week a private industry notification to US organizations warning about attacks carried out by the Mamba ransomware gang.

The Record

March 25, 2021 – Vulnerabilities

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform Full Text

Abstract

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via the test alert actions feature available in the Orion Web Console, which lets users simulate network events (e.g., an unresponsive server) that can be configured to trigger an alert during setup. It has been rated critical in severity. A second issue concerns a high-risk vulnerability that could be leveraged by an adversary to achieve RCE in the Orion Job Scheduler. "In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server," SolarWinds said in its release notes. The advisory is light on technical specifics,

The Hacker News

March 25, 2021 – General

Hillicon Valley: Another Big Tech hearing | Cyber Command flexes operations | Trump’s social media site in the works Full Text

Abstract

The CEOs of major social media platforms returned for another grilling by Congress Thursday that ended up looking a lot like the last few — although Jack Dorsey apparently Zoomed in from his kitchen. Meanwhile, the nation’s top military cybersecurity leader detailed measures taken to secure the 2020 elections against foreign interference, former President TrumpDonald TrumpThe Hill's Morning Report - Biden tasks Harris on border; news conference today Democrats face questions over agenda Democrats divided on gun control strategy MORE is reportedly in talks to create his own social media network, and lawmakers zeroed in on grid security.

The Hill

March 25, 2021 – Solution

Cloudflare Page Shield: Early warning system for malicious scripts Full Text

Abstract

Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks.

BleepingComputer

March 25, 2021 – Government

Senators urge Energy chief to prioritize cybersecurity amid growing threats Full Text

Abstract

Bipartisan leaders of the Senate Energy and Natural Resources Committee on Thursday urged Energy Secretary Jennifer Granholm to prioritize cybersecurity and maintain leadership for the agency’s key cybersecurity office in the face of growing threats to the power grid.

The Hill

March 25, 2021 – Vulnerabilities

OpenSSL Project released 1.1.1k version to fix two High-severity flaws Full Text

Abstract

The OpenSSL Project addresses two high-severity vulnerabilities, including one related to verifying a certificate chain and one that can trigger a DoS condition. The OpenSSL Project this week released version 1.1.1k to address two high-severity vulnerabilities,...

Security Affairs

March 25, 2021 – Business

Fleeceware Apps Bank $400M in Revenue Full Text

Abstract

The cache of apps, found in Apple and Google’s official marketplaces is largely targeted towards children, including several “slime simulators.”

Threatpost

March 25, 2021 – Government

Cyber Command chief says dozens of cyber operations carried out to defend 2020 elections Full Text

Abstract

The nation’s top military cybersecurity leader said Thursday that U.S. Cyber Command conducted dozens of operations ahead of the 2020 elections aimed at securing voting against foreign interference.

The Hill

March 25, 2021 – Business

SolarWinds chief details changes in the boardroom, build process in wake of hack Full Text

Abstract

Chief executive Sudhakar Ramakrishna described the work they’re doing as an “experiment” and said he has had conversations with CISA and the Cyberspace Solarium Commission about whether it could serve as a model for other businesses.

SCMagazine

March 25, 2021 – Solution

Chrome to defaults to HTTPS, as Google looks to improve privacy and loading speeds Full Text

Abstract

Chrome will start using the more secure protocol by default for all URLs typed in the address bar starting April 13.

SCMagazine

March 25, 2021 – Vulnerabilities

Microsoft Offers Up To $30K For Teams Bugs Full Text

Abstract

A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes.

Threatpost

March 25, 2021 – Education

New certificate program teaches cloud auditing in a multi-tenant architecture Full Text

Abstract

Certificate fills a gap in the knowledge-based training market, as auditing hosted cloud services differs from traditional IT audit.

SCMagazine

March 25, 2021 – Ransomware

Insurance giant CNA hit by new Phoenix CryptoLocker ransomware Full Text

Abstract

Insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group.

BleepingComputer

March 25, 2021 – Malware

Trojanized Xcode Project Spreads MacOS Malware Full Text

Abstract

A new threat identified as XcodeSpy has emerged to target macOS users. The malware spies on Mac users of Xcode IDE by delivering the EggShell backdoor.

Cyware Alerts - Hacker News

March 25, 2021 – General

Activist Denies Facebook Fraud Full Text

Abstract

Sir Maejor Page denies posing as Black Lives Matter leader on Facebook to pocket donations

Infosecurity Magazine

March 25, 2021 – Malware

Data Loss Impacts 40% of SaaS App Users Full Text

Abstract

Survey of SaaS users finds 40% have lost data stored in online tools

Infosecurity Magazine

March 25, 2021 – Vulnerabilities

62,000 Microsoft Exchange Servers potentially left unpatched, weeks after software bugs were first uncovered Full Text

Abstract

The CyberNews investigation team found 62,174 potentially vulnerable unpatched Microsoft Exchange Servers. A number of entities in the US and worldwide remain vulnerable to software bugs that were reported by Microsoft weeks ago. The CyberNews...

Security Affairs

March 25, 2021 – Attack

Microsoft Exchange Attacks - Wild Tornado on Loose Full Text

Abstract

Weeks after the disclosure of the ProxyLogon group of security bugs, exploitation attempts against unpatched Microsoft Exchange servers have skyrocketed.

Cyware Alerts - Hacker News

March 25, 2021 – Ransomware

Evil Corp switches to Hades ransomware to evade sanctions Full Text

Abstract

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions imposed by the Treasury Department's Office of Foreign Assets Control (OFAC).

BleepingComputer

March 25, 2021 – General

Threats and Attacks Looming over macOS Full Text

Abstract

A high volume of attacks is actively targeting macOS and other Apple products as, a ccording to a recent report, Mac malware detections for companies have increased up to 31%.

Cyware Alerts - Hacker News

March 25, 2021 – APT

Facebook took action against China-linked APT targeting Uyghur activists Full Text

Abstract

Facebook has closed accounts used by a China-linked APT to distribute malware to spy on Uyghurs activists, journalists, and dissidents living outside China. Facebook has taken action against a series of accounts used by a China-linked cyber-espionage...

Security Affairs

March 25, 2021 – General

Manufacturing’s Cloud Migration Opens Door to Major Cyber-Risk Full Text

Abstract

New research shows that while all sectors are at risk, 70 percent of manufacturing apps have vulnerabilities.

Threatpost

March 25, 2021 – Denial Of Service

OpenSSL fixes severe DoS, certificate validation vulnerabilities Full Text

Abstract

OpenSSL has patched two high severity vulnerabilities. These include a Denial of Service (DoS) vulnerability (CVE-2021-3449) and an improper CA certificate validation issue (CVE-2021-3450).

BleepingComputer

March 25, 2021 – Vulnerabilities

Critical Code Execution Flaw with Cisco Jabber Let Attackers Execute Arbitrary Programs Full Text

Abstract

Cisco released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS.

Cyber Security News

March 25, 2021 – Business

McAfee Partners with College to Help Address Cyber-Skills Shortage Full Text

Abstract

Collaboration is designed to encourage more young people to pursue careers in cybersecurity

Infosecurity Magazine

March 25, 2021 – Attack

CNA Suffers “Sophisticated” Cyber-Attack Full Text

Abstract

Insurance giant’s website reduced to attack notice following Sunday cyber-strike

Infosecurity Magazine

March 25, 2021 – Malware

Honeywell Says Malware Disrupted IT Systems Full Text

Abstract

The company said the intrusion was detected “recently” and only a “limited number” of IT systems were disrupted. No other information has been provided regarding the impact.

Security Week

March 25, 2021 – General

Cybersecurity awareness is too often a part-time effort Full Text

Abstract

Over 75% of cybersecurity awareness professionals are spending less than half their time on security awareness, implying awareness is too often a part-time effort, according to a SANS report.

Help Net Security

March 25, 2021 – Covid-19

The surge of fake COVID-19 test results, vaccines and vaccination certificates on the Dark Web Full Text

Abstract

Threat actors are offering fake COVID-19 test results and vaccination certificates in blackmarkets and hacking forums on the Dark Web. While vaccination campaigns go ahead with different speeds in many countries multiple threat actors on the Dark...

Security Affairs

March 25, 2021 – Vulnerabilities

ACSC running scans to find vulnerable Microsoft Exchange servers in Australia Full Text

Abstract

Head of the Australian Cyber Security Centre (ACSC) Abigail Bradshaw has told senators "10s of organizations" have so far reached out to her agency regarding vulnerable Microsoft Exchange servers.

ZDNet

March 25, 2021 – Vulnerabilities

QNAP warns of ongoing brute-force attacks against NAS devices Full Text

Abstract

QNAP warns customers of ongoing attacks targeting QNAP NAS (network-attached storage) devices and urges them to immediately take action to mitigate them.

BleepingComputer

March 25, 2021 – Insider Threat

A Former IT Consultant Hacked a Company and Deleted 1,200 User Accounts Full Text

Abstract

An IT Contractor, Deepanshu Kher was sentenced to two years in prison for accessing the server of a Carlsbad Company and deleting...

Cyber Security News

March 25, 2021 – Ransomware

REvil Ransomware Can Now Reboot Infected Devices Full Text

Abstract

The REvil ransomware gang has added a new malware capability that enables the attackers to reboot an infected device after encryption, security researchers at MalwareHunterTeam report.

Gov Info Security

March 25, 2021 – Ransomware

Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers Full Text

Abstract

More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities. The development, a 43% improvement from the previous week, caps off a whirlwind of espionage and malware campaigns that hit thousands of companies worldwide, with as many as 10 advanced persistent threat (APT) groups opportunistically moving quickly to exploit the bugs. According to telemetry data from RiskIQ, there are roughly 29,966 instances of Microsoft Exchange servers still exposed to attacks, down from 92,072 on March 10. While Exchange servers were under assault by multiple Chinese-linked state-sponsored hacking groups prior to Microsoft's patch on March 2, the release of public proof-of-concept exploits fanned a feeding frenzy of infections, opening the door for escalating attacks like ransomwar

The Hacker News

March 25, 2021 – General

Rise in Attacks on ICS Computers in Second Half of 2020 Full Text

Abstract

COVID-19 lockdowns may have led to a rise in attacks on ICS computers

Infosecurity Magazine

March 25, 2021 – Breach

30 million Americans affected by the Astoria Company data breach Full Text

Abstract

Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach Astoria Company LLC is a lead generation company that leverages on a network of websites to collect information on a person...

Security Affairs

March 25, 2021 – Breach

BackBlaze mistakenly shared backup metadata with Facebook Full Text

Abstract

Backblaze has removed Facebook tracking code (also known as an advertising pixel) accidentally added to web UI pages only accessible to logged-in customers.

BleepingComputer

March 25, 2021 – Denial Of Service

New DDoS Attack Vector Discovered in DCCP Protocol Full Text

Abstract

Akamai Technologies, Inc. is a global content delivery network, cybersecurity, and cloud service company, providing web and Internet security services.

Cyber Security News

March 25, 2021 – Ransomware

Federal advisories detail bitcoin payments to ransomware gangs, urgency of threat Full Text

Abstract

Ransomware victims paid attackers at least $144.35 million in bitcoin between 2013 and 2019, according to a recent FBI bulletin that likely fails to account for millions of dollars.

Cyberscoop

March 25, 2021 – General

Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI Full Text

Abstract

When your organization invests in a new product or service, it is essential that you take advantage of all the features it has to offer. This will help you to maximize your return on investment (ROI). If you have purchased or are thinking about purchasing a self-service password reset (SSPR) tool, one of the most important things you will need to do is make sure that 100% of users are registered to use it. If you leave user enrollment optional, many people will delay registration, or decide not to use it at all. This often happens because people think that they will not ever be locked out of their account, or that it is fast and easy to contact the help desk if they do. While your help desk may be able to provide great support to your users, it comes at a significant cost. According to one study from Forrester Research, every password reset that the help desk performs costs approximately $70 . With that price, it is easy to see that every user who isn't enrolled in uReset is a majo

The Hacker News

March 25, 2021 – Covid-19

Two-Thirds of Large Firms Attacked as #COVID19 Hampers Security Full Text

Abstract

Government report warns malicious activity is going undetected

Infosecurity Magazine

March 25, 2021 – Insider Threat

Engineer reports data leak to nonprofit, hears from the police Full Text

Abstract

A security engineer and ex-contributor to the open systems non-profit organization, Apperta Foundation, recently reported a data leak to them. In return, he gets contacted by their lawyers and eventually the police.

BleepingComputer

March 25, 2021 – Solution

Cloudflare Launches zero-trust Tool Designed to Help Protect Remote Employees from Cyberattacks Full Text

Abstract

Cloudflare is excited to announce that Cloudflare Browser Isolation is now available within Cloudflare for Teams suite of zero trust security and...

Cyber Security News

March 25, 2021 – Phishing

Phishing Campaign Used Fake Office 365 Update Messages Full Text

Abstract

A recent phishing scheme used fake Microsoft Office 365 update messages to target financial executives and others in an effort to harvest their credentials, according to the security firm Area 1.

Gov Info Security

March 25, 2021 – Vulnerabilities

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems Full Text

Abstract

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition," the networking major said in an advisory. The issues concern a total of five security vulnerabilities, three of which (CVE-2021-1411, CVE-2021-1417, and CVE-2021-1418) were reported to the company by Olav Sortland Thoresen of Watchcom, with two others (CVE-2021-1469 and CVE-2021-1471) uncovered during internal security testing. Cisco notes that the flaws are not dependent on one another, and that exploitation of any one of the vulnerabilities doesn't hinge on the exploitation of another. But in order to do this, an attacker needs to be authenti

The Hacker News

March 25, 2021 – General

Half of UK Firms Suffer Cyber-Skills Gaps Full Text

Abstract

CIISec calls for overhaul to recruiment process

Infosecurity Magazine

March 25, 2021 – Ransomware

Ransom Paid Just Before Netwalker Gang Disrupted Full Text

Abstract

A third-party claims administrator of health and social services programs for the elderly paid a ransom to Netwalker attackers about a month before law enforcement disrupted the gang in January.

Gov Info Security

March 25, 2021 – Hacker

Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad Full Text

Abstract

Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. "They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries," Facebook's Head of Cyber Espionage Investigations, Mike Dvilyanski, and Head of Security Policy, Nathaniel Gleicher, said . "This group used various cyber espionage tactics to identify its targets and infect their devices with malware to enable surveillance." The social media giant said the "well-resourced and persistent operation" aligned with a threat actor known as Evil Eye (or Earth Empusa), a China-based collective known for its history of espionage attacks against the Muslim m

The Hacker News

March 25, 2021 – Vulnerabilities

#IMOS21: Six Components of a Bug Bounty Program Full Text

Abstract

Verizon Media’s Sean Poris outlines how to run a successful bug bounty scheme

Infosecurity Magazine

March 25, 2021 – Hacker

Chinese Hackers Used Facebook to Hack Uyghurs Living Abroad Full Text

Abstract

Facebook’s head of cyberespionage said it had found and removed fewer than 500 accounts that sent malicious links to Uyghurs as part of “an extremely targeted operation.”

NBC News

March 25, 2021 – Breach

FatFace Faces Customer Anger After Controversial Breach Response Full Text

Abstract

Retailer urges those affected to keep it quiet

Infosecurity Magazine

March 25, 2021 – Vulnerabilities

Nearly 100,000 web shells detected on Exchange servers Full Text

Abstract

Kryptos Logic found nearly 100,000 active web shells during internet scans of ProxyLogon, the most serious of four vulnerabilities in Microsoft's Exchange Server software disclosed earlier this month.

Tech Target

March 25, 2021 - 5G

Major Vulnerability in 5G Network Slicing Leaves Enterprises Exposed to Cyberattacks Full Text

Abstract

The vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operator’s 5G network, exposing enterprise customers to attacks.

Help Net Security

March 25, 2021 – Phishing

FBI Warns Scammers Spoofing FBI Office Phone Numbers in Government Impersonation Fraud Full Text

Abstract

The FBI has seen a recent increase in phone calls that spoof the Bureau’s phone number as part of various scams, but most recently in trying to obtain banking data or gift card/wire transfer payments.

FBI

March 25, 2021 – Phishing

Brazil leads in phishing attacks Full Text

Abstract

According to the report on phishing by cybersecurity firm Kaspersky, Brazil tops a list of five countries with the highest rate of users targeted for data theft throughout last year.

ZDNet

March 24, 2021 – General

Hillicon Valley: House lawmakers fired up for hearing with tech CEOs | Zuckerberg proposes conditional Section 230 reforms | Lawmakers reintroduce bill to secure internet-connected devices Full Text

Abstract

Today: The CEOs of major social media platforms are gearing up to testify before a House committee tomorrow on misinformation around COVID-19 and the recent Capitol riot. Meanwhile, a group of 12 state attorneys general are pressuring Facebook and Twitter to tackle COVID-19 vaccine misinformation, and two lawmakers reintroduced legislation aimed at making internet-connected devices safer for the consumer.

The Hill

March 24, 2021 – General

Policyholders may be the primary target in hack of cyber insurance provider CNA Full Text

Abstract

In the words of one expert: “The theft of customer policies is the Sword of Damocles that has been hanging over the cyber insurance industry since its inception.”

SCMagazine

March 24, 2021 – Vulnerabilities

Cisco Jabber for Windows, macOS, Android and iOS is affected by a critical issue Full Text

Abstract

Cisco has addressed a critical arbitrary program execution flaw in its Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco has addressed a critical arbitrary program execution issue, tracked as CVE-2021-1411, that affects several...

Security Affairs

March 24, 2021 – General

Managing the great return: What CISOs should consider when reopening the office Full Text

Abstract

With the COVID-19 vaccine rollout, many companies will welcome back employees. But that return will mean laptops that have been off-network for a year, workspaces and equipment left unattended for months, and the need to acclimate employees back into an office environment. All considered, security will be at an inflection point.

SCMagazine

March 24, 2021 – Hacker

Facebook takes action against Chinese hackers targeting Uyghurs Full Text

Abstract

Facebook on Wednesday announced that it had taken steps to disrupt efforts of Chinese hacking groups to target and surveil members of the Uyghur community both in China and abroad.

The Hill

March 24, 2021 – Malware

Purple Fox Malware Targets Windows Machines With New Worm Capabilities Full Text

Abstract

A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing.

Threatpost

March 24, 2021 – Vulnerabilities

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws Full Text

Abstract

Thrive Themes have recently patched vulnerabilities in their Wordpress plugins and legacy Themes – but attackers are targeting those who haven’t yet applied security updates.

Threatpost

March 24, 2021 – Phishing

9,000 employees targeted in phishing attack against California agency Full Text

Abstract

A California state agency was victimized by a phishing incident last week in which an employee clicked on a link that provided access to the employee’s account for some 24 hours.

SCMagazine

March 24, 2021 – Hacker

Facebook blocks Chinese state hackers targeting Uyghur activists Full Text

Abstract

Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China.

BleepingComputer

March 24, 2021 – Vulnerabilities

Microsoft fixes Windows PSExec privilege elevation vulnerability Full Text

Abstract

Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices.

BleepingComputer

March 24, 2021 – Solution

Google Chrome will use HTTPS as default navigation protocol Full Text

Abstract

Google Chrome will switch to choosing HTTPS as the default protocol for all URLs typed in the address bar, starting with the web browser's next stable version.

BleepingComputer

March 24, 2021 – Ransomware

Ransomware Attack Foils IoT Giant Sierra Wireless Full Text

Abstract

The ransomware attack has impacted the IoT manufacturer’s production lines across multiple sites, and other internal operations.

Threatpost

March 24, 2021 – Vulnerabilities

Microsoft Exchange Servers See ProxyLogon Patching Frenzy Full Text

Abstract

Vast swathes of companies were likely compromised before patches were applied, so the danger remains.

Threatpost

March 24, 2021 – Vulnerabilities

Cisco addresses critical bug in Windows, macOS Jabber clients Full Text

Abstract

Cisco has addressed a critical arbitrary program execution vulnerability impacting several Cisco Jabber client software for Windows, macOS, Android, and iOS.

BleepingComputer

March 24, 2021 – Vulnerabilities

Zero-day Flaws Used in Nine Months Long Campaign Targeting Windows, iOS, and Android Devices Full Text

Abstract

All the exploits were propagated via watering hole attacks that redirected targets to an infrastructure that installed diverse malware depending on the browsers and devices.

Cyware Alerts - Hacker News

March 24, 2021 – Breach

Lessons Learned from the Accellion Breaches Full Text

Abstract

At the end of 2020, Accellion fell victim to a two-phase SQL injection attack, and the following months have been rife with data breach disclosures.

Cyware Alerts - Hacker News

March 24, 2021 – Phishing

TrickBot Spreading Actively, Launches Phishing Schemes Full Text

Abstract

The CISA and FBI are warning of ongoing Trickbot attacks that are leveraging a traffic infringement phishing scheme to trick victims into installing the TrickBot malware.

Cyware Alerts - Hacker News

March 24, 2021 – Business

Cybeats Technologies Acquired by Relay Medical Full Text

Abstract

Relay completes acquisition of Toronto-based IoT cybersecurity firm

Infosecurity Magazine

March 24, 2021 – General

#IMOS21: How to Better Understand and Secure Modern Data Full Text

Abstract

Wendy Nather opens Day Two of the Infosecurity Magazine Online Summit

Infosecurity Magazine

March 24, 2021 – Policy and Law

Drug Maker to Pay $50m for Destroying Data Full Text

Abstract

Cancer drug manufacturer admits erasing and concealing records ahead of FDA inspection

Infosecurity Magazine

March 24, 2021 – Policy and Law

Lawmakers reintroduce legislation to secure internet-connected devices Full Text

Abstract

Sen. Ed Markey (D-Mass.) and Rep. Ted LieuTed W. LieuOVERNIGHT ENERGY: Supreme Court declines to hear challenge to Obama marine monument designation | Interior reverses course on tribal ownership of portion of Missouri river | White House climate adviser meets with oil and gas companies Anger over anti-Asian violence, rhetoric rips through Capitol Lawmakers condemn anti-Asian rhetoric at hearing following shootings MORE (D-Calif.) on Wednesday again rolled out legislation intended to help secure internet-connected devices and increase consumer confidence in them.

The Hill

March 24, 2021 – Phishing

The human impact of a Royal Mail phishing scam Full Text

Abstract

The scam asks recipients to pay a £2.99 GBP fee, but of course the scammers are after much more. To pay the fee, the victim has to enter their personal details, and credit card details.

Malwarebytes Labs

March 24, 2021 – Breach

Breach at California State Controller’s Office Full Text

Abstract

Phishing attack exposes unclaimed property holder report data

Infosecurity Magazine

March 24, 2021 – Privacy

Google removes privacy-focused ClearURLs Chrome extension Full Text

Abstract

Google has mysteriously removed the popular browser extension ClearURLs from the Chrome Web Store. ClearURLs is a privacy-preserving browser add-on which automatically removes tracking elements from URLs. This, according to its developer, can help protect your privacy when browsing the Internet.

BleepingComputer

March 24, 2021 – Breach

New Threat Actor Leaks Voter Registration Data of 6.5 Million Israeli Citizens Online Full Text

Abstract

The voter registration and personal details of millions of Israeli citizens were leaked online on Monday, just two days before the country held general elections for its unicameral parliament.

The Record

March 24, 2021 – Business

LogMeIn Appoints Michael Oberlaender as CISO Full Text

Abstract

Oberlaender will be responsible for managing and growing LogMeIn’s security program

Infosecurity Magazine

March 24, 2021 – Government

Making the National Cyber Director Operational With a National Cyber Defense Center Full Text

Abstract

Without a National Cyber Defense Center, the Office of the National Cyber Director will fail to move the needle in improving the U.S. cybersecurity posture.

Lawfare

March 24, 2021 – Breach

Billions of FBS Records Exposed in Online Trading Broker Data Leak Full Text

Abstract

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites. The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses,...

Security Affairs

March 24, 2021 – Phishing

Scammers tried slurping folks’ login details through 70,000 coronavirus-themed phishing URLs during 2020 Full Text

Abstract

Cybercriminals exploited the coronavirus pandemic to set up phishing websites that posed as Pfizer, BioNTech and other household-name suppliers of vaccines and PPE, according to Palo Alto Networks.

The Register

March 24, 2021 – Business

Proton Founder Accuses Apple of “Giving in to Tyrants” Full Text

Abstract

Human rights should trump profits, says Andy Yen

Infosecurity Magazine

March 24, 2021 – Ransomware

Black Kingdom ransomware is targeting Microsoft Exchange servers Full Text

Abstract

Security experts reported that a second ransomware gang, named Black Kingdom, is targeting Microsoft Exchange servers. After the public disclosure of ProxyLogon vulnerabilities, multiple threat actors started targeting vulnerable Microsoft Exchange...

Security Affairs

March 24, 2021 – General

Data breaches and network outages: A real and growing cost for the healthcare industry Full Text

Abstract

Data breaches and network outages are a real and growing cost for the industry: 43% respondents estimated the costs of data breaches would exceed $2 million and 34% said the same for network outages.

Help Net Security

March 24, 2021 – Breach

British Clothing Retailer Fat Face Discloses Data Breach Full Text

Abstract

The organization says that some employee and customer information was exposed, including names, addresses, email addresses and the last four digits of credit card numbers, plus the expiration dates.

Info Risk Today

March 24, 2021 – Vulnerabilities

TikTok Pays Out $11,000 Bounty for High-Impact Exploit Full Text

Abstract

Sayed Abdelhafiz discovered a couple of cross-site scripting (XSS) vulnerabilities, an issue related to starting arbitrary components, and a so-called Zip Slip archive extraction vulnerability.

Security Week

March 24, 2021 – General

Tackling cross-site request forgery (CSRF) on company websites Full Text

Abstract

Clicking on suspicious links in emails means that an attacker can use CSRF to fake any user-supplied input on a site and make it indistinguishable from a user doing it themselves.

Help Net Security

March 24, 2021 – Breach

Forex Broker Leaks Billions of Customer Records Online Full Text

Abstract

Misconfigured Elasticsearch server exposes payment and identity data

Infosecurity Magazine

March 24, 2021 – Attack

SolarWinds Attackers Manipulated OAuth App Certificates Full Text

Abstract

The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources including email, according to researchers at Proofpoint.

Gov Info Security

March 24, 2021 – Ransomware

Ransomware attacks hit event-management, wireless technology firms Full Text

Abstract

Ransomware attackers encrypted the systems of the events firm, Spargo Inc., on March 14, according to a notification sent by the Armed Forces Communications and Electronics Association (AFCEA).

Cyberscoop

March 24, 2021 – Insider Threat

Resentful employee deletes 1,200 Microsoft Office 365 accounts, gets prison Full Text

Abstract

A former IT consultant hacked a company in Carlsbad, California, and deleted almost all its Microsoft Office 365 accounts in an act of revenge that has brought him two years of prison time.

BleepingComputer

March 24, 2021 – Insider Threat

IT admin with axe to grind sent to prison for wiping Microsoft user accounts Full Text

Abstract

Deepanshu Kher was sentenced to two years in prison for breaking into the network of a California-based firm after being fired potentially in connection to a consultancy job the firm hired him for.

ZDNet

March 24, 2021 – Ransomware

Sierra Wireless Halts Production After Ransomware Attack Full Text

Abstract

IoT giant was hit by unspecified variant on March 20

Infosecurity Magazine

March 24, 2021 – Breach

A day before elections, hackers leaked details of millions of Israeli voters Full Text

Abstract

Hackers have exposed personal and voter registration details of over 6.5 million Israeli voters, less than 24 hours before the election. A few hours before the election in Israel, hackers exposed the voter registration and personal details of millions...

Security Affairs

March 24, 2021 – Attack

Inside the Web Shell Used in the Microsoft Exchange Server Attacks Full Text

Abstract

China Chopper Web shells are an older threat causing new problems for many organizations targeted in ongoing attacks against vulnerable Microsoft Exchange Servers worldwide.

Dark Reading

March 24, 2021 – Vulnerabilities

92% of worldwide Microsoft Exchange IPs are now patched or mitigated Full Text

Abstract

Microsoft revealed that 92% of all on-premises Microsoft Exchange servers exposed online affected by the ProxyLogon vulnerabilities are now patched. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day...

Security Affairs

March 24, 2021 – General

1.55 million cyber security incidents in 2019, 2020: Govt tells India’s Parliament Full Text

Abstract

According to the information reported to and tracked by the CERT-In, 394,499 and 1,158,208 cyber security incidents were observed during the years 2019 and 2020, respectively.

The Times Of India

March 24, 2021 – Phishing

Phish Leads to Breach at Calif. State Controller — Krebs on Security Full Text

Abstract

For more than 24 hours starting on the afternoon of March 18, attackers had access to the email records of an employee in its Unclaimed Property Division after the employee got phished.

Krebs on Security

March 24, 2021 – General

The ‘Frankencloud’ model is our biggest security risk Full Text

Abstract

Lately, firms scrambled to take advantage of the cloud while maintaining their legacy systems. This led to systems riddled with complexity and disconnected parts put together.

TechCrunch

March 23, 2021 – Malware

Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers Full Text

Abstract

Purple Fox , a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes," according to Guardicore researchers , who say the attacks have spiked by about 600% since May 2020. A total of 90,000 incidents have been spotted through the rest of 2020 and the beginning of 2021. First discovered in March 2018, Purple Fox is distributed in the form of malicious ".msi" payloads hosted on nearly 2,000 compromised Windows servers that, in turn, download and execute a component with rootkit capabilities , which enables the threat actors to hide the malware on the machine and make it easy to evade detection. Guardicore says Purple Fox hasn't changed much post-exploitat

The Hacker News

March 23, 2021 – Outage

CNA insurance firm hit by a cyberattack, operations impacted Full Text

Abstract

CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website.

BleepingComputer

March 23, 2021 – Breach

Shell Suffers Data Breach – Hackers Accessed Confidential Data Full Text

Abstract

Shell is the global group of energy and petrochemical companies with more than 80,000 employees in more than 70 countries. They use...

Cyber Security News

March 23, 2021 – APT

What You Need to Know About Operation Diànxùn Full Text

Abstract

This cyber espionage campaign is targeting telecom companies since August 2020 and it has been attributed to the RedDelta threat actor, also known as TA416 and Mustang Panda.

Cyware Alerts - Hacker News

March 23, 2021 – General

Hillicon Valley: John Matze takes on Parler | Prince Harry heads to Silicon Valley | YouTube leaves up Boulder shooting video Full Text

Abstract

Departed co-founder John Matze is suing the right-wing social media site Parler over his dismissal earlier this year, arguing that GOP megadonor Rebekah Mercer conspired against him. Prince HarryPrince HarryPrince Harry to be named chief impact officer at BetterUp UK royal family considers appointing diversity czar Prince Harry pens personal note in children's bereavement book: 'I know how you feel' MORE is joining a Sillicon Valley start-up. And YouTube made a controversial call about footage from the Boulder shooting.

The Hill

March 23, 2021 – Vulnerabilities

Critical Flaws Affecting GE’s Universal Relay Pose Threat to Electric Utilities Full Text

Abstract

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE's Universal Relay (UR) family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory published on March 16. GE's universal relays enable integrated monitoring and metering, high-speed communications, and offer simplified power management for the protection of critical assets. The flaws, which affect a number of UR advanced protection and control relays, including B30, B90, C30, C60, C70, C95, D30, D60, F35, F60, G30, G60, L30, L60, L90, M60, N60, T35 and T60, were addressed by GE with the release of an updated version of the UR firmware (version 8.10) made available on December 24, 2020. The patches resolve a total of nine vulnerabilities, the most importan

The Hacker News

March 23, 2021 – General

#IMOS21: The Critical Role of Culture in DevSecOps Full Text

Abstract

How does the culture of an organization impact DevSecOps?

Infosecurity Magazine

March 23, 2021 – Vulnerabilities

Most Email Isn’t Secure. Here’s How to Fix It. Full Text

Abstract

End-to-end encrypted email is generally cumbersome and unintuitive. It’s time to invest in alternatives.

Lawfare

March 23, 2021 – Ransomware

Sierra Wireless halted production at its manufacturing sites due to ransomware attack Full Text

Abstract

This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production. Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer...

Security Affairs

March 23, 2021 – Ransomware

Sierra Wireless withdraws financial guidance as ransomware attack takes down plants Full Text

Abstract

Because of the disruptions caused by the ransomware incident, Sierra Wireless withdrew the Q1 2021 financial guidance provided Feb. 23, indicating a potential impact to the bottom line.

SCMagazine

March 23, 2021 – Breach

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration Full Text

Abstract

The arts-and-crafts retailer left 138GB of sensitive information open to the public internet.

Threatpost

March 23, 2021 – Malware

Purple Fox malware worms its way into exposed Windows systems Full Text

Abstract

Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks.

BleepingComputer

March 23, 2021 – Vulnerabilities

Critical Bugs in Virtual Learning Software May be Used to Hack into Student PCs Full Text

Abstract

The McAfee Labs Advanced Threat Research team recently investigated software installed on computers used in K-12 school districts. Netop...

Cyber Security News

March 23, 2021 – General

RDP Attacks Trend During Lockdown Full Text

Abstract

Obviously, the number of RDP attacks increased sharply during the COVID lockdown. Lately, researchers disclosed that RDP attacks grew by 768% between the first and fourth quarters of 2020.

Cyware Alerts - Hacker News

March 23, 2021 – Policy and Law

Fired IT Contractor Jailed for Retaliatory Cyber-Attack Full Text

Abstract

Prison for IT pro who hacked company server and deleted over 1,200 Microsoft user accounts

Infosecurity Magazine

March 23, 2021 – Vulnerabilities

Google fixes an Android vulnerability actively exploited in the wild Full Text

Abstract

Google addressed a zero-day vulnerability affecting Android devices that use Qualcomm chipsets which is actively exploited in the wild. Google has addressed a zero-day vulnerability, tracked as CVE-2020-11261, affecting Android devices that use Qualcomm...

Security Affairs

March 23, 2021 – Business

Orca raises another $210 million after increasing workforce fivefold amid pandemic Full Text

Abstract

CEO and cofounder Avi Shua told SC Media that the company is trying to balance its original, scrappier identity with its newer status as a cybersecurity unicorn.

SCMagazine

March 23, 2021 – Attack

Podcast: Microsoft Exchange Server Attack Onslaught Continues Full Text

Abstract

Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week.

Threatpost

March 23, 2021 – Ransomware

Ransomware gang leaks data stolen from Colorado, Miami universities Full Text

Abstract

Grades and social security numbers for students at the University of Colorado and University of Miami patient data have been posted online by the Clop ransomware group.

BleepingComputer

March 23, 2021 – Malware

Attackers Are Developing and Using Entire New Breeds Of Malware Full Text

Abstract

A new report by HP revealed that about 88% of malware threats detected were delivered to victims via email, whereas there were a quarter of unseen threats in Q4 2020.

Cyware Alerts - Hacker News

March 23, 2021 – Policy and Law

UPMC and Charles Hilton Sued Over PHI Breach Full Text

Abstract

Medical center and law firm facing class action after 36,000-record breach

Infosecurity Magazine

March 23, 2021 – Vulnerabilities

CISA is warning of vulnerabilities in GE Power Management Devices Full Text

Abstract

U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of flaws in GE Power Management Devices that could allow an attacker to conduct multiple malicious activities on vulnerable systems. U.S. Cybersecurity & Infrastructure Security...

Security Affairs

March 23, 2021 – Phishing

Cheap shots: Vaccine phishing scams target employees seeking a return to the office Full Text

Abstract

Use of dynamic algorithms could make these phishing schemes look like they are personalized for the recipient.

SCMagazine

March 23, 2021 – Phishing

Microsoft warns of phishing attacks bypassing email gateways Full Text

Abstract

An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs).

BleepingComputer

March 23, 2021 – Botnet

ZHtrap Botnet: Hackers Pitting Against Each Other Full Text

Abstract

A new IoT botnet has been discovered that deploys honeypots to capture attacks from rival botnets and use that information to hijack their infrastructure.

Cyware Alerts - Hacker News

March 23, 2021 – General

#IMOS21: AI Analysts May Prove Key to Keeping Organizations Secure Full Text

Abstract

Developing AI tools that can investigate threats could prove vital

Infosecurity Magazine

March 23, 2021 – Ransomware

High-availability server maker Stratus hit by ransomware Full Text

Abstract

Stratus Technologies has suffered a ransomware attack that required systems to be taken offline to prevent the attack's spread.

BleepingComputer

March 23, 2021 – Malware

Researchers Discover Two Dozen Malicious Chrome Extensions Full Text

Abstract

Researchers discovered two dozen Google Chrome browser extensions and 40 associated malicious domains that are being used to inject adware, steal credentials, or redirect victims to malicious sites.

Dark Reading

March 23, 2021 – Business

Herjavec to Handle Cybersecurity for Formula 1 Full Text

Abstract

Formula 1 appoints Herjavec Group as official cybersecurity services provider

Infosecurity Magazine

March 23, 2021 – Ransomware

Ransomware attack shuts down Sierra Wireless IoT maker Full Text

Abstract

Sierra Wireless, a world-leading IoT solutions provider, today disclosed a ransomware attack that forced it to halt production at all manufacturing sites.

BleepingComputer

March 23, 2021 – Privacy

TikTok no worse than Facebook for privacy, says Citizen Lab Full Text

Abstract

TikTok is likely no more of a threat to users than Facebook, according to Citizen Lab that analyzed the video-sharing social networking app to probe for security, privacy, and censorship issues.

The Register

March 23, 2021 – General

CSA and ISACA Announce First Auditing Credential for Cloud Security Systems Full Text

Abstract

The CCAK program comes amid rising cloud adoption

Infosecurity Magazine

March 23, 2021 – Vulnerabilities

Microsoft: 92% of Exchange servers safe from ProxyLogon attacks Full Text

Abstract

Roughly 92% of all Internet-connected on-premises Microsoft Exchange servers affected by the ProxyLogon vulnerabilities are now patched and safe from attacks, Microsoft said on Monday.

BleepingComputer

March 23, 2021 – Ransomware

Update: Ransomwared Bank Tells Customers It Lost Their SSNs Full Text

Abstract

Flagstar, a bank that was hacked by a ransomware gang, has notified several customers that it lost their Social Security Numbers, home address, full name, phone number, and home address.

Motherboard Vice

March 23, 2021 – Outage

MangaDex Site Could Be Offline for Weeks After Attack Full Text

Abstract

Popular scanlation site being rebuilt following breach

Infosecurity Magazine

March 23, 2021 – Business

Facebook says took down 1.3 billion fake accounts in Oct-Dec 2020 Full Text

Abstract

Facebook Inc said on Monday it took down 1.3 billion fake accounts between October and December and that it had over 35,000 people working on tackling misinformation on its platform.

The Times Of India

March 23, 2021 – Covid-19

Dark Web #COVID19 Vaccine Ads Surge 350% Full Text

Abstract

Check Point sees uptick in illicit activity as demand grows

Infosecurity Magazine

March 23, 2021 – Criminals

Cybercriminals exchange tips on avoiding arrest, jail in underground forums Full Text

Abstract

Researchers analyzing underground forums have revealed insight into the methodology behind cyberattacker targets -- as well as what criminals say to do if, or when, they are caught.

ZDNet

March 23, 2021 – General

#IMOS21: Overcoming the Defender’s Dilemma Full Text

Abstract

Javvad Malik opens the Infosecurity Magazine Online Summit

Infosecurity Magazine

March 23, 2021 – Phishing

IRS Scam Emails Ask Tax Preparers for EFIN Information Full Text

Abstract

According to the IRS, the attack began with a scam email. This email claimed to come from ‘IRS Tax E-Filing.’ The subject line reads ‘Verifying your EFIN before e-filing.’

Security Intelligence

March 23, 2021 – Attack

Shell Latest to Fall to Accellion FTA Exploits Full Text

Abstract

Oil giant admits personal and corporate data was stolen

Infosecurity Magazine

March 23, 2021 – Solution

CISA Releases CHIRP Tool that Allows to Detect SolarWinds Malicious Activity Full Text

Abstract

The Cybersecurity and Infrastructure Security Agency (CISA) has released Hunt and Incident Response Program (CHIRP) tool. CHIRP is a...

Cyber Security News

March 23, 2021 – Breach

Thousands of Exchange servers breached prior to patching, CISA boss says Full Text

Abstract

A CISA official on Monday warned organizations about vulnerabilities in Microsoft Exchange Server software, noting that “thousands” of computer servers with updated software had already been breached.

Cyberscoop

March 23, 2021 – Business

Jumio Secures Whopping $150m Investment from Private Equity Firm Full Text

Abstract

Investment represents largest digital identity funding round ever

Infosecurity Magazine

March 23, 2021 – Breach

Energy giant Shell discloses data breach caused by Accellion FTA hack Full Text

Abstract

Oil and gas giant Royal Dutch Shell (Shell) discloses a data breach resulting from the compromise of its Accellion File Transfer Appliance (FTA) file sharing service. Energy giant Shell disclosed a data breach resulting from the compromise of an Accellion...

Security Affairs

March 23, 2021 – Vulnerabilities

Only 14% of domains worldwide truly protected from spoofing with DMARC enforcement Full Text

Abstract

Email continues to be an effective way to communicate and use has increased during a year of the global pandemic, and hackers continue to use email as a primary attack vector.

Help Net Security

March 22, 2021 – Vulnerabilities

WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack Full Text

Abstract

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by attackers to launch targeted attacks. Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an "improper input validation" issue in Qualcomm's Graphics component that could be exploited to trigger memory corruption when an attacker-engineered app requests access to a huge chunk of the device's memory. "There are indications that CVE-2020-11261 may be under limited, targeted exploitation," the search giant said in an updated January security bulletin on March 18. CVE-2020-11261 was discovered and reported to Qualcomm by Google's Android Security team on July 20, 2020, after which it was fixed in January 2021. It's worth noting that the access vector for the vulnerability is "local," meaning that exploitation requires local access to the device. In other words, to launch a successful attack, the b

The Hacker News

March 22, 2021 – Ransomware

Microsoft Exchange exploit a possible factor in $50M ransomware attack on Acer Full Text

Abstract

The company did not confirm whether the ransomware attack was executed via one of its Microsoft Exchange servers, but several cyber leaders commented on a potential connection to the vulnerabilities exploited by multiple actors.

SCMagazine

March 22, 2021 – Outage

MangaDex manga site temporarily shut down after cyberattack Full Text

Abstract

Manga scanlation giant MangaDex has been temporarily shut down after suffering a cyberattack and having its source code stolen.

BleepingComputer

March 22, 2021 – Vulnerabilities

Zoom’s screen-sharing Feature Bug Leaks Sensitive Data Full Text

Abstract

Zoom is a video conferencing and messaging software with support for many different devices. A glitch in Zoom’s display-sharing...

Cyber Security News

March 22, 2021 – Ransomware

Ransom Demands are Growing Faster than You can Imagine Full Text

Abstract

A new report on ransomware actors underlines their boldness with which they have evolved as one of the most precarious threats to organizations worldwide while increasing ransom demands.

Cyware Alerts - Hacker News

March 22, 2021 – General

Hillicon Valley: Lina Khan to get FTC nomination | Big tech critics join against ‘surveillance advertising’ | Microsoft moving back to the office Full Text

Abstract

Today: President BidenJoe BidenAstraZeneca says COVID-19 vaccine found 79 percent effective in US trial with no safety concerns The Hill's Morning Report - Biden: Back to the future on immigration, Afghanistan, Iran This week: Senate works to confirm Biden picks ahead of break MORE announced his intention to fill one of the two open roles on the Federal Trade Commission with prominent antitrust scholar, Lina Khan. And a broad coalition of groups in the technology came together to launch a coalition with its sights set on ending “surveillance advertising.”

The Hill

March 22, 2021 – Vulnerabilities

Popular Netop Remote Learning Software Found Vulnerable to Hacking Full Text

Abstract

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. "These findings allow for elevation of privileges and ultimately remote code execution which could be used by a malicious attacker within the same network to gain full control over students' computers," the McAfee Labs Advanced Threat Research team said in an analysis. The vulnerabilities, tracked as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-27195, were reported to Netop on December 11, 2020, after which the Denmark-based company fixed the issues in an update (version 9.7.2) released on February 25. "Version 9.7.2 of Vision and Vision Pro is a maintenance release that addresses several vulnerabilities, such as escalating local privileges sending sensitive information in plain text," the company stated in its

The Hacker News

March 22, 2021 – Phishing

Delhi Police Bust Call Center Scammers Full Text

Abstract

34 arrested for allegedly duping Americans, Canadians, and Brits with tech support scam

Infosecurity Magazine

March 22, 2021 – Attack

Ministry of Defence academy hit by state-sponsored hackers Full Text

Abstract

The Ministry of Defence academy was hit by a major cyber attack, Russia and China state-sponsored hackers are suspected to be behind the offensive The Ministry of Defence academy was hit by a major cyber attack, according to the British tabloid newspaper...

Security Affairs

March 22, 2021 – Education

Securing the Super Bowl: Lessons in network lockdown during mega events Full Text

Abstract

As the world opens up, words of warning: high-profile, short-term events require special preparation and a massive scaling up of network infrastructure and security resources.

SCMagazine

March 22, 2021 – Vulnerabilities

Critical code execution vulnerability fixed in Adobe ColdFusion Full Text

Abstract

Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018.

BleepingComputer

March 22, 2021 – Malware

A New Account-stealing Malware Targets Global Tech Giants Full Text

Abstract

Giants like Amazon, Apple, Facebook, and Google, among other services, are now prone to attack by a new piece of malware called CopperStealer that is lurking in cracked software downloads available on pirated-content sites.

Cyware Alerts - Hacker News

March 22, 2021 – General

8 in 10 say cyberterrorism is top potential threat: Gallup Full Text

Abstract

Cyberterrorism is seen as the top threat to the U.S., according to a new Gallup poll, surpassing nuclear weapons development and international terrorism.

The Hill

March 22, 2021 – Vulnerabilities

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now Full Text

Abstract

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system. Tracked as CVE-2021-26295 , the flaw affects all versions of the software prior to 17.12.06 and employs an "unsafe deserialization" as an attack vector to permit unauthorized remote attackers to execute arbitrary code on a server directly. OFBiz is a Java-based web framework for automating enterprise processes and offers a wide range of functionality, including accounting, customer relationship management, manufacturing operations management, order management, supply chain fulfillment, and warehouse management system, among others. Specifically, by exploiting this flaw, a malicious party can tamper with serialized data to insert arbitrary code that, when deserialized, can potentially result in remote code execution. "An unauthe

The Hacker News

March 22, 2021 – Government

EU Council Adopts Cybersecurity Strategy Full Text

Abstract

Cybersecurity conclusions presented in December officially adopted by EU Council

Infosecurity Magazine

March 22, 2021 – Vulnerabilities

Adobe addresses a critical vulnerability in ColdFusion product Full Text

Abstract

Adobe has released security updates to address a critical vulnerability in the ColdFusion product (versions 2021, 2016, and 2018) that could lead to arbitrary code execution.  Adobe has released security patches to address a critical vulnerability...

Security Affairs

March 22, 2021 – Ransomware

Microsoft Exchange exploit a possible factor in $50M ransomware attack on Acer Full Text

Abstract

Security researchers responded Monday to news of the REvil ransomware attack on computer and electronics manufacturer Acer late last week, mostly expressing shock over the $50 million price tag and advising the computer maker not to pay. The incident was first reported in BleepingComputer. which said the REvil cybercriminal gang (also known as Sodinokibi) announced…

SCMagazine

March 22, 2021 – Breach

Energy giant Shell discloses data breach after Accellion hack Full Text

Abstract

Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA).

BleepingComputer

March 22, 2021 – Ransomware

PYSA Ransomware Eyeing Educational Institutions Full Text

Abstract

The FBI has recently warned of a surge in attacks against schools in which a new strain of PYSA ransomware is stealing data and threatening to leak it. However, the education sector is not the only target.

Cyware Alerts - Hacker News

March 22, 2021 – General

UK Heading for “Catastrophic” Digital Skills Shortage Full Text

Abstract

Number of students enrolling in ICT GCSE has fallen by 40% between 2015 and 2020

Infosecurity Magazine

March 22, 2021 – Vulnerabilities

Abusing distance learning software to hack into student PCs Full Text

Abstract

Experts uncovered critical flaws in the Netop Vision Pro distance learning software used by many schools to control remote learning sessions. McAfee discovered multiple security vulnerabilities in the Netop Vision Pro popular distance learning software...

Security Affairs

March 22, 2021 – Ransomware

‘The race is on’: CISA raises alarm bells about ransomware attacks against Microsoft Exchange servers Full Text

Abstract

CISA’s acting executive director said “there are literally thousands of compromised [Exchange] servers that are currently patched” and said some systems owners may think they’re in the clear when they’re not.

SCMagazine

March 22, 2021 – Ransomware

Microsoft Exchange servers now targeted by Black Kingdom ransomware Full Text

Abstract

Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.

BleepingComputer

March 22, 2021 – Policy and Law

US Sentences Russian, North Macedonian in Cyber Fraud Case Full Text

Abstract

Sergey Medvedev, 33, of Russia and Marko Leopard, 31, of North Macedonia, were sentenced to ten and five years respectively, according to a U.S. Justice Department statement.

Security Week

March 22, 2021 – Government

New Cybersecurity Programs to Protect US Energy Full Text

Abstract

US to launch three new research programs to safeguard energy security

Infosecurity Magazine

March 22, 2021 – Vulnerabilities

RCE flaw in Apache OFBiz could allow to take over the ERP system Full Text

Abstract

The Apache Software Foundation fixed a high severity remote code execution flaw in Apache OFBiz that could have allowed attackers to take over the ERP system. The Apache Software Foundation addressed last week a high severity vulnerability in Apache...

Security Affairs

March 22, 2021 – Vulnerabilities

After F5 publishes proofs of concept, potential hackers get to work Full Text

Abstract

After proofs of concept for vulnerabilities in F5’s BIG-IP and BIG-IQ products were published March 18, several researchers have logged upticks in hacking attempts and mass vulnerability scans.

SCMagazine

March 22, 2021 – General

Electricity Distribution Systems at Increasing Risk of Cyberattacks, GAO Warns Full Text

Abstract

A newly published report from the U.S. GAO describes the risks of cyber-attacks on the electricity grid’s distribution systems, along with the scale of the potential impact of such attacks.

Security Week

March 22, 2021 – Government

UK Govt Department Loses 306 Mobiles and Laptops in Two Years Full Text

Abstract

The figures raise concerns about the security of highly sensitive data

Infosecurity Magazine

March 22, 2021 – General

Which is the Threat landscape for the ICS sector in 2020? Full Text

Abstract

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape...

Security Affairs

March 22, 2021 – Phishing

Phishers’ perfect targets: Employees getting back to the office Full Text

Abstract

According to Inky, employees who have slowly been returning to work in offices and other company premises can expect cyber crooks to impersonate their colleagues and their company’s leadership.

Help Net Security

March 22, 2021 – Vulnerabilities

Firms Urged to Patch as Attackers Exploit Critical F5 Bugs Full Text

Abstract

Full chain exploitation now seen in wild

Infosecurity Magazine

March 22, 2021 – Privacy

Mozilla Firefox tweaks Referrer Policy to shore up user privacy Full Text

Abstract

Firefox 87, due to ship on March 23, will cut back on path and query string information from referrer headers "to prevent sites from accidentally leaking sensitive user data."

ZDNet

March 22, 2021 – Government

FBI: State and Local Governments Losing Millions to BEC Full Text

Abstract

Alert urges improved education and awareness training

Infosecurity Magazine

March 22, 2021 – Breach

MangaDex website taken offline following cyber-attack, data breach Full Text

Abstract

The site’s maintainers said the attacker was able to access the account through “the reuse of a session token found in an old database leak through faulty configuration of session management”.

The Daily Swig

March 22, 2021 – Business

Musk Denies Tesla Security Claims After Chinese Military Ban Full Text

Abstract

Company would be shut down if allegations were true, he says

Infosecurity Magazine

March 22, 2021 – Business

Cloud security company Axis raises $50m. Full Text

Abstract

Tel Aviv-based cloud security company Axis Security said Monday it closed a $50 million Series C round, bringing its total raised to date to $100 million. The round was led by Spark Capital.

The Jerusalem Post

March 21, 2021 – Denial Of Service

An Uprising of DDoS Attacks, a Cause of Concern for Organizations Full Text

Abstract

The number of attacks almost doubled between February to September 2020. More than 50 million attacks were observed in the span of a year, according to a recent report.

Cyware Alerts - Hacker News

March 21, 2021 – Malware

Let’s Talk About NimzaLoader, the New Malware in Town Full Text

Abstract

This malware has been written in the Nim language to evade detection. The campaign has been attributed to the TA800 threat actor, who previously propagated the BazaLoader malware.

Cyware Alerts - Hacker News

March 21, 2021 – Denial Of Service

DDoS booters now abuse DTLS servers to amplify attacks Full Text

Abstract

DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security (D/TLS) servers to amplify Distributed Denial of Service (DDoS) attacks.

BleepingComputer

March 21, 2021 – Ransomware

Tech Gaint Acer Hit by a REvil Ransomware – Attackers Demanding $50,000,000 Ransom Full Text

Abstract

Taiwanese computer manufacturer Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom...

Cyber Security News

March 21, 2021 – Hacker

Swiss Firm Says It Has Accessed Servers of a SolarWinds Hacker Full Text

Abstract

A Swiss cybersecurity firm says it has accessed servers used by a hacking group tied to the SolarWinds breach, revealing details about who the attackers targeted and how they carried out their operation.

Bloomberg Quint

March 21, 2021 – Government

Biden under growing pressure to nominate cyber czar Full Text

Abstract

President Biden is coming under increasing pressure from lawmakers and other officials to nominate a White House cyber czar as the government starts formulating its response to two major foreign cyberattacks.

The Hill

March 21, 2021 – Solution

CISA releases CHIRP, a tool to detect SolarWinds malicious activity Full Text

Abstract

US CISA has released a new tool that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise environments. US CISA released the CISA Hunt and Incident Response Program (CHIRP) tool, is a Python-based...

Security Affairs

March 21, 2021 – Policy and Law

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft Full Text

Abstract

Department of Justice announced that Swiss hacker Till Kottmann, 21, has been indicted for conspiracy, wire fraud, and aggravated identity theft. A group of US hackers recently claimed to have gained access to footage from 150,000 security cameras...

Security Affairs

March 21, 2021 – General

Security Affairs newsletter Round 306 Full Text

Abstract

Security Affairs

March 21, 2021 – Solution

Microsoft Defender can now protect servers against ProxyLogon attacks Full Text

Abstract

Microsoft announced that its Defender Antivirus and System Center Endpoint Protection now protects users against attacks exploiting Exchange Server vulnerabilities. Microsoft announced this week that Defender Antivirus and System Center Endpoint Protection...

Security Affairs

March 20, 2021 – Hacker

Hacking group used 11 zero-days to attack Windows, iOS, Android users Full Text

Abstract

Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.

BleepingComputer

March 20, 2021 – Hacker

Magecart Hackers Hide the Credit Card Data in Image Files Full Text

Abstract

Nowadays the cybercriminals are mainly focusing on credit card theft, as they always try their best to find different methods to successfully...

Cyber Security News

March 20, 2021 – IOT

This New Mirai Variant Uses New Vulnerabilities in IoT Devices Full Text

Abstract

This week, cybersecurity researchers disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet-connected devices.

Cyware Alerts - Hacker News

March 20, 2021 – Business

Elon Musk denies cars were used to spy in China: Tesla would be ‘shut down’ Full Text

Abstract

Tesla founder and CEO Elon Musk denied claims from the Chinese government that Tesla vehicles could be tied to espionage efforts in the country, arguing such a move would force the electric car manufacturer to “shut down.”

The Hill

March 20, 2021 – Vulnerabilities

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online Full Text

Abstract

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation development comes on the heels of a proof-of-concept exploit code that surfaced online earlier this week by reverse-engineering the Java software patch in BIG-IP. The mass scans are said to have spiked since March 18. The flaws affect BIG-IP versions 11.6 or 12.x and newer, with a critical remote code execution (CVE-2021-22986) also impacting BIG-IQ versions 6.x and 7.x. CVE-2021-22986 (CVSS score: 9.8) is notable for the fact that it's an unauthenticated, remote command execution vulnerability affecting the iControl REST interface, allowing an attacker to execute arbitrary system commands, create or delete files, and disable services without the need for a

The Hacker News

March 20, 2021 – Vulnerabilities

A threat actor exploited 11 zero-day flaws in 2020 campaigns Full Text

Abstract

A hacking group has employed at least 11 zero-day flaws as part of an operation that took place in 2020 and targeted Android, iOS, and Windows users. Google’s Project Zero security team published a report about the activity of a mysterious hacking...

Security Affairs

March 20, 2021 – Vulnerabilities

Microsoft Bug Deleting the Downloaded Files from Microsoft Teams and SharePoint files Full Text

Abstract

Microsoft SharePoint and Microsoft Teams users report that the downloaded files are missing or moved to the Recycle Bin.

Cyber Security News

March 20, 2021 – Vulnerabilities

Unit 42 Finds 15 New Vulnerabilities in Microsoft, Adobe, Apple Products Full Text

Abstract

Unit 42 researchers have been credited with discovering 15 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), Adobe Security Bulletin, and Apple Security Updates, as part of the last quarter of security update releases.

Palo Alto Networks

March 20, 2021 – Ransomware

REvil ransomware gang hacked Acer and is demanding a $50 million ransom Full Text

Abstract

Taiwanese multinational hardware and electronics corporation Acer was victim of a REvil ransomware attack, the gang demanded a $50,000,000 ransom. Taiwanese computer giant Acer was victim of the REvil ransomware attack, the gang is demanding the payment...

Security Affairs

March 20, 2021 – Malware

iOS app developers targeted with trojanized Xcode project Full Text

Abstract

The script contacts a C&C server and downloads a custom variant of the EggShell backdoor, which installs a user LaunchAgent for persistence, and allows the attacker to record information from the victim’s microphone, camera, and keyboard.

Help Net Security

March 20, 2021 – Botnet

CISA and FBI warn of ongoing TrickBot attacks Full Text

Abstract

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn of ongoing Trickbot attacks despite in October multiple security firms dismantled its C2 infrastructure in a joint operation.

Security Affairs

March 19, 2021 – Ransomware

The Week in Ransomware - March 19th 2021 - Highest ransom ever! Full Text

Abstract

While the beginning of this week was fairly quiet, it definitely ended with a bang as news came out of the largest ransom demand yet.

BleepingComputer

March 19, 2021 – Criminals

A Picture is Better than Thousand Words Full Text

Abstract

Researchers from Sucuri recently discovered a tactic, practiced by Magecart groups, to hide malicious activity by saving stolen credit card data into a JPEG file.

Cyware Alerts - Hacker News

March 19, 2021 – General

Hillicon Valley: Twitter says Greene account suspended in error | Justice Dept. indicts hacker connected to massive surveillance breach | Trump reference to ‘Chinese virus’ linked to increase in anti-Asian hashtags Full Text

Abstract

Twitter on Friday announced that the personal account of Rep. Marjorie Taylor GreeneMarjorie Taylor GreeneRep. Marjorie Taylor Greene says she's meeting with Trump 'soon' in Florida QAnon site shutters after reports identifying developer Republicans head to runoff in GA-14 MORE (R-Ga.) had been accidentally suspended, and Greene isn't happy. Meanwhile, the Justice Department brought a slew of charges against a Swiss hacker connected to the recent breach of troves of surveillance data, and a new study found increases in anti-Asian hashtags tied to tweets from former President TrumpDonald TrumpAdvocates demand transparency in Biden migrant facilities The Memo: America faces long war with extremism NYPD investigating anti-Asian incident against teen MORE.

The Hill

March 19, 2021 – Ransomware

Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud Full Text

Abstract

The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks—a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company. A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice (DoJ) on Thursday with conspiracy, wire fraud, and identity theft. Till Kottmann (aka "deletescape" and "tillie crimew"), 21, of Lucerne, Switzerland, and his co-conspirators were accused of hacking dozens of companies and government agencies since 2019 by targeting their "git" and other source code repositories and posting the proprietary data of more than 100 entities on a website called git[.]rip, according to the indictment. Kottmann is alleged to have cloned the source code and other confidential files containing hard-coded administrative credentials and access keys, using the

The Hacker News

March 19, 2021 – Policy and Law

US Indicts Software Engineer Full Text

Abstract

Swiss man indicted for allegedly stealing and publishing sensitive government and corporate data

Infosecurity Magazine

March 19, 2021 – Malware

Russian National pleads guilty to conspiracy to plant malware on Tesla systems Full Text

Abstract

The Russian national who attempted to convince a Tesla employee to plant malware on Tesla systems has pleaded guilty. The U.S. Justice Department announced on Thursday that the Russian national Egor Igorevich Kriuchkov (27), who attempted to convince...

Security Affairs

March 19, 2021 – Malware

CopperStealer malware infected up to 5,000 hosts per day over first three months of 2021 Full Text

Abstract

The malware stole credentials of users on major platforms including Facebook, Instagram, Apple, Amazon, Bing, Google, PayPal, Tumblr and Twitter.

SCMagazine

March 19, 2021 – Vulnerabilities

Critical F5 BIG-IP Flaw Now Under Active Attack Full Text

Abstract

Researchers are reporting mass scanning for – and in-the-wild exploitation of – a critical-severity flaw in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure.

Threatpost

March 19, 2021 – Vulnerabilities

Critical F5 BIG-IP vulnerability now targeted in ongoing attacks Full Text

Abstract

Cybersecurity firm NCC Group said on Thursday that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices.

BleepingComputer

March 19, 2021 – Vulnerabilities

Google Releases PoC Utilizing Spectre Flaw Full Text

Abstract

Google released a Proof-of-Concept on Spectre side-channel vulnerability for web app developers, highlighting the importance of deploying application-level mitigations to stay secure.

Cyware Alerts - Hacker News

March 19, 2021 – Policy and Law

Justice Department indicts hacker connected to massive surveillance camera breach Full Text

Abstract

The Justice Department brought charges this week against a Swiss individual allegedly responsible for hacking into dozens of companies over the course of several years, most recently allegedly carrying out a breach that exposed massive amounts of surveillance data.

The Hill

March 19, 2021 – APT

APT31 Fingered for Cyber-Attack on Finnish Parliament Full Text

Abstract

Finland says its government was spied on by threat group with links to Chinese government

Infosecurity Magazine

March 19, 2021 – Hacker

Threat actors are attempting to exploit CVE-2021-22986 in F5 BIG-IP devices in the wild Full Text

Abstract

Cybersecurity experts warn of ongoing attacks aimed at exploiting a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices. Cybersecurity experts from NCC Group and Bad Packets security firm this week detected a wave...

Security Affairs

March 19, 2021 – General

Girl Security brings the ‘lived security experiences of diverse girls to the forefront’ Full Text

Abstract

In part 3 of our series spotlighting winners of the inaugural Gula Tech Foundation grant competition, we speak to Girl Security CEO Lauren Bean Buitta. She calls her job the “most important work… I’ve ever done,” empowering women in security with education, training and mentoring.

SCMagazine

March 19, 2021 – Ransomware

Computer giant Acer hit by $50 million ransomware attack Full Text

Abstract

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.

BleepingComputer

March 19, 2021 – Hacker

REvil is on Another Attack Spree Full Text

Abstract

Victimizing at least nine organizations across Africa, Europe, Mexico, and the U.S in the past two weeks, the REvil gang is probably showing off its Gootloader malware loader.

Cyware Alerts - Hacker News

March 19, 2021 – General

Protective Intelligence Honors Launched Full Text

Abstract

Cyber investigations firm founder among first security pioneers awarded new security honor

Infosecurity Magazine

March 19, 2021 – General

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads? Full Text

Abstract

Amazon Elastic Kubernetes Service (EKS), a platform which gives customers the ability to run Kubernetes apps in the AWS cloud or on premises. Organizations are increasingly turning to Kubernetes to manage their containers. In the 2020 Cloud Native...

Security Affairs

March 19, 2021 – General

‘A lot of late nights’: Zoom’s compliance chief reflects on the year that was the pandemic Full Text

Abstract

Lynn Haaland joined Zoom as chief compliance and ethics officer in January 2020 – only months before the pandemic took hold. SC Media caught up with Haaland to get her take on challenges and lessons learned during a year transformed by COVID-19.

SCMagazine

March 19, 2021 – Government

FBI warns of BEC attacks increasingly targeting US govt orgs Full Text

Abstract

The Federal Bureau of Investigation (FBI) is warning US private sector companies about an increase in business email compromise (BEC) attacks targeting state, local, tribal, and territorial (SLTT) government entities.

BleepingComputer

March 19, 2021 – Privacy

Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports Full Text

Abstract

According to a report published on March 16 by PrivacySavvy, many travel companies expose users’ data through their booking apps which could impact up to 105 million users.

Security Affairs

March 19, 2021 – Malware

ESET Exposes Malware Disguised as Clubhouse App Full Text

Abstract

The malware can steal login information for 458 online services

Infosecurity Magazine

March 19, 2021 – Vulnerabilities

Millions of sites could be hacked due to flaws in popular WordPress plugins Full Text

Abstract

Experts found vulnerabilities in two WordPress plugins that could be exploited to run arbitrary code and potentially take over a website. Security researchers disclosed vulnerabilities in Elementor and WP Super Cache WordPress plugins that could be exploited...

Security Affairs

March 19, 2021 – Vulnerabilities

Microsoft antivirus now automatically mitigates Exchange Server vulnerability Full Text

Abstract

Microsoft antivirus tools many users already have installed will now automatically mitigate a critical Exchange Server vulnerability, the lynchpin of several recent campaigns to breach on-premises servers.

SCMagazine

March 19, 2021 – Policy and Law

Russian pleads guilty to Tesla hacking and extortion attempt Full Text

Abstract

Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla's Nevada Gigafactory.

BleepingComputer

March 19, 2021 – Attack

Beware the Package Typosquatting Supply Chain Attack Full Text

Abstract

Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.

Dark Reading

March 19, 2021 – Policy and Law

Russian Man Pleads Guilty in Tesla Extortion Plot Full Text

Abstract

Individual tried to recruit insider to deploy malware at Nevada facility

Infosecurity Magazine

March 19, 2021 – Botnet

CISA and FBI warn of ongoing TrickBot attacks Full Text

Abstract

CISA and FBI are warning of ongoing TrickBot attacks despite security firms took down the C2 infrastructure of the infamous botnet in October. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI)...

Security Affairs

March 19, 2021 – Policy and Law

Swiss hacker charged for leaking proprietary source code Full Text

Abstract

Swiss national Till Kottmann, 21, has been charged for conspiracy, wire fraud and aggravated identity theft, the U.S. Department of Justice announced.

BleepingComputer

March 19, 2021 – Malware

BlackRock Android trojan Poses as Clubhouse App to Steal Login Credentials for Over 450 Apps Full Text

Abstract

Disguised as the (non-existent) Android version of the invitation-only audio chat app, the malicious package is served from a website that has the look and feel of the genuine Clubhouse website.

ESET Security

March 19, 2021 – Disinformation

Website Builders Take Hands-Off Approach to Fake News Full Text

Abstract

Research reveals most don't take down conspiracy theories

Infosecurity Magazine

March 19, 2021 – Vulnerabilities

Microsoft Defender adds automatic Exchange ProxyLogon mitigation Full Text

Abstract

Microsoft Defender Antivirus will now protect unpatched on-premises Exchange servers from ongoing attacks by automatically mitigating the actively exploited CVE-2021-26855 vulnerability.

BleepingComputer

March 19, 2021 – Phishing

Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departments Full Text

Abstract

A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants, and financial departments across numerous industries.

Help Net Security

March 19, 2021 – Ransomware

REvil ransomware has a new ‘Windows Safe Mode’ encryption mode Full Text

Abstract

The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files.

BleepingComputer

March 19, 2021 – General

UK’s CEOs Commit to Cyber Spending After Pandemic Full Text

Abstract

Concerns about cyber-threats rose during the crisis

Infosecurity Magazine

March 19, 2021 – Ransomware

INDRIK SPIDER: WastedLocker Superseded by Hades Ransomware Full Text

Abstract

In June 2020, the trend of moving away from their typical infection chain continued, and INDRIK SPIDER began using fake browser updates to deliver the Cobalt Strike red-teaming tool.

Crowdstrike

March 19, 2021 – Outage

Australia: Eastern Health cyber ‘incident’ cancels some surgeries across Melbourne Full Text

Abstract

Some surgeries were canceled at Eastern Health facilities in Victoria, following a "cyber incident" late Tuesday. Eastern Health said it took many of its systems offline in response to the incident.

ZDNet

March 19, 2021 – Privacy

Japan messenger app Line let engineers in China access user data without consent: Report Full Text

Abstract

Line, which has 186 million users worldwide - of which just under half are in Japan - has since blocked access to user data at the Chinese affiliate, the company spokesman said.

The Times Of India

March 19, 2021 – Malware

Hackers Infecting Apple App Developers With Trojanized Xcode Projects Full Text

Abstract

Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed "XcodeSpy," the trojanized Xcode project is a tainted version of a legitimate, open-source project available on GitHub called TabBarInteraction that's used by developers to animate iOS tab bars based on user interaction. "XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer's macOS computer along with a persistence mechanism," SentinelOne researchers said . Xcode is Apple's integrated development environment (IDE) for macOS, used to develop software for macOS, iOS, iPadOS, watchOS, and tvOS. Earlier this year, Google's Threat Analysis group uncovered a North Korean campaign aimed at security researche

The Hacker News

March 19, 2021 – Privacy

Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports Full Text

Abstract

According to a report published by researchers at PrivacySavvy, many travel companies expose users' data through their booking apps. In a report published on the 16th of March by PrivacySavvy, many travel companies expose users' data through their...

Security Affairs

March 19, 2021 – Attack

RDP Attacks Reached Record Levels as More Employees Continue to Work from Home Full Text

Abstract

The vast majority of companies had to switch to remote work due to the Covid-19 pandemic. As life for large swaths of...

Cyber Security News

March 18, 2021 – Solution

CISA releases new SolarWinds malicious activity detection tool Full Text

Abstract

The Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments.

BleepingComputer

March 18, 2021 – Covid-19

COVID-19 and Fundamental Changes in Cyberattacks Full Text

Abstract

Among other threats, email scamming proved to the most successful infection vector in the coronavirus era, Kaspersky finds. It also changed the way people understood cybersecurity.

Cyware Alerts - Hacker News

March 18, 2021 – General

Hillicon Valley: Senate Republicans call for hearing on FTC’s Obama-era Google decision | US grid at rising risk to cyberattack, says GAO | YouTube rolls out TikTok rival in the US Full Text

Abstract

Several Senate Republicans pushed for a Judiciary Committee hearing into the Federal Trade Commission’s decision nearly a decade ago not to sue Google, as lawmakers take a closer look at the tech giant’s market power. A government watchdog released a report stating distribution systems within the U.S. electrical grid are increasingly vulnerable to cyberattack. And YouTube's short-form video service will be launching in the U.S.

The Hill

March 18, 2021 – Vulnerabilities

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites Full Text

Abstract

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution (RCE) without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an update (version 1.8.26) on March 10 addressing the issues. MyBB, formerly MyBBoard and originally MyBulletinBoard, is free and open-source forum software developed using PHP and MySQL. According to the researchers, the first issue — a nested auto URL persistent XSS vulnerability (CVE-2021-27889) — stems from how MyBB parses messages containing URLs during the rendering process, thus enabling any unprivileged forum user to embed stored XSS payloads into threads, posts, and even private messages. "The vulnerability can be exploited with minimal user interaction by saving a maliciously craf

The Hacker News

March 18, 2021 – Policy and Law

Mom Charged in Deepfake Cheerleading Plot Full Text

Abstract

Mom allegedly used deepfake tech in attempt to oust daughter’s cheerleading rivals from squad

Infosecurity Magazine

March 18, 2021 – Attack

Understanding and Responding to the SolarWinds Supply Chain Attack: The Federal Perspective Full Text

Abstract

On Thursday, March 18, 2021, at 10:15 a.m., the Senate Homeland Security and Governmental Affairs Committee will hold a hearing on understanding and responding to the SolarWinds supply chain attack.

Lawfare

March 18, 2021 – Malware

XcodeSpy Mac malware targets Xcode Developers with a backdoor Full Text

Abstract

Unknown threat actors have been using a new XcodeSpy Mac malware to target software developers who use Apple’s Xcode integrated development environment. Researchers at SentinelOne uncovered a series of attacks involving a new XcodeSpy used to deliver...

Security Affairs

March 18, 2021 – General

FBI: Cybercrime skyrocketed in 2020, with email compromise scams accounting for 43% of losses Full Text

Abstract

The FBI’s Internet Crime Complaint Center (IC3) released its annual report Wednesday, showing a sharp increase in cybercrime, both in quantity and cost in 2020.

SCMagazine

March 18, 2021 – Vulnerabilities

Fiserv Forgets to Buy Domain It Used as System Default Full Text

Abstract

Fintech security provider Fiserv acknowledges it used unregistered domain as default email.

Threatpost

March 18, 2021 – Malware

New CopperStealer malware steals Google, Apple, Facebook accounts Full Text

Abstract

Previously undocumented account-stealing malware distributed via fake software crack sites targets the users of major service providers, including Google, Facebook, Amazon, and Apple.

BleepingComputer

March 18, 2021 – Malware

Mekotio Tojan is Using AutoHotKey to Avoid Detection Full Text

Abstract

The Mekotio trojan has been found using two separate emails as an initial infection vector which then abuses AutoHotKey (AHK) and the AHK compiler to steal users’ information.

Cyware Alerts - Hacker News

March 18, 2021 – Government

House Republicans examine federal election funds awarded to Biden-linked firm Full Text

Abstract

Three House Republican leaders on Thursday raised questions about oversight of federal election funds awarded by California to a firm linked to now-President Biden in the months ahead of the election.

The Hill

March 18, 2021 – Malware

How to Successfully Pursue a Career in Malware Analysis Full Text

Abstract

Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career. Did you know that new malware is released every seven seconds? As more and more systems become reliant on the internet, the proliferation of malware becomes increasingly destructive. Once upon a time, a computer virus might cause considerable inconvenience, but its reach might have been limited to the handful of systems connected to the internet. Today, with every home, factory, and institution online, it's theoretically possible for malware to shut down an entire nation. That's where malware analysis comes in. Malware analysis is the process of isolating and reverse-engineering malicious software. Malware analysts draw on a wide range of skills, from programming to digital forensics, to identify and understand different types of malware. From there, they can design security solutions to protect computers from sim

The Hacker News

March 18, 2021 – Business

Acronis Acquires South African Partner Full Text

Abstract

Acronis acquires Synapsys in fourth acquisition in the past 18 months

Infosecurity Magazine

March 18, 2021 – APT

China-linked APT31 group was behind the attack on Finnish Parliament Full Text

Abstract

China-linked cyber espionage group APT31 is believed to be behind an attack on the Parliament of Finland that took place in 2020. China-linked cyber espionage group APT31 is believed to be behind an attack on the Parliament of Finland that took place...

Security Affairs

March 18, 2021 – Malware

Apple developers targeted by malicious Xcode project Full Text

Abstract

The backdoor is able to record the victim’s microphone, camera and keyboard entries, plus can upload and download files.

SCMagazine

March 18, 2021 – Malware

Trojanized Xcode Project Slips MacOS Malware to Apple Developers Full Text

Abstract

In a new campaign, threat actors are bundling macOS malware in trojanized Apple Xcode developer projects.

Threatpost

March 18, 2021 – Malware

US taxpayers targeted with RAT malware in ongoing phishing attacks Full Text

Abstract

US taxpayers are being targeted by phishing attacks attempting to take over their computers using malware and steal sensitive personal and financial information.

BleepingComputer

March 18, 2021 – General

Microsoft Exchange Threats Spreading Faster than Wildfire Full Text

Abstract

The number of attempted attacks observed against vulnerable Microsoft Exchange Servers is doubling every few hours. Security teams and malicious actors are continuously outwitting each other.

Cyware Alerts - Hacker News

March 18, 2021 – General

US grid at rising risk to cyberattack, says GAO Full Text

Abstract

Distribution systems within the U.S. electrical grid are increasingly vulnerable to cyberattack, a government watchdog said in a report released Thursday.

The Hill

March 18, 2021 – Policy and Law

Security Consultant Indicted on Cyberstalking Charges Full Text

Abstract

Seattle cybersecurity professional accused of cyberstalking multiple victims

Infosecurity Magazine

March 18, 2021 – Solution

WINTRIAGE: THE TRIAGE TOOL FOR WINDOWS DFIRERS Full Text

Abstract

Wintriage is a live response tool that extracts Windows artifacts, it allows to extract the most artifacts as possible, but in a selective way Throughout my life, my daily job has been purely related to cybersecurity. But the branch I like the most...

Security Affairs

March 18, 2021 – Ransomware

2020 was a golden year for ransomware gangs, with evolving tactics and increasing payouts Full Text

Abstract

The money has never been better, but there are signs that increasingly aggressive responses from law enforcement are taking a toll.

SCMagazine

March 18, 2021 – Breach

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data Full Text

Abstract

A glitch in Zoom’s screen-sharing feature shows parts of presenters’ screens that they did not intend to share – potentially leaking emails or passwords.

Threatpost

March 18, 2021 – Malware

New XcodeSpy malware targets iOS devs in supply-chain attack Full Text

Abstract

A malicious Xcode project known as XcodeSpy is targeting iOS devs in a supply-chain attack to install a macOS backdoor on the developer's computer.

BleepingComputer

March 18, 2021 – Government

FBI Releases the IC3 Internet Crime Report 2020 Full Text

Abstract

The FBI received 791,790 cybercrime complaints in 2020—300,000 more than 2019— resulting in a loss of over $4.2 billion.

Cyware Alerts - Hacker News

March 18, 2021 – Solution

Facebook rolls out physical keys to guard against hacking mobile accounts Full Text

Abstract

Facebook on Thursday announced that iOS and Android mobile device users can now utilize physical security keys to verify their accounts and guard against hackers.

The Hill

March 18, 2021 – General

Internet Crime Complaints Surge in 2020, Fueled By Pandemic Full Text

Abstract

The IC3 saw a 69% increase in internet crime complaints last year

Infosecurity Magazine

March 18, 2021 – Malware

Expert found a 1-Click RCE in the TikTok App for Android Full Text

Abstract

Egyptian security researcher Sayed Abdelhafiz discovered multiple bugs in TikTok Android Application that can be chained to achieve Remote code execution. Egyptian security researcher Sayed Abdelhafiz discovered multiple vulnerabilities in the TikTok...

Security Affairs

March 18, 2021 – Education

‘I vowed I was going to teach people’: NPower’s trauma-informed training nurtures digital talent Full Text

Abstract

In Part 2 of a series looking at winners of the inaugural Gula Tech Foundation grant competition, we meet Robert Vaughn, head of the nonprofit’s National Instructors Institute, whose chance meeting with a stranger a gas station led to career transformation.

SCMagazine

March 18, 2021 – Hacker

Chinese nation state hackers linked to Finnish Parliament hack Full Text

Abstract

Chinese nation-state hackers have been linked to an attack on the Parliament of Finland that took place last year and led to the compromise of some parliament email accounts.

BleepingComputer

March 18, 2021 – Malware

Old RAT in New Theme Full Text

Abstract

Trustwave researchers have spotted a new malspam campaign that is exploiting icon files to deceive victims into executing the NanoCore RAT.

Cyware Alerts - Hacker News

March 18, 2021 – Phishing

Fraudsters Impersonating Tesco in New Phone Scam, Police Warn Full Text

Abstract

Victims are being tricked into giving away personal details, including banking details

Infosecurity Magazine

March 18, 2021 – Hacker

Hackers can get access to your SMSes for just few dollars Full Text

Abstract

Text-messaging management services are now being misused for as little as $16 to covertly redirect text messages from users to hackers, giving cybercriminals access to two-factor codes/login SMSes.

The Times Of India

March 18, 2021 – Ransomware

Ransomware Soaring Too High Full Text

Abstract

The extent and severity of ransomware attacks witnessed an all-time high in 2020 and there’s no reason to believe that it is going to be any different this year.

Cyware Alerts - Hacker News

March 18, 2021 – Botnet

CISA alerts of TrickBot trojan attacks Full Text

Abstract

TrickBot uses person-in-the-browser attacks to steal information, such as login credentials. Some of TrickBot’s modules spread the malware laterally across a network by abusing the SMB protocol.

CISA

March 18, 2021 – Business

Recorded Future Swoops for Gemini Advisory in $52m Deal Full Text

Abstract

Combination will enhance customers’ threat intelligence

Infosecurity Magazine

March 18, 2021 – Disinformation

Polish Government Websites Hacked and Used to Spread Fake Information on Radioactive Leak Full Text

Abstract

The National Atomic Energy Agency and Health Ministry websites briefly carried claims of a supposed nuclear waste leak coming from neighboring Lithuania and threatening Poland.

Security Week

March 18, 2021 – Vulnerabilities

Tutor LMS for WordPress Open to Info-Stealing Security Holes Full Text

Abstract

The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities.

Threatpost

March 18, 2021 – Botnet

Satori: Mirai Botnet Variant Targeting Vantage Velocity Field Unit RCE Vulnerability Full Text

Abstract

Unit 42 researchers observed attempts to exploit CVE-2020-9020, which is a Remote Command Execution (RCE) vulnerability in Iteris’ Vantage Velocity field unit version 2.3.1, 2.4.2, and 3.0.

Palo Alto Networks

March 18, 2021 – Government

FBI Alert: Pysa Ransomware Targeting Education Sector Full Text

Abstract

Threat actors disable AV before deploying ransomware

Infosecurity Magazine

March 18, 2021 – General

Reading the FBI IC3’s ‘2020 Internet Crime Report’ Full Text

Abstract

The FBI’s Internet Crime Complaint Center has released its annual report, the 2020 Internet Crime Report, which includes data from 791,790 complaints of suspected cybercrimes. The FBI’s Internet Crime Complaint Center (IC3) has published its annual...

Security Affairs

March 18, 2021 – Malware

Fake Telegram Desktop App Malware Campaign Persists Full Text

Abstract

The .com and .net sites have seen 2,746 downloads of the malicious Windows executable, and a second-stage malware was then pushed down 129 times. The .org site snared 529 downloads in just two days.

Info Risk Today

March 18, 2021 – Vulnerabilities

Why Cached Credentials Can Cause Account Lockouts and How to Stop it Full Text

Abstract

When a user account becomes locked out, the cause is often attributed to a user who has simply entered an old or incorrect password too many times. However, this is far from being the only thing that can cause an account to become locked. Another common cause, for example, is an application or script that is configured to log into the system using an old password. Perhaps the most easily overlooked cause of account lockouts, however, is the use of cached credentials. Before I explain why cached credentials can be problematic , let's first consider what the Windows cached credentials do and why they are necessary. Cached and stored credentials Cached credentials are a mechanism that is used to ensure that users have a way of logging into their device in the event that the device is unable to access the Active Directory. Suppose for a moment that a user is working from a domain-joined laptop and is connected to the corporate network. In that type of situation, the Active Directory

The Hacker News

March 18, 2021 – General

FBI: Over $4.2 billion officially lost to cybercrime in 2020 Full Text

Abstract

The Federal Bureau of Investigation has published its annual report on cybercrime affecting victims in the U.S., noting a record number of complaints and financial losses in 2020 compared to the previous year.

BleepingComputer

March 18, 2021 – Policy and Law

The 17-year-old Twitter Hacker who is the “mastermind” Behind a High-Profile Attack Pleads Guilty Full Text

Abstract

Graham Ivan Clark, 17, of Tampa, was arrested on 30 felony charges. Authorities say he was the "mastermind" of a July 15...

Cyber Security News

March 18, 2021 – General

The dangers of misusing instant messaging and business collaboration tools Full Text

Abstract

71% of workers – including 68% in the US – admitted to sharing sensitive and business-critical company data using instant messaging (IM) and business collaboration tools, a Veritas report revealed.

Help Net Security

March 18, 2021 – Privacy

Google Reveals What Personal Data Chrome and It’s Apps Collect On You Full Text

Abstract

Privacy-focused search engine DuckDuckGo called out rival Google for "spying" on users after the search giant updated its flagship app to spell out the exact kinds of information it collects for personalization and marketing purposes. "After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app. No wonder they wanted to hide it," the company said in a tweet. "Spying on users has nothing to do with building a great web browser or search engine." The " privacy nutrition labels " are part of a new policy that went into effect on December 8, 2020, mandating app developers to disclose their data collection practices and help users understand how their personal information is put to use. The insinuation from DuckDuckGo comes as Google has been steadily adding app privacy labels to its iOS apps over the course of the last several weeks in accordance with Apple's App Store rules, but not

The Hacker News

March 18, 2021 – Ransomware

Average Ransom Payment Surged 171% in 2020 Full Text

Abstract

Report claims incident response costs could ruin some firms

Infosecurity Magazine

March 18, 2021 – Government

Prime Minister Boris Johnson wants to enhance UK cyber capabilities Full Text

Abstract

Prime Minister Boris Johnson declared that Britain needs to boost its cyber capability to conduct cyber attacks on foreign hostile actors. Prime Minister Boris Johnson said that his government needs to boost its capability to conduct cyber attacks...

Security Affairs

March 18, 2021 – Privacy

Thinking of Joining Clubhouse? The Membership Fee Could Be Your Data Privacy Full Text

Abstract

There are questions about the way Clubhouse app handles users’ contacts. There are also questions over just how private users’ actions and audio content are on the app, too.

Check Point Research

March 18, 2021 – Vulnerabilities

Vulnerability Management Firm Vulcan Cyber Raises $21 Million Full Text

Abstract

The new funding, Vulcan Cyber says, will help it expand its platform with new vulnerability remediation solutions for both cloud and applications, as well as meet demand for its SaaS solution.

Security Week

March 18, 2021 – Vulnerabilities

Android apps are asking for too many dangerous permissions. Here’s how we know Full Text

Abstract

In theory, Android app permissions are a great way to ensure our safety and protect our privacy. In practice, however, these permissions aren’t always shown prominently or described in much detail.

Cyber News

March 17, 2021 – General

Hillicon Valley: Google ad report reveal | SolarWinds fallout raises pressure on Biden | UK Uber drivers get some solace Full Text

Abstract

Google released its yearly ad transparency report Wednesday, revealing the action it took on both misleading coronavirus ads and political ads during the 2020 election season. On the cyber front, the Biden administration is facing pressure to act on vulnerabilities in the wake of the SolarWinds hack.

The Hill

March 17, 2021 – General

Cyber helped him overcome hardship. Now he’s paying it forward to the black community. Full Text

Abstract

Darold Kelly Jr. is CEO of the Black Cybersecurity Association, which helps underserved individuals – especially African-Americans – land careers in cyber.

SCMagazine

March 17, 2021 – Government

Officials urge Biden to appoint cyber leaders after SolarWinds, Microsoft hacks Full Text

Abstract

Homeland Security Secretary Alejandro Mayorkas and leading lawmakers on Wednesday urged President Biden to nominate officials to lead federal cybersecurity policy, particularly as the government continues to grapple with the fallout from two massive cyber espionage attacks.

The Hill

March 17, 2021 – Vulnerabilities

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites Full Text

Abstract

Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in Elementor , a website builder plugin used on more than seven million sites, and WP Super Cache , a tool used to serve cached pages of a WordPress site. According to Wordfence, which discovered the security weaknesses in Elementor, the bug concerns a set of stored cross-site scripting (XSS) vulnerabilities (CVSS score: 6.4), which occurs when a malicious script is injected directly into a vulnerable web application. In this case, due to a lack of validation of the HTML tags on the server-side, a bad actor can exploit the issues to add executable JavaScript to a post or page via a crafted request. "Since posts created by contributors are typically reviewed by editors or administrators before publishing, any JavaScript added to one of these posts would

The Hacker News

March 17, 2021 – Policy and Law

Lawmakers press federal agencies on scope of SolarWinds attack Full Text

Abstract

The bipartisan leaders of a House panel on Wednesday drilled multiple agencies for updates on the SolarWinds hack, a mass cyber campaign that compromised at least nine federal agencies and 100 private sector groups.

The Hill

March 17, 2021 – Policy and Law

US subpoenas multiple Chinese communications providers in security review Full Text

Abstract

The Commerce Department announced Wednesday that it subpoenaed several Chinese communications firms as the government reviews possible national security risks following alarming cyberattacks.

The Hill

March 17, 2021 – Breach

Data Breaches Tracker monitor unsecured ElasticSearch servers online Full Text

Abstract

Cybersecurity research at WizCase, an online security and privacy portal, built a tool to track accessible ElasticSearch servers on the internet. Cybersecurity research at WizCase, an online security and privacy portal, developed a tool...

Security Affairs

March 17, 2021 – Breach

SolarWinds threat actor gains access to Mimecast’s production grid environment Full Text

Abstract

The company earned kudos from security researchers for transparency and swift response, with one saying “I would have hoped to see more companies to be this responsive and forthcoming.”

SCMagazine

March 17, 2021 – Vulnerabilities

Cisco Plugs Security Hole in Small Business Routers Full Text

Abstract

The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers.

Threatpost

March 17, 2021 – Policy and Law

Teen Behind Twitter Bit-Con Breach Cuts Plea Deal Full Text

Abstract

The ‘young mastermind’ of the Twitter hack will serve three years in juvenile detention.

Threatpost

March 17, 2021 – Government

White House forms public-private task force to tackle Microsoft Exchange hack Full Text

Abstract

The Unified Coordination Group established by the National Security Council includes officials from the FBI, the Cybersecurity and Infrastructure Security Agency at DHS, the Office of the Director of National Intelligence and the NSA, as well as private sector companies with “specific insights to this incident.”

SCMagazine

March 17, 2021 – Hacker

China-linked hackers target telcos to steal 5G secrets Full Text

Abstract

Chinese APT groups are targeting telecom companies in cyberespionage campaigns collectively tracked as Operation Diànxùn, to steal 5G secrets. Chinese-language threat actors are targeting telecom companies, as part of a cyber espionage campaign...

Security Affairs

March 17, 2021 – Education

CompTIA Launches Training Catalogue to Promote “Outstanding” IT Apprenticeships Full Text

Abstract

Catalogue aims to facilitate more flexible learning for apprentices

Infosecurity Magazine

March 17, 2021 – Government

TIA CEO: Supply chain standard shows feds ‘they don’t have to be heavy handed’ Full Text

Abstract

Nobody likes a new standard, said TIA CEO David Stehlin. But with security concerns tied to Huawei and SolarWinds still fresh, government and businesses alike need assurance that industry is addressing the problem.

SCMagazine

March 17, 2021 – Business

Infrastructure Security Specialist Optilan Appoints Adrian Bannister as CFO Full Text

Abstract

Bannister brings over 25 years of financial experience to the firm

Infosecurity Magazine

March 17, 2021 – Malware

New Mirai Variant Targeting IoT & Network Security Devices Full Text

Abstract

Unit 42 researchers observed a new Mirai variant targeting IoT and network security devices. They discovered attacks leveraging several vulnerabilities, including:

Cyber Security News

March 17, 2021 – Malware

$4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware Full Text

Abstract

The American Rescue Act is the latest zeitgeisty lure being circulated in an email campaign.

Threatpost

March 17, 2021 – Solution

Dropbox to Make Password Manager Feature Free for All Users Full Text

Abstract

As of April, users can try a limited version of Dropbox Passwords free-of-charge

Infosecurity Magazine

March 17, 2021 – Breach

Mimecast: SolarWinds Attackers Stole Source Code Full Text

Abstract

A new Mimecast update reveals the SolarWinds hackers accessed several “limited” source code repositories.

Threatpost

March 17, 2021 – Attack

Chile’s bank regulator shares IOCs after Microsoft Exchange hack Full Text

Abstract

Chile's Comisión para el Mercado Financiero (CMF) has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities.

BleepingComputer

March 17, 2021 – Botnet

The Rising, Unpredictable Cases of Botnet Threats Full Text

Abstract

A new variant of the Gafgyt botnet that uses the Tor network to target vulnerable D-Link and IoT devices, has been identified by NetLab 360 researchers.

Cyware Alerts - Hacker News

March 17, 2021 – Attack

China suspected of cyber attack on Western Australia’s Parliament during state election Full Text

Abstract

Western Australia's parliamentary email network was hit by suspected Chinese hackers earlier this month as part of a massive global cyber-attack involving Microsoft software.

ABC

March 17, 2021 – Vulnerabilities

Twitter images can be abused to hide ZIP, MP3 files — here’s how Full Text

Abstract

Yesterday, a researcher disclosed a method of hiding up to three MB of data inside a Twitter image. In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter.

BleepingComputer

March 17, 2021 – Business

Acronis acquires Synapsys to extend cyber protection solutions to organizations across Africa Full Text

Abstract

Acronis announced to acquire Synapsys, its partner located in Cape Town, South Africa that specializes in distributing Acronis Cyber Protection Solutions through the service provider channel.

Help Net Security

March 17, 2021 – Vulnerabilities

Biden administration convenes government, private sector groups to respond to Microsoft vulnerabilities Full Text

Abstract

White House officials said Wednesday that the Biden administration has formally stood up a task force of government and private sector groups as it works to investigate and respond to the recently uncovered cyber espionage incident involving a Microsoft email application.

The Hill

March 17, 2021 – Breach

Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code Full Text

Abstract

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company said in a write-up detailing its investigation, adding the adversary "accessed and downloaded a limited number of our source code repositories, as the threat actor is reported to have done with other victims of the SolarWinds Orion supply chain attack." But Mimecast said the source code downloaded by the attackers was incomplete and would be insufficient to build and run any aspect of the Mimecast service and that it did not find signs of any tampering made by the threat actor to the build process associated with the executables that are distributed to its customers. On January 12, Mimecast disclosed that that "a sophisticat

The Hacker News

March 17, 2021 – General

50% of Incident Response Pros Want Better Work-Life Balance Full Text

Abstract

Study highlights key factors IR pros look for in prospective employers

Infosecurity Magazine

March 17, 2021 – Botnet

New ZHtrap botnet uses honeypot to find more victims Full Text

Abstract

Netlab 360 experts discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims. Researchers from Netlab 360 discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims. ZHtrap...

Security Affairs

March 17, 2021 – Hacker

State-sponsored Threat Groups Target Telcos, Steal 5G Secrets Full Text

Abstract

Researchers say China-linked APTs lure victims with bogus Huawei career pages in what they dub ‘Operation Diànxùn’.

Threatpost

March 17, 2021 – Breach

Microsoft’s Azure SDK site tricked into listing fake package Full Text

Abstract

A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite.

BleepingComputer

March 17, 2021 – Breach

Sensitive data from US shipping management software firm exposed online Full Text

Abstract

The data, which belonged to New Jersy based Descartes Aljex Software, was exposed by a misconfigured AWS S3 Bucket which left it unsecured and vulnerable to intrusion by attackers.

Hackread

March 17, 2021 – Vulnerabilities

Microsoft breach ramps up pressure on Biden to tackle cyber vulnerabilities Full Text

Abstract

The Biden administration is coming under increasing pressure to address U.S. cybersecurity vulnerabilities following the Microsoft breach that has quickly been viewed as a massive threat to the U.S.

The Hill

March 17, 2021 – Hacker

[Webinar] Oy Vey, We Hired a Large, Hairy Hacker… Full Text

Abstract

It's not every day that one of the best-known independent cybersecurity individuals joins a cybersecurity company. The two are generally on opposite sides of the coin, with little crossover. After all, they're usually concerned with different parts of the cybersecurity puzzle – one providing platforms and tools to defend organizations, the other keeping them accountable and looking for blind spots in even the best security tools. That seems to be changing, however, with a recent appointment. Cynet, an Autonomous XDR provider that recently closed a Series C funding round worth $40 million, announced that it has hired Chris Roberts as their Chief Security Strategist. Roberts is world-renowned in counter-threat intelligence, as well as in vulnerability and threat research fields, thanks to decades of experience. As part of his efforts at Cynet, Roberts will be focusing his work on helping empower and connect security professionals from organizations outside of the Fortune 200

The Hacker News

March 17, 2021 – Policy and Law

SEC Charges Man Over Cannabis Firm Pump-and-Dump Full Text

Abstract

Individual allegedly amplified false statements via Twitter

Infosecurity Magazine

March 17, 2021 – Ransomware

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK Full Text

Abstract

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United...

Security Affairs

March 17, 2021 – Insider Threat

A New Paradigm in Data Security: Insider Risk Management Full Text

Abstract

Insider Risk Management builds a framework around the new paradigm of “risk tolerance,” aiming to give security teams the visibility and context around data activity to protect that data, without putting rigid constraints on users.

Threatpost

March 17, 2021 – Hacker

Threat actors thriving on the fear and uncertainty of remote workforces Full Text

Abstract

The WFH reality resulted in an unprecedented change for organizations as they fought to defend exponentially greater attack surfaces from cybercriminals armed with powerful cloud-based tools.

Help Net Security

March 17, 2021 – Hacker

Chinese Threat Actors Target Global 5G Operators Full Text

Abstract

Spoofed Huawei phishing page lures employees

Infosecurity Magazine

March 17, 2021 – Education

New UK Cyber Security Council to be official governing body on training and standards Full Text

Abstract

The UK government has set up a new independent body, the UK Cyber Security Council, to boost career opportunities and professional standards for the UK’s booming cyber security sector.

Gov.UK

March 17, 2021 – Outage

Microsoft’s latest cloud authentication outage: What went wrong Full Text

Abstract

Microsoft has published a preliminary root cause analysis of its March 15 Azure Active Directory outage, which took down Office, Teams, Dynamics 365, Xbox Live, and other apps.

ZDNet

March 17, 2021 – APT

China-based Mustang Panda APT Targets Telecom Companies to Steal 5G Secrets Full Text

Abstract

At least 23 telecommunications providers in Southeast Asia, Europe, and the United States, are suspected to have been targeted as part of the campaign that has been active since at least August 2020.

ZDNet

March 17, 2021 – Business

Cybersecurity insurance company Coalition raises $175M to secure the modern enterprise Full Text

Abstract

Coalition, an enterprise-grade cybersecurity platform that specializes in providing insurance, has raised $175 million in its Series D round of funding led by Index Ventures.

Venture Beat

March 17, 2021 – General

More Than a Quarter of Threats Never Seen Before Full Text

Abstract

HP reveals widespread use of packers and obfuscation

Infosecurity Magazine

March 17, 2021 – Attack

Nurseries sent first official cyber-attack warning Full Text

Abstract

Sarah Lyons, deputy director for economy and society engagement at the NCSC, said across educational settings it was "vital that all providers know how to secure their devices and sensitive data".

BBC

March 17, 2021 – Policy and Law

18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter ‘Bitcoin Scam’ Hack Full Text

Abstract

A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence. Graham Ivan Clark, 18, will also serve an additional three years on probation. The development comes after the U.S. Department of Justice (DoJ) charged Mason Sheppard (aka Chaewon), Nima Fazeli (aka Rolex), and Clark (then a juvenile) with conspiracy to commit wire fraud and money laundering. Specifically, 30 felony charges were filed against Clark, including one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of access to computer or electronic device without authority. On July 15, 2020, Twitter suffered one of the biggest security lapses in its history after the attackers managed to hi

The Hacker News

March 17, 2021 – Ransomware

Ransomware attack on Pimpri Chinchwad Smart City servers managed by Tech Mahindra Full Text

Abstract

Pimpri-Chinchwad Municipal Corporation Smart City said on Monday that it had not suffered any data loss due to a ransomware attack late last month and that it had also not paid ransom to the hackers.

The Times Of India

March 17, 2021 – Hacker

Researcher adds his fake package to Microsoft Azure SDK releases list Full Text

Abstract

BleepingComputer

March 17, 2021 – General

TIA publishes process-based supply chain security standard for the ICT industry Full Text

Abstract

The Telecommunications Industry Association published a new white paper on SCS 9001, a process-based supply chain security standard for the information communications technology (ICT) industry.

Help Net Security

March 17, 2021 – Phishing

SBI, ICICI, HDFC, Axis Bank, PNB and the Indian IT department targeted in phishing scam Full Text

Abstract

The targeted banks in the campaign include the State Bank of India, ICICI, HDFC, Axis Bank and Punjab National Bank, revealed an investigation by CyberPeace Foundation and Autobot Infosec.

The Times Of India

March 17, 2021 – Hacker

SolarWinds hackers stole some of Mimecast source code Full Text

Abstract

Cybersecurity firm Mimecast confirmed that SolarWinds hackers who breached its network stole some of its source code. Back in December, the SolarWinds supply chain attack made the headlines when a Russian cyber espionage group tampered with updates...

Security Affairs

March 17, 2021 – Vulnerabilities

Microsoft releases one-click mitigation tool for Exchange Server hacks Full Text

Abstract

Released on Monday, the tool is designed to mitigate the threat posed by four actively-exploited vulnerabilities that have collectively caused havoc for organizations worldwide.

ZDNet

March 17, 2021 – Hacker

Researcher adds their package to Microsoft Azure SDK releases list Full Text

Abstract

A security researcher was able to add their own test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite.

BleepingComputer

March 17, 2021 – Solution

Apple May Start Delivering Security Patches Separately From Other OS Updates Full Text

Abstract

Apple may be changing the way it delivers security patches to its devices running iOS and iPadOS mobile operating systems. According to code spotted in iOS 14.5, the iPhone maker is reportedly working on a method for delivering security fixes independently of other OS updates. The changes were first reported by the 9to5Mac website. While Google's Android has had monthly security patches rolled out that are completely divorced from the OS-related updates, iOS has no option to install a security update without upgrading to the latest version of the OS. But with this new setting called "Install Security Updates" added to the software update menu, it's expected that Apple will let users choose between either installing the entire iOS update or just the security updates, in a manner that echoes macOS. On Macs running older versions of the operating system such as macOS Mojave, Apple has offered standalone update packs, allowing users to get security patches and bu

The Hacker News

March 17, 2021 – Vulnerabilities

Old Linux storage bugs, new security patches Full Text

Abstract

A trio of security holes -- CVE-2021-27365, CVE-2021-27363, and CVE-2021-27364 -- was found by security company GRIMM researchers in an almost forgotten corner of the mainline Linux kernel.

ZDNet

March 17, 2021 – Botnet

Dridex Network Attack Campaign Delivered by Cutwail Botnet and Poisonous PowerShell Scripts Full Text

Abstract

The IBM X-Force threat intelligence team has recently reported that they are continuously witnessing a huge increase in Dridex-related network attacks, and...

Cyber Security News

March 16, 2021 – General

Hillicon Valley: US Intel says Russia, Iran sought to influence elections | Advocates press Facebook to combat Spanish-language disinformation | Five attorneys general join lawsuit against Google Full Text

Abstract

Top U.S. intelligence officials on Wednesday concluded that Russia and Iran attempted to interfere in the 2020 elections, but did not change any votes. Meanwhile, Facebook is facing fierce pushback over its handling of Spanish-language disinformation, with at least one Democrat saying he will raise the issue at next week’s House Energy and Commerce Hearing. Google’s challenges are also growing, with five more attorneys general jumping onto the Texas-led lawsuit against the Silicon Valley giant, including the first Democrat to join the effort.

The Hill

March 16, 2021 – Solution

Argon emerges from stealth as concern over software supply chain integrity peaks Full Text

Abstract

Argon’s main pitch — that it aims to secure the integrity of the software development and update process — has become increasingly relevant to industry following the SolarWinds breach.

SCMagazine

March 16, 2021 – Policy and Law

Teen responsible for major Twitter hack to serve three years in prison Full Text

Abstract

A teenager responsible for masterminding a massive bitcoin scam last year that involved hacking Twitter accounts for various politicians and other high-profile figures has been sentenced to three years in prison.

The Hill

March 16, 2021 – Vulnerabilities

Google fixes five Chrome bugs, including one zero-day exploited in the wild Full Text

Abstract

The latest news from Google warning to patch Chrome vulnerabilities came on the heels of news early last week that the vast majority of Chrome users take close to one month to install a new patch.

SCMagazine

March 16, 2021 – General

The Cyberlaw Podcast: The Former Lingerie Salesman Who Has Putin’s Knickers in a Twist Full Text

Abstract

This week we interview Eliot Higgins, founder and executive director of the online investigative collective Bellingcat and author of

Lawfare

March 16, 2021 – Vulnerabilities

The Microsoft Exchange hack: The risks and rewards of sharing bug intel Full Text

Abstract

Intel that Microsoft privately shared with security partners may have leaked to hackers. How do companies know who to trust with their secrets?

SCMagazine

March 16, 2021 – Policy and Law

Teen hacker agrees to 3 years in prison for Twitter Bitcoin scam Full Text

Abstract

A Florida teenager has pleaded guilty to fraud charges after coordinating the hack of high-profile Twitter accounts to run a cryptocurrency scam that collected roughly $120,000 worth of bitcoins.

BleepingComputer

March 16, 2021 – Malware

New Mirai variant appears in the threat landscape Full Text

Abstract

Palo Alto researchers uncovered a series of ongoing attacks to spread a variant of the infamous Mirai bot exploiting multiple vulnerabilities. Security experts at Palo Alto Networks disclosed a series of attacks aimed at delivering a Mirai variant...

Security Affairs

March 16, 2021 – Breach

Hacker leaks payment data from defunct WeLeakInfo breach site Full Text

Abstract

WeLeakInfo was a website that offered paid subscriptions that provides searchable access to a database containing 12.5 billion user records stolen during data breaches. This data included email addresses, names, phone numbers, addresses, and in many cases, passwords.

BleepingComputer

March 16, 2021 – Ransomware

PYSA Ransomware Pillages Education Sector, Feds Warn Full Text

Abstract

A major spike of attacks against higher ed, K-12 and seminaries in March has prompted the FBI to issue a special alert.

Threatpost

March 16, 2021 – Policy and Law

Mom & Daughter Duo Hack Homecoming Crown Full Text

Abstract

A Florida high-school student faces jail time for rigging her school’s Homecoming Queen election.

Threatpost

March 16, 2021 – Breach

Mimecast: SolarWinds hackers stole some of our source code Full Text

Abstract

Email security company Mimecast has confirmed today that the state-sponsored SolarWinds hackers who breached its network earlier this year used the Sunburst backdoor during the initial intrusion.

BleepingComputer

March 16, 2021 – Breach

Hacker leak payment data from defunct WeLeakInfo breach site Full Text

Abstract

BleepingComputer

March 16, 2021 – Breach

Hackers leak payment data from defunct WeLeakInfo breach site Full Text

Abstract

BleepingComputer

March 16, 2021 – Government

US intel says Russia, Iran sought to influence 2020 election Full Text

Abstract

Russia and Iran undertook campaigns to influence the 2020 U.S. election but intelligence agencies found no evidence that foreign actors tried to alter technical aspects of the voting process, according to conclusions of a declassified report released Tuesday.

The Hill

March 16, 2021 – Ransomware

New Enhancements in Darkside Ransomware: How Far will it Go? Full Text

Abstract

Threat intelligence experts warn of a new version of the Darkside ransomware variant that its creators claim will feature faster encryption speeds and VoIP calling while exploiting VMware flaws.

Cyware Alerts - Hacker News

March 16, 2021 – Botnet

New botnet targets network security devices with critical exploits Full Text

Abstract

Authors of a new botnet are targeting connected devices affected by critical-level vulnerabilities, some of them impacting network security devices.

BleepingComputer

March 16, 2021 – Vulnerabilities

DuckDuckGo browser extension vulnerability leaves Edge users open to potential cyber-snooping Full Text

Abstract

DuckDuckGo has fixed a universal cross-site scripting (uXSS) flaw in a popular browser extension named DuckDuckGo Privacy Essentials available for both Chrome and Firefox.

The Daily Swig

March 16, 2021 – Breach

Fastway Couriers Confirms Security Breach Full Text

Abstract

Investigation launched after data breach puts 450k Fastway Couriers customers at risk

Infosecurity Magazine

March 16, 2021 – Business

‘Cyber fusion’ startup Cyware secures $30M in fresh funding Full Text

Abstract

Announced today, the $30 million Series B funding round was led by Advent International and Ten Eleven Ventures and also included the participation of several returning backers.

Silicon Angle

March 16, 2021 – Hacker

Magecart hackers hide captured credit card data in JPG file Full Text

Abstract

Crooks devised a new method to hide credit card data siphoned from compromised e-stores, experts observed hackers hiding data in JPG files. Cybercriminals have devised a new method to hide credit card data siphoned from compromised online stores,...

Security Affairs

March 16, 2021 – Malware

Mimecast: SolarWinds hackers used Sunburst malware for initial intrusion Full Text

Abstract

Email security company Mimecast has confirmed today that the state-sponsored SolarWinds hackers who breached its network earlier this year used the Sunburst backdoor during the initial intrusion.

BleepingComputer

March 16, 2021 – Solution

Twitter Users Can Now Secure Accounts With Multiple Security Keys Full Text

Abstract

“Secure your account (and that alt) with multiple security keys. Now you can enroll and log in with more than one physical key on both mobile and web,” the company announced.

Security Week

March 16, 2021 – Vulnerabilities

Microsoft rolls back update to fix access issues for thousands Full Text

Abstract

Microsoft Corp said early on Tuesday glitches that affected access to workplace messaging app Teams, Outlook.com and other services have been largely fixed after it rolled back an update.

Reuters

March 16, 2021 – Hacker

Magecart Attackers Save Stolen Credit-Card Data in .JPG File Full Text

Abstract

Researchers from Sucuri discovered the tactic, which creatively hides malicious activity until the info can be retrieved, during an investigation into a compromised Magento 2 e-commerce site.

Threatpost

March 16, 2021 – Policy and Law

Spanish Data Protection Agency Issues Highest Ever Fine Full Text

Abstract

AEPD fines Vodafone Spain a record-breaking $9.72m for failing to protect data

Infosecurity Magazine

March 16, 2021 – Ransomware

FBI warns of escalating Pysa ransomware attacks on education orgs Full Text

Abstract

The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.

BleepingComputer

March 16, 2021 – Outage

UK College group closes all campuses for a week following ‘major’ cyber attack Full Text

Abstract

The eight sites of South and City College Birmingham will be shut and revert to online teaching from today while computer forensic specialists work to respond to the ransomware attack.

FE Week

March 16, 2021 – Attack

UK Nurseries Get First Official Cyber-Attack Warning Full Text

Abstract

NCSC warns childminders and nurseries to safeguard personal data and be wary of malware

Infosecurity Magazine

March 16, 2021 – Attack

Cream Finance and PancakeSwap Cryptocurrency Portals Experience DNS Hijacking Attacks Simultaneously Full Text

Abstract

According to a source who tipped The Record earlier today, the same attacker is believed to be behind both incidents as DNS records for both websites were changed within a minute of each other.

The Record

March 16, 2021 – Policy and Law

Google to Face Lawsuit Over Tracking Users in ‘Incognito’ Mode Full Text

Abstract

A judge in the US has directed Google to face a class-action lawsuit seeking $5 billion, that claimed the tech giant is...

Cyber Security News

March 16, 2021 – Business

Cyware Closes $30M Series B Just 7 Months After A Round Full Text

Abstract

“Even though 2020 was a tough year for many companies, we were able to realize 120 percent (ARR) growth,” CEO Anuj Goel said. “We have now seen three years of triple-digit growth.”

CrunchBase News

March 16, 2021 – Botnet

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild Full Text

Abstract

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy Mirai variants on compromised systems. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers," Palo Alto Networks' Unit 42 Threat Intelligence Team said in a write-up. The rash of vulnerabilities being exploited include: VisualDoor — a SonicWall SSL-VPN remote command injection vulnerability that came to light earlier this January CVE-2020-25506 - a D-Link DNS-320 firewall remote code execution (RCE) vulnerability CVE-2021-27561 and CVE-2021-27562 - Two vulnerabilities in Yealink Device Management that allow an unauthenticated attacker to run arbitrary commands on the server with root privileges CVE-2021-22502 - an RCE flaw in Micro Focus Operation Bridge Reporter (OBR), affecting version 10.40 CV

The Hacker News

March 16, 2021 – Government

UK Cyber Security Council Unveils Inaugural Leadership Team Full Text

Abstract

UK Cyber Security Council introduces its first four trustees

Infosecurity Magazine

March 16, 2021 – General

‘Women faces among all of those white men’: Digital Guardian chiefs explain why it matters Full Text

Abstract

SC Media spoke to Digital Guardian’s Debra Danielson and Connie Stack recently about their own career experiences, the evolution of diversity in the information security market, and the power of pink.

SCMagazine

March 16, 2021 – General

Top MSP Challenges in 2021 Full Text

Abstract

At SafeDNS, we see three entangled hurdles for MSPs in 2021 and the coming years— tied with the current economic uncertainty and somewhat linked to the pandemic.

Threatpost

March 16, 2021 – Vulnerabilities

Researchers Uncovered Hidden Data in the PDF Files Published by Security Agencies Full Text

Abstract

Recently, security researchers from different organizations are publishing and sharing frequent electronic documents like PDF files. But there are still many organizations...

Cyber Security News

March 16, 2021 – Malware

Threatening within Budget: How WSH-RAT is abused by Cyber-Crooks Full Text

Abstract

WSH-RAT kit is a complete Remote Administration tool sold in the underground and frequently abused by criminal actors relying on off-the-shelf kits to build their offensive campaigns.

Yoroi

March 16, 2021 – Solution

Twitter Updates 2FA to Enable Use of Multiple Security Keys Full Text

Abstract

Users will soon be able to use security keys as sole authentication method

Infosecurity Magazine

March 16, 2021 – Vulnerabilities

Microsoft releases one-click mitigation tool for Exchange Server Full Text

Abstract

Microsoft released a one-click mitigation tool for the Hafnium Exchange Server vulnerabilities that the company hopes will help organizations struggling to update.

SCMagazine

March 16, 2021 – Vulnerabilities

Over 80,000 Exchange Servers Still Affected by Actively Exploited Vulnerabilities Full Text

Abstract

The bugs were publicly disclosed on March 2, when the Microsoft announced not only patches for them, but also the fact that a Chinese threat actor had been actively exploiting them in attacks.

Security Week

March 16, 2021 – Ransomware

Ransomware and IoT Malware Detections Surge by Over 60% Full Text

Abstract

SonicWall points to a perfect storm for threat actors in 2020

Infosecurity Magazine

March 16, 2021 – Breach

Hacker Dumps Guns.com Database Containing Customer and Admin Data Full Text

Abstract

The actor behind the data dump claimed that it includes a complete database of Guns.com along with its source code. They further added that the breach took place somewhere around the end of 2020.

Hackread

March 16, 2021 – Vulnerabilities

Microsoft One-Click Tool Mitigates Exchange Server Attacks Full Text

Abstract

Tool designed for customers without dedicated IT or cybersecurity resource

Infosecurity Magazine

March 16, 2021 – Breach

Users of NFT Digital Art Marketplace Nifty Gateway Suffer Account Takeover and Theft Attacks Full Text

Abstract

Many users of the digital art marketplace Nifty Gateway reported that hackers had taken over their accounts and stolen artwork worth thousands of dollars over the weekend.

Cyberscoop

March 16, 2021 – Business

Cyware nabs $30M to help organizations detect and stop advanced cyber attacks – TechCrunch Full Text

Abstract

The funding is being co-led by Advent International and Ten Eleven Ventures, with participation from Prelude Fund, Emerald Development Managers, Great Road Holdings, and cloud security firm Zscaler

TechCrunch

March 16, 2021 – Vulnerabilities

Mirai Variant Targeting New IoT Vulnerabilities, Network Security Devices Full Text

Abstract

Researchers found attacks using VisualDoor (SonicWall SSL-VPN), CVE-2020-25506 (D-Link firewall), CVE-2020-26919 (Netgear ProSAFE Plus), CVE-2019-19356 (Netis wireless router), and other exploits.

Palo Alto Networks

March 16, 2021 – General

MoD Contractor Security Incidents Double in a Year Full Text

Abstract

WARP reports hit a record 151 in 2020

Infosecurity Magazine

March 16, 2021 – Hacker

Hackers hide credit card data from compromised stores in JPG file Full Text

Abstract

Hackers have come up with a sneaky method to steal payment card data from compromised online stores that reduces the suspicious traffic footprint and helps them evade detection.

BleepingComputer

March 16, 2021 – Phishing

Royal Mail scam says your parcel is waiting for delivery Full Text

Abstract

This Royal Mail delivery scam begins with a text message out of the blue, claiming that a parcel is waiting for delivery and they are asked to pay the settlement amount to receive it.

Malwarebytes Labs

March 16, 2021 – Business

Lookout Acquires SASE Cloud Provider CipherCloud Full Text

Abstract

Lookout Inc., a provider of mobile security solutions, has acquired cloud security firm CipherCloud. CipherCloud has solutions that span several categories of secure access service edge (SASE).

Dark Reading

March 16, 2021 – Malware

Taurus Stealer’s Evolution Full Text

Abstract

The individuals developing this threat have been actively improving the evasiveness of their loader since February 2021, which in turn made their payloads fully undetectable for almost a month.

Minerva Labs

March 16, 2021 – Vulnerabilities

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues Full Text

Abstract

Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855,...

Security Affairs

March 16, 2021 – General

Hacking Incidents, Vendor Breaches Keep Surging Full Text

Abstract

As of Monday, the Department of Health and Human Service's HIPAA Breach Reporting Tool website shows 89 major health data breaches affecting a total of over 7.3 million individuals so far in 2021.

Info Risk Today

March 16, 2021 – Vulnerabilities

The Microsoft Exchange hacks: How they started and where we are Full Text

Abstract

The emergency patches for the recently disclosed critical vulnerabilities in Microsoft Exchange email server did not come soon enough and organizations had little time to prepare before en masse exploitation began.

BleepingComputer

March 16, 2021 – Vulnerabilities

Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms? Full Text

Abstract

Microsoft is reportedly investigating whether the recent attacks against Microsoft Exchange servers could be linked to information leaked by a partner security firm. According to a report published by The Wall Street Journal, Microsoft is investigating...

Security Affairs

March 16, 2021 – Vulnerabilities

15 Years Old Linux Bug Let Attackers Gain Admin Privileges Full Text

Abstract

Three bugs found in the mainline Linux kernel turned out to be about 15 years old. One of these bugs turned out...

Cyber Security News

March 15, 2021 – Vulnerabilities

Microsoft releases one-click Exchange On-Premises Mitigation Tool Full Text

Abstract

Microsoft has released a one-click Exchange On-premises Mitigation Tool (EOMT) tool to allow small business owners to easily mitigate the recently disclosed ProxyLogon vulnerabilities.

BleepingComputer

March 15, 2021 – General

Security ratings could raise the bar on cyber hygiene, but won’t stop the next SolarWinds Full Text

Abstract

The concept of security ratings, noted by Biden officials, is one that the cybersecurity community has batted around for some time: place a label on the box that says a product is or is not secure, and let consumers create a market around security. But experts say the simplicity of that concept is both its strength and its weakness.

SCMagazine

March 15, 2021 – General

Hillicon Valley: Facebook to label all posts that discuss coronavirus vaccines | Swiss authorities raid home of alleged surveillance camera hacker | Study finds overlap between vaccine hesitancy and QAnon Full Text

Abstract

Amid mounting scrutiny over its handling of coronavirus vaccine misinformation — and one week before Facebook CEO Mark ZuckerbergMark Elliot ZuckerbergHillicon Valley: Democrats push Facebook to 'take responsibility' for placement of gun accessory ads | Lawmakers introduce bill allowing Americans to take foreign hackers to court | Malala Yousafzai signs content deal with Apple House Democrats push Facebook to 'take responsibility' for placement of gun accessory ads NY Times columnist David Brooks says think-tank role 'hasn't affected' his journalism MORE and other tech CEOs testify before Congress — Facebook said it will be rolling out labels for all posts discussing the vaccines. However, one senator says they're not doing enough on anti-vaccination content.

The Hill

March 15, 2021 – Botnet

Trickbot has Filled in Emotet’s Void - Threat Index Report Full Text

Abstract

Check Point lists Trickbot trojan as the most popular malware among cybercriminals in its Global Threat Index report. Here we cover other threats on the list and interesting insights you should know about.

Cyware Alerts - Hacker News

March 15, 2021 – Business

IronNet to go public in $1.2 billion deal, as CEO Alexander warns of start of ‘digital arms race’ Full Text

Abstract

IronNet Cybersecurity announced a $1.2 billion agreement Monday with special purpose acquisition company LGL Systems Acquisition Corp. to go public. The combined company will move forward as IronNet Cybersecurity Inc., and be listed on the New York Stock Exchange under the ticker symbol IRNT. Company officials expect the company to go public by the third…

SCMagazine

March 15, 2021 – General

Cybersecurity Bug-Hunting Sparks Enterprise Confidence Full Text

Abstract

A survey from Intel shows that most organizations prefer tech providers to have proactive security, but few meet security expectations.

Threatpost

March 15, 2021 – Attack

Blender website in maintenance mode after hacking attempt Full Text

Abstract

Blender.org, the official website of the popular 3D computer graphics software Blender, is now in maintenance mode according to a message displayed on the site.

BleepingComputer

March 15, 2021 – Malware

School district IT leaders grade their handling of past malware attacks Full Text

Abstract

Rockford Public Schools and Rockingham County Schools learned lessons in transparency, timely incident response, access management, data redundancy and disaster recovery.

SCMagazine

March 15, 2021 – Ransomware

Two Ransomware with Different Modus Operandi are Making Inroads Full Text

Abstract

Researchers recently discovered two new ransomware variants, one of which is a variant of the Thanos ransomware series, which spreads through PDF files that fake the subject of invoices.

Cyware Alerts - Hacker News

March 15, 2021 – APT

What You Need to Know About RedEcho Full Text

Abstract

The victimology of this Chinese hacker group coincides with that of APT41, also known as Barium. Moreover, RedEcho boasts of a robust infrastructure.

Cyware Alerts - Hacker News

March 15, 2021 – Ransomware

Ransomware Actors Coming After Your Hypervisor Full Text

Abstract

Recently, two retooled ransomware strains were found exploiting vulnerabilities in the VMware ESXi hypervisor system and encrypting virtual hard drives or VMs.

Cyware Alerts - Hacker News

March 15, 2021 – Vulnerabilities

A Side-Channel Attack that Works Without Scripting Support Full Text

Abstract

Security researchers have discovered the first browser side-channel attack that is JavaScript-free and it appears that the new Apple M1 chips may be vulnerable to the attack.

Cyware Alerts - Hacker News

March 15, 2021 – APT

Multiple APT Groups Now Targeting Microsoft Exchange Servers Full Text

Abstract

Several threat actors have been found exploiting the recently disclosed ProxyLogon vulnerabilities in Microsoft Exchange servers including APT27, LuckyMouse, Calypso, and Winnti Group.

Cyware Alerts - Hacker News

March 15, 2021 – Ransomware

RTM and Quoter Ransomware - A Deadly Combo Full Text

Abstract

The RTM banking trojan is back with an arsenal of tricks. A new ransomware family—Quoter—has joined the party too.

Cyware Alerts - Hacker News

March 15, 2021 – Policy and Law

Swiss authorities raid home of hacker potentially responsible for breaching surveillance cameras Full Text

Abstract

Swiss law enforcement raided the home of a hacker potentially responsible for breaching around 150,000 surveillance cameras, exposing sensitive footage from homes, hospitals, and prisons.

The Hill

March 15, 2021 – Policy and Law

US DoJ indicted the CEO of Sky Global encrypted chat platform Full Text

Abstract

The CEO of the encrypted communications firm Sky Global has been indicted in the US on charges of facilitating international drug trafficking The head of the Canada-based company Sky Global that provides encrypted communications, Jean-Francois Eap,...

Security Affairs

March 15, 2021 – Covid-19

Cyberattacks See Fundamental Changes, A Year into COVID-19 Full Text

Abstract

A year after COVID-19 was officially determined to be a pandemic, the methods and tactics used by cybercriminals have drastically changed.

Threatpost

March 15, 2021 – Solution

Twitter now supports multiple 2FA security keys on mobile and web Full Text

Abstract

Twitter has added support for multiple security keys to accounts with two-factor authentication (2FA) enabled for logging into the social network's web interface and mobile apps.

BleepingComputer

March 15, 2021 – Breach

Vulnerable Australian Kids Impacted by Data Breach Full Text

Abstract

Former caseworker accessed sensitive data of children hundreds of times after leaving their job

Infosecurity Magazine

March 15, 2021 – Botnet

Police shut down Android app that turned smartphones into proxies Full Text

Abstract

According to Spanish and Europol officials, the app enrolled user devices into another company's network which used the devices as proxy bots in its anonymization offering and for DDoS attacks.

The Record

March 15, 2021 – Phishing

Phishing sites now detect virtual machines to bypass detection Full Text

Abstract

Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device.

BleepingComputer

March 15, 2021 – Ransomware

HeraSoft Looks To Stop Ransomware Attacks After $5M Series A Full Text

Abstract

HeraSoft announced a $5 million Series A led by United Capital Management of Kansas. It has developed a public protocol index layer that protects organizations from ransomware and other cyberattacks.

CrunchBase News

March 15, 2021 – Government

Canada Revenue Agency locks out over 800,000 online accounts — here’s what to know Full Text

Abstract

On Friday, the agency said the move is a precautionary cybersecurity measure and is being taken after a similar action in February, when over 100,000 accounts were locked.

CBC

March 15, 2021 – Business

Lookout Enters SASE Market Through Acquisition of CipherCloud Full Text

Abstract

Lookout acquires CipherCloud with the intention of creating an integrated endpoint to cloud security solution

Infosecurity Magazine

March 15, 2021 – Botnet

ZHtrap Botnet Deploys Honeypots to Trap and Takeover Infected Devices From Competing Botnets Full Text

Abstract

Security researchers discovered last week a new IoT botnet that deploys honeypots to capture attacks from rival botnets and then uses that information to hijack its rivals’ infrastructure.

The Record

March 15, 2021 – Criminals

OVH Data Center Fire Impacts Cyber-criminals Full Text

Abstract

Major fire at Strasbourg data center knocks millions of websites offline and disrupts threat actors

Infosecurity Magazine

March 15, 2021 – Malware

Metamorfo Banking Trojan Leverages AutoHotKey (AHK) and the AHK compiler to Evade Detection Full Text

Abstract

A legitimate binary for creating shortcut keys in Windows is being used to help the malware sneak past defenses, in a rash...

Cyber Security News

March 15, 2021 – Outage

Cyberattack at Buffalo Public Schools Leads to Cancelation of Classes Full Text

Abstract

Ransomware attackers appear to have taken a swipe at Buffalo Public Schools in recent days, screeching the school system’s plans for remote classes and in-person learning to a halt on Friday.

Cyberscoop

March 15, 2021 – General

Rising Demand for DDoS Protection Software Market By 2020-2028 Full Text

Abstract

Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the best DDoS protection software solutions. Many unplanned data center outages are owing to DDoS attacks. The threat of DDoS is due to access to easy-to-use tools and the profit potential through extortion. The attacks target businesses directly, leading to substantial financial and personal losses, making it critical to have robust DDoS protection software solutions in place. According to the report of Market Research Inc , the DDoS protection Software Market is predicted to reach +14% CAGR by 2020 – 2028. Important Statistics to illustrate the growing demand for DDoS Software Solutions Demand for the DDoS software market is on th

The Hacker News

March 15, 2021 – Policy and Law

Judge Upholds Privacy Lawsuit Against Google Full Text

Abstract

Google will face allegations that it collected data of private browsing mode users

Infosecurity Magazine

March 15, 2021 – Vulnerabilities

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now Full Text

Abstract

A security researcher released a new PoC exploit for ProxyLogon issues that could be adapted to install web shells on vulnerable Microsoft Exchange servers. A security researcher has released a new proof-of-concept exploit that could be adapted to install...

Security Affairs

March 15, 2021 – Attack

New Browser cache-based side-channel Attack that Works Even When Script Execution is Completely Blocked Full Text

Abstract

Recently, a group of security researchers from the University of Michigan, the University of the Negev, and the University of Adelaide have...

Cyber Security News

March 15, 2021 – Policy and Law

US Indicts Head of Alleged Crime Chat Comms Service Full Text

Abstract

The indictments were presented Friday against Jean-Francois Eap, the head of Sky Global, and Thomas Herdman, a former high-level distributor of Sky Global devices, the department said Friday.

Security Week

March 15, 2021 – Policy and Law

CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals Full Text

Abstract

The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Eap (also known as "888888") and Thomas Herdman, a former high-level distributor of Sky Global devices, have been charged with a conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO), according to warrants issued for their arrests. "The indictment alleges that Sky Global generated hundreds of millions of dollars providing a service that allowed criminal networks around the world to hide their international drug trafficking activity from law enforcement," Acting U.S. Attorney Randy Grossman said in the announcement. "This groundbreaking investigation should send a serious message to companies who think they can aid criminals in their unlawful ac

The Hacker News

March 15, 2021 – General

25% of UK Workers Let Their Children Use Their Work Device Full Text

Abstract

Study indicates that insecure practices remain prevalent among home workers

Infosecurity Magazine

March 15, 2021 – Ransomware

NCSC is not aware of ransomware attacks compromising UK orgs through Microsoft Exchange bugs Full Text

Abstract

The UK's National Cyber Security Centre (NCSC) urges UK organizations to install the patches for the recently disclosed vulnerabilities in Microsoft Exchange. The UK's National Cyber Security Centre is urging UK organizations to install security patches...

Security Affairs

March 15, 2021 – Hacker

Hackers hit 32 Indian firms via Microsoft email servers Full Text

Abstract

The hardest-hit sectors in India are finance and banking institutions (28%), government\military organizations (16%), manufacturing (12.5%), insurance\legal (9.5%), and others (34%), according to CPR.

The Times Of India

March 15, 2021 – General

New Dates Confirmed for Infosecurity Europe 2021 Full Text

Abstract

Cybersecurity event will take place July 13-15 at London’s Olympia

Infosecurity Magazine

March 15, 2021 – Vulnerabilities

Google fixes the third actively exploited Chrome 0-Day since January Full Text

Abstract

Google has addressed a new zero-day flaw in its Chrome browser that has been actively exploited in the wild, the second one within a month Google has fixed a new actively exploited zero-day in its Chrome browser, this is the second zero-day issue...

Security Affairs

March 15, 2021 – Vulnerabilities

Google fixes the third actively exploited Chrome 0-Day since January Full Text

Abstract

The flaw, tracked as CVE-2021-21193, is a use after free vulnerability in the Blink rendering engine. Google addressed the issue with the 89.0.4389.90 version for Windows, Mac, and Linux.

Security Affairs

March 15, 2021 – Business

Uber and Lyft Pool Driver Info to Boost Passenger Safety Full Text

Abstract

Program will keep deactivated drivers off the roads

Infosecurity Magazine

March 15, 2021 – Ransomware

UK: NCSC is not aware of ransomware attacks compromising UK businesses through Microsoft Exchange bugs Full Text

Abstract

The UK’s NCSC is urging UK organizations to install security patches for their Microsoft Exchange installs and run Microsoft Safety Scanner to detect webshells employed in the attacks.

Security Affairs

March 15, 2021 – Policy and Law

Encrypted Comms CEO Indicted in Drug Trafficking Conspiracy Full Text

Abstract

Arrest warrant issued for Sky Global boss Jean-Francois Eap

Infosecurity Magazine

March 15, 2021 – Solution

GLEIF CA Stakeholder Group accelerates integration of LEIs in digital certificates Full Text

Abstract

In accordance with ISO 17442-2, the CA Stakeholder Group will develop and promote best practice guidelines and use cases for LEI integration across the digital identity industry.

Help Net Security

March 15, 2021 – Vulnerabilities

Exchange Exploit Attempts Surge Sixfold as Ransomware Lands Full Text

Abstract

Check Point warns of major increase in attack activity

Infosecurity Magazine

March 15, 2021 – Vulnerabilities

Google: This Spectre proof-of-concept shows how dangerous these attacks can be Full Text

Abstract

Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser's JavaScript engine to leak information from its memory.

ZDNet

March 15, 2021 – General

Alarming number of consumers impacted by identity theft, application fraud and account takeover Full Text

Abstract

A new report by Aite Group and GIACT uncovers the pervasiveness of identity theft perpetrated against U.S. consumers and tracks shifts in banking behaviors adopted as a result of the pandemic.

Help Net Security

March 15, 2021 – Government

Britain must boost cyber-attack capacity, PM Boris Johnson says Full Text

Abstract

Britain needs to boost its capacity to conduct cyber attacks on foreign enemies, Prime Minister Boris Johnson said before the publication of a national security review next week.

The Times Of India

March 15, 2021 – Vulnerabilities

Thousands of Unsanitized PDF Documents from Security Agencies Reveal Hidden Data and Allow Exploits Full Text

Abstract

Security agencies are doing a poor job at sanitizing PDF documents on their official websites and are leaking troves of sensitive information that could be collected and weaponized in malware attacks.

The Record

March 14, 2021 – Vulnerabilities

New PoC for Microsoft Exchange bugs puts attacks in reach of anyone Full Text

Abstract

A security researcher has released a new proof-of-concept exploit this weekend that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities.

BleepingComputer

March 14, 2021 – Vulnerabilities

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE Full Text

Abstract

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. Netgear has released security and firmware updates to address 15 vulnerabilities in its JGS516PE...

Security Affairs

March 14, 2021 – Government

Security Affairs newsletter Round 305 Full Text

Abstract

Security Affairs

March 14, 2021 – Vulnerabilities

Google releases Spectre PoC code exploit for Chrome browser Full Text

Abstract

Google released proof-of-concept code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks. Google released proof-of-concept code for conducting a Spectre attack against its Chrome browser...

Security Affairs

March 13, 2021 – Business

Microsoft Edge to use a four-week release cycle to sync with Chrome Full Text

Abstract

Major 'Stable' versions of Microsoft Edge will now be released every four weeks to synchronize with the new four-week release cycle announced by Google Chrome.

BleepingComputer

March 13, 2021 – General

Cryptocurrency Platforms Witness Another Round of Cyber Threats Full Text

Abstract

Over 25,000 Coinbase users have been compromised in a phishing campaign in over two weeks with 69% of the fraudulent correspondence originating from India, followed by Brazil and the US.

Cyware Alerts - Hacker News

March 13, 2021 – Education

CompTIA Security Certification Prep — Lifetime Access for just $30 Full Text

Abstract

At long last, top companies are starting to take cybersecurity seriously. As a consequence, technical recruiters are looking for people with hacking skills and certifications to prove it. CompTIA is seen as the gold standard when it comes to cybersecurity exams, with several certifications to choose from. If you would like to scoop them all, The CompTIA Security Infrastructure Expert Bundle is worth your attention. This collection of courses offers 111 hours of video tutorials, working towards four certifications: Security+, CySA+, CASP, and PenTest+. The content in this bundle is worth $1,180 — but The Hacker News has partnered with iCollege to bring the price crashing down. Special Offer — Right now, you can get lifetime access to all four courses for just $29.99 . This is the final reduction on this bundle, so you won't get a better price! Whether you want to become a cybersecurity specialist or just build a strong technical résumé, taking CompTIA exams is a smart move.

The Hacker News

March 13, 2021 – Policy and Law

CEO of Sky Global encrypted chat platform indicted by US Full Text

Abstract

The US Department of Justice has indicted the CEO of encrypted messaging company Sky Global, and an associate for allegedly aiding criminal enterprises avoid detection by law enforcement.

BleepingComputer

March 13, 2021 – Botnet

Cryptomining Botnet Targets Unpatched Vulnerabilities in Cloud Servers Full Text

Abstract

An upgraded version of z0Miner, a cryptomining botnet, has been found attempting to take over Jenkins and ElasticSearch servers to mine for Monero cryptocurrency.

Cyware Alerts - Hacker News

March 13, 2021 – Vulnerabilities

15-year-old Linux kernel bugs let attackers gain root privileges Full Text

Abstract

Three security vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems.

BleepingComputer

March 13, 2021 – Vulnerabilities

Experts found three new 15-year-old bugs in a Linux kernel module Full Text

Abstract

Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems. GRIMM researchers found three vulnerabilities in the SCSI (Small Computer System Interface)...

Security Affairs

March 13, 2021 – APT

The fire in the OVH datacenter also impacted APTs and cybercrime groups Full Text

Abstract

The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs. OVH, one of the largest hosting providers in the world, has suffered this week a terrible...

Security Affairs

March 13, 2021 – Malware

New variant for Mac Malware XCSSET compiled for M1 Chips Full Text

Abstract

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits...

Security Affairs

March 13, 2021 – Privacy

Vulnerability in Million Times Downloaded iPhone app Let Attacker Listen to any User’s Call Recording Full Text

Abstract

The "Automatic call recorder" application is one of the popular applications used by iPhone users to record their calls. The app is...

Cyber Security News

March 13, 2021 – Government

U.S. government to respond to SolarWinds hackers in weeks: Senior Official Full Text

Abstract

The Biden administration will respond “in weeks, not months” to the perpetrators of the SolarWinds hack, who used the U.S. tech company as a springboard to compromise a raft of U.S. government agencies, a senior administration official said on

Reuters

March 13, 2021 – Vulnerabilities

A Spectre proof-of-concept for a Spectre-proof web Full Text

Abstract

Google has published the proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. The PoC code is expected to work against all modern browsers.

Chrome Releases

March 13, 2021 – Breach

10,000+ WeLeakInfo customer records leaked Full Text

Abstract

WeLeakInfo.com was a data breach notification service that was allowing its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over 10,000 data breaches.

Security Affairs

March 13, 2021 – Ransomware

No sign of Exchange-related ransomware hitting UK orgs, claims NCSC as it urges admins to scan for compromises Full Text

Abstract

The UK's National Cyber Security Centre has reminded Brits to patch their Microsoft Exchange Server deployments against Hafnium attacks, 10 days after the US and wider infosec industry shouted the house down saying the same thing.

The Register

March 13, 2021 – Attack

Molson Coors Production Stopped Following a Cyberattack Full Text

Abstract

A cyber attack took place at Molson Coors breweries based in Milwaukee. It looks like the hack was crippling, leaving the brewery unable to produce beer at the time of the attack.

Heimdal Security

March 12, 2021 – Ransomware

The Week in Ransomware - March 12th 2021 - Encrypting Exchange servers Full Text

Abstract

For the past two weeks, the cybersecurity news has been dominated by stories about the Microsoft Exchange ProxyLogon vulnerabilities. One overriding concern has been when will ransomware actors use the vulnerabilities to compromise and encrypt mail servers.

BleepingComputer

March 12, 2021 – General

Hillicon Valley: Google slams Microsoft for ‘naked corporate opportunism’ | Sanders invites Bezos to testify at inequality hearing | AFL-CIO hits Rubio over union endorsement Full Text

Abstract

Microsoft and Google traded barbs Friday over proposals to require tech giants to pay news publishers for content, as lawmakers discussed challenges to the news industry at a House hearing. Amazon CEO Jeff BezosJeffrey (Jeff) Preston BezosPentagon awards 0M in contracts to Musk's SpaceX Philanthropist MacKenzie Scott remarries after divorce from Jeff Bezos Marianne Williamson: Refusal to hike minimum wage is part of 'rigged economy' MORE is also in the hot seat as a unionization vote is in progress at a warehouse in Alabama, with Sen. Bernie SandersBernie SandersVice promotes Liz Landers to chief political correspondent The Memo: How the COVID-19 year upended politics Jayapal asks for ethics investigation into Boebert, Gosar, Brooks MORE (I-Vt.) inviting the billionaire executive to testify at a hearing next week about inequality. Meanwhile, the AFL-CIO slammed Sen. Marco Rubio (R-Fla.) for backing the unionization push at the plant while simultaneously opposing a federal bill that would offer protections for employees trying to unionize.

The Hill

March 12, 2021 – Ransomware

Deep Instinct to offer $3 million ransomware warranty Full Text

Abstract

Deep Instinct announced that it would back its product with a performance guarantee that delivers false positivity rates of less than 1 percent, plus a ransomware warranty of up to $3 million per company for a single breach.

SCMagazine

March 12, 2021 – Policy and Law

SolarWinds lawsuits merge as stockholders begin documenting financial losses Full Text

Abstract

A judge approved the merger of three class action lawsuits against SolarWinds as shareholders detail tens of thousands of dollars in stock losses they claim resulted from the hack.

SCMagazine

March 12, 2021 – Vulnerabilities

Critical Security Hole Can Knock Smart Meters Offline Full Text

Abstract

Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks.

Threatpost

March 12, 2021 – Vulnerabilities

Google fixes second actively exploited Chrome zero-day this month Full Text

Abstract

Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users.

BleepingComputer

March 12, 2021 – Malware

NimzaLoader Malware Developed Using a Rare Programming Language to Avoid Detection Full Text

Abstract

The research team from Proofpoint observed an interesting email campaign by a threat actor and tracked it as ‘TA800’. The TA800 threat...

Cyber Security News

March 12, 2021 – Hacker

This Financially-Motivated Actor has Targeted Countless Industrial Organizations Full Text

Abstract

Security analysts uncovered an attack campaign targeting oil and gas supply chain industries in Europe, the Middle East, Asia Pacific, and North America using spearphishing techniques.

Cyware Alerts - Hacker News

March 12, 2021 – Government

China blasts Biden administration over new restrictions on Huawei Full Text

Abstract

China criticized the Biden administration on Friday over new restrictions on the Chinese telecom giant Huawei, arguing the move shows that the U.S. cannot be trusted.

The Hill

March 12, 2021 – Malware

Researchers Spotted Malware Written in Nim Programming Language Full Text

Abstract

Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Dubbed " NimzaLoader " by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape. "Malware developers may choose to use a rare programming language to avoid detection, as reverse engineers may not be familiar with Nim's implementation, or focused on developing detection for it, and therefore tools and sandboxes may struggle to analyze samples of it," the researchers said. Proofpoint is tracking the operators of the campaign under the moniker "TA800," who, they say, started distributing NimzaLoader starting February 3, 2021. Prior to the latest raft of activity, TA800 is known to have predominantly used BazaLoader since April 2020. While APT28 has been previously linked to delivering Zeb

The Hacker News

March 12, 2021 – Breach

Settlement Reached Over Data Breach Impacting 24 Million Americans Full Text

Abstract

Retrieval-Masters Creditors Bureau reaches multi-state settlement over AMCA data breach

Infosecurity Magazine

March 12, 2021 – General

How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks? Full Text

Abstract

If the SolarWinds/Holiday Bear campaign was a minimally-invasive arthroscopic incision into vulnerable networks, the Microsoft Exchange hack was a full-limb amputation: untargeted, reckless and extremely dangerous.

Lawfare

March 12, 2021 – Breach

10,000+ WeLeakInfo customer records leaked Full Text

Abstract

An actor claimed to have registered one of the domains of WeLeakInfo, accessed details of 10000+ WeLeakInfo' s customers, and leaked it. WeLeakInfo.com was a data breach notification service that was allowing its customers to verify if their credentials...

Security Affairs

March 12, 2021 – Policy and Law

As legislators work toward law requiring companies to alert feds to breaches, key hurdles emerge Full Text

Abstract

Experts say the idea has merit – if only legislators can balance the promise with the potential liability and burden placed upon industry.

SCMagazine

March 12, 2021 – Ransomware

REvil Group Claims Slew of Ransomware Attacks Full Text

Abstract

The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations.

Threatpost

March 12, 2021 – Phishing

Scammers promote fake cryptocurrency giveaways via Twitter ads Full Text

Abstract

Threat actors have started to use 'Promoted' tweets, otherwise known as Twitter ads, to spread cryptocurrency giveaway scams.

BleepingComputer

March 12, 2021 – Vulnerabilities

SAP Fixes Critical Security Flaw in Manufacturing Software Full Text

Abstract

Recently, SAP has fixed a very critical security flaw in its manufacturing software, this critical-bug fix was a spring of 18 security...

Cyber Security News

March 12, 2021 – Malware

Clast82: A Dropper That Delivers Two Banking Trojans Full Text

Abstract

Check Point Research laid out details on financial trojans found embedded in at least ten Android-based apps by the same threat actor. The apps have been taken down by Google.

Cyware Alerts - Hacker News

March 12, 2021 – Vulnerabilities

Microsoft warns of new threat to ‘unpatched’ networks Full Text

Abstract

Microsoft warned late Thursday of a threat detected to unpatched networks from a new family of ransomware.

The Hill

March 12, 2021 – Vulnerabilities

Utah Company Stored Passport Scans on Unsecured Server Full Text

Abstract

Premier Diagnostics data breach exposes personal information of over 50k customers

Infosecurity Magazine

March 12, 2021 – Government

France, Cyber Operations and Sovereignty: The ‘Purist’ Approach to Sovereignty and Contradictory State Practice Full Text

Abstract

The rule of sovereignty that France asserts applies to cyberspace is incompatible with several of its own operations. The “purist” approach to a rule of sovereignty for cyber operations is at odds with the state practice of cyber-capable states.

Lawfare

March 12, 2021 – Outage

Internet disruption in Russia coincided with the introduction of restrictions Full Text

Abstract

Experts at the NetBlocks Internet Observatory observed this week a temporary disruption of internet service in Russia due to new restrictions. On Wednesday 10 March 2021, researchers from Network data from the NetBlocks Internet Observatory observed...

Security Affairs

March 12, 2021 – Vulnerabilities

Three flaws that sat in Linux kernel since 2006 could deliver root privileges to attackers Full Text

Abstract

Three recently unearthed vulnerabilities in the Linux kernel, located in the iSCSI module used for accessing shared data storage facilities, could allow root privileges to anyone with a user account.

SCMagazine

March 12, 2021 – Policy and Law

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms Full Text

Abstract

Sky ECC claims that cops cracked a fake version of the app being passed off by disgruntled reseller.

Threatpost

March 12, 2021 – Vulnerabilities

Google shares Spectre PoC targeting browser JavaScript engines Full Text

Abstract

Google has published JavaScript proof-of-concept (PoC) code to demonstrate the practicality of using Spectre exploits targeting web browsers to gain access to information from a browser's memory.

BleepingComputer

March 12, 2021 – Phishing

Cyber Espionage Campaign Targeting the Middle East has Connections with MuddyWater Full Text

Abstract

Researchers recently detected malicious activity targeting organizations in the Middle East and neighboring regions using spearphishing emails to distribute their harmful packages.

Cyware Alerts - Hacker News

March 12, 2021 – Insider Threat

Apple Sues Employee for Stealing Trade Secrets Full Text

Abstract

Former Apple materials lead sued after allegedly leaking trade secrets to media

Infosecurity Magazine

March 12, 2021 – Attack

Researchers warn of a surge in cyber attacks against Microsoft Exchange Full Text

Abstract

Researchers warn of a surge in cyber attacks against Microsoft Exchange servers exploiting the recently disclosed ProxyLogon vulnerabilities. Researchers at Check Point Research team reported that threat actors are actively exploiting the recently...

Security Affairs

March 12, 2021 – Ransomware

Ransomware may be targeting Microsoft’s Hafnium Exchange Server vulnerabilities Full Text

Abstract

Microsoft confirmed “a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,” via its Security Intelligence Twitter account. The ransomware, called DoejoCrypt or DearCry, appears to be the latest threat associated with not patching the Hafnium Exchange Server vulnerabilities Microsoft first announced last week. DoejoCrypt was first noticed on…

SCMagazine

March 12, 2021 – Malware

Microsoft Exchange exploits now used by cryptomining malware Full Text

Abstract

The operators of Lemon_Duck, a cryptomining botnet that targets enterprise networks, are now using Microsoft Exchange ProxyLogon exploits in attacks against unpatched servers.

BleepingComputer

March 12, 2021 – Phishing

Google reCAPTCHA Abused in Multiple Phishing Campaigns Full Text

Abstract

Senior-level executives in the banking and IT sectors are being targeted for their Office 365 credentials in a phishing campaign that uses a fake Google reCAPTCHA system.

Cyware Alerts - Hacker News

March 12, 2021 – Vulnerabilities

NCSC: Install Latest Microsoft Exchange Server Updates Urgently Full Text

Abstract

Orgs advised to take steps to avoid compromise by increasing range of threat actors

Infosecurity Magazine

March 12, 2021 – Malware

Malspam campaign uses icon files to delivers NanoCore RAT Full Text

Abstract

Researchers at Trustwave spotted a new malspam campaign that is abusing icon files to trick victims into installing the NanoCore Trojan. Researchers at Trustwave have spoted a new malspam campaign that is abusing icon files to trick victims...

Security Affairs

March 12, 2021 – Hacker

Researchers hacked Indian govt sites via exposed git and env files Full Text

Abstract

Researchers have now disclosed more information on how they were able to breach multiple websites of the Indian government. The full findings disclosed today shed light on the routes leveraged by the researchers, including finding exposed .git directories and .env files on some of these systems.

BleepingComputer

March 12, 2021 – Business

XDR Firm Cynet Raises $40 Million Series C Funding Full Text

Abstract

Venture funding continues to flow this week, with extended detection and response (XDR) firm Cynet adding $40 million to its coffers via a Series C funding round led by Greenfield Partners.

Security Week

March 12, 2021 – Solution

Netflix Introduces Measures to Prevent Password Sharing Full Text

Abstract

Users can verify if they are able to access a particular account according to Netflix terms of service

Infosecurity Magazine

March 12, 2021 – Botnet

New ZHtrap botnet malware deploys honeypots to find more targets Full Text

Abstract

A new botnet is hunting down and transforming unpatched routers, DVRs, and UPnP network devices it takes over into honeypots that help it find other devices to infect.

BleepingComputer

March 12, 2021 – Privacy

Can private data be recovered from “sanitized” images? Full Text

Abstract

Researchers at the NYU Tandon School of Engineering found that PP-GAN designs can be subverted to pass privacy checks, while still allowing secret information to be extracted from sanitized images.

Help Net Security

March 12, 2021 – Business

SailPoint Appoints Heather Gantt-Evans as New CISO Full Text

Abstract

Gantt-Evans joins SailPoint from retail giant The Home Depot

Infosecurity Magazine

March 12, 2021 – Vulnerabilities

Serious Vulnerabilities Found in Schneider Electric Power Meters Full Text

Abstract

Industrial cybersecurity firm Claroty this week disclosed technical details for two potentially serious vulnerabilities affecting PowerLogic smart meters made by Schneider Electric.

Security Week

March 12, 2021 – Ransomware

Darkside 2.0 Ransomware Promises Fastest Ever Encryption Speeds Full Text

Abstract

Group releases new features including VoIP calls and VM targeting

Infosecurity Magazine

March 12, 2021 – Policy and Law

Encrypted Comms Firm Denies Police Cracked User Messages Full Text

Abstract

Europol had claimed police accessed hundreds of millions of chats

Infosecurity Magazine

March 12, 2021 – Ransomware

Molson Coors Suffers Suspected Ransomware Attack Full Text

Abstract

Trouble brewing for beverage giant

Infosecurity Magazine

March 12, 2021 – Education

“Hacker Games” Launched to Encourage Development of Secure Coding Skills Full Text

Abstract

Participants will face a series of hands-on challenges

Infosecurity Magazine

March 12, 2021 – Attack

University of Central Lancashire among three hit by cyber-attacks Full Text

Abstract

The University of the Highlands and Islands in Scotland and Queen's University in Belfast were also targeted. The National Cyber Security Centre has launched an investigation.

BBC

March 12, 2021 – Ransomware

Hackers Are Targeting Microsoft Exchange Servers With Ransomware Full Text

Abstract

It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up. According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry." "Microsoft observed a new family of human operated ransomware attack customers – detected as Ransom:Win32/DoejoCrypt.A," Microsoft researcher Phillip Misner tweeted . "Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers." In a joint advisory published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies warned that "adversaries could exploit these vulnerabili

The Hacker News

March 12, 2021 – Criminals

Cyber criminals targeting hospitals are ‘playing with lives’ and must be stopped, report warns Full Text

Abstract

Cyberattacks targeting healthcare are putting patients at unnecessary risk and more must be done to hold the cybercriminals involved to account, warns the CyberPeace Institute.

ZDNet

March 12, 2021 – Accident

OVH data center fire likely caused by faulty UPS power supply Full Text

Abstract

OVH founder and chairman Octave Klaba has provided a plausible explanation for the fire that burned down OVH data centers in Strasbourg, France.

BleepingComputer

March 11, 2021 – Vulnerabilities

Smart sex toys come with Bluetooth and remote hijacking weaknesses Full Text

Abstract

Today, researchers have exposed common weaknesses lurking in the latest smart sex toys that can be exploited by attackers. As more as more adult toy brands enter the market, and COVID-19 situation has led to a rapid increase in sex toy sales, researchers believe a discussion around the security of these devices is vital.

BleepingComputer

March 11, 2021 – Ransomware

Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits Full Text

Abstract

A new ransomware called 'DEARCRY' is targeting Microsoft Exchange servers, with one victim stating they were infected via the ProxyLogon vulnerabilities.

BleepingComputer

March 11, 2021 – Attack

New Browser Attack Allows Tracking Users Online With JavaScript Disabled Full Text

Abstract

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the researchers said. "This means script blockers cannot stop it. The attacks work even if you strip out all of the fun parts of the web browsing experience. This makes it very difficult to prevent without modifying deep parts of the operating system." In avoiding JavaScript, the side-channel attacks are also architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms, including Intel Core, AMD Ryzen, Samsung Exynos 2100, and Apple M1 CPUs — making it the first known side-channel attack on the iPhone maker's new ARM-based chipsets. The findings , which come from a group of academics from the Ben-Gurion U

The Hacker News

March 11, 2021 – Ransomware

New DEARCRY Ransomware is targeting Microsoft Exchange Servers Full Text

Abstract

A new ransomware called 'DEARCRY' is targeting Microsoft Exchange servers, with one victim stating they were infected via the ProxyLogon vulnerabilities.

BleepingComputer

March 11, 2021 – Vulnerabilities

Smart sex toys come with Bluetooth and remote access weaknesses Full Text

Abstract

BleepingComputer

March 11, 2021 – Accident

OVH Data Center Suffers a Terrible Fire that Affects Multiple Websites Full Text

Abstract

OVH is the largest hosting provider in Europe and the third-largest in the world. The cloud computing company provides virtual private servers,...

Cyber Security News

March 11, 2021 – General

Let’s Talk About an Emerging Trend in BEC Attacks Full Text

Abstract

Scammers have started targeting Wall Street investors to earn seven times more money than a normal BEC scam by using fake capital calls notices requesting payment for counterfeit investments.

Cyware Alerts - Hacker News

March 11, 2021 – General

Hillicon Valley: Lawmakers roll out bill to protect critical infrastructure after Florida water hack | Clyburn, Klobuchar push $94 billion fix to digital divide | Uber, Lyft to share information on drivers banned for ‘most serious’ safety incidents Full Text

Abstract

After an unsuccessful hack of a Florida water treatment facility, a bipartisan group of House lawmakers teamed up to introduce a cyber bill that aims to protect against cyberattacks. Meanwhile, Democrats reintroduced legislation in both chambers Thursday that would invest billions in expanding internet access. In Silicon Valley, leading rideshare companies Uber and Lyft announced a partnership to share information on banned drivers after mounting scrutiny over their handling of assault allegations.

The Hill

March 11, 2021 – Vulnerabilities

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks Full Text

Abstract

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. "CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack," the agencies said . "Adversaries may also sell access to compromised networks on the dark web." The attacks have primarily targeted local governments, academic institutions, non-governmental organizations, and business entities in various industry sectors, including agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceutical, which the agencies say are in line with previous activity conducted by Chinese cyber actors. Tens of thousands of entities, including the Eur

The Hacker News

March 11, 2021 – General

School Boss Resigns After Porn Found on Computer Full Text

Abstract

County schools superintendent quits after “questionable” images found on work computer

Infosecurity Magazine

March 11, 2021 – Vulnerabilities

Expert publishes PoC exploit code for Microsoft Exchange flaws Full Text

Abstract

This week a security researcher published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers chaining two of ProxyLogon flaws. On March 2nd, Microsoft has released emergency out-of-band security updates that address four...

Security Affairs

March 11, 2021 – Hacker

Threat actors bypassing shoddy patching, targeting network gateways Full Text

Abstract

Patch bypasses and network pivot vulnerabilities are becoming more common tools in the box of threat actors, according to new research.

SCMagazine

March 11, 2021 – Ransomware

Ransomware Attack Strikes Spain’s Employment Agency Full Text

Abstract

Reports say that the agency in charge of managing Spain’s unemployment benefits has been hit by the Ryuk ransomware.

Threatpost

March 11, 2021 – Attack

Molson Coors brewing operations disrupted by cyberattack Full Text

Abstract

The Molson Coors Beverage Company has suffered a cyberattack that is causing significant disruption to business operations.

BleepingComputer

March 11, 2021 – Vulnerabilities

Dependency Confusion Exploit Being Used to Create More Copycat Packages Full Text

Abstract

After the release of a proof-of-concept for a new dependency confusion vulnerability by a researcher, hundreds of bogus npm packages have popped up targeting Amazon, Zillow, Lyft, and Slack NodeJS apps.

Cyware Alerts - Hacker News

March 11, 2021 – Government

Lawmakers roll out bill to protect critical infrastructure after Florida water hack Full Text

Abstract

A group of bipartisan House lawmakers on Thursday introduced legislation intended to protect critical infrastructure from cyberattacks after an unsuccessful hack of a Florida water treatment facility.

The Hill

March 11, 2021 – Ransomware

Another 210,000 Americans Affected by Netgain Ransomware Attack Full Text

Abstract

Healthcare patients in Washington state impacted by cyber-attack on managed IT services provider

Infosecurity Magazine

March 11, 2021 – Hacker

Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws Full Text

Abstract

Norway parliament, the Storting, has suffered a new cyberattack, hackers stole data by exploiting recently disclosed Microsoft Exchange vulnerabilities. Norway 's parliament, the Storting, was hit by a new cyberattack, threat actors stole data exploiting...

Security Affairs

March 11, 2021 – General

“Accountability framework” proposed to promote secure health care practices Full Text

Abstract

The CyberPeace Institute’s methodology holds promise, but it must further differentiate itself and overcome enforcement challenges.

SCMagazine

March 11, 2021 – Malware

FIN8 Resurfaces with Revamped Backdoor Malware Full Text

Abstract

The financial cyber-gang is running limited attacks ahead of broader offensives on point-of-sale systems.

Threatpost

March 11, 2021 – Government

CISA: No federal civilian agency hacked in Exchange attacks, so far Full Text

Abstract

CISA officials said that, so far, there is no evidence of US federal civilian agencies compromised during ongoing attacks targeting Microsoft Exchange servers.

BleepingComputer

March 11, 2021 – Government

CISA Will Manage .Gov Domain in Effort to Enhance Security Full Text

Abstract

The CISA will take over the day-to-day management of the official .gov top-level domain in April, adding a greater emphasis on security for the domains used for government websites.

Gov Info Security

March 11, 2021 – Privacy

Trans Tracking Plugin Reported to Norwegian Authorities Full Text

Abstract

Browser add-on that flags social networks as transphobic or trans-friendly may violate GDPR

Infosecurity Magazine

March 11, 2021 – Outage

Trouble is brewing, as cyber incident takes down Molson Coors operations Full Text

Abstract

Molson Coors today reported that it has experienced a systems outage caused by a cybersecurity incident that has delayed and may continue to disrupt parts of the company’s business, including its brewery operations, production and shipments. While the buzz around the security industry was that the company experienced a ransomware attack, Molson Coors did not…

SCMagazine

March 11, 2021 – Vulnerabilities

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs Full Text

Abstract

The F5 flaws could affect the networking infrastructure for some of the largest tech and Fortune 500 companies – including Microsoft, Oracle and Facebook.

Threatpost

March 11, 2021 – Ransomware

Lazarus Group Using Mata Framework to Deliver TFlower Ransomware Full Text

Abstract

The Lazarus Group was spotted using the MATA framework, which it has been using since 2019, to deploy the TFlower ransomware. It has claimed a dozen victims so far.

Cyware Alerts - Hacker News

March 11, 2021 – Ransomware

Australia’s answer to thwarting ransomware is good cyber hygiene Full Text

Abstract

The advice was provided in Locked Out: Tackling Australia's ransomware threat, which is a 14-page document [PDF] prepared by the Cyber Security Industry Advisory Committee.

ZDNet

March 11, 2021 – Phishing

Phishing Campaign Lurking Behind Fake FINRA Audit Notifications Full Text

Abstract

The U.S. FINRA has warned brokerage firms and brokers against an ongoing phishing campaign impersonating the agency and sending fake compliance audit alerts to pilfer information.

Cyware Alerts - Hacker News

March 11, 2021 – Attack

There is Still More to SolarWinds Attack Full Text

Abstract

Microsoft and FireEye uncover three more malware strains associated with the suspected Russian perpetrators who breached the SolarWinds software between August and September 2020.

Cyware Alerts - Hacker News

March 11, 2021 – Vulnerabilities

PoC released for Microsoft Exchange ProxyLogon vulnerabilities Full Text

Abstract

A Vietnamese security researcher has published today the first functional public proof-of-concept exploit for a group of vulnerabilities in Microsoft Exchange servers known as ProxyLogon.

The Record

March 11, 2021 – Ransomware

How Related QNAPCrypt and SunCrypt Are? Full Text

Abstract

Considering the duplication and behavioral differences between the two groups, Intezer researchers argue that QNAPCrypt may have been transferred to the SunCrypt operator and upgraded.

Cyware Alerts - Hacker News

March 11, 2021 – Malware

Chinese state hackers target Linux systems with new malware Full Text

Abstract

Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems.

BleepingComputer

March 11, 2021 – Vulnerabilities

New Critical RCE Vulnerabilities in BIG-IP, BIG-IQ let Attacker Take Control of an Affected System Full Text

Abstract

F5 Networks has published a security advisory warning customers to patch a critical flaw in BIG-IP product that is very likely to...

Cyber Security News

March 11, 2021 – Solution

Free sigstore signing service confirms software origin and authenticity Full Text

Abstract

sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log.

Help Net Security

March 11, 2021 – General

Fixing the Weakest Link — The Passwords — in Cybersecurity Today Full Text

Abstract

Password security has long been an issue for businesses and their cybersecurity standards. Account passwords are often the weakest link in the overall security posture for many organizations. Many companies have used Microsoft's default password policies for decades. While these can be customized, businesses often accept the default values for their organization. The Windows default password policy is a good start, but are there security vulnerabilities associated with it? Let's look at the current recommendations from leading cybersecurity authorities and see how they measure up against the Windows default password policy. Windows default password policy settings Many, if not most, business environments today use Microsoft Active Directory as their identity and access management solution in the enterprise. Active Directory has served organizations in this capacity for decades. One of the built-in capabilities provided by Microsoft Active Directory Domain Services (ADDS)

The Hacker News

March 11, 2021 – Business

Sumo Logic Agrees Deal to Acquire DFLabs Full Text

Abstract

Deal will enable Sumo Logic to incorporate DFLabs’ SOAR software into its portfolio

Infosecurity Magazine

March 11, 2021 – APT

RedXOR, a new powerful Linux backdoor in Winnti APT arsenal Full Text

Abstract

Intezer experts have spotted a new strain of Linux backdoor dubbed RedXOR that is believed to be part of the arsenal of China-linked Winniti APT. Researchers from Intezer have discovered a new sophisticated backdoor, tracked as RedXOR, that targets...

Security Affairs

March 11, 2021 – Phishing

Attackers Leveraging a Fake Google reCAPTCHA System to Steal Office 365 Credentials Full Text

Abstract

The Zscaler threat research team has recently detected a new series of Microsoft-themed phishing attacks that are generally aimed at senior-level employees...

Cyber Security News

March 11, 2021 – General

Most decision makers plan to increase spending on cybersecurity this year Full Text

Abstract

The results from an NCC Group survey show that 40% of respondents froze recruitment in cyber, 29% made redundancies and one in five furloughed staff responsible for cyber resilience programs in 2020.

Help Net Security

March 11, 2021 – Business

Ajay Sabhlok Appointed Rubrik’s First Joint CIO and CDO Full Text

Abstract

Sabhlok will oversee IT, data and analytics strategies at cloud data management firm

Infosecurity Magazine

March 11, 2021 – Vulnerabilities

Cyber Espionage Campaigns Leverage Microsoft Exchange Flaws to Target Thousands of Organizations Full Text

Abstract

At least 10 different hacking groups are using recently discovered flaws in Microsoft Corp’s mail server software to break into targets around the world, ESET said in a blog post on Wednesday.

Reuters

March 11, 2021 – General

Third of Office Workers Warned After Sharing Data Via Unofficial Apps Full Text

Abstract

Veritas Technologies study warns of major shadow IT challenge

Infosecurity Magazine

March 11, 2021 – Vulnerabilities

Researchers Discover First Side-Channel Attack Against Apple M1 Chips Full Text

Abstract

The analysis focused on Prime+Probe, a cache side-channel attack method that can detect which cache sets are accessed by the target and uses that to infer potentially valuable information.

Security Week

March 11, 2021 – General

Record Number of Cyber-Incidents Hit US Schools in 2020 Full Text

Abstract

A total of 377 districts were affected, according to non-profit

Infosecurity Magazine

March 11, 2021 – Business

Intel partners with DARPA to perform in its DPRIVE program Full Text

Abstract

Intel announced that it has signed an agreement with Defense Advanced Research Projects Agency (DARPA) to perform in its Data Protection in Virtual Environments (DPRIVE) program.

Help Net Security

March 11, 2021 – Attack

Norwegian Parliament Hit by Second Cyberattack in Span of Six Months Full Text

Abstract

Hackers have infiltrated the Norwegian Parliament’s computer systems and extracted data, officials said on Wednesday, just six months after a previous cyber attack was made public.

Reuters

March 11, 2021 – Business

Cyber Insurance Provider Corvus Raises $100 Million Full Text

Abstract

Cyber insurance provider Corvus on Wednesday announced that it has raised $100 million in a Series C funding round. To date, the company has raised a total of $147 million.

Security Week

March 11, 2021 – Malware

Malware Operator Employs New Trick to Upload Its Dropper into Google Play Full Text

Abstract

Researchers at Check Point recently discovered that the operator of a mobile malware tool was employing a novel new method to sneak its malware into Google's official Android Play mobile app store.

Dark Reading

March 11, 2021 – General

Alert overload still plagues cybersecurity industry Full Text

Abstract

Alert overload still plagues the cybersecurity industry, according to Critical Start. 47% of respondents reported personally investigating 10 to 20 alerts each day, a 12% increase from 2019.

Help Net Security

March 11, 2021 – Criminals

FIN8 cybercrime group resurges with improved hacking tool Full Text

Abstract

A financially-motivated hacking group that appeared to drop off the map a year-and-a-half ago is back with a new and improved backdoor, according to Bitdefender research published Wednesday.

Cyberscoop

March 11, 2021 – Ransomware

Ransomware “Paralyzes” Spanish Employment Agency Full Text

Abstract

Attack locks down workstations and remote worker laptops

Infosecurity Magazine

March 11, 2021 – Ransomware

Spanish labor agency suffers ransomware attack, union says Full Text

Abstract

The attack affected IT systems at a Spanish government agency that manages unemployment benefits, disrupting “hundreds of thousands” of appointments at the agency, a Spanish labor union said Tuesday.

Cyberscoop

March 11, 2021 – Business

Cybersecurity Firm Snyk Reaches $4.7 Billion Valuation in Round Full Text

Abstract

The transaction included both primary and secondary offerings, with the company getting $175 million in new capital. That brings the total raised by Snyk, which was founded in 2015, to $470 million.

Yahoo! Finance

March 11, 2021 – Ransomware

Another French hospital hit by a ransomware attack Full Text

Abstract

A ransomware attack paralyzed the systems at the Oloron-Sainte-Marie hospital in southwest France. The ransomware gang is demanding the payment of a ransom of $50,000 worth of Bitcoin.

Security Affairs

March 11, 2021 – Vulnerabilities

F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ Full Text

Abstract

Security firm F5 announced the availability of patches for seven vulnerabilities in BIG-IP, four of which have been rated as "critical" severity. BIG-IP product family includes hardware, modularized software, and virtual appliances that...

Security Affairs

March 11, 2021 – Vulnerabilities

F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ Full Text

Abstract

Security Affairs

March 11, 2021 – Business

Cloud Security Firm Aqua Security Raises $135M To Add Clients Full Text

Abstract

The Ramat Gan, Israel-based cloud security startup said it needs to keep improving its product, acquiring additional customers, and educating the market about cloud-native security.

CRN

March 10, 2021 – Vulnerabilities

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP! Full Text

Abstract

Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even remote code execution on target networks. The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992), two of which were discovered and reported by Felix Wilhelm of Google Project Zero in December 2020. The four critical flaws affect BIG-IP versions 11.6 or 12.x and newer, with CVE-2021-22986 also affecting BIG-IQ versions 6.x and 7.x. F5 said it's not aware of any public exploitation of these issues. Successful exploitation of these vulnerabilities could lead to a full compromise of vulnerable systems, including the possibility of remote code execution as well as trigger a buffer overflow, leading to a DoS attack. Urging customers to update their BIG-IP and BIG-IQ deployments to a fixed version as soon as possible, F5 Networks

The Hacker News

March 10, 2021 – Privacy

Camera tricks: Privacy concerns raised after massive surveillance cam breach Full Text

Abstract

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada. Now experts are weighing in on the potential ramifications that can befall an organization if security footage is leaked or falls into the wrong hands.

SCMagazine

March 10, 2021 – Solution

Linux Foundation unveils Sigstore — a Let’s Encrypt for code signing Full Text

Abstract

The Linux Foundation, Red Hat, Google, and Purdue have unveiled the free 'sigstore' service that lets developers code-sign and verify open source software to prevent supply-chain attacks.

BleepingComputer

March 10, 2021 – Botnet

Cryptomining Botnet z0Miner Targeting ElasticSearch and Jenkins RCE Vulnerabilities Full Text

Abstract

A crypto mining botnet spotted in the previous year is currently targeting and attempting to take control of Jenkins and ElasticSearch servers...

Cyber Security News

March 10, 2021 – Business

Cloud cybersecurity startup Lumu raises a $7.5 million Series A Full Text

Abstract

Miami-based cybersecurity startup Lumu today announced the closing of its $7.5 million Series A. The round was co-led by SoftBank Group Corp.’s SB Opportunity Fund and Panoramic Ventures.

TechCrunch

March 10, 2021 – General

Hillicon Valley: House approves almost $2 billion in cyber, tech funds as part of relief package | Officials warn of ‘widespread’ exploit of Microsoft vulnerabilities | Facebook files to dismiss antitrust lawsuits Full Text

Abstract

Federal cybersecurity and information technology got a shot in the arm Wednesday with the inclusion of almost $2 billion in cyber funding in the COVID-19 relief bill that passed the House, but some officials say it's not enough. Meanwhile, the nation’s top cybersecurity official warned of ‘widespread’ exploitation by hackers of Microsoft Exchange Server vulnerabilities, and lawmakers introduced a range of measures on data privacy, election cybersecurity, and helping save the news industry.

The Hill

March 10, 2021 – Malware

Researchers Unveil New Linux Malware Linked to Chinese Hackers Full Text

Abstract

Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors. Dubbed " RedXOR " by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malware and those previously associated with the Winnti Umbrella (or Axiom) threat group such as PWNLNX, XOR.DDOS and Groundhog. RedXOR's name comes from the fact that it encodes its network data with a scheme based on XOR, and that it's compiled with a legacy GCC compiler on an old release of Red Hat Enterprise Linux, suggesting that the malware is deployed in targeted attacks against legacy Linux systems. Intezer said two samples of the malware were uploaded from Indonesia and Taiwan around Feb. 23-24, both countries that are known to be singled out by China-based threat groups. Aside from the overlaps in terms of the overall flow and functionalities and th

The Hacker News

March 10, 2021 – Attack

Superstar K-Pop Band’s TikTok Hacked Full Text

Abstract

Hacker compromises BTS’s TikTok account and uploads creepy music video

Infosecurity Magazine

March 10, 2021 – Policy and Law

EU Privacy Law and U.S. Surveillance: Solving the Problem of Transatlantic Data Transfers Full Text

Abstract

Most current approaches to resolving the EU-U.S. conflict fall short. It’s time for a hybrid approach.

Lawfare

March 10, 2021 – Government

How Biden’s Cyber Strategy Echoes Trump’s Full Text

Abstract

Comparing the Biden administration’s Interim National Security Strategic Guidance with Trump’s National Cyber Strategy.

Lawfare

March 10, 2021 – Hacker

White hat hackers gained access more than 150,000 surveillance cameras Full Text

Abstract

A group of hackers claimed to have compromised more than 150,000 surveillance cameras at banks, jails, schools, and prominent companies like Tesla and Equinox. A group of US hackers claimed to have gained access to footage from 150,000 security cameras...

Security Affairs

March 10, 2021 – Vulnerabilities

Microsoft IE zero-day exploited in wild, could provide unrestricted operating system access Full Text

Abstract

Security pros need to prioritize patching a memory corruption vulnerability flaw found in Internet Explorer 11 and 9, and Edge browsers.

SCMagazine

March 10, 2021 – Vulnerabilities

SAP Stomps Out Critical RCE Flaw in Manufacturing Software Full Text

Abstract

The remote code execution flaw could allow attackers to deploy malware, modify network configurations and view databases.

Threatpost

March 10, 2021 – Solution

Linux Foundation unveils Sigstore — a Let’s Encrypt for code signing Full Text

Abstract

The Linux Foundation, Red Hat, Google, and Purdue have unveiled the free 'sigstore' service that lets developers code-sign and verify open source software to prevent supply-chain attacks.

BleepingComputer

March 10, 2021 – Vulnerabilities

SAP Patches Critical Flaws in MII, NetWeaver Products Full Text

Abstract

SAP's March 2021 Security Patch Day updates include 9 new security notes, including two for critical vulnerabilities affecting the company's NetWeaver AS and MII products.

Security Week

March 10, 2021 – Government

Federal agencies warn Microsoft vulnerabilities pose ‘serious risk’ to government, private sector Full Text

Abstract

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday that recently uncovered vulnerabilities in a Microsoft email application pose a “serious risk” to federal agencies and the private sector, noting that thousands of groups were at risk of being targeted by hackers.

The Hill

March 10, 2021 – Policy and Law

Romance Fraudster Who Conned Jenifer Lewis Jailed Full Text

Abstract

US imprisons Santa Monica man who impersonated Navy SEAL to con women

Infosecurity Magazine

March 10, 2021 – Accident

OVH data centers suffered a fire, many popular sites are offline Full Text

Abstract

OVH, the largest hosting provider in Europe, has suffered a terrible fire that destroyed the data centers located in Strasbourg. OVH, one of the largest hosting providers in the world, has suffered a terrible fire that destroyed its data centers...

Security Affairs

March 10, 2021 – Vulnerabilities

For the second time in less than a year, F5 announces critical vulnerabilities in networking devices Full Text

Abstract

The disclosure comes less than a year after another remote code execution vulnerability in F5’s BIG-IP devices, leading some to question whether larger, more fundamental security culture failures exist at the company.

SCMagazine

March 10, 2021 – Ransomware

Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection Full Text

Abstract

A hybrid Monero cryptominer and ransomware bug has hit 20,000 machines in 60 days.

Threatpost

March 10, 2021 – Policy and Law

Europol ‘unlocks’ encrypted Sky ECC chat service to make arrests Full Text

Abstract

European law enforcement authorities have made a large number of arrests after a joint operation involving the monitoring of organized crime communication channels over the Sky ECC encrypted chat.

BleepingComputer

March 10, 2021 – Hacker

Malicious Actors Target Crypto Wallets of Coinbase Users in New… Full Text

Abstract

Cybercriminals are targeting Coinbase platform users with phishing campaings in an attempt to steal their account credentials and drain their cryptocurrency wallets, Bitdefender reported.

Bit Defender

March 10, 2021 – Government

House approves cyber funds in relief package as officials press for more Full Text

Abstract

The House on Wednesday allocated almost $2 billion toward cybersecurity and technology modernization as part of passing the American Rescue Plan, which officials described as a “down payment” on the funds needed to fully confront recent massive foreign cyberattacks.

The Hill

March 10, 2021 – General

American Companies Not Taking Cybersecurity Seriously Full Text

Abstract

51% of Americans say their companies could have done more to increase cybersecurity during the pandemic

Infosecurity Magazine

March 10, 2021 – Malware

New malware tied to China targets Linux endpoints and servers Full Text

Abstract

The malware, called RedXOR because it was compiled on Red Hat Enterprise Linux and uses a network data encoding scheme based on XOR, creates a backdoor in systems that gives an attacker near full control over infected machines.

SCMagazine

March 10, 2021 – Hacker

Cyberattackers Exploiting Critical WordPress Plugin Bug Full Text

Abstract

The security hole in the Plus Addons for Elementor plugin was used in active zero-day attacks prior to a patch being issued.

Threatpost

March 10, 2021 – Vulnerabilities

F5 urges customers to patch critical BIG-IP pre-auth RCE bug Full Text

Abstract

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most versions of BIG-IP and BIG-IQ software.

BleepingComputer

March 10, 2021 – Government

US cyber chief reports ‘widespread’ hacks after Microsoft app flaw Full Text

Abstract

The nation’s top cybersecurity official told lawmakers Wednesday that the federal government is seeing “widespread” hacking using recently uncovered vulnerabilities in a Microsoft email application, with researchers saying almost a dozen hacking groups have used the flaw to target a variety of organizations.

The Hill

March 10, 2021 – Hacker

SolarWinds Unlikely to Be an Isolated Event as Attackers Become More Sophisticated Full Text

Abstract

Pandemic has allowed malicious actors to industrialize

Infosecurity Magazine

March 10, 2021 – Vulnerabilities

10 groups now targeting Hafnium Microsoft Exchange vulnerabilities Full Text

Abstract

Security company ESET is now tracking 10 different threat groups or otherwise unique clusters of breaches that have used a chain of vulnerabilities Microsoft patched in Exchange Server last week.

SCMagazine

March 10, 2021 – Attack

Norway parliament data stolen in Microsoft Exchange attack Full Text

Abstract

Norway's parliament, the Storting, has suffered another cyberattack after threat actors stole data using the recently disclosed Microsoft Exchange vulnerabilities.

BleepingComputer

March 10, 2021 – Education

New research finds ‘record-breaking’ number of K-12 cyber incidents in 2020 Full Text

Abstract

A new report released Wednesday found that K-12 schools in the United States experienced a “record-breaking” number of cyber incidents during 2020 as classes moved online and hackers moved in on vulnerable targets in the midst of the COVID-19 pandemic.

The Hill

March 10, 2021 – Hacker

More hacking groups join Microsoft Exchange attack frenzy Full Text

Abstract

More state-sponsored hacking groups have joined the ongoing attacks targeting tens of thousands of on-premises Exchange servers impacted by severe vulnerabilities tracked as ProxyLogon.

BleepingComputer

March 10, 2021 – Breach

Massive Security Camera Breach – Hackers Accessed Security Cameras at Tesla, Cloudflare, Banks & More Full Text

Abstract

The group of hackers viewed live and archived surveillance footage from hundreds of businesses including Tesla, Equinox, healthcare clinics, jails, and banks...

Cyber Security News

March 10, 2021 – Vulnerabilities

GitHub Informs Users of ‘Potentially Serious’ Authentication Bug Full Text

Abstract

GitHub on Monday informed users that it had discovered what it described as an “extremely rare, but potentially serious” security bug related to how some authenticated sessions were handled.

Security Week

March 10, 2021 – Government

Senators introduce bill to fund election official cybersecurity training Full Text

Abstract

Senate Rules Committee Chairwoman Amy Klobuchar (D-Minn.) and Sen. Susan CollinsSusan Margaret CollinsSchumer moves to break GOP holds on Haaland Republicans put procedural delay on Haaland's nomination The Hill's Morning Report - Presented by the National Shooting Sports Foundation - CDC news on gatherings a step toward normality MORE (R-Maine) on Wednesday reintroduced legislation to designate funding to provide cybersecurity training to election officials.

The Hill

March 10, 2021 – APT

ESET: More Than 10 APT Groups Exploiting Recent Microsoft Exchange Vulnerabilities Full Text

Abstract

Security firm identifies more than 5000 email global servers affected

Infosecurity Magazine

March 10, 2021 – Breach

Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare Full Text

Abstract

Surveillance footage from companies such as Tesla as well as hospitals, prisons, police departments and schools was accessed in the hack.

Threatpost

March 10, 2021 – Solution

WhatsApp to password protect your chat backups on Cloud Full Text

Abstract

The chat database is already encrypted now (excluding media), but the algorithm is reversible and it's not end-to-end encrypted. Local Android backups will be compatible with this feature.

The Times Of India

March 10, 2021 – General

Up to $223b of the world’s top 100 brands’ value at risk from data breach: Study Full Text

Abstract

Infosys and Interbrand today revealed that the potential risk in brand value of a data breach to the world’s 100 most valuable brands could amount to as much as $223b, according to a new report.

The Times Of India

March 10, 2021 – Policy and Law

Lawmakers Urge FTC to Enforce Health Breach Notification Rule Full Text

Abstract

The FTC's Health Breach Notification Rule, which is part of the American Recovery and Reinvestment Act of 2009, addresses privacy issues related to personal health records, the lawmakers write.

Gov Info Security

March 10, 2021 – Ransomware

Ryuk ransomware hits 700 Spanish government labor agency offices Full Text

Abstract

The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain.

BleepingComputer

March 10, 2021 – Attack

Hackers Break Into Verkada Surveillance Cameras at Tesla, Hundreds of Businesses Full Text

Abstract

The hackers sought to draw attention to the pervasive monitoring of people after having found login information for Verkada’s administrative tools publicly online this week, a researcher said.

Reuters

March 10, 2021 – Attack

NHS Regulator Faces Surge in Email Attacks During Vaccine Rollout Full Text

Abstract

The CQC was targeted by nearly 60,000 malicious email attacks from December 2020 to February 2021

Infosecurity Magazine

March 10, 2021 – Ransomware

Why Does EternalBlue-Targeting WannaCry Remain at Large? Full Text

Abstract

Where were you on May 12, 2017? For many cybersecurity professionals, the answer is "trying to contain the fallout from WannaCry," the ransomware that on that day began hitting organizations globally.

Careers Info Security

March 10, 2021 – General

Most Threat Analysts Banned from Sharing Intel with Peers Full Text

Abstract

Closed attitudes could be harming cybercrime fight, says Kaspersky

Infosecurity Magazine

March 10, 2021 – Vulnerabilities

Flaws in Apple Location Tracking System Could Lead to User Identification Full Text

Abstract

Vulnerabilities identified in offline finding — Apple’s proprietary crowd-sourced location tracking system — could be abused for user identification, researchers said in a report released this month.

Security Week

March 10, 2021 – Breach

Exposed Password Gave Hackers Access to 150,000 Cameras Full Text

Abstract

Report suggests major security fail from a familiar source

Infosecurity Magazine

March 10, 2021 – Vulnerabilities

Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild Full Text

Abstract

With more than 30,000 installations, The Plus Addons for Elementor is a premium plugin that has been designed to add several widgets to be used with the popular WordPress website builder Elementor.

Security Week

March 10, 2021 – Vulnerabilities

Microsoft Expands Coverage of Exchange Server Patches Full Text

Abstract

Yet another zero-day also fixed in this month’s Patch Tuesday

Infosecurity Magazine

March 10, 2021 – Business

PayPal to acquire cryptocurrency security startup Curv Full Text

Abstract

PayPal has announced that it plans to acquire Curv, a cryptocurrency startup based in Tel Aviv, Israel. Curv is a cryptocurrency security company that helps you store your crypto assets securely.

TechCrunch

March 10, 2021 – Vulnerabilities

Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect Full Text

Abstract

Adobe has released fixes for critical security problems impacting Framemaker, Creative Cloud, and Connect. This includes one bug in Framemaker and three critical flaws in Adobe Creative Cloud

ZDNet

March 10, 2021 – Malware

There’s Something We Don’t Talk Enough About - Mobile Malware Full Text

Abstract

The Ewind adware family totaled 65% of all adware samples, with FakeAdBlocker and HiddenAd right at its heels. Almost 2 million Ewind.kp Android installer packages were hidden in legitimate apps.

Cyware Alerts - Hacker News

March 10, 2021 – Phishing

Scammers Scamming with Increased Spunk Full Text

Abstract

Cryptocurrency scammers have come under the limelight recently as it was found that they made off with at least $145,000 in the span of a week.

Cyware Alerts - Hacker News

March 10, 2021 – Malware

FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware Full Text

Abstract

Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies. One such group is FIN8 , a financially motivated threat actor that's back in action after a year-and-a-half hiatus with a powerful version of a backdoor with upgraded capabilities including screen capturing, proxy tunneling, credential theft, and fileless execution . First documented in 2016 by FireEye, FIN8 is known for its attacks against the retail, hospitality, and entertainment industries while making use of a wide array of techniques such as spear-phishing and malicious tools like PUNCHTRACK and BADHATCH to steal payment card data from point-of-sale (POS) systems. "The FIN8 group is known for taking long breaks to improve TTPs and increase their rate of success," Bitdefender researchers said in a report published

The Hacker News

March 10, 2021 – Vulnerabilities

A flaw in The Plus Addons for Elementor WordPress plugin allows sites takeover Full Text

Abstract

Researchers from the Wordfence team found a critical vulnerability in The Plus Addons for Elementor WordPress plugin that could be exploited to take over a website. Researchers at the Wordfence team of the security firm Defiant have spotted a critical...

Security Affairs

March 10, 2021 – Malware

ZLoader Malware Hidden in Encrypted Excel File Full Text

Abstract

The ZLoader payload is a multipurpose Trojan that often acts as a dropper that delivers Zeus-based malware in multistage ransomware attacks, such as Ryuk and Egregor, a Forcepoint X-Labs report notes.

Gov Info Security

March 10, 2021 – Business

McAfee sells enterprise biz to Symphony Technology Group for $4B Full Text

Abstract

Cybersecurity firm McAfee announced that it will be selling its enterprise business to a consortium led by the private equity firm Symphony Technology Group for $4 billion.

TechCrunch

March 10, 2021 – Vulnerabilities

Microsoft’s March Patch Tuesday fixes 14 Critical flaws Full Text

Abstract

Microsoft's March Patch Tuesday security updates address 89 vulnerabilities in its products, 14 are listed as Critical and 75 are listed as Important in severity. Microsoft's March Patch Tuesday security updates address 89 vulnerabilities in its products,...

Security Affairs

March 10, 2021 – Accident

OVH data center burns down knocking major sites offline Full Text

Abstract

In a major unprecedented incident, data centers for OVH located in Strasbourg, France have been destroyed by fire. Customers are being advised by the company to enact their disaster recovery plans after the fire has rendered multiple data centers unserviceable, impacting websites around the world.

BleepingComputer

March 10, 2021 – Vulnerabilities

Siemens Releases Several Advisories for Vulnerabilities in Third-Party Components Full Text

Abstract

Half of the new advisories cover flaws in third-party components. One of these advisories is related to AMNESIA:33, a collection of vulnerabilities discovered recently in open source TCP/IP stacks.

Security Week

March 09, 2021 – Vulnerabilities

Microsoft Issues Security Patches for 82 Flaws — IE 0-Day Under Active Attacks Full Text

Abstract

Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, and 75 are listed as Important in severity, out of which two of the bugs are described as publicly known, while five others have been reported as under active attack at the time of release. Among those five security issues are a clutch of vulnerabilities known as ProxyLogon (CVE-2021-26855, 2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access. But in the wake of Exchange servers coming under indiscriminate assault toward the end of February by multiple threat groups looking to exploit the vulnerabil

The Hacker News

March 9, 2021 – Ransomware

Ransomware, supply chain attacks compel health care organizations to act Full Text

Abstract

If ransomware and data exfiltration attacks that targeted hospitals and vaccine researchers during the pandemic signaled a cyber hygiene crisis in health care, the SolarWinds supply chain attack demonstrated just how deep the problem goes.

SCMagazine

March 09, 2021 – Vulnerabilities

iPhone Call Recorder bug gave acess to other people’s conversations Full Text

Abstract

An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers.

BleepingComputer

March 09, 2021 – General

Hillicon Valley: Twitter sues Texas AG, alleging retaliation for banning Trump | Biden reportedly taps top antitrust scholar for FTC | Biden appoints Clare Martorana as federal CIO Full Text

Abstract

Twitter on Monday targeted the Texas attorney general with a lawsuit revolving around the platform’s ban on former President TrumpDonald TrumpTrump vows 'No more money for RINOS,' instead encouraging donations to his PAC Federal judge rules 'QAnon shaman' too dangerous to be released from jail Pelosi says Capitol riot was one of the most difficult moments of her career MORE. Meanwhile, President BidenJoe BidenCNN: Bidens' dogs removed from the White House Federal judge rules 'QAnon shaman' too dangerous to be released from jail Pelosi says Capitol riot was one of the most difficult moments of her career MORE is reportedly set to nominate another official backed by progressives — antitrust scholar Lina Khan — to a key tech regulation position, and meanwhile took action and appointed a federal CIO on Tuesday. The Biden administration is also facing early challenges on the cybersecurity front from two major cyber espionage incidents.

The Hill

March 9, 2021 – Hacker

Chinese linked to two attacks on internet-facing SolarWinds server Full Text

Abstract

Researchers Monday suspected the Chinese espionage group Spiral of two intrusions in 2020 to a SolarWinds Orion server that were linked to each other but not to the infamous SolarWinds attack attributed to Russia.

SCMagazine

March 9, 2021 – Vulnerabilities

Apple’s Device Location-Tracking System Could Expose User Identities Full Text

Abstract

Researchers have identified two vulnerabilities in the company’s crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.

Threatpost

March 09, 2021 – Hacker

Hackers access surveillance cameras at Tesla, Cloudflare, banks, more Full Text

Abstract

Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah.

BleepingComputer

March 9, 2021 – Business

McAfee Sells its Enterprise Business to Symphony Technology Group in $4.0 Billion Deal Full Text

Abstract

McAfee Corp., the device-to-cloud cybersecurity company has disclosed it has entered into a definitive agreement to sell its Enterprise business to a...

Cyber Security News

March 9, 2021 – Vulnerabilities

Microsoft releases a patch for older versions of Exchange Full Text

Abstract

Microsoft has released security updates for unsupported versions of Exchange email servers following widespread attacks exploiting four newly discovered security vulnerabilities.

ZDNet

March 09, 2021 – Government

Biden appoints Clare Martorana as federal CIO Full Text

Abstract

The White House on Tuesday announced that President Biden had appointed Clare Martorana to serve as both the federal chief information officer and administrator of the Office of Management and Budget’s Office of Electronic Government.

The Hill

March 9, 2021 – Policy and Law

Arkansas Bill Addresses “Unfair” Social Media Censorship Full Text

Abstract

Social media sites could be liable for damages if content is removed for “dubious or pretextual” reasons

Infosecurity Magazine

March 9, 2021 – General

The Cyberlaw Podcast: A Lot of Cybersecurity Measures That Don’t Work, And A Few That Might Full Text

Abstract

We’re mostly back to our cybersecurity roots in this episode, for good reasons and bad. The worst of the bad reasons is a new set of zero-day vulnerabilities in Microsoft’s Exchange servers.

Lawfare

March 9, 2021 – Vulnerabilities

The Microsoft Exchange Hack and the Great Email Robbery Full Text

Abstract

The world is probably days away from a mass-exploitation of Microsoft Exchange servers—a hack that could have a far greater impact than the SolarWinds breach.

Lawfare

March 9, 2021 – Ransomware

Another French hospital hit by a ransomware attack Full Text

Abstract

A ransomware attack hit the Oloron-Sainte-Marie hospital in southwest France, it is the third such attack in the last month. A ransomware attack paralyzed the systems at the Oloron-Sainte-Marie hospital in southwest France. The incident took place...

Security Affairs

March 9, 2021 – Solution

Linux Foundation launches software signing service Full Text

Abstract

The sigstore project, a free-to-use software signing certificate authority available to all developers, opens with Google, Purdue University and Red Hat as founding members.

SCMagazine

March 9, 2021 – Malware

Google Play Harbors Malware-Laced Apps Delivering Spy Trojans Full Text

Abstract

A never-before-seen malware-dropper, Clast82, fetches the AlienBot and MRAT malware in a savvy Google Play campaign aimed at Android users.

Threatpost

March 09, 2021 – Phishing

US seizes more domains used in COVID-19 vaccine phishing attacks Full Text

Abstract

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development.

BleepingComputer

March 9, 2021 – Business

Sontiq Acquires Fintech Provider Breach Clarity Full Text

Abstract

As a result of the acquisition, Sontiq’s products – IdentityForce, Cyberscout, and EZShield – all built on its tech-enabled IIS Platform, will have the proprietary capability, BreachIQ.

Yahoo! Finance

March 9, 2021 – General

Vodafone Calls for New Cybersecurity Policies to Help SMEs Full Text

Abstract

Comms company asks UK government to slash VAT on cybersecurity products

Infosecurity Magazine

March 9, 2021 – Government

Was SolarWinds a Different Type of Cyber Espionage? Full Text

Abstract

There is a gap between how administration officials are framing the nature of the SolarWinds incident and what the available evidence indicates about it.

Lawfare

March 9, 2021 – Vulnerabilities

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions Full Text

Abstract

Microsoft released ProxyLogon security updates for Microsoft Exchange servers running vulnerable unsupported Cumulative Update versions. On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day...

Security Affairs

March 9, 2021 – Vulnerabilities

Microsoft releases Hafnium patch for defunct edition of Exchange Full Text

Abstract

In a rare move for a vendor, Microsoft is now offering the same patch for its no-longer-supported Exchange Server 2010 that it introduced last week for all newer editions.

SCMagazine

March 9, 2021 – Vulnerabilities

Apple Plugs Severe WebKit Remote Code-Execution Hole Full Text

Abstract

Apple pushed out security updates for a memory-corruption bug to devices running on iOS, macOS, watchOS and for Safari.

Threatpost

March 09, 2021 – Vulnerabilities

Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days Full Text

Abstract

Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today.

BleepingComputer

March 9, 2021 – Attack

EU Banking Regulator Hit by Microsoft Email Hack Full Text

Abstract

The EBA had said in a statement on Sunday that it had taken its email systems offline as a precaution, noting that access to personal data held on servers "may have been obtained by the attacker".

Security Week

March 9, 2021 – Business

Breach Clarity Acquired by Sontiq Full Text

Abstract

Intelligent identity security company Sontiq acquires fintech provider Breach Clarity

Infosecurity Magazine

March 9, 2021 – Vulnerabilities

Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari Full Text

Abstract

Apple released out-of-band patches to address a remote code execution, tracked as CVE-2021-1844, that affect iOS, macOS, watchOS, and Safari web browser. Apple has released out-of-band security patches to address a critical iOS, macOS, watchOS, and Safari...

Security Affairs

March 09, 2021 – General

Microsoft shares detection, mitigation advice for Azure LoLBins Full Text

Abstract

Azure LoLBins can be used by attackers to bypass network defenses, deploy cryptominers, elevate privileges, and disable real-time protection on a targeted device.

BleepingComputer

March 9, 2021 – Business

Privacera Raises $50M To Help Companies Control Their Data Full Text

Abstract

Data governance and security provider Privacera closed a $50 million Series B as it looks to build on momentum from last year with concerns about data and privacy only growing.

CrunchBase News

March 9, 2021 – Breach

West Ham Supporters’ Personal Details Leaked on Club Website Full Text

Abstract

Personal details of supporters of the Premier League side leaked on the official club site

Infosecurity Magazine

March 09, 2021 – Vulnerabilities

Adobe fixes critical Creative Cloud, Adobe Connect vulnerabilities Full Text

Abstract

Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect.

BleepingComputer

March 9, 2021 – General

Protection and Privacy Pivotal to the UK’s National Data Strategy Full Text

Abstract

Safeguards need to be established in the National Data Strategy

Infosecurity Magazine

March 09, 2021 – Botnet

z0Miner botnet hunts for unpatched ElasticSearch, Jenkins servers Full Text

Abstract

A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency.

BleepingComputer

March 09, 2021 – Ransomware

GandCrab ransomware affiliate arrested for phishing attacks Full Text

Abstract

A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims.

BleepingComputer

March 09, 2021 – Hacker

Security bug hunters focus on misconfigured services, earn big rewards Full Text

Abstract

An overview of the hacking activity on the HackerOne vulnerability coordination and bug bounty platform shows that misconfiguration of cloud resources is quickly becoming a hot target for ethical hackers.

BleepingComputer

March 09, 2021 – Vulnerabilities

Microsoft releases ProxyLogon updates for unsupported Exchange Servers Full Text

Abstract

Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks.

BleepingComputer

March 9, 2021 – Malware

Ursnif Trojan Terrorizes Banks Full Text

Abstract

Avast has found at least 100 banks in Italy being targeted by the Ursnif banking trojan. Researchers also found over 1,700 stolen credentials linked to a single payment processor.

Cyware Alerts - Hacker News

March 09, 2021 – Government

Russia: Reported US plans for cyber strike ‘alarming’ Full Text

Abstract

Russia on Tuesday expressed concerns over reported plans by the Biden administration to wage a series of retaliatory actions in response to large-sale hacking of U.S. government agencies.

The Hill

March 09, 2021 – Malware

9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware Full Text

Abstract

Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. "This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the evaluation period successfully, and changes the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT," Check Point researchers Aviran Hazum, Bohdan Melnykov, and Israel Wernik said in a write-up published today. The apps that were used for the campaign include Cake VPN, Pacific VPN, eVPN, BeatPlayer, QR/Barcode Scanner MAX, Music Player, tooltipnatorlibrary, and QRecorder. After the findings were reported to Google on January 28, the rogue apps were removed from the Play Store on February 9. Malware authors have resorted to a variety o

The Hacker News

March 9, 2021 – Vulnerabilities

Huge Rise in Hackers Submitting Vulnerabilities During #COVID19 Full Text

Abstract

HackerOne reports a 63% rise in hackers submitting vulnerabilities in 2020

Infosecurity Magazine

March 9, 2021 – Business

SolarWinds spurs investment in threat hunting, supplier vetting Full Text

Abstract

Organizations that boosted security budgets in response to the SolarWinds hack invested the most in threat hunting, according to a new survey.

SCMagazine

March 09, 2021 – Vulnerabilities

GitHub fixes bug causing users to log into other accounts Full Text

Abstract

Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party.

BleepingComputer

March 9, 2021 – Malware

Supernova Malware Analysis Links Chinese Threat Group Spiral to SolarWinds Server Hacks Full Text

Abstract

According to researchers, the CVE-2020-10148 authentication bypass vulnerability, which leads to the remote execution of API commands, in the SolarWinds Orion API has been exploited by Spiral.

ZDNet

March 09, 2021 – Government

Biden challenged by early cyber threats Full Text

Abstract

The Biden administration is grappling with two major cyber incidents in its first 50 days in office, underscoring the challenge the new White House faces from foreign actors.

The Hill

March 09, 2021 – General

Cybersecurity Webinar — SolarWinds Sunburst: The Big Picture Full Text

Abstract

The SolarWinds Sunburst attack has been in the headlines since it was first discovered in December 2020. As the so-called layers of the onion are peeled back, additional information regarding how the vulnerability was exploited, who was behind the attack, who is to blame for the attack, and the long-term ramifications of this type of supply chain vulnerabilities continue to be actively discussed. Cybersecurity company Cynet is taking a needed step back to provide a full picture of the SolarWinds attack from start to finish in an upcoming webinar, " Lessons Learned from the SolarWinds SUNBURST Attack ." Information regarding many aspects of the attack has been coming out in pieces, but we haven't yet seen this type of comprehensive overview of the technical steps behind the full attack, as well as clear recommendations for protecting against similar future attacks. And this is precisely what's needed so security professionals can gain insights on the attack tact

The Hacker News

March 9, 2021 – Business

Veriff Appoints Duncan Steblyna as New VP of Product Full Text

Abstract

Steblyna will lead the product team at identity verification firm

Infosecurity Magazine

March 9, 2021 – Phishing

Emails and Mobile Phones Become Top Phishing Tools Full Text

Abstract

In the case of email-based phishing methods, scammers are taking their game up a notch as they open avenues for targeted attacks, BEC attacks, and ransomware, among other infections.

Cyware Alerts - Hacker News

March 9, 2021 – Malware

10 Google Play Apps Found Containing Banking Malware Full Text

Abstract

Malicious dropper also loaded RAT onto victim devices

Infosecurity Magazine

March 9, 2021 – Attack

Supply Chain Attack Trends Involving Apps and Extensions Full Text

Abstract

The recent barcode scanner supply chain attack—buying the software, along with their source code and pushing the malformed version—is a new technique that will likely grow in popularity among cybercriminals.

Cyware Alerts - Hacker News

March 9, 2021 – Encryption

DARPA Ramps-Up FHE Encryption Project with Intel Full Text

Abstract

Research teams will try to make FHE calculations as fast as plaintext

Infosecurity Magazine

March 9, 2021 – Malware

FluBot Android Malware Impersonates FedEx, DHL, Correos, Chrome Apps to Steal User Data Full Text

Abstract

FluBot infects Android devices by appearing as FedEx, DHL, Correos, and Chrome apps and forces users to change Accessibility settings so that it could maintain persistence on the device.

Hackread

March 9, 2021 – Phishing

Malformed URL Phishing Grabs the Spotlight Full Text

Abstract

First detected in October 2020, the tactic began gaining momentum through the end of the year. Between January and February, the volume of phishing attacks using malformed URL prefixes increased dramatically.

Cyware Alerts - Hacker News

March 9, 2021 – Vulnerabilities

UnityMiner Exploits Unpatched QNAP NAS Devices in Cryptocurrency Mining Campaign Full Text

Abstract

Threat actors are exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & CVE-2020-2507, in the Helpdesk app which were fixed by the vendor in October 2020.

Security Affairs

March 09, 2021 – Vulnerabilities

GitHub bug caused users to login to other user accounts Full Text

Abstract

BleepingComputer

March 9, 2021 – Attack

University of the Highlands and Islands shuts down campuses as it deals with ‘ongoing cyber incident’ Full Text

Abstract

The institution, which spans 13 locations across the northernmost part of the UK, warned that "most services" – including its Brightspace virtual learning environment – were affected.

The Register

March 09, 2021 – Hacker

SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers Full Text

Abstract

A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. In a report published by Secureworks on Monday, the cybersecurity firm attributed the intrusions to a threat actor it calls Spiral. Back on December 22, 2020, Microsoft disclosed that a second espionage group may have been abusing the IT infrastructure provider's Orion software to drop a persistent backdoor called Supernova on target systems. The findings were also corroborated by cybersecurity firms Palo Alto Networks' Unit 42 threat intelligence team and GuidePoint Security , both of whom described Supernova as a .NET web shell implemented by modifying an "app_web_logoimagehandler.ashx.b6031896.dll" module of the SolarWinds Orion application. The alterations were made possible not by breaching the SolarWinds app update infrastructure but instead b

The Hacker News

March 9, 2021 – Phishing

NCSC: Don’t Fall for Mother’s Day Scams This Week Full Text

Abstract

Security agency urges users to be Cyber Aware

Infosecurity Magazine

March 9, 2021 – Malware

SUPERNOVA backdoor that emerged after SolarWinds hack is likely linked to Chinese actors Full Text

Abstract

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks Supernova malware spotted on compromised SolarWinds Orion installs exposed on the Internets is likely linked to a China-linked espionage group. Researchers at Secureworks'...

Security Affairs

March 9, 2021 – Attack

The launch of Williams new FW43B car ruined by hackers Full Text

Abstract

The Williams team presented its new Formula One car on Friday, but hackers partially ruined the launch by hacking an “augmented reality” app that was designed to show the new vehicle.

Security Affairs

March 09, 2021 – Breach

Microsoft Exchange Hackers Also Breached European Banking Authority Full Text

Abstract

The European Banking Authority (EBA) on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure. "As the vulnerability is related to the EBA's email servers, access to personal data through emails held on that servers may have been obtained by the attacker," the Paris-based regulatory agency said . EBA said it's launched a full investigation into the incident in partnership with its information and communication technology (ICT) provider, a team of forensic experts, and other relevant entities. In a second update issued on Monday, the agency said it had secured its email infrastructure and that it found no evidence of data extraction, adding it has "no indication to think that the breach has gone beyond our email servers." Besides deploying extra security measures, EBA also noted it's closely monitoring the situation after restor

The Hacker News

March 9, 2021 – Solution

Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs Full Text

Abstract

Administrators could use MSERT to make a full scan of the install or they can perform a ‘Customized scan’ of the paths where malicious files from the threat actor have been observed.

Security Affairs

March 9, 2021 – Privacy

Apple Find My Devices Could Expose User Location Histories Full Text

Abstract

Recently, cybersecurity analysts have detected two discrete flaws in Apple's crowdsourced Bluetooth location tracking system or Find My feature.

Cyber Security News

March 08, 2021 – General

Hillicon Valley: Democrats push Facebook to ‘take responsibility’ for placement of gun accessory ads | Lawmakers introduce bill allowing Americans to take foreign hackers to court | Malala Yousafzai signs content deal with Apple Full Text

Abstract

The Democratic members of a key House committee on Monday pushed for transparency from Facebook on placements of gun accessory advertisements in the wake of the Jan. 6 Capitol riot. A group of bipartisan lawmakers rolled out legislation to allow Americans to hold foreign hackers accountable in court. And a major women’s rights activist signed a deal with Apple TV on International Women’s Day.

The Hill

March 8, 2021 – Vulnerabilities

Google Chrome users take at least one month to update, as zero-days lurk Full Text

Abstract

And starting January 2020, Microsoft’s Edge browser became based on Chromium. Developing an exploit for Chrome now gives the attackers a much larger attack surface to go after.

SCMagazine

March 8, 2021 – Attack

How auto-scanning and scripting helped Exchange attackers rack up victims Full Text

Abstract

The lesson here: malicious actors continue to leverage the combination of automated scanners and scripts to strategically rack up high victim counts, especially when they sense time to inflict damage before patching is running out.

SCMagazine

March 08, 2021 – Ransomware

New Sarbloh ransomware supports Indian farmers’ protest Full Text

Abstract

A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers.

BleepingComputer

March 08, 2021 – Policy and Law

Lawmakers introduce legislation to allow Americans to take foreign hackers to court Full Text

Abstract

A group of bipartisan House lawmakers on Monday introduced legislation that would allow Americans to hold foreign governments and their employees accountable in court for malicious cyber activity.

The Hill

March 8, 2021 – Policy and Law

Virginia Passes New Data Protection Law Full Text

Abstract

Virginia Consumer Data Protection Act signed into law

Infosecurity Magazine

March 8, 2021 – Government

How Europe’s Intelligence Services Aim to Avoid the EU’s Highest Court—and What It Means for the United States Full Text

Abstract

The United States now finds itself forced to consider changes to its foreign surveillance law and practices in order to reestablish a stable basis for transatlantic transfers of personal data.

Lawfare

March 8, 2021 – General

Call for Papers: Cybersecurity Law and Policy Scholars Conference 2021 Full Text

Abstract

The first annual Cybersecurity Law and Policy Scholars Conference (CLPSC) will take place at the University of Minnesota Law School on Oct. 1-2, 2021. The conference plans to accommodate both in-person and virtual participation, subject to evolving social-distancing guidelines.

Lawfare

March 8, 2021 – Vulnerabilities

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign Full Text

Abstract

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage...

Security Affairs

March 8, 2021 – Attack

As Hafnium timeline crystalizes, signs of new Microsoft Exchange Server attacks emerge Full Text

Abstract

A surge of breaches against Microsoft Exchange Server appear to have rolled out in phases, with signs also pointing to other hackers using the same vulnerabilities after Microsoft announced a patch.

SCMagazine

March 08, 2021 – Malware

Hackers hiding Supernova malware in SolarWinds Orion linked to China Full Text

Abstract

Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China.

BleepingComputer

March 8, 2021 – Hacker

Hackers Target Texas University Full Text

Abstract

Malicious intrusion causes network outage at the University of Texas at El Paso

Infosecurity Magazine

March 8, 2021 – Privacy

‘Businesses want clarity’: Dissecting the web of influence on privacy regulations Full Text

Abstract

Omer Tene, vice president and chief knowledge officer at the International Association of Privacy Professionals, sheds some light on the state of play for privacy legislation under the Biden administration.

SCMagazine

March 08, 2021 – Vulnerabilities

Google Chrome to block port 554 to stop NAT Slipstreaming attacks Full Text

Abstract

Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability.

BleepingComputer

March 8, 2021 – Business

TiG Acquires ThirdSpace Full Text

Abstract

TiG acquires award-winning company specializing in identity and security

Infosecurity Magazine

March 08, 2021 – Attack

European Banking Authority discloses Exchange server hack Full Text

Abstract

The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide.

BleepingComputer

March 8, 2021 – Business

McAfee Agrees Deal to Sell Enterprise Business for $4bn Full Text

Abstract

The transaction is expected to be completed by the end of 2021

Infosecurity Magazine

March 08, 2021 – Breach

Flagstar Bank hit by data breach exposing customer, employee data Full Text

Abstract

US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January.

BleepingComputer

March 8, 2021 – Vulnerabilities

Truecaller’s Guardians App was leaking live location details, issue fixed Full Text

Abstract

Caller identification company Truecaller’s ‘Guardians’ application launched last week that lets users share their live location with selected guardians on their phone book had a major vulnerability.

The Times Of India

March 08, 2021 – Hacker

Iranian Hackers Using Remote Utilities Software to Spy On Its Targets Full Text

Abstract

Hackers with suspected ties to Iran are actively targeting academia, government agencies, and tourism entities in the Middle East and neighboring regions as part of an espionage campaign aimed at data theft. Dubbed "Earth Vetala" by Trend Micro, the latest finding expands on previous research published by Anomali last month, which found evidence of malicious activity aimed at UAE and Kuwait government agencies by exploiting ScreenConnect remote management tool. The cybersecurity firm linked the ongoing attacks with moderate confidence to a threat actor widely tracked as MuddyWater , an Iranian hacker group known for its offensives primarily against Middle Eastern nations. Earth Vetala is said to have leveraged spear-phishing emails containing embedded links to a popular file-sharing service called Onehub to distribute malware that ranged from password dumping utilities to custom backdoors, before initiating communications with a command-and-control (C2) server to exe

The Hacker News

March 8, 2021 – Policy and Law

McAfee Faces Decades Behind Bars After Fraud Indictment Full Text

Abstract

AV pioneer accused of pump-and-dump and ICO scams

Infosecurity Magazine

March 8, 2021 – Hacker

Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA Full Text

Abstract

The European Banking Authority (EBA) disclosed a cyberattack that resulted in the hack of its Microsoft Exchange email system. The European Banking Authority announced that it was the victim of a cyber attack against its email system that exploited...

Security Affairs

March 8, 2021 – Encryption

Intel, DoD start sprint to make homomorphic encryption ready for real Full Text

Abstract

If successful, it could thwart the hurdle that keeps the pervasive privacy and security technology out of general use.

SCMagazine

March 08, 2021 – Government

CISA takes over .GOV top-level domain (TLD) administration Full Text

Abstract

The US Cybersecurity and Infrastructure Security Agency (CISA) is taking over the administration of the.gov top-level domain (TLD) as its new policy and management authority.

BleepingComputer

March 8, 2021 – Attack

Multiple Airlines Affected Following SITA Cyberattack Full Text

Abstract

After SITA issued a statement confirming it had been the subject of a cyberattack, more airlines confirmed they have been directly affected. It appears the SITA breach affected all carrier members of Star Alliance and the One World alliance.

Heimdal Security

March 08, 2021 – Malware

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks Full Text

Abstract

A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "on-chip, cross-core" side-channel in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at Urbana-Champaign, the findings are expected to be presented at the USENIX Security Symposium coming this August. While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs (e.g., Meltdown and Spectre), the new attack leverages a contention on the ring interconnect. SoC Ring interconnect is an on-die bus arranged in a ring topology which enables intra-process communication between different components (aka agents) such as the cores, the last level cache (LLC), the graphics unit, and the system agent that are housed inside the CPU. Eac

The Hacker News

March 8, 2021 – Policy and Law

FTC Busts $110m Charity Fraud Operation Full Text

Abstract

Illegal calls harassed 67 million consumers

Infosecurity Magazine

March 8, 2021 – Vulnerabilities

Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs Full Text

Abstract

Microsoft updated its Microsoft Safety Scanner (MSERT) tool to detect web shells employed in the recent Exchange Server attacks. Early this month, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855,...

Security Affairs

March 08, 2021 – Attack

Unpatched QNAP devices are being hacked to mine cryptocurrency Full Text

Abstract

Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency.

BleepingComputer

March 8, 2021 – Malware

SolarWinds just keeps getting worse: New strain of malware found infecting victims Full Text

Abstract

The malware strain, identified as SUNSHUTTLE by boffins at security shop FireEye, is a backdoor attack written in Go which uses HTTPS to communicate with a command-and-control server for data exfiltration, adding new code as needed.

The Register

March 08, 2021 – Attack

Microsoft Exchange Cyber Attack — What Do We Know So Far? Full Text

Abstract

Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company said "it continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond HAFNIUM," signaling an escalation that the breaches are no longer "limited and targeted" as was previously deemed. According to independent cybersecurity journalist Brian Krebs , at least 30,000 entities across the U.S. — mainly small businesses, towns, cities, and local governments — have been compromised by an "unusually aggressive" Chinese group that has set its sights on stealing emails from victim organizations by exploiting previously undisclosed flaws in Exchange Server. Victims are also being reported from outside the U.S., with email sy

The Hacker News

March 8, 2021 – General

#IWD2021: Pandemic Fails to Shatter Glass Ceiling for Women in Cyber Full Text

Abstract

Job security improves but few are making it to senior positions

Infosecurity Magazine

March 8, 2021 – Breach

Flagstar Bank customer data breached through Accellion hack Full Text

Abstract

While now discontinued and supplanted by other software such as Kiteworks, a zero-day vulnerability in the legacy software was found in December and has since been exploited by attackers in the wild.

ZDNet

March 8, 2021 – Attack

Czech officials in Prague ‘hit by massive cyber attack’ Full Text

Abstract

Czech officials in Prague have been hit by a large-scale cyberattack, according to the city's mayor. An immediate outage was made on the email system to maintain security.

Euronews

March 8, 2021 – Ransomware

Number of ransomware attacks grew by more than 150% Full Text

Abstract

COVID-19 made many organizations, distracted with mitigating the fallout from the pandemic, vulnerable to cyber threats. Ransomware turned out to be the one that capitalized on the crisis most.

Help Net Security

March 8, 2021 – APT

Russia-linked APT Groups Exploited Lithuanian Infrastructure to Launch Attacks Full Text

Abstract

APT29 state-sponsored hackers also exploited Lithuania’s information technology infrastructure to carry out attacks against “foreign entities developing a COVID-19 vaccine.”

Security Affairs

March 8, 2021 – Phishing

Phishing Attack Uses Fake Google reCAPTCHA Full Text

Abstract

The campaign begins with phishing emails that appear to come from a unified communications system used for streamlining corporate communication. This email contains a malicious email attachment.

Info Risk Today

March 8, 2021 – Malware

Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds Full Text

Abstract

This was tested on Intel Coffee Lake and Skylake CPUs, client-class CPUs, and should work on server CPUs like Xeon Broadwell. It's unknown whether more recent Intel server chips are susceptible.

The Register

March 8, 2021 – Government

U.S. DOJ warns of fake unemployment benefit websites stealing data Full Text

Abstract

According to a press release issued on March 5, the department said that it received reports that there were certain bad actors who were creating fake websites which copied the websites of SWAs.

Hackread

March 8, 2021 – Hacker

The launch of Williams new FW43B car ruined by hackers Full Text

Abstract

The presentation of Williams's new Formula One car was ruined by hackers that forced the team to abandon the launch through an augmented reality app. The Williams team presented its new Formula One car on Friday, but hackers partially ruined the launch...

Security Affairs

March 8, 2021 – Attack

Microsoft Attack Blamed On China Morphs Into Global Crisis Full Text

Abstract

A sophisticated attack on Microsoft Corp.’s widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before companies can secure their computer systems.

Yahoo! Finance

March 7, 2021 – Hacker

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange Full Text

Abstract

Thousands of organizations may have been victims of cyberattacks on Microsoft Exchange servers conducted by China-linked threat actors since January. At least tens of thousands of Microsoft customers may have been hacked by allegedly China-linked...

Security Affairs

March 07, 2021 – Vulnerabilities

Microsoft’s MSERT tool now finds web shells from Exchange Server attacks Full Text

Abstract

Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks.

BleepingComputer

March 07, 2021 – Vulnerabilities

Microsoft’s MSERT tool now finds web shells from Exchange Server attacks Full Text

Abstract

Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks.

BleepingComputer

March 07, 2021 – Solution

Microsoft Office 365 gets protection against malicious XLM macros Full Text

Abstract

Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365's integration with Antimalware Scan Interface (AMSI) to include Excel 4.0 (XLM) macro scanning.

BleepingComputer

March 7, 2021 – APT

Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks Full Text

Abstract

Russia-linked APT groups leveraged the Lithuanian nation’s technology infrastructure to launch cyber-attacks against targets worldwide. The annual national security threat assessment report released by Lithuania’s State Security Department states...

Security Affairs

March 7, 2021 – Government

Microsoft Server Flaws Raise Alarms at White House, DHS Full Text

Abstract

Newly discovered flaws in Microsoft Corp.’s software for email and contacts has raised concerns at the highest levels of the U.S. government, which is urging users to immediately apply patches.

BNN Bloomberg

March 7, 2021 – General

Security Affairs newsletter Round 304 Full Text

Abstract

Security Affairs

March 7, 2021 – Breach

Hackers breach thousands of Microsoft customers around the world Full Text

Abstract

Livemint

March 7, 2021 – Ransomware

REvil Ransomware gang uses DDoS attacks and voice calls to make pressure on the victims Full Text

Abstract

The REvil ransomware operators are using DDoS attacks and voice calls to journalists and victim's business partners to force victims to pay the ransom. The REvil/Sodinokibi ransomware operators announced that they are using DDoS attacks and voice...

Security Affairs

March 6, 2021 – Denial Of Service

Multiple Cisco products exposed to DoS attack due to a Snort issue Full Text

Abstract

Cisco announced that a vulnerability in the Snort detection engine exposes several of its products to denial-of-service (DoS) attacks. Cisco announced this week that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability...

Security Affairs

March 6, 2021 – Government

Government briefed on breach of at least 30,000 Microsoft Exchange Servers Full Text

Abstract

The latest details confirm a trend SC Media reported earlier in the week, that security investigators were finding substantially more instances of breached Microsoft Exchange servers than Microsoft’s original report of “limited and targeted” attacks may have let on.

SCMagazine

March 06, 202 – Vulnerabilities
1

This new Microsoft tool checks Exchange Servers for ProxyLogon hacks Full Text

Abstract

Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server.

BleepingComputer

March 6, 2021 – Breach

Hackers breached four prominent underground cybercrime forums Full Text

Abstract

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. Unknown...

Security Affairs

March 06, 2021 – Ransomware

Ransomware gang plans to call victim’s business partners about attacks Full Text

Abstract

The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments.

BleepingComputer

March 6, 2021 – Vulnerabilities

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws Full Text

Abstract

After the disclosure of Microsoft Exchange zero-days, MS Exchange Server team has released a script to determine if an install is vulnerable. This week Microsoft has released emergency out-of-band security updates that address four...

Security Affairs

March 06, 2021 – Vulnerabilities

Samsung fixes critical Android bugs in March 2021 updates Full Text

Abstract

This week Samsung has started rolling out Android's March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs.

BleepingComputer

March 6, 2021 – Vulnerabilities

VMware Fixes Critical RCE Vulnerability with View Planner Full Text

Abstract

Recently, in View Planner, it's a benchmarking desktop client that is available for free, VMware has inscribed a critical unauthenticated RCE vulnerability,...

Cyber Security News

March 5, 2021 – Business

Public companies may not grasp responsibility to investors in sharing info on cyber risk Full Text

Abstract

Public companies “should be explaining to investors the specific risks they face from cybersecurity threats, not vague jargon.

SCMagazine

March 5, 2021 – Ransomware

‘Educational’ ransomware program may instead become a how-to guide for attackers Full Text

Abstract

The program is designed to be an educational tool for testing anti-virus protections; however, it’s possible that cybercriminals could adopt and modify the code in order to launch their own attacks.

SCMagazine

March 05, 2021 – Ransomware

The Week in Ransomware - March 5th 2021 - Targeting service providers Full Text

Abstract

This week we have seen ransomware attacks targeting online service providers and MSPs to not only encrypt the victim but also cause significant outages for their customers.

BleepingComputer

March 5, 2021 – Breach

Millions of travelers of several airlines impacted by SITA data breach Full Text

Abstract

SITA, a multinational IT company that provides services to the air transport industry was the victim of cyberattack that impacted multiple airlines. SITA is a multinational information technology company providing IT and telecommunication...

Security Affairs

March 05, 2021 – General

Hillicon Valley: China implicated in Microsoft breach | White House adds Big Tech critic | QAnon unfazed after false prediction Full Text

Abstract

Two months after the discovery of a massive Russian cyber attack, the federal government is grappling with a new Chinese-linked hacking incident that may have hit a “large number of victims," according to the White House. The Biden administration also added well-known Big Tech critic Tim Wu to its team.

The Hill

March 05, 2021 – Policy and Law

US indicts John McAfee for cryptocurrency fraud, money laundering Full Text

Abstract

US federal prosecutors have charged John McAfee, founder of cybersecurity firm McAfee, and his executive advisor Jimmy Gale Watson Jr for cryptocurrency fraud and money laundering.

BleepingComputer

March 5, 2021 – Privacy

Through automation, New Belgium Brewing has privacy on tap Full Text

Abstract

SC Media spoke to Tye Eyden, collaboration business systems analyst at New Belgium Brewing about ongoing efforts to stay ahead of privacy regulations. He credits workflow automation for bringing the company into compliance with the California Privacy Rights Act in just five months.

SCMagazine

March 05, 2021 – Policy and Law

John McAfee indicted by US officials for alleged cryptocurrency scheme Full Text

Abstract

The Justice Department announced Friday that John McAfee, the founder of anti-virus software company McAfee, has been indicted on alleged fraud and money laundering charges tied to a cryptocurrency investment scheme.

The Hill

March 05, 2021 – Ransomware

New ransomware only decrypts victims who join their Discord server Full Text

Abstract

A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server.

BleepingComputer

March 5, 2021 – Criminals

Cybercriminals Target Industrial Organizations in Information Theft Campaign Full Text

Abstract

A mysterious cybercrime group apparently driven by profit has been targeting industrial organizations in Europe, Asia and North America as part of an information theft campaign.

Security Week

March 5, 2021 – Ransomware

These two unusual versions of ransomware tell us a lot about how attacks are evolving Full Text

Abstract

Two newly discovered forms of ransomware with very different traits show just how diverse the world of ransomware has become as more cyber criminals attempt to join in with cyber extortion.

ZDNet

March 5, 2021 – Criminals

Cybercriminals Finding Ways to Bypass ‘3D Secure’ Fraud Prevention System Full Text

Abstract

Security researchers with threat intelligence firm Gemini Advisory say they have observed dark web activities related to bypassing 3D Secure (3DS), which is designed to improve the security of online credit and debit card transactions.

Security Week

March 5, 2021 – Breach

Airline IT provider confirms passenger data leaked after major ‘cyberattack’ Full Text

Abstract

In a public disclosure, the Swiss outfit confirmed it had last month fallen victim to a wide-ranging data security incident that ensnared passengers from some of the world’s largest airlines.

The Register

March 5, 2021 – Government

White House says Microsoft email hackers have ‘large number of victims’ Full Text

Abstract

Microsoft said this week that targets included infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and non-governmental groups.

Reuters

March 5, 2021 – Government

U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures Full Text

Abstract

The lack of cybersecurity requirements in weapons contracts from the Department of Defense opens the door for dangerous cyberattacks.

Threatpost

March 5, 2021 – Hacker

Chinese hackers might have targeted Indian Railways infrastructure Full Text

Abstract

Besides 10 organizations in the Indian power sector and two ports, Chinese state-sponsored hackers might also have targeted Indian Railways infrastructure, an expert with cyber intelligence company Recorded Future said on Thursday.

The Times Of India

March 5, 2021 – Vulnerabilities

Privilege Escalation Bugs Patched in Linux Kernel Full Text

Abstract

Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel. A total of five vulnerabilities were recently identified and fixed in the Linux kernel.

Security Week

March 5, 2021 – Attack

Czech capital Prague, Labour Ministry face cyber attacks Full Text

Abstract

The Czech capital Prague and the Labour Ministry said there had been cyber attacks on their email systems but although the mayor of Prague said it was a large attack, he added the damage caused was limited.

Reuters

March 5, 2021 – Attack

Colorado-Based Sengrid Email Marketing Company Accounts Were Hacked Full Text

Abstract

It appears the attackers used Zoom invites as a lure together with an extensive list of email addresses, in this way “Contact” was able to deliver messages from hacked accounts on the SendGrid cloud-based platform.

Heimdal Security

March 5, 2021 – Malware

WordPress Injection Anchors Widespread Malware Campaign Full Text

Abstract

Website admins should patch all plugins, WordPress itself and back-end servers as soon as possible.

Threatpost

March 5, 2021 – General

When lawyers get hacked: How law firms grapple with risk tied to supply chain breaches Full Text

Abstract

As companies scramble to assess their own vulnerability amid the wave of supply chain attacks in recent months, law firms find themselves doing double duty: providing complex legal support to clients, and assessing internal safeguards to ensure they themselves practice what they preach.

SCMagazine

March 05, 2021 – Government

White House calls Microsoft email breach an ‘active threat’ Full Text

Abstract

White House press secretary Jen Psaki said Friday that the Biden administration is closely following the breach of a Microsoft email application, reportedly carried out by Chinese hackers, calling it an “active threat” with a “large number of victims.”

The Hill

March 5, 2021 – Malware

GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers Full Text

Abstract

Microsoft experts continue to investigate the SolarWinds attack and spotted 3 new strains of malware used as second-stage payloads. Microsoft announced the discovery of three new pieces of malware that the threat actors behind the SolarWinds attack,...

Security Affairs

March 5, 2021 – Breach

Massive Supply-Chain Cyberattack Breaches Several Airlines Full Text

Abstract

The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers.

Threatpost

March 5, 2021 – Hacker

Hackers Target Russian Cybercrime Forums Full Text

Abstract

Maza becomes latest Russian cybercrime forum to be hacked

Infosecurity Magazine

March 05, 2021 – Breach

SITA data breach affects millions of travelers from major airlines Full Text

Abstract

Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company.

BleepingComputer

March 5, 2021 – Malware

Ryuk Further Expands its Reach - Gets Worm-Like Capabilities Full Text

Abstract

With CERT-FR warning that Ryuk now has worm-like capabilities, attackers can now more quickly spread the malware inside a network. Earlier, it could only target one system at a time.

Cyware Alerts - Hacker News

March 5, 2021 – Malware

ObliqueRAT Learns Steganography Full Text

Abstract

Cyberattackers behind ObliqueRAT campaigns are now disguising the trojan in benign image files on hijacked websites. Four new versions of the malware have been recently discovered.

Cyware Alerts - Hacker News

March 5, 2021 – Phishing

US Warns of Fake Unemployment Benefit Websites Full Text

Abstract

New phishing attack spoofs state workforce agency websites to steal PII

Infosecurity Magazine

March 5, 2021 – Vulnerabilities

CNAME Cloaking Scheme Renders Anti-tracking Defenses Ineffective Full Text

Abstract

Digital ad companies are exploring a new technique wherein they masquerade as serving first-party, rather than third-party cookies, to circumvent the protections offered by adblocking software.

Cyware Alerts - Hacker News

March 5, 2021 – General

Banking Sector Facing Cyber Crises Full Text

Abstract

The Reserve Bank of New Zealand recently became the victim of a data breach affecting users' personal information due to zero-day flaws in a legacy file sharing solution provided by Accellion.

Cyware Alerts - Hacker News

March 5, 2021 – Privacy

Critics Blast Google’s Aim to Replace Browser Cookie with ‘FLoC’ Full Text

Abstract

EFF worries that the Google’s ‘privacy-first” vision for the future may pose new privacy risks.

Threatpost

March 5, 2021 – Malware

Stalkerware - A Nuisance Growing at Steady Pace Full Text

Abstract

Nidb family was the prominent stalkerware, impacting around 8,100 users around the world. This stalkerware-as-a-service was used to sell multiple products, such as iSpyoo, Copy9, and TheTruthSpy.

Cyware Alerts - Hacker News

March 5, 2021 – Outage

Cyberattack shuts down online learning at 15 UK schools Full Text

Abstract

On Wednesday, as reported by local publication NottinghamshireLive, several of the schools reported issues across social media and the need to close down the IT systems due to the cyberattack.

ZDNet

March 5, 2021 – General

Failure to Report Breach Costs Mortgage Lender $1.5m Full Text

Abstract

US mortgage company pays $1.5m to settle NYDFS Cybersecurity Regulation violation allegations

Infosecurity Magazine

March 5, 2021 – General

What’s Good for Litigation Isn’t Necessarily Good for Cybersecurity Full Text

Abstract

Efforts to shield post-breach investigations through the attorney work-product and attorney-client privileges are bad for cybersecurity.

Lawfare

March 05, 2021 – Vulnerabilities

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories Full Text

Abstract

Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The findings are a consequence of an exhaustive review undertaken by the Open Wireless Link (OWL) project, a team of researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt, Germany, who have historically taken apart Apple's wireless ecosystem with the goal of identifying security and privacy issues. In response to the disclosures on July 2, 2020, Apple is said to have partially addressed the issues, stated the researchers, who used their own data for the study citing privacy implications of the analysis. How Find My Works? Apple devices come with a feature called Find My that makes it easy for users to locate other Apple devices, includ

The Hacker News

March 5, 2021 – Government

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines Full Text

Abstract

In a new report released Thursday, the GAO said the Department of Defense fails to communicate clear cybersecurity guidelines to contractors tasked with building systems for its weapons programs.

ZDNet

March 5, 2021 – Breach

11,877 Android Apps and 6,608 iOS Apps Leak Data Due to Cloud Misconfigurations Full Text

Abstract

Researchers found misconfigurations in 14 percent of analyzed apps—11,877 Android apps and 6,608 iOS apps—exposing users' personal information, passwords, and even medical information.

Wired

March 5, 2021 – Attack

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant Full Text

Abstract

A new variant of the Gafgyt botnet – that’s actively targeting vulnerable D-Link and Internet of Things devices – is the first variant of the malware to rely on Tor communications, researchers say.

Threatpost

March 05, 2021 – Vulnerabilities

Microsoft: Exchange updates can install without fixing vulnerabilities Full Text

Abstract

Due to the critical nature of recently issued Microsoft Exchange security updates, admins need to know that the updates may have installation issues on servers where User Account Control (UAC) is enabled.

BleepingComputer

March 5, 2021 – Education

What is the Difference Between Authentication vs Authorization? Full Text

Abstract

Authentication and Authorization are two terms that are often used interchangeably in the tech world. However, both these terms are quite different...

Cyber Security News

March 5, 2021 – Education

Security starts with architecture Full Text

Abstract

The way security groups are typically structured is flawed. There is an invariable disconnect between where and how security policies are framed, security is enforced, and security is audited.

Help Net Security

March 05, 2021 – Education

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount Full Text

Abstract

As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions. However, relatively few engineers know this platform well. This leaves the door open for aspiring IT professionals who take the official exams. The Google Cloud Certifications Practice Tests + Courses Bundle helps you get certified faster, with 43 hours of video content and over 1,000 practice questions. It covers seven Google exams, providing all the prep you could possibly need. You would normally expect to pay $639 for this training, but 'The Hacker News' has put together an eye-catching deal with Whizlabs Learning Center. Special Offer — For a limited time, you can pick up all the content mentioned above for just $29.99 with this bundle. That means you save over $600 on the full price! As the demand for cloud computing experts grows, salaries are increasing. According to Glassdoor, engineers earn $117,785 a year on average. This bundle helps you join

The Hacker News

March 5, 2021 – Attack

Docker Hub and Bitbucket Resources Hijacked for Crypto-Mining Full Text

Abstract

Developer environments seen as an easy target for attack

Infosecurity Magazine

March 5, 2021 – Ransomware

Managed Services provider CompuCom by Darkside ransomware Full Text

Abstract

US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its operations, experts believe it was a ransomware attack. US managed service provider CompuCom was the victim of a cyberattack that partially disrupted...

Security Affairs

March 05, 2021 – Phishing

Ongoing phishing attacks target US brokers with fake FINRA audits Full Text

Abstract

The US Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.

BleepingComputer

March 5, 2021 – Hacker

Multiple Cyberspy Groups Target Microsoft Exchange Servers via Zero-Day Flaws Full Text

Abstract

ESET researchers revealed that, while most of the targets are located in the United States, attacks against servers in Europe, Asia, and the Middle East have been identified as well.

Security Week

March 05, 2021 – Attack

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked! Full Text

Abstract

In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year. The intrusion is said to have occurred on March 3, with information about the forum members — including usernames, email addresses, and hashed passwords — publicly disclosed on a breach notification page put up by the attackers, stating "Your data has been leaked" and "This forum has been hacked." "The announcement was accompanied by a PDF file allegedly containing a portion of forum user data. The file comprised more than 3,000 rows, containing usernames, partially obfuscated password hashes, email addresses and other contact details," cybersecurity firm Intel 471 said . Originally called Mazafaka, Maza is an elite, invite-only Russian-language cybercrime forum known to be operational as early as 2003, acting as an exc

The Hacker News

March 5, 2021 – Attack

Fraudsters Circumvent 3D Secure with Social Engineering Full Text

Abstract

Widespread chatter on dark web highlights gaps in payment protection

Infosecurity Magazine

March 5, 2021 – Breach

Someone Is Hacking Cybercrime Forums and Leaking User Data Full Text

Abstract

At least four cybercrime forums have been breached since the beginning of the year, namely Verified in January, Crdclub in February, and Exploit and Maza in March, by an unknown threat actor.

Security Week

March 5, 2021 – Breach

Singapore Airlines Frequent Flyer Members Impacted by Third-Party Security Breach Full Text

Abstract

Data belonging to 580,000 Singapore Airlines' frequent flyer members have been compromised in a cybersecurity attack that originally hit air transport communications and IT vendor, SITA.

ZDNet

March 5, 2021 – Vulnerabilities

Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability Full Text

Abstract

The flaw, tracked as CVE-2021-1285 and rated high severity, can be exploited by an unauthenticated, adjacent attacker to cause a DoS condition by sending it specially crafted Ethernet frames.

Security Week

March 5, 2021 – Phishing

BEC scammer infects own device, giving researchers a front-row seat to operations Full Text

Abstract

To carry out the scam, the scammer needed more details on equipment used at an unnamed oil company to make malicious emails to the company’s employees more believable, researchers wrote.

Cyberscoop

March 05, 2021 – Malware

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers Full Text

Abstract

FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques. Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of malware adds to a growing list of malicious tools such as Sunspot , Sunburst (or Solorigate), Teardrop , and Raindrop that were stealthily delivered to enterprise networks by alleged Russian operatives . "These tools are new pieces of malware that are unique to this actor," Microsoft said . "They are tailor-made for specific networks and are assessed to be introduced after the actor has gained access through compromised credentials or the SolarWinds binary and after moving laterally with Teardrop and other hands-on-keyboard actions." Microsoft al

The Hacker News

March 5, 2021 – Breach

SITA Supply Chain Breach Hits Multiple Airlines Full Text

Abstract

Malaysia Airlines, Singapore Airlines and others affected

Infosecurity Magazine

March 5, 2021 – Vulnerabilities

Five privilege escalation flaws fixed in Linux Kernel Full Text

Abstract

Experts found five vulnerabilities in the Linux kernel, tracked as CVE-2021-26708, that could lead to local privilege escalation. Positive Technologies researcher Alexander Popov found five high severity vulnerabilities in the Linux kernel that...

Security Affairs

March 5, 2021 – General

How SolarWinds Busted Up Our Assumptions About Code Signing Full Text

Abstract

Changes injected into a software build pipeline or continuous integration (CI) process will be included in the signed final product, altogether defeating the purpose of the signature.

Dark Reading

March 04, 2021 – Attack

Notorious Maza cybercrime forum attacked by other hackers Full Text

Abstract

The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums.

BleepingComputer

March 04, 2021 – Hacker

FireEye finds evidence Chinese hackers exploited Microsoft email app flaw since January Full Text

Abstract

Cybersecurity group FireEye on Thursday night announced it had found evidence that hackers had exploited a flaw in a popular Microsoft email application since as early as January to target groups across a variety of sectors.

The Hill

March 04, 2021 – Vulnerabilities

Hijacking traffic to Microsoft’s windows.com with bitflipping Full Text

Abstract

A researcher was able to bitsquat Microsoft's windows.com domain by cybersquatting variations of windows.com. Adversaries can abuse this tactic to conduct automated attacks or collect data due to the nature of bit flipping.

BleepingComputer

March 04, 2021 – Vulnerabilities

Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks Full Text

Abstract

Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware's UEFI firmware-infecting module, known as TrickBoot.

BleepingComputer

March 4, 2021 – Phishing

Scammers impersonate execs to target big payout of investor dollars Full Text

Abstract

Current tactics, which seek payouts that are multiple times larger than the average email impersonation scheme, are not terribly sophisticated. But if perfected, the approach could pose a serious threat to the financial investment and privacy equity community.

SCMagazine

March 04, 2021 – General

Hillicon Valley: YouTube to potentially restore Trump’s account | House-passed election bill takes aim at foreign interference | Senators introduce legislation to create international tech partnerships Full Text

Abstract

YouTube’s CEO on Thursday teased a return to the platform by former President TrumpDonald TrumpHouse passes voting rights and elections reform bill DEA places agent seen outside Capitol during riot on leave Georgia Gov. Kemp says he'd 'absolutely' back Trump as 2024 nominee MORE if certain conditions are met. The House approved legislation late Wednesday night that would create a range of cybersecurity improvements for elections, but the bill faces an uncertain future in the Senate. And a bipartisan group of senators unveiled legislation intended to foster U.S. partnership with other democratic nations on emerging technologies in order to compete with China.

The Hill

March 04, 2021 – Government

Senate includes nearly $2 billion in cyber, tech funds to COVID-19 bill Full Text

Abstract

The Senate included close to $2 billion for federal cybersecurity and technology modernization programs in its version of President Biden’s proposed COVID-19 relief package.

The Hill

March 04, 2021 – Government

Senators introduce bill creating technology partnerships to compete with China Full Text

Abstract

Senate Intelligence Committee Chairman Mark Warner (D-Va.) and a coalition of bipartisan senators on Thursday introduced legislation intended to help the U.S. create international partnerships on emerging technologies to better compete with China.

The Hill

March 4, 2021 – Government

NSA, CISA, issue guidance on Protective DNS services Full Text

Abstract

The information sheet offers a list of providers, but NSA and CISA were clear that the federal agencies do not endorse one provider over another.

SCMagazine

March 4, 2021 – Malware

Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers Full Text

Abstract

Researchers with Microsoft and FireEye found three new malware families, which they said are used by the threat group behind the SolarWinds attack.

Threatpost

March 4, 2021 – Malware

Sunshuttle, the fourth malware allegedly linked to SolarWinds hack Full Text

Abstract

FireEye researchers spotted a new sophisticated second-stage backdoor that was likely linked to threat actors behind the SolarWinds hack. Malware researchers at FireEye discovered a new sophisticated second-stage backdoor, dubbed Sunshuttle, while...

Security Affairs

March 4, 2021 – Hacker

Cyberattackers Target Top Russian Cybercrime Forums Full Text

Abstract

Elite Russian forums for cybercriminals have been hacked in a string of breaches, leaving hackers edgy and worried about law enforcement.

Threatpost

March 04, 2021 – Ransomware

CompuCom MSP hit by DarkSide ransomware cyberattack Full Text

Abstract

US managed service provider CompuCom has suffered a DarkSide ransomware attack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware.

BleepingComputer

March 4, 2021 – General

BlackGirlsHack founder: ‘I’m trying to change what the next generation of cybersecurity looks like’ Full Text

Abstract

As Black History Month drew to a close and Women’s Month began, BlackGirlsHack founder Tennisha Martin discussed with SC Media the barriers to diversity in the cybersecurity workforce and how a recent partnership with RangeForce will help the non-profit contribute to change.

SCMagazine

March 4, 2021 – Malware

Microsoft links new malware to SolarWinds hackers Full Text

Abstract

Microsoft released details Thursday on later-stage malware the company says was used by the group behind the SolarWinds espionage campaign that breached several government agencies and private firms including Microsoft and FireEye. A coordinated blog from FireEye provided a separate deep dive on one of the malware strains in the Microsoft post, but the firm…

SCMagazine

March 04, 2021 – Malware

Microsoft reveals 3 new malware strains used by SolarWinds hackers Full Text

Abstract

Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads.

BleepingComputer

March 4, 2021 – Criminals

Cryptocurrency Fraudster Steals $16m Full Text

Abstract

Swede admits defrauding over 3,500 victims with elaborate crypto pension scam

Infosecurity Magazine

March 04, 2021 – Malware

Microsoft reveals new malware used by the SolarWinds hackers Full Text

Abstract

Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads.

BleepingComputer

March 4, 2021 – General

Two-Thirds of Irish Women Harassed Online Full Text

Abstract

Survey finds girls no longer share their views online for fear of being abused

Infosecurity Magazine

March 04, 2021 – Policy and Law

House-passed election bill takes aim at foreign interference Full Text

Abstract

A sweeping elections bill passed by the House on Wednesday night would boost cybersecurity measures and focus on countering foreign interference efforts like the kind that affected the 2016 and 2018 elections.

The Hill

March 4, 2021 – Ransomware

Ransomware Attack on Arizona Optometrist Full Text

Abstract

Cyber-attack on Cochise Eye and Laser impacts up to 100,000 people

Infosecurity Magazine

March 04, 2021 – Attack

Maza forum hacked in recent attacks targeting cybercrime forums Full Text

Abstract

The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums.

BleepingComputer

March 4, 2021 – Hacker

North Korea and Cybercrime - A Malicious Combination Full Text

Abstract

It can be unarguably stated that North Korea and cybercrime go hand in hand. The nation is highly focused on reinforcing its cyber capabilities, by all means necessary, and creating more than just a nuisance.

Cyware Alerts - Hacker News

March 04, 2021 – Malware

FireEye finds new malware likely linked to SolarWinds hackers Full Text

Abstract

FireEye discovered a new "sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack.

BleepingComputer

March 4, 2021 – Breach

5 million Adecco.com users’ data leaked Full Text

Abstract

A user on a popular hacking forum was purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second-largest staffing provider in the world.

Cyber News

March 4, 2021 – Criminals

Cybercriminals innovate to find vulnerabilities that can be monetized Full Text

Abstract

The healthcare industry remains most at risk, particularly through web gateways, and phishing is still a high-risk vector in this sector, according to cybersecurity experts.

Help Net Security

March 4, 2021 – Privacy

National Surveillance Camera Roll Out Roils Privacy Activists Full Text

Abstract

TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.

Threatpost

March 4, 2021 – Breach

Maza Russian cybercriminal forum suffers data breach Full Text

Abstract

The community has been connected to carding -- the trafficking of stolen financial data and payment card info -- and the discussion of topics like malware, exploits, spam, money laundering, and more.

ZDNet

March 04, 2021 – Vulnerabilities

VMware releases fix for severe View Planner RCE vulnerability Full Text

Abstract

VMware has addressed a high severity unauth RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution.

BleepingComputer

March 4, 2021 – Government

CISA Orders Federal Agencies to Patch Exchange Servers Full Text

Abstract

Espionage attacks exploiting the just-patched remote code-execution security bugs in Microsoft Exchange servers are quickly spreading.

Threatpost

March 04, 2021 – Hacker

Researcher bitsquats Microsoft’s windows.com to steal traffic Full Text

Abstract

BleepingComputer

March 4, 2021 – Vulnerabilities

VMware addresses Remote Code Execution issue in View Planner Full Text

Abstract

VMware released a security patch for a remote code execution vulnerability that affects the VMware View Planner product. VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The...

Security Affairs

March 4, 2021 – General

Experts Discuss How to Achieve Greater Gender Equality in the Tech Industry Full Text

Abstract

What trends are we seeing in regard to the representation of women in tech?

Infosecurity Magazine

March 4, 2021 – Vulnerabilities

VMware Patches Remote Code Execution Vulnerability in View Planner Full Text

Abstract

With the release of View Planner 4.6 Security Patch 1 on March 2, VMware fixes CVE-2021-21978, an issue that could allow an attacker to execute code remotely. The bug features a CVSS score of 8.6.

Security Week

March 04, 2021 – Phishing

Hacked SendGrid accounts used in phishing attacks to steal logins Full Text

Abstract

A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid.

BleepingComputer

March 4, 2021 – Business

Okta acquires cloud identity startup Auth0 for $6.5B Full Text

Abstract

With Auth0, Okta gets a cloud identity company that helps developers embed identity management into applications, adding an entirely new dimension to its identity platform.

TechCrunch

March 4, 2021 – Phishing

COVID-19 Vaccine Spear-Phishing Attacks Jump 26 Percent Full Text

Abstract

Cybercriminals are using the COVID-19 vaccine to steal Microsoft credentials, infect systems with malware and bilk victims out of hundreds of dollars.

Threatpost

March 4, 2021 – General

Enterprises observing uptick in risky behaviors since shift to remote work Full Text

Abstract

Eighty-eight percent of companies reported that before the pandemic they felt some level of confidence in their ability to fully and securely support remote work, according to a report by Tanium.

Help Net Security

March 4, 2021 – General

Why Cloud Security Risks Have Shifted to Identities and Entitlements Full Text

Abstract

Identities have become the primary attack surface in the cloud. However, they remain largely unprotected because traditional security tools were designed to protect the network perimeter.

Dark Reading

March 04, 2021 – Vulnerabilities

Windows DNS SIGRed bug gets first public RCE PoC exploit Full Text

Abstract

A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability.

BleepingComputer

March 4, 2021 – Vulnerabilities

Google Patches Actively Exploited Chrome Zero-day Vulnerability in Chrome 89 Release – Update Now!! Full Text

Abstract

Google released Chrome 89 with several security fixes, including Chrome zero-day bug that is being exploited in wide. The...

Cyber Security News

March 4, 2021 – Ransomware

Large-Scale Ransomware Hack Impacts Sensitive Employee Information at Navajo Nation Hospital Full Text

Abstract

The hacker group stole sensitive employee files, such as job applications and background check authorizations that included Social Security numbers, and posted it online to extort the hospital.

NBC News

March 04, 2021 – Privacy

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead Full Text

Abstract

Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022. "Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while still delivering results for advertisers and publishers," said David Temkin, Google's director of product management for ads privacy and trust. "Advances in aggregation, anonymization, on-device processing and other privacy-preserving technologies offer a clear path to replacing individual identifiers." The changes, which could potentially reshape the advertising landscape, are expected only to cover websites visited via Chrome and do not extend to mobile apps. At the same time, Google acknowledged that other companies might find alternative ways to track individual us

The Hacker News

March 4, 2021 – General

Financial Crime Surges in 2020 Following Shift to Digital Banking and Commerce Full Text

Abstract

Study detects a 650% surge in account takeovers last year

Infosecurity Magazine

March 4, 2021 – Government

CISA emergency directive urges to fix Microsoft Exchange zero-days Full Text

Abstract

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive related to recently fixed Microsoft Exchange zero-days. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued the Emergency Directive...

Security Affairs

March 04, 2021 – Government

DHS orders agencies to urgently patch or disconnect Exchange servers Full Text

Abstract

The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks.

BleepingComputer

March 04, 2021 – Ransomware

Ransomware is a multi-billion industry and it keeps growing Full Text

Abstract

An analysis from global cybersecurity company Group-IB reveals that ransomware attacks more than doubled last year and increased in both scale and sophistication.

BleepingComputer

March 4, 2021 – Ransomware

Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150% Full Text

Abstract

Group-IB published a report titled “Ransomware Uncovered 2020-2021”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware...

Security Affairs

March 4, 2021 – Covid-19

#COVID19 Vaccine Phishing Scams Surge 26% in Three Months Full Text

Abstract

New data claims BEC scammers are also getting in on the act

Infosecurity Magazine

March 4, 2021 – Malware

New Malicious NPM Packages Attack Amazon & Slack Full Text

Abstract

Recently, the cybersecurity researchers at Sonatype have detected a very new type of "dependency confusion" packages that have been assigned to the...

Cyber Security News

March 4, 2021 – General

A More Effective Approach to Combating Software Supply Chain Attacks Full Text

Abstract

Majority of organizations do not sufficiently test the effectiveness of stand-alone security controls and how they perform together as a complete security stack against known attack techniques.

Security Intelligence

March 04, 2021 – Breach

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit Full Text

Abstract

Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents. As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared screenshots of files belonging to the company's customers on a publicly accessible data leak website operated by the CLOP ransomware gang. Confirming the incident, Qualys Chief Information Security Officer Ben Carr said a detailed probe "identified unauthorized access to files hosted on the Accellion FTA server" located in a DMZ (aka demilitarized zone ) environment that's segregated from the rest of the internal network. "Based on this investigation, we immediately notified the limited number of customers impacted by this unauthorized access," Carr added. "The in

The Hacker News

March 4, 2021 – Ransomware

Ransomware Attacks Soared 150% in 2020 Full Text

Abstract

Extortion demands doubled as more groups tried big-game hunting

Infosecurity Magazine

March 4, 2021 – Vulnerabilities

GRUB2 boot loader maintainers fixed hundreds of flaws Full Text

Abstract

Now maintainers at the GRUB project have released security updates to address more than 100 vulnerabilities. GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB...

Security Affairs

March 4, 2021 – Solution

Top 10 Best Open Source Firewall to Protect Your Enterprise Network 2021 Full Text

Abstract

Open Source Firewall is best known for protecting the network from a threat by filtering the inbound and outbound traffic and ensure...

Cyber Security News

March 4, 2021 – Government

CISA Official Calls for Update of Identity Management Guidance in Wake of SolarWinds Compromise Full Text

Abstract

“Our takeaway from this at CISA's space is that identity is everything now,” Jay Gazlay said, noting that level of success the adversary achieved with tactics like password spraying was not normal.

Nextgov

March 04, 2021 – Government

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws Full Text

Abstract

Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of " active exploitation " of the vulnerabilities. The alert comes on the heels of Microsoft's disclosure that China-based hackers were exploiting unknown software bugs in Exchange server to steal sensitive data from select targets, marking the second time in four months that the U.S. has scrambled to address a widespread hacking campaign believed to be the work of foreign threat actors. While the company mainly attributed the campaign to a threat group called HAFNIUM, Slovakian cybersecurity firm ESET said it found evidence of CVE-2021-26855 being actively exploited in the wild by several cyber espionage groups, including LuckyMouse, Tick, and Calypso targeting servers located in the U.S., Europe, Asia, and the

The Hacker News

March 4, 2021 – General

Women in Cyber: Workplace Equality Will Take a Decade Full Text

Abstract

CIISec argues sector risks stagnation without diversity drive

Infosecurity Magazine

March 4, 2021 – Vulnerabilities

Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708) Full Text

Abstract

Security researcher Alexander Popov has discovered and fixed five similar issues, tracked together as CVE-2021-26708 in the virtual socket implementation of the Linux kernel.

Help Net Security

March 4, 2021 – Ransomware

Lazarus Group Tied to TFlower Ransomware Full Text

Abstract

The Lazarus Group, a North Korean hacking operation also known as Hidden Cobra, is deploying TFlower ransomware, using its MATA malware framework, security firm Sygnia reports.

Gov Info Security

March 03, 2021 – Attack

Cybersecurity firm Qualys is the latest victim of Accellion hacks Full Text

Abstract

Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files.

BleepingComputer

March 03, 2021 – Outage

CompuCom MSP confirms ongoing outage following malware incident Full Text

Abstract

The US managed service provider CompuCom has suffered a cyberattack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware, BleepingComputer has learned.

BleepingComputer

March 03, 2021 – General

Hillicon Valley: High alert as new QAnon date approaches Thursday | Biden signals another reversal from Trump with national security guidance | Parler files a new case Full Text

Abstract

Authorities are getting prepping for tomorrow due to a QAnon conspiracy theory prediction, and Capitol police said Wednesday they are aware of online musings about “an identified militia group” potentially planning to breach the Capitol. The Biden administration outlined its approach to national security threats, marking a departure from Trump's “America first” policy. Meanwhile, political ads will once again be allowed on Facebook after an extended pause in the wake of the deadly Capitol riot. And Parler is not giving up.

The Hill

March 3, 2021 – Ransomware

Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys Full Text

Abstract

Cybersecurity firm Qualys seems to have suffered a data breach, threat actors allegedly exploited zero-day flaw in their Accellion FTA server. Cybersecurity firm Qualys is the latest victim of a cyber attack, the company was likely hacked by threat...

Security Affairs

March 3, 2021 – Hacker

Hackers, nation-states, target US black community to commit fraud, sow division Full Text

Abstract

African Americans are more highly impacted by fraud campaigns compared to other racial and ethnic groups, as disparities in financial literacy and wealth act as barriers to recovery from any resulting financial loss.

SCMagazine

March 3, 2021 – Vulnerabilities

Researcher finds 5 privilege escalation vulnerabilities in Linux kernel Full Text

Abstract

The vulnerabilities, which were patched before public disclosure, could have allowed an attacker to potentially steal data, run administrative commands or install malware on operating systems or server applications.

SCMagazine

March 03, 2021 – Hacker

Hackers share methods to bypass 3D Secure for payment cards Full Text

Abstract

Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure (3DS) protocol used for authorizing online card transactions.

BleepingComputer

March 3, 2021 – General

Countering cyber proliferation: Zeroing in on Access-as-a-Service Full Text

Abstract

The proliferation of offensive cyber capabilities (OCC) presents an expanding set of risks to states and challenges commitments to protect openness, security, and stability in cyberspace.

Atlantic Council

March 03, 2021 – Government

Federal agencies ordered to patch systems immediately following flaw in Microsoft app Full Text

Abstract

The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday ordered federal agencies to immediately investigate, patch or disconnect their systems from a Microsoft email application after the company discovered a vulnerability exploited by Chinese hackers.

The Hill

March 3, 2021 – Criminals

Missing Teens Used School Laptops to Chat with Alleged Abductors Full Text

Abstract

Disappearance of North Carolina teenagers allegedly linked to men they met online

Infosecurity Magazine

March 3, 2021 – Malware

The Ursnif Trojan has hit over 100 Italian banks Full Text

Abstract

Avast researchers reported that the infamous Ursnif Trojan was employed in attacks against at least 100 banks in Italy. Avast experts recently obtained information on possible victims of Ursnif malware that confirms the interest of malware operators...

Security Affairs

March 3, 2021 – Breach

Nine-year Malaysia Airlines breach gave attackers lots of time to misuse data Full Text

Abstract

The incident is another example of why businesses must assess and manage third-party vendor risk.

SCMagazine

March 3, 2021 – Vulnerabilities

Unpatched Bug in WiFi Mouse App Opens PCs to Attack Full Text

Abstract

Wireless mouse-utility lacks proper authentication and opens Windows systems to attack.

Threatpost

March 03, 2021 – Phishing

BEC scammers are targeting investors for massive payouts Full Text

Abstract

Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average.

BleepingComputer

March 3, 2021 – Attack

Recovering from the SolarWinds hack could take 18 months Full Text

Abstract

Fully recovering from the SolarWinds hack will take the US government from a year to as long as 18 months, according to the head of the agency that is leading Washington’s recovery.

Technology Review

March 03, 2021 – Government

Blinken vows renewed focus on emerging tech after hack Full Text

Abstract

Secretary of State Antony Blinken on Wednesday vowed that the U.S. will prioritize positioning itself as a global leader on technology to shore up its national security defenses, particularly following the recent breach of the federal government known as the SolarWinds hack.

The Hill

March 3, 2021 – Insider Threat

Canadian Cyber-Agency Workers Threaten Strike Full Text

Abstract

Unionized workers at Communications Security Establishment authorize strike over wages

Infosecurity Magazine

March 3, 2021 – General

Cyber Defense Magazine – March 2021 has arrived. Enjoy it! Full Text

Abstract

Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month's edition…packed with over 110 pages of excellent content. 110 PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind...

Security Affairs

March 3, 2021 – Breach

Microsoft Exchange Server breaches more widespread than originally thought Full Text

Abstract

In its blog post on critical Exchange Server patches Tuesday, Microsoft pointed to “limited and targeted” exploitation of the vulnerabilities in the wild. But new data suggests that the breaches may not be limited or targeted at all.

SCMagazine

March 3, 2021 – Vulnerabilities

Home-Office Photos: A Ripe Cyberattack Vector Full Text

Abstract

Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.

Threatpost

March 03, 2021 – Vulnerabilities

GRUB2 boot loader reveals multiple high severity vulnerabilities Full Text

Abstract

GRUB, a popular Linux boot loader project has fixed multiple high severity vulnerabilities.

BleepingComputer

March 3, 2021 – Malware

Hackers Using Tricky SEO Technique to Deliver Malware Payloads Full Text

Abstract

Gootloader appears to have expanded its payloads further as it now uses SEO poisoning to deliver an array of malware payloads against users in South Korea, Germany, France, and the U.S.

Cyware Alerts - Hacker News

March 3, 2021 – Business

US Cybersecurity Firm Opens New Belfast Office Full Text

Abstract

Launch of new Rapid7 office in Ireland to create 150 new jobs

Infosecurity Magazine

March 3, 2021 – Vulnerabilities

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw Full Text

Abstract

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could've allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could...

Security Affairs

March 3, 2021 – Ransomware

RTM Cybergang Adds New Quoter Ransomware to Crime Spree Full Text

Abstract

The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics.

Threatpost

March 03, 2021 – Phishing

US government warns of Social Security scams using fake federal IDs Full Text

Abstract

Government imposter scams now come with a new twist that has the potential to make them even more effective, as the Inspector General for the Social Security Administration (SSA) warns.

BleepingComputer

March 3, 2021 – APT

Nation-State Hackers are Now Hiring Mercenary APT Groups Full Text

Abstract

A Blackberry report unveiled that state-backed actors often collaborate with mercenary APT groups to excel in attacks. Simultaneously, it helps state-backed actors lie low with their game plan.

Cyware Alerts - Hacker News

March 3, 2021 – Attack

Microsoft: SolarWinds Attack Highlights Growing Sophistication of Nation State Actors Full Text

Abstract

Microsoft discusses the changing threat landscape

Infosecurity Magazine

March 03, 2021 – Attack

Cybersecurity firm Qualys likely latest victim of Accellion hacks Full Text

Abstract

Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files.

BleepingComputer

March 3, 2021 – Attack

Brand(ed) Lures and GuLoader - The New Face of Email-based Attacks Full Text

Abstract

After studying millions of email-based attacks, researchers note a unique trend in malware-stealing attempts and disclose details about the success recipe of a top malware used by them.

Cyware Alerts - Hacker News

March 03, 2021 – Hacker

State hackers rush to exploit unpatched Microsoft Exchange servers Full Text

Abstract

Multiple state-sponsored hacking groups are actively exploiting critical Exchange bugs Microsoft patched Tuesday via emergency out-of-band security updates.

BleepingComputer

March 3, 2021 – General

Singapore issues FSI guidelines on managing remote work risks Full Text

Abstract

Singapore has released guidelines on heightened risks businesses in the financial services industry (FSI) now face as remote work practices take hold and how they can mitigate such risks.

ZDNet

March 3, 2021 – General

Another Boom in Malicious Hacking Operations Against Industrial Environments Full Text

Abstract

Dragos uncovers a total of 15 threat groups targeting industrial organizations, with four new groups joining in 2020. The new groups are efficient enough to sabotage control systems.

Cyware Alerts - Hacker News

March 3, 2021 – Government

ENISA and CERT-EU to improve the EU cybersecurity framework Full Text

Abstract

The Head of CERT-EU, Saâd Kadhi, said: “We are proud of this achievement, which sets the path for a greater collaboration between our two organisations, to better serve our respective constituencies.

Help Net Security

March 3, 2021 – Breach

Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak Full Text

Abstract

The information leaked included approximately 8,000,000 voice recordings, 13,000,000 phone numbers, and hundreds of millions of call logs and metadata. In total, nearly 2 billion records were leaked.

Security Affairs

March 3, 2021 – Business

TPG buys Thycotic and merges it with Centrify to create access management giant Full Text

Abstract

“The combination of Thycotic and Centrify creates a leader in one of the most important and strategic sub-sectors of security software,” said Tim Millikin, a partner at TPG Capital.

The Register

March 03, 2021 – Hacker

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection Full Text

Abstract

Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious Microsoft Office documents forged with macros to spread a RAT that goes by the name of ObliqueRAT . First documented in February 2020 , the malware has been linked to a threat actor tracked as Transparent Tribe (aka Operation C-Major, Mythic Leopard, or APT36), a highly prolific group allegedly of Pakistani origin known for its attacks against human rights activists in the country as well as military and government personnel in India. While the ObliqueRAT modus operandi previously overlapped with another Transparent Tribe campaign in December 2019 to disseminate CrimsonRAT, the new wave of

The Hacker News

March 3, 2021 – Breach

Telemarketing Biz Exposes 114,000 in Cloud Config Error Full Text

Abstract

Call recordings of clients and customers on unsecured bucket

Infosecurity Magazine

March 3, 2021 – Breach

Data Breach: Millions of Phone Numbers, Recordings, and Call Logs Compromised in Ringostat Data Leak Full Text

Abstract

WizCase experts found a major breach in phone-tracking service Ringostat ’s database, millions of Phone Numbers, Recordings, and Call Logs Compromised WizCase security team has found a major breach in phone-tracking service Ringostat ’s database....

Security Affairs

March 3, 2021 – Ransomware

The Cybersecurity 202: A nonprofit is providing free ransomware protection to private U.S. hospitals Full Text

Abstract

As a part of the effort to combat the rise in attacks, nonprofit group Center for Internet Security (CIS) this month launched a free ransomware protection service for private U.S. hospitals.

Washington Post

March 03, 2021 – Solution

Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams Full Text

Abstract

The attack surface is virtually expanding before our eyes. Protecting assets across multiple locations, with multiple solutions from different vendors, has become a daily concern for CISOs globally. In a new e-book recently published ( download here ), CISOs with small security teams talk about the drivers for replacing their EDR/NGAV solutions with an Autonomous XDR solution and why they believe consolidation provides significant benefits to organization and team. The first topic discussed is the need to ensure coverage and have optimal visibility in order to uncover even stealthy threats. Organizations keep adding more and more security solutions that extend visibility, yet these solutions need to be maintained, monitored, and managed, taking up quite a bit of the analyst's time. In addition, these systems each provide some visibility leaving the analysts to make contextual connections and create the complete attack storyline. Unfortunately, these processes take time, and s

The Hacker News

March 3, 2021 – General

Password Reuse at 60% as 1.5 Billion Combos Discovered Online Full Text

Abstract

SpyCloud’s latest report reveals persistent threat of account takeovers

Infosecurity Magazine

March 3, 2021 – Malware

Mobile malware evolution 2020 Full Text

Abstract

In their campaigns to infect mobile devices, cybercriminals always resort to social engineering tools, the most common being passing a malicious application off as another, popular and desirable one.

Kaspersky Labs

March 03, 2021 – Vulnerabilities

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account Full Text

Abstract

Microsoft has awarded an independent security researcher $50,000 as part of its bug bounty program for reporting a flaw that could have allowed a malicious actor to hijack users' accounts without their knowledge. Reported by Laxman Muthiyah, the vulnerability aims to brute-force the seven-digit security code that's sent to a user's email address or mobile number to corroborate his (or her) identity before resetting the password in order to recover access to the account. Put differently, the account takeover scenario is a consequence of privilege escalation stemming from an authentication bypass at an endpoint which is used to verify the codes sent as part of the account recovery process . The company addressed the issue in November 2020, before details of the flaw came to light on Tuesday. Although there are encryption barriers and rate-limiting checks designed to prevent an attacker from repeatedly submitting all the 10 million combinations of the codes in an automa

The Hacker News

March 3, 2021 – Vulnerabilities

Microsoft Patches Four Zero-Day Exchange Server Bugs Full Text

Abstract

Chinese state attackers are currently exploiting them, it warns

Infosecurity Magazine

March 3, 2021 – General

Building a Next-Generation SOC Starts With Holistic Operations Full Text

Abstract

Cybersecurity leaders know a well-built security operations organization involves the right mix of architecture, processes, analytics, and technology attuned to the threat landscape.

Dark Reading

March 3, 2021 – Attack

Securing Space: The Next Frontier of Credential-Based Attacks Full Text

Abstract

Examples of critical infrastructure in space include the NASA satellites orbiting Earth, which are equipped with cameras and scientific sensors to collect data about the planet.

Nextgov

March 3, 2021 – Malware

Researcher discovers Go typosquatting package that relays system information to Chinese tech firm Full Text

Abstract

One of two packages deemed to warrant further investigation purported to be the GitHub ‘cli’ repository that is widely used for building CLI (command-line interface) Go projects.

The Daily Swig

March 3, 2021 – Attack

Attackers took over the Perl.com domain in September 2020 Full Text

Abstract

The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of the domain in September 2020. The Perl.com domain was hijacked in January 2021, but according to Brian Foy, senior editor of Perl.com,...

Security Affairs

March 3, 2021 – Business

BlueVoyant Appoints James M. Aquilina as Advisor Full Text

Abstract

Aquilina joins as member of BlueVoyant's advisory board and advisor to the CEO

Infosecurity Magazine

March 3, 2021 – Malware

ObliqueRAT Trojan now lurks in images on compromised websites Full Text

Abstract

Steganography is used to hide code, images, and video content within other content of file formats, and in this case, the researchers have found BMP files that contain malicious ObliqueRAT payloads.

ZDNet

March 03, 2021 – Phishing

Cash App phishing kit deployed in the wild, courtesy of 16Shop Full Text

Abstract

The developer of the 16Shop phishing kit has added a new component that targets users of the popular Cash App mobile payment service.

BleepingComputer

March 3, 2021 – Botnet

Is Your Browser Extension a Botnet Backdoor? — Krebs on Security Full Text

Abstract

Infatica uses the browser of anyone who has an extension injected with its code to route web traffic for the company’s customers, including marketers or anyone able to afford its subscription charges.

Krebs on Security

March 3, 2021 – Vulnerabilities

Google Patches Critical Remote Code Execution Vulnerability in Android Full Text

Abstract

Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component.

Security Week

March 3, 2021 – Attack

Update: Oxfam Australia confirms ‘supporter’ data accessed in cyber attack Full Text

Abstract

In an update on Monday, Oxfam Australia said it had found “supporter’s information on one of its databases was unlawfully accessed by an external party on 20 January 2021”.

IT News

March 3, 2021 – Hacker

Threat Actor HAFNIUM Found Targeting Exchange Servers with Zero-Day Exploits Full Text

Abstract

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics, and procedures.

Microsoft

March 3, 2021 – Vulnerabilities

Four zero-days in Microsoft Exchange actively exploited in the wild Full Text

Abstract

Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855,...

Security Affairs

March 3, 2021 – Vulnerabilities

Google fixes Critical Remote Code Execution issue in Android System component Full Text

Abstract

Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in the System component. Google released security updates to address 37 vulnerabilities as part of the Android security...

Security Affairs

March 02, 2021 – General

Hillicon Valley: Senate confirms Biden Commerce secretary pick Gina Raimondo | Wray hints at federal response to SolarWinds hack | Virginia governor signs comprehensive data privacy law Full Text

Abstract

Former Rhode Island Gov. Gina RaimondoGina RaimondoFirst Black secretary of Senate sworn in The Hill's 12:30 Report - Presented by ExxonMobil - Third approved vaccine distributed to Americans This week: Senate takes up coronavirus relief after minimum wage setback MORE (D) was confirmed by the Senate as Commerce Secretary today, weeks after her nomination was blocked over her potential stance on Chinese telecom giant Huawei. The planned federal response to the SolarWinds hack was in the spotlight again, with both the FBI director and the Biden administration hinting at upcoming steps against Russia. And Virginia became the second U.S. state Tuesday to have a comprehensive data privacy law, following on the heels of California.

The Hill

March 2, 2021 – Insider Threat

SolarWinds blaming intern for leaked password is symptom of ‘security failures’ Full Text

Abstract

Infosec thought leaders say that blaming an intern ignores the true roots of the problem, including insufficient credentials policies and access management practices.

SCMagazine

March 2, 2021 – Solution

Google Cloud boosts customers’ insurance with a new, optional data tool Full Text

Abstract

Customers on Google Cloud are now able to use a diagnostic tool called “Risk Manager” to evaluate cyber hygiene. In doing so, and in sharing the results with Munich Re and Allianz, the insurers will offer expanded coverage options.

SCMagazine

March 2, 2021 – Business

NightDragon’s Dave DeWalt: ‘This is the highest threat environment we’ve ever had, bar none’ Full Text

Abstract

SC Media sat down (virtually) with former FireEye and McAfee CEO Dave DeWalt to learn more about his special purpose acquisition company, NightDragon, and the 11 sectors they’re targeting for investment.

SCMagazine

March 2, 2021 – Denial Of Service

DoS vulnerability found in Eclipse Jetty Full Text

Abstract

Jetty has such wide use that the vulnerability is what one researcher described as “close to a digital nightmare,” especially on embedded devices in industrial control systems – which are often not patchable.

SCMagazine

March 02, 2021 – Vulnerabilities

Microsoft fixes actively exploited Exchange zero-day bugs, patch now Full Text

Abstract

Microsoft has released emergency out-of-band security updates for Microsoft Exchange that fix four zero-day vulnerabilities actively exploited in targeted attacks.

BleepingComputer

March 02, 2021 – Vulnerabilities

Google fixes second actively exploited Chrome zero-day bug this year Full Text

Abstract

Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users.

BleepingComputer

March 2, 2021 – Attack

Post-Cyberattack, Universal Health Services Faces $67M in Losses Full Text

Abstract

The Fortune-500 hospital network owner is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October.

Threatpost

March 02, 2021 – Ransomware

Payroll giant PrismHR outage likely caused by ransomware attack Full Text

Abstract

Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers.

BleepingComputer

March 2, 2021 – Vulnerabilities

Microsoft issues critical Exchange Server patches to thwart wave of targeted attacks Full Text

Abstract

On a series of three blog posts to be released Tuesday, Microsoft said targeted hacking from a group operating out of China that the company calls Hafnium, linked together chains of vulnerabilities to garner access.

SCMagazine

March 2, 2021 – Solution

Pwn20wnd released the unc0ver v 6.0 jailbreaking tool Full Text

Abstract

The popular jailbreaking tool called "unc0ver" now supports iOS 14.3 and earlier releases, and is able to unlock almost every iPhone device. Pwn20wnd, the author of the jailbreaking tool "unc0ver," has updated their software to support iOS 14.3 and earlier...

Security Affairs

March 02, 2021 – Government

Senate confirms Biden Commerce secretary pick Gina Raimondo Full Text

Abstract

The Senate confirmed Gina Raimondo as Commerce secretary on Tuesday in a broad bipartisan vote despite early GOP efforts to block her nomination.

The Hill

March 02, 2021 – Government

Wray hints at federal response to SolarWinds hack Full Text

Abstract

FBI Director Christopher Wray on Tuesday hinted at the planned federal response to what has become known as the SolarWinds hack, stressing that confronting foreign attacks in cyberspace would be “a long, hard slog.”

The Hill

March 2, 2021 – Policy and Law

Satanic Temple Loses Cyber-squatting Lawsuit Full Text

Abstract

Judge dismisses Temple’s claims that former members who wiped its Facebook pages were cyber-squatting

Infosecurity Magazine

March 2, 2021 – Hacker

Medal of Honor Holders’ Identities Stolen Full Text

Abstract

Hacker stole heroes’ identities and used them to buy goods on American military exchanges

Infosecurity Magazine

March 02, 2021 – Breach

Malaysia Airlines discloses a nine-year-long data breach Full Text

Abstract

Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program.

BleepingComputer

March 2, 2021 – Breach

Malaysia Airlines Suffers Data Security ‘Incident’ Spanning Nine Years Full Text

Abstract

Malaysia Airlines has suffered a data security "incident" that compromised personal information belonging to some of its members. The breach is purported to involve a third-party IT service provider.

ZDNet

March 2, 2021 – Solution

Jailbreak Tool Works on iPhones Up to iOS 14.3 Full Text

Abstract

The UnC0ver team took advantage of an iOS flaw patched in January in its latest tool allowing developers and other enthusiasts to hack into their own devices.

Threatpost

March 02, 2021 – Business

SolarWinds reports $3.5 million in expenses from supply-chain attack Full Text

Abstract

SolarWinds has reported expenses of $3.5 million from last year's supply-chain attack, including costs related to incident investigation and remediation.

BleepingComputer

March 2, 2021 – Policy and Law

Gamer Sues Microsoft Over Cyberbullying Full Text

Abstract

Court case tests corporate responsibility for censoring harassment in gaming community

Infosecurity Magazine

March 2, 2021 – Hacker

Chinese hackers target Indian vaccine makers SII, Bharat Biotech, says security firm Full Text

Abstract

A Chinese state-backed hacking group has in recent weeks targeted the IT systems of two Indian vaccine makers whose coronavirus shots are being used in the country, Cyfirma told Reuters.

Reuters

March 2, 2021 – Malware

Compromised Website Images Camouflage ObliqueRAT Malware Full Text

Abstract

Emails spreading the ObliqueRAT malware now make use of steganography, disguising their payloads on compromised websites.

Threatpost

March 02, 2021 – Government

Government watchdog finds federal cybersecurity has ‘regressed’ in recent years Full Text

Abstract

Federal cybersecurity has "regressed" since 2019 due to factors including the lack of centralized cyber leadership at the White House, the Government Accountability Office (GAO) said in a report released Tuesday.

The Hill

March 2, 2021 – Ransomware

Ryuk Ransomware: Now with Worming Self-Propagation Full Text

Abstract

The Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning.

Threatpost

March 2, 2021 – Hacker

How Apple’s locked down security gives extra protection to the best hackers Full Text

Abstract

When the most advanced hackers do succeed in breaking in, something strange happens: Apple’s extraordinary defenses end up protecting the attackers themselves instead of keeping them out.

Technology Review

March 02, 2021 – Breach

Oxfam Australia confirms data breach after stolen info sold online Full Text

Abstract

Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January.

BleepingComputer

March 2, 2021 – Attack

French multinational dairy Lactalis hit by a cyber attack Full Text

Abstract

French multinational dairy products corporation Lactalis discloses cyberattack, but claimed that had no evidence of a data breach. France-based dairy giant Lactalis announced that it was hit by a cyber attack, but claimed that it had found no evidence...

Security Affairs

March 2, 2021 – Ransomware

Universal Health Services reports $67 million in losses after apparent ransomware attack Full Text

Abstract

A ransomware attack last fall caused $67 million in pre-tax losses at Universal Health Services, the U.S. health care provider has revealed, illustrating the financial toll caused by hackers.

Cyberscoop

March 02, 2021 – Ransomware

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware Full Text

Abstract

SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research. "While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the two ransomware to the same author," researchers from Intezer Lab said in a malware analysis published today revealing the attackers' tactics on the dark web. First identified in July 2019, QNAPCrypt (or eCh0raix ) is a ransomware family that was found to target Network Attached Storage (NAS) devices from Taiwanese companies QNAP Systems and Synology. The devices were compromised by brute-forcing weak credentials and exploiting known vulnerabilities with the goal of encrypting files found in the system. The ransomware has since been tracked to a Russian cybercrime group refe

The Hacker News

March 2, 2021 – Ransomware

Distributor of Asian food JFC International hit by Ransomware Full Text

Abstract

JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware attack that impacted some of the IT systems at its Europe Group.

Security Affairs

March 02, 2021 – Solution

Microsoft announces Windows Server 2022 with new security features Full Text

Abstract

Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform for added protection against a wide range of threats.

BleepingComputer

March 2, 2021 – Solution

Hackers Release New Jailbreak Tool for Almost Every iPhone Full Text

Abstract

The Unc0ver hacking team released its latest jailbreaking tool this weekend, and says it works on iOS 11 (iPhone 5s and later) to iOS 14.3, which Apple released in December.

TechCrunch

March 2, 2021 – Vulnerabilities

Quarter of Healthcare Apps Contain High Severity Bugs Full Text

Abstract

Veracode urges more regular scanning of applications

Infosecurity Magazine

March 02, 2021 – Solution

Microsoft Teams adds end-to-end encryption (E2EE) to one-on-one calls Full Text

Abstract

Microsoft adds new security, privacy, and compliance features to the Microsoft Teams chat and collaboration solution, including end-to-end encryption support for one-on-one calls.

BleepingComputer

March 2, 2021 – Solution

Scientists have built this ultrafast laser-powered random number generator Full Text

Abstract

Using a single, chip-scale laser, scientists have managed to generate streams of completely random numbers at about 100 times the speed of the currently fastest random-numbers generator systems.

ZDNet

March 2, 2021 – General

Kaspersky to Co-Chair Working Group of the Paris Call Full Text

Abstract

Group will propose concrete solutions tools to improve the security of cyberspace

Infosecurity Magazine

March 02, 2021 – Solution

Microsoft 365 Defender Threat Analytics enters public preview Full Text

Abstract

Microsoft announced the addition of Threat Analytics for Microsoft 365 Defender customers and the roll-out of Microsoft 365 Insider Risk Management Analytics, both in public preview.

BleepingComputer

March 2, 2021 – Breach

Fitness Studio Management Platform Leaks Over 1.5 Million User Records Due to Unsecured Server Full Text

Abstract

The exposed bucket contained 36,951 files, including 633 CSV files containing 1,522,740 records of users who signed up for fitness and wellness activities with businesses that use the Mariana Tek API.

Cyber News

March 2, 2021 – Ransomware

Universal Health Services Estimates $67 Million in Ransomware Losses Full Text

Abstract

Healthcare giant latest big name hit by financial tsunami

Infosecurity Magazine

March 2, 2021 – APT

Alleged China-linked APT41 group targets Indian critical infrastructures Full Text

Abstract

Recorded Future researchers uncovered a campaign conducted by Chinese APT41 group targeting critical infrastructure in India. Security researchers at Recorded Future have spotted a suspected Chinese APT actor targeting critical infrastructure operators...

Security Affairs

March 2, 2021 – Botnet

Google: Bad bots are on the attack, and your defence plan is probably wrong Full Text

Abstract

According to the advertising giant, 71% of companies experienced an increase in the number of successful bot attacks, and 56% of companies reported seeing different types of attacks.

ZDNet

March 2, 2021 – Malware

Beware – Mobile Threats shifts Towards Banking Trojans and Adware Full Text

Abstract

Recently in the Mobile Malware Evolution 2020, the very famous cybersecurity company Kaspersky has reported the prevailing mobile threat landscape and recognizes...

Cyber Security News

March 02, 2021 – Vulnerabilities

New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3 Full Text

Abstract

A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild. The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, expanding its compatibility to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability, including iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3. Tracked as CVE-2021-1782 , the flaw is a privilege escalation vulnerability in the kernel stemming from a race condition that could cause a malicious application to elevate its privileges. "We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability," Pwn20wnd said in a separate tweet. The vulnerability has since been addressed by Apple as part of its iOS and iPadOS 14.4 u

The Hacker News

March 2, 2021 – Policy and Law

DoJ Steps Up Investigation into NSO Group – Report Full Text

Abstract

Lawyers probe WhatsApp for more technical details

Infosecurity Magazine

March 2, 2021 – Government

NSA embraces the Zero Trust Security Model Full Text

Abstract

This model eliminates implicit trust in any entities inside or outside the perimeter of an organization, instead, it recommends implementing authorization and authentication for all processes.

Security Affairs

March 2, 2021 – Ransomware

Distributor of Asian food JFC International hit by Ransomware Full Text

Abstract

JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware...

Security Affairs

March 2, 2021 – Government

Hearing on Hack Prompts Call for Review of Government’s Cloud Procurement Full Text

Abstract

A key lawmaker highlighted a profit motive for “basic” cybersecurity as problematic, following an exchange with Microsoft President Brad Smith at a Congressional hearing Friday.

Nextgov

March 2, 2021 – General

Protecting the digital workplace with an integrated security strategy Full Text

Abstract

Historically, organizations have taken a siloed approach to defending against cyber threats. A new threat pops up, and the IT security team invests in and purchases a new point solution to address it.

Help Net Security

March 02, 2021 – Malware

Malicious NPM packages target Amazon, Slack with new dependency attacks Full Text

Abstract

Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers.

BleepingComputer

March 1, 2021 – Hacker

China’s new cyber tactic: targeting critical infrastructure Full Text

Abstract

Amid tensions along their border, the new RedEcho group is breaching power infrastructure in India.

SCMagazine

March 1, 2021 – General

VPNs begin to lose their relevance, even as they remain difficult to shed Full Text

Abstract

The pandemic and telework shift have highlighted the security shortcomings of many VPNs, but the lack of a clear, affordable alternative and room for smarter implementation could inhibit a wider market shift.

SCMagazine

March 01, 2021 – Vulnerabilities

Working Windows and Linux Spectre exploits found on VirusTotal Full Text

Abstract

Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal.

BleepingComputer

March 1, 2021 – Hacker

Chinese Hacker Group Targets Indian Power Sector & critical infrastructure Amid Border Tensions Full Text

Abstract

Recently, a Chinese state-sponsored hacker group, RedEcho has targeted the Indian power sector and critical infrastructure amid border tensions in an effort...

Cyber Security News

March 1, 2021 – General

Attacks Against Education Sector Persist Full Text

Abstract

The attacks increased as academic institutions shifted to remote learning and teaching, leaving their networks vulnerable to threat actors.

Cyware Alerts - Hacker News

March 01, 2021 – General

Hillicon Valley: Amazon manager sues company | Twitter to label posts with vaccine misinformation | Gab hacked Full Text

Abstract

Amazon is facing allegations of racial discrimination and sexual harassment detailed in a lawsuit filed by an employee on Monday. A U.K.-based startup launched a service aimed at helping governments and organizations counter online misinformation. Meanwhile, Twitter announced updated plans to target misinformation about COVID-19 vaccines, and a national commission came to some concerning conclusions about where the United States stands on artificial intelligence.

The Hill

March 01, 2021 – Malware

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites Full Text

Abstract

A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. "The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today. "In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware itself." Dubbed "Gootloader," the expanded malware delivery system comes amid a surge in the number of infections targeting users in France, Germany, South Korea, and the U.S. First documented in 2014, Gootkit is a Javascript-based malware platform capable of carrying out an array of covert activities, including web injection, capturing keystrokes, taking screenshots, recording videos, as well as email and password theft. Over the years, the

The Hacker News

March 1, 2021 – Policy and Law

United Airlines to Pay $49m to Settle False Data Claim Full Text

Abstract

Airline accused of defrauding USPS with false automated delivery scan data

Infosecurity Magazine

March 1, 2021 – General

Abstract

U.S. Cyber Command is hosting its annual legal conference this Thursday (March 4th), and all are welcome to (virtually) attend.

Lawfare

March 1, 2021 – Malware

Gootkit delivery platform Gootloader used to deliver additional payloads Full Text

Abstract

The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. Experts from Sophos documented the evolution of the “Gootloader,” the framework used for delivering the Gootkit...

Security Affairs

March 1, 2021 – General

VPNs still dominate post-COVID, but businesses are sniffing for alternatives Full Text

Abstract

SCMagazine

March 1, 2021 – Malware

Mobile Adware Booms, Online Banks Become Prime Target for Attacks Full Text

Abstract

A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks.

Threatpost

March 01, 2021 – Breach

European e-ticketing platform Ticketcounter extorted in data breach Full Text

Abstract

A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.

BleepingComputer

March 1, 2021 – Breach

T-Mobile Data Breach – Some of its Customers Affected by SIM Swap Attacks Full Text

Abstract

Recently, in an investigation, cybersecurity experts have detected a data breach after an unknown number of customers got attacked by SIM swap...

Cyber Security News

March 1, 2021 – General

Key Trends: eCrime and Nation-State Activities Full Text

Abstract

CrowdStrike revealed that there has been a humongous increase in interactive intrusion activity. There has been a fourfold increase in these activities in the last two years.

Cyware Alerts - Hacker News

March 01, 2021 – General

US ‘unprepared’ to defend against new AI threats, report finds Full Text

Abstract

The federal government is "unprepared" to defend the nation against new threats posed by the increased adoption of artificial intelligence technologies, according to a report released Monday.

The Hill

March 1, 2021 – Policy and Law

Florida Police Arrest 12 Alleged Online Predators Full Text

Abstract

Sting operation nets a dozen alleged sexual predators who targeted children online

Infosecurity Magazine

March 1, 2021 – Insider Threat

Intern caused ‘solarwinds123’ password leak, former SolarWinds CEO says Full Text

Abstract

Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing the company to hack. Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain...

Security Affairs

March 1, 2021 – Hacker

A new tactic for Chinese cyber actors: threatening critical infrastructure Full Text

Abstract

Amid tensions along their border, the new RedEcho group is breaching power infrastructure in India.

SCMagazine

March 01, 2021 – Attack

World’s leading dairy group Lactalis hit by cyberattack Full Text

Abstract

Lactalis, the world's leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company's systems.

BleepingComputer

March 1, 2021 – Ransomware

Ryuk Ransomware Updated With ‘Worm-Like Capabilities’ Full Text

Abstract

The developers behind the notorious strain of crypto-locking malware have given their attack code the ability to spread itself between systems inside an infected network.

Info Risk Today

March 1, 2021 – Policy and Law

Facebook Photo-tagging Lawsuit Settled for $650m Full Text

Abstract

Judge approves $650m settlement of privacy lawsuit brought against social network

Infosecurity Magazine

March 1, 2021 – General

Flaws fixed incorrectly, as secure coding education lags Full Text

Abstract

Broken access control and broken object level authorizations vulnerabilities have proven the most difficult to fix, while fixes for command injection and SQL injection flaws are most often incorrect.

SCMagazine

March 01, 2021 – Ransomware

Hackers use black hat SEO to push ransomware, trojans via Google Full Text

Abstract

The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results.

BleepingComputer

March 1, 2021 – Ransomware

Cybercriminals Demand Ransom From Tether Crypto Token to Avoid Leaking Sensitive Documents Full Text

Abstract

The unverified email screenshots appear to relate to Bahamas-based Deltec, which has a banking relationship with Tether, and a discussion over asset backing. Tether says the documents are "bogus."

ZDNet

March 1, 2021 – General

Half of Orgs Concerned Remote Working Puts Them at Greater Risk of Cyber-Attacks Full Text

Abstract

80% of orgs admitted that a portion of their workforce are using personal computers

Infosecurity Magazine

March 1, 2021 – General

Cloud-based dev teams: shift security left to avoid being the next SolarWinds Full Text

Abstract

“The entire way we perform security in a development environment needs to be rethought.”

SCMagazine

March 01, 2021 – Ransomware

Universal Health Services lost $67 million due to Ryuk ransomware attack Full Text

Abstract

Universal Health Services (UHS) said that the Ryuk ransomware attack it suffered during September 2020 had an estimated impact of $67 million.

BleepingComputer

March 1, 2021 – Ransomware

Data analytics agency Polecat held to ransom after server exposed 30TB of records Full Text

Abstract

An unsecured server belonging to Polecat, a data analytics company, exposed an estimated 30 terabytes of business records online, resulting in the firm being held to ransom.

The Daily Swig

March 1, 2021 – Covid-19

70% of Orgs Facing New Security Challenges Due to #COVID19 Pandemic Full Text

Abstract

Tanium report finds only a third of businesses consider cybersecurity a top priority for 2021

Infosecurity Magazine

March 1, 2021 – Business

Axonius looks toward global expansion with $100 million in Series D funding Full Text

Abstract

This later infusion of cash comes after Axonius doubled its staff during the pandemic and achieved triple-digit annual revenue growth in 2020.

SCMagazine

March 01, 2021 – Ransomware

NSW Transport agency extorted by ransomware gang after Accellion attack Full Text

Abstract

The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files.

BleepingComputer

March 1, 2021 – Vulnerabilities

Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall Full Text

Abstract

A critical vulnerability discovered in a firewall appliance made by Genua could be useful to threat actors once they’ve gained access to an organization’s network, according to SEC Consult.

Security Week

March 01, 2021 – Ransomware

Tether cryptocurrency firm says docs in $24 million ransom are ‘forged’ Full Text

Abstract

USDT cryptocurrency developer Tether has said they are being extorted by threat actors who are demanding 500 bitcoins, or approximately $24 million, not to leak allegedly stolen emails and documents.

BleepingComputer

March 1, 2021 – Vulnerabilities

Minion privilege escalation exploit patched in SaltStack Salt project Full Text

Abstract

The privilege escalation vulnerability, tracked as CVE-2020-28243, could allow "an unprivileged user to create files in any non-blacklisted directory via a command injection in a process name."

ZDNet

March 1, 2021 – General

FireEye CEO: Next war will hit regular Americans online Full Text

Abstract

Any future real-world conflict between the United States and an adversary like China or Russia will have direct impacts on regular Americans because of the risk of cyber attack, Kevin Mandia said.

Axios

March 1, 2021 – Hacker

10 Indian Power Generation and Transmission Entities Targeted by Chinese Hackers Amid Geopolitical Tensions Full Text

Abstract

A new study shows that as the standoff continued in the Himalayas between India and China, Chinese malware was flowing into the control systems that manage electric supply across India.

New York Times

March 01, 2021 – General

Why do companies fail to stop breaches despite soaring IT security investment? Full Text

Abstract

Let's first take a look back at 2020! Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data. A whopping 20 billion records were stolen in a single year, increasing 66% from 12 billion in 2019. Incredibly, this is a 9x increase from the comparatively "small" amount of 2.3 billion records stolen in 2018. This trend seems to fit an exponential curve; even worse, we are yet to see the fallouts from the end of the year "Solorigate" campaign, which has the potential to marginalize even these numbers by the end of 2021. Found among the leaked data are usernames, passwords, credit card numbers, bank account details, healthcare information, and other personal data. Malicious actors utilize these treasure troves of information for fraud and further attacks. In just the first quarter of 2020, the Dutch government managed to lose a hard drive

The Hacker News

March 1, 2021 – Malware

Go Malware Detections Increase 2000% Full Text

Abstract

Intezer warns of growing threat from programming language

Infosecurity Magazine

March 1, 2021 – Policy and Law

ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection Full Text

Abstract

ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users for illegal data collection. ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users. The settlement has yet to be approved...

Security Affairs

March 1, 2021 – General

Data is most at risk on email, with 83% of organizations experiencing email data breaches Full Text

Abstract

95% of IT leaders say that client and company data is at risk on email, an Egress report reveals. Additionally, 83% of organizations have suffered data breaches via this channel in the last 12 months.

Help Net Security

March 01, 2021 – Hacker

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions Full Text

Abstract

Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector. "10 distinct Indian power sector organizations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure," Recorded Future said in a report published yesterday. "Other targets identified included 2 Indian seaports." Chief among the victims include a power plant run by National Thermal Power Corporation (NTPC) Limited and New Delhi-based Power

The Hacker News

March 1, 2021 – Solution

Self-Assessment Tool Aims to Enhance Small Biz Security Full Text

Abstract

Micro-businesses and sole traders urged to take the test

Infosecurity Magazine

March 1, 2021 – Government

NSA embraces the Zero Trust Security Model Full Text

Abstract

The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security Agency (NSA) recently published a document to explain the benefits of adopting a zero-trust model, and advice...

Security Affairs

March 1, 2021 – Business

Cybersecurity firm Axonius raises $100 million at $1.2 billion valuation Full Text

Abstract

Cybersecurity startup Axonius has raised $100 million in a private funding round led by New York-based growth equity firm Stripes at a valuation of $1.2 billion, the company said on Sunday.

Reuters

March 01, 2021 – Attack

SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020 Full Text

Abstract

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack , top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The said password " solarwinds123 " was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the misconfiguration was addressed on November 22, 2019. But in a hearing before the House Committees on Oversight and Reform and Homeland Security on SolarWinds on Friday, CEO Sudhakar Ramakrishna testified that the password had been in use as early as 2017. While a preliminary investigation into the attack revealed that the operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, Crowdstrike's incident response efforts pointed to a revi

The Hacker News

March 1, 2021 – Policy and Law

Berlin Resident Jailed for NHS Bomb Threats Full Text

Abstract

Italian also threatened MPs and Black Lives Matters protesters

Infosecurity Magazine

March 1, 2021 – Breach

Data of 21 million users from 3 Android VPNs put for sale online Full Text

Abstract

A user on a popular hacker forum is selling three databases purportedly containing user credentials and device data stolen from three different Android VPN services – SuperVPN, GeckoVPN, and ChatVPN.

Cyber News

March 1, 2021 – Solution

New tool spots to identify security and privacy issues with COVID-19 tracing apps Full Text

Abstract

"COVIDGuardian", the first automated security and privacy assessment tool, tests contact tracing apps for potential threats such as malware, embedded trackers, and private information leakage.

The Times Of India

March 1, 2021 – General

RMIT attack underlines need to train all university staff in cyber safety Full Text

Abstract

Cybercriminals are very persistent and the daily numbers of cyberattacks show no sign of decreasing. This can jeopardize the reputation of students and academics as well as the institution itself.

The Conversation

March 1, 2021 – Business

Armorblox has raised $30 million to protect against phishing attacks with AI Full Text

Abstract

Armorblox, a cybersecurity startup using natural language understanding to protect enterprise communications, today announced that it raised $30 million in series B venture capital funding.

Venture Beat

March, 2021

Table of contents