November, 2021
November 30, 2021 – Vulnerabilities
Microsoft Defender scares admins with Emotet false positives Full Text
Abstract
Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload.BleepingComputer
November 30, 2021 – Outage
Ransomware attack shuts down Lewis & Clark Community College Full Text
Abstract
The college closed all its campuses this week and canceled all extra-curricular activities, including sports. The hack comes just weeks before the end of the fall semester.kmov
November 30, 2021 – Government
Democrat pushes for pipeline reliability standards Full Text
Abstract
Rep. Bobby Rush (D-Ill.) is pushing for the creation of an organization that would seek to set both physical and cybersecurity reliability standards for pipelines.The Hill
November 30, 2021 – General
New Hub for Lean IT Security Teams Full Text
Abstract
One of the harsh realities of cybersecurity today is that malicious actors and attackers don't distinguish between organizations that have seemingly endless resources and those operating with lean IT security teams. For these lean teams, meeting the challenges in the current security landscape requires constant attention, and sometimes a little support. XDR provider Cynet has built a new minisite ( find it here ) with the goal of giving these lean IT Security teams a space to find answers, share their wins and strategies, gain new insights, and have some fun in the process. The company refers to these lean teams and the people that make them up as Lean IT Security Heroes. These groups often work with fewer resources, but are always able to defend against massive threats through creativity, ingenuity, and hard work. This new Lean IT Security Heroes minisite offers a variety of activities and tools that are ideal for lean teams looking to enhance their defenses. Additionally, the sitThe Hacker News
November 30, 2021 – Vulnerabilities
Play the Opera Please – Opera patches a flaw in their turbo servers Full Text
Abstract
Opera released a mini patch for a vulnerability in their turbo servers that dates back to 2018. Prior approval are taken from Opera security team before disclosing this issue! Before we get started there are few things which we need to understand...Security Affairs
November 30, 2021 – Education
How Decryption of Network Traffic Can Improve Security Full Text
Abstract
Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.Threatpost
November 30, 2021 – Criminals
FBI seized $2.2M from affiliate of REvil, Gandcrab ransomware gangs Full Text
Abstract
The FBI seized $2.2 million in August from a well-known REvil and GandCrab ransomware affiliate, according to court documents seen by BleepingComputer.BleepingComputer
November 30, 2021 – Phishing
High Volume German Phishing Campaign Aims to Steal Banking Credentials Full Text
Abstract
Since the end of August 2021, Proofpoint researchers observed multiple high-volume campaigns leveraging customized, actor-owned landing pages spoofing major German banks like Volksbank and Sparkasse.Proof Point
November 30, 2021 – Policy and Law
Members of hacking group sentenced for stealing millions in cryptocurrency Full Text
Abstract
The Justice Department on Tuesday announced the sentencing of the last member of an international hacking group indicted for allegedly stealing millions in cryptocurrency as part of a “SIM hijacking” effort.The Hill
November 30, 2021 – Vulnerabilities
Critical Wormable Security Flaw Found in Several HP Printer Models Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed multiple security flaws affecting 150 different multifunction printers (MFPs) from HP Inc that could be potentially abused by an adversary to take control of vulnerable devices, pilfer sensitive information, and infiltrate enterprise networks to mount other attacks. The two weaknesses — collectively called Printing Shellz — were discovered and reported to HP by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev on April 29, 2021, prompting the PC maker to issue patches earlier this month — CVE-2021-39237 (CVSS score: 7.1) - An information disclosure vulnerability impacting certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers. CVE-2021-39238 (CVSS score: 9.3) - A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products. "The flaws are in the unit's communications board and font pThe Hacker News
November 30, 2021 – Botnet
New EwDoor Botnet is targeting AT&T customers Full Text
Abstract
360 Netlab experts spotted a new botnet dubbed EwDoor that infects unpatched AT&T enterprise network edge devices. Experts from Qihoo 360's Network Security Research Lab discovered a new botnet, dubbed EwDoor, that targets AT&T customers...Security Affairs
November 30, 2021 – Malware
Finland warns of Flubot malware heavily targeting Android users Full Text
Abstract
Finland's National Cyber Security Centre (NCSC-FI) has issued a "severe alert" to warn of a massive campaign targeting the country's Android users with Flubot banking malware pushed via text messages sent from compromised devices.BleepingComputer
November 30, 2021 – Breach
2.1 Million People Affected by Breach at DNA Diagnostics Center Full Text
Abstract
The attackers accessed an archived database containing personal information collected between 2004 and 2012 for a national genetic testing organization system that was acquired by the firm in 2012.Security Week
November 30, 2021 – Breach
Panasonic Suffers Data Breach After Hackers Hack Into Its Network Full Text
Abstract
Japanese consumer electronics giant Panasonic has disclosed a security breach wherein an unauthorized third-party broke into its network and potentially accessed data from one of its file servers. "As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion," the company said in a short statement published on November 26. Panasonic didn't reveal the exact nature of the data that was accessed, but TechCrunch reported that the breach began on June 22 and ended on November 3. The Osaka-based company said that immediately upon discovering the intrusion on November 11, it took steps to report the incident to the relevant authorities and that it implemented security countermeasures, including preventing external access to the network. Panasonic also noted it's currently working with an independent "specialist" organization to probe the extent of the leak and determine if the accessThe Hacker News
November 30, 2021 – Vulnerabilities
Critical Printing Shellz flaws impact 150 HP multifunction printer models Full Text
Abstract
Researchers discovered a critical wormable buffer overflow vulnerability that affects 150 different HP multifunction printer models (MFPs). Cybersecurity researchers from F-Secure have discovered two critical vulnerabilities, collectively tracked...Security Affairs
November 30, 2021 – Privacy
Smartwatches for children are a privacy and security nightmare Full Text
Abstract
Researchers analyzed the security of four popular smartwatches for children and found pre-installed downloaders, weak passwords, and unencrypted data transmissions.BleepingComputer
November 30, 2021 – Attack
EwDoor Botnet Is Attacking AT&T Customers Full Text
Abstract
According to 360 Netlab, so far, EwDoor has undergone three versions of updates, and its main functions can be summarized into two main categories of DDoS attacks and backdoor.Netlab
November 30, 2021 – Vulnerabilities
Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS Full Text
Abstract
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems. Tracked as CVE-2021-24084 (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files. Security researcher Abdelhamid Naceri was credited with discovering and reporting the bug in October 2020, prompting Microsoft to address the issue as part of its February 2021 Patch Tuesday updates. But as observed by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month found that the incompletely patched vulnerability could also be exploited to gain administrator privileges and run malicious code on Windows 10 machines running the latest security updates . "NameThe Hacker News
November 30, 2021 – APT
WIRTE APT group targets the Middle East since at least 2019 Full Text
Abstract
A threat actor named WIRTE targets government, diplomatic entities, military organizations, law firms, and financial institutions in Middle East. Cybersecurity researchers from Kaspersky have detailed the activity of a threat actor named WIRTE that...Security Affairs
November 30, 2021 – Botnet
EwDoor botnet targets AT&T network edge devices at US firms Full Text
Abstract
A recently discovered botnet is attacking unpatched AT&T enterprise network edge devices using exploits for a four-year-old critical severity Blind Command Injection security flaw.BleepingComputer
November 30, 2021 – Vulnerabilities
Project Zero Flags High-Risk Zoom Security Flaw Full Text
Abstract
Video conferencing software giant Zoom has shipped patches for a pair of security defects that expose Windows, macOS, Linux, iOS, and Android users to malicious hacker attacks.Security Week
November 30, 2021 – Hacker
WIRTE Hacker Group Targets Government, Law, Financial Entities in Middle East Full Text
Abstract
Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity company Kaspersky attributed the attacks with high confidence to a threat actor named WIRTE, adding the intrusions involved "MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant," which is a Visual Basic Script (VBS) with functionality to amass system information and execute arbitrary code sent by the attackers on the infected machine. An analysis of the campaign as well as the toolset and methods employed by the adversary has also led the researchers to conclude with low confidence that the WIRTE group has connections to another politically motivated collective called the Gaza Cybergang . The affected entities are spread across Armenia, CypThe Hacker News
November 30, 2021 – Malware
4 Android banking trojans were spread via Google Play infecting 300.000+ devices Full Text
Abstract
Experts found four Android banking trojans that were available on the official Google Play Store and that infected +300,000 devices. Researchers from ThreatFabric discovered four distinct Android banking trojans that were spread via the official...Security Affairs
November 30, 2021 – Malware
Android banking malware infects 300,000 Google Play users Full Text
Abstract
Malware campaigns distributing Android trojans that steals online bank credentials have infected almost 300,000 devices through malicious apps pushed via Google's Play Store.BleepingComputer
November 30, 2021 – Attack
New Attack Campaign Abuses Legitimate Remote Administrator Tools and Spreads via Fake Cryptocurrency Websites Full Text
Abstract
Trend Micro researchers discovered a new cryptocurrency-related campaign that abuses a legitimate Russian RAT known as Safib Assistant via a newer version of the malware called SpyAgent.Trend Micro
November 30, 2021 – Breach
DNA testing firm discloses data breach affecting 2.1 million people Full Text
Abstract
DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2,102,436 persons.BleepingComputer
November 30, 2021 – Criminals
Cybercriminals Pose as Samsung Recruiters to Target South Korea Full Text
Abstract
A report by Google revealed that Lazarus APT, the North Korean-linked cyberespionage group, impersonated Samsung recruiters to target South Korean security firms selling anti-malware solutions. The sent emails contain a malicious PDF that talks about recruiting. Hackers are innovating and putting m ... Read MoreCyware Alerts - Hacker News
November 30, 2021 – Vulnerabilities
8-year-old HP printer vulnerability affects 150 printer models Full Text
Abstract
Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard.BleepingComputer
November 30, 2021 – Hacker
Cyberattackers Slowing Down the Pace of Financial Services Sector Full Text
Abstract
Cyberattackers are launching a number of attacks aimed at the financial sector with the most targeted regions being North and South America, Western Europe, and Southern Asia. One of the most common and frequent attack vectors was phishing, followed by social engineering. Such cyberattacks on the f ... Read MoreCyware Alerts - Hacker News
November 30, 2021 – Ransomware
Yanluowang ransomware operation matures with experienced affiliates Full Text
Abstract
An affiliate of the recently discovered Yanluowang ransomware operation is focusing its attacks on U.S. organizations in the financial sector using BazarLoader malware in the reconnaissance stage.BleepingComputer
November 29, 2021 – APT
ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks Full Text
Abstract
The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.Threatpost
November 29, 2021 – Vulnerabilities
Unpatched Windows Zero-Day Allows Privileged File Access Full Text
Abstract
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.Threatpost
November 29, 2021 – Denial Of Service
Dark web market Cannazon shuts down after massive DDoS attack Full Text
Abstract
Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last week after suffering a debilitating distributed denial of service attack.BleepingComputer
November 29, 2021 – Phishing
Phishing Attacks Reach 260,000 in Q3 2021 - APWG Report Full Text
Abstract
The month of July witnessed 260,642 phishing attacks, the highest in APWG’s reporting history since 2004. Phishing victimized software-as-a-service and webmail industries the most in Q3 2021.Cyware Alerts - Hacker News
November 29, 2021 – Policy and Law
Lawmakers take aim at ‘Grinches’ using bots to target consumers during holidays Full Text
Abstract
A group of congressional Democrats rolled out legislation Monday to stop "Grinches" from stealing Christmas by using bots to corner the market on popular toys and other products during the holiday season.The Hill
November 29, 2021 – Malware
4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021 Full Text
Abstract
Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm ThreatFabric said the malware campaigns are not only more refined, but also engineered to have a small malicious footprint, effectively ensuring that the payloads are installed only on smartphones devices from specific regions and preventing the malware from being downloaded during the publishing process. The list of malicious dropper apps is below - Two Factor Authenticator (com.flowdivison) Protection Guard (com.protectionguard.app) QR CreatorScanner (com.ready.qrscanner.mix) Master Scanner Live (com.multifuction.combine.qr) QR Scanner 2021 (com.qr.code.generate) QR Scanner (com.qr.barqr.scangen) PDF DocumentThe Hacker News
November 29, 2021 – Privacy
Recent Additions to Entity List Part of Broader U.S. Effort Targeting Spyware Full Text
Abstract
The Commerce Department’s addition of four entities to the export control Entity List highlights accelerated efforts to target companies providing cyber services to certain foreign governments—especially when human rights are at stake.Lawfare
November 29, 2021 – Vulnerabilities
Google experts found 2 flaws in video conferencing software Zoom Full Text
Abstract
Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software...Security Affairs
November 29, 2021 – Attack
IKEA Hit by Email Reply-Chain Cyberattack Full Text
Abstract
IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.Threatpost
November 29, 2021 – Hacker
Stealthy WIRTE hackers target governments in the Middle East Full Text
Abstract
A stealthy hacking group named WIRTE has been linked to a government-targeting campaign conducting attacks since at least 2019 using malicious Excel 4.0 macros.BleepingComputer
November 29, 2021 – Breach
Compromised Cloud Accounts Lead to Cryptomining Full Text
Abstract
Google’s Threat Horizons report claims that hackers were compromising cloud accounts used for storing files and data. Hackers also leverage cloud instances to perform other malicious activities.Cyware Alerts - Hacker News
November 29, 2021 – Privacy
New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists Full Text
Abstract
North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat (APT) as part of a new wave of highly-targeted surveillance attacks. Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as ScarCruft , also known as APT37 , Reaper Group, InkySquid, and Ricochet Chollima. "The actor utilized three types of malware with similar functionalities: versions implemented in PowerShell, Windows executables and Android applications," the company's Global Research and Analysis Team (GReAT) said in a new report published today. "Although intended for different platforms, they share a similar command and control scheme based on HTTP communication. Therefore, the malware operators can control the whole malware family through one set of command and control scripts." Likely active since at least 2012, ScarCThe Hacker News
November 29, 2021 – General
Technology Diplomacy Changes Are the Right Start Full Text
Abstract
The State Department must retain the focus of top leadership and continue to work with Congress to ensure the long-term success of its new technology-focused bureau and special envoy.Lawfare
November 29, 2021 – Attack
Panasonic confirmed that its network was illegally accessed by attackers Full Text
Abstract
Panasonic disclosed a security breach after threat actors gained access to its servers storing potentially sensitive information. Japanese electronics giant Panasonic disclosed a security breach after threat actors gained access to some servers of the company...Security Affairs
November 29, 2021 – General
Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months Full Text
Abstract
Attackers are honing Google Play dropper campaigns, overcoming app store restrictions.Threatpost
November 29, 2021 – Vulnerabilities
Zoom finally adds automatic updates to Windows, macOS clients Full Text
Abstract
Zoom has announced today the launch of an automatic update feature designed to streamline the update process for desktop clients.BleepingComputer
November 29, 2021 – Education
Addressing the cybersecurity skills gap with higher education Full Text
Abstract
A recent report by the ENISA takes a look into data gathered by the Cybersecurity Higher Education Database, CyberHEAD, in order to make a prediction on the future trends.Help Net Security
November 29, 2021 – Hacker
Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency Full Text
Abstract
Threat actors are exploiting improperly-secured Google Cloud Platform (GCP) instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view count manipulation. "While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation," Google's Cybersecurity Action Team (CAT) outlined as part of its recent Threat Horizons report published last week. Of the 50 recently compromised GCP instances, 86% of them were used to conduct cryptocurrency mining, in some cases within 22 seconds of successful breach, while 10% of the instances were exploited to perform scans of other publicly accessible hosts on the Internet to identify vulnerable systems, and 8% of the instances were used to strike other entitiThe Hacker News
November 29, 2021 – Vulnerabilities
Experts warn of attacks exploiting CVE-2021-40438 flaw in Apache HTTP Server Full Text
Abstract
Threat actors are exploiting the recently patched CVE-2021-40438 flaw in Apache HTTP servers, warns German Cybersecurity Agency and Cisco. Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked...Security Affairs
November 29, 2021 – Breach
Panasonic discloses data breach after network hack Full Text
Abstract
Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month.BleepingComputer
November 29, 2021 – Vulnerabilities
Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks Full Text
Abstract
Organizations are being advised to ensure that their Apache HTTP servers are up to date, after it came to light that a recently patched vulnerability has been exploited in attacks.Security Week
November 29, 2021 – Solution
CleanMyMac X: Performance and Security Software for Macbook Full Text
Abstract
We use Internet-enabled devices in every aspect of our lives today—to find information, shop, bank, do homework, play games, and keep in touch with friends and family. As a result, our devices contain much personal information about us. Also, any great device will get a little clunky and slow over time and the Mac is no exception, and the whole "Macs don't get viruses" claim is a myth. Malware for Macs has increased over the years, and today's Macs are being plagued by adware, scareware, and other potentially unwanted programs as well. If you are worried about your Macbook's performance and security, including unwanted software, ransomware, CleanMyMac X software has you covered. CleanMyMac is all-in-all software to optimize your Mac's performance and security. It clears out clutter and removes megatons of junk so your computer can run faster, just like it did on day one. The tool is designed to replace several optimization apps for Mac and can be anythiThe Hacker News
November 29, 2021 – Attack
Biopharmaceutical firm Supernus Pharmaceuticals hit by Hive ransomware during an ongoing acquisition Full Text
Abstract
Biopharmaceutical company Supernus Pharmaceuticals discloses a ransomware attack, the Hive ransomware claims to have stolen company data. Biopharmaceutical company Supernus Pharmaceuticals confirmed it was the victim of a data breach after a ransomware...Security Affairs
November 29, 2021 – APT
APT37 targets journalists with Chinotto multi-platform malware Full Text
Abstract
North Korean state hacking group APT37 targets South Korean journalists, defectors, and human rights activists in watering hole, spear-phishing emails, and smishing attacks delivering malware dubbed Chinotto capable of infecting Windows and Android devices.BleepingComputer
November 29, 2021 – Criminals
Ransomware Operators Threaten to Leak 1.5TB of Supernus Pharmaceuticals Data Full Text
Abstract
Biopharmaceutical company Supernus Pharmaceuticals last week confirmed it fell victim to a ransomware attack that resulted in a large amount of data being exfiltrated from its network.Security Week
November 29, 2021 – Government
Israel cut cyber export list, excluding totalitarian regimes Full Text
Abstract
Israel's Ministry of Defense bans the sale of surveillance software and offensive hacking tools to tens of countries. Israel's Ministry of Defense has cut the list of countries to which Israeli surveillance and cybersecurity firms could sell their...Security Affairs
November 29, 2021 – General
Phishing attacks top 260,000 in Q3 2021 Full Text
Abstract
The number of targets being attacked by phishers – the banks, app providers, universities, and other entities that phishers imitate in order to fool victims – has continued to rise through 2021.Help Net Security
November 29, 2021 – Attack
IKEA hit by a cyber attack that uses stolen internal reply-chain emails Full Text
Abstract
Sending the messages from the organization's servers allows the attackers to bypass detection. Threat actors also exploit the access to internal emails to target business partners.Security Affairs
November 29, 2021 – Vulnerabilities
0patch releases unofficial patches for CVE-2021-24084 Windows 10 zero-day Full Text
Abstract
The vulnerability, discovered by the security researcher Abdelhamid Naceri, can be exploited to bypass a patch released by Microsoft in February to address another information disclosure flaw.Security Affairs
November 28, 2021 – Criminals
Interpol Arrests Over 1,000 Cyber Criminals From 20 Countries; Seizes $27 Million Full Text
Abstract
A joint four-month operation coordinated by Interpol, the international criminal police organization, has culminated in the arrests of more than 1,000 cybercriminals and the recovery of $27 million in illicit proceeds. Codenamed " HAECHI-II ," the crackdown enabled law enforcement units from across 20 countries, as well as Hong Kong and Macao, close 1,660 cases alongside blocking 2,350 bank accounts linked to the fraudulent illicit funds amassed from a range of online financial crimes, such as romance scams, investment fraud, and money laundering associated with illegal online gambling. "The results of Operation HAECHI-II show that the surge in online financial crime generated by the COVID-19 pandemic shows no signs of waning," said Interpol Secretary General Jürgen Stock in a press statement issued on November 26. The coordinated law enforcement probe took place over a period of four months, starting from June 2021 until September 2021, with ten new criminalThe Hacker News
November 28, 2021 – General
Ransomware Attacks on Healthcare System Goes Way Beyond Just Data Full Text
Abstract
Ransomware attacks on the healthcare sector directly impact the patients. A Ponemon study revealed that a successful attack can lead to a longer stay for patients at a round 70% of healthcare delivery organizations.Cyware Alerts - Hacker News
November 28, 2021 – Policy and Law
French court indicted Nexa Technologies for complicity in acts of torture Full Text
Abstract
Nexa Technologies was indicted for complicity in acts of torture, the French firm is accused of having sold surveillance equipment to the Egypt. Nexa Technologies offers a range of solutions for homeland security, including surveillance solutions....Security Affairs
November 28, 2021 – Phishing
The Rise in Banking Scams: Zelle Fraud and Other Threats Full Text
Abstract
A notorious group of hackers has been found targeting customers of banks with phony fraud alerts and stealing thousands of dollars from their bank accounts. The scam first came to light in August.Cyware Alerts - Hacker News
November 28, 2021 – Malware
RATDispenser, a new stealthy JavaScript loader used to distribute RATs Full Text
Abstract
RATDispenser is a new stealthy JavaScript loader that is being used to spread multiple remote access trojans (RATs) into the wild. Researchers from the HP Threat Research team have discovered a new stealthy JavaScript loader dubbed RATDispenser that...Security Affairs
November 28, 2021 – Hacker
North Korea-linked Zinc group posed as Samsung recruiters to target security firms Full Text
Abstract
North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South...Security Affairs
November 28, 2021 – Vulnerabilities
0patch releases unofficial patches for CVE-2021-24084 Windows 10 zero-day Full Text
Abstract
0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084)...Security Affairs
November 28, 2021 – General
Security Affairs newsletter Round 342 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
November 27, 2021 – Vulnerabilities
New Windows 10 zero-day gives admin rights, gets unofficial patch Full Text
Abstract
Free unofficial patches have been released to protect Windows users from a local privilege escalation (LPE) zero-day vulnerability in the Mobile Device Management Service impacting all Windows 10 versions from v1809 to v21H1.BleepingComputer
November 27, 2021 – Malware
CronRAT Abuses Linux Task Scheduler to Stay Under the Radar Full Text
Abstract
Security researchers have discovered a Linux-based remote access trojan (RAT) that uses an unusual stealth technique to steal data. It hides in the Linux calendar sub-system as a task that has a nonexistent date viz. February 31. Organizations are suggested to invest more in data protection solutio ... Read MoreCyware Alerts - Hacker News
November 27, 2021 – Hacker
Iranian Hackers Abusing Known Bug in Microsoft’s MSHTML Full Text
Abstract
A new Iranian actor was spotted abusing an RCE flaw in Microsoft MSHTML to target Farsi-speaking people globally and stealing their Google and Instagram credentials. The attacks started in July via spear-phishing emails that targeted Windows users with Winword attachments. Exports recommend organiz ... Read MoreCyware Alerts - Hacker News
November 27, 2021 – General
Holiday Scams May Cost $53 Million This Year, Warns FBI Full Text
Abstract
The FBI has warned that online shoppers are at risk of losing more than $53 million this year to holiday scams that promise fake bargains and hard-to-find gifts.Cyware Alerts - Hacker News
November 27, 2021 – Policy and Law
Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition Full Text
Abstract
Italy's antitrust regulator, Autorità Garante della Concorrenza e del Mercato (AGCM), has fined Apple and Google €10 million each their "aggressive" data practices. Italy's antitrust regulator, Autorità Garante della Concorrenza e del Mercato...Security Affairs
November 27, 2021 – Criminals
HAEICHI-II: Interpol arrested +1,000 suspects linked to various cybercrimes Full Text
Abstract
HAEICHI-II: Interpol arrested 1,003 individuals charged for several cybercrimes, including romance scams, investment frauds, and online money laundering. Interpol has coordinated an international operation, code-named Operation HAEICHI-II, that...Security Affairs
November 27, 2021 – Attack
IKEA hit by a cyber attack that uses stolen internal reply-chain emails Full Text
Abstract
Threat actors are targeting IKEA employees in an internal phishing campaign leveraging stolen reply-chain emails. According to BleepingComputer, threat actors are targeting IKEA employees in phishing attacks using stolen reply-chain emails. Once...Security Affairs
November 26, 2021 – Policy and Law
Italy’s Antitrust Regulator Fines Google and Apple for “Aggressive” Data Practices Full Text
Abstract
Italy's antitrust regulator has fined both Apple and Google €10 million each for what it calls are "aggressive" data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato (AGCM) said "Google and Apple did not provide clear and immediate information on the acquisition and use of user data for commercial purposes," adding the tech companies chose to emphasize the data collection as only necessary to improve their own services and personalize user experience without offering any indication that the data could be transferred and used for other reasons. The concerns have to do with how the companies omit relevant information when creating an account and using their services, details which the authority said are critical to making an informed decision as to whether or not to give permission for utilizing their data for commeThe Hacker News
November 26, 2021 – Attack
IKEA email systems hit by ongoing cyberattack Full Text
Abstract
IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails.BleepingComputer
November 26, 2021 – Hacker
Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware Full Text
Abstract
An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called " Tardigrade ." That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) this week, which noted that the malware is actively spreading across the sector with the likely goal of perpetrating intellectual property theft, maintaining persistence for extended periods of time, and infecting the systems with ransomware. BIO-ISAC, which commenced an investigation following a ransomware attack targeting an unnamed biomanufacturing facility earlier this spring, characterized Tardigrade as a sophisticated piece of malware with "a high degree of autonomy as well as metamorphic capabilities." The same malware was then used to strike a second entity in October 2021. The "actively spreading" intrusions have not been attributed to a specificThe Hacker News
November 26, 2021 – Phishing
TrickBot phishing checks screen resolution to evade researchers Full Text
Abstract
The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers.BleepingComputer
November 26, 2021 – Hacker
Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable Full Text
Abstract
A new malware campaign has been discovered targeting cryptocurrency, non-fungible token ( NFT ), and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that's capable of bypassing antivirus solutions and stage a variety of attacks. "[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware," Morphisec researchers said in a report published this week. The malware distribution attacks are said to have commenced in May 2021. Crypters are a type of software used by cybercriminals that can encrypt, obfuscate, and manipulate malicious code so as to appear seemingly innocuous and make it harder to detect by security programs — a holy grail for malware authors. The infiltrations observed by Morphisec involved the threat actor sending decoy messages to prospective users on Discord channels related to blockchain-based games such as Mines of Dalarnia , urgThe Hacker News
November 26, 2021 – Ransomware
Marine services provider Swire Pacific Offshore hit by ransomware Full Text
Abstract
Swire Pacific Offshore (SPO) has discovered an unauthorized network infiltration onto its IT systems, resulting in the compromise of some employee data.BleepingComputer
November 26, 2021 – Malware
CronRAT: A New Linux Malware That’s Scheduled to Run on February 31st Full Text
Abstract
Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said. The Dutch cybersecurity firm said it found samples of the RAT on several online stores, including an unnamed country's largest outlet. CronRAT's standout feature is its ability to leverage the cron job-scheduler utility for Unix to hide malicious payloads using task names programmed to execute on February 31st. Not only does this allow the malware to evade detection from security software, but it also enables it to launch an array of attack commands that could put Linux eCommerce servers at risk. "The CronRAT adds a number of tasks to crontab with a curious dateThe Hacker News
November 26, 2021 – Criminals
Interpol arrests over 1,000 suspects linked to cyber crime Full Text
Abstract
Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling.BleepingComputer
November 26, 2021 – APT
APT C-23 Targeting Android Users in Middle East with Spyware Full Text
Abstract
Sophos is warning against an evolved version of an Android spyware, allegedly used by an APT group called C-23, targeting individuals in the Middle East. It spreads via a download link in a text message sent to the target’s phone. Users are requested to a lways update Android OS and applications v ... Read MoreCyware Alerts - Hacker News
November 26, 2021 – General
Many users are sharing passwords with someone outside their household Full Text
Abstract
According to a survey by The Harris Poll, 68% of Americans admitted to using the same password on multiple accounts and 64% only change their passwords if they have to, leaving them vulnerable.Help Net Security
November 26, 2021 – General
The Record by Recorded Future Full Text
Abstract
North Korean state-sponsored hackers posed as Samsung recruiters and sent fake job offers to employees at South Korean security companies that sell anti-malware software, Google said this week.The Record
November 26, 2021 – Solution
New differential fuzzing tool reveals novel HTTP request smuggling techniques Full Text
Abstract
Researchers have released a new fuzzing tool used for finding novel HTTP request smuggling techniques. The tool, dubbed ‘T-Reqs’, was built by a team from Northeastern University, Boston, and Akamai.The Daily Swig
November 26, 2021 – Attack
Marine services provider Swire Pacific Offshore (SPO) hit by Clop ransomware Full Text
Abstract
Marine services provider Swire Pacific Offshore (SPO) has suffered a Clop ransomware attack that resulted in the theft of company data. Clop ransomware hit Marine services provider Swire Pacific Offshore (SPO) and stole company data, but did not affected...Security Affairs
November 26, 2021 – Cryptocurrency
Threat actors target crypto and NFT communities with Babadeda crypter Full Text
Abstract
Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT),...Security Affairs
November 25, 2021 – Government
Israel Bans Sales of Hacking and Surveillance Tools to 65 Countries Full Text
Abstract
Israel's Ministry of Defense has dramatically restricted the number of countries to which cybersecurity firms in the country are allowed to sell offensive hacking and surveillance tools to, cutting off 65 nations from the export list. The revised list, details of which were first reported by the Israeli business newspaper Calcalist , now only includes 37 countries, down from the previous 102: Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Portugal, Romania, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, the Netherlands, the U.K., and the U.S. Notably missing from the list are countries such as Morocco, Bahrain, Saudi Arabia, and the U.A.E, which have been previously identified as customers of Israeli spyware vendor NSO Group. In curtailing the exports, the move effectiThe Hacker News
November 25, 2021 – Breach
UK government transport website caught showing porn Full Text
Abstract
A UK Department for Transport (DfT) website was caught serving porn earlier today. The particular DfT subdomain behind the mishap, on most days, provides vital DfT statistics for the public and the department's business plan.BleepingComputer
November 25, 2021 – Breach
Philippines: Personal data of 22,000 S&R members compromised in cyberattack Full Text
Abstract
In a statement, NPC confirmed the receipt of a breach notification report on November 15 from S&R Membership Shopping concerning a cyberattack “that may have compromised its members’ personal data.”Manila Bulletin News
November 25, 2021 – General
Product Releases Should Not Be Scary Full Text
Abstract
Every Product Manager and Software Developer should know that pushing feature updates to production via traditional channels is as archaic as painting on cave walls. The smart are always quick to adapt to new, innovative technologies, and this mindset is exactly what makes normal companies great. The landscape is changing fast, especially in IT . Change isn't just necessary, but more often than not, it's the single-most-important variable that determines a company's chances of survival. The fact of the matter is that NOT using Feature Flags leads to a more cumbersome, expensive, and slower type of rollout. Simply put, it makes your project less competitive with those that have their deployments better organized, and that's an edge that you can't afford to lose . Feature Flags are changing how things work Many companies are using Feature Flags these days, and for good measure. It's safer and allows for more granular control over what you're building.The Hacker News
November 25, 2021 – Malware
New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks Full Text
Abstract
Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection. Security researchers from Sansec have discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux...Security Affairs
November 25, 2021 – Phishing
New Twists on Gift-Card Scams Flourish on Black Friday Full Text
Abstract
Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday.Threatpost
November 25, 2021 – Criminals
How cybercriminals adjusted their scams for Black Friday 2021 Full Text
Abstract
Black Friday is approaching, and while shoppers prepare to open their wallets, cybercriminals hone their malware droppers, phishing lures, and fake sites.BleepingComputer
November 25, 2021 – Vulnerabilities
Common Cloud Misconfigurations can be Exploited in Minutes: Report Full Text
Abstract
In an experiment by Palo Alto Network's Unit 42, a round 80% of the honeypots were compromised within 24 hours and the rest were compromised within a week, with SSH being the prime target.Cyware Alerts - Hacker News
November 25, 2021 – Malware
This New Stealthy JavaScript Loader Infecting Computers with Malware Full Text
Abstract
Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021. Around 155 samples of this new malware have been discovered, spread across three different variants, hinting that it's under active development. "RATDispenser is used to gain an initial foothold on a system before launching secondary malware that establishes control over the compromised device," security researcher Patrick Schläpfer said . "All the payloads were RATs, designed to steal information and give attackers control over victim devices." As with other attacks of this kind, the starting point of the infection is a phishing email containing a malicious attachment, which masquerades as a textThe Hacker News
November 25, 2021 – Breach
Several GoDaddy brands impacted in recent data breach Full Text
Abstract
Recently disclosed data breach impacted several of its brands, including Domain Factory, Heart Internet, Host Europe, Media Temple, tsoHost and 123Reg. Recently GoDaddy has disclosed a data breach that impacted up to 1.2 million of its customers,...Security Affairs
November 25, 2021 – Malware
New Linux malware hides in cron jobs with invalid dates Full Text
Abstract
Security researchers have discovered a new remote access trojan (RAT) for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st.BleepingComputer
November 25, 2021 – Malware
Emotet’s Infrastructure Witnesses Huge Growth Full Text
Abstract
Upon analyzing Emotet’s code, several researchers confirmed that the malware has been upgraded, along with expansion of its infrastructure, for an improved, secure, and robust operation.Cyware Alerts - Hacker News
November 25, 2021 – Hacker
Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware Full Text
Abstract
A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines. "[T]he stealer is a PowerShell script, short with powerful collection capabilities — in only ~150 lines, it provides the adversary a lot of critical information including screen captures, Telegram files, document collection, and extensive data about the victim's environment," SafeBreach Labs researcher Tomer Bar said in a report published Wednesday. Nearly half of the targets are from the U.S., with the cybersecurity firm noting that the attacks are likely aimed at "Iranians who live abroad and might be seen as a threat to Iran's Islamic regime." The phishing campaign, which began in July 2021, involved the exploitation of CVE-2021-40444, a remote code execution flaw that could be expThe Hacker News
November 25, 2021 – Hacker
Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials Full Text
Abstract
An Iranian threat actor is stealing Google and Instagram credentials of Farsi-speaking targets by exploiting a Microsoft MSHTML bug. Researchers from SafeBreach Labs spotted a new Iranian threat actor that is using an exploit for a Microsoft MSHTML...Security Affairs
November 25, 2021 – Malware
Discord malware campaign targets crypto and NFT communities Full Text
Abstract
A new malware campaign on Discord uses the Babadeda crypter to hide malware that targets the crypto, NFT, and DeFi communities.BleepingComputer
November 25, 2021 – Breach
Huntington Hospital Issues Notice of Unauthorized Access to Personal Information of 13,000 Patients Full Text
Abstract
The hospital learned that a night shift employee improperly accessed electronic medical patient records in violation of its policies, leading to unauthorized access to 13,000 patients' data.Yahoo! Finance
November 25, 2021 – Education
If You’re Not Using Antivirus Software, You’re Not Paying Attention Full Text
Abstract
Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy. Need help picking out antivirus software? Well, we've got you covered. Below you can find our picks for the best antivirus products of 2021. But before we get to that, let's set a few things straight so we're all on the same page. When we talk about antivirus products, we're really talking about anti- malware products. Malware is a catchall term that refers to any malicious program created to damage, disrupt, or take charge of a computer. Types of malware include not only viruses but spyware, trojan horses, ransomware, adware, and scareware. Any good antivirus product in 2021 must be abThe Hacker News
November 25, 2021 – Government
FBI warns of crooks targeting online shoppers during the holiday season Full Text
Abstract
The Federal Bureau of Investigation (FBI) warns of cybercriminals targeting online shoppers during the holiday season. The FBI warns of cyber criminals targeting online shoppers during the holiday season. In this period netizens hope to take advantage...Security Affairs
November 25, 2021 – Vulnerabilities
Microsoft Defender for Endpoint fails to start on Windows Server Full Text
Abstract
Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems.BleepingComputer
November 25, 2021 – Vulnerabilities
WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws Full Text
Abstract
Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.The Daily Swig
November 25, 2021 – Hacker
Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild Full Text
Abstract
Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos disclosed that it "detected malware samples in the wild that are attempting to take advantage of this vulnerability." Tracked as CVE-2021-41379 and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft's Patch Tuesday updates for November 2021. However, in what's a case of an insufficient patch, Naceri found that it was not only possible to bypass the fix implemented by Microsoft but also achieve local privilege escalation via a newly discovered zero-day bug. The proof-of-concept (PoC) exploit, dubbed " InstallerFileTakeOver ," wThe Hacker News
November 25, 2021 – Breach
Data Breach at New Mexico Healthcare Business Impacts 62,000 State Residents Full Text
Abstract
The personally identifiable information of more than 62,000 U.S. citizens may have been compromised following a cyber-attack against a New Mexico-based healthcare insurer.The Daily Swig
November 25, 2021 – Attack
Printjack Attacks Can Turn Printers Into Zombies Full Text
Abstract
According to a team of Italian researchers, a large number of printers are publicly exposed on the internet, making it easy for attackers to send malicious data remotely.Cyware Alerts - Hacker News
November 24, 2021 – Vulnerabilities
VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client Full Text
Abstract
VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5 out of a maximum of 10 on the CVSS scoring system, and impacts vCenter Server versions 6.5 and 6.7. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information," the company noted in an advisory published on November 23, crediting ch0wn of Orz lab for reporting the flaw. The second shortcoming remediated by VMware relates to an SSRF (Server-Side Request Forgery) vulnerability in the Virtual storage area network (vSAN) Web Client plug-in that could allow a malicious actor with network access to port 443 on vCenter Server to exploit the flaw by accessing an iThe Hacker News
November 24, 2021 – Attack
Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds Full Text
Abstract
A newly discovered Iranian threat actor is stealing Google and Instagram credentials belonging to Farsi-speaking targets worldwide using a new PowerShell-based stealer dubbed PowerShortShell by security researchers at SafeBreach Labs.BleepingComputer
November 24, 2021 – Breach
Digital Marketing Agency Cronin Exposed Financial, Employee, and Client Data Full Text
Abstract
The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. These records included internal data such as employee and client information.Website Planet
November 24, 2021 – Vulnerabilities
Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally Full Text
Abstract
Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese company's audio digital signal processor ( DSP ) unit by Israeli cybersecurity firm Check Point Research, ultimately finding that by stringing them together with other flaws present in a smartphone manufacturer's libraries, the issues uncovered in the chip could lead to local privilege escalation from an Android application. "A malformed inter-processor message could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware," Check Point security researcher Slava Makkaveev said in a report. "Since the DSP firmware hThe Hacker News
November 24, 2021 – Government
Why Do Governments Reveal Cyber Intrusions? Full Text
Abstract
Germany’s decision to publicly name the Ghostwriter hacking group as the perpetrator targeting its political institutions should not be taken lightly.Lawfare
November 24, 2021 – Vulnerabilities
VMware addresses File Read and SSRF flaws in vCenter Server Full Text
Abstract
VMware addressed arbitrary file read and server-side request forgery (SSRF) vulnerabilities in its vCenter Server product. VMware this week addressed arbitrary file read and server-side request forgery (SSRF) vulnerabilities affecting its vCenter...Security Affairs
November 24, 2021 – Malware
9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery Full Text
Abstract
A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices.Threatpost
November 24, 2021 – Government
FBI: Online shoppers risk losing over $53M to holiday scams Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned today that online shoppers risk losing more than $53 million during this year's holiday season to scams promising bargains and hard-to-find gifts.BleepingComputer
November 24, 2021 – Hacker
The Record by Recorded Future Full Text
Abstract
An Iranian threat actor discovered earlier this year is responsible for raids against U.S. targets designed to hoover up Gmail and Instagram credentials, according to research by SafeBreach.The Record
November 24, 2021 – APT
APT C-23 Hackers Using New Android Spyware Variant to Target Middle East Users Full Text
Abstract
A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "incorporated new features into their malicious apps that make them more resilient to actions by users, who might try to remove them manually, and to security and web hosting companies that attempt to block access to, or shut down, their command-and-control server domains," Sophos threat researcher Pankaj Kohli said in a report published Tuesday. Also known by the monikers VAMP , FrozenCell , GnatSpy , and Desert Scorpion , the mobile spyware has been a preferred tool of choice for the APT-C-23 threat group since at least 2017, with successive iterations featuring extended surveillance functionality to vacuum files, images, contacts and call logs, read notifications from messaging apps, rThe Hacker News
November 24, 2021 – Vulnerabilities
A vulnerable honeypot exposed online can be compromised in 24 hours Full Text
Abstract
Researchers deployed multiple instances of vulnerable systems and found that 80% of the 320 honeypots were compromised within 24 hours. Researchers from Palo Alto Networks deployed a honeypot infrastructure of 320 nodes to analyze how three actors...Security Affairs
November 24, 2021 – Malware
Stealthy new JavaScript malware infects Windows PCs with RATs Full Text
Abstract
A new stealthy JavaScript malware loader named RATDispenser is being used to infect devices with a variety of remote access trojans (RATs) in phishing attacks.BleepingComputer
November 24, 2021 – General
Ransomware attacks surge, but victims are recovering quickly Full Text
Abstract
Cymulate announced results of a survey, revealing that despite the increase in the number of ransomware attacks this past year, overall victims suffered limited damage in both severity and duration.Help Net Security
November 24, 2021 – Business
Apple sues NSO Group for abusing state-sponsored Pegasus spyware Full Text
Abstract
Apple has filed suit to ban the Israeli surveillance firm NSO Group and parent company Q Cyber Technologies from using its product and services. Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court for illegally...Security Affairs
November 24, 2021 – Breach
GoDaddy data breach hits WordPress hosting services resellers Full Text
Abstract
GoDaddy says the recently disclosed data breach affecting roughly 1.2 million customers has also hit multiple Managed WordPress services resellers.BleepingComputer
November 24, 2021 – Vulnerabilities
VMware addresses SSRF, arbitrary file read flaws in vCenter Server Full Text
Abstract
With a CVSS rating of 7.5, the most severe is the arbitrary file read bug (CVE-2021-21980), abuse of which could potentially enable a malicious actor to gain access to sensitive information.The Daily Swig
November 24, 2021 – Vulnerabilities
Expert discloses details of flaws in Oracle VirtualBox Full Text
Abstract
A vulnerability in Oracle VM VirtualBox could be potentially exploited to compromise the hypervisor and trigger a denial-of-service (DoS) condition. A vulnerability in Oracle VM VirtualBox, tracked as CVE-2021-2442, could be potentially exploited...Security Affairs
November 24, 2021 – Attack
Ukraine arrests ‘Phoenix’ hackers behind Apple phishing attacks Full Text
Abstract
The Security Service of Ukraine (SSU) has arrested five members of the international 'Phoenix' hacking group who specialize in the remote hacking of mobile devices.BleepingComputer
November 24, 2021 – Education
Securing open-source code supply chains may help prevent the next big cyberattack Full Text
Abstract
Open-source components have become an essential part of development for obvious reasons. Open-source components exist in all types of software today – even proprietary software.Help Net Security
November 24, 2021 – Vulnerabilities
Mediatek eavesdropping bug impacts 30% of all Android smartphones Full Text
Abstract
MediaTek fixed security vulnerabilities that could have allowed attackers to eavesdrop on Android phone calls, execute commands, or elevate their privileges to a higher level.BleepingComputer
November 24, 2021 – Policy and Law
Recovering ransom payments could become routine for law enforcement Full Text
Abstract
While the U.S. government is working to make the crypto space more transparent, the Secret Service has the same technical capabilities to pursue and seize cryptocurrencies.Cybersecurity Dive
November 24, 2021 – Education
Black Friday 2021 deal: 20% off Zero2Automated malware analysis courses Full Text
Abstract
The popular Zero2Automated malware analysis and reverse-engineering course is having another Black Friday and Cyber Monday promotion this year, where you can get 20% off all courses on their site.BleepingComputer
November 24, 2021 – Criminals
Suspect arrested in ‘ransom your employer’ criminal scheme Full Text
Abstract
The emails offered a 40% cut of an anticipated $2.5 million ransomware payment in Bitcoin (BTC), made after the recipients installed the DemonWare ransomware on their employer's systems.ZDNet
November 24, 2021 – Breach
WiFi Software Management Firm Exposed Millions of Users’ Data Full Text
Abstract
Security research firm SafetyDetectives discovered the leak and found that WSpot had a misconfigured Amazon Web Services S3 bucket. Around 226,000 files got exposed in this data leak.Hackread
November 23, 2021 – Education
How to Defend Against Mobile App Impersonation Full Text
Abstract
Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this.Threatpost
November 23, 2021 – Education
Webinar and eBook: The Dark Side of EDR. Are You Prepared? Full Text
Abstract
Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams. Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to close the gaps. It's important to understand that each company is unique, and an EDR that a large company uses might not necessarily be the technology that works best when you are leading a small security team, even if you're within the same industry vertical. Understanding your threat detection technology requirements based on your unique company characteristics will help you choose the right one. The eBook and webinar "The Dark Side of EDR. Are You Prepared?" helps you in that requirement definition process. It points out the dark side(s) of EDR and provides guidance as to how to overcome them according to your company'The Hacker News
November 23, 2021 – Malware
Over 9 Million Android Phones Running Malware Apps from Huawei’s AppGallery Full Text
Abstract
At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as " Android.Cynos.7.origin ," owing to the fact that the malware is a modified version of the Cynos malware. Of the total 190 rogue games identified, some were designed to target Russian-speaking users, while others were aimed at Chinese or international audiences. Once installed, the apps prompted the victims for permission to make and manage phone calls, using the access to harvest their phone numbers along with other device information such as geolocation, mobile network parameters, and system metadata. "At first glance, a mobile phone number leak may seem like an insignificant problem. Yet in reality, it can serioThe Hacker News
November 23, 2021 – Policy and Law
Apple Sues Israel’s NSO Group for Spying on iPhone Users With Pegasus Spyware Full Text
Abstract
Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court holding it accountable for illegally targeting users with its Pegasus surveillance tool, marking yet another setback for the Israeli spyware vendor. The Cupertino-based tech giant painted NSO Group as "notorious hackers — amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse." In addition, the lawsuit seeks to permanently prevent the infamous hacker-for-hire company from breaking into any Apple software, services or devices. The iPhone maker, separately, also revealed its plans to notify targets of state-sponsored spyware attacks and has committed $10 million, as well as any monetary damages won as part of the lawsuit, to cybersurveillance research groups and advocates. To that end, the company intends to display a "Threat Notification" after the targeted users sign into appleid.apple[The Hacker News
November 23, 2021 – Hacker
Threat actors find and compromise exposed services in 24 hours Full Text
Abstract
Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours.BleepingComputer
November 23, 2021 – Malware
BazarLoader Adds Compromised Installers, ISO Files to Arrival and Delivery Vectors Full Text
Abstract
Apart from compromised installers, the attackers use an ISO file with a Windows link (LNK) and dynamic link library (DLL) payload. The Americas were found to be the most targeted region.Trend Micro
November 23, 2021 – Education
What Avengers Movies Can Teach Us About Cybersecurity Full Text
Abstract
Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals. If we choose to go with this fun analogy, is there anything useful we can learn from those movies? World-ending baddies always come with an army When we watch the different Avenger movies, the first thing we realize is that big baddies never fight alone. Think Ultron and his bot army, Thanos or Loki with the Chitauri. They all come with large, generic clone proxy armies that heroes must fight before getting to the final boss. In the same way, serious cyberattacks are planned and delivered by organized and structured groups of cybercriminals such as APT groups with sometimes hundreds of members. In real-life scenarios, attacks are coming from IPs (one or many) that have been stolen, hacked, or bought by the criminThe Hacker News
November 23, 2021 – Government
The U.K. as a Responsible Cyber Power: Brilliant Branding or Empty Bluster? Full Text
Abstract
In March, the U.K. government published its Integrated Review of Security, Defence, Development and Foreign Policy, setting out the U.K.’s position as a “responsible democratic cyber power.” This is unique and useful for a few key reasons.Lawfare
November 23, 2021 – Malware
Malware are already attempting to exploit new Windows Installer zero-day Full Text
Abstract
Vxers are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. Malware authors are already attempting to use the proof-of-concept exploit code targeting a new Microsoft...Security Affairs
November 23, 2021 – Cryptocurrency
Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast Full Text
Abstract
That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky.Threatpost
November 23, 2021 – Malware
Malware now trying to exploit new Windows Installer zero-day Full Text
Abstract
Malware creators have already started testing a proof-of-concept exploit targeting a new Microsoft Windows Installer zero-day publicly disclosed by security researcher Abdelhamid Naceri over the weekend.BleepingComputer
November 23, 2021 – Malware
Python Packages Stealing Discord Tokens and More Full Text
Abstract
Package managers are now becoming a common target for cybercriminals to exploit to their advantage. Researchers have discovered 11 malicious Python packages in the PyPI repository sealing Discord access tokens, passwords, and even carry out dependency confusion attacks. Altogether, they were down ... Read MoreCyware Alerts - Hacker News
November 23, 2021 – Vulnerabilities
Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox Full Text
Abstract
A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory reads . "Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of Oracle VM VirtualBox" Tracked as CVE-2021-2442 (CVSS score: 6.0), the flaw affects all versions of the product prior to 6.1.24. SentinelLabs researcher Max Van Amerongen has been credited with discovering and reporting the issue, following which fixes have been rolled out by Oracle as part of its Critical Patch Update for July 2021. Oracle VM VirtualBox is an open-source and cross-platform hypervisor and desktop virtualization software that enablThe Hacker News
November 23, 2021 – Malware
Android.Cynos.7.origin trojan infected +9 million Android devices Full Text
Abstract
Researchers spotted dozens of games on Huawei's AppGallery catalog containing the Android.Cynos.7.origin trojan. Researchers from Dr. Web AV discovered 190 games on Huawei's AppGallery catalog (i.e. simulators, platformers, arcades, strategies,...Security Affairs
November 23, 2021 – Vulnerabilities
Common Cloud Misconfigurations Exploited in Minutes, Report Full Text
Abstract
Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.Threatpost
November 23, 2021 – General
The Best Black Friday 2021 Security, IT, VPN, & Antivirus Deals Full Text
Abstract
Black Friday is almost here and there are already great deals available for computer security, software, online courses, system admin services, antivirus, and VPN software.BleepingComputer
November 23, 2021 – Attack
TA406 Accelerates Attacks; Launch Several Campaigns Full Text
Abstract
Security researchers issued an in-depth report on malicious activities of TA406, an alleged North Korean group. Its attack volume has been rising since the beginning of this year. As the year commenced, its activities were ramped up as journalists, foreign policy experts, and non-governmental orga ... Read MoreCyware Alerts - Hacker News
November 23, 2021 – Malware
More Stealthier Version of BrazKing Android Malware Spotted in the Wild Full Text
Abstract
Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan (RAT) that's capable of carrying out financial fraud attacks by stealing two-factor authentication (2FA) codes and initiating rogue transactions from infected devices to transfer money from victims' accounts to an account operated by the threat actor. IBM X-Force dubbed the revamped banking malware BrazKing , a previous version of which was referred to as PixStealer by Check Point Research. The mobile RAT was first seen around November 2018, according to ThreatFabric. "It turns out that its developers have been working on making the malware more agile than before, moving its core overlay mechanism to pull fake overlay screens from the command-and-control (C2) server in real-time," IBM X-Force researcher Shahar Tavor noted in a technical deep dive published last week. "The malware […] allows the attacker to log keystrokes, extract the paThe Hacker News
November 23, 2021 – Vulnerabilities
Experts warn of RCE flaw in Imunify360 security platform Full Text
Abstract
A flaw in CloudLinux’s Imunify360 security product could have been exploited by an attacker for remote code execution. Cisco’s Talos researchers discovered a remote code execution vulnerability, tracked as CVE-2021-21956, in CloudLinux’s Imunify360...Security Affairs
November 23, 2021 – Government
FBI warns of phishing targeting high-profile brands’ customers Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned today of recently detected spear-phishing email campaigns targeting customers of "brand-name companies" in attacks known as brand phishing.BleepingComputer
November 23, 2021 – Vulnerabilities
Exchange Server Flaws Once Again Under Heavy Targeting Full Text
Abstract
Attackers are targeting unpatched Exchange servers for vulnerabilities such as ProxyLogon and ProxyShell to breach corporate email servers and drop multiple malware. In one of the attacks, the researchers have seen the distribution of SquirrelWaffle loader, which then installs Qbot. O rganiza ... Read MoreCyware Alerts - Hacker News
November 23, 2021 – Business
The Importance of IT Security in Your Merger Acquisition Full Text
Abstract
In the business world, mergers and acquisitions are commonplace as businesses combine, acquire, and enter various partnerships. Mergers and Acquisitions (M&A) are filled with often very complicated and complex processes to merge business processes, management, and a whole slew of other aspects of combining two businesses into a single logical entity. In the modern business world before and after the acquisition, a new concern with M&A activities is cybersecurity. What role does cybersecurity play in today's mergers and acquisitions of businesses? Why is it becoming a tremendous concern? Cybersecurity threats are growing in leaps and bounds There is no question that cybersecurity risks and threats are growing exponentially. A report from Cybersecurity Ventures estimated a ransomware attack on businesses would happen every 11 seconds in 2021. Global ransomware costs in 2021 would exceed $20 billion. It seems there are constantly new reports of major ransomware attacks, cosThe Hacker News
November 23, 2021 – Vulnerabilities
Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug Full Text
Abstract
A researcher has released a proof-of-concept exploit code for an actively exploited vulnerability affecting Microsoft Exchange servers. The researcher Janggggg has published on Sunday a proof-of-concept exploit code for an actively exploited vulnerability,...Security Affairs
November 23, 2021 – Policy and Law
Apple sues spyware-maker NSO Group, notifies iOS exploit targets Full Text
Abstract
Apple has filed a lawsuit against Pegasus spyware-maker NSO Group and its parent company for the targeting and spying of Apple users with surveillance tech.BleepingComputer
November 23, 2021 – Attack
Observing Attacks Against Hundreds of Exposed Services in Public Clouds Full Text
Abstract
Researchers found that 80% of the 320 honeypots were compromised within 24 hours and all of the honeypots were compromised within a week, with some of them facing hundreds of attacks.Palo Alto Networks
November 23, 2021 – Vulnerabilities
Expert disclosed an exploit for a new Windows zero-day local privilege elevation issue Full Text
Abstract
A researcher publicly disclosed an exploit for a new Windows zero-day local privilege elevation that can allow gaining admin privileges. A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability...Security Affairs
November 23, 2021 – Vulnerabilities
Researchers warn of severe risks from ‘Printjack’ printer attacks Full Text
Abstract
A team of Italian researchers has compiled a set of three attacks called 'Printjack,' warning users of the significant consequences of over-trusting their printer.BleepingComputer
November 23, 2021 – Malware
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild Full Text
Abstract
RATDispenser is predominantly being used as a dropper (in 94% of samples analyzed by HP), meaning the malware doesn’t communicate over the network to deliver a malicious payload.HP Wolf Security
November 23, 2021 – Government
US govt warns critical infrastructure of ransomware attacks during holidays Full Text
Abstract
US CISA and the FBI issued a joint alert to warn critical infrastructure partners and public/private organizations of ransomware attacks during holidays. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn critical infrastructure...Security Affairs
November 23, 2021 – Solution
Microsoft Edge adds Super Duper Secure Mode to Stable channel Full Text
Abstract
Microsoft has quietly added a 'Super Duper Secure Mode' to the Microsoft Edge web browser, a new feature that brings security improvements without significant performance losses.BleepingComputer
November 23, 2021 – Vulnerabilities
Severe Code Execution Vulnerabilities Affect OpenVPN-Based Applications Full Text
Abstract
Security researchers at Claroty have raised the alarm for a series of severe code execution vulnerabilities affecting virtual private network (VPN) solutions relying on OpenVPN.Security Week
November 23, 2021 – Malware
Over nine million Android devices infected by info-stealing trojan Full Text
Abstract
A large-scale malware campaign on Huawei's AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different appsBleepingComputer
November 23, 2021 – Vulnerabilities
Philips Working on Patches for Vulnerabilities Found in Medical Products Full Text
Abstract
The flaws were identified by researchers at industrial cybersecurity firm Nozomi Networks in Philips IntelliBridge, Patient Information Center iX (PIC iX), and Efficia CM series products.Security Week
November 23, 2021 – Hacker
Hackers target biomanufacturing with stealthy Tardigrade malware Full Text
Abstract
An advanced hacking group is actively targeting biomanufacturing facilities with a new custom malware called 'Tardigrade.'BleepingComputer
November 23, 2021 – Cryptocurrency
Babadeda Crypter Targets Cryptocurrency, NFT, and DeFi Communities Through Discord Full Text
Abstract
The crypter that this campaign uses, dubbed Babadeda (a Russian language placeholder used by the crypter which translates to “Grandma-Grandpa”), is able to bypass signature-based antivirus solutions.Morphisec
November 23, 2021 – Government
Federal Agencies Warn of Cyber Threats Against Critical Infrastructure During Holidays and Weekends Full Text
Abstract
As Americans prepare to celebrate the Thanksgiving holiday, CISA and the FBI are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you.US CERT
November 22, 2021 – Breach
GoDaddy Data Breach Exposes Over 1 Million WordPress Customers’ Data Full Text
Abstract
Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange Commission (SEC), the world's largest domain registrar said that a malicious third-party managed to gain access to its Managed WordPress hosting environment on September 6 with the help of a compromised password, using it to obtain sensitive information pertaining to its customers. It's not immediately clear if the compromised password was secured with two-factor authentication. The Arizona-based company claims over 20 million customers, with more than 82 million domain names registered using its services. GoDaddy revealed it discovered the break-in on November 17. An investigation into the incident is ongoing and the company said it's "contacting all impacted custoThe Hacker News
November 22, 2021 – Vulnerabilities
New Windows zero-day with public exploit lets you become an admin Full Text
Abstract
A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.BleepingComputer
November 22, 2021 – Phishing
Online Holiday Scams are Upon Us Full Text
Abstract
Scammers are setting up fake online shops that impersonate legitimate ones. The perpetrators ensure that these stores are easy to find while looking for the original ones.Cyware Alerts - Hacker News
November 22, 2021 – Breach
GoDaddy says information on 1.2 million customers exposed in data breach Full Text
Abstract
Internet domain host GoDaddy on Monday disclosed a recent data breach that the company said impacted the customer data of around 1.2 million individuals.The Hill
November 22, 2021 – Malware
New Golang-based Linux Malware Targeting eCommerce Websites Full Text
Abstract
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis. "After a day and a half, the attacker found a file upload vulnerability in one of the store's plugins." The name of the affected vendor was not revealed. The initial foothold was then leveraged to upload a malicious web shell and alter the server code to siphon customer data. Additionally, the attacker delivered a Golang-based malware called " linux_avp " that serves as a backdoor to execute commands remotely sent from a command-and-control server hosted in Beijing. Upon execution, the program is designed to remove itself from the disk and camouflage as a " ps -efThe Hacker News
November 22, 2021 – Government
France Doubles Down on Countering Foreign Interference Ahead of Key Elections Full Text
Abstract
Following an increase in foreign interference and hostile information operations—both at home and abroad—the French government is preparing to fight back.Lawfare
November 22, 2021 – Breach
New GoDaddy data breach impacted 1.2 million customers Full Text
Abstract
GoDaddy suffered a data breach that impacted up to 1.2 million of its managed WordPress customer accounts. GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company's Managed WordPress...Security Affairs
November 22, 2021 – Vulnerabilities
Exploit released for Microsoft Exchange RCE bug, patch now Full Text
Abstract
Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.BleepingComputer
November 22, 2021 – Phishing
Beware of Customer Complaint Email Scam Full Text
Abstract
Sophos found that fake corporate complaints are surging and using targeted attacks to deploy malware. The emails come in the form of complaints from your boss or colleagues and use fear-inducing verbiage.Cyware Alerts - Hacker News
November 22, 2021 – Government
Authorities warn organizations to be on guard against hackers during Thanksgiving holiday Full Text
Abstract
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Monday warned organizations to be on guard against cyberthreats, particularly ransomware attacks, over the Thanksgiving holiday.The Hill
November 22, 2021 – Hacker
Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns Full Text
Abstract
Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an investigation into a number of intrusions in the Middle East that culminated in the distribution of a never-before-seen loader dubbed SQUIRRELWAFFLE. First publicly documented by Cisco Talos, the attacks are believed to have commenced in mid-September 2021 via laced Microsoft Office documents. "It is known for sending its malicious emails as replies to pre-existing email chains, a tactic that lowers a victim's guard against malicious activities," researchers Mohamed Fahmy, Sherif Magdy, Abdelrhman Sharshar said in a report published last week. "To be able to pull this off, we believe it involved the use of a chain of both ProxyLogon and ProxyShell exploits." ProxyLoThe Hacker News
November 22, 2021 – Breach
Utah Imaging Associates data breach impacts 583,643 patients Full Text
Abstract
Utah-based radiology medical center Utah Imaging Associates discloses a data breach that impacted 583,643 former and current patients. Utah Imaging Associates (UIA) discloses a security breach, on September 4, 2021 the company claims to have detected...Security Affairs
November 22, 2021 – Government
UK govt warns thousands of SMBs their online stores were hacked Full Text
Abstract
The UK's National Cyber Security Centre (NCSC) says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal the payment info of customers.BleepingComputer
November 22, 2021 – Vulnerabilities
Hackers used this software flaw to steal credit card details from thousands of online retailers Full Text
Abstract
Over 4,000 online retailers have been warned that their websites had been hacked by cybercriminals trying to steal payment information and other personal information from customers.ZDNet
November 22, 2021 – Attack
Biomanufacturing companies getting hit by hackers potentially linked to Russia Full Text
Abstract
Large biomanufacturing companies, including those that produce medications and vaccines tied to the COVID-19 pandemic, are being targeted by hackers potentially tied to Russia, researchers disclosed Monday.The Hill
November 22, 2021 – Attack
Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite Full Text
Abstract
Iranian airline Mahan Air was hit by a cyberattack on Sunday morning, the “Hooshyarane Vatan” hacker group claimed responsibility for the attack. Iranian private airline Mahan Air has foiled a cyber attack over the weekend, Iranian state media...Security Affairs
November 22, 2021 – Government
US govt warns of increased ransomware risks during holidays Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned critical infrastructure partners and public/private sector organizations not to let down their defenses against ransomware attacks during the holiday season.BleepingComputer
November 22, 2021 – Attack
Iran’s Biggest Private Airline Faces Cyberattack Targeting its Internal Systems Full Text
Abstract
Mahan Air is Iran's main private airline and the second biggest after the national carrier Iran Air. It has been on the blacklist of Iranian companies targeted by US sanctions since 2011.Security Week
November 22, 2021 – Malware
New Memento ransomware uses password-protected WinRAR archives to block access to the files Full Text
Abstract
Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. In October, Sophos researchers have spotted the Memento ransomware that adopts a curious...Security Affairs
November 22, 2021 – Attack
Hackers hit Iran’s Mahan airline, claim confidential data theft Full Text
Abstract
One of Iran's largest privately-owned airlines, Mahan Air, has announced a cybersecurity incident that has resulted in its website going offline and potentially data loss.BleepingComputer
November 22, 2021 – Breach
Utah Imaging Associates Discloses Data Breach Impacting Over 580,000 Patients Full Text
Abstract
Farmington, Utah-based radiology medical center Utah Imaging Associates has started informing former and current patients that their information might have been compromised in a data breach.Security Week
November 22, 2021 – Government
US SEC warns investors of ongoing fraudulent communications claiming from the SEC Full Text
Abstract
The Securities and Exchange Commission (SEC) warns investors of attacks impersonating its officials in government impersonator schemes. The Securities and Exchange Commission (SEC) is warning investors of scammers impersonating SEC officials in fraudulent...Security Affairs
November 22, 2021 – Vulnerabilities
Biometric auth bypassed using fingerprint photo, printer, and glue Full Text
Abstract
Researchers demonstrated that fingerprints could be cloned for biometric authentication for as little as $5 without using any sophisticated or uncommon tools.BleepingComputer
November 22, 2021 – Business
Tel Aviv-based cybersecurity firm Shield IoT raises $7.4M funding in Series A Full Text
Abstract
The funding round was led by NextLeap Ventures and Bloc Ventures, with the participation from Atlas Ventures, Akamai Technologies, Springtide Ventures, DIVEdigital, and Janvest Capital Partners.UKTN
November 22, 2021 – Breach
GoDaddy hack causes data breach affecting 1.2 million customers Full Text
Abstract
GoDaddy said in a data breach notification published today that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment.BleepingComputer
November 22, 2021 – Vulnerabilities
Lack of API visibility undermines basic principle of security Full Text
Abstract
The new visibility challenge, with many core business processes dependent on APIs, requires that companies need to know what APIs they expose externally and internally and how they should behave.Help Net Security
November 22, 2021 – Breach
Wind turbine giant Vestas’ data compromised in cyberattack Full Text
Abstract
Vestas Wind Systems, a leader in wind turbine manufacturing, has shut down its IT systems after suffering a cyberattack.BleepingComputer
November 22, 2021 – General
Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure Full Text
Abstract
Security researchers have checked the web's public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities.The Register
November 22, 2021 – Hacker
Ethical hackers and the economics of security research Full Text
Abstract
New findings from a Bugcrowd report indicate a startling shift in the threat landscape with 8 out of 10 ethical hackers recently having identified a vulnerability they had never seen before.Help Net Security
November 21, 2021 – Encryption
Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023 Full Text
Abstract
Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis, said in a post published in The Telegraph over the weekend. The new scheme, described as a "three-pronged approach," aims to employ a mix of non-encrypted data across its apps as well as account information and reports from users to improve safety and combat abuse, noting that the goal is to deter illegal behavior from happening in the first place, giving users more control, and actively encouraging users to flag harmful messages. Meta had previously outlined plans to be "fully end-to-enThe Hacker News
November 21, 2021 – Government
US SEC warns investors of ongoing govt impersonation attacks Full Text
Abstract
The Securities and Exchange Commission (SEC) has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters.BleepingComputer
November 21, 2021 – Vulnerabilities
Blacksmith Attack Bypasses Existing DDR4 Memory Defenses Full Text
Abstract
Researchers from ComSec group have demonstrated that it is possible to trigger the Rowhammer exploit and target the associated DRAMs used in commercially available devices. Blacksmith (tracked as CVE-2021-42114 ) is a fuzzing-based technique, and unlike previous DRAM exploits, it works well for ... Read MoreCyware Alerts - Hacker News
November 21, 2021 – Malware
Experts found 11 malicious Python packages in the PyPI repository Full Text
Abstract
Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository...Security Affairs
November 21, 2021 – Vulnerabilities
New ETW Attacks May Blind Security Products Full Text
Abstract
Researchers from Binarly have disclosed two Event Tracing for Windows (ETW) bypass techniques and demonstrated their effectiveness against Windows Defender and Process Monitor.Cyware Alerts - Hacker News
November 21, 2021 – Criminals
Researchers were able to access the payment portal of the Conti gang Full Text
Abstract
The Conti ransomware group has suffered a data breach that exposed its attack infrastructure and allowed researcher to access it. Researchers at security firm Prodaft were able to identify the real IP address of one of the servers used by the Conti...Security Affairs
November 21, 2021 – Covid-19
COVID-19 and Cybercrime - Europol Threat Assessment Full Text
Abstract
The conditions brought forth by the global pandemic have set a rapid pace of transformation in the cyberworld. With accelerated digitalization, came the threat of heightened cyberattacks.Cyware Alerts - Hacker News
November 21, 2021 – Breach
Attackers compromise Microsoft Exchange servers to hijack internal email chains Full Text
Abstract
A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails. A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses...Security Affairs
November 21, 2021 – Disinformation
Latest Research Links Ghostwriter Disinformation Campaign to Belarus Full Text
Abstract
Researchers from Mandiant Threat Intelligence have claimed with high confidence that the Ghostwriter (UNC1151) disinformation campaign is associated with the government of Belarus.Cyware Alerts - Hacker News
November 21, 2021 – Outage
Vestas hit by cyber security incident, shuts some IT systems Full Text
Abstract
Vestas has been hit by a cyber security incident and has shut down its IT systems across multiple business units and locations to contain the issue, the world's largest maker of wind turbines said on Saturday.Reuters
November 20, 2021 – Hacker
RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools Full Text
Abstract
A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. "In every attack, the threat actor demonstrates extensive red teaming skills and the ability to bypass traditional antivirus detection using their own custom malware," Group-IB's Ivan Pisarev said . Active since at least November 2018, the Russian-speaking RedCurl hacking group has been linked to 30 attacks to date with the goal of corporate cyber espionage and document theft aimed at 14 organizations spanning construction, finance, consulting, retail, insurance, and legal sectors and located in the U.K., Germany, Canada, Norway, Russia, and Ukraine. The threat actor uses an array of established hacking tools to infiltrate its targets and steal internal corporate documentatThe Hacker News
November 20, 2021 – Attack
Microsoft Exchange servers hacked in internal reply-chain attacks Full Text
Abstract
Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails.BleepingComputer
November 20, 2021 – Hacker
North Korean Hackers Found Behind a Range of Credential Theft Campaigns Full Text
Abstract
A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterprise security firm Proofpoint attributed the infiltrations to a group it tracks as TA406 , and by the wider threat intelligence community under the monikers Kimsuky ( Kaspersky ), Velvet Chollima ( CrowdStrike ), Thallium ( Microsoft ), Black Banshee ( PwC ), ITG16 ( IBM ), and the Konni Group ( Cisco Talos ). Policy experts, journalists and nongovernmental organizations (NGOs) were targeted as part of weekly campaigns observed between from January through June 2021, Proofpoint researchers Darien Huss and Selena Larson disclosed in a technical report detailing the actor's tactics, techniques, and procedures (TTPs), with the attacks spread across North America, Russia, China, and SouthThe Hacker News
November 20, 2021 – Solution
Microsoft: Office 365 will boost default protection for all users Full Text
Abstract
Microsoft is rolling out Built-In Protection to Defender for Office 365, a new feature that would automatically enable recommended settings and policies to make sure all new and existing users get at least a basic level of protection.BleepingComputer
November 20, 2021 – General
Security Affairs newsletter Round 341 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
November 20, 2021 – Government
U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours Full Text
Abstract
U.S. banking regulators have approved a new rule that orders banks to notify federal regulators of significant cybersecurity incidents within 36 hours. U.S. banking regulators this week approved a rule that obliges banks to report any major cybersecurity...Security Affairs
November 20, 2021 – Government
FBI Warning: Cybercriminals Abusing Zero-Day in FatPipe VPN Full Text
Abstract
A flash alert has been issued by the FBI regarding an APT group abusing a zero-day flaw in FatPipe devices and software products. FatPipe, the networking hardware firm, has Fortune 1000 companies as its customers.Cyware Alerts - Hacker News
November 20, 2021 – General
Study reveals top 200 most common passwords Full Text
Abstract
The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us to serious risks. Nordpass has published its annual report, titled "Top 200 most common passwords," on the use of passwords....Security Affairs
November 20, 2021 – Hacker
Microsoft Reports Evolution of Iranian Hacking Groups Full Text
Abstract
From September 2020, the tech giant has been tracking six Iranian hacking groups (DEV-0146, DEV-0227, DEV-0198, DEV-0500, Rubidium, and Phosphorus) spreading ransomware and stealing data.Cyware Alerts - Hacker News
November 20, 2021 – Criminals
The newer cybercrime triad: TrickBot-Emotet-Conti Full Text
Abstract
Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which...Security Affairs
November 20, 2021 – Vulnerabilities
Zero-day Flaws and Exploit-as-a-Service Trending Among Ransomware Groups Full Text
Abstract
A recent analysis made by researchers from Digital Shadows indicates that an increasing amount of chatter has been observed on dark web message boards regarding the criminal market for zero-day vulnerabilities.Cyware Alerts - Hacker News
November 20, 2021 – Vulnerabilities
Sky customers vulnerable to hackers after security flaw on six million routers Full Text
Abstract
The security issue meant internet users with Sky routers were vulnerable to hacks and online attacks for well over a year, according to internet security company Pen Test Partners.ITV News
November 20, 2021 – Privacy
Tor Project calls to bring more than 200 obfs4 bridges online by December Full Text
Abstract
The Tor Project offers rewards to users who will set up a Tor server after observing a significant drop in the number of Tor relays and Tor bridges. Bridges are private Tor relays that allow users to circumvent censorship, their role is essential...Security Affairs
November 20, 2021 – Criminals
Cybercriminals discuss new business model for zero-day exploits Full Text
Abstract
The potential new service is a product of the highly profitable zero-day market, where researchers have seen multimillion-dollar price tags for vulnerabilities and exploits.Tech Target
November 20, 2021 – General
US banks must soon report significant cybersecurity incidents within 36 hours Full Text
Abstract
The U.S. financial regulators have approved a new rule that requires banking organizations to report any “significant” cybersecurity incident within 36 hours of discovery.TechCrunch
November 20, 2021 – Hacker
The Glitch Platform Is Being Used By Hackers to Host Malicious URLs Full Text
Abstract
The Glitch platform has become a target for phishing hackers. It seems that the service is being actively abused by cybercriminals with the goal to host on this platform for free phishing sites that perform credentials theft.Heimdal Security
November 20, 2021 – Hacker
North Korean Hacker Group Intensifies Espionage Campaigns Full Text
Abstract
The adversary, which security researchers also refer to as Kimsuky, Thallium, and Konni, has been targeting organizations in sectors such as education, government, media, and research, as well as other industries.Security Week
November 19, 2021 – Ransomware
The Week in Ransomware - November 19th 2021 - Targeting Conti Full Text
Abstract
While last week was full of arrests and law enforcement actions, this week has been much quieter, with mostly new research released.BleepingComputer
November 19, 2021 – Government
More than $500M for cybersecurity included in sweeping House-passed package Full Text
Abstract
The House approved more than $500 million in cybersecurity funding on Friday as part of its version of President Biden’s roughly $2 trillion Build Back Better package.The Hill
November 19, 2021 – Malware
11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells Full Text
Abstract
Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible disclosure by DevOps firm JFrog — importantpackage / important-package pptest ipboards owlmoon DiscordSafety trrfab 10Cent10 / 10Cent11 yandex-yt yiffparty Two of the packages ("importantpackage," "10Cent10," and their variants) were found obtaining a reverse shell on the compromised machine, giving the attacker full control over an infected machine. Two other packages "ipboards" and "trrfab" masqueraded as legitimate dependencies designed to be automatically imported by taking advantage of a technique called dependency confusion or namespace confusThe Hacker News
November 19, 2021 – Botnet
Emotet botnet comeback orchestrated by Conti ransomware gang Full Text
Abstract
The Emotet botnet is back by popular demand, resurrected by its former operator, who was convinced by members of the Conti ransomware gang.BleepingComputer
November 19, 2021 – Policy and Law
Lawmakers increasingly anxious about US efforts against Russian hackers Full Text
Abstract
Five months after President Biden met with Russian President Vladimir PutinVladimir Vladimirovich PutinHillicon Valley — Presented by Ericsson — House passes Biden plan with 0M for cyber Ukrainian defense minister says he's asked Pentagon for military assistance Belarus and Russia must resolve the migrant crisis on their own MORE and urged him to take a stand against ransomware attacks emanating from his country, lawmakers are beginning to chafe at what they view as a lack of results from the administration's efforts to confront Russia.The Hill
November 19, 2021 – Policy and Law
U.S. Charged 2 Iranian Hackers for Threatening Voters During 2020 Presidential Election Full Text
Abstract
The U.S. government on Thursday unsealed an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one state election website. The two defendants in question — Seyyed Mohammad Hosein Musa Kazemi , 24, and Sajjad Kazemi , 27 — have been charged with conspiracy to commit computer fraud and abuse, intimidate voters, and transmit interstate threats, voter intimidation, transmission of interstate threats, with Kazemi additionally charged with unauthorized computer intrusion. Both the individuals are currently at large . The influence campaign's goal was to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans, the Department of Justice (DoJ) said in a statement, characterizing the two individuals as "experienced Iran-based computer hackers&quThe Hacker News
November 19, 2021 – Criminals
Canadian teenager stole $36 Million in cryptocurrency via SIM Swapping Full Text
Abstract
A Canadian teen has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency. A Canadian teenager has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency from an American...Security Affairs
November 19, 2021 – Phishing
Fake TSA PreCheck sites scam US travelers with fake renewals Full Text
Abstract
There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return.BleepingComputer
November 19, 2021 – Government
FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug Full Text
Abstract
The U.S. Federal Bureau of Investigation (FBI) has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had their systems exploited in the wild. "The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a web shell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity," the agency said in an alert published this week. "Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors." In other words, the zero-day vulnerability enables a remote attacker to upload a file to any location on the filesystem on an affected device. The seThe Hacker News
November 19, 2021 – Breach
California Pizza Kitchen discloses a data breach Full Text
Abstract
American pizza chain California Pizza Kitchen (CPK) suffered a data breach that might have exposed personal information of its employees. American pizza chain California Pizza Kitchen (CPK) suffered a data breach, the company has already notified...Security Affairs
November 19, 2021 – Solution
Microsoft Authenticator gets new enterprise security features Full Text
Abstract
Microsoft has added new security features for Microsoft Authenticator users that further secure the app and make it easier to roll out in enterprise environments.BleepingComputer
November 19, 2021 – Education
A Simple 5-Step Framework to Minimize the Risk of a Data Breach Full Text
Abstract
Today's businesses run on data. They collect it from customers at every interaction, and they use it to improve efficiency, increase their agility, and provide higher levels of service. But it's becoming painfully obvious that all of that data businesses collect has also made them an enticing target for cybercriminals. With each passing day, the evidence of that grows. In the last few months, we've witnessed massive data breaches that targeted Neiman Marcus , Facebook , and the Robinhood stock trading app. And they're hardly alone. In recent years, the number of data breaches worldwide has averaged close to three per day . That statistic suggests that the average business has a target on its back and is running out of time to mount a defense of its data. And doing so doesn't have to be difficult. To help, here's a simple 5-step framework businesses of all sizes can use to protect their customer data. Step One: Review and Adapt Data Collection StandardsThe Hacker News
November 19, 2021 – Hacker
North Korea-linked TA406 cyberespionage group activity in 2021 Full Text
Abstract
North Korea-linked TA406 APT group has intensified its attacks in 2021, particularly credential harvesting campaigns. A report published by Proofpoint revealed that the North Korea-linked TA406 APT group (Kimsuky, Thallium, and Konni, Black Banshee, Velvet...Security Affairs
November 19, 2021 – Breach
Utah medical center hit by data breach affecting 582k patients Full Text
Abstract
Utah Imaging Associates (UIA), a Utah-based radiology center, has announced a data breach affecting 582,170 people after their personal information was exposed.BleepingComputer
November 19, 2021 – Criminals
Conti ransomware operations made at least $25.5 million since July 2021 Full Text
Abstract
Researchers revealed that Conti ransomware operators earned at least $25.5 million from ransom payments since July 2021. A study conducted by Swiss security firm Prodaft with the support of blockchain analysis firm Elliptic revealed that the operators...Security Affairs
November 19, 2021 – Vulnerabilities
Six million Sky routers exposed to takeover attacks for 17 months Full Text
Abstract
Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers.BleepingComputer
November 19, 2021 – Phishing
Scammers Leverage Fake SS7 Exploits to Boost Their Revenue Full Text
Abstract
Analysts at SOS Intelligence found several underground forums offering fake exploits for SS7 vulnerabilities. During the investigation, the researchers uncovered 84 unique onion domains claiming to offer the fake exploit tool.Cyware Alerts - Hacker News
November 19, 2021 – Malware
Android banking Trojan BrazKing is back with significant evasion improvements Full Text
Abstract
The BrazKing Android banking trojan is back with significant improvements and dynamic banking overlays to avoid detection. Researchers from IBM spotted a new version of the BrazKing Android banking trojan that pull fake overlay screens from the command...Security Affairs
November 19, 2021 – Government
US regulators order banks to report cyberattacks within 36 hours Full Text
Abstract
US federal bank regulatory agencies have approved a new rule requiring banks to notify their primary federal regulators of significant computer-security incidents within 36 hours.BleepingComputer
November 19, 2021 – Vulnerabilities
Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bug bounty Full Text
Abstract
Now fixed, the bug, which researcher avid Schütz has documented in a comprehensive video and blog post, could have allowed an attacker to access sensitive resources and possibly run malicious code.The Daily Swig
November 19, 2021 – Vulnerabilities
CKEditor vulnerabilities pose XSS threat to Drupal and other downstream applications Full Text
Abstract
A pair of cross-site scripting (XSS) bugs, which are deemed ‘moderately critical’ by Drupal, could have a far-reaching impact since CKEditor is incorporated into numerous online applications.The Daily Swig
November 19, 2021 – Ransomware
Ransomware is now a giant black hole that is sucking in all other forms of cybercrime Full Text
Abstract
Ransomware is considered by many experts to be most pressing security risk facing businesses – and its extremely lucrative for the gangs involved, with ransom payouts increasing significantly.ZDNet
November 18, 2021 – Phishing
Ransomware Phishing Emails Sneak Through SEGs Full Text
Abstract
The MICROP ransomware spreads via Google Drive and locally stored passwords.Threatpost
November 18, 2021 – Phishing
3 Top Tools for Defending Against Phishing Attacks Full Text
Abstract
Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.Threatpost
November 18, 2021 – Hacker
Hundreds participate in electric grid cyberattack simulation amid increasing threats Full Text
Abstract
More than 700 individuals associated with the bulk power grid and other related critical infrastructure participated in a simulation this week designed to test resilience against a major physical and cyberattack.The Hill
November 18, 2021 – Phishing
Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials Full Text
Abstract
Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.Threatpost
November 18, 2021 – Policy and Law
DOJ charges two Iranians with interference in 2020 election Full Text
Abstract
The Department of Justice (DOJ) on Thursday indicted two Iranian nationals for interfering in the 2020 U.S. presidential election, alleging they used wide-ranging cyber and disinformation efforts in an attempt to sow doubt in the election process.The Hill
November 18, 2021 – Criminals
Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims Full Text
Abstract
The clearnet and dark web payment portals operated by the Conti ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public. According to MalwareHunterTeam , "while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their clearweb and Tor domains for the payment site (which is obviously more important than the leak) is down." It's not clear what prompted the shutdown, but the development comes as Swiss cybersecurity firm PRODAFT offered an unprecedented look into the group's ransomware-as-a-service (RaaS) model, wherein the developers sell or lease their ransomware technology to affiliates hired from darknet forums, who then carry out attacks on their behalf while also netting about 70% of each ransom payment extorted from the victims. The result? Three members of the Conti team have bThe Hacker News
November 18, 2021 – Attack
New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks Full Text
Abstract
Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache," University of California researchers Keyu Man, Xin'an Zhou, and Zhiyun Qian said . "SAD DNS attack allows an attacker to redirect any traffic (originally destined to a specific domain) to his own server and then become a man-in-the-middle (MITM) attacker, allowing eavesdropping and tampering of the communication." The latest flaw affects Linux kernels as well as popular DNS software, including BIND, Unbound, and dnsmasq running on top of Linux, but not when run on other operating systems FreeBSD or Windows. From Kaminsky Attack to SAD DNS DNS cache poisoning, also called DNS spoofing, is a technique iThe Hacker News
November 18, 2021 – Vulnerabilities
Microsoft addresses a high-severity vulnerability in Azure AD Full Text
Abstract
Microsoft recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure AD. Microsoft has recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure AD. "An information...Security Affairs
November 18, 2021 – Malware
Android malware BrazKing returns as a stealthier banking trojan Full Text
Abstract
The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions.BleepingComputer
November 18, 2021 – Skimming
Attackers deploy Linux backdoor on e-stores compromised with software skimmer Full Text
Abstract
Researchers discovered threat actors installing a Linux backdoor on compromised e-commerce servers after deploying a credit card skimmer into e-stores. Security researchers from Sansec Threat Research Team discovered a Linux backdoor during an investigation...Security Affairs
November 18, 2021 – Policy and Law
US indicts Iranian hackers for Proud Boys voter intimidation emails Full Text
Abstract
The U.S. Department of State is offering a $10 million reward for information about the activities of two Iranian nationals charged for cyber activity intended to "intimidate and influence" American voters during the 2020 U.S. presidential campaign.BleepingComputer
November 18, 2021 – Vulnerabilities
Zero-Day flaw in FatPipe products actively exploited, FBI warns Full Text
Abstract
The FBI is warning of a zero-day vulnerability in FatPipe products that has been under active exploitation since at least May 2021. FatPipe Software-Defined Wide Area Networking (SD-WAN) products provide solutions for an easy migration to Hybrid...Security Affairs
November 18, 2021 – Malware
Hackers deploy Linux malware, web skimmer on e-commerce servers Full Text
Abstract
Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites.BleepingComputer
November 18, 2021 – Hacker
Microsoft: Iranian state hackers increasingly target IT sector Full Text
Abstract
Microsoft says Iranian-backed hacking groups have increasingly attempted to compromise IT services companies this year to steal credentials they could use to breach the systems of downstream clients.BleepingComputer
November 18, 2021 – Ransomware
New Memento ransomware switches to WinRar after failing at encryption Full Text
Abstract
A new ransomware group called Memento takes the unusual approach of locking files inside password-protected archives after their encryption method kept being detected by security software.BleepingComputer
November 18, 2021 – Phishing
Glitch service abused to host short-lived phishing sites Full Text
Abstract
Phishing actors are now actively abusing the Glitch platform to host short-lived credential-stealing URLs for free while evading detection and takedowns.BleepingComputer
November 18, 2021 – Government
North Korean cyberspies target govt officials with custom malware Full Text
Abstract
A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns.BleepingComputer
November 18, 2021 – Government
FBI warns of APT group exploiting FatPipe VPN zero-day since May Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned of an advanced persistent threat (APT) compromising FatPipe router clustering and load balancer products to breach targets' networks.BleepingComputer
November 18, 2021 – Hacker
North Korean Threat Group Targets Foreign Policy Experts, Journalists, and NGOs Full Text
Abstract
From January through June 2021, Proofpoint observed almost weekly campaigns by TA406 targeting foreign policy experts, journalists, and nongovernmental organizations (NGOs).Proof Point
November 18, 2021 – Government
Senators look to defense bill to move cybersecurity measures Full Text
Abstract
The Senate is eyeing the annual defense bill as a vehicle to attach critical provisions to improve the nation’s cybersecurity following a devastating year in which major attacks left the government flat-footed.The Hill
November 18, 2021 – Vulnerabilities
Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models Full Text
Abstract
Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest privileges by taking advantage of an issue residing in the Universal Plug and Play ( UPnP ) feature that allows devices to discover each other's presence on the same local network and open ports needed to connect to the public Internet. Because of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things (IoT) devices. Specifically, the vulnerability stems from the fact that the UPnP daemon accepts unauthenticated HTTP SUBSCRIBE and UNSUBSCRIThe Hacker News
November 18, 2021 – Phishing
Phishing campaign targets Tiktok influencer accounts Full Text
Abstract
Threat actors have launched a phishing campaign targeting more than 125 TikTok ‘Influencer’ accounts in an attempt to hijack them. Researchers from Abnormal Security uncovered a phishing scam aimed at hijacking at least 125 TikTok ‘Influencer’...Security Affairs
November 18, 2021 – Denial Of Service
How to Choose the Right DDoS Protection Solution Full Text
Abstract
Pankaj Gupta, Senior Director at Citrix, outlines how distributed denial of service attacks have become increasingly sophisticated, bigger and economically motivated.Threatpost
November 18, 2021 – Hacker
RedCurl corporate espionage hackers resume attacks with updated tools Full Text
Abstract
A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia.BleepingComputer
November 18, 2021 – Business
Cloud Security Firm Lacework Raises Record-Breaking $1.3 Billion Full Text
Abstract
Lacework raised a record-breaking second Series D funding round led by existing investors Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners, and Tiger Global Management.Security Week
November 18, 2021 – Education
How to Build a Security Awareness Training Program that Yields Measurable Results Full Text
Abstract
Organizations have been worrying about cyber security since the advent of the technological age. Today, digital transformation coupled with the rise of remote work has made the need for security awareness all the more critical. Cyber security professionals are continuously thinking about how to prevent cyber security breaches from happening, with employees and contractors often proving to be the most significant risk factor for causing cyber security incidents. Proactive cyber security professionals will find that an effective security awareness training program can significantly reduce their risk of getting exposed to a cyber incident. For a security awareness training program to be successful, it must be measurable and yield positive, actionable results over time. The following looks at what good security awareness looks like and how vital phishing simulations and awareness training is in devising effective cyber security programs. The essentials of a cyber security awareneThe Hacker News
November 18, 2021 – APT
US, UK and Australia warn of Iran-linked APTs exploiting Fortinet, Microsoft Exchange flaws Full Text
Abstract
U.S., U.K. and Australia warn that Iran-linked APT groups exploiting Fortinet and Microsoft Exchange flaws to target critical infrastructure. A joint advisory released by government agencies (the FBI, the Cybersecurity and Infrastructure Security...Security Affairs
November 18, 2021 – Breach
RedCurl Breached at Least Four Companies in New Attacks This Year Full Text
Abstract
Besides discovering new attacks, Group-IB’s latest report also notes that RedCurl operators have done little to change their tactics besides a few updates to the tools they used during intrusions.The Record
November 18, 2021 – Business
Ontic Raises $40M in Series B Funding Full Text
Abstract
The round, which brought total funding raised to date to nearly $58m, was led by JMI Equity, with participation from Felicis Ventures, Silverton Partners, and Ridge Ventures.FinSMEs
November 18, 2021 – Government
US, UK, and Australian Cyber Authorities Pin Iranian Hackers for Exploiting Fortinet and Exchange Security Flaws Full Text
Abstract
Cyber authorities have called for administrators to immediately patch a quartet of vulnerabilities after attributing some attacks that used them to attackers backed by Iran.ZDNet
November 18, 2021 – Business
Cloud Data Protection Startup Laminar Closes $32M Funding Round Full Text
Abstract
The new round was led by Insight Partners. Meron Capital, SentinelOne, and TLV Partners also participated. The funding will help Laminar expand its engineering, data security and go-to-market teams.Security Week
November 18, 2021 – Vulnerabilities
Netgear fixes code execution flaw in many SOHO devices Full Text
Abstract
Netgear addressed a pre-authentication buffer overflow issue in its SOHO devices that can be exploited by an attacker on the local area network to execute code remotely with root privileges.Security Affairs
November 17, 2021 – Education
Managing the Cybersecurity Vulnerabilities of Artificial Intelligence Full Text
Abstract
Systems based on artificial intelligence are susceptible to adversarial attack. Vulnerability disclosure and management practices can help address the risk.Lawfare
November 17, 2021 – Government
Officials warn that hackers linked to Iranian government are targeting critical sectors Full Text
Abstract
Federal agencies in the United States, United Kingdom and Australia on Wednesday warned that hackers linked to the Iranian government are behind an ongoing campaign targeting critical infrastructure, including hospitals.The Hill
November 17, 2021 – Phishing
Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts Full Text
Abstract
Threat actors used malicious emails to target more than 125 people with high-profile TikTok accounts in an attempt to steal info and lock them out.Threatpost
November 17, 2021 – Criminals
Most SS7 exploit service providers on dark web are scammers Full Text
Abstract
The existence of Signaling System 7 (SS7) mobile telephony protocol vulnerabilities is something security researchers warned about in 2016, and it only took a year before the first attacks exploiting them were observed.BleepingComputer
November 17, 2021 – Hacker
Microsoft Warns about 6 Iranian Hacking Groups Turning to Ransomware Full Text
Abstract
Nation-state operators with nexus to Iran are increasingly turning to ransomware as a means of generating revenue and intentionally sabotaging their targets, while also engaging in patient and persistent social engineering campaigns and aggressive brute force attacks. No less than six threat actors affiliated with the West Asian country have been discovered deploying ransomware to achieve their strategic objectives, researchers from Microsoft Threat Intelligence Center (MSTIC) revealed , adding "these ransomware deployments were launched in waves every six to eight weeks on average." Of note is a threat actor tracked as Phosphorus (aka Charming Kitten or APT35), which has been found scanning IP addresses on the internet for unpatched Fortinet FortiOS SSL VPN and on-premises Exchange Servers to gain initial access and persistence on vulnerable networks, before moving to deploy additional payloads that enable the actors to pivot to other machines and deploy ransomware.The Hacker News
November 17, 2021 – Vulnerabilities
Netgear fixes code execution flaw in many SOHO devices Full Text
Abstract
Netgear addressed a code execution vulnerability, tracked as CVE-2021-34991, in its small office/home office (SOHO) devices. Netgear addressed a pre-authentication buffer overflow issue in its small office/home office (SOHO) devices that can be exploited...Security Affairs
November 17, 2021 – Criminals
Russian ransomware gangs start collaborating with Chinese hackers Full Text
Abstract
There's some unusual activity brewing on Russian-speaking cybercrime forums, where hackers appear to be reaching out to Chinese counterparts for collaboration.BleepingComputer
November 17, 2021 – Hacker
U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws Full Text
Abstract
Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple Fortinet FortiOS vulnerabilities dating back to March 2021 as well as a remote code execution flaw affecting Microsoft Exchange Servers since at least October 2021, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the U.K.'s National Cyber Security Centre (NCSC). The agencies did not attribute the activities to a specific advanced persistent threat (APT) actor. Targeted victims include Australian organizations and a wide range of entities across multiple U.S. critiThe Hacker News
November 17, 2021 – Government
CISA releases incident response plans for federal agencies Full Text
Abstract
CISA released the Federal Government Cybersecurity Incident Response Playbooks for the federal civilian executive branch agencies. The Cybersecurity and Infrastructure Security Agency (CISA) has released new cybersecurity response plans for federal...Security Affairs
November 17, 2021 – Phishing
TikTok phishing threatens to delete influencers’ accounts Full Text
Abstract
Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers' managers.BleepingComputer
November 17, 2021 – Hacker
Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities Full Text
Abstract
A malicious campaign has been found leveraging a technique called domain fronting to hide command-and-control traffic by leveraging a legitimate domain owned by the Myanmar government to route communications to an attacker-controlled server with the goal of evading detection. The threat, which was observed in September 2021, deployed Cobalt Strike payloads as a stepping stone for launching further attacks, with the adversary using a domain associated with the Myanmar Digital News network, a state-owned digital newspaper, as a front for their Beacons. "When the Beacon is launched, it will submit a DNS request for a legitimate high-reputation domain hosted behind Cloudflare infrastructure and modify the subsequent HTTPs requests header to instruct the CDN to direct the traffic to an attacker-controlled host," Cisco Talos researchers Chetan Raghuprasad, Vanja Svajcer, and Asheer Malhotra said in a technical analysis published Tuesday. Originally released in 2012 to addresThe Hacker News
November 17, 2021 – Criminals
The rise of millionaire zero-day exploit markets Full Text
Abstract
Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups. The increased demand...Security Affairs
November 17, 2021 – Government
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet Full Text
Abstract
US, UK, and Australian cybersecurity agencies warned today of ongoing exploitation of Microsoft Exchange ProxyShell and Fortinet vulnerabilities linked to an Iranian-backed hacking group.BleepingComputer
November 17, 2021 – Privacy
Israel’s Candiru Spyware Found Linked to Watering Hole Attacks in U.K and Middle East Full Text
Abstract
Israeli spyware vendor Candiru, which was added to an economic blocklist by the U.S. government this month, is said to have reportedly waged "watering hole" attacks against high-profile entities in the U.K. and the Middle East, new findings reveal. "The victimized websites belong to media outlets in the U.K., Yemen, and Saudi Arabia, as well as to Hezbollah; to government institutions in Iran (Ministry of Foreign Affairs), Syria (including the Ministry of Electricity), and Yemen (including the Ministries of Interior and Finance); to internet service providers in Yemen and Syria; and to aerospace/military technology companies in Italy and South Africa," ESET said in a new report. "The attackers also created a website mimicking a medical trade fair in Germany." The strategic web compromises are believed to have occurred in two waves, the first commencing as early as March 2020 before ending in August 2020, and the second string of attacks beginning inThe Hacker News
November 17, 2021 – APT
Iran-linked APT groups continue to evolve Full Text
Abstract
The researchers at Microsoft Threat Intelligence Center (MSTIC) are warning of increasingly sophisticated operations carried out by Iranian threat actors. The Microsoft Threat Intelligence Center (MSTIC) shared the results of their analysis on the evolution...Security Affairs
November 17, 2021 – Government
CISA releases cybersecurity response plans for federal agencies Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has released new cybersecurity response plans (known as playbooks) for federal civilian executive branch (FCEB) agencies.BleepingComputer
November 17, 2021 – Education
On-Demand Webinar: Into the Cryptoverse Full Text
Abstract
In the span of a few years, cryptocurrencies have gone from laughingstock and novelty to a serious financial instrument, and a major sector in high-tech. The price of Bitcoin and Ethereum has gone from single dollars to thousands, and they're increasingly in the mainstream. This is undoubtedly a positive development, as it opens new avenues for finance, transactions, tech developments, and more. Unfortunately, no innovation is without its dark side, and the crypto industry is no exception. A new webinar from XDR provider Cynet ( you can see it here ) dives deeper into this dark corner to explore the intersection of cybersecurity and cryptocurrency. The first question is how, exactly, cryptocurrency creates security vulnerabilities for organizations. There's no single answer, and in many cases, the results are more indirect. This bears closer inspection, and the webinar, led by Cynet CyOps Analyst Ronen Ahdut, studies the different ways cryptocurrencies are used by attackers. IThe Hacker News
November 17, 2021 – Criminals
Mandiant links Ghostwriter operations to Belarus Full Text
Abstract
Security researchers at the Mandiant Threat Intelligence team believe that Ghostwriter APT group is linked to the government of Belarus. Mandiant Threat Intelligence researchers believe that the Ghostwriter disinformation campaign (aka UNC1151) was linked...Security Affairs
November 17, 2021 – Hacker
Threat actors offer millions for zero-days, developers talk of exploit-as-a-service Full Text
Abstract
While mostly hidden in private conversations, details sometimes emerge about the parallel economy of vulnerability exploits on underground forums, revealing just how fat of a wallet some threat actors have.BleepingComputer
November 16, 2021 – Criminals
FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment Full Text
Abstract
Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out of the FBI’s email system, says it’s just one of a string of jabs from a childish but cybercriminally talented tormentor.Threatpost
November 16, 2021 – Breach
200M Adult Cam Model, User Records Exposed in Stripchat Breach Full Text
Abstract
The leak included model information, chat messages and payment details.Threatpost
November 16, 2021 – Malware
Here are the new Emotet spam campaigns hitting mailboxes worldwide Full Text
Abstract
The Emotet malware kicked into action yesterday after a ten-month hiatus with multiple spam campaigns delivering malicious documents to mailboxes worldwide.BleepingComputer
November 16, 2021 – Vulnerabilities
HTTP header smuggling attack against AWS API Gateway exposes systems to cache poisoning Full Text
Abstract
The header smuggling method by Daniel Thatcher creates a mutation in a header request designed to be sent through to backend infrastructure without being processed by a trusted frontend service.The Daily Swig
November 16, 2021 – Hacker
Facebook disrupts Pakistani hacking group targeting Afghan users Full Text
Abstract
Facebook on Tuesday said it had taken steps to disrupt a group of hackers based in Pakistan that had been using the platform to target former members of the Afghan government and others based in Afghanistan amid the government collapse earlier this year.The Hill
November 16, 2021 – Malware
New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses Full Text
Abstract
Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM (dynamic random-access memory) chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique — dubbed " Blacksmith " ( CVE-2021-42114 , CVSS score: 9.0) — is designed to trigger bit flips on target refresh rate-enabled DRAM chips with the help of novel "non-uniform and frequency-based" memory access patterns, according to a study jointly published by academics from ETH Zurich, Vrije Universiteit Amsterdam, and Qualcomm Technologies. Originally disclosed in 2014, Rowhammer refers to a fundamental hardware vulnerability that could be abused to alter or corrupt memory contents by taking advantage of DRAM's tightly-packed, matrix-like memory cell architecture to repeatedly access certain rows (aka "aggressors") that induces an electrical disturbance large enough to cause tThe Hacker News
November 16, 2021 – Criminals
REvil Is Down—For Now Full Text
Abstract
What can be learned from the operations that got them to shut down?Lawfare
November 16, 2021 – Vulnerabilities
GitHub addressed two major vulnerabilities in the NPM package manager Full Text
Abstract
Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability...Security Affairs
November 16, 2021 – Malware
Rooting Malware Is Back for Mobile. Here’s What to Look Out For. Full Text
Abstract
Hank Schless, senior manager of security solutions at Lookout, discusses AbstractEmu, mobile malware found on Google Play, Amazon Appstore and the Samsung Galaxy Store.Threatpost
November 16, 2021 – Hacker
Microsoft warns of the evolution of six Iranian hacking groups Full Text
Abstract
The Microsoft Threat Intelligence Center (MSTIC) has presented an analysis of the evolution of several Iranian threat actors at the CyberWarCon 2021, and their findings show increasingly sophisticated attacks.BleepingComputer
November 16, 2021 – Business
Threat Hunting Firm Team Cymru Acquires Attack Surface Management Firm Amplicy Full Text
Abstract
By combining the two services, Team Cymru will be able to inform its customers on both the evolving threats and where they might strike against Amplicy-detected perimeter weaknesses.Security Week
November 16, 2021
Oversight finds ‘small lapses’ in security led to Colonial Pipeline, JBS hacks Full Text
Abstract
A series of “small lapses” in cybersecurity led to several recent successful ransomware attacks, the House Oversight and Reform Committee concluded in a staff memo released Tuesday.The Hill
November 16, 2021 – Phishing
Researchers Demonstrate New Way to Detect MitM Phishing Kits in the Wild Full Text
Abstract
No fewer than 1,220 Man-in-the-Middle (MitM) phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users' credentials and carrying out further follow-on attacks. The findings come from a new study undertaken by a group of researchers from Stony Brook University and Palo Alto Networks, who have demonstrated a new fingerprinting technique that makes it possible to identify MitM phishing kits in the wild by leveraging their intrinsic network-level properties, effectively automating the discovery and analysis of phishing websites. Dubbed " PHOCA " — named after the Latin word for "seals" — the tool not only facilitates the discovery of previously unseen MitM phishing toolkits, but also be used to detect and isolate malicious requests coming from such servers. Phishing toolkits aim to automate and streamline the work required by attackers to conductThe Hacker News
November 16, 2021 – Breach
Adult cam site StripChat exposes the data of millions of users and cam models Full Text
Abstract
The popular adult cam site StripChat has suffered a security breach, the personal data of millions of users and adult models leaked online. The popular adult cam site StripChat has suffered a security breach that resulted in the leak of the personal...Security Affairs
November 16, 2021 – Attack
WordPress sites are being hacked in fake ransomware attacks Full Text
Abstract
A new wave of attacks starting late last week has hacked close to 300 WordPress sites to display fake encryption notices, trying to trick the site owners into paying 0.1 bitcoin for restoration.BleepingComputer
November 16, 2021 – Attack
TikTok scammers tried hacking 125 targets that followed famous accounts, researchers find Full Text
Abstract
More than 125 people and businesses associated with large TikTok accounts based around the world were targeted as part of a recent phishing campaign, according to research published Tuesday.Cyberscoop
November 16, 2021 – Criminals
Group behind cyberattacks on multiple governments linked to Belarus Full Text
Abstract
Hacking and disinformation groups believed to be behind attacks on governmental agencies in countries including Germany in recent months were linked by cybersecurity researchers on Tuesday to the Belarusian government.The Hill
November 16, 2021 – Botnet
Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware Full Text
Abstract
The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously infected by the former. The latest variant takes the form of a DLL file, with the first occurrence of the deployment being detected on November 14. Europol dubbed Emotet as the "world's most dangerous malware" for its ability to act as a "door opener" for threat actors to obtain unauthorized access, becoming a precursor to many critical data theft and ransomware attacks. Interestingly, the loader operation enabled other malware families such as Trickbot, QakBot, and Ryuk to enter a machine. The resurfacing is also significant not least because it followThe Hacker News
November 16, 2021 – Vulnerabilities
Intel addresses 2 high-severity issues in BIOS firmware of several processors Full Text
Abstract
Intel disclosed two high-severity vulnerabilities, tracked as CVE-2021-0157 and CVE-2021-0158, that affect the BIOS firmware in several processor families. Intel disclosed two high-severity vulnerabilities that affect the BIOS firmware in several...Security Affairs
November 16, 2021 – Cryptocurrency
These are the cryptomixers hackers use to clean their ransoms Full Text
Abstract
Cryptomixers have always been at the epicenter of cybercrime activity, allowing hackers to "clean" cryptocurrency stolen from victims and making it hard for law enforcement to track them.BleepingComputer
November 16, 2021 – Vulnerabilities
Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion Full Text
Abstract
Twelve of these vulnerabilities could allow a malicious user to manipulate the Web Manager in a way — for example, overflowing a fixed-size buffer — that would allow them to execute arbitrary code.Cisco Talos
November 16, 2021 – Malware
SharkBot, a new Android Trojan targets banks in Europe Full Text
Abstract
Security researchers from Cleafy discovered a new Android banking trojan, named SharkBot, that is targeting banks in Europe. At the end of October, researchers from cyber security firms Cleafy and ThreatFabric have discovered a new Android banking...Security Affairs
November 16, 2021 – Solution
Microsoft adds AI-driven ransomware protection to Defender Full Text
Abstract
Microsoft has introduced an AI-driven ransomware attack detection system for Microsoft Defender for Endpoint customers that complements existing cloud protection by evaluating risks and blocking actors at the perimeter.BleepingComputer
November 16, 2021 – Government
DHS Launches Portal to Recruit—and Retain—Cybersecurity Talent Full Text
Abstract
Current Department of Homeland Security employees are not obligated to join the department’s new Cyber Talent Management System, but they may want to consider it, according to senior DHS officials.Nextgov
November 16, 2021 – Vulnerabilities
NPM fixes private package names leak, serious authorization bug Full Text
Abstract
The largest software registry of Node.js packages, npm, has disclosed fixing multiple security flaws. The first flaw concerns leak of names of private npm packages on the npmjs.com's "replica" server. Whereas, the second flaw allows attackers to publish new versions of any existing npm package that they do not own or have rights to.BleepingComputer
November 16, 2021 – Hacker
How Attackers Exploit the Remote Desktop Protocol Full Text
Abstract
The Remote Desktop Protocol (RDP) is one of the most popular communication protocols for remotely controlling systems. It didn’t take long before attackers realized this is a golden egg.Security Intelligence
November 15, 2021 – Ransomware
The Best Ransomware Response, According to the Data Full Text
Abstract
An analysis of ransomware attack negotiation-data offers best practices.Threatpost
November 15, 2021 – Vulnerabilities
High-Severity Intel Processor Bug Exposes Encryption Keys Full Text
Abstract
CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files.Threatpost
November 15, 2021 – Hacker
New ‘Moses Staff’ Hacker Group Targets Israeli Companies With Destructive Attacks Full Text
Abstract
A new politically-motivated hacker group named " Moses Staff " has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or negotiate a ransom. "The group openly states that their motivation in attacking Israeli companies is to cause damage by leaking the stolen sensitive data and encrypting the victim's networks, with no ransom demand," Check Point Research said in a report published Monday. "In the language of the attackers, their purpose is to 'Fight against the resistance and expose the crimes of the Zionists in the occupied territories.'" At least 16 victims have had their data leaked to date, according to stats released by the collective. The threat actor is said to leverage publicly known vulnerabilities as a means to breach enterprise servers and gain initial acThe Hacker News
November 15, 2021 – Cryptocurrency
Cybercriminals Target Alibaba Cloud for Cryptomining, Malware Full Text
Abstract
Malicious groups disable features in Alibaba Cloud ECS instances for Monero cryptojacking, according to Trend Micro researchers.Threatpost
November 15, 2021 – Malware
SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts Full Text
Abstract
Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on the devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed " SharkBot " by Cleafy, the malware is designed to strike a total of 27 targets — counting 22 unnamed international banks in Italy and the U.K. as well as five cryptocurrency apps in the U.S. — at least since late October 2021 and is believed to be in its early stages of development, with no overlaps found to that of any known families. "The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms (e.g., SCA)," the researchers said in a report. "Once SharkBot is successfully installed in the victim's device, attackers can obtain sensitive banking information through the abuse of Accessibility ServThe Hacker News
November 15, 2021 – Attack
FBI Says Its System Was Exploited to Email Fake Cyberattack Alert Full Text
Abstract
The alert was mumbo jumbo, but it was indeed sent from the bureau’s email system, from the agency’s own internet address.Threatpost
November 15, 2021 – Vulnerabilities
New Rowhammer technique bypasses existing DDR4 memory defenses Full Text
Abstract
Researchers have developed a new fuzzing-based technique called 'Blacksmith' that revives Rowhammer vulnerability attacks against modern DRAM devices that bypasses existing mitigations.BleepingComputer
November 15, 2021 – Ransomware
Looking at The Future of Ransomware Threats Full Text
Abstract
Multiple extortion tactics are expected to rise in intensity and range. Sophos cataloged 10 different types of pressure tactics. Cryptomining activity is also expected to continue as cryptocurrency rises in popularity.Cyware Alerts - Hacker News
November 15, 2021 – Disinformation
Bipartisan commission urges US take immediate steps to curb online misinformation Full Text
Abstract
A report from a bipartisan commission published Monday recommends that U.S. government and social media platform leaders take a series of immediate steps to curb the “crisis of trust and truth” stemming from online disinformation and misinformation.The Hill
November 15, 2021 – Hacker
Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic Full Text
Abstract
A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users. "While attacks can exceed 95% accuracy when monitoring a small set of five popular websites, indiscriminate (non-targeted) attacks against sets of 25 and 100 websites fail to exceed an accuracy of 80% and 60%, respectively," researchers Giovanni Cherubin, Rob Jansen, and Carmela Troncoso said in a newly published paper. Tor browser offers "unlinkable communication" to its users by routing internet traffic through an overlay network, consisting of more than six thousand relays, with the goal of anonymizing the originating location and usage from third parties conducting network surveillance or traffic analysis. It achieves this by building a circuit that traverses via anThe Hacker News
November 15, 2021 – Malware
Operation Reacharound – Emotet malware is back Full Text
Abstract
The Emotet botnet is still active, ten months after an international operation coordinated by Europol shut down its infrastructure. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird,...Security Affairs
November 15, 2021 – Botnet
Emotet malware is back and rebuilding its botnet via TrickBot Full Text
Abstract
The Emotet malware was considered the most widely spread malware in the past, using spam campaigns and malicious attachments to distribute the malware.BleepingComputer
November 15, 2021 – Criminals
Magniber is Now Exploiting Internet Explorer Flaws Full Text
Abstract
The Mаgniber rаnsomwаre group has updated its attack method and has been exploiting two Internet Explorer (IE) vulnerаbilities. Moreover, the group is employing mаlicious ads to infect users аnd encrypt devices.Cyware Alerts - Hacker News
November 15, 2021 – Government
DHS announces new program to attract and retain cybersecurity talent Full Text
Abstract
The Department of Homeland Security (DHS) on Monday announced a new program to attract and retain cybersecurity professionals, as major cyber incidents have ticked up over the past year and are drawing more government attention.The Hill
November 15, 2021 – Hacker
North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro Full Text
Abstract
Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researcher Anton Cherepanov last week in a series of tweets. IDA Pro is an Interactive Disassembler that's designed to translate machine language (aka executables) into assembly language, enabling security researchers to analyze the inner workings of a program (malicious or otherwise) as well as function as a debugger to detect errors. "Attackers bundled the original IDA Pro 7.5 software developed by [Hex-Rays] with two malicious components," the Slovak cybersecurity firm said, one of which is an internal module called "win_fw.dll" that's executed during installation of the application. This tampered version is then orchestrated to load a second component named "The Hacker News
November 15, 2021 – Denial Of Service
Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date Full Text
Abstract
Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery...Security Affairs
November 15, 2021 – Cryptocurrency
Alibaba ECS instances actively hijacked by cryptomining malware Full Text
Abstract
Threat actors are hijacking Alibaba Elastic Computing Service (ECS) instances to install cryptominer malware and harness the available server resources for their own profit.BleepingComputer
November 15, 2021 – Hacker
Hackers are Exploiting Zero-Day Flaw in macOS: Google Warns Full Text
Abstract
Google observed that hackers were using a watering hole attack. In this attack, the websites targeted are typically selected by the attackers based on the profile of their visitors.Cyware Alerts - Hacker News
November 15, 2021 – Education
How to Tackle SaaS Security Misconfigurations Full Text
Abstract
Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring these apps' security settings are properly configured falls on the security team. The challenge lies within how burdensome this responsibility is — each app has tens or hundreds of security settings to configure, in addition to the continuous need for general or user updates, compounded by many compliance industry standards and frameworks that organizations need to follow. Not to mention the fact that often the SaaS app owner sits outside the outside of the security team in the department that most uses the app (think Sales has CRM app, Marketing has automation app), and they are untrained and not focused on the security upkeep of the app. It all amounts to just how unrealistic it is to expect security teams to be able to stay in control of the organization's SaaS stack. That's why Gartner nThe Hacker News
November 15, 2021 – Hacker
North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro Full Text
Abstract
North Korea-linked APT Lazarus targets security researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software. ESET researchers reported that the North Korea-linked Lazarus APT group is targeting cyber security...Security Affairs
November 15, 2021 – Vulnerabilities
High severity BIOS flaws affect numerous Intel processors Full Text
Abstract
Intel has released an advisory to confirm the existence of two high-severity vulnerabilities that affect a wide range of Intel processor families.BleepingComputer
November 15, 2021 – Criminals
Ransomware experts question massive Pysa/Mespinoza victim dump Full Text
Abstract
The Pysa ransomware group dumped dozens of victims onto their leak site this week right after US law enforcement officials announced a range of actions taken against ransomware groups.ZDNet
November 15, 2021 – Vulnerabilities
Microsoft rolled out emergency updates to fix Windows Server auth failures Full Text
Abstract
Microsoft has released out-of-band security updates to address authentication issues affecting Windows Server. Microsoft has released out-of-band updates to fix authentication failures related to Kerberos delegation scenarios impacting Domain Controllers...Security Affairs
November 15, 2021 – Breach
7 million Robinhood user email addresses for sale on hacker forum Full Text
Abstract
The data for approximately 7 million Robinhood customers stolen in a recent data breach are being sold on a popular hacking forum and marketplace.BleepingComputer
November 15, 2021 – Breach
Data of Millions of Customers of RedDoorz Hotel Booking Site Leaked in Singapore’s Largest Breach Full Text
Abstract
The personal data of nearly 5.9 million Singaporean and Southeast Asian customers of hotel booking site RedDoorz was found to have been leaked, in what has been called Singapore's largest data breach.Straits Times
November 15, 2021 – General
Happy 10th Birthday, Security Affairs Full Text
Abstract
Ten years together! I'm very excited. I launched Security Affairs for passion in 2011 and millions of readers walked with me. Thanks Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber...Security Affairs
November 15, 2021 – Attack
Moses Staff hackers wreak havoc on Israeli orgs with ransomless encryptions Full Text
Abstract
A new hacker group named Moses Staff has recently claimed responsibility for numerous attacks against Israeli entities, which appear politically motivated as they do not make any ransom payment demands.BleepingComputer
November 15, 2021 – Vulnerabilities
Diebold Nixdorf ATM Flaws Allowed Attackers to Modify Firmware, Steal Cash Full Text
Abstract
Positive Technologies published information on a couple of vulnerabilities in Diebold Nixdorf ATMs that could have allowed for an attacker to replace the firmware on the system and withdraw cash.Security Week
November 15, 2021 – Malware
QAKBOT Trojan returns using Squirrelwaffle as a dropper Full Text
Abstract
Experts warn of a surge in infections of the QBot (aka Quakbot) banking trojan which seems to be associated with the rise of Squirrelwaffle. Researchers warn of a new wave of QBot (aka Qakbot) banking trojan infections that appears to be associated...Security Affairs
November 15, 2021 – Vulnerabilities
New Microsoft emergency updates fix Windows Server auth issues Full Text
Abstract
Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server.BleepingComputer
November 15, 2021 – Business
Network Security Company Netography Raises $45 Million Full Text
Abstract
The new investment round was led by Bessemer Venture Partners and SYN Ventures. Existing investors Andreessen Horowitz, Harpoon Ventures, Mango Capital, and Wing Venture Capital also contributed.Security Week
November 15, 2021 – Vulnerabilities
Two Sony PS5 exploits disclosed the same day Full Text
Abstract
Threat actors stole PS5 root keys using kernel exploits demonstrating the need to improve the security of the popular gaming console. Threat actors stole Sony PS5 root keys from the popular gaming console using two exploits for kernel vulnerabilities....Security Affairs
November 15, 2021 – General
ENISA – The need for Incident Response Capabilities in the health sector Full Text
Abstract
ENISA analyzed the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive. The European Union Agency for Cybersecurity (ENISA) published an analysis of the current state of development...Security Affairs
November 14, 2021 – Government
US and Israel announce joint task force on cybersecurity Full Text
Abstract
The U.S. Treasury Department announced on Sunday that it would work with the Israeli Ministry of Finance to address ransomware and cybersecurity issues.The Hill
November 14, 2021 – Breach
FBI’s Email System Hacked to Send Out Fake Cyber Security Alert to Thousands Full Text
Abstract
The U.S. Federal Bureau of Investigation (FBI) on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus, involved sending rogue warning emails with the subject line "Urgent: Threat actor in systems" originating from a legitimate FBI email address "[email protected][.]gov" that framed the attack on Vinny Troia, a security researcher and founder of dark web intelligence firms Night Lion Security and Shadowbyte, while also claiming him to be affiliated with a hacking outfit named TheDarkOverlord. SpamHaus cited its own telemetry data to point out that the email blasts happened over two "spam" waves, one shortly before 5:00 a.m. UTC and another one shortly after 7:00 a.m. UTC. However, according to Kryptos Logic researcher Marcus Hutchins, the goal appears to beThe Hacker News
November 14, 2021 – Government
US Education Dept urged to boost K-12 schools’ ransomware defenses Full Text
Abstract
The US Department of Education and Department of Homeland Security (DHS) were urged this week to more aggressively strengthen cybersecurity protections at K-12 schools across the nation to keep up with a massive wave of attacks.BleepingComputer
November 14, 2021 – Attack
Updated: Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server Full Text
Abstract
Threat actors hacked email servers of the FBI to distribute spam email impersonating FBI warnings of fake cyberattacks. The email servers of the FBI were hacked to distribute spam email impersonating the Department of Homeland Security (DHS) warnings...Security Affairs
November 14, 2021 – Government
FTC shares guidance for small businesses to prevent ransomware attacks Full Text
Abstract
The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to increase resilience to ransomware attacks. The US Federal Trade Commission (FTC) published guidance for small businesses on how to protect their networks from...Security Affairs
November 13, 2021 – Government
Hackers access FBI email system, spam 100,000 accounts Full Text
Abstract
Hackers accessed the FBI’s email system and sent spam to 100,000 accounts on Saturday, according to the Spamhaus Project, an email spam watchdog group.The Hill
November 13, 2021 – Breach
FBI system hacked to email ‘urgent’ warning about fake cyberattacks Full Text
Abstract
The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen.BleepingComputer
November 13, 2021 – Privacy
Fake end-to-end encrypted chat app distributes Android spyware Full Text
Abstract
The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat.BleepingComputer
November 13, 2021 – Policy and Law
Surveillance firm pays $1 million fine after ‘spy van’ scandal Full Text
Abstract
The Office of the Commissioner for Personal Data Protection in Cyprus has collected a $1 million fine from intelligence company WiSpear for gathering mobile data from various individuals arriving at the airport in Larnaca.BleepingComputer
November 12, 2021 – Skimming
Costco Confirms: A Data Skimmer’s Been Ripping Off Customers Full Text
Abstract
Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.Threatpost
November 12, 2021 – Vulnerabilities
Windows 10 Privilege-Escalation Zero-Day Gets an Unofficial Fix Full Text
Abstract
Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft.Threatpost
November 12, 2021 – Vulnerabilities
Mac Zero Day Targets Apple Devices in Hong Kong Full Text
Abstract
Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.Threatpost
November 12, 2021 – Ransomware
The Week in Ransomware - November 12th 2021 - Targeting REvil Full Text
Abstract
This week, law enforcement struck a massive blow against the REvil ransomware operation, with multiple arrests announced and the seizure of cryptocurrency.BleepingComputer
November 12, 2021 – Malware
QAKBOT Loader Returns With New Techniques and Tools Full Text
Abstract
QAKBOT is a prevalent information-stealing malware that was first discovered in 2007. In recent years, its detection has become a precursor to many critical and widespread ransomware attacks.Trend Micro
November 12, 2021 – Government
Senate Democrats urge government to do more to protect K-12 schools against hackers Full Text
Abstract
A group of Senate Democrats on Friday urged the federal government to do more to protect K-12 institutions and students against crippling cyberattacks, which have increasingly wreaked havoc across the nation during the past year.The Hill
November 12, 2021 – Hacker
Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks Full Text
Abstract
Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads. Microsoft 365 Defender Threat Intelligence Team, in a new report published Thursday, disclosed that it identified infiltrations distributing the Mekotio banking Trojan, backdoors such as AsyncRAT and NjRAT , and the infamous TrickBot malware. The multi-staged attacks — dubbed ISOMorph — were also publicly documented by Menlo Security in July 2021. HTML smuggling is an approach that allows an attacker to "smuggle" first-stage droppers, often encoded malicious scripts embedded within specially-crafted HTML attachment or web pages, on a victim machine by taking advantage of basic features in HTML5 and JavaScript rather than exploiting a vulnerability or a design flaw in modern web browsers. By doing so, it enables tThe Hacker News
November 12, 2021 – Criminals
Threat from Organized Cybercrime Syndicates Is Rising Full Text
Abstract
Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.Threatpost
November 12, 2021 – Malware
QBot returns for a new wave of infections using Squirrelwaffle Full Text
Abstract
The activity of the QBot (also known as Quakbot) banking trojan is spiking again, and analysts from multiple security research firms attribute this to the rise of Squirrelwaffle.BleepingComputer
November 12, 2021 – Malware
Malware uses namesilo Parking pages and Google’s custom pages to spread Full Text
Abstract
This technique is yet another attempt from the malicious actor to hide control channels to avoid being tracked, monitored, or blocked and it probably has served them well.Netlab
November 12, 2021 – Education
Top 10 Cybersecurity Best Practices to Combat Ransomware Full Text
Abstract
Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.Threatpost
November 12, 2021 – Government
FTC shares ransomware defense tips for small US businesses Full Text
Abstract
The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors' attempts to exploit vulnerabilities using social engineering or exploits targeting technology.BleepingComputer
November 12, 2021 – Criminals
Trickbot and TA551 Are Buddies Full Text
Abstract
A connection was established between the TrickBot gang and the TA551 threat group as a major similarity was found in their tools and TTPs. They use Bazabackdoor and deploy the Cobalt Strike beacon on the compromised system and add scheduled tasks for persistence. The recent collaborations prove h ... Read MoreCyware Alerts - Hacker News
November 12, 2021 – Hacker
These are the top-level domains threat actors like the most Full Text
Abstract
Out of over a thousand top-level domain choices, cyber-criminals and threat actors prefer a small set of 25, which accounts for 90% of all malicious sites.BleepingComputer
November 12, 2021 – Botnet
Qbot Spam Campaigns Continue to Explode Full Text
Abstract
According to researchers from Kaspersky, in the first seven months of 2021, the number of users affected by the QBot, which was first discovered in 2007, jumped to 65% compared to the previous year.Cyware Alerts - Hacker News
November 12, 2021 – Attack
Microsoft warns of surge in HTML smuggling phishing attacks Full Text
Abstract
Microsoft has seen a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans (RAT).BleepingComputer
November 12, 2021 – APT
Lazarus is Back at it Again Full Text
Abstract
The infamous North Korea state-sponsored Lazarus APT was recently found targeting IT supply chains. Now, the group has been discovered attempting to hack security researchers again.Cyware Alerts - Hacker News
November 12, 2021 – Breach
Costco discloses data breach after finding credit card skimmer Full Text
Abstract
Costco Wholesale Corporation has warned customers in notification letters sent this month that their payment card information might have been stolen while recently shopping at one of its stores.BleepingComputer
November 12, 2021 – Denial Of Service
Latest DDoS Trends and Attacks - What You Need to Know Full Text
Abstract
DDoS attacks started being used as an intimidation tactic in Q3. The criminals sent company-wide emails stating that their resources were being used in DDoS attacks and they could face legal consequences.Cyware Alerts - Hacker News
November 12, 2021 – Vulnerabilities
Zero-day bug in all Windows versions gets free unofficial patch Full Text
Abstract
A free and unofficial patch is now available for a zero-day local privilege escalation vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions.BleepingComputer
November 12, 2021 – Vulnerabilities
Zoom Patches High-Risk Flaws in Meeting Connector, Keybase Client Full Text
Abstract
Video messaging technology giant Zoom has shipped patches for high-severity vulnerabilities that expose enterprise users to remote code execution and command injection attacks.Security Week
November 12, 2021 – Solution
New tool flags up benign-but-exploitable Chrome extensions Full Text
Abstract
Researchers from Germany's CISPA Helmholtz Center for Information Security have developed a tool to identify Chrome extensions that could be exploited by malicious webpages and other extensions.The Register
November 11, 2021 – Botnet
Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux Full Text
Abstract
Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called " Abcbot " that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service (DDoS) attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30 have been equipped with additional updates to strike Linux web servers with weak passwords and are susceptible to N-day vulnerabilities, including a custom implementation of DDoS functionality, indicating that the malware is under continuous development. Netlab's findings also build on a report from Trend Micro early last month, which publicized attacks targeting Huawei Cloud with cryptocurrency-mining and cryptojacking malware. The intrusions were also notable for the fact that the malicious shell scripts specifically disabled a process designed to monitor and scan the serThe Hacker News
November 11, 2021 – Hacker
Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant Full Text
Abstract
Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group (TAG) researcher Erye Hernandez said in a report. Tracked as CVE-2021-30869 (CVSS score: 7.8), the security shortcoming concerns a type confusion vulnerability affecting the XNU kernel component that could cause a malicious application to execute arbitrary code with the highest privileges. Apple addressed the issue on September 23. The attacks observed by TAG involved an exploit chain that strung together CVE-2021The Hacker News
November 11, 2021 – Attack
Back-to-Back PlayStation 5 Hacks Hit on the Same Day Full Text
Abstract
Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.Threatpost
November 11, 2021 – Vulnerabilities
Windows 10 App Installer abused in BazarLoader malware attacks Full Text
Abstract
The TrickBot gang operators are now abusing the Windows 10 App Installer to deploy their BazarLoader malware on the systems of targets who fall victim to a highly targeted spam campaign.BleepingComputer
November 11, 2021 – Hacker
Three Threat Groups Found Interconnected to a Common Broker Full Text
Abstract
BlackBerry discovered that actors behind MountLocker, Phobos, and the StrongPity APT are dependent on a common initial access broker, dubbed Zebra2104, for their malware campaigns. The broker has helped criminals break into the networks of multiple firms in Australia and Turkey. Such collabo ... Read MoreCyware Alerts - Hacker News
November 11, 2021 – Government
Harris calls for global action on cyber threats after US joins international effort Full Text
Abstract
Vice President Harris on Thursday called on global leaders to work together to counter cybersecurity threats and protect an open internet following a turbulent year of major cyberattacks.The Hill
November 11, 2021 – Hacker
Researchers Uncover Hacker-for-Hire Group That’s Active Since 2015 Full Text
Abstract
A new cyber mercenary hacker-for-hire group dubbed " Void Balaur " has been linked to a string of cyberespionage and data theft activities targeting thousands of entities as well as human rights activists, politicians, and government officials around the world at least since 2015 for financial gain while lurking in the shadows. Named after a many-headed dragon from Romanian folklore, the adversary has been unmasked advertising its services in Russian-speaking underground forums dating all the way back to 2017 and selling troves of sensitive information such as cell tower phone logs, passenger flight records, credit reports, banking data, SMS messages, and passport details. The threat actor calls itself "Rockethack." "This hacker-for-hire group does not operate out of a physical building, nor does it have a shiny prospectus that describes its services," Trend Micro researcher Feike Hacquebord said in a newly published profile of the collective. &quThe Hacker News
November 11, 2021 – Breach
Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months Full Text
Abstract
Threat actors compromised a server managing customer data for a Queensland water supplier and remained undetected for nine months. A served used by the SunWater statutory Queensland (Australia) Government-owned water supplier was compromised and threat...Security Affairs
November 11, 2021 – Ransomware
Invest in These 3 Key Security Technologies to Fight Ransomware Full Text
Abstract
Ransomware volumes are up 1000%. Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs , discusses secure email, network segmentation and sandboxing for defense.Threatpost
November 11, 2021 – Botnet
BotenaGo botnet targets millions of IoT devices with 33 exploits Full Text
Abstract
A new BotenaGo malware botnet has been discovered using over thirty exploits to attack millions of routers and IoT devices.BleepingComputer
November 11, 2021 – General
Analyzing the Deadly Rise in NPM Package Hijacking Full Text
Abstract
Recently, two popular npm libraries were caught up in a whirlwind of attacks. An unknown threat actor tampered with Coa and rc npm packages to include identical password-stealing malware.Cyware Alerts - Hacker News
November 11, 2021 – Government
Biden signs into law bill to secure telecommunications systems against foreign threats Full Text
Abstract
President Biden on Thursday signed into law bipartisan legislation to secure telecommunications systems against potential foreign threats, particularly from those linked to China.The Hill
November 11, 2021 – Botnet
TrickBot Operators Partner with Shathak Attackers for Conti Ransomware Full Text
Abstract
The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines. "The implementation of TrickBot has evolved over the years, with recent versions of TrickBot implementing malware-loading capabilities," Cybereason security analysts Aleksandar Milenkoski and Eli Salem said in a report analysing recent malware distribution campaigns undertaken by the group. "TrickBot has played a major role in many attack campaigns conducted by different threat actors, from common cybercriminals to nation-state actors." The latest report builds on a report from IBM X-Force last month, which revealed TrickBot's partnerships with other cybercrime gangs, including Shathak, to deliver proprietary malware. Also tracked under the moniker TA551, Shathak is a sophisticated cybercrime actor targeting end-users on a global scale, acting as a malware distributorThe Hacker News
November 11, 2021 – Policy and Law
DoJ sentenced to 10 years Russian ‘King of Fraud’ behind the fraud scheme 3ve Full Text
Abstract
The US DoJ sentenced a Russian man for operating a large-scale digital advertising fraud scheme called Methbot ('3ve'). The US DoJ sentenced the Russian nation Aleksandr Zhukov, aka the 'King of Fraud,' for operating a large-scale digital advertising...Security Affairs
November 11, 2021 – Ransomware
Designing a Proactive Ransomware Playbook for Today’s Threat Landscape Full Text
Abstract
Asset inventories and risk assessments are critical tools in defending against the increasing scourge of ransomware.Threatpost
November 11, 2021 – Vulnerabilities
AMD fixes dozens of Windows 10 graphics driver security bugs Full Text
Abstract
AMD has fixed a long list of security vulnerabilities found in its graphics driver for Windows 10 devices, allowing attackers to execute arbitrary code and elevate privileges on vulnerable systems.BleepingComputer
November 11, 2021 – Botnet
Abcbot: A New Botnet in the Making Full Text
Abstract
Abcbot is slowly moving from infancy to maturity, according to researchers. The creators behind the botnet are testing various technologies with an aim to evolve the botnet with sophisticated features.Cyware Alerts - Hacker News
November 11, 2021 – General
Navigating The Threat Landscape 2021 – From Ransomware to Botnets Full Text
Abstract
Though we are recovering from the worst pandemic, cyber threats have shown no sign of downshifting, and cybercriminals are still not short of malicious and advanced ways to achieve their goals. The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021. Threats can take different forms with the intent to commit fraud and damage businesses and people. Ransomware, DDoS attacks , phishing, malware, and man-in-the-middle attacks represent the greatest threat to businesses today. When new threats emerge, attackers take advantage of them – however, most businesses are only aware of the current threats. Organizations struggle to address these threats due to their resource sophistication and their lack of understanding of evolving threat landscapes. For these reasons, organizations need visibility on the advanced threats especially targeting their infrastructure. This article will oThe Hacker News
November 11, 2021 – Government
Iranian threat actors attempt to buy stolen data of US organizations, FBI warns Full Text
Abstract
The FBI warned private industry partners of attempts by an Iranian threat actor to buy stolen information belonging to US organizations. The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) to warn private industry...Security Affairs
November 11, 2021 – Education
Operationalizing Threat Intelligence with User-Driven Automation Full Text
Abstract
To truly achieve operationalized threat intelligence, an investment must be made in an underlying threat intelligence management platform that will enable an organization to harness the power of threat intelligence and translate that threat intelligence into action.Threatpost
November 11, 2021 – Hacker
Hackers undetected on Queensland water supplier server for 9 months Full Text
Abstract
Hackers stayed hidden for nine months on a server holding customer information for a Queensland water supplier, illustrating the need of better cyberdefenses for critical infrastructure.BleepingComputer
November 11, 2021 – APT
An Iranian APT Targets Telcos, ISPs with Upgraded Malware Full Text
Abstract
Lyceum is targeting ISPs and telecommunication operators in Israel, Tunisia, Morocco, and Saudi Arabia. It also attacked a ministry of foreign affairs in Africa. Lyceum uses credential stuffing and brute-force techniques as initial attack vectors. Since its launch, the group has tried and stayed ah ... Read MoreCyware Alerts - Hacker News
November 11, 2021 – Hacker
Iran’s Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa Full Text
Abstract
A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers (ISPs) and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs (MFA) in Africa, new findings reveal. The intrusions, staged by a group tracked as Lyceum, are believed to have occurred between July and October 2021, researchers from Accenture Cyber Threat Intelligence (ACTI) group and Prevailion's Adversarial Counterintelligence Team (PACT) said in a technical report. The names of the victims were not disclosed. The latest revelations throw light on the web-based infrastructure used by Lyceum, over 20 of them, enabling the identification of "additional victims and provide further visibility into Lyceum's targeting methodology," the researchers noted , adding "at least two of the identified compromises are assessed to be ongoing despite prior public disclThe Hacker News
November 11, 2021 – Vulnerabilities
CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN Full Text
Abstract
Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064, in its GlobalProtect portal...Security Affairs
November 11, 2021 – Criminals
Magniber ransomware gang now exploits Internet Explorer flaws in attacks Full Text
Abstract
The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices.BleepingComputer
November 11, 2021 – Hacker
TeamTNT Uses New Sophisticated Techniques Against Docker Systems Full Text
Abstract
The TeamTNT group has upped its game in recent times. Recently, it was found targeting Docker servers exposing Docker REST APIs for cryptomining purposes, under the campaign that was set off in October. Experts surmise that the threat actor could launch a larger-scale attack in the near future.Cyware Alerts - Hacker News
November 11, 2021 – Privacy
Sophisticated Android spyware PhoneSpy infected thousands of Korean phones Full Text
Abstract
South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean...Security Affairs
November 11, 2021 – Policy and Law
Russian ‘King of Fraud’ sentenced to 10 years for Methbot scheme Full Text
Abstract
The U.S. Department of Justice (DOJ) sentenced a Russian man for operating a large-scale digital advertising fraud scheme called 'Methbot' ('3ve') that stole at least $7 million from American companies.BleepingComputer
November 11, 2021 – Outage
Diamond Comic Distributors Struggling with Delivering Planned Shipments After Ransomware Attack Full Text
Abstract
The company said its planned shipments for Wednesday would be delayed about two to four days throughout the country due to the attack; reorders are expected to resume within the next 72 hours.ZDNet
November 11, 2021 – Government
New bill sets ransomware attack response rules for US financial orgs Full Text
Abstract
New legislation introduced this week by US lawmakers aims to set ransomware attack response "rules of road" for US financial institutions.BleepingComputer
November 11, 2021 – Vulnerabilities
Nearly 100 TCP/IP Stack Security Vulnerabilities Uncovered During 18-Month Research Project Full Text
Abstract
Researchers have identified a total of 97 vulnerabilities across 14 TCP/IP stacks, including ones that can be exploited for remote code execution, DoS attacks, or to obtain sensitive information.Security Week
November 11, 2021 – General
Gmail accounts are used in 91% of all baiting email attacks Full Text
Abstract
Bait attacks are on the rise, and it appears that actors who distribute this special kind of phishing emails prefer to use Gmail accounts to conduct their attacks.BleepingComputer
November 11, 2021 – Hacker
North Korean Hacker Group Uses Malicious Blogs to Deliver Malware to High-Profile Targets Full Text
Abstract
This campaign targets South Korea-based think tanks whose research focuses on political, diplomatic, and military topics pertaining to North Korea, China, Russia, and the U.S.Cisco Talos
November 11, 2021 – Malware
Careful: ‘Smart TV remote’ Android app on Google Play is malware Full Text
Abstract
Two Android apps sitting on the Google Play store have been found to contain malware this week. These apps are called 'Smart TV remote' and 'Halloween Coloring'.BleepingComputer
November 11, 2021 – Malware
BazarBackdoor Now Abuses Windows 10 Apps Feature in ‘Call Me Back’ Attack Full Text
Abstract
Researchers from Sophos Labs said the attack was noticed after the firm's own employees were targeted with spam emails. These emails were written with at least a basic level of social engineering.ZDNet
November 10, 2021 – Denial Of Service
Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access Full Text
Abstract
The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.Threatpost
November 10, 2021 – Vulnerabilities
Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN Full Text
Abstract
A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 (CVSS score: 9.8), the security weakness impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Massachusetts-based cybersecurity firm Randori has been credited with discovering and reporting the issue. "The vulnerability chain consists of a method for bypassing validations made by an external web server (HTTP smuggling) and a stack-based buffer overflow," Randori researchers said . "Exploitation of the vulnerability chain has been proven and allows for remote code execution on both physical and virtual firewall products." Technical details related to CVE-2021-3064 have been withheld for 30 days to prevent threat actors from abusing the vulnerability to stage real-world attacks. The security bug stems from a bThe Hacker News
November 10, 2021 – Vulnerabilities
Massive Zero-Day Hole Found in Palo Alto Security Appliances Full Text
Abstract
UPDATE: Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects what Palo Alto clarified is an estimated 10,000 VPN/firewalls.Threatpost
November 10, 2021 – Hacker
Void Balaur hackers-for-hire sell stolen mailboxes and private data Full Text
Abstract
A hacker-for-hire group called Void Balaur has been stealing emails and highly-sensitive information for more than five years, selling it to customers with both financial and espionage goalsBleepingComputer
November 10, 2021 – Breach
HPE says hackers breached Aruba Central using stolen access key Full Text
Abstract
HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.BleepingComputer
November 10, 2021 – Government
Taiwan Government faces 5 Million hacking attempts daily Full Text
Abstract
Cyber security department director Chien Hung-wei told parliament representatives that the Taiwanese government infrastructure faces “five million attacks and scans a day”.Security Affairs
November 10, 2021 – Government
Former top officials warn democracy in ‘jeopardy’ without Congressional action on election security Full Text
Abstract
A bipartisan group of almost 100 former national security officials is urging Congress to take steps to secure elections ahead of next year, warning that without action, the nation's democratic institutions are in “severe jeopardy.”The Hill
November 10, 2021 – Malware
Researchers Discover PhoneSpy Malware Spying on South Korean Citizens Full Text
Abstract
An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon sensitive information and gain remote control of the devices. "With more than a thousand South Korean victims, the malicious group behind this invasive campaign has had access to all the data, communications, and services on their devices," Zimperium researcher Aazim Yaswant said. "The victims were broadcasting their private information to the malicious actors with zero indication that something was amiss." The Dallas-based mobile security company dubbed the campaign " PhoneSpy ." Zimperium did not attribute the spyware to a known threat actor. "The evidence surrounding PhoneSpy shows a familiar framework that has been passed around for years, updated by individuals and shared within private communities and back channels until assembled into what we see in this variation today," Richard Melick, the coThe Hacker News
November 10, 2021 – Vulnerabilities
VMware discloses a severe flaw in vCenter Server that has yet to fix Full Text
Abstract
VMware announced it is working on patches for an important severity privilege escalation vulnerability affecting vCenter Server. VMware announced it’s working on security patches to address an important severity privilege escalation vulnerability,...Security Affairs
November 10, 2021 – Hacker
FBI warns of Iranian hackers looking to buy US orgs’ stolen data Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations.BleepingComputer
November 10, 2021 – Hacker
Gamaredon Threat Group Allegedly Linked to Russia Full Text
Abstract
Ukraine agencies disclosed the details, including the real names, of the members of the Gamaredon group and linked its activities with Russia's FSB. According to the report, t he group allegedly carried out around 5,000 cyberattacks against Ukraine and attempted to target over 1,500 government ... Read MoreCyware Alerts - Hacker News
November 10, 2021 – Government
Harris, Macron unveil new initiatives on space, cybersecurity after meeting Full Text
Abstract
Vice President Harris on Wednesday announced new initiatives with France on space and cybersecurity following a meeting with French President Emmanuel Macron in Paris.The Hill
November 10, 2021 – Vulnerabilities
13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment Full Text
Abstract
As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service (DoS), and information leak. Collectively called " NUCLEUS:13 ," successful attacks abusing the flaws can "result in devices going offline and having their logic hijacked," and "spread[ing] malware to wherever they communicate on the network," researchers from Forescout and Medigate said in a technical report published Tuesday, with one proof-of-concept (PoC) successfully demonstrating a scenario that could potentially disrupt medical care and critical processes. Siemens has since released security updates to remediate the weaknesses in Nucleus ReadyStart versions 3 (v2017.02.4 or later) and 4 (v4.1.1 or later). Primarily deployed in automotive, industrial, and medical applications, NucleusThe Hacker News
November 10, 2021 – Vulnerabilities
A flaw in WP Reset PRO WordPress plugin allows wiping the installation DB Full Text
Abstract
A critical vulnerability in the WP Reset PRO WordPress plugin can allow an authenticated user to wipe the entire database of WordPress sites. Researchers from cybersecurity form Packstack have discovered a critical vulnerability in the WP Reset PRO WordPress...Security Affairs
November 10, 2021 – Denial Of Service
Telnyx is the latest VoIP provider hit with DDoS attacks Full Text
Abstract
Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday.BleepingComputer
November 10, 2021 – Policy and Law
Law Enforcement Busts REvil Full Text
Abstract
While ransomware attacks are relentless, recent crackdowns by law enforcement have forced some big players to close shop, even if temporarily.Cyware Alerts - Hacker News
November 10, 2021 – Disinformation
Cyber agency beefing up disinformation, misinformation team Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) is beefing up its disinformation and misinformation team in the wake of a divisive presidential election that saw a proliferation of misleading information online.The Hill
November 10, 2021 – Vulnerabilities
14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution. The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.1, DevOps company JFrog and industrial cybersecurity company Claroty said in a joint report. Dubbed "the Swiss Army Knife of Embedded Linux," BusyBox is a widely used software suite combining a variety of common Unix utilities or applets (e.g., cp , ls , grep ) into a single executable file that can run on Linux systems such as programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs). A quick list of the flaws and the applets they impact is below — man - CVE-2021-42373 lzma/unlzma - CVE-2021-42374 ash - CVE-2021-42375 husThe Hacker News
November 10, 2021 – Vulnerabilities
Citrix addresses a critical flaw in ADC, Gateway Full Text
Abstract
Citrix addressed two vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, one of them is a critical issue leading to DoS. Citrix has released security updates to address two vulnerabilities in ADC, Gateway, and SD-WAN, including a critical...Security Affairs
November 10, 2021 – Vulnerabilities
Researchers show that Apple’s CSAM scanning can be fooled easily Full Text
Abstract
A team of researchers at the Imperial College in London have presented a simple method to evade detection by image content scanning mechanisms, such as Apple's CSAM.BleepingComputer
November 10, 2021 – Attack
Stor-a-File hit by ransomware through SolarWinds Serv-U Full Text
Abstract
Stor-a-File, a U.K-based data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP software.The Register
November 10, 2021 – General
Taiwan Government faces 5 Million hacking attempts daily Full Text
Abstract
Taiwan 's government agencies face around five million cyberattacks and probes every day, most of them from China. Around five million cyber attacks hit Taiwan's government agencies every day, and most of the hacking attempts are originated from China. Cyber...Security Affairs
November 10, 2021 – Hacker
Lazarus hackers target researchers with trojanized IDA Pro Full Text
Abstract
A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application.BleepingComputer
November 10, 2021 – Hacker
Russian Hackers Hid Behind American Home Networks Full Text
Abstract
Residential proxies allowed the attackers to pass their internet traffic via a home user. This makes the traffic appear to have originated from a residential broadband customer in the U.S. instead of somewhere else, such as Eastern Europe.Cyware Alerts - Hacker News
November 10, 2021 – Vulnerabilities
Experts found 14 new flaws in BusyBox, millions of devices at risk Full Text
Abstract
Researchers have identified a total of 14 new vulnerabilities in BusyBox that expose million of Unix-based devices to cyberattacks. Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total...Security Affairs
November 10, 2021 – Vulnerabilities
Ironic twist: WP Reset PRO bug lets hackers wipe WordPress sites Full Text
Abstract
A high severity security flaw in the WP Reset PRO WordPress plugin can let authenticated attackers wipe vulnerable websites, as revealed by Patchstack security researchers.BleepingComputer
November 10, 2021 – Vulnerabilities
Apache Storm maintainers patch two pre-auth RCE vulnerabilities Full Text
Abstract
The first vulnerability was found in one of the functions of Nimbus, which runs on top of a Thrift server. The second bug was found in Storm’s supervisor service, which runs on top of a Netty server.The Daily Swig
November 10, 2021 – Hacker
TeamTNT group targets poorly configured Docker servers exposing REST APIs Full Text
Abstract
TeamTNT hackers are targeting poorly configured Docker servers as part of an ongoing campaign that started in October. Trend Micro researchers reported that TeamTNT hackers are targeting poorly configured Docker servers exposing Docker REST APIs as part...Security Affairs
November 10, 2021 – Botnet
TrickBot teams up with Shatak phishers for Conti ransomware attacks Full Text
Abstract
A threat actor tracked as Shatak (TA551) recently partnered with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems.BleepingComputer
November 10, 2021 – Criminals
TrickBot Gang Partners with TA551 Group to Deliver Conti Ransomware Full Text
Abstract
The ITG23 group is partnering with TA551 (Shatak) threat group to distribute ITG23’s TrickBot and BazarBackdoor malware, which malicious actors use to deploy Conti ransomware on compromised systems.Security Boulevard
November 10, 2021 – Vulnerabilities
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait Full Text
Abstract
During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.BleepingComputer
November 10, 2021 – Vulnerabilities
SAP Patches Critical Vulnerability in ABAP Platform Kernel Full Text
Abstract
SAP on Tuesday announced the release of five new and two updated security notes as part of its November 2021 Security Patch Day, including one on a critical vulnerability in ABAP Platform Kernel.Security Week
November 10, 2021 – Attack
PhoneSpy: Android spyware campaign targeting South Korean users Full Text
Abstract
An ongoing spyware campaign dubbed 'PhoneSpy' targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data.BleepingComputer
November 10, 2021 – Malware
New Android malware targets Netflix, Instagram, and Twitter users Full Text
Abstract
A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users.BleepingComputer
November 10, 2021 – Malware
These invisible characters could be hidden backdoors in your JS code Full Text
Abstract
Could malicious backdoors be hiding in your code, that otherwise appears perfectly clean to the human eye and text editors alike? A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software.BleepingComputer
November 9, 2021 – Outage
Not Punny: Angling Direct Breach Cripples Retailer for Days Full Text
Abstract
A U.K. fishing retailer’s site has been hijacked and redirected to Pornhub.Threatpost
November 9, 2021 – General
Security Tool Guts: How Much Should Customers See? Full Text
Abstract
Yaron Kassner, CTO of Silverfort, delves into the pros and cons of transparency when it comes to cybersecurity tools’ algorithms.Threatpost
November 9, 2021 – Breach
Robinhood Trading Platform Data Breach Hits 7M Customers Full Text
Abstract
The cyberattacker attempted to extort the company after socially engineering a customer service employee to gain access to email addresses and more.Threatpost
November 09, 2021 – Vulnerabilities
Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs Full Text
Abstract
Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system. Of the 55 glitches, six are rated Critical and 49 are rated as Important in severity, with four others listed as publicly known at the time of release. The most critical of the flaws are CVE-2021-42321 (CVSS score: 8.8) and CVE-2021-42292 (CVSS score: 7.8), each concerning a post-authentication remote code execution flaw in Microsoft Exchange Server and a security bypass vulnerability impacting Microsoft Excel versions 2013-2021 respectively. The Exchange Server issue is also one of the bugs that was demonstrated at the Tianfu Cup held in China last month. However, the Redmond-based tech giant did not provide any details on how the two aforemThe Hacker News
November 09, 2021 – Vulnerabilities
NUCLEUS:13 TCP security bugs impact critical healthcare devices Full Text
Abstract
Researchers today published details about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices used in the medical, industrial, automotive, and aerospace sectors.BleepingComputer
November 09, 2021 – Hacker
TeamTNT hackers target your poorly configured Docker servers Full Text
Abstract
Poorly configured Docker servers and being actively targeted by the TeamTNT hacking group in an ongoing campaign started last month.BleepingComputer
November 9, 2021 – Business
OpenText Acquires Email Security Firm Zix for $860 Million Full Text
Abstract
Enterprise information management solutions provider OpenText on Monday announced the acquisition of email security company Zix for $860 million. OpenText will acquire Zix for $8.50 per share in cash.Security Week
November 09, 2021 – Breach
Robinhood says information on millions of customers stolen in data breach Full Text
Abstract
Trading platform Robinhood disclosed late Monday that an “unauthorized party” had stolen the data of over 7 million customers as part of a major data breach.The Hill
November 09, 2021 – Education
Unique Challenges to Cyber-Security in Healthcare and How to Address Them Full Text
Abstract
No business is out of danger of cyberattacks today. However, specific industries are particularly at risk and a favorite of attackers. For years, the healthcare industry has taken the brunt of ransomware attacks, data breaches, and other cyberattacks. Why is the healthcare industry particularly at risk for a cyberattack? What are the unique challenges to cybersecurity in healthcare, and how can healthcare organizations address these? Healthcare at risk Attackers are targeting various industries across the board. However, attackers seem to have a particular affinity for healthcare organizations. For eleven consecutive years, in the IBM Cost of a Data Breach Report 2021 , healthcare had the highest industry cost of a breach. Additionally, Healthcare data breach costs increased from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase. However, the tremendous cost sustained by healthcare organizations for data breach events is not only due to theThe Hacker News
November 9, 2021 – Breach
Robinhood data breach exposes 7 Million users’ information Full Text
Abstract
Robinhood disclosed a security breach, an unidentified threat actor gained unauthorized access to approximately 7 million customer records. Robinhood Markets, Inc. is an American commission-free stock trading and investing platform, it had 18 million...Security Affairs
November 9, 2021 – Vulnerabilities
Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs Full Text
Abstract
Experts urged users to prioritize patches for Microsoft Exchange and Excel, those favorite platforms so frequently targeted by cybercriminals and nation-state actors.Threatpost
November 09, 2021 – Vulnerabilities
Microsoft urges Exchange admins to patch bug exploited in the wild Full Text
Abstract
Microsoft warned admins today to immediately patch a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers.BleepingComputer
November 9, 2021 – Hacker
New Threat Group Exploits Zoho Flaws in U.S Orgs Full Text
Abstract
Palo Alto Networks discovered that Emissary Panda, a hacking group with ties to China, is exploiting Zoho software flaws in the networks of at least nine organizations in the defense, energy, technology, healthcare, and education sectors. The attackers were using malicious tools for credentials ha ... Read MoreCyware Alerts - Hacker News
November 09, 2021 – Government
State and local officials celebrate passage of infrastructure bill with $1 billion in cyber funds Full Text
Abstract
State and local officials are celebrating the expected distribution of $1 billion in cybersecurity funds from the newly approved infrastructure deal, the biggest government investment in state and local cybersecurity to date.The Hill
November 09, 2021 – Business
Robinhood Trading App Suffers Data Breach Exposing 7 Million Users’ Information Full Text
Abstract
Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base , that resulted in unauthorized access of personal information by an unidentified threat actor. The commission-free stock trading and investing platform said the incident happened "late in the evening of November 3," adding it's in the process of notifying affected users. "Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident," the Silicon Valley financial company noted . The malicious third-party is believed to have socially engineered a customer service representative to gain access to internal support systems, using it to obtain the email addresses of five million users, full names for a different group of about two million people, andThe Hacker News
November 9, 2021 – Vulnerabilities
Microsoft Patch Tuesday security updates for November 2021 fix 2 Zero-Days actively exploited Full Text
Abstract
Microsoft Patch Tuesday security updates for November 2021 address 55 vulnerabilities in multiple products and warn of two actively exploited issues. Microsoft Patch Tuesday security updates for November 2021 addressed a total of 55 vulnerabilities...Security Affairs
November 9, 2021 – Vulnerabilities
12 New Flaws Used in Ransomware Attacks in Q3 Full Text
Abstract
The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021.Threatpost
November 09, 2021 – Vulnerabilities
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws Full Text
Abstract
Today is Microsoft's November 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 55 flaws. The actively exploited vulnerabilities are for Microsoft Exchange and Excel, with the Exchange zero-day used as part of the Tianfu hacking contest.BleepingComputer
November 9, 2021 – Cryptocurrency
Scammers on a Crypto Stealing Frenzy Full Text
Abstract
Cryptocurrency has recently gained huge popularity among netizens. However, this has also drawn cybercriminals to various crypto platforms and their users for malicious intents and purposes.Cyware Alerts - Hacker News
November 9, 2021 – Vulnerabilities
Clop gang exploiting CVE-2021-35211 RCE in SolarWinds Serv-U in recent attack Full Text
Abstract
The Clop ransomware gang is exploiting CVE-2021-35211 vulnerability in SolarWinds Serv-U to compromise corporate networks. Threat actors always look for new ways to compromise target networks, Clop ransomware gang (aka TA505, FIN11) is exploiting...Security Affairs
November 9, 2021 – General
The New Frontier of Enterprise Risk: Nth Parties Full Text
Abstract
The average number of vulnerabilities discovered in a Cyberpion scan of external Fortune 500 networks (such as cloud systems) was 296, many critical (with the top of the scale weighing in at a staggering 7,500).Threatpost
November 09, 2021 – Hacker
Iranian state hackers use upgraded malware in attacks on ISPs, telcos Full Text
Abstract
The Iranian state-supported APT known as 'Lyceum' (Hexane, Spilrin) targeted ISPs and telecommunication service providers in the Middle East and Africa between July and October 2021.BleepingComputer
November 9, 2021 – Business
SafeBreach Closes $53.5 Million Series D in New Funding to Fuel Momentum Full Text
Abstract
SafeBreach announced that it has raised $53.5 million in Series D funding, led by Sonae IM and Israel Growth Partners (IGP), with additional participation from Sands Capital and Leumi Partners.Dark Reading
November 9, 2021 – Criminals
International law enforcement arrested REvil ransomware affiliates in Romania and Kuwait Full Text
Abstract
Romanian police arrested two alleged Sodinokibi/REvil ransomware affiliates accused to have orchestrated attacks against thousands of victims. Romanian law enforcement agencies have arrested two alleged Sodinokibi/REvil ransomware affiliates on November...Security Affairs
November 09, 2021 – Solution
Tor Browser 11 removes V2 Onion URL support, adds new UI Full Text
Abstract
The Tor Project has released Tor Browser 11.0 with a new user interface design and the removal of support for V2 onion services.BleepingComputer
November 9, 2021 – Vulnerabilities
New Critical Vulnerabilities Found on Nucleus TCP/IP Stack Full Text
Abstract
Forescout Research Labs, with support from Medigate Labs, have discovered a set of 13 new vulnerabilities affecting the Nucleus TCP/IP stack, which are collectively being referred to as NUCLEUS:13.Forescout
November 9, 2021 – Criminals
US DoS offers a reward of up to $10M for leaders of REvil ransomware gang Full Text
Abstract
The U.S. government offers up to $10 million for identifying or locating leaders in the REvil/Sodinokibi ransomware operation The Department of State offers up to $10 million for information that can lead to the identification or location of individuals...Security Affairs
November 09, 2021 – Criminals
Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks Full Text
Abstract
The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices.BleepingComputer
November 9, 2021 – Cryptocurrency
TeamTNT Abusing Exposed Docker Rest APIs for Launching Cryptomining Attacks Full Text
Abstract
The compromised Docker Hub registry accounts were being used to host malicious images and were an active part of botnets and malware campaigns that abused the Docker REST API.Trend Micro
November 9, 2021 – Policy and Law
Ukrainian REvil affiliate charged with Ransomware Attack on Kaseya Full Text
Abstract
The US DoJ has charged a REvil ransomware affiliate that is suspected to have orchestrated the attack on Kaseya MSP platform in July. The US Department of Justice has charged a REvil ransomware affiliate for orchestrating the ransomware attacks...Security Affairs
November 09, 2021 – Attack
Medical software firm urges password resets after ransomware attack Full Text
Abstract
Medatixx, a German medical software vendor whose products are used in over 21,000 health institutions, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations.BleepingComputer
November 9, 2021 – Hacker
Lyceum Threat Group Targeting Telecom Companies, ISPs in Israel, Morocco, Tunisia, and Saudi Arabia Full Text
Abstract
According to a new report, between July and October this year, Lyceum was spotted in attacks against ISPs and telecoms organizations across Israel, Morocco, Tunisia, and Saudi Arabia.ZDNet
November 9, 2021 – Insider Threat
Healthcare – Patient or Perpetrator? – The Cybercriminals Within Full Text
Abstract
The healthcare industry might be known for the work it does to treat patients. With copious amounts of data collected by healthcare facilities, cybercriminals often target such entities.Security Affairs
November 9, 2021 – Breach
UK’s Biggest Fishing Gear Seller’s Website Gets Hacked, Redirect Users to Adult Site Full Text
Abstract
The UK's biggest fishing shop has been hacked, with its website redirecting keen anglers to an adult website. Angling Direct said it was hit by the attack late on Friday.BBC
November 08, 2021 – Policy and Law
U.S. Charges Ukrainian Hacker for Kaseya Attack; Seizes $6 Million from REvil Gang Full Text
Abstract
The U.S. government on Monday charged a Ukrainian suspect, arrested in Poland last month, with deploying REvil ransomware to target multiple businesses and government entities in the country, including perpetrating the attack against software company Kaseya, marking the latest action to crack down on the cybercrime group and curb further attacks. According to unsealed court documents, 22-year-old Yaroslav Vasinskyi is alleged to have been part of the ransomware operation at least since March 2019 and deployed about 2,500 attacks against businesses worldwide. Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22) was apprehended at the Polish border on October 8 after an international arrest warrant was issued at the behest of U.S. authorities. In another major development, the Justice Department disclosed the seizure of $6.1 million in alleged ransomware payments received by Russian national Yevgeniy Polyanin, who is currently at large and hasThe Hacker News
November 08, 2021 – Criminals
Suspected REvil Ransomware Affiliates Arrested in Global Takedown Full Text
Abstract
Romanian law enforcement authorities have announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, dealing a severe blow to one of the most prolific cybercrime gangs in history. The suspects are believed to have orchestrated more than 5,000 ransomware attacks and extorted close to $600,000 from victims, according to Europol. The arrests, which happened on November 4, are part of a coordinated operation called GoldDust , which has resulted in the arrest of three other REvil affiliates and two suspects connected to GandCrab in Kuwait and South Korea since February 2021. This also includes a 22-year-old Ukrainian national, Yaroslav Vasinskyi, who was arrested in early October and has been accused of perpetrating the devastating attack on Florida-based software firm Kaseya in July 2021, affecting up to 1,500 downstream businesses. In all, the seven suspects linked to the two ransomware families are said to have targeted about 7,000 vicThe Hacker News
November 8, 2021 – Criminals
REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom Full Text
Abstract
The U.S. is seeking the extradition of a Ukrainian man, Yaroslav Vasinskyi, whom they suspect is behind the Kaseya supply-chain attacks and other REvil attacks.Threatpost
November 8, 2021 – Denial Of Service
DDoS Attacks Shatter Records in Q3, Report Finds Full Text
Abstract
Q3 DDoS attacks topped thousands daily, with more growth expected.Threatpost
November 08, 2021 – Criminals
U.S. offers $10 million reward for leaders of REvil ransomware Full Text
Abstract
The U.S. is offering up to $10 million for identifying or locating leaders in the REvil (Sodinokibi) ransomware operation, including $5 million leading to the arrest of affiliates.BleepingComputer
November 8, 2021 – Breach
Lockean Group Cripples Multiple French Companies Full Text
Abstract
French officials identified Lockean, a group that works as an affiliate with other RaaS infrastructure, behind a series of attacks against French organizations over the past two years. Lockean’s average cut of paid ransoms stands at 70% while the rest goes to RaaS maintainers. O rganizations are s ... Read MoreCyware Alerts - Hacker News
November 08, 2021 – Policy and Law
Justice Department seizes $6 million as part of crackdown on hackers linked to Kaseya attack Full Text
Abstract
The Justice Department on Monday announced that it had seized more than $6 million in ransomware victim payments as part of a sweeping effort by the Biden administration to go after and crack down on hackers involved in ransomware attacks against U.S. companies.The Hill
November 08, 2021 – Malware
Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit Full Text
Abstract
At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to gain initial access to targeted organizations, before moving laterally through the network to carry out post-exploitation activities by deploying malicious tools designed to harvest credentials and exfiltrate sensitive information via a backdoor. "The actor heavily relies on the Godzilla web shell, uploading several variations of the open-source web shell to the compromised server over the course of the operation," researchers from Palo Alto Networks' Unit 42 threat intelligence team said in a report. "Several other tools have novel characteristics or haThe Hacker News
November 8, 2021 – Encryption
Initiative Persistence and the Consequence for Cyber Norms Full Text
Abstract
Documents like CYBERCOM's 2018 Command Vision are less provocative in the context of other directives, but who in the U.S. government takes precedence in constructing cyber norms?Lawfare
November 8, 2021 – Outage
Ransomware attack disrupted store operations in the Netherlands and Germany Full Text
Abstract
Electronics retail giant MediaMarkt was hit by a ransomware attack that disrupted store operations in the Netherlands and Germany. Electronics retail giant MediaMarkt was a victim of a ransomware attack that forced the company to shut down...Security Affairs
November 08, 2021 – Breach
Robinhood discloses data breach impacting 7 million customers Full Text
Abstract
Stock trading platform Robinhood has disclosed a data breach after their systems were hacked and a threat actor gained access to the personal information of approximately 7 million customers.BleepingComputer
November 8, 2021 – Hacker
Tortilla Gang Abusing ProxyShell Vulnerabilities to Spread Babuk Full Text
Abstract
Cisco Talos red-flagged a new campaign by Tortilla, one of Babuk’s affiliates, for targeting ProxyShell flaws in Exchange Server in an attempt to breach corporate networks. The gang asks for around $10,000 ransom in Monero to decrypt the encrypted documents. M ore similar attacks are expected in t ... Read MoreCyware Alerts - Hacker News
November 08, 2021 – Hacker
International coalition arrests hackers linked to thousands of ransomware attacks Full Text
Abstract
Romanian authorities have arrested two individuals they say are linked to the use of REvil ransomware as part of a prolific hacking group tied to attacks on several major American companies in recent months.The Hill
November 08, 2021 – Hacker
BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups Full Text
Abstract
A previously undocumented initial access broker has been unmasked as providing entry points to three different threat actors for mounting intrusions that range from financially motivated ransomware attacks to phishing campaigns. BlackBerry's research and intelligence team dubbed the entity " Zebra2104 ," with the group responsible for offering a means of a digital approach to ransomware syndicates such as MountLocker and Phobos, as well as the advanced persistent threat (APT) tracked under the moniker StrongPity (aka Promethium). The threat landscape as we know it has been increasingly dominated by a category of players known as the initial access brokers ( IABs ), who are known to provide other cyber-criminal groups, including ransomware affiliates, with a foothold to an infinite pool of potential organizations belonging to diverse geographies and sectors via persistent backdoors into the victim networks, effectively building a pricing model for remote access. &The Hacker News
November 8, 2021 – Insider Threat
Healthcare – Patient or Perpetrator? – The Cybercriminals Within Full Text
Abstract
The healthcare industry might be known for the work it does to treat patients. But it is also a prime target for malicious cyber actors. With copious amounts of data collected by healthcare facilities, cybercriminals often target such entities. Moreover,...Security Affairs
November 08, 2021 – Government
US sanctions Chatex cryptoexchange used by ransomware gangs Full Text
Abstract
The US Treasury Department announced today sanctions against the Chatex cryptocurrency exchange for helping ransomware gangs evade sanctions and facilitating ransom transactions.BleepingComputer
November 8, 2021 – Botnet
Experts Disclose Pink Botnet Amidst Multiple DDoS Alerts Full Text
Abstract
Researchers recently reported a massive DDoS campaign involving Pink botnet that had infected millions of devices. It is touted as the largest botnet observed in the last six years.Cyware Alerts - Hacker News
November 08, 2021 – Education
Types of Penetration Testing Full Text
Abstract
If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your project, hire the right expert and, ultimately, achieve your security objectives. What is penetration testing? Penetration testing, commonly referred to as "pen testing," is a technique that simulates real-life attacks on your IT systems to find weaknesses that could be exploited by hackers. Whether to comply with security regulations such as ISO 27001, gain customer and 3rd party trust, or achieve your own peace of mind, penetration testing is an effective method used by modern organizations to strengthen their cyber security posture and prevent data breaches. Read about the different types of penetration testing to find out which type you can benefit from the most: Network penetration testing As the name suggests, a network penetraThe Hacker News
November 8, 2021 – Criminals
Operation Cyclone targets Clop Ransomware affiliates Full Text
Abstract
Operation Cyclone - Six alleged affiliates with the Clop ransomware operation were arrested in an international joint law enforcement operation led by Interpol. Interpol announced the arrest of six alleged affiliates with the Clop ransomware operation...Security Affairs
November 08, 2021 – Criminals
US seizes $6 million from REvil ransomware, arrest Kaseya hacker Full Text
Abstract
The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner.BleepingComputer
November 8, 2021 – Criminals
BlackMatter is Shutting Down - Is This Really Happening? Full Text
Abstract
BlackMatter has gained a huge amount of notoriety in a short span of time but its time in the underworld has apparently come to an end, or so its operators say.Cyware Alerts - Hacker News
November 08, 2021 – Vulnerabilities
Critical Flaws in Philips TASY EMR Could Expose Patient Data Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive patient data from patient databases. "Successful exploitation of these vulnerabilities could result in patients' confidential data being exposed or extracted from Tasy's database, give unauthorized access, or create a denial-of-service condition," CISA said in a medical bulletin issued on November 4. Used by over 950 healthcare institutions primarily in Latin America, Philips Tasy EMR is designed as an integrated healthcare informatics solution that enables centralized management of clinical, organizational and administrative processes, including incorporating analytics, billing, and inventory and supply management for medical prescriptions. The SQL injection flaws — CVE-2021-39375 and CVE-2021-39376 — affect Tasy EMR HTML5The Hacker News
November 8, 2021 – Hacker
Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw Full Text
Abstract
Experts warn of an ongoing hacking campaign that already compromised at least nine organizations worldwide from critical sectors by exploiting CVE-2021-40539. Cybersecurity experts from Palo Alto Networks warn of an ongoing cyberespionage campaign...Security Affairs
November 08, 2021 – Vulnerabilities
Sitecore XP RCE flaw patched last month now actively exploited Full Text
Abstract
The Australian Cyber Security Center (ACSC) is alerting web admins of the active exploitation of CVE-2021-42237, a remote code execution flaw in the Sitecore Experience Platform (Sitecore XP).BleepingComputer
November 8, 2021 – Phishing
Spam and Phishing Trends - Q3 2021 Edition Full Text
Abstract
Attackers attempted to cash in on anniversaries of brands, such as IKEA, Tesco, and Amazon, by creating fake sites related to the brands and holding prize draws or surveys.Cyware Alerts - Hacker News
November 8, 2021 – Privacy
Hungarian official confirms Hungary used NSO Group Pegasus spyware Full Text
Abstract
A Hungarian government official confirmed that his government has bought and used the controversial NSO Group's Pegasus spyware. Lajos Kosa, chair of the Parliament’s Defense and Law Enforcement Committee, confirmed that Hungary is one of the clients...Security Affairs
November 08, 2021 – Criminals
Criminal group dismantled after forcing victims to be money mules Full Text
Abstract
The Spanish police have arrested 45 people who are believed to be members of an online fraud group that operated twenty websites to defraud at least 200 people of 1,500,000 Euros ($1.73 million).BleepingComputer
November 8, 2021 – Business
McAfee to be Taken Private in $14 Billion Private Equity Deal Full Text
Abstract
Cybersecurity firm McAfee Corp. has agreed to be acquired by a group of private equity firms led by Advent International, in a deal valued at more than $14 billion, the company announced Monday.Security Week
November 8, 2021 – Government
FBI warns of fraudulent schemes using cryptocurrency ATMs and QR for payments Full Text
Abstract
The FBI warns of an increase of fraudulent schemes leveraging cryptocurrency ATMs and QR Codes to facilitate payment. The FBI Internet Crime Complaint Center (IC3) published an alert to warn the public of fraudulent schemes leveraging cryptocurrency...Security Affairs
November 08, 2021 – Criminals
REvil ransomware affiliates arrested in Romania and Kuwait Full Text
Abstract
Romanian law enforcement authorities have arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates, allegedly responsible for infecting thousands of victims.BleepingComputer
November 8, 2021 – Breach
Data Breach at Indian Securities Depository CDSL Allegedly Impacted Investors’ Personal Data Full Text
Abstract
A vulnerability at a CDSL subsidiary, CDSL Ventures Limited (CVL), has exposed personal and financial data of over 4 crore Indian investors twice in a period of 10 days, according to CyberX9.The Times Of India
November 08, 2021 – Attack
MediaMarkt hit by Hive ransomware, initial $240 million ransom Full Text
Abstract
Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.BleepingComputer
November 8, 2021 – Government
Chinese Government Claims Foreign Cyberattacks Impacted Passenger Records at Multiple Airlines Full Text
Abstract
The hacking campaign was discovered after one of China’s airlines reported a security breach to MSS officials in January 2020. A subsequent investigation found several other airlines also impacted.The Record
November 08, 2021 – Business
Google will kill Chrome sync support on Chrome 48 and earlier Full Text
Abstract
Google will end support for the Chrome sync feature for all users still running Google Chrome 48 and earlier after Chrome 96 reaches the stable channel.BleepingComputer
November 8, 2021 – Business
SCYTHE Announces $10 Million Series A Investment to Support Expansion of Enterprise-Level Cybersecurity Full Text
Abstract
SCYTHE, a provider of an adversarial emulation platform, today announced the company has received $10 million in Series A funding, led by Gula Tech Ventures and Paladin Capital Group.Yahoo! Finance
November 08, 2021 – Breach
State hackers breach defense, energy, healthcare orgs worldwide Full Text
Abstract
Cybersecurity firm Palo Alto Networks warned over the weekend of an ongoing hacking campaign that has already resulted in the compromise of at least nine organizations worldwide from critical sectors, including defense, healthcare, energy, technology, and education.BleepingComputer
November 07, 2021 – Breach
Hackers breach nine global organizations in ongoing espionage campaign Full Text
Abstract
A hacking group with potential ties to China has breached nine global organizations as part of an ongoing espionage effort mostly targeting the defense sector, findings made public Sunday revealed.The Hill
November 07, 2021 – Malware
Two NPM Packages With 22 Million Weekly Downloads Found Backdoored Full Text
Abstract
In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts. The two libraries in question are " coa ," a parser for command-line options, and " rc ," a configuration loader, both of which were tampered by an unidentified threat actor to include "identical" password-stealing malware. All versions of coa starting with 2.0.3 and above — 2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1, and 3.1.3 — are impacted, and users of the affected versions are advised to downgrade to 2.0.2 as soon as possible and check their systems for suspicious activity, according to a GitHub advisory published on November 4. In a similar vein, versions 1.2.9, 1.3.9, and 2.3.9 of rc have been found laced with malware, with an independent alert uThe Hacker News
November 07, 2021 – Criminals
Operation Cyclone deals blow to Clop ransomware operation Full Text
Abstract
A thirty-month international law enforcement operation codenamed 'Operation Cyclone' targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine.BleepingComputer
November 7, 2021 – Phishing
Experts spotted a phishing campaign impersonating security firm Proofpoint Full Text
Abstract
Threat actors are impersonating cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Gmail credentials. Cybercriminals are impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft...Security Affairs
November 7, 2021 – Skimming
New Magecart group uses an e-Skimmer that avoids VMs and sandboxes Full Text
Abstract
A new Magecart group leverages a browser script to evade virtualized environments and sandboxes used by researchers. Malwarebytes researchers have spotted a new Magecart group that uses a browser script to evade detection and the execution in virtualized...Security Affairs
November 7, 2021 – General
Security Affairs newsletter Round 339 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
November 7, 2021 – Breach
Casinos of tribal communities are losing millions in Ransomware attacks Full Text
Abstract
The FBI issued a private industry notification (PIN) to warn of ransomware attacks that hit several tribal-owned casinos last year. A private industry notification issued by the FBI's Cyber Division revealed that ransomware attacks hit several tribal-owned...Security Affairs
November 6, 2021 – Government
FBI Warning: Ransomware Now Targeting Time-Critical Events Full Text
Abstract
U.S. officials noted that ransomware groups are directing attacks toward firms involved in time-sensitive financial events, such as corporate mergers and acquisitions. The operators look for private and non-publicly available sensitive information to use during extortion. It is believed that this ... Read MoreCyware Alerts - Hacker News
November 6, 2021 – Cryptocurrency
Threat actors stole $55 million worth of cryptocurrency from bZx DeFi platform Full Text
Abstract
DeFi platforms are a privileged target for crooks, threat actors have stolen $55 million from bZx DeFi platform. Threat actors have stolen $55 million worth of cryptocurrency from the bZx decentralized finance (DeFi) platform. The decentralized finance...Security Affairs
November 6, 2021 – Vulnerabilities
Philips Tasy EMR healthcare infomatics solution vulnerable to SQL injection Full Text
Abstract
The Philips Tasy EMR comprehensive healthcare informatics solution is affected by two critical SQL injection vulnerabilities. The Philips Tasy EMR is a comprehensive healthcare informatics solution that is used by thousands of hospitals and healthcare...Security Affairs
November 6, 2021 – APT
BlackBerry report highlights initial access broker providing entry to StrongPity APT, MountLocker and Phobos ransomware gangs Full Text
Abstract
A new report from BlackBerry has uncovered an initial access broker called "Zebra2104" that has connections to three malicious cybercriminal groups, some of which are involved in ransomware and phishing.ZDNet
November 6, 2021 – Hacker
White hat hackers earn over $1 Million at Pwn2Own Austin 2021 Full Text
Abstract
The Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, and participants earned $1,081,250 for 61 zero-day flaws. Trend Micro's Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total...Security Affairs
November 6, 2021 – Business
SolarWinds investors allege board knew about cyber risks Full Text
Abstract
SolarWinds Corp investors have sued the software company's directors, alleging they knew about and failed to monitor cybersecurity risks to the company ahead of a breach that created a vulnerability in thousands of its customers' systems.Reuters
November 6, 2021 – Government
A drone was modified to disrupt U.S. Power Grid, says intelligence bulletin Full Text
Abstract
US officials believe that a drone was employed in an attempted attack on a power substation in Pennsylvania last year. US officials believe threat actors used a drone in an attempted attack on a power substation in Pennsylvania last year. The...Security Affairs
November 05, 2021 – Ransomware
The Week in Ransomware - November 5th 2021 - Placing bounties Full Text
Abstract
Law enforcement continues to keep up the pressure on ransomware operations with infrastructure hacks and million-dollar rewards, leading to the shut down of criminal operations.BleepingComputer
November 05, 2021 – Government
Lawmakers call on Biden administration to take further steps against spyware groups Full Text
Abstract
A group of House Democrats on Friday applauded the Biden administration for blacklisting key companies involved in cyber espionage efforts, including Israeli company NSO Group, but called on the White House to go further and considering imposing sanctions to limit this activity.The Hill
November 05, 2021 – Hacker
Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group Full Text
Abstract
Ukraine's premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon , linking the members to Russia's Federal Security Service (FSB). Calling the hacker group "an FSB special project, which specifically targeted Ukraine," the Security Service of Ukraine (SSU) said the perpetrators "are officers of the 'Crimean' FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014." The names of the five individuals the SSU alleges are part of the covert operation are Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych, and Sushchenko Oleh Oleksandrovych. Since its inception in 2013, the Russia-linked Gamaredon group (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) has been responsiThe Hacker News
November 5, 2021 – Business
Native Tribal Casinos Taking Millions in Ransomware Losses Full Text
Abstract
An FBI notification is warning of an uptick in attacks against tribal casinos.Threatpost
November 05, 2021 – Hacker
Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice Full Text
Abstract
Trend Micro's ZDI has awarded $1,081,250 for 61 zero-days exploited at Pwn2Own Austin 2021, with competitors successfully pwning the Samsung Galaxy S21 again and hacking an HP LaserJet printer to play AC/DC's Thunderstruck on the contest's third day.BleepingComputer
November 05, 2021 – Government
Senators move to include 72 hour timeline for cyber incident reporting in defense bill Full Text
Abstract
A bipartisan group of senators are moving to insert a provision into the upcoming annual National Defense Authorization Act (NDAA) that would give certain critical infrastructure groups 72 hours to report major cyber incidents to the government.The Hill
November 05, 2021 – Government
U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies to prioritize applying patches for those security flaws within "aggressive" timeframes. "These vulnerabilities pose significant risk to agencies and the federal enterprise," the agency said in a binding operational directive (BOD) issued Wednesday. "It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents." About 176 vulnerabilities identified between 2017 and 2020, and 100 flaws from 2021 have made their way to the initial list, which is expected to be updated with additional actively exploited vulnerabilities as and when they become known provided they have been assigned Common VuThe Hacker News
November 5, 2021 – Education
Beyond the Basics: Tips for Building Advanced Ransomware Resiliency Full Text
Abstract
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.Threatpost
November 05, 2021 – Government
FBI: Ransomware gangs hit several tribal-owned casinos in the last year Full Text
Abstract
The Federal Bureau of Investigation (FBI) says that multiple ransomware gangs have hit tribal entities over the last year, taking down their systems and impacting businesses and public services.BleepingComputer
November 5, 2021 – Vulnerabilities
Linux Foundation Fixes ‘Dangerous’ Code Execution Kernel Bug Full Text
Abstract
Researchers are calling attention to a newly discovered security defect in a kernel module that ships with all major Linux distributions, warning that remote attackers can exploit the bug to take complete control of a vulnerable system.Security Week
November 05, 2021 – Criminals
U.S. Offers $10 Million Reward for Information on DarkSide Ransomware Group Full Text
Abstract
The U.S. government on Thursday announced a $10 million reward for information that may lead to the identification or location of key individuals who hold leadership positions in the DarkSide ransomware group or any of its rebrands. On top of that, the State Department is offering bounties of up to $5 million for intel and tip-offs that could result in the arrest and/or conviction in any country of individuals who are conspiring or attempting to participate in intrusions affiliated with the transnational organized crime syndicate. "In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals," the State Department said in a statement. "The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware." The development comes in response to DarkSide's high-prThe Hacker News
November 5, 2021 – Breach
US defense contractor Electronic Warfare Associates discloses data breach Full Text
Abstract
US defense contractor Electronic Warfare Associates (EWA) was hit by a cyber attack, threat actors stole personal information from its email system. US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat...Security Affairs
November 5, 2021 – Cryptocurrency
Google Ads for Faux Cryptowallets Net Scammers At Least $500K Full Text
Abstract
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.Threatpost
November 05, 2021 – Vulnerabilities
Philips healthcare infomatics solution vulnerable to SQL injection Full Text
Abstract
The Philips Tasy EMR, used by hundreds of hospitals as a medical record solution and healthcare management system, is vulnerable to two critical SQL injection flaws.BleepingComputer
November 5, 2021 – Attack
Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks Full Text
Abstract
Ukraine’s security service, the SBU, has revealed the identities of five individuals allegedly involved in cyberattacks attributed to a Russia-linked threat group named Gamaredon.Security Week
November 5, 2021 – APT
Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group Full Text
Abstract
Ukraine's premier law enforcement and counterintelligence revealed the real identities of five FSB members behind the Gamaredon cyberespionage group. Ukraine's premier law enforcement and counterintelligence disclosed the real identities of five...Security Affairs
November 05, 2021 – Breach
US defense contractor Electronic Warfare hit by data breach Full Text
Abstract
US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system and stole files containing personal information.BleepingComputer
November 5, 2021 – Hacker
Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware Full Text
Abstract
Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware.Security Affairs
November 5, 2021 – Vulnerabilities
Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware Full Text
Abstract
A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting...Security Affairs
November 05, 2021 – Government
FBI warns of increased use of cryptocurrency ATMs, QR codes for fraud Full Text
Abstract
The Federal Bureau of Investigation (FBI) warns that victims of various fraud schemes are increasingly asked by criminals to use cryptocurrency ATMs and Quick Response (QR) codes, making it harder to recover their financial losses.BleepingComputer
November 5, 2021 – Malware
npm libraries coa and rc. have been hijacked to deliver password-stealing malware Full Text
Abstract
Two popular npm libraries, coa and rc., have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc., have...Security Affairs
November 05, 2021 – Vulnerabilities
Mozilla Thunderbird 91.3 released to fix high impact flaws Full Text
Abstract
Mozilla released Thunderbird 91.3 to fix several high-impact vulnerabilities that can cause a denial of service, spoof the origin, bypass security policies, and allow arbitrary code execution.BleepingComputer
November 5, 2021 – Government
US Gov offers a reward of up to $10M for info on DarkSide leading members Full Text
Abstract
The US government offers up to a $10,000,000 reward for information leading to the identification or arrest of DarkSide gang members. The US government wants to dismantle the DarkSide ransomware operation and its rebrands and it is offering up to a $10,000,000...Security Affairs
November 04, 2021 – Ransomware
US targets DarkSide ransomware, rebrands with $10 million reward Full Text
Abstract
The US government is targeting the DarkSide ransomware and its rebrands with up to a $10,000,000 reward for information leading to the identification or arrest of members of the operation.BleepingComputer
November 4, 2021 – Ransomware
Exmatter Tool Expedites BlackMatter’s Data Exfiltration Full Text
Abstract
BlackMatter ransomware group included a new data exfiltration tool called Exmatter to hasten its information-stealing process from victims' networks. The tool has been developed using the DotNet framework. Organizations are suggested to use robust anti-ransomware solutions to stay protected and sta ... Read MoreCyware Alerts - Hacker News
November 04, 2021 – Policy and Law
State Dept. offering $10 million reward to bring Colonial Pipeline hackers to justice Full Text
Abstract
The State Department on Thursday announced a $10 million reward for anyone who can provide information on leaders of the cyber criminal group that launched a ransomware attack on Colonial Pipeline in May, which temporarily crippled gas supply for several states.The Hill
November 04, 2021 – Vulnerabilities
Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module Full Text
Abstract
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication ( TIPC ) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," cybersecurity firm SentinelOne said in a report published today and shared with The Hacker News. TIPC is a transport layer protocol designed for nodes running in dynamic cluster environments to reliably communicate with each other in a manner that's more efficient and fault-tolerant than other protocols such as TCP. The vulnerability identified by SentinelOne has to do with a new message type called " MSG_CRYPTO " that was introduced in September 2020 and enables peer nodes in the cluster toThe Hacker News
November 4, 2021 – Education
3 Guideposts for Building a Better Incident-Response Plan Full Text
Abstract
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.Threatpost
November 04, 2021 – Government
CISA urges vendors to patch BrakTooth bugs after exploits release Full Text
Abstract
Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip (SoC) security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress.BleepingComputer
November 4, 2021 – Attack
Labour hit by ‘cyber incident’ affecting members’ data Full Text
Abstract
The party said the impact of the incident, affecting an external supplier, was not yet clear and it was urgently investigating whether the data had been hacked. Police, cybersecurity specialists and regulators had been notified, it added.The Guardian
November 04, 2021 – Government
Industry pushes back on federal, congressional cybersecurity mandate efforts Full Text
Abstract
Officials representing key transportation sectors including rail and aviation on Thursday made clear that proposed cybersecurity reporting mandates and other federal cyber efforts aimed at beefing up security are not what is needed to defend against increasing attacks.The Hill
November 04, 2021 – General
Our journey to API security at Raiffeisen Bank International Full Text
Abstract
This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. Launching the "Security in Agile" program Headquartered in Vienna, Raiffeisen Bank International (RBI) operates across 14 countries in Central and Eastern Europe with around 45,000 employees. Our focus is on providing universal banking solutions to customers, as well as developing digital banking products for the retail and corporate markets. Accordingly, RBI has a substantial R&D division, making for a very large community of IT and engineering professionals all over Europe. Back in 2019, we began shifting to a product-led agile setup for RBI, introducing various security roles contributing and collaborating to achieve our strategic goals. As part of this journey, we established the security champThe Hacker News
November 4, 2021 – Government
CISA recommends vendors to fix BrakTooth issues after the release of PoC tool Full Text
Abstract
CISA urges vendors to address BrakTooth flaws after researchers have released public exploit code and a proof of concept tool for them. US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code...Security Affairs
November 04, 2021 – Phishing
Phishing emails deliver spooky zombie-themed MirCop ransomware Full Text
Abstract
A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes.BleepingComputer
November 4, 2021 – Policy and Law
U.K. man implicated in Twitter hacking charged in NY with cryptocurrency theft Full Text
Abstract
A U.K. man previously charged in the United States with involvement in the hacking of politicians’ and celebrities’ Twitter accounts was charged on Wednesday over a separate scheme resulting in the theft of $784,000 of cryptocurrency.Reuters
November 04, 2021 – Criminals
Top DOJ official predicting more arrests in crackdown on ransomware, cyber crime Full Text
Abstract
Deputy Attorney General Lisa Monaco said the U.S. should expect to see a crackdown on ransomware attacks and cyber crime as the Department of Justice (DOJ) ramps up its efforts in the area.The Hill
November 4, 2021 – Vulnerabilities
Cisco warns of hard-coded credentials and default SSH key issues in some products Full Text
Abstract
Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed...Security Affairs
November 04, 2021 – Malware
Popular ‘coa’ NPM library hijacked to steal user passwords Full Text
Abstract
Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. The 'coa' library, short for Command-Option-Argument, receives about 9 million weekly downloads on npm, and is used by almost 5 million open source repositories on GitHub.BleepingComputer
November 4, 2021 – Vulnerabilities
Expert found a critical remote code execution bug in Linux Kernel Full Text
Abstract
A critical heap-overflow vulnerability, tracked as CVE-2021-43267, in Linux Kernel can allow remote attackers to takeover vulnerable installs. A SentinelOne researcher discovered a critical remote code execution vulnerability, tracked as CVE-2021-43267,...Security Affairs
November 04, 2021 – Vulnerabilities
Cisco fixes hard-coded credentials and default SSH key issues Full Text
Abstract
Cisco has released security updates to address critical security flaws allowing unauthenticated attackers to log in using hard-coded credentials or default SSH keys to take over unpatched devices.BleepingComputer
November 4, 2021 – Hacker
Hacker allegedly involved in 2020 Twitter hack charged with theft of $784K in crypto Full Text
Abstract
The US DoJ charged the suspected Twitter hacker 'PlugWalkJoe' with the theft of $784,000 worth of cryptocurrency using SIM swap attacks. The US Department of Justice has indicted Joseph James O'Connor, a suspected Twitter hacker also known as 'PlugWalkJoe,'...Security Affairs
November 04, 2021 – Vulnerabilities
Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware Full Text
Abstract
A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware.BleepingComputer
November 4, 2021 – Government
CISA shares a catalog of 306 actively exploited vulnerabilities Full Text
Abstract
The US CISA shared a list of vulnerabilities known to be exploited in the wild and orders US federal agencies to address them within deadlines. The US Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of 306 actively...Security Affairs
November 04, 2021 – Vulnerabilities
Samsung Galaxy S21 hacked on second day of Pwn2Own Austin Full Text
Abstract
Contestants hacked the Samsung Galaxy S21 smartphone during the second day of the Pwn2Own Austin 2021 competition, as well as routers, NAS devices, speakers, and printers from Cisco, TP-Link, Western Digital, Sonos, Canon, Lexmark, and HP.BleepingComputer
November 4, 2021 – Government
CERT-FR warns of Lockean ransomware attacks against French companies Full Text
Abstract
CERT-France warns of a new ransomware group named Lockean that is behind a series of attacks against French organizations over the past 2 years. France’s Computer Emergency Response Team (CERT-FR) officials identified a new ransomware gang named...Security Affairs
November 04, 2021 – Hacker
Ukraine links members of Gamaredon hacker group to Russian FSB Full Text
Abstract
SSU and the Ukrainian secret service say they have identified five members of the Gamaredon hacking group, a Russian state-sponsored operation known for targeting Ukraine since 2014.BleepingComputer
November 04, 2021 – Cryptocurrency
Crypto investors lose $500,000 to Google Ads pushing fake wallets Full Text
Abstract
Threat actors are using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user's cryptocurrency.BleepingComputer
November 04, 2021 – Criminals
Lockean multi-ransomware affiliates linked to attacks on French orgs Full Text
Abstract
Details about the tools and tactics used by a ransomware affiliate group, now tracked as Lockean, have emerged today in a report from France's Computer Emergency Response Team (CERT).BleepingComputer
November 3, 2021 – Malware
Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign Full Text
Abstract
The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.Threatpost
November 03, 2021 – Policy and Law
US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware Full Text
Abstract
The U.S. Commerce Department on Wednesday added four companies, including Israel-based spyware companies NSO Group and Candiru , to a list of entities engaging in "malicious cyber activities." The agency said the two companies were added to the list based on evidence that "these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers." "These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists, and activists outside of their sovereign borders to silence dissent," the Commerce Department said . Two other firms on the list include Singapore-based Computer Security Initiative Consultancy PTE. LTD . and Russia's Positive Technologies , the latter of which was already sanctioned by the U.S. DepaThe Hacker News
November 3, 2021 – Vulnerabilities
‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks Full Text
Abstract
The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla” threat actor.Threatpost
November 3, 2021 – Criminals
Report: BlackMatter Ransomware Gang Goes Dark, Again Full Text
Abstract
The former DarkSide cybercriminal group will shut down due to increased pressure from authorities, who may have nabbed a key team member.Threatpost
November 03, 2021 – Privacy
Blacklisting of NSO Group shakes up spyware debate Full Text
Abstract
The Hill
November 03, 2021 – Cryptocurrency
Alleged Twitter hacker charged with theft of $784K in crypto via SIM swaps Full Text
Abstract
The US Department of Justice has indicted a suspected Twitter hacker known as 'PlugWalkJoe' for also stealing $784,000 worth of cryptocurrency using SIM swap attacks.BleepingComputer
November 3, 2021 – Government
FBI Warning: HelloKitty Adds DDoS for Quick Extortion Full Text
Abstract
The FBI has issued a flash alert warning against the HelloKitty ransomware group who recently started threatening victims with DDoS attacks. The group's ransom demands fluctuate for each victim and are based on their ability to pay. O rganizations should apply recommended mitigations at the e ... Read MoreCyware Alerts - Hacker News
November 03, 2021 – Government
Top cyber official reports ‘decrease’ in Russian cyberattacks against US groups Full Text
Abstract
White House National Cyber Director Chris Inglis testified on Capitol Hill Wednesday that there had been a “decrease” in the number of cyberattacks against U.S. companies traced back to Russia, but stressed that the reason was not clear.The Hill
November 03, 2021 – Ransomware
BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released Full Text
Abstract
An analysis of new samples of BlackMatter ransomware for Windows and Linux has revealed the extent to which the operators have continually added new features and encryption capabilities in successive iterations over a three-month period. No fewer than 10 Windows and two Linux versions of the ransomware have been observed in the wild to date, Group-IB threat researcher Andrei Zhdanov said in a report shared with The Hacker News, pointing out the changes in the implementation of the ChaCha20 encryption algorithm used to encrypt the contents of the files. BlackMatter emerged in July 2021 boasting of incorporating the "best features of DarkSide, REvil, and LockBit" and is considered the successor to DarkSide, which has since shut down alongside REvil in the wake of law enforcement scrutiny. Operating as a ransomware-as-a-service (RaaS) model, the BlackMatter is believed to have hit more than 50 companies in the U.S., Austria, Italy, France, Brazil, among others. What&The Hacker News
November 3, 2021 – Breach
The U.K. Labour Party discloses a data breach Full Text
Abstract
The U.K. Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data. The U.K. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack....Security Affairs
November 3, 2021 – General
Predicting the Next OWASP API Security Top 10 Full Text
Abstract
API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.Threatpost
November 03, 2021 – Phishing
Beware: Free Discord Nitro phishing targets Steam gamers Full Text
Abstract
A new Steam phishing promoted via Discord messages promises a free Nitro subscription if a user links their Steam account, which the hackers then use to steal game items or promote other scams.BleepingComputer
November 3, 2021 – Hacker
Attackers Exploiting Google Chrome on Windows 10 for UAC Bypass Full Text
Abstract
Rapid7 unearthed a malicious campaign targeting Windows 10 running on Chrome browsers. The objective of the campaign is to obtain sensitive data and steal cryptocurrency from the infected systems. Experts recommend avoiding visiting unknown sites and clicking on suspicious links.Cyware Alerts - Hacker News
November 03, 2021 – Hacker
Commerce Department blacklists four groups linked to cyber surveillance operations Full Text
Abstract
The Commerce Department on Wednesday added four organizations linked to cyber surveillance operations, including the Israeli company NSO Group, to its “entity list,” effectively blacklisting them.The Hill
November 03, 2021 – Solution
Product Overview - Cynet Centralized Log Management Full Text
Abstract
For most organizations today, the logs produced by their security tools and environments provide a mixed bag. On the one hand, they can be a trove of valuable data on security breaches, vulnerabilities, attack patterns, and general security insights. On the other, organizations don't have the right means to manage the massive scale of logs and data produced to derive any value from it. Log management can quickly become a sore point, and either be forgotten or improperly managed if done manually. In turn, this reduces data transparency and leaves organizations more exposed to vulnerabilities that could have been detected. A new centralized log management module (CLM) introduced by XDR provider Cynet ( learn more here ) could help organizations lighten that load and enhance organizations' visibility into their valuable log data. Instead of manually handling the collection, storage, and parsing of data, organizations can use CLM to enhance their log analysis, better understand theiThe Hacker News
November 3, 2021 – General
Cyber Defense Magazine – November 2021 has arrived. Enjoy it! Full Text
Abstract
Cyber Defense Magazine September 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with 155 pages of excellent content. The Cyber Defense eMagazine for November 2021 We've, all of us, been through two trying years with...Security Affairs
November 03, 2021 – Breach
UK Labour Party discloses data breach after ransomware attack Full Text
Abstract
The UK Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a third-party organization that was managing the party's data.BleepingComputer
November 3, 2021 – Ransomware
Chaos Ransomware Targeting Minecraft Gamers in Japan Full Text
Abstract
FortiGuard Labs found a Chaos ransomware variant being circulated on Japanese Minecraft forums. While this variant encrypts certain files, it completely destroys some. Gamers are recommended to stay alert while being offered such commodities on gaming forums.Cyware Alerts - Hacker News
November 03, 2021 – Vulnerabilities
Federal agencies ordered to patch hundreds of vulnerabilities Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday ordered all federal agencies to immediately begin work on patching hundreds of cyber vulnerabilities, warning that malicious actors are continuing to target U.S. critical infrastructure.The Hill
November 03, 2021 – Malware
Mekotio Banking Trojan Resurfaces with New Attacking and Stealth Techniques Full Text
Abstract
The operators behind the Mekotio banking trojan have resurfaced with a shift in its infection flow so as to stay under the radar and evade security software, while staging nearly 100 attacks over the last three months. "One of the main characteristics […] is the modular attack which gives the attackers the ability to change only a small part of the whole in order to avoid detection," researchers from Check Point Research said in a report shared with The Hacker News. The latest wave of attacks are said to primarily target victims located in Brazil, Chile, Mexico, Peru, and Spain. The development comes after Spanish law enforcement agencies in July 2021 arrested 16 individuals belonging to a criminal network in connection with operating Mekotio and another banking malware called Grandoreiro as part of a social engineering campaign targeting financial institutions in Europe. The evolved version of the Mekotio malware strain is designed for compromising Windows systems witThe Hacker News
November 3, 2021 – Government
NSO Group, Positive Technologies and other firms sanctioned by the US government Full Text
Abstract
The U.S. sanctioned four companies for the development of surveillance malware or the sale of hacking tools used by nation-state actors, including NSO Group. The Commerce Department's Bureau of Industry and Security (BIS) has sanctioned four companies...Security Affairs
November 03, 2021 – Ransomware
BlackMatter ransomware moves victims to LockBit after shutdown Full Text
Abstract
With the BlackMatter ransomware operation shutting down, existing affiliates are moving their victims to the competing LockBit ransomware site for continued extortion.BleepingComputer
November 3, 2021 – Ransomware
How Ransomware Operations Continue to Evolve Full Text
Abstract
Ransomware threats continue to be many criminals' weapon of choice for reliably shaking down victims small, medium, and large, in pursuit of a safe, easy and reliable payday.Gov Info Security
November 03, 2021 – Privacy
Facebook to Shut Down Facial Recognition System and Delete Billions of Records Full Text
Abstract
Facebook's newly-rebranded parent company Meta on Tuesday announced plans to discontinue its decade-old "Face Recognition" system and delete a massive trove of more than a billion users' facial recognition templates as part of a wider initiative to limit the use of the technology across its products. The Menlo Park tech giant described the about-face as "one of the largest shifts in facial recognition usage in the technology's history." The shutdown, which is expected to take place over the coming weeks, will mean users who have previously opted into the setting will no longer be automatically recognized in Memories, photos and videos or see suggested tags with their name in photos and videos they may appear in. Furthermore, the company's Automatic Alt Text (AAT) tool, which creates image descriptions for visually impaired people, will no longer include the names of people identified in photos. Facebook's discontinuing of the program comThe Hacker News
November 3, 2021 – Criminals
Cybercrime underground flooded with offers for initial access to shipping and logistics orgs Full Text
Abstract
Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains. Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground...Security Affairs
November 03, 2021 – Malware
Stealthier version of Mekotio banking trojan spotted in the wild Full Text
Abstract
A new version of a banking trojan known as Mekotio is being deployed in the wild, with malware analysts reporting that it's using a new, stealthier infection flow.BleepingComputer
November 3, 2021 – Solution
Confidential Computing Consortium unveils Gramine 1.0 to protect sensitive datasets at all stages Full Text
Abstract
The Confidential Computing Consortium’s new Gramine Project is introducing its production-ready version – Gramine 1.0 – to enable the protection of sensitive workloads with Intel SGX.Help Net Security
November 3, 2021 – Criminals
BlackMatter ransomware gang is shutting down due to pressure from law enforcement Full Text
Abstract
The BlackMatter ransomware gang announced it is going to shut down its operation due to pressure from law enforcement. The BlackMatter ransomware group has announced it is shutting down its operation due to the pressure from local authorities. The...Security Affairs
November 03, 2021 – Government
US sanctions NSO Group and three others for spyware and exploit sales Full Text
Abstract
The U.S. has sanctioned four companies located in Israel, Russia, and Singapore for the development of spyware or the sale of hacking tools used by state-sponsored hacking groups.BleepingComputer
November 3, 2021 – Vulnerabilities
Mozilla fixes security vulnerabilities in Firefox 94 Full Text
Abstract
In a security advisory, Mozilla’s announced that several security issues in its Firefox browser have been fixed. Several of these vulnerabilities were listed as having a high impact.Malwarebytes Labs
November 3, 2021 – Vulnerabilities
Google fixes actively exploited Zero-Day Kernel flaw in Android Full Text
Abstract
Google’s Android November 2021 security updates address a zero-day vulnerability in the Kernel that is actively exploited in the wild. Google’s Android November 2021 security updates addressed 18 vulnerabilities in the framework and system components...Security Affairs
November 03, 2021 – General
Mobile phishing attacks targeting energy sector surge by 161% Full Text
Abstract
Mobile phishing attacks targeting employees in the energy industry have risen by 161% compared to last year's (H2 2020) data, and the trend is showing no signs of slowing down.BleepingComputer
November 3, 2021 – Solution
Microsoft to release ‘Defender for Business’ platform Full Text
Abstract
Microsoft 365's Jon Maunder said its "specially built to bring enterprise-grade endpoint security to businesses with up to 300 employees, in a solution that is easy-to-use and cost-effective."ZDNet
November 03, 2021 – Hacker
Sonos, HP, and Canon devices hacked at Pwn2Own Austin 2021 Full Text
Abstract
During the first day of Pwn2Own Austin 2021, contestants won $362,500 after exploiting previously unknown security flaws to hack printers, routers, NAS devices, and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link, and NETGEAR.BleepingComputer
November 3, 2021 – Government
CISA promotes election cybersecurity platform debunking misinformation Full Text
Abstract
The cybersecurity body reiterated that there is "no specific, credible threat to election infrastructure" but noted that they are "ready to provide cyber incident response and expertise if needed."ZDNet
November 03, 2021 – Government
CISA orders federal agencies to fix hundreds of exploited security flaws Full Text
Abstract
CISA has issued this year's first binding operational directive (BOD) ordering federal civilian agencies to mitigate security vulnerabilities exploited in the wild within an aggressive timeline.BleepingComputer
November 03, 2021 – Malware
BlackMatter ransomware claims to be shutting down due to police pressure Full Text
Abstract
The BlackMatter ransomware is allegedly shutting down its operation due to pressure from the authorities and recent law enforcement operations.BleepingComputer
November 2, 2021 – Criminals
Ransomware Gangs Target Corporate Financial Activities Full Text
Abstract
The FBI is warning about a fresh extortion tactic: threatening to tank share prices for publicly held companies.Threatpost
November 2, 2021 – Vulnerabilities
Android Patches Actively Exploited Zero-Day Kernel Bug Full Text
Abstract
Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.Threatpost
November 2, 2021 – Vulnerabilities
Apple macOS Flaw Allows Kernel-Level Compromise Full Text
Abstract
‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations.Threatpost
November 02, 2021 – Vulnerabilities
Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks Full Text
Abstract
Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048 , the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation. Use-after-free issues are dangerous as it could enable a threat actor to access or referencing memory after it has been freed, leading to a " write-what-where " condition that results in the execution of arbitrary code to gain control over a victim's system. "There are indications that CVE-2021-1048 may be under limited, targeted exploitation," the company noted in its November advisory without revealing technical details of the vulnerability, the nature of the intrusions, and the identities of the attackers that may have abused the flaw. Also remediated in the security patch are two critical reThe Hacker News
November 02, 2021 – Privacy
Facebook deletes 1 billion faceprints in Face Recognition shutdown Full Text
Abstract
Facebook announced today that they will no longer use the Face Recognition system on their platform and will be deleting over 1 billion people's facial recognition profiles.BleepingComputer
November 2, 2021 – Ransomware
Hive Ransomware’s New Variants Target Linux and FreeBSD Systems Full Text
Abstract
ESET reported a new variant of the Hive ransomware that is targeting Linux and FreeBSD operating systems. W ritten in Go, the malware appears to be under development. Hive is known to target processes related to backups and antivirus or anti-spyware and terminates them.Cyware Alerts - Hacker News
November 02, 2021 – Government
House passes bills to shore up small business cybersecurity Full Text
Abstract
The House on Tuesday approved two bills to strengthen the cybersecurity of small businesses, which have faced escalating threats during the COVID-19 pandemic.The Hill
November 02, 2021 – Vulnerabilities
Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild Full Text
Abstract
A now-patched critical remote code execution (RCE) vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205 , the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The vulnerability, which affects all versions starting from 11.9, has since been addressed by GitLab on April 14, 2021 in versions 13.8.8, 13.9.6, and 13.10.3. In one of the real-world attacks detailed by HN Security last month, two user accounts with admin privileges were registered on a publicly-accessible GitLab server belonging to an unnamed customer by exploiting the aforementioned flaw to upload a malicious payload that leads to remote execution of arbitrary commands, including obtaining elevated permissions. Although the flaw was initially deemed to be a case of authenticaThe Hacker News
November 2, 2021 – Privacy
Facebook is going to shut down Face Recognition system and data it collected Full Text
Abstract
Facebook announced to shut down its Face Recognition system and is going to delete over 1 billion people's facial recognition profiles. Facebook announced it will stop using the Face Recognition system on its platform and will delete over 1 billion...Security Affairs
November 02, 2021 – Vulnerabilities
Over 30,000 GitLab servers still unpatched against critical bug Full Text
Abstract
A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched.BleepingComputer
November 2, 2021 – Hacker
TA2722 Impersonates Philippine Government to Lure Victims Full Text
Abstract
Balikbayan Foxes, aka TA2722, a new highly sophisticated threat actor, found targeting organizations globally by impersonating the Philippines government and businesses. All the campaigns were found distributing Remcos or NanoCore RATs. Security professionals and organizations are recommended to tr ... Read MoreCyware Alerts - Hacker News
November 02, 2021 – Hacker
Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws Full Text
Abstract
Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched vulnerability, an amount that can climb up to $50,337 for working exploits that take advantage of zero-day flaws in the kernel and other undocumented attack techniques. Specifically, the program aims to uncover attacks that could be launched against Kubernetes-based infrastructure to defeat process isolation barriers (via NSJail) and break out of the sandbox to leak secret information. The program is expected to last until January 31, 2022. "It is important to note, that the easiest exploitation primitives are not available in our lab environment due to the hardening done on Container-OptiThe Hacker News
November 2, 2021 – Criminals
Ransomware gangs target companies involved in time-sensitive financial events, FBI warns Full Text
Abstract
The FBI warns of ransomware attacks on businesses involved in "time-sensitive financial events" such as corporate mergers and acquisitions. The Federal Bureau of Investigation (FBI) published a new private industry notification (PIN) to warn organizations...Security Affairs
November 02, 2021 – Solution
Microsoft announces new endpoint security solution for SMBs Full Text
Abstract
Microsoft today announced a new endpoint security solution dubbed Microsoft Defender for Business, specially built for small and medium-sized businesses.BleepingComputer
November 2, 2021 – Attack
ATMs, Internal Network, and Mobile Apps Impacted by Destructive Attack at Pakistan’s State-owned Commercial Bank Full Text
Abstract
The incident impacted the bank’s backend systems and affected servers used to interlink the bank’s branches, the backend infrastructure controlling the bank’s ATM network, and the bank’s mobile apps.The Record
November 2, 2021 – Vulnerabilities
Google triples bounty for new Linux Kernel exploitation techniques Full Text
Abstract
Google is going to increase the bounty for finding and exploiting privilege escalation vulnerabilities in the Linux kernel. Good news for white hat hackers, Google is going to increase the bounty for demonstrating privilege escalation vulnerabilities...Security Affairs
November 02, 2021 – General
MITRE shares list of most dangerous hardware weaknesses Full Text
Abstract
MITRE shared a list of the topmost dangerous programming, design, and architecture security flaws plaguing hardware this year.BleepingComputer
November 2, 2021 – Ransomware
From Thanos to Prometheus: When Ransomware Encryption Goes Wrong Full Text
Abstract
While rare, ransomware developers can make mistakes in implementing encryption, causing unintended flaws. Mistakes can occur when developers use patchwork code and lack appropriate expertise.Security Intelligence
November 2, 2021 – Vulnerabilities
50% of internet-facing GitLab installations are still affected by a RCE flaw Full Text
Abstract
Researchers warn of a now-fixed critical remote code execution (RCE) vulnerability in GitLab 's web interface actively exploited in the wild. Cybersecurity researchers warn of a now-patched critical remote code execution (RCE) vulnerability, tracked...Security Affairs
November 02, 2021 – Government
FBI: Ransomware targets companies during mergers and acquisitions Full Text
Abstract
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in "time-sensitive financial events" such as corporate mergers and acquisitions to make it easier to extort their victims.BleepingComputer
November 2, 2021 – Malware
Trojan Source attack method allows hiding flaws in source code Full Text
Abstract
Researchers devised a new attack method called 'Trojan Source' that allows hide vulnerabilities into the source code of a software project. Trojan Source is a new attack technique demonstrated by a group of Cambridge researchers that can allow threat...Security Affairs
November 02, 2021 – Vulnerabilities
Android November patch fixes actively exploited kernel bug Full Text
Abstract
Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components.BleepingComputer
November 2, 2021 – Attack
The Toronto Transit Commission (TTC) hit by a ransomware attack Full Text
Abstract
A ransomware attack hit the systems at the Toronto Transit Commission public transportation agency and disrupted its operations. The Toronto Transit Commission announced on Friday that its systems have been infected with ransomware, the attack began...Security Affairs
November 1, 2021 – Phishing
Office 365 Phishing Campaign Abuses Stolen Amazon SES Token Full Text
Abstract
Stolen access token leveraged in phishing campaign that spoofs brand name email addresses.Threatpost
November 1, 2021 – Breach
Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion Full Text
Abstract
An alleged sports content pirate is accused of not only hijacking leagues’ streams but also threatening to tell reporters how he accessed their systems.Threatpost
November 1, 2021 – Malware
‘Trojan Source’ Hides Invisible Bugs in Source Code Full Text
Abstract
The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware.Threatpost
November 01, 2021 – Vulnerabilities
‘Trojan Source’ attack method can hide bugs into open-source code Full Text
Abstract
Academic researchers have released details about a new attack method they call "Trojan Source" that allows injecting vulnerabilities into the source code of a software project in a way that human reviewers can't detect.BleepingComputer
November 01, 2021 – Solution
Signal now lets you report and block spam messages Full Text
Abstract
Signal has added an easy way for users to report and block spam straight from message request screens with a single mouse click.BleepingComputer
November 1, 2021 – Government
MITRE, CISA Announce 2021 List of Most Common Hardware Weaknesses Full Text
Abstract
MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list.Security Week
November 01, 2021 – Government
Officials on alert for cyber threats ahead of election day Full Text
Abstract
Officials are on alert for threats to elections ahead of Election Day in states including Virginia on Tuesday, one year after a contentious 2020 presidential election.The Hill
November 01, 2021 – Vulnerabilities
Critical Flaws Uncovered in Pentaho Business Analytics Software Full Text
Abstract
Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from Census Labs earlier this year, prompting the company to issue necessary patches to address the issues. Pentaho is a Java-based business intelligence platform that offers data integration, analytics, online analytical processing (OLAP), and mining capabilities, and counts major companies and organizations like Bell, CERN, Cipal, Logitech, Nasdaq, Telefonica, Teradata, and the National September 11 Memorial and Museum among its customers. The list of flaws, which affect Pentaho Business Analytics versions 9.1 and lower, is as follows - CVE-2021-31599 (CVSS score: 9.9) - Remote Code ExecutiThe Hacker News
November 1, 2021 – Ransomware
The Pros and Cons of Mandating Reporting From Ransomware Victims Full Text
Abstract
The proposed reporting mandates are an insufficient solution to the right problem.Lawfare
November 1, 2021 – Denial Of Service
HelloKitty ransomware gang also targets victims with DDoS attacks Full Text
Abstract
The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature...Security Affairs
November 01, 2021 – Business
Microsoft Defender for Windows is getting a massive overhaul Full Text
Abstract
Microsoft Defender for Windows is getting a massive overhaul allowing home network admins to deploy Android, iOS, and Mac clients to monitor antivirus, phishing, compromised passwords, and identity theft alerts from a single security dashboard.BleepingComputer
November 1, 2021 – General
Ransomware Has Disrupted Almost 1,000 Schools in the US This Year Full Text
Abstract
So far this year, almost 1,000 schools across the US have suffered from a ransomware attack, and in some cases had classes disrupted because of it, according to tallies by Emsisoft.Vice
November 01, 2021 – Education
Securing SaaS Apps — CASB vs. SSPM Full Text
Abstract
There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable Information (PII), Intellectual Property (IP), and business records, CASBs definitely help. However, as the number of SaaS apps increase, the amount of misconfigurations and possible exposure widens and cannot be mitigated by CASBs. These solutions act as a link between users and cloud service providers and can identify issues across various cloud environments. Where CASBs fall short is that they identify breaches after they happen. When it comes to getting full visibility and control over the organization's SaaS apps, an SSPM solution would be the better choice, as the security team can eThe Hacker News
November 1, 2021 – Cryptocurrency
Squid Game Cryptocurrency exit scam! Operators made $2.1 Million Full Text
Abstract
Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million. Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million just after a week...Security Affairs
November 01, 2021 – Outage
Canadian province health care system disrupted by cyberattack Full Text
Abstract
The Canadian provinces of Newfoundland and Labrador have suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals.BleepingComputer
November 1, 2021 – Solution
Google Introduces New Open-Source Data Privacy Protocol Full Text
Abstract
Google introduced Private Set Membership (PSM), a cryptographic protocol that helps clients check whether a specific identifier is present in a list held by a server, in a privacy-preserving manner.Security Week
November 01, 2021 – Malware
New ‘Trojan Source’ Technique Lets Hackers Hide Vulnerabilities in Source Code Full Text
Abstract
A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed " Trojan Source attacks ," the technique "exploits subtleties in text-encoding standards such as Unicode to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vulnerabilities that cannot be perceived directly by human code reviewers," Cambridge University researchers Nicholas Boucher and Ross Anderson said in a newly published paper. The vulnerabilities — tracked as CVE-2021-42574 and CVE-2021-42694 — affect compilers of all popular programming languages such as C, C++, C#, JavaScript, Java, Rust, Go, and Python. Compilers are programs that translate high-level human-readable source code into their lower-lThe Hacker News
November 1, 2021 – Hacker
How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash Full Text
Abstract
Researchers demonstrated how crooks could hack Diebold Nixdorf's Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov have discovered security flaws...Security Affairs
November 01, 2021 – Breach
Kaspersky’s stolen Amazon SES token used in Office 365 phishing Full Text
Abstract
Kaspersky said today that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users.BleepingComputer
November 1, 2021 – Vulnerabilities
GoCD patches ‘Highly Critical’ authentication vulnerability Full Text
Abstract
GoCD is an open-source Continuous Integration and Continuous Delivery system (CI/CD) tool that is used by software developers and organizations for automating software delivery.Secure Zoo
November 01, 2021 – Botnet
Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices Full Text
Abstract
Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Qihoo 360's Netlab security team dubbed the botnet " Pink " based on a sample obtained on November 21, 2019, owing to a large number of function names starting with "pink." Mainly targeting MIPS-based fiber routers, the botnet leverages a combination of third-party services such as GitHub, peer-to-peer (P2P) networks, and central command-and-control (C2) servers for its bots to controller communications, not to mention completely encrypting the transmission channels to prevent the victimized devices from being taken over. "Pink raced with the vendor to retain control over the infected devices, while vendorThe Hacker News
November 1, 2021 – Botnet
Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen Full Text
Abstract
Cybersecurity researchers uncovered a huge botnet, tracked as Pink, that already infected over 1.6 million devices most of them located in China. Qihoo 360's Netlab Cybersecurity researchers discovered a huge botnet, tracked as Pink, that already...Security Affairs
November 01, 2021 – Breach
BlackShadow hackers breach Israeli hosting firm and extort customers Full Text
Abstract
The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company's services.BleepingComputer
November 1, 2021 – Business
Google, Salesforce, others team up to launch MVSP security baseline project Full Text
Abstract
Dubbed the ‘Minimum Viable Secure Product’ (MVSP), Google’s Royal Hansen, vice president of security, said that the scheme will establish “minimum acceptable security baselines” for corporations.The Daily Swig
November 1, 2021 – Hacker
Balikbayan Foxes group spoofs Philippine gov to spread RATs Full Text
Abstract
Meet Balikbayan Foxes: a threat group impersonating the Philippine gov't Experts uncovered a new threat actor, tracked as Balikbayan Foxes, that is impersonating the Philippine government to spread malware. Researchers from Proofpoint have uncovered...Security Affairs
November 01, 2021 – Denial Of Service
FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics Full Text
Abstract
The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics.BleepingComputer
November 1, 2021 – Vulnerabilities
Researchers Discover Flaw in Unicode’s Bidi Algorithm Affecting Most Code Compilers and Software Development Environments Full Text
Abstract
The weakness involves Unicode’s bi-directional or “Bidi” algorithm, which handles displaying text that includes mixed scripts with different display orders, such as Arabic and English.Krebs on Security
November 1, 2021 – Vulnerabilities
Microsoft warns of an increase in password spraying attacks Full Text
Abstract
The Microsoft Detection and Response Team (DART) warns of a rise in password spray attacks targeting valuable cloud accounts. The Microsoft Detection and Response Team (DART) observed a worrisome rise in password spray attacks targeting privileged...Security Affairs
November 1, 2021 – Education
Financial services need to prioritize API security to protect their customers Full Text
Abstract
In a recent study, 54 of the 55 mobile apps that were reverse engineered contained hardcoded API keys and tokens including usernames and passwords to third-party services.Help Net Security
November 1, 2021 – Government
Countries Team Up to Issue Video Teleconference Guidance Full Text
Abstract
The joint signatories who issued the guidance supported calls for industry-standard encryption as a minimum requirement and welcomed the development and implementation of end-to-end encryption.Info Risk Today
November 1, 2021 – Government
Australia: None of NSW’s lead cluster agencies have implemented all Essential Eight controls Full Text
Abstract
The cybersecurity policy for New South Wales government agencies is not sufficiently robust which is a cause for "significant concern", according to the state's auditor-general Margaret Crawford.ZDNet