September, 2021
September 30, 2021 – Vulnerabilities
Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws Full Text
Abstract
Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of two new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designed as CVE-2021-37975 and CVE-2021-37976 , are part of a total of four patches, and concern a use-after-free flaw in V8 JavaScript and WebAssembly engine as well as an information leak in core. As is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks until a majority of users are updated with the patches, but noted that it's aware that "exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild." An anonymous researcher has been credited with reporting CVE-2021-37975. The discovery of CVE-2021-37976, on the other hand, involves Clément Lecigne from Google Threat Analysis Group, who was also creditThe Hacker News
September 30, 2021 – Vulnerabilities
QNAP fixes bug that let attackers run malicious commands remotely Full Text
Abstract
Taiwan-based network-attached storage (NAS) maker QNAP has released security patches for multiple vulnerabilities that could allow attackers to inject and execute malicious code and commands remotely on vulnerable NAS devices.BleepingComputer
September 30, 2021 – Business
McAfee Enterprise-FireEye Products To Merge Into $2B Titan Full Text
Abstract
The combined 5,000-employee company will be led by former Blackberry President and Cisco SVP Bryan Palma, while Ian Halifax, Riverbed Technology’s CFO since December 2019, will step into the CFO role.CRN
September 30, 2021 – Government
House approves legislation to protect K-12 schools against cyberattacks Full Text
Abstract
The House on Wednesday unanimously passed legislation intended to help strengthen K-12 institutions against cyber threats, which have ticked up as classes have moved online during the COVID-19 pandemic.The Hill
September 30, 2021 – Vulnerabilities
New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught Full Text
Abstract
Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory ( Azure AD ) without generating sign-in events in the targeted organization's tenant," researchers from Secureworks Counter Threat Unit (CTU) said in a report published on Wednesday. Azure Active Directory is Microsoft's enterprise cloud-based identity and access management (IAM) solution designed for single sign-on (SSO) and multi-factor authentication. It's also a core component of Microsoft 365 (formerly Office 365), with capabilities to provide authentication to other applications via OAuth. The weakness resides in the Seamless Single Sign-On feature that allows employees to automatically sign when using their corporate devices that arThe Hacker News
September 30, 2021 – Hacker
Experts show how to make fraudulent payments using Apple Pay with VISA on locked iPhones Full Text
Abstract
Security researchers devised a new attack method against iPhone owners using Apple Pay and Visa payment cards. Boffins from the University of Birmingham and the University of Surrey exploited a series of vulnerabilities in an attack against iPhone...Security Affairs
September 30, 2021 – Vulnerabilities
Google Emergency Update Fixes Two Chrome Zero Days Full Text
Abstract
This is the second pair of zero days that Google’s fixed this month, all four of which have been actively exploited in the wild.Threatpost
September 30, 2021 – Vulnerabilities
Google pushes emergency Chrome update to fix two zero-days Full Text
Abstract
Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers.BleepingComputer
September 30, 2021 – Malware
Revived Mirai Variant Now Targets a Zero-Day in Ruijie Routers Full Text
Abstract
Mirai_ptea_Rimasuta, an old and unpopular variant of Mirai, has resurfaced to exploit a zero-day vulnerability in RUIJIE router devices. Hacker have redesigned encryption algorithm and C2 communication protocol; it uses the TEA algorithm and encrypts other sensitive resource info. Users are su ... Read MoreCyware Alerts - Hacker News
September 30, 2021 – General
Incentivizing Developers is the Key to Better Security Practices Full Text
Abstract
Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow. The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, widely considered an easy win thanks to their often lax security controls. They are so persistent that new apps can sometimes be compromised and exploited within hours of deployment. The Verizon 2021 Data Breach Investigations Report makes it very clear that the threats leveled against businesses and organizations are more dangerous today than at any other point in history. It's becoming very clear that the only way to truly fortify the software being created is to ensure that it's built on secure code. In other words, the best way to stop the threat actor invasion is to deny them a foothold into your applications inThe Hacker News
September 30, 2021 – Breach
Popular Android apps with 142.5 million collective installs leak user data Full Text
Abstract
14 top Android apps with 142.5 million installs are misconfigured, leaving their data exposed to unauthorized parties Original post @ https://cybernews.com/security/research-popular-android-apps-with-142-5-million-collective-downloads-are-leaking-user-data/ 14...Security Affairs
September 30, 2021 – General
Tips & Tricks for Unmasking Ghoulish API Behavior Full Text
Abstract
Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity.Threatpost
September 30, 2021 – Privacy
Fake Amnesty International Pegasus scanner used to infect Windows Full Text
Abstract
Threat actors are trying to capitalize on the recent revelations on Pegasus spyware from Amnesty International to drop a less-known remote access tool called Sarwent.BleepingComputer
September 30, 2021 – Malware
Gaming Platforms Face a Major Threat from BloodyStealer Full Text
Abstract
Kaspersky uncovered a new trojan called BloodyStealer aimed at gamers' accounts on EA Origin, Steam, Epic Games, GOG, and other services. Since its discovery, BloodyStealer has already targeted users based in Latin America, Asia Pacific, and Europe. This latest development indicates the rapid pac ... Read MoreCyware Alerts - Hacker News
September 30, 2021 – Solution
ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage Full Text
Abstract
The IDC cloud security survey 2021 states that as many as 98% of companies were victims of a cloud data breach within the past 18 months. Fostered by the pandemic, small and large organizations from all over the world are migrating their data and infrastructure into a public cloud, while often underestimating novel and cloud-specific security or privacy issues. Nearly every morning, the headlines are full of sensational news about tens of millions of health or financial records being found in unprotected cloud storage like AWS S3 buckets, Microsoft Azure blobs or another cloud-native storage service by the growing number of smaller cloud security providers. ImmuniWeb, a rapidly growing application security vendor that offers a variety of AI-driven products, has announced this week that its free Community Edition , running over 150,000 daily security tests, now has one more online tool – cloud security test . To check your unprotected cloud storage, you just need to enter yourThe Hacker News
September 30, 2021 – Vulnerabilities
Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence Full Text
Abstract
Threat actors are actively exploiting the recently disclosed CVE-2021-26084 RCE vulnerability in Atlassian Confluence deployments. Trend Micro researchers have spotted crypto-mining campaigns that are actively exploiting a recently disclosed critical...Security Affairs
September 30, 2021 – Hacker
Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts Full Text
Abstract
The group uses millions of password combos at the rate of nearly 2,700 login attempts per minute with new techniques that push the ATO envelope.Threatpost
September 30, 2021 – Hacker
GhostEmperor hackers use new Windows 10 rootkit in attacks Full Text
Abstract
Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit.BleepingComputer
September 30, 2021 – Business
SecZetta Announces $20.5 Million Series B Funding Full Text
Abstract
The round was led by SYN Ventures and MassMutual Ventures. The round also included participation from existing investors ClearSky and Rally Ventures, which strengthened their investments in SecZetta.Yahoo! Finance
September 30, 2021 – Hacker
New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack Full Text
Abstract
Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack , joining the threat actor's ever-expanding arsenal of hacking tools. Moscow-headquartered firm Kaspersky codenamed the malware " Tomiris ," calling out its similarities to another second-stage malware used during the campaign, SUNSHUTTLE (aka GoldMax), targeting the IT management software provider's Orion platform. Nobelium is also known by the monikers UNC2452, SolarStorm, StellarParticle, Dark Halo, and Iron Ritual. "While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims," Kaspersky researchers said . "Evidence gathered so far indicates that Dark Halo spent siThe Hacker News
September 30, 2021 – Solution
CISA releases Insider Risk Mitigation Self-Assessment Tool Full Text
Abstract
The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks. The US Cybersecurity and Infrastructure Security Agency (CISA) has released...Security Affairs
September 30, 2021 – Ransomware
The Top Ransomware Threats Aren’t Who You Think Full Text
Abstract
Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally.Threatpost
September 30, 2021 – Attack
JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data Full Text
Abstract
JVCKenwood has suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.BleepingComputer
September 30, 2021 – Malware
GhostEmperor: From ProxyLogon to kernel mode Full Text
Abstract
GhostEmperor uses a formerly unknown Windows kernel mode rootkit dubbed Demodex and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers.Kaspersky Labs
September 30, 2021 – Policy and Law
Cybersecurity Firm Group-IB’s CEO Arrested Over Treason Charges in Russia Full Text
Abstract
Russian authorities on Wednesday arrested and detained Ilya Sachkov , the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28. The Russian company, which is headquartered in Singapore, confirmed the development but noted the "reason for the search was not yet clear," adding "The decentralized infrastructure of Group-IB allows us to keep our customer's data safe, maintain business operations and work without interruption across our offices in Russia and around the world." Group IB said the raids at its Moscow office had commenced on Tuesday, with law enforcement authorities leaving that same evening. Kremlin Spokesman Dmitry Peskov said the government was aware of the arrest but that it had no additional details about the case, Russian state news agency TASS reported . The cybersecurity company relocated to Singapore in late 2018 as part of its attempts to distanThe Hacker News
September 30, 2021 – Solution
Facebook released Mariana Trench tool to find flaws in Android and Java apps Full Text
Abstract
Facebook released Mariana Trench, an internal open-source tool that can be used to identify vulnerabilities in Android and Java applications. The Facebook security team has open-sourced the code for Mariana Trench, an internal open-source tool used...Security Affairs
September 30, 2021 – Breach
Thousands of University Wi-Fi Networks Expose Log-In Credentials Full Text
Abstract
Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users.Threatpost
September 30, 2021 – Botnet
WireX DDoS botnet admin charged for attacking hotel chain Full Text
Abstract
The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service (DDoS) attack.BleepingComputer
September 30, 2021 – Business
S2W raised over $10M of Series B funding Full Text
Abstract
With the lead of LB Investment, KDB Development Bank, Magellan Technology Investment, YG Investment, Mirae Asset Venture Investment, Lotte Ventures, and DS Asset Management participated in the round.Yahoo! Finance
September 30, 2021 – Ransomware
RansomEXX ransomware Linux encryptor may damage victims’ files Full Text
Abstract
Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files.BleepingComputer
September 30, 2021 – Attack
Proxy Phantom: Fraud rings flood online merchants with credential stuffing attacks Full Text
Abstract
Fraud prevention company Sift said the ring, dubbed Proxy Phantom, is using over 1.5 million sets of stolen account credentials in automated credential stuffing attacks against online merchants.ZDNet
September 30, 2021 – Government
US Congress asks FBI to explain delay in helping Kaseya atack victims Full Text
Abstract
The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind FBI's decision to delay providing the victims of the Kaseya REvil ransomware with an universal decryption key for three weeks.BleepingComputer
September 30, 2021 – Malware
Mac Users Targeted by Trojanized iTerm2 App Full Text
Abstract
When this app is executed, it downloads and runs a malicious Python script. This malware, which Trend Micro has detected as TrojanSpy.Python.ZURU.A, collects private data from a victim’s machine.Trend Micro
September 29, 2021 – Vulnerabilities
Apple Pay with VISA lets hackers force payments on locked iPhones Full Text
Abstract
Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet set as a transit card.BleepingComputer
September 29, 2021 – Solution
Facebook open-sources tool to find Android app security flaws Full Text
Abstract
Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications.BleepingComputer
September 29, 2021 – Breach
Navistar confirms data breach involved employee healthcare information Full Text
Abstract
The potentially compromised data included the full names, addresses, dates of birth, and SSNs of an unspecified number of employees, according to an updated statement by Navistar on the breach.The Daily Swig
September 29, 2021 – Government
Lawmakers demand briefing on FBI’s decision to withhold Kaseya decryption key Full Text
Abstract
The leaders of the House Oversight and Reform Committee on Wednesday demanded a briefing from the FBI on its decision to withhold for three weeks the decryption key necessary for companies impacted by the ransomware attack on IT company Kaseya to recover.The Hill
September 29, 2021 – Solution
Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps Full Text
Abstract
Facebook on Wednesday announced it's open-sourcing Mariana Trench , an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. "[Mariana Trench] is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into production," the Menlo Park-based social tech behemoth said . In a nutshell, the utility allows developers to frame rules for different data flows to scan the codebase for in order to unearth potential issues — say, intent redirection flaws that could result in the leak of sensitive data or injection vulnerabilities that would allow adversaries to insert arbitrary code — explicitly setting boundaries as to where user-supplied data entering the app is allowed to come from (source) and flow into (sink) such as a database, file, web view, or a log. Data flows found violating the rulesThe Hacker News
September 29, 2021 – Vulnerabilities
Expert discloses new iPhone lock screen vulnerability in iOS 15 Full Text
Abstract
The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen vulnerability for iOS 15 (&...Security Affairs
September 29, 2021 – Government
Keep Attackers Out of VPNs: Feds Offer Guidance Full Text
Abstract
The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks.Threatpost
September 29, 2021 – Government
Russia arrests cybersecurity firm CEO after raiding offices Full Text
Abstract
Russian law enforcement on Tuesday has arrested Ilya Sachkov, the co-founder and CEO of cybersecurity company Group-IB, on suspicion of high treason resulting from sharing data with foreign intelligence..BleepingComputer
September 29, 2021 – Vulnerabilities
RCE vulnerabilities in open source software Cachet could put users at risk Full Text
Abstract
Multiple security vulnerabilities in open source status page system Cachet could allow an attacker to execute arbitrary code and steal sensitive data, researchers have warned.The Daily Swig
September 29, 2021 – Policy and Law
House passes legislation to strengthen federal cybersecurity workforce Full Text
Abstract
The House on Wednesday passed bipartisan legislation aimed at strengthening the federal cybersecurity workforce, an issue that has garnered support following a year of massive information security incidents.The Hill
September 29, 2021 – Malware
Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users Full Text
Abstract
A newly discovered "aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge. Zimperium zLabs dubbed the malicious trojan " GriftHorse ." The money-making scheme is believed to have been under active development starting from November 2020, with victims reported across Australia, Brazil, Canada, China, France, Germany, India, Russia, Saudi Arabia, Spain, the U.K., and the U.S. No fewer than 200 trojan applications were used in the campaign, making it one of the most widespread scams to have been uncovered in 2021. What's more, the malicious apps catered to a varied set of categories ranging from Tools and Entertainment to Personalization, Lifestyle, and Dating, effectively widening the scale of the attacks. One of the apps, Handy Translator Pro, amassed as much as 500,000 downloads. &quThe Hacker News
September 29, 2021 – Malware
GriftHorse malware infected more than 10 million Android phones from 70 countries Full Text
Abstract
Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide. Security researchers from Zimperium have uncovered a piece of malware, dubbed GriftHorse, that...Security Affairs
September 29, 2021 – Botnet
Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts Full Text
Abstract
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.Threatpost
September 29, 2021 – Solution
CISA releases tool to help orgs fend off insider threat risks Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks.BleepingComputer
September 29, 2021 – Criminals
New Code Signing Technique isn’t that Effective, Maybe Full Text
Abstract
Google researchers highlighted a new threat in the form of OpenSUpdater used by cybercriminals who are targeting people prone to downloading cracked versions of games and other popular software in the U.S. However, Microsoft thinks attackers wouldn't be infecting devices via this technique and unde ... Read MoreCyware Alerts - Hacker News
September 29, 2021 – Government
CISA to maintain ‘rumor control’ site to counter false claims in future elections Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) will use its "rumor control" website to counter disinformation and misinformation during future elections despite the site's role in former President Trump ousting several of the agency's top officials in 2020.The Hill
September 29, 2021 – Education
[eBook] Your First 90 Days as CISO — 9 Steps to Success Full Text
Abstract
Chief Information Security Officers (CISOs) are an essential pillar of an organization's defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish. Fortunately. A new guide by XDR provider Cynet ( download here ) looks to give new and veteran CISOs a durable foundation to build a successful security organization. The challenges faced by new CISOs aren't just logistical. They include securing their environment from both known and unknown threats, dealing with stakeholders with unique needs and demands, and interfacing with management to show the value of strong security. Therefore, having clearly defined steps planned out can help CISOs seize the opportunity for change and implement security capabilities that allow organizations to grow and prosper. Security leaders can also leverage the willingness of orgaThe Hacker News
September 29, 2021 – Government
NSA, CISA release guidance on hardening remote access via VPN solutions Full Text
Abstract
The U.S. CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance...Security Affairs
September 29, 2021 – Breach
Trucking giant Forward Air reports ransomware data breach Full Text
Abstract
Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information.BleepingComputer
September 29, 2021 – Phishing
Apple AirTag can be Abused to Redirect People to iCloud Phishing Pages Full Text
Abstract
Anyone who finds the AirTag and scans it with an Apple or Android phone will immediately see a unique Apple URL with the owner’s message. This feature can be abused to redirect to a phishing page.Krebs on Security
September 29, 2021 – Hacker
Hackers Targeting Brazil’s PIX Payment System to Drain Users’ Bank Accounts Full Text
Abstract
Two newly discovered malicious Android applications on Google Play Store have been used to target users of Brazil's instant payment ecosystem in a likely attempt to lure victims into fraudulently transferring their entire account balances into another bank account under cybercriminals' control. "The attackers distributed two different variants of banking malware, named PixStealer and MalRhino , through two separate malicious applications […] to carry out their attacks," Check Point Research said in an analysis shared with The Hacker News. "Both malicious applications were designed to steal money of victims through user interaction and the original PIX application." The two apps in question, which were uncovered in April 2021, have since been removed from the app store. Launched in November 2020 by the Central Bank of Brazil, the country's monetary authority, Pix is a state-owned payments platform that enables consumers and companies to make moneThe Hacker News
September 29, 2021 – Policy and Law
Group-IB CEO was put under arrest on treason charges Full Text
Abstract
Russian media reported that the police made searches in the Moscow office of security firm Group-IB apparently linked to an investigation into a criminal case. The police made searches in the Moscow office of the threat intelligence firm Group-IB,...Security Affairs
September 29, 2021 – Hacker
New Tomiris backdoor likely developed by SolarWinds hackers Full Text
Abstract
Kaspersky security researchers have discovered a new backdoor likely developed by the Nobelium hacking group behind last year's SolarWinds supply chain attack.BleepingComputer
September 29, 2021 – Ransomware
Karma Ransomware Attempts New Tricks For Quick Ransom Full Text
Abstract
In a tactic to pressure victims into paying up, the lesser-known Karma ransomware group was discovered communicating with journalists about the victims. The attackers claimed to have stolen a few terabytes of internal data from a medical device-making firm. Organizations are recommended to increase ... Read MoreCyware Alerts - Hacker News
September 29, 2021 – Malware
New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit Full Text
Abstract
Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit that leverages a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, and Linux developed by Anglo-German firm Gamma International and supplied exclusively to law enforcement and intelligence agencies. But like with NSO Group's Pegasus, the software has also been used to spy on Bahraini activists in the past allegedly and delivered as part of spear-phishing campaigns in September 2017. FinFisher is equipped to harvest user credentials, file listings, sensitive documents, record keystrokes, siphon email messages from Thunderbird, Outlook, Apple Mail, and Icedove, intercept Skype contacts, chats, calls and transferred files, and capture audio and videoThe Hacker News
September 29, 2021 – Malware
Experts observed for the first time FinFisher infections involving usage of a UEFI bootkit Full Text
Abstract
Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI bootloader to infect Windows machines. Malware researchers at Kaspersky have spotted a new improvement of the infamous commercial...Security Affairs
September 29, 2021 – Malware
New Android malware steals millions after infecting 10M phones Full Text
Abstract
A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge.BleepingComputer
September 29, 2021 – Malware
DoppelDridex Delivered via Slack and Discord Full Text
Abstract
Several recent phishing campaigns have attempted to deliver a variant of the Dridex banking trojan that is named as DoppelDridex, via payloads staged on Slack and Discord CDNs.Security Soup
September 29, 2021 – Hacker
TA544 Threat Group Targets Over 2,000 Italian Organizations with Ursnif Malware Full Text
Abstract
Proofpoint has observed nearly 20 notable campaigns distributing thousands of messages targeting Italian organizations this year, which equals 80% of the number of similar campaigns in 2020.Proofpoint
September 29, 2021 – Malware
GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally Full Text
Abstract
Forensic evidence of this active Android Trojan attack, which Zimperium researchers have named GriftHorse, suggests that the threat group has been running this campaign since November 2020.Zimperium
September 29, 2021 – General
Assessing subsidiary risk a top priority for most enterprises, yet they still lack proper visibility Full Text
Abstract
Most of the organizations believe they are doing a good job managing subsidiary risk, yet 67% said their organization had experienced a cyberattack where the attack chain likely included a subsidiary.Help Net Security
September 28, 2021 – Government
CFIUS, Team Telecom and China Full Text
Abstract
What have CFIUS and Team Telecom been up to?Lawfare
September 28, 2021 – Privacy
SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever Full Text
Abstract
A ‘nearly impossible to analyze’ version of the malware sports a bootkit and ‘steal-everything’ capabilities.Threatpost
September 28, 2021 – Government
NSA, CISA share VPN security tips to defend against hackers Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions.BleepingComputer
September 28, 2021 – Government
NSA, CISA share VPN security tips to defend against hackers (edited) Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions.BleepingComputer
September 28, 2021 – APT
FamousSparrow APT Launches Worldwide Attack Campaign Full Text
Abstract
FamousSparrow, a new entrant to the cyberespionage space, is reportedly spying on users across multiple sectors, including government, engineering, legal, and hospitality. It is one of the earliest attackers leveraging Microsoft Exchange ProxyLogon vulnerabilities for its attacks. Its victims ar ... Read MoreCyware Alerts - Hacker News
September 28, 202 – Government
Senators roll out bill giving organizations 24 hours to report ransomware attack payments Full Text
Abstract
The leaders of the Senate Homeland Security and Governmental Affairs Committee on Tuesday introduced legislation that would give set timelines for cyber incident reporting, including giving certain organizations 24 hours to report if they paid the sum demanded in a ransomware attack.The Hill
September 28, 2021 – Vulnerabilities
Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns Full Text
Abstract
Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as CVE-2021-26084 (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance. "A remote attacker can exploit this vulnerability by sending a crafted HTTP request containing a malicious parameter to a vulnerable server," researchers from Trend Micro noted in a technical write-up detailing the weakness. "Successful exploitation can result in arbitrary code execution in the security context of the affected server." The vulnerability, which resides in the Webwork module of Atlassian Confluence Server and Data Center, stems from an insufficient validThe Hacker News
September 28, 2021 – Vulnerabilities
Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now! Full Text
Abstract
Trend Micro has addressed a critical authentication bypass vulnerability, tracked as CVE-2021-36745, affecting the ServerProtect solution. Trend Micro has released security patches to address a critical authentication bypass vulnerability, tracked...Security Affairs
September 28, 202 – Education
How to Prevent Account Takeovers in 2021 Full Text
Abstract
Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers.Threatpost
September 28, 202 – Malware
FinFisher malware hijacks Windows Boot Manager with UEFI bootkit Full Text
Abstract
Commercially developed FinFisher malware now can infect Windows devices using a UEFI bootkit that it injects in the Windows Boot Manager.BleepingComputer
September 28, 2021 – Botnet
TangleBot is Using Coronavirus Lures to Target Victims Full Text
Abstract
In a new smishing campaign, TangleBot was discovered targeting Android users in the U.S. and Canada with lures related to COVID-19 regulations and vaccine information. Malicious messages, if clicked, notify users that their Flash player has become obsolete and must be updated. U sers need to be wa ... Read MoreCyware Alerts - Hacker News
September 28, 2021 – Policy and Law
Lawmakers look to include cyber incident reporting measure in annual defense spending bill Full Text
Abstract
Bipartisan legislation intended to require certain organizations to report cybersecurity incidents to the federal government could be included as part of the must-pass annual defense legislation, Senate Intelligence Committee Chairman Mark Warner (D-Va.) said Tuesday.The Hill
September 28, 2021 – Malware
New BloodyStealer Trojan Steals Gamers’ Epic Games and Steam Accounts Full Text
Abstract
A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market. Cybersecurity firm Kaspersky, which coined the malware " BloodyStealer ," said it first detected the malicious tool in March 2021 as being advertised for sale at an attractive price of 700 RUB (less than $10) for one month or $40 for a lifetime subscription. Attacks using Bloody Stealer have been uncovered so far in Europe, Latin America, and the Asia-Pacific region. "BloodyStealer is a Trojan-stealer capable of gathering and exfiltrating various types of data, for cookies, passwords, forms, banking cards from browsers, screenshots, log-in memory, and sessions from various applications," the company said . The information harvested from gaming apps, such as Bethesda, Epic Games, GOG,The Hacker News
September 28, 2021 – Vulnerabilities
A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online Full Text
Abstract
An exploit for the recently disclosed CVE-2021-22005 vulnerability in VMware vCenter was publicly released, threat actors are already using it. A working exploit for the CVE-2021-22005 vulnerability in VMware vCenter is publicly available, and attackers...Security Affairs
September 28, 2021 – Malware
Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts Full Text
Abstract
The BloodyStealer trojan helps cyberattackers go after in-game goods and credits.Threatpost
September 28, 2021 – Cryptocurrency
Ukraine takes down call centers behind cryptocurrency investor scams Full Text
Abstract
The Security Service of Ukraine (SBU) has taken down a network of six call centers in Lviv, used by a ring of scammers to defraud cryptocurrency and stock market investors worldwide.BleepingComputer
September 28, 2021 – Hacker
Researchers uncover new techniques used to spread FinSpy Full Text
Abstract
Apart from the Trojanized installers, Kaspersky observed infections involving usage of a UEFI or MBR bootkit. While the MBR infection is well known, details on the UEFI bootkit are newly revealed.Kaspersky Labs
September 28, 2021 – APT
Russia-linked Nobelium APT group uses custom backdoor to target Windows domains Full Text
Abstract
Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. Microsoft Threat Intelligence Center (MSTIC) researchers have discovered a new custom malware, dubbed FoggyWeb...Security Affairs
September 28, 2021 – Vulnerabilities
New Microsoft Exchange service mitigates high-risk bugs automatically Full Text
Abstract
Microsoft has added a new Exchange Server feature that automatically applies interim mitigations for high-risk (and likely actively exploited) security flaws to secure on-premises servers against incoming attacks and give admins more time to apply security updates.BleepingComputer
September 28, 2021 – Breach
Recognizing the Impact of a Multi-Party Data Breach Full Text
Abstract
The past three years witnessed 108 ripples or multi-party breaches. According to RiskRecon and Cyentia Institute, the financial damage incurred from the worst ripple events is 26 times more than a single-party breach.Cyware Alerts - Hacker News
September 28, 2021 – Malware
ERMAC, a new banking Trojan that borrows the code from Cerberus malware Full Text
Abstract
ERMAC is a new Android banking Trojan that can steal financial data from 378 banking and wallet apps. Researchers from Threatfabric found in July a new Android banking trojan dubbed ERMAC that is almost fully based on the popular banking trojan Cerberus....Security Affairs
September 28, 2021 – Vulnerabilities
Working exploit released for VMware vCenter CVE-2021-22005 bug Full Text
Abstract
A complete exploit for the remote code execution vulnerability in VMware vCenter tracked as CVE-2021-22005 is now widely available, and threat actors are taking advantage of it.BleepingComputer
September 28, 2021 – General
69% of All Malware is Ransomware, Study Reveals Full Text
Abstract
Research shows that ransomware attacks have attained stratospheric levels in the second half of this year. Malware attacks on Unix systems, orchestrators, and virtualization tools have also surged.Cyware Alerts - Hacker News
September 28, 2021 – Malware
New BloodyStealer malware is targeting the gaming sector Full Text
Abstract
Researchers spotted a new malware, dubbed BloodyStealer, that could allow stealing accounts for multiple gaming platforms. Researchers from Kaspersky have spotted a new malware dubbed BloodyStealer that is being used by threat actors to steal accounts...Security Affairs
September 28, 2021 – Hacker
Suspected Chinese State-linked Threat Actors Infiltrated Major Afghan Telecom Provider Roshan Full Text
Abstract
Four distinct infiltrations by suspected Chinese-state-sponsored threat actors stole gigabytes of data from the corporate mail server of major Afghan telecom provider Roshan within the past year.The Record
September 28, 2021 – Malware
Mirai_ptea_Rimasuta variant is exploiting a new RUIJIE router 0 day to spread Full Text
Abstract
Mirai_ptea_Rimasuta now has a built-in mechanism to check if the running environment is a sandbox. It also encrypts the network traffic to counter the network level detection.Netlab
September 28, 2021 – General
The biggest problem with ransomware is not encryption, but credentials Full Text
Abstract
Organizations that are truly concerned about the massive growth in ransomware are working to understand the TTPs used by threat actors to craft preventative, detective, and responsive measures.Help Net Security
September 28, 2021 – Botnet
Twitter Bots Being Used to Trick Users into Making PayPal and Venmo Payments to Fraudsters’ Accounts Full Text
Abstract
The bots appear to be activated when a legitimate user asks another for their payment information, presumably discovering these tweets via a keyword search for ‘PayPal’, ‘Venmo’, or other services.The Daily Swig
September 27, 2021 – Malware
Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers Full Text
Abstract
Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services ( AD FS ) servers. The tech giant's Threat Intelligence Center (MSTIC) codenamed the "passive and highly targeted backdoor" FoggyWeb, making it the threat actor tracked as Nobelium's latest tool in a long list of cyber weaponry such as Sunburst , Sunspot , Raindrop , Teardrop , GoldMax, GoldFinder, Sibot , Flipflop , NativeZone , EnvyScout, BoomBox, and VaporRage . "Once Nobelium obtains credentials and successfully compromises a server, the actor relies on that access to maintain persistence and deepen its infiltration using sophisticated malware and tools," MSTIC researchers said . "Nobelium uses FoggyWeb to remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing cerThe Hacker News
September 27, 2021 – General
Women, Minorities Are Hacked More Than Others Full Text
Abstract
Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.Threatpost
September 27, 2021 – Government
EU: Russia Behind ‘Ghostwriter’ Campaign Targeting Germany Full Text
Abstract
It’s not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia.Threatpost
September 27, 2021 – Denial Of Service
Bandwidth.com is latest victim of DDoS attacks against VoIP providers Full Text
Abstract
Bandwidth.com has become the latest victim of distributed denial of service attacks targeting VoIP providers this month, leading to nationwide voice outages over the past few days.BleepingComputer
September 27, 2021 – Hacker
Microsoft: Nobelium uses custom malware to backdoor Windows domains Full Text
Abstract
Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers.BleepingComputer
September 27, 2021 – Phishing
Fake ‘BT’ caller steals from elderly victims in app scam Full Text
Abstract
The fraud incident happened last Thursday (23 September), prompting West Mercia Police to issue a bulletin warning people to be on their guard against suspicious phone calls.The Register
September 27, 2021 – Cryptocurrency
Senators aim to increase oversight of cryptocurrency mining with new bill Full Text
Abstract
Sens. Maggie Hassan (D-N.H.) and Joni ErnstJoni Kay ErnstOvernight Defense & National Security — Presented by AM General — Afghan evacuation still frustrates Bipartisan momentum builds for war on terror memorial GOP senators unveil bill designating Taliban as terrorist organization MORE (R-Iowa) introduced legislation Monday intended to increase oversight of cryptocurrency mining overseas.The Hill
September 27, 2021 – APT
Russian Turla APT Group Deploying New Backdoor on Targeted Systems Full Text
Abstract
State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected. Attacks incorporating the backdoor are believed to have occurred since 2020. "This simple backdoor is likely used as a second-chance backdoor to maintain access to the system, even if the primary malware is removed," the researchers said . "It could also be used as a second-stage dropper to infect the system with additional malware." Furthermore, TinyTurla can upload and execute files or exfiltrate sensitive data from the infected machine to a remote server, while also polling the command-and-control (C2) station every five seconds for any new commands. Also kThe Hacker News
September 27, 2021 – Law Article
Reading Laws in the Digital Age Full Text
Abstract
When reading laws about computers, judges should follow the technical approach cited by Justice Barrett in Van Buren. It is a sensible way out of the cybercrime maze.Lawfare
September 27, 2021 – Vulnerabilities
Expert found RCE flaw in Visual Studio Code Remote Development Extension Full Text
Abstract
Researchers from the Italian cybersecurity firm Shielder found a remote code execution vulnerability in Visual Studio Code Remote Development Extension. Visual Studio Code Remote Development allows users to adopt a container, remote machine, or the Windows...Security Affairs
September 27, 2021 – Education
5 Steps to Securing Your Network Perimeter Full Text
Abstract
Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.Threatpost
September 27, 2021 – Cryptocurrency
Ethereum dev admits to helping North Korea evade crypto sanctions Full Text
Abstract
Cryptocurrency expert Virgil Griffith pled guilty today to assisting the Democratic People's Republic of Korea in evading U.S. sanctions by conspiring to violate the International Emergency Economic Powers Act (IEEPA) and Executive Order 13466.BleepingComputer
September 27, 2021 – Breach
Data from Oath Keepers leaked online after alleged hack Full Text
Abstract
The roughly 5GB of data, which was provided by the hacker to DDoSecrets, contains everything from emails and internal chats to details on the organization’s members and donors.Daily Dot
September 27, 2021 – Malware
New Android Malware Steals Financial Data from 378 Banking and Wallet Apps Full Text
Abstract
The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabric's CEO Cengiz Han Sahin said in an emailed statement. First campaigns involving ERMAC are believed to have begun in late August under the guise of the Google Chrome app. Since then, the attacks have expanded to include a range of apps such as banking, media players, delivery services, government applications, and antivirus solutions like McAfee . Almost fully based on the notorious banking trojan Cerberus , the Dutch cybersecurity firm's findings come from forum posts made by an actor named DukeEugene last month on August 17, inviting prospective customers to "rent a new android botnet with wide functionalitThe Hacker News
September 27, 2021 – Malware
Jupyter infostealer continues to evolve and is distributed via MSI installers Full Text
Abstract
Cybersecurity researchers spotted a new version of the Jupyter infostealer which is distributed via MSI installers. Cybersecurity researchers from Morphisec have spotted a new version of the Jupyter infostealer that continues to be highly evasive. In...Security Affairs
September 27, 2021 – Vulnerabilities
QNAP fixes critical bugs in QVR video surveillance solution Full Text
Abstract
Network-attached storage (NAS) maker QNAP has patched its QVR video management system against two critical-severity issues that could be exploited to run arbitrary commands.BleepingComputer
September 27, 2021 – Attack
Escalating Conti Ransomware Attacks Major Cause of Concern Full Text
Abstract
The CISA, the FBI, and the NSA published a joint alert, warning organizations of increased Conti activity. It states that the ransomware has been, so far, used in more than 400 attacks in the U.S. and other countries.Cyware Alerts - Hacker News
September 27, 2021 – Education
How Does DMARC Prevent Phishing? Full Text
Abstract
DMARC is a global standard for email authentication. It allows senders to verify that the email really comes from whom it claims to come from. This helps curb spam and phishing attacks, which are among the most prevalent cybercrimes of today. Gmail, Yahoo, and many other large email providers have implemented DMARC and praised its benefits in recent years. If your company's domain name is bankofamerica.com, you do not want a cyber attacker to be able to send emails under that domain. This puts your brand reputation at risk and could potentially spread financial malware. The DMARC standard prevents this by checking whether emails are sent from an expected IP address or domain. It specifies how domains can be contacted if there are authentication or migration issues and provides forensic information so senders can monitor email traffic and quarantine suspicious emails. What is a Phishing Attack? Phishing is an attempt by cybercriminals to trick victims into giving away sensitiveThe Hacker News
September 27, 2021 – Criminals
Telegram is becoming the paradise of cyber criminals Full Text
Abstract
Telegram is becoming an essential platform for cybercriminal activities, crooks use it but and sell any kind of stolen data and hacking tools. Many experts believe that the popular Telegram app is an efficient alternative to dark web marketplaces,...Security Affairs
September 27, 2021 – Malware
New malware steals Steam, Epic Games Store, and EA Origin accounts Full Text
Abstract
A new malware sold on dark web forums is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin.BleepingComputer
September 27, 2021 – Hacker
Attackers Use Fake Installers to Drop Malware and Open Doors for Cryptomining and Credential Theft Full Text
Abstract
Fake installers of popular software are being used to deliver malware onto victims’ devices. These lures trick users into opening malicious documents or installing unwanted applications.Trend Micro
September 27, 2021 – Government
German Federal Office for Information Security (BSI) investigates Chinese mobile phones Full Text
Abstract
German Federal Office for Information Security is launching an investigation into the cybersecurity of certain Chinese mobile phones. German Federal Office for Information Security (BSI) is launching an investigation into the cybersecurity of mobile...Security Affairs
September 27, 2021 – Cryptocurrency
Malicious ‘Safepal Wallet’ Firefox add-on stole cryptocurrency Full Text
Abstract
A malicious Firefox add-on named "Safepal Wallet" lived on the Mozilla add-ons site for seven months and scammed users by emptying out their wallets. Safepal is a cryptocurrency wallet application capable of securely storing a variety of crypto assets, including Bitcoin, Ethereum, and Litecoin.BleepingComputer
September 27, 2021 – Business
SenseOn nabs $20M for faster, more accurate cybersecurity detection and response via its ‘triangulation’ approach Full Text
Abstract
The $20 million Series A round was led by Eight Road Venutres, with MMC Ventures, Crane Venture Partners, and Winton Ventures Limited — all existing backers — also participating.TechCrunch
September 27, 2021 – Breach
A multi-party data breach creates 26x the financial damage of single-party breach Full Text
Abstract
897 multi-party data breach incidents, also referred to as ripple events, have been observed since 2008. A median ripple breach event causes 10x financial loss than a traditional single-party breach.Help Net Security
September 27, 2021 – Covid-19
QR codes temporarily removed from Sask. COVID-19 vaccine records due to ‘privacy breach’ Full Text
Abstract
QR codes are being temporarily removed from residents’ COVID-19 vaccination records due to a situation that eHealth Saskatchewan is treating as a privacy breach incident.Global News
September 27, 2021 – Government
More than 130,000 malicious IP addresses were blocked during Australia Census 2021: AWS Full Text
Abstract
More than 130,000 malicious IP addresses were blocked to ensure no breaches or interruptions were experienced during what was deemed a successful Census 2021, according to Amazon Web Services (AWS).ZDNet
September 26, 2021 – Malware
A New Jupyter Malware Version is Being Distributed via MSI Installers Full Text
Abstract
Cybersecurity researchers have charted the evolution of Jupyter, a .NET infostealer known for singling out healthcare and education sectors, which make it exceptional at defeating most endpoint security scanning solutions. The new delivery chain, spotted by Morphisec on September 8, underscores that the malware has not just continued to remain active but also showcases "how threat actors continue to develop their attacks to become more efficient and evasive." The Israeli company said it's currently investigating the scale and scope of the attacks. First documented in November 2020, Jupyter (aka Solarmarker) is likely Russian in origin and primarily targets Chromium, Firefox, and Chrome browser data, with additional capabilities that allow for full backdoor functionality, including features to siphon information and upload the details to a remote server and download and execute further payloads. Forensic evidence gathered by Morphisec shows that multiple versions oThe Hacker News
September 26, 2021 – Business
Microsoft will disable Basic Auth in Exchange Online in October 2022 Full Text
Abstract
Microsoft announced that Basic Authentication will be turned off for all protocols in all tenants starting October 1st, 2022, to protect millions of Exchange Online users.BleepingComputer
September 26, 2021 – Malware
ZuRu Malware Exploits Baidu Search Results Full Text
Abstract
Experts reported new Mac ZuRu malware spreading via poisoned search engine results in China via Baidu. The criminals masquerade as iTerm2, an alternative to the default Mac terminal app. The fake app couldn't be flagged even with an extra security badge that Apple usually provides to the notariz ... Read MoreCyware Alerts - Hacker News
September 26, 2021 – Attack
Port of Houston was hit by an alleged state-sponsored attack Full Text
Abstract
Last month, the Port of Houston, one of the major US ports, was hit by a cyber attack allegedly orchestrated by a nation-state actor. One of the major US ports, the Port of Houston, revealed that it was hit by a cyber attack in August that had no impact...Security Affairs
September 26, 2021 – Phishing
Credential Phishing Campaign Targets Governments in APAC and EMEA Full Text
Abstract
Hackers were found disguising as various ministries in a phishing scheme targeting the government departments of at least seven countries in APAC and EMEA. To date, at least 15 pages are actively targeting the governments of Belarus, Georgia, Kyrgyzstan, Pakistan, Turkmenistan, Ukraine, and Uzbeki ... Read MoreCyware Alerts - Hacker News
September 26, 2021 – Attack
JSC GREC Makeyev and other Russian entities under attack Full Text
Abstract
A cyberespionage campaign hit multiple Russian organizations, including JSC GREC Makeyev, a major defense contractor, exploiting a recently disclosed zero-day. Security researchers from Malwarebytes uncovered multiple attacks targeting many Russian...Security Affairs
September 26, 2021 – General
Security Affairs newsletter Round 333 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. GSS,...Security Affairs
September 26, 2021 – Hacker
Google TAG spotted actors using new code signing tricks to evade detection Full Text
Abstract
Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing...Security Affairs
September 25, 2021 – Vulnerabilities
Microsoft WPBT flaw lets hackers install rootkits on Windows devices Full Text
Abstract
Security researchers have found a flaw in the Microsoft Windows Platform Binary Table (WPBT) that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012.BleepingComputer
September 25, 2021 – Breach
Bitcoin.org hackers steal $17,000 in ‘double your cash’ scam Full Text
Abstract
This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered parts of the website to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000.BleepingComputer
September 25, 2021 – Attack
GSS, one of the major European call center providers, suffered a ransomware attack Full Text
Abstract
The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers. GSS customer care and call center provider has suffered a ransomware attack that crippled its system...Security Affairs
September 25, 2021 – Vulnerabilities
Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw Full Text
Abstract
Immediately after the public release of the exploit code for the VMware vCenter CVE-2021-22005 flaw threat actors started using it. Researchers warn that immediately after the release of the exploit code for the recently addressed CVE-2021-22005 flaw...Security Affairs
September 25, 2021 – Vulnerabilities
Google addressed the eleventh Chrome zero-day flaw this year Full Text
Abstract
Google released a Chrome emergency update for Windows, Mac, and Linux that addresses a high-severity zero-day flaw exploited in the wild. Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux that addresses a high-severity zero-day...Security Affairs
September 25, 2021 – Vulnerabilities
A new zero-day is being exploited to compromise Macs Full Text
Abstract
Flagged by researchers Erye Hernandez and Clément Lecigne of Google’s Threat Analysis Group and Ian Beer of Google Project Zero, the vulnerability is a type confusion issue found in XNU, the kernel of Apple’s macOS and iOS operating systems.Help Net Security
September 25, 2021 – Government
European Union formally blames Russia for the GhostWriter operation Full Text
Abstract
European Union representatives formally accused Russia of attempting to target the elections and political systems of several EU states. European Union has formally accused Russia of meddling in the elections and political systems of several EU states....Security Affairs
September 25, 2021 – Attack
Port of Houston Target of Suspected Nation-State Hack Full Text
Abstract
The Port of Houston, a critical piece of infrastructure along the Gulf Coast, issued a statement saying it had successfully defended against an attempted hack in August and “no operational data or systems were impacted.”Security Week
September 25, 2021 – Vulnerabilities
SonicWall warns users to patch critical vulnerability “as soon as possible” Full Text
Abstract
The vulnerability could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from an SMA 100 series appliance and gain administrator access to the device.Malwarebytes Labs
September 24, 2021 – Ransomware
The Week in Ransomware - September 24th 2021 - Targeting crypto Full Text
Abstract
This week's biggest news is the USA sanctioning a crypto exchange used by ransomware gangs to convert cryptocurrency into fiat currency. By targeting rogue exchanges, the US government is hoping to disrupt ransomware's payment system.BleepingComputer
September 24, 2021 – Government
EU ‘denounces’ Russian malicious cyber activity aimed at member states Full Text
Abstract
A top European Union (EU) official on Friday called out Russia for its involvement in recent hacking efforts directed towards the governments of multiple member states, describing these efforts as “unacceptable.”The Hill
September 24, 2021 – Vulnerabilities
Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability Full Text
Abstract
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973 , the vulnerability has been described as use after free in Portals API , a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document." Clément Lecigne of Google Threat Analysis Group (TAG) has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it's "aware that an exploit for CVE-2021-37973 exists in the wild." The update arrives a day after Apple moved to close an actively exploited security hole in older versions of iOS and macOS ( CVE-2021-30869 ), which the TAG noThe Hacker News
September 24, 2021 – Vulnerabilities
Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords Full Text
Abstract
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.Threatpost
September 24, 2021 – Attack
United Health Centers ransomware attack claimed by Vice Society Full Text
Abstract
California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft.BleepingComputer
September 24, 2021 – Vulnerabilities
SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices Full Text
Abstract
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034 , the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an adversary to bypass path traversal checks and delete any file, causing the devices to reboot to factory default settings. "The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as 'nobody,'" the San Jose-based firm noted in an advisory published Thursday. "There is no evidence that this vulnerability is being exploited in the wild." SonicWall credited Wenxu Yin of Alpha Lab, Qihoo 360, with reporting the security shortcoming, which impacts SMA 100 Series — SMA 200, SMA 210,The Hacker News
September 24, 2021 – Vulnerabilities
CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! Full Text
Abstract
SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034,...Security Affairs
September 24, 2021 – Hacker
Hackers exploiting critical VMware vCenter CVE-2021-22005 bug Full Text
Abstract
Exploit code that could be used for remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 has been released today and attackers are already using it.BleepingComputer
September 24, 2021 – APT
A New APT Hacker Group Spying On Hotels and Governments Worldwide Full Text
Abstract
A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms. Slovak cybersecurity firm ESET codenamed the cyber espionage group FamousSparrow , which it said has been active since at least August 2019, with victims located across Africa, Asia, Europe, the Middle East, and the Americas, spanning several countries such as Burkina Faso, Taiwan, France, Lithuania, the U.K., Israel, Saudi Arabia, Brazil, Canada, and Guatemala. Attacks mounted by the group involve exploiting known vulnerabilities in server applications such as SharePoint and Oracle Opera, in addition to the ProxyLogon remote code execution vulnerability in Microsoft Exchange Server that came to light in March 2021, making it the latest threat actor to have had access to the exploit before details of the flaw became public. According to ESET, intrusion exploiting the flaws commenThe Hacker News
September 24, 2021 – Vulnerabilities
Emergency Google Chrome update fixes zero-day exploited in the wild Full Text
Abstract
Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild.BleepingComputer
September 24, 2021 – Outage
Major European call center provider goes down in ransomware attack Full Text
Abstract
In a letter sent to affected customers, GSS officials said they took down all internal systems affected by the attack earlier and are currently using Google-based systems as an alternative.The Record
September 24, 2021 – Business
Microsoft rushes to register Autodiscover domains leaking credentials Full Text
Abstract
Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol.BleepingComputer
September 24, 2021 – Vulnerabilities
Developers fix multitude of vulnerabilities in Apache HTTP Server Full Text
Abstract
Numerous security vulnerabilities have been identified and fixed in Apache HTTP Server 2.4, including high-impact server-side request forgery (SSRF) and request smuggling bugs.The Daily Swig
September 24, 2021 – General
EU officially blames Russia for ‘Ghostwriter’ hacking activities Full Text
Abstract
The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public.BleepingComputer
September 24, 2021 – Criminals
Hunting the LockBit Gang’s Exfiltration Infrastructures - Yoroi Full Text
Abstract
During the last few months, the LockBit gang decided to develop and evolve a custom tool specialized in data exfiltration and used as a peculiar element to distinguish their criminal brand.Yoroi
September 24, 2021 – General
How ransomware affects stock market share prices: report - Comparitech Full Text
Abstract
The findings from the Comparitech study show that Wall Street investors are largely unconcerned with ransomware attacks aside from a very brief sell-off when news of the attack is first published.Comparitech
September 24, 2021 – Vulnerabilities
Researcher drops three iOS zero-days that Apple refused to fix Full Text
Abstract
Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher.BleepingComputer
September 24, 2021 – Criminals
Karma Uses Journalists to Get Free Publicity and Pressure Victims Into Paying Ransom Full Text
Abstract
The little-known ransomware group has been pursuing a novel strategy to pressure victims into paying: Get journalists to try and name the businesses they've hit, to help pressure them into paying.Info Risk Today
September 24, 2021 – Privacy
Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses Full Text
Abstract
A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields users' IP address, location, and DNS requests from websites and network service providers. It achieves this by routing users' internet traffic on the Safari browser through two proxies in order to mask who's browsing and where that data is coming from in what could be viewed as a simplified version of Tor. However, the feature is available to iCloud+ subscribers running iOS 15 or macOS 12 Monterey and above. "If you read the IP address from an HTTP request received by your server, you'll get the IP address of the egress proxy," FingerprintJS researcher Sergey MostsevenkThe Hacker News
September 24, 2021 – Vulnerabilities
Researcher released PoC exploit code for 3 iOS zero-day issues Full Text
Abstract
Researcher release PoC exploit code for three iOS zero-day flaws after Apple delayed addressing them and did not credit him. An unknown researcher publicly released on GitHub proof-of-concept exploit code for three iOS zero-day vulnerabilities and one flaw...Security Affairs
September 24, 2021 – Vulnerabilities
Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN Full Text
Abstract
Unauthenticated cyberattackers can also wreak havoc on networking device configurations.Threatpost
September 24, 2021 – Vulnerabilities
Cisco fixes highly critical vulnerabilities in IOS XE Software Full Text
Abstract
Cisco has patched three critical vulnerabilities affecting components in its IOS XE internetworking operating system powering routers and wireless controllers, or products running with a specific configuration.BleepingComputer
September 24, 2021 – Government
Breach reporting required for health apps and devices, FTC says Full Text
Abstract
According to the FTC statement, “Entities covered by the Rule who have experienced breaches cannot conceal this fact from those who have entrusted them with sensitive health information.”CSO Online
September 24, 2021 – Hacker
Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows Full Text
Abstract
Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code — which is used in a number of security scanning products," Google Threat Analysis Group's Neel Mehta said in a write-up published on Thursday. The new mechanism was observed to be exploited by a notorious family of unwanted software known as OpenSUpdater that's used to download and install other suspicious programs on compromised systems. Most targets of the campaign are users located in the U.S. who are prone to downloading cracked versions of games and other grey-area software. The findings come from a set of OpenSUpdater samples uploaded to VirusTotal at least since mid-August. Not only are the artifacts signed with an invalid lThe Hacker News
September 24, 2021 – Vulnerabilities
Cisco addresses 3 critical vulnerabilities in IOS XE Software Full Text
Abstract
Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products,...Security Affairs
September 24, 2021 – Criminals
Cybercriminals Sell Billions of Clubhouse and Facebook Scraped User Records on Hacker Forum Full Text
Abstract
The user who posted on the hacker forum is asking $100,000 for the full database of 3.8 billion entries but is also willing to split the archive into smaller portions for potential buyers.Security Affairs
September 24, 2021 – Vulnerabilities
Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software Full Text
Abstract
Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices. The list of three flaws is as follows - CVE-2021-34770 (CVSS score: 10.0) - Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability CVE-2021-34727 (CVSS score: 9.8) - Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability CVE-2021-1619 (CVSS score: 9.8) - Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability The most severe of the issues is CVE-2021-34770, which Cisco calls a "logic error" that occurs during the processing of CAPWAP (Control And Provisioning of Wireless Access Points) packets that enable a central wireless Controller to manage a group of wireThe Hacker News
September 24, 2021 – Breach
3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online Full Text
Abstract
A user on a popular hacker forum is selling a database that purportedly contains 3.8 billion Clubhouse and Facebook user records. Original Post @CyberNews https://cybernews.com/security/3-8-billion-allegedly-scraped-and-merged-clubhouse-and-facebook-user-records-put-for-sale-online/ A...Security Affairs
September 24, 2021 – Criminals
REvil Launches Double Chats Scheme to Dupe its Affiliates Full Text
Abstract
REvil ransomware gang is back in business with a different mind game as it silently robs its affiliates. Malware specialists have found that the gang is cheating on its affiliates to keep 100% of ransom payments.Cyware Alerts - Hacker News
September 24, 2021 – General
Most IT leaders prioritize cloud migration, yet security concerns remain Full Text
Abstract
There has been a significant year-on-year leap in companies planning to move business-critical applications to the cloud, despite cybersecurity concerns, Equinix has found.Help Net Security
September 24, 2021 – Breach
African Bank warns of data breach with personal details compromised Full Text
Abstract
African Bank has confirmed that one of its appointed professional debt recovery partners, Debt-IN, was targeted by hackers in April 2021. The bank said that no data shared post April 1 is compromised.Business Tech
September 24, 2021 – Ransomware
Cring Ransomware Targets a Decade-Old Adobe Flaw Full Text
Abstract
Two ColdFusion 9 bugs patched by Adobe more than a decade ago are under active exploitation by threat actors. Criminals tried to drop Cringe ransomware on the target networks. The attacks originated from an internet address given to Green Floid (a Ukrainian ISP). Lest we forget, the first defense i ... Read MoreCyware Alerts - Hacker News
September 24, 2021 – General
Tech Industry Group Weighs in on Federal Zero Trust Strategy Full Text
Abstract
The guidance sought public comment on an overarching federal policy from OMB as well as draft technical reference architecture and maturity model from Cybersecurity and Infrastructure Security Agency.Nextgov
September 24, 2021 – Attack
Targeted Attacks Launched Against Government Personnel in India Using Commercial RATs Full Text
Abstract
The lures used in this campaign are predominantly themed around operational documents and guides such as those pertaining to the "Kavach" (hindi for "armor") 2FA application operated by India's NIC.Cisco Talos
September 24, 2021 – Education
Education sector has improving window of exposure despite lower remediation rates and higher than average time to fix: report Full Text
Abstract
Adoption of online learning environments due to COVID-19 and higher rates of ransomware and phishing attacks against K-12 schools have increased focus on the unique cybersecurity challenges they face.ZDNet
September 24, 2021 – Vulnerabilities
SonicWall fixes critical bug allowing SMA 100 device takeover Full Text
Abstract
SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices.BleepingComputer
September 24, 2021 – APT
New FamousSparrow APT group used ProxyLogon exploits in its attacks Full Text
Abstract
Researchers spotted a new cyberespionage group, dubbed FamousSparrow, that used ProxyLogon exploits to target hotels worldwide. Researchers from ESET discovered a new cyberespionage group, tracked as FamousSparrow, that has been targeting hotels...Security Affairs
September 23, 2021 – Vulnerabilities
Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days Full Text
Abstract
Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance tool to target iPhone users. Chief among them is CVE-2021-30869, a type confusion flaw that resides in the kernel component XNU developed by Apple that could cause a malicious application to execute arbitrary code with the highest privileges. The Cupertino-based tech giant said it addressed the bug with improved state handling. Google's Threat Analysis Group, which is credited with reporting the flaw, said it detected the vulnerability being "used in conjunction with a N-day remote code execution targeting WebKit." Two other flaws include CVE-2021-30858 and CVE-2021-30860 , both of which were resolved by the company earlier this month following disclosure from theThe Hacker News
September 23, 2021 – Criminals
REvil Affiliates Confirm: Leadership Were Cheating Dirtbags Full Text
Abstract
After news of REvil’s rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in “Hackers Court.”Threatpost
September 23, 2021 – Breach
Hacking group used ProxyLogon exploits to breach hotels worldwide Full Text
Abstract
A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies.BleepingComputer
September 23, 2021 – General
Teen helps IRCTC fix bug that could expose passenger’s private information Full Text
Abstract
The security vulnerability helped him to access details of other passengers including name, gender, age, PNR number, train details, departure station, and date of journey.DNA India
September 23, 2021 – General
Major US port target of attempted cyber attack Full Text
Abstract
The Port of Houston, a major U.S. port, was targeted in an attempted cyber attack last month, the Port shared in a statement on Thursday.The Hill
September 23, 2021 – Breach
Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials Full Text
Abstract
An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text (HTTP basic authentication) that are being transferred over the wire," Guardicore's Amit Serper said in a technical report. "Moreover, if the attacker has DNS-poisoning capabilities on a large scale (such as a nation-state attacker), they could systematically syphon out leaky passwords through a large-scale DNS poisoning campaign based on these Autodiscover TLDs [top-level domains]." The Exchange Autodiscover service enables users to configure applications such as Microsoft Outlook with minimal user input, allowing just a combination of email addresses and pasThe Hacker News
September 23, 2021 – Vulnerabilities
Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware Full Text
Abstract
Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise...Security Affairs
September 23, 2021 – General
5 Tips for Achieving Better Cybersecurity Risk Management Full Text
Abstract
Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively.Threatpost
September 23, 2021 – Vulnerabilities
Apple patches new zero-day bug used to hack iPhones and Macs Full Text
Abstract
Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.BleepingComputer
September 23, 2021 – Malware
New ZE Loader Targets Online Banking Users Full Text
Abstract
ZE Loader hides as part of legitimate software by performing a dynamic link library (DLL) hijacking. Using a malicious DLL instead of the original one, it replaces a DLL named DVDSetting.dll.Security Intelligence
September 23, 2021 – Government
Officials urge Congress to consider fining companies that fail to report cyber incidents Full Text
Abstract
The nation’s top cybersecurity officials on Thursday urged Congress to consider passing legislation that would fine organizations if they failed to report cybersecurity incidents to the federal government, part of an effort to do more to confront a recent spree of attacks.The Hill
September 23, 2021 – Vulnerabilities
A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit Full Text
Abstract
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers from Eclypsium said in a report published on Monday. "These tables can be exploited by attackers with direct physical access, with remote access, or through manufacturer supply chains. More importantly, these motherboard-level flaws can obviate initiatives like Secured-core because of the ubiquitous usage of ACPI [Advanced Configuration and Power Interface] and WPBT." WPBT, introduced with Windows 8 in 2012, is a feature that enables "boot firmware to provide Windows with a platform binary that the operating system can execute." In other words, it allowsThe Hacker News
September 23, 2021 – Breach
A bug in Microsoft Exchange Autodiscover feature leaks +372K of domain credentials Full Text
Abstract
A flaw in the Microsoft Exchange Autodiscover feature can be exploited to harvest Windows domain and app credentials. Security researchers from Guardicore discovered a flaw in the Microsoft Exchange Autodiscover feature that can be exploited to harvest...Security Affairs
September 23, 2021 – Privacy
Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police Full Text
Abstract
Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.Threatpost
September 23, 2021 – Malware
Malware devs trick Windows validation with malformed certs Full Text
Abstract
Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software.BleepingComputer
September 23, 2021 – Malware
TinyTurla: New Malware By Russian Turla Full Text
Abstract
The Turla APT group is back with a new backdoor dubbed TinyTurla to gain persistence on targeted systems across Germany, the U.S., and Afghanistan. This malware got the attention of researchers when it targeted Afghanistan before the Taliban's recent takeover of the government. O rganizations are ... Read MoreCyware Alerts - Hacker News
September 23, 2021 – General
Why You Should Consider QEMU Live Patching Full Text
Abstract
Sysadmins know what the risks are of running unpatched services. Given the choice, and unlimited resources, most hardworking administrators will ensure that all systems and services are patched consistently. But things are rarely that simple. Technical resources are limited, and patching can often be more complicated than it appears at first glance. Worse, some services are so hidden in the background, that they just don't make it onto the list of things to be patched. QEMU is one of those services that tend to create difficulties with patching. It works away in the background and is easy to take for granted. Plus, patching QEMU involves significant technical and practical challenges – while requiring enormous resources. In this article, we'll address some of the difficulties around patching QEMU, and point to a solution that takes the toughest bits out of QEMU patching. Ignoring QEMU patching is a big risk You'll probably know about it if you're using QEMU – shorThe Hacker News
September 23, 2021 – Phishing
BulletProofLink, a large-scale phishing-as-a-service active since 2018 Full Text
Abstract
Microsoft uncovered a large-scale phishing-as-a-service operation, dubbed BulletProofLink, that enabled threat actors to easily carry out malicious campaigns. Microsoft researchers have uncovered a large-scale phishing-as-a-service (PHaaS) operation,...Security Affairs
September 23, 2021 – Vulnerabilities
Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products Full Text
Abstract
Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.Threatpost
September 23, 2021 – Criminals
REvil ransomware devs added a backdoor to cheat affiliates Full Text
Abstract
Cybercriminals are slowly realizing that the REvil ransomware operators have been hijacking ransom negotiations, to cut affiliates out of payments.BleepingComputer
September 23, 2021 – Phishing
Phishing-as-a-Service is Here - Phishing Gets Easier Full Text
Abstract
Microsoft discovered a Phishing-as-a-Service (PhaaS) operation that is responsible for quite a few phishing attacks against corporations. The PhaaS model makes it easier to conduct phishing attacks.Cyware Alerts - Hacker News
September 23, 2021 – Covid-19
New Android Malware Targeting US, Canadian Users with COVID-19 Lures Full Text
Abstract
An "insidious" new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of an ongoing campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data. Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware "TangleBot." "The malware has been given the moniker TangleBot because of its many levels of obfuscation and control over a myriad of entangled device functions, including contacts, SMS and phone capabilities, call logs, internet access, and camera and microphone," the researchers said . Besides capabilities to obtain sensitive information, the malware is engineered to control device interaction with banking or financial apps using overlay screens and plunder account credentials from financial activities initiated on the phones. The attacks themselves originate from SMS messages that claimThe Hacker News
September 23, 2021 – Attack
Crystal Valley hit by ransomware attack, it is the second farming cooperative shut down in a week Full Text
Abstract
Minnesota-based farming supply cooperative Crystal Valley was hit by a ransomware attack, it is the second attack against the agriculture business in a few days. Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack,...Security Affairs
September 23, 2021 – Solution
Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API Full Text
Abstract
Domain names are often brands’ most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.Threatpost
September 23, 2021 – Malware
Water Basilisk- A Fileless Attack Campaign, a New Malware, and Lots of RATs Full Text
Abstract
Trend Micro researchers stumbled upon a fileless attack campaign that is leveraging a new crypter to propagate Remote Access Trojans (RATs). The RATs include BitRat, NjRat, LimeRat, Warzone, QuasarRat, and Nanocore RAT. The campaign was the most active in August.Cyware Alerts - Hacker News
September 23, 2021 – Breach
Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers Full Text
Abstract
More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase. The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate services. "There was no need for a password or login credentials to see this information, and the data was not encrypted," the researchers said in an exclusive report shared with The Hacker News. The data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket, causing sensitive information such as clients' names, photos, and addresses to be disclosed. The details stored in the bucket range from invoices and income documents to quotes and account statements dating between 2014 and 2021. The complete list of information contained inThe Hacker News
September 23, 2021 – Vulnerabilities
CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution Full Text
Abstract
CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers...Security Affairs
September 23, 2021 – Malware
Fake WhatsApp backup message delivers malware to Spanish speakers’ devices Full Text
Abstract
Spanish authorities are warning of a phishing campaign that impersonates messaging service WhatsApp in an attempt to trick recipients into downloading the NoPiques trojan.The Daily Swig
September 23, 2021 – Vulnerabilities
Beego patches severe XSS vulnerability in open source web framework Full Text
Abstract
Last month, security researcher Omri Inbar disclosed the vulnerability. Tracked as CVE-2021-39391, the vulnerability was found in the administration panel of Beego v2.0.1.The Daily Swig
September 23, 2021 – Vulnerabilities
Cisco Patches Critical Vulnerabilities in IOS XE Software Full Text
Abstract
The most severe of these vulnerabilities is CVE-2021-34770 (CVSS score of 10), which could lead to remote code execution without authentication, with administrator privileges.Security Week
September 23, 2021 – General
The CISO and the C-Suite: How to Achieve Better Working Relations Full Text
Abstract
The CISO role is still finding its place among C-suite executives. As organizations continue to use a remote or hybrid workforce, the CISO’s role at the executive’s table will be needed.Security Intelligence
September 22, 2021 – Attack
Crystal Valley Farm Coop Hit with Ransomware Full Text
Abstract
It’s the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.Threatpost
September 22, 2021 – Vulnerabilities
Hackers are scanning for VMware CVE-2021-22005 targets, patch now! Full Text
Abstract
Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution.BleepingComputer
September 22, 2021 – Breach
Data breach at Texas behavioral health center affects more than 24,000 Full Text
Abstract
A data breach at Texas behavioral health provider Texoma Community Center affected more than 24,000 people and highlights how timelines for breach notification may lag behind security events.The Record
September 22, 2021 – Government
Republican lawmakers raise security, privacy concerns over Huawei cloud services Full Text
Abstract
Sen. Tom Cotton (R-Ark.) and Rep. Mike Gallagher (R-Wis.) are raising concerns around U.S. and foreign governments' potential use of Chinese telecommunications group Huawei’s cloud services, warning of security and privacy issues.The Hill
September 22, 2021 – Phishing
Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation Full Text
Abstract
Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today," Microsoft 365 Defender Threat Intelligence Team said in a Tuesday report. "BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads, and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators." The tech giant said it uncovered the operation during its investigation of a credential phishingThe Hacker News
September 22, 2021 – Government
US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks Full Text
Abstract
CISA, FBI, and the NSA warned today of an escalation of the attacks of the Conti ransomware gang targeting US organizations. CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) are warning of an increased number...Security Affairs
September 22, 2021 – Vulnerabilities
Netgear SOHO Security Bug Allows RCE, Corporate Attacks Full Text
Abstract
The issue lies in a parental-control function that’s always enabled by default, even if users don’t configure for child security.Threatpost
September 22, 2021 – Government
FBI, CISA, and NSA warn of escalating Conti ransomware attacks Full Text
Abstract
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warned today of an increased number of Conti ransomware attacks targeting US organizations.BleepingComputer
September 22, 2021 – Malware
Malicious PowerPoint Documents Used to Distribute AgentTesla RAT Full Text
Abstract
McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint. In this campaign, the spam email comes with a PowerPoint file as an attachment.McAfee
September 22, 2021 – General
Federal agencies warn companies to be on guard against prolific ransomware strain Full Text
Abstract
The FBI, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a warning to U.S. organizations to be aware of a specific type of ransomware that has already wreaked havoc on hundreds of groups.The Hill
September 22, 2021 – Vulnerabilities
New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures Full Text
Abstract
As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks. Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive target owing to their "oversight of core servers, devices, and other critical components in the enterprise network." The issues have since been fixed in updates released in August with Nagios XI 5.8.5 or above, Nagios XI Switch Wizard 2.5.7 or above, Nagios XI Docker Wizard 1.13 or above, and Nagios XI WatchGuard 1.4.8 or above. " SolarWinds and Kaseya were likely targeted not only because of their large and influential customer bases, but also because of their respective technologies' access to enterprise networks, whether it was managing IT, operational technology (OT), orThe Hacker News
September 22, 2021 – Vulnerabilities
Hikvision cameras could be remotely hacked due to critical flaw Full Text
Abstract
A critical issue, tracked as CVE-2021-36260, affects more than 70 Hikvision device models and can allow attackers to take over them. A critical vulnerability, tracked as CVE-2021-36260, affects more than 70 Hikvision camera and NVR models and can allow...Security Affairs
September 22, 2021 – Vulnerabilities
TikTok, GitHub, Facebook Join Open-Source Bug Bounty Full Text
Abstract
The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.Threatpost
September 22, 2021 – Business
Apple will disable insecure TLS in future iOS, macOS releases Full Text
Abstract
Apple has deprecated the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in recently launched iOS and macOS versions and plans to remove support in future releases altogether.BleepingComputer
September 22, 2021 – General
The Record by Recorded Future Full Text
Abstract
The Deputy Minister of National Defense said that the phones were selected because they had been previously identified “by the international community as posing certain cyber security risks.”The Record
September 22, 2021 – Solution
How Cynet’s Response Automation Helps Organizations Mitigate Cyber Threats Full Text
Abstract
One of the determining factors of how much damage a cyber-attack cause is how fast organizations can respond to it. Time to response is critical for security teams, and it is a major hurdle for leaner teams. To help improve this metric and enhance organizations' ability to respond to attacks quickly, many endpoint detection and response (EDR) and extended detection and response (XDR) vendors have started including some form of automation in their platforms to reduce the need for manual intervention. XDR provider Cynet claims that they go beyond existing solutions when it comes to security automation. More than automating individual components, the Cynet 360 platform ( see a live demo here ) offers automation across every phase of incident response – from detection through remediation. The company uses a variety of tools and techniques to keep organizations safe and quickly respond to any emerging threat. How Cynet removes the guesswork from Incident Response Cynet fully automateThe Hacker News
September 22, 2021 – Vulnerabilities
Flaws in Nagios Network Management systems pose risk to companies Full Text
Abstract
Researchers found multiple flaws in widely used network management products from Nagios that pose serious risk to organizations. Researchers from industrial cybersecurity firm Claroty have discovered eleven vulnerabilities in widely used network...Security Affairs
September 22, 2021 – Cryptocurrency
Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts Full Text
Abstract
The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime.Threatpost
September 22, 2021 – Outage
Second farming cooperative shut down by ransomware this week Full Text
Abstract
Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend.BleepingComputer
September 22, 2021 – Hacker
Operation Layover by Nigerian Threat Actor Targets Aviation Sector Full Text
Abstract
Cisco Talos uncovered a three-year-long espionage campaign, dubbed Operation Layover, aimed at the airline industry. Cybercriminals are spreading AsyncRAT and njRAT via malicious documents. In the ongoing campaign, attackers can change their crypter/attack vector and continue stealing from victims ... Read MoreCyware Alerts - Hacker News
September 22, 2021 – Vulnerabilities
VMware addressed a critical flaw in vCenter Server. Patch it now! Full Text
Abstract
VMware addressed a critical arbitrary file upload vulnerability that affects the default configuration of vCenter Server 6.7 and 7.0 deployments. VMware addressed a critical arbitrary file upload vulnerability, tracked as CVE-2021-22005, that impacts...Security Affairs
September 22, 2021 – General
Modern cyber protection: The digital must-have for home users Full Text
Abstract
Digital advances have reinvented how most of us work, organize our lives, and communicate with friends. As individuals, we're more dependent on data than at any time in history, which means protecting the data, applications, and systems we rely on is a serious concern.BleepingComputer
September 22, 2021 – Breach
Hacking Incidents Lead to 2 Big Eye Care Provider Breaches Full Text
Abstract
New Jersey-based USV Optical Inc. - a subsidiary of U.S.Vision on Sept. 3 reported to HHS' Office for Civil Rights a hacking IT incident involving a network server and affecting 180,000 individuals.Gov Info Security
September 22, 2021 – Phishing
Phishing-as-a-service operation uses double theft to boost profits Full Text
Abstract
Microsoft says BulletProofLink, a large-scale phishing-as-a-service operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately.BleepingComputer
September 22, 2021 – Criminals
Cring ransomware group exploits ancient ColdFusion server Full Text
Abstract
In an attack recently investigated by Sophos, an unknown threat actor exploited an ancient-in-internet-years vulnerability in an 11-year-old installation of Adobe ColdFusion 9 to infect the server.Sophos
September 22, 2021 – Breach
Microsoft Exchange Autodiscover bugs leak 100K Windows credentials Full Text
Abstract
Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide.BleepingComputer
September 22, 2021 – Business
Osano, a data privacy platform, raises $11M Full Text
Abstract
Osano, a data privacy platform that helps websites become compliant with international regulations, today announced that it closed an $11 million funding round led by Jump Capital.Venture Beat
September 22, 2021 – Breach
RaidForums data marketplace accidentally exposes private staff page Full Text
Abstract
Underground marketplace and hacker forum, Raidforums, recently exposed internal pages from its website, meant for staff members only. Raidforums is a data breach marketplace where threat actors often sell or leak illicitly obtained data dumps.BleepingComputer
September 22, 2021 – Attack
Ransomware Gangs Attack Missouri Delta Medical Center and Barlow Respiratory Hospital Full Text
Abstract
Barlow Respiratory Hospital said while the attack affected several IT systems, the hospital was able to continue to operate under its emergency procedures and patient care was not interrupted.HIPAA Journal
September 22, 2021 – Business
Stairwell secures $20M Series A to help organizations outsmart attackers Full Text
Abstract
As well as raising $20 million, a round co-led by Sequoia Capital and Accel, Stairwell launched its threat-hunting platform to help organizations determine if they were compromised now or in the past.TechCrunch
September 21, 2021 – Policy and Law
US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs Full Text
Abstract
The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies. "Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity," the department said in a press release. "Analysis of known SUEX transactions shows that over 40% of SUEX's known transaction history is associated with illicit actors. SUEX is being designated pursuant to Executive Order 13694 , as amended, for providing material support to the threat posed by criminal ransomware actors." According to blockchain analytics firm Chainalysis , SUEX is legally registered in the Czech Republic and operates out of officeThe Hacker News
September 21, 2021 – Breach
Epik Confirms Hack, Gigabytes of Data on Offer Full Text
Abstract
“Time to find out who in your family secretly ran … [a] QAnon hellhole,” said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.Threatpost
September 21, 2021 – Vulnerabilities
The Gap in Your Zero Trust Implementation Full Text
Abstract
Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust security model. A zero trust security model is based on the idea that no IT resource should be trusted implicitly. Prior to the introduction of zero trust security, a user who authenticated into a network was trustworthy for the duration of their session, as was the user's device. In a zero trust model, a user is no longer considered to be trustworthy just because they entered a password at the beginning of their session. Instead, the user's identity is verified through multi-factor authentication, and the user may be prompted to re-authenticate if they attempt to access resources that are particularly sensitive or if the user attempts to do something out of the ordinary. How ComplicThe Hacker News
September 21, 2021 – Vulnerabilities
High-Severity RCE Flaw Disclosed in Several Netgear Router Models Full Text
Abstract
Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Traced as CVE-2021-40847 (CVSS score: 8.1), the security weakness impacts the following models - R6400v2 (fixed in firmware version 1.0.4.120) R6700 (fixed in firmware version 1.0.2.26) R6700v3 (fixed in firmware version 1.0.4.120) R6900 (fixed in firmware version 1.0.2.26) R6900P (fixed in firmware version 3.3.142_HOTFIX) R7000 (fixed in firmware version 1.0.11.128) R7000P (fixed in firmware version 1.3.3.142_HOTFIX) R7850 (fixed in firmware version 1.0.5.76) R7900 (fixed in firmware version 1.0.4.46) R8000 (fixed in firmware version 1.0.4.76) RS400 (fixed in firmware version 1.5.1.80) According to GRIMM security researcher Adam Nichols, the vulnerability resides within Circle , a third-party component included in the firmware that offeThe Hacker News
September 21, 2021 – Vulnerabilities
VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server Full Text
Abstract
VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005) that impacts vCenter Server 6.7 and 7.0 deployments. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file," the company noted , adding "this vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server." Although VMware has published workarounds for the flaw, the company cautioned that they are "meant to be a temporary solution until updates […] can be deployed." The complete list of flaws patched by the virtualization servicesThe Hacker News
September 21, 2021 – Vulnerabilities
New macOS zero-day bug lets attackers run commands remotely Full Text
Abstract
Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur.BleepingComputer
September 21, 2021 – Vulnerabilities
Researcher discloses iPhone lock screen bypass on iOS 15 launch day Full Text
Abstract
On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass method that can be exploited to grant attackers access to a user’s notes.The Record
September 21, 2021 – Government
DHS chief ‘horrified’ by images at border Full Text
Abstract
GOP senators on Tuesday grilled Homeland Security Secretary Alejandro Mayorkas over the influx of Haitian refugees seeking asylum at the U.S.-Mexico border and viral images of Customs and Border Patrol officials on horseback chasing migrants away.The Hill
September 21, 2021 – Vulnerabilities
Unpatched High-Severity Vulnerability Affects Apple macOS Computers Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed details of an unpatched vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines. "A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user," SSD Secure Disclosure said in a write-up published today. Park Minchan, an independent security researcher, has been credited with reporting the vulnerability which affects macOS versions of Big Sur and prior. The weakness arises due to the manner macOS processes INETLOC files — shortcuts to internet locations such as RSS feeds or Telnet connections containing username and password for SSH — resulting in a scenario that allows commands embedded in those files to be executed without any warniThe Hacker News
September 21, 2021 – Vulnerabilities
A zero-day flaw allows to run arbitrary commands on macOS systems Full Text
Abstract
Security researchers disclosed a new zero-day flaw in Apple's macOS Finder that can allow attackers to run arbitrary commands on Macs. Independent security researcher Park Minchan disclosed a zero-day vulnerability in Apple's macOS Finder that can be exploited...Security Affairs
September 21, 2021 – Phishing
Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It? Full Text
Abstract
Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.Threatpost
September 21, 2021 – Vulnerabilities
VMware warns of critical bug in default vCenter Server installs Full Text
Abstract
VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments.BleepingComputer
September 21, 2021 – Attack
Israeli communications company hit by major cyberattack Full Text
Abstract
The company sent SMS messages to its clients on Sunday, saying that the perpetrators of the attack were "hackers from abroad." However, Voicenter claimed that the attack did not affect its work.Middleeast Monitor
September 21, 2021 – Government
FBI withheld decryption key for Kaseya ransomware attack for three weeks: report Full Text
Abstract
The FBI allegedly withheld the release of a decryption key for almost three weeks that could have assisted groups crippled by the massive ransomware attack on IT group Kaseya earlier this year to unlock their networks.The Hill
September 21, 2021 – Criminals
Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug Full Text
Abstract
Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a number of virtual machines, according to a report published by Sophos and shared with The Hacker News. The attacks originated from an internet address assigned to the Ukrainian ISP Green Floid. "Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target," Sophos principal researcher Andrew Brandt said . "The surprising thing is that this server was in active daily use. Often the most vulnerable devices are inactive or ghost machines, either forgotten about or overlooked when it comes to patching and upgraThe Hacker News
September 21, 2021 – APT
Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US Full Text
Abstract
Russia-linked cyber espionage group Turla made the headlines again, the APT has employed a new backdoor in a recent wave of attacks Cisco Talos researchers reported that the Russia-linked Turla APT group recently used a new backdoor, dubbed TinyTurla,...Security Affairs
September 21, 2021 – Vulnerabilities
46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe? Full Text
Abstract
Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities – some even years old.Threatpost
September 21, 2021 – Cryptocurrency
US sanctions cryptocurrency exchange used by ransomware gangs Full Text
Abstract
The US Treasury Department announced the first-ever sanctions against a cryptocurrency exchange, the Russian-linked Suex, for facilitating ransom transactions for ransomware gangs and helping them evade sanctions.BleepingComputer
September 21, 2021 – Malware
TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines Full Text
Abstract
Cisco Talos researchers recently discovered a new backdoor used by the Russian Turla APT group. They observed infections in the U.S., Germany, and, more recently, in Afghanistan.Cisco Talos
September 21, 2021 – Cryptocurrency
Treasury sanctions cryptocurrency exchange for facilitating ransomware payments Full Text
Abstract
The Treasury Department on Tuesday announced a set of actions designed to crack down on ransomware attack payments following a major uptick in cases in recent months against U.S. companies.The Hill
September 21, 2021 – Hacker
Russian state hackers use new TinyTurla malware as secondary backdoor Full Text
Abstract
Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan.BleepingComputer
September 21, 2021 – Malware
New Banking Trojan Abuses Public Platforms Including YouTube Full Text
Abstract
ESET reported a new Numando banking Trojan that abuses YouTube, Pastebin, and other public platforms to fool victims into stealing their financial credentials. It can simulate mouse clicks, keyboard actions, hijack PC’s shutdown/restart functions, kill browser processes, and take screenshots. Banki ... Read MoreCyware Alerts - Hacker News
September 21, 2021 – Vulnerabilities
Netgear fixes dangerous code execution bug in multiple routers Full Text
Abstract
Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers.BleepingComputer
September 21, 2021 – Vulnerabilities
Mirai Exploits OMIGOD Flaws in the Wild Full Text
Abstract
Azure customers are requested to urgently address the OMIGOD flaw exploited by Mirai botnet operators. Microsoft has released additional guidance on securing Linux machines impacted by the critical flaw that concerns thousands of Azure customers and millions of endpoints. Due to no auto-update mech ... Read MoreCyware Alerts - Hacker News
September 21, 2021 – APT
New Warning: APTs are Targeting Zoho ManageEngine Full Text
Abstract
The FBI, CISA, and CGCYBER issued a joint advisory warning against the exploitation of a critical bug in the Zoho ManageEngine ADSelfService Plus software by the nation-state actors. Besides applying a patch, organizations are suggested to baseline the normal behavior in web server logs to spot a w ... Read MoreCyware Alerts - Hacker News
September 21, 2021 – Malware
Capoae Uses Known Tricks to Target Linux and Windows Full Text
Abstract
New Capoae malware strain is reportedly targeting WordPress and Linux systems worldwide. Written in GoLang, it exploited around four different RCE vulnerabilities. Moreover, the malware contains a port scanner to find open ports and services for further exploitation. Among other advice, experts r ... Read MoreCyware Alerts - Hacker News
September 21, 2021 – Cryptocurrency
Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage Full Text
Abstract
The cryptomining trojan z0Miner has been taking advantage of Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.Trend Micro
September 21, 2021 – Attack
Supply Chain Attacks via Open-Source Repositories Spike Full Text
Abstract
A report from Sonatype revealed that supply chain attacks on open-source public repositories have increased up to 650% year-over-year. The security firm has mentioned that the significant increase in supply-chain attacks has been mainly caused by the exploitation of flaws in popular open-source ec ... Read MoreCyware Alerts - Hacker News
September 21, 2021 – Breach
US Optometry Provider Simon Eye Hit by Data Breach Impacting 144,000 Patients Full Text
Abstract
The possible compromise of sensitive personal data arose from unauthorized access to employee email accounts over a seven-day period between May 12-18, 2021, according to a data breach notice.The Daily Swig
September 21, 2021 – Attack
Marketron marketing services hit by Blackmatter ransomware Full Text
Abstract
BlackMatter ransomware gang over the weekend hit Marketron, a business software solutions provider that serves more than 6,000 customers in the media industry.BleepingComputer
September 21, 2021 – Education
Emerging from uncertainty, DOD cyber war college looks to navigate the future Full Text
Abstract
CIC was established in 1964 as the DoD Computer Institute. In 1981, it was incorporated into NDU located at Fort McNair, Washington, D.C., and reports to the Chairman of the Joint Chiefs of Staff.The Record
September 21, 2021 – Malware
New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin Full Text
Abstract
A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. "The malware's primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they've been infected, these systems are then used to mine cryptocurrency," Akamai security researcher Larry Cashdollar said in a write-up published last week. The PHP malware — codenamed "Capoae" (short for "Сканирование," the Russian word for "Scanning") — is said to be delivered to the hosts via a backdoored addition to a WordPress plugin called "download-monitor," which gets installed after successfully brute-forcing WordPress admin credentials. The attacks also involve the deployment of a Golang binary with decryption functionality, with the obfuscThe Hacker News
September 21, 2021 – Vulnerabilities
Apache OpenOffice is currently impacted by a remote code execution flaw Full Text
Abstract
Apache OpenOffice (AOO) is currently impacted by a remote code execution flaw, tracked as CVE-2021-33035, that has yet to be fixed in the official release. Security researcher Eugene Lim (@spaceraccoonsec) recently revealed technical details about...Security Affairs
September 21, 2021 – General
Opinion: America Is Being Held for Ransom. It Needs to Fight Back. Full Text
Abstract
Over the past few months, these attacks have leaked sensitive government data, thwarted the operations of hundreds of businesses and even temporarily shut down one of the US’ biggest oil pipelines.New York Times
September 21, 2021 – General
Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus? Full Text
Abstract
2020 was a year of relentless disruptions. The protective layer of secured enterprise networks and controlled IT environments of the physical premises did not exist. Over the past year, CISOs (Chief Information Security Officers) have had to grapple with the challenges of bolstering the security posture, minimizing risks, and ensuring business continuity in the new normal. The rise in volumes and sophistication of cyberattacks in the rather borderless IT situation only compounded the challenges. All this has necessitated a shift in cybersecurity priorities in 2021. In this article, we have put together the top cybersecurity priorities for 2021 and beyond that will enable businesses to be fully equipped for future disruptions, without compromising on security. Cybersecurity Priorities for 2021 Strengthen the Cybersecurity Fundamentals CISOs must focus on security fundamentals, including asset management, password management, cyber hygiene, configuration, vulnerability managementThe Hacker News
September 21, 2021 – Criminals
Black Matter gang demanded a $5.9M ransom to NEW Cooperative Full Text
Abstract
U.S. The farmers cooperative NEW Cooperative was hit by Black Matter ransomware gang that is demanding a $5.9 million ransom. BlackMatter ransomware gang hit NEW Cooperative, a farmer's feed and grain cooperative, and is demanding a $5.9 million...Security Affairs
September 21, 2021 – Ransomware
Ransomware Attacks Growing More Sophisticated Full Text
Abstract
In the first half of the year, malicious actors exploited flaws across different types of platforms, leading to major attacks that shut down fuel networks and extracted millions from enterprises.Security Boulevard
September 21, 2021 – Breach
Data of 106 million visitors to Thailand leaked online Full Text
Abstract
Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected...Security Affairs
September 21, 2021 – Attack
Iowa Farm Services Provider Targeted by BlackMatter Ransomware, Faces $5.9 Million Ransom Demand Full Text
Abstract
New Cooperative -- an Iowa-based farm service provider -- has been hit with a ransomware attack, continuing a streak of incidents affecting agricultural companies this year.ZDNet
September 21, 2021 – Business
Cloud security company Threat Stack acquired by F5 for $68 million Full Text
Abstract
F5 Networks, one of the world's largest providers of enterprise networking gear, announced on Monday that it is acquiring cloud security company Threat Stack for $68 million.ZDNet
September 21, 2021 – General
AI Can Write Code Like Humans—Bugs and All Full Text
Abstract
Researchers at NYU recently analyzed code generated by Copilot and found that, for certain tasks where security is crucial, the code contains security flaws around 40 percent of the time.Wired
September 21, 2021 – Vulnerabilities
Apache OpenOffice can be hijacked by malicious documents, fix still in beta Full Text
Abstract
Apache OpenOffice is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta software.The Register
September 21, 2021 – General
Rapid digitization of banks invites cyber risks as well. What are the risks, and what should banks do? Full Text
Abstract
According to the CERT-In, over 290,000 cyberattacks related to digital banking were reported in 2020, including phishing attacks, network scanning and probing, viruses, and website hacking.The Times Of India
September 21, 2021 – Government
Update: Indonesia Says No Evidence of Alleged Chinese Intel Hack Full Text
Abstract
Indonesian authorities have found no evidence that the country’s main intelligence service’s computers were compromised, after a cybersecurity company alerted them of a suspected breach.Security Week
September 20, 2021 – Attack
Major agriculture group New Cooperative hit by ransomware attack Full Text
Abstract
Agriculture group New Cooperative group was hit by a ransomware attack over the weekend, potentially endangering operations of a company key to the agricultural supply chain.The Hill
September 20, 2021 – General
Bring Your APIs Out of the Shadows to Protect Your Business Full Text
Abstract
APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do.Threatpost
September 20, 2021 – Vulnerabilities
How to fix the Windows 0x0000011b network printing error Full Text
Abstract
A Windows security update released in January and now fully enforced this month is causing Windows users to experience 0x0000011b errors when printing to network printers.BleepingComputer
September 20, 2021 – Breach
Hacked sites push TeamViewer using fake expired certificate alert Full Text
Abstract
Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer.BleepingComputer
September 20, 2021 – Attack
US farmer cooperative hit by $5.9M BlackMatter ransomware attack Full Text
Abstract
U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor.BleepingComputer
September 20, 2021 – Attack
Large phishing campaign targets EMEA and APAC governments Full Text
Abstract
Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments...Security Affairs
September 20, 2021 – Denial Of Service
VoIP.ms phone services disrupted by DDoS extortion attack Full Text
Abstract
Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation.BleepingComputer
September 20, 2021 – Criminals
Europol arrested 106 fraudsters, members of a major crime ring Full Text
Abstract
Europol, along with Italian and Spanish police, dismantled a major crime organization linked to the Italian Mafia that focuses on online frauds. Europol, along with law enforcement agencies in Italy and Spain, has dismantled a major crime group linked...Security Affairs
September 20, 2021 – Breach
Republican Governors Association email server breached by state hackers Full Text
Abstract
The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021.BleepingComputer
September 20, 2021 – Vulnerabilities
EventBuilder misconfiguration exposes Microsoft event registrant data Full Text
Abstract
Personal details of registrants to virtual events available through the EventBuilder platform have stayed accessible over the public internet, open to indexing by various engines.BleepingComputer
September 20, 2021 – Criminals
Europol links Italian Mafia to million-dollar phishing scheme Full Text
Abstract
In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million ($11.7 million) last year alone.BleepingComputer
September 20, 2021 – Attack
SSID Stripping Attacks Could Lead You to Fake Access Points Full Text
Abstract
SSID Stripping is a method that malicious attackers could use to fool users into connecting to fake Wireless Access Points (WAPs). It affects devices running macOS, iOS, Ubuntu, Windows, and Android.Cyware Alerts - Hacker News
September 20, 2021 – Criminals
Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters Full Text
Abstract
Law enforcement agencies in Italy and Spain have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime, netting the gang about €10 million ($11.7 million) in illegal proceeds in just a year. "The suspects defrauded hundreds of victims through phishing attacks and other types of online fraud such as SIM swapping and business email compromise before laundering the money through a wide network of money mules and shell companies," Europol said in a statement published today. The group operated out of Tenerife, located in Spain's Canary Islands. The development comes following a year-long sting operation that saw as many as 16 house searches, resulting in 106 arrests — mostly in Spain and Italy — and seizure of electronic devices, 224 credit cards, SIM cards, point-of-sale terminals, a marijuana plantation, and equipment used for its cultivation and distribution. 118 banThe Hacker News
September 20, 2021 – Policy and Law
Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme Full Text
Abstract
A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. The Pakistani national Muhammad Fahd (35) was sentenced to 12 years of prison in the United States for his primary...Security Affairs
September 20, 2021 – Criminals
Ransomware still a primary threat as cybercriminals evolve tactics Full Text
Abstract
Ransomware remains primary threat in the first half of the year. Working with third parties to gain access to targeted networks, they used APT tools and techniques to steal and encrypt victims’ data.Help Net Security
September 20, 2021 – Attack
A New Wave of Malware Attack Targeting Organizations in South America Full Text
Abstract
A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research. Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected South America espionage group that has been active since at least 2018 and previously known for setting its sights on Colombian government institutions and corporations spanning financial, petroleum, and manufacturing sectors. Primarily spread via fraudulent emails by masquerading as Colombian government agencies, such as the National Directorate of Taxes and Customs (DIAN), the infection chain commences when the message recipients open a decoy PDF or Word document that claims to be a seizure order tied to their bank accounts and click on a link that's been generated from a URL shortThe Hacker News
September 20, 2021 – Criminals
Shining a Light on DarkOxide: A Technical Analysis Full Text
Abstract
CrowdStrike Intelligence tracked the DarkOxide threat activity cluster which launched attack campaigns against organizations within the Asia Pacific (APAC) semiconductor industry.Crowdstrike
September 20, 2021 – Business
AT&T lost $200 million in phone-unlocking scheme Full Text
Abstract
“Beginning in 2012, Fahd, 35, conspired with others to recruit AT&T employees at a call centre located in Bothell, Washington, to unlock large numbers of cellular phones for profit,” said the DOJ.Secure Reading
September 20, 2021 – Denial Of Service
DDoS Attack Service Admin Behind 200,000 Attacks Face 35 Years in Prison Full Text
Abstract
It was found that 32-year old Matthew Gatrel of St. Charles, Illinois allowed users to launch more than 200,000 DDoS attacks through paid services for which he may face 35-years in prison.GB Hackers
September 20, 2021 – Hacker
A hacker may have personal information of thousands of NEISD employees Full Text
Abstract
Over 5,000 current and former NEISD employees received a letter from the district saying their payroll information, including names and social security numbers, was at risk of being compromised.MySanAntonio
September 19, 2021 – Phishing
New “Elon Musk Club” crypto giveaway scam promoted via email Full Text
Abstract
A new Elon Musk-themed cryptocurrency giveaway scam called the "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is being promoted through spam email campaigns that started over the past few weeks.BleepingComputer
September 19, 2021 – Business
AT&T lost $200M in seven years to illegal phone unlocking scheme Full Text
Abstract
A Pakistani fraudster was sentenced earlier this week to 12 years in prison after AT&T, the world's largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven year scheme that led to the fraudulent unlocking of almost 2 million phones.BleepingComputer
September 19, 2021 – Malware
Numando, a new banking Trojan that abuses YouTube for remote configuration Full Text
Abstract
Numando, a new banking Trojan that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. ESET researchers spotted a new LATAM banking trojan, tracked as Numando, that abuses YouTube, Pastebin, and other public platforms...Security Affairs
September 19, 2021 – Business
Google to Auto-Reset Unused Android App Permissions for Billions of Devices Full Text
Abstract
Google on Friday said it's bringing an Android 11 feature that auto-resets permissions granted to apps that haven't been used in months, to devices running Android versions 6 and above. The expansion is expected to go live later this year in December 2021 and enabled on Android phones with Google Play services running Android 6.0 (API level 23) or higher, which the company said should cover "billions more devices." Google officially released Android 6.0 Marshmallow on October 5, 2015. With Android 11 that came out last year, the internet giant introduced a permission auto-reset option that helps improve user privacy by automatically resetting an app's permissions to access sensitive features like storage or camera if the app in question is left unopened for a few months. "Some apps and permissions are automatically exempted from revocation, like active Device Administrator apps used by enterprises, and permissions fixed by enterprise policy," GoogleThe Hacker News
September 19, 2021 – Privacy
Why Edward Snowden is urging users to stop using ExpressVPN? Full Text
Abstract
The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry's leading virtual private networks ExpressVPN, as part...Security Affairs
September 19, 2021 – Malware
Numando: A New Banking Trojan Targeting Latin American Users Full Text
Abstract
A newly spotted banking trojan has been caught leveraging legitimate platforms like YouTube and Pastebin to store its encrypted, remote configuration and commandeer infected Windows systems, making it the latest to join the long list of malware targeting Latin America (LATAM) after Guildma, Javali, Melcoz, Grandoreiro, Mekotio, Casbaneiro, Amavaldo, Vadokrist, and Janeleiro. The threat actor behind this malware family — dubbed " Numando " — is believed to have been active since at least 2018. "[Numando brings] interesting new techniques to the pool of Latin American banking trojans' tricks, like using seemingly useless ZIP archives or bundling payloads with decoy BMP images," ESET researchers said in a technical analysis published on Friday. "Geographically, it focuses almost exclusively on Brazil with rare campaigns in Mexico and Spain." Written in Delphi, the malware comes with an array of backdoor capabilities that allow it to control comprThe Hacker News
September 19, 2021 – General
Security Affairs newsletter Round 332 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The Biden administration plans to target exchanges supporting ransomware operations with...Security Affairs
September 18, 2021 – Vulnerabilities
Researchers compile list of vulnerabilities abused by ransomware gangs Full Text
Abstract
Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks.BleepingComputer
September 18, 2021 – Government
The Biden administration plans to target exchanges supporting ransomware operations with sanctions Full Text
Abstract
US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments. The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware...Security Affairs
September 18, 2021 – Hacker
Threat actor has been targeting the aviation industry since at least 2018 Full Text
Abstract
Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation...Security Affairs
September 18, 2021 – Vulnerabilities
Expert discloses details and PoC code for Netgear Seventh Inferno bug Full Text
Abstract
A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability,...Security Affairs
September 18, 2021 – Cryptocurrency
Treasury to issue new cryptocurrency sanctions after ransomware attacks Full Text
Abstract
The Biden administration is preparing to issue a series of actions, including sanctions, to make it more difficult for hackers to profit off of ransomware attacks through the use of digital currency.The Verge
September 18, 2021 – Vulnerabilities
AMD Chipset Driver flaw allows obtaining sensitive data Full Text
Abstract
Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.Security Affairs
September 18, 2021 – Malware
Yes, of course there’s now malware for Windows Subsystem for Linux Full Text
Abstract
Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem for Linux (WSL) to install unwelcome payloads.The Register
September 17, 2021 – Ransomware
The Week in Ransomware - September 17th 2021 - REvil decrypted Full Text
Abstract
It has been an interesting week with decryptors released, ransomware gangs continuing to rail against negotiators, and the US government expected to sanction crypto exchanges next week.BleepingComputer
September 17, 2021 – Malware
New Malware Targets Windows Subsystem for Linux to Evade Detection Full Text
Abstract
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent payloads. "These files acted as loaders running a payload that was either embedded within the sample or retrieved from a remote server and was then injected into a running process using Windows API calls," researchers from Lumen Black Lotus Labs said in a report published on Thursday. Windows Subsystem for Linux, launched in August 2016, is a compatibility layer that's designed to run Linux binary executables (in ELF format) natively on the Windows platform without the overhead of a traditional virtual machine or dual-boot setup. The earliest artifacts date back to MThe Hacker News
September 17, 2021 – Vulnerabilities
CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data Full Text
Abstract
Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. Chipmaker AMD has addressed a medium severity issue in Platform Security...Security Affairs
September 17, 2021 – General
Porn Problem: Adult Ads Persist on US Gov’t, Military Sites Full Text
Abstract
Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.Threatpost
September 17, 2021 – Cryptocurrency
U.S. to sanction crypto exchanges, wallets used by ransomware Full Text
Abstract
The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money.BleepingComputer
September 17, 2021 – Attack
Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years Full Text
Abstract
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar. Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence team in May 2021 that delved into a "dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT." "The actor […] doesn't seem to be technically sophisticated, using off-the-shelf malware since the beginning of its activities without developing its own malware," researchers Tiago Pereira and Vitor Ventura said . "The actor also buys the crypters that allow the usage of such malware without being detected, throughout the years it has useThe Hacker News
September 17, 2021 – Botnet
Experts warn that Mirai Botnet starts exploiting OMIGOD flaw Full Text
Abstract
The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a Mirai botnet starts exploiting a critical Azure OMIGOD vulnerability, tracked as CVE-2021-38647,...Security Affairs
September 17, 2021 – Business
Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do Full Text
Abstract
Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.Threatpost
September 17, 2021 – Denial Of Service
Admin of DDoS service behind 200,000 attacks faces 35yrs in prison Full Text
Abstract
At the end of a nine-day trial, a jury in California this week found guilty the administrator of two distributed denial-of-service (DDoS) operations.BleepingComputer
September 17, 2021 – Attack
German Election body hit by a cyber attack Full Text
Abstract
A spokesman for the authority running Germany's September 26 general election confirmed that hackers briefly disrupted its website last month. Threat actors last month hit the website of the authority running Germany's September 26 general election,...Security Affairs
September 17, 2021 – General
Billions more Android devices will reset risky app permissions Full Text
Abstract
Google announced today that support for a recently released Android privacy protection feature would be backported to billions of devices running older Android versions later this year.BleepingComputer
September 17, 2021 – Hacker
Hackers pose as bank customers by stealing OTPs, making $500k in fake credit card payments Full Text
Abstract
Hackers abroad have been able to pose as 75 bank customers here to make about $500,000 in fake credit card payments. This was done by a sophisticated method of hijacking the OTPs by banks.Straits Times
September 17, 2021 – Vulnerabilities
New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems Full Text
Abstract
A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved...Security Affairs
September 17, 2021 – Vulnerabilities
OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners Full Text
Abstract
Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday.BleepingComputer
September 17, 2021 – Breach
Alaska Department of Health Reveals Data Breach Potentially Exposing Residents’ Financial, Health Information Full Text
Abstract
The Alaska Department of Health and Social Services (DHSS) has warned that a “highly sophisticated” cyber-attack may have exposed residents’ personal data, including financial information.The Daily Swig
September 17, 2021 – Malware
A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection Full Text
Abstract
Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed...Security Affairs
September 17, 2021 – Vulnerabilities
Microsoft asks Azure Linux admins to manually patch OMIGOD bugs Full Text
Abstract
Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities.BleepingComputer
September 17, 2021 – Outage
Hackers Disrupted the Website of the Authority Running Germany’s General Elections Full Text
Abstract
Suspected hackers last month briefly disrupted the website of the authority running Germany's September 26 general election, a spokesman for the agency told AFP Wednesday.Security Week
September 17, 2021 – Vulnerabilities
How to fix printers asking for admins creds after PrintNightmare patch Full Text
Abstract
Some printers will request administrator credentials every time users try to print in Windows Point and Print environments due to a known issue caused by KB5005033 or later security updates addressing the PrintNightmare vulnerability.BleepingComputer
September 17, 2021 – Botnet
Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance Full Text
Abstract
Microsoft on Thursday published additional guidance on addressing recently disclosed vulnerabilities in the OMI framework, along with new protections to secure affected Azure VM management extensions.Security Week
September 17, 2021 – Government
US govt sites showing porn, viagra ads share a common software vendor Full Text
Abstract
Multiple U.S. government sites using .gov and .mil domains have been seen hosting porn and spam content, such as Viagra ads, in the last year. A security researcher noticed all of these sites share a common software vendor, Laserfiche.BleepingComputer
September 17, 2021 – Attack
City of Yonkers attacked by ransomware but refuses to pay ransom Full Text
Abstract
Government employees at the City of Yonkers were denied access to their computers last week, after cybercriminals launched a ransomware attack. The city said that it refused to pay the ransom.IT Governance
September 17, 2021 – Business
Identity startup Persona closes $150M round at $1.5B valuation Full Text
Abstract
The Series C round was led by Founders Fund, Persona said in an announcement this morning. Meritech Capital Partners, BOND, Index Ventures, and Coatue Management participated as well.Silicon Angle
September 16, 2021 – Cryptocurrency
Financial Cybercrime: Following Cryptocurrency via Public Ledgers Full Text
Abstract
John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.Threatpost
September 16, 2021 – Ransomware
REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out Full Text
Abstract
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil’s servers went belly-up on July 13.Threatpost
September 16, 2021 – Government
FBI and CISA warn of state hackers exploiting critical Zoho bug Full Text
Abstract
The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021.BleepingComputer
September 16, 2021 – Government
FTC: Health app and connected device makers must disclose data breaches Full Text
Abstract
The FTC approved a policy statement Wednesday that warns makers of health apps and connected devices that collect health-related information to comply with a decade-old data breach notification rule.The Record
September 16, 2021 – Cryptocurrency
Senator calls on agencies to take action to prevent criminal cryptocurrency use Full Text
Abstract
Sen. Maggie Hassan (D-N.H.) on Thursday raised concerns around the use of cryptocurrency for criminal means, pressing key federal agencies to take action.The Hill
September 16, 2021 – Government
FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug Full Text
Abstract
The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn of state-sponsored attacks that are actively exploiting CVE-2021-40539 Zoho flaw. The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn that nation-state APT groups are actively...Security Affairs
September 16, 2021 – APT
CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug Full Text
Abstract
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.Threatpost
September 16, 2021 – Malware
New malware uses Windows Subsystem for Linux for stealthy attacks Full Text
Abstract
Security researchers have discovered malicious Linux binaries created for the Windows Subsystem for Linux (WSL), indicating that hackers are trying out new methods to compromise Windows machines.BleepingComputer
September 16, 2021 – Botnet
Meris Botnet Creates a New Record for DDoS Attacks Full Text
Abstract
Russian internet service provider Yandex experienced one of the biggest DDoS attacks by a botnet dubbed Meris. It has infected thousands of networking devices so far. The information collected from the multiple attacks revealed that Mēris has a network of more than 30,000 devices. MikroTik has sh ... Read MoreCyware Alerts - Hacker News
September 16, 2021 – Vulnerabilities
Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug Full Text
Abstract
Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting...Security Affairs
September 16, 2021 – General
Airline Credential-Theft Takes Off in Widening Campaign Full Text
Abstract
A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom.Threatpost
September 16, 2021 – General
FBI: $113 million lost to online romance scams this year Full Text
Abstract
The FBI warned today that a massive spike of online romance scams this year caused Americans to lose more than $113 million since the start of 2021.BleepingComputer
September 16, 2021 – General
India reported an 11.8% rise in cybercrime in 2020 Full Text
Abstract
The rate of cyber crime (incidents per lakh population) also increased from 3.3 percent in 2019 to 3.7 percent in 2020 in the country, according to the National Crime Records Bureau (NCRB) data.The Times Of India
September 16, 2021 – Vulnerabilities
New Windows security updates break network printing Full Text
Abstract
Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates.BleepingComputer
September 16, 2021 – Criminals
LockBit 2.0 Gains Free Rein After Recruiting Affiliates Full Text
Abstract
LockBit is showing no signs of slowing down as the gang continues to recruit affiliates under its LockBit 2.0 RaaS model. The group’s website displayed that LockBit is six times more active than its contemporaries. At this moment, organizations should start prioritizing their network security ... Read MoreCyware Alerts - Hacker News
September 16, 2021 – Vulnerabilities
New Windows security updates break network printing Full Text
Abstract
Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates.BleepingComputer
September 16, 2021 – Botnet
Bad Bots Take the Internet by Storm Full Text
Abstract
Researchers found that there has been a constant rise in bad bots that has surpassed record-high bad bot traffic detected last year – 25.6% of all web requests.Cyware Alerts - Hacker News
September 16, 2021 – Criminals
Microsoft: Windows MSHTML bug now exploited by ransomware gangs Full Text
Abstract
Microsoft says multiple threat actors, including ransomware affiliates, are targeting the recently patched Windows MSHTML remote code execution security flaw.BleepingComputer
September 16, 2021 – General
Dangling Domains: Security Threats, Detection and Prevalence Full Text
Abstract
Unit42 researchers found that dangling domains are a real and prevalent threat. Specifically, they detected 317,000 unsafe dangling domains in their passive DNS data set.Palo Alto Networks
September 16, 2021 – Malware
Capoae Malware Ramps Up: Uses Multiple Vulnerabilities and Tactics to Spread Full Text
Abstract
The malware’s primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they’ve been infected, these systems are then used to mine cryptocurrency.Akamai
September 16, 2021 – Criminals
Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations Full Text
Abstract
Microsoft and threat intelligence company RiskIQ reported finding links between the exploitation of a recently patched Windows zero-day vulnerability and known ransomware operators.Security Week
September 16, 2021 – Vulnerabilities
Several Access Bypass, CSRF Vulnerabilities Patched in Drupal Full Text
Abstract
Drupal developers informed users that updates released for Drupal 8.9, 9.1, and 9.2 patch five vulnerabilities that can be exploited for cross-site request forgery (CSRF) and access bypass.Security Week
September 16, 2021 – Ransomware
Free REvil ransomware master decrypter released for past victims Full Text
Abstract
A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free.BleepingComputer
September 16, 2021 – Government
House Committees Seek to Spend Millions on Cybersecurity Full Text
Abstract
A pair of House committees this week said they want to spend additional millions on cybersecurity by injecting funds into both the CISA and FTC, as part of the debate over the federal budget proposal.Bank Info Security
September 16, 2021 – Vulnerabilities
Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects Full Text
Abstract
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the software build process. The problem is said to have lasted during an eight-day window between September 3 and September 10. Felix Lange of Ethereum has been credited with discovering the leakage on September 7, with the company's Péter Szilágyi pointing out that "anyone could exfiltrate these and gain lateral movement into 1000s of [organizations]." Travis CI is a hosted CI/CD (short for continuous integration and continuous deployment) solution used to build and test software projects hosted on source code repository systems like GitHub and Bitbucket. "The desired bThe Hacker News
September 16, 2021 – Ransomware
Bitdefender released free REvil ransomware decryptor that works for past victims Full Text
Abstract
Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation that allows past victims to recover their files for free. Good news for the victims of REvil ransomware gangs that were infected before the operations...Security Affairs
September 16, 2021 – Denial Of Service
DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast Full Text
Abstract
Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,Threatpost
September 16, 2021 – Malware
Novel Malware Samples Trying to Hack Windows from its Linux Subsystem Full Text
Abstract
Security researchers at Lumen’s Black Lotus Labs have found a series of malware samples that were configured to infect the Windows Subsystem for Linux and then pivot to its native Windows environment.The Record
September 16, 2021 – Vulnerabilities
Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released Full Text
Abstract
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed " Seventh Inferno " (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon's Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8), that Google security engineer Gynvael Coldwind reported to the networking, storage, and security solutions provider. The disclosure comes weeks after Netgear released patches to address the vulnerabilities earlier this month, on September 3. Successful exploitation of Demon's Cries and Draconian Fear could grant a malicious party the ability to change the administrator password without actually having to know the previous password or hijack the session bootstrapping information, resulting in a full compromise of the device. Now, in a new post sharing technical speThe Hacker News
September 16, 2021 – General
Cyber Puppeteer Kits: The New Financial Services Security Threat Full Text
Abstract
Cyber puppeteer kits are more personalized, interactive, and successful than traditional phishing kits. This makes them a threat to an organization’s employees, customers, critical assets, and more.ZeroFox
September 16, 2021 – Vulnerabilities
Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks Full Text
Abstract
Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. "These attacks used the vulnerability, tracked as CVE-2021-40444 , as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders," Microsoft Threat Intelligence Center said in a technical write-up. "These loaders communicated with an infrastructure that Microsoft associates with multiple cybercriminal campaigns, including human-operated ransomware." Details about CVE-2021-40444 (CVSS score: 8.8) first emerged on September 7 after researchers from EXPMON alerted the Windows maker about a "highly sophisticated zero-day attack" aimed at Microsoft Office users by taking advantage of a remote code execution vulnerability in MSHTML (aka Trident), a proprietary browser engine for the nowThe Hacker News
September 16, 2021 – Business
Dynatrace acquires SpectX to advance its observability and application security analytics capabilities Full Text
Abstract
Dynatrace completed acquisition of the parsing and query analytics company. This acquisition will accelerate the convergence of observability and security for modern hybrid, multicloud environments.Help Net Security
September 16, 2021 – General
OWASP Reshuffles Its Top 10 List, Adds New Categories Full Text
Abstract
The Open Web Application Security Project reshuffles its list of top threats, putting broken access controls and cryptographic failures at the top and creating three new risk categories.Dark Reading
September 16, 2021 – Business
Strike Graph raises $8M to expand its offerings of cybersecurity compliances Full Text
Abstract
Strike Graph announces that it has secured $8 million in Series A funding, led by Information Venture Partners, investors in the next generation of leaders in B2B FinTech and Enterprise SaaS.Help Net Security
September 16, 2021 – Outage
Customer Care Giant TTEC Witnesses System Outage Following Ransomware Attack Full Text
Abstract
“We’re continuing to address the system outage impacting access to the network, applications and customer support,” reads an internal message sent by TTEC to certain employees.Krebs on Security
September 16, 2021 – Business
Tenable acquires infrastructure-monitoring startup Accurics Full Text
Abstract
Tenable, a cyber risk management company based in Columbia, Maryland, today announced it has acquired infrastructure-as-code (IaC) technology provider Accurics for $160 million in cash.Venture Beat
September 16, 2021 – APT
Chinese APT Campaign Stole Data from Victim Organization Using Off-the-shelf Hacking and System Management Tools Full Text
Abstract
The threat actors were able to gain their initial access to the victim by exploiting a vulnerability in a web access server. They further used privilege escalation exploits to steal credentials.Tech Target
September 15, 2021 – Phishing
Attackers Impersonate DoT in Two-Day Phishing Scam Full Text
Abstract
Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site.Threatpost
September 15, 2021 – Solution
You Can Now Sign-in to Your Microsoft Accounts Without a Password Full Text
Abstract
Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email. The change is expected to be rolled out in the coming weeks. "Except for auto-generated passwords that are nearly impossible to remember, we largely create our own passwords," said Vasu Jakkal, Microsoft's corporate vice president for Security, Compliance, and Identity. "But, given the vulnerability of passwords, requirements for them have gotten increasingly complex in recent years, including multiple symbols, numbers, case sensitivity, and disallowing previous passwords." "Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives," Jakkal added. Over the years, weak passwords have emerged as the entry point for a vast majority of attacks across enterprise and consThe Hacker News
September 15, 2021 – Policy and Law
Former U.S. intel operatives to pay $1.6M for hacking for foreign govt Full Text
Abstract
The U.S. government has entered a Deferred Prosecution Agreement (DPA) with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government.BleepingComputer
September 15, 2021 – Solution
Microsoft to let users completely remove account passwords and go passwordless Full Text
Abstract
In the coming weeks, Microsoft said that users would be able to remove the password from their consumer account and choose an alternative authentication option instead to boost security.The Record
September 15, 2021 – Government
FTC warns health apps to notify consumers impacted by data breaches Full Text
Abstract
The Federal Trade Commission (FTC) voted 3-2 Wednesday that a decade-old rule on health data breaches applies to apps that handle sensitive health information, warning these companies to comply.The Hill
September 15, 2021 – Vulnerabilities
Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs Full Text
Abstract
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure that's automatically deployed in many Azure services - CVE-2021-38647 (CVSS score: 9.8) - Open Management Infrastructure Remote Code Execution Vulnerability CVE-2021-38648 (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability CVE-2021-38645 (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability CVE-2021-38649 (CVSS score: 7.0) - Open Management Infrastructure Elevation of Privilege Vulnerability Open Management Infrastructure ( OMI ) is an open-source analogous equivalent of Windows Management Infrastructure (WMIThe Hacker News
September 15, 2021 – Attack
Anonymous hacked the controversial, far-right web host Epik Full Text
Abstract
Anonymous claims to have hacked the controversial web hosting provider Epik, known for allowing far-right, neo-Nazi, and other extremist content. Anonymous hacktivist collective claims has claimed to have hacked the controversial web hosting provided...Security Affairs
September 15, 2021 – Vulnerabilities
No Patch for High-Severity Bug in Legacy IBM System X Servers Full Text
Abstract
Two of IBM’s aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw.Threatpost
September 15, 2021 – Vulnerabilities
Microsoft fixes critical bugs in secretly installed Azure Linux app Full Text
Abstract
Microsoft has addressed four critical vulnerabilities collectively known as OMIGOD, found in the Open Management Infrastructure (OMI) software agent silently installed on Azure Linux machines accounting for more than half of Azure instances.BleepingComputer
September 15, 2021 – Vulnerabilities
Remote code execution flaw allowed hijack of Motorola Halo+ baby monitors Full Text
Abstract
On Tuesday, cybersecurity researcher Randy Westergren discovered a pre-authentication RCE security flaw and the means to obtain a full root shell of the Motorola Halo+, a popular baby monitor.The Daily Swig
September 15, 2021 – Criminals
3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company Full Text
Abstract
The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. The trio in question — Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40 — are accused of "knowingly and willfully combine, conspire, confederate, and agree with each other to commit offenses, "furnishing defense services to persons and entities in the country over a three year period beginning around December 2015 and continuing through November 2019, including developing invasive spyware capable of breaking into mobile devices without any action by the targets. "The defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., 'hacking') for the benefit of the U.A.E. government," the DoJ saidThe Hacker News
September 15, 2021 – Vulnerabilities
OMIGOD vulnerabilities expose thousands of Azure users to hack Full Text
Abstract
OMIGOD - Microsoft addressed four vulnerabilities in the Open Management Infrastructure (OMI) software agent that could expose Azure users to attacks. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities,...Security Affairs
September 15, 2021 – Breach
Ransomware encrypts South Africa’s entire Dept of Justice network Full Text
Abstract
The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public.BleepingComputer
September 15, 2021 – Government
‘No indication’ Russia has cracked down on ransomware gangs, top FBI official says Full Text
Abstract
A top-ranking FBI official on Tuesday said the federal agency has seen no evidence that the Russian government has moved against notorious ransomware gangs operating on its soil.The Record
September 15, 2021 – General
Download the Essential Guide to Response Automation Full Text
Abstract
In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, " You keep using that word. I do not think it means what you think it means ." It's freely used as a response to someone's misuse or misunderstanding of a word or phrase. "Response Automation" is another one of those phrases that have different meanings to different people. It's bantered around by the security vendor community so much that its precise meaning, when used, is unclear. Many vendors throw the term out without explaining exactly what they mean by the phrase. One vendor's response automation might, and often do, perform very differently from another vendor's response automation capabilities. But, hey, they have "response automation!" A recently published guide is meant to make sense of Response Automation ( Download here ). It discusses the evolution of response automation and distinguishes five increasingly capablThe Hacker News
September 15, 2021 – Business
Microsoft announces passwordless authentication for consumer accounts Full Text
Abstract
Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft will allow its users to log into their consumer accounts without using passwords, they will be able...Security Affairs
September 15, 2021 – Botnet
MikroTik shares info on securing routers hit by massive Mēris botnet Full Text
Abstract
Latvian network equipment manufacturer MikroTik has shared details on how customers can secure and clean routers compromised by the massive Mēris DDoS botnet over the summer.BleepingComputer
September 15, 2021 – General
Ransomware Threats Loom over Food Supply Chain Management Full Text
Abstract
Ransomware actors are trying to exploit the adoption of new digital and complex technologies in the global food supply chain. A new alert issued by the FBI highlights that organizations in the food and agriculture sector have come under the active radar of ransomware gangs. Such risks can only be r ... Read MoreCyware Alerts - Hacker News
September 15, 2021 – Insider Threat
Three formers NSA employees fined for providing hacker-for-hire services to UAE firm Full Text
Abstract
Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the payment of a penalty. Three former NSA employees (Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke,...Security Affairs
September 15, 2021 – Criminals
Ransomware gang threatens to wipe decryption key if negotiator hired Full Text
Abstract
The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files.BleepingComputer
September 15, 2021 – Government
DOJ: Former NSA Operatives Worked as Cyber-Mercenaries Full Text
Abstract
Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40, are all charged with having broken federal laws related to computer fraud and export regulations, the Department of Justice announced Tuesday.Gizmodo
September 15, 2021 – Solution
Kali Linux 2021.3 released with new pentest tools, improvements Full Text
Abstract
Kali Linux 2021.3 was released yesterday by Offensive Security and includes a new set of tools, improved virtualization support, and a new OpenSSL configuration that increases the attack surface.BleepingComputer
September 15, 2021 – Phishing
Travel Themed Phishing URLs Set to Prey on Eager Travelers Full Text
Abstract
Although the pandemic is not over, as the world opens up borders and the vaccines slow down the spread of the virus, people who have been cooped up at home are eager to travel.Palo Alto Networks
September 15, 2021 – General
Microsoft rolls out passwordless login for all Microsoft accounts Full Text
Abstract
Microsoft is rolling out passwordless login support over the coming weeks, allowing customers to sign in to Microsoft accounts without using a password.BleepingComputer
September 15, 2021 – Solution
Security bods boost Apple iPhone hardware attack research with iTimed toolkit Full Text
Abstract
Researchers at NC State created a toolkit dubbed iTimed, which builds atop an open-source reimplementation of the "unpatchable" checkm8 boot ROM vulnerability first disclosed back in September 2019.The Register
September 15, 2021 – Business
Infrastructure access platform StrongDM raises $54M Full Text
Abstract
StrongDM today announced that it raised $54 million in Series B round led by Tiger Global, with participation from GV, Sequoia Capital, True Ventures, HearstLab, Bloomberg Beta, and Godfrey Sullivan.Venture Beat
September 15, 2021 – Breach
CI/CD Platform Provider Travis CI Confirms Security Breach Impacting Public Repository Full Text
Abstract
It said that it has resolved the underlying problem with a series of security patches, adding that users should consider making changes to their passcodes and authentication tokens as a precaution.The Daily Swig
September 15, 2021 – Government
US CISA appointed Kiersten Todt as new chief of staff Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has appointed Kiersten Todt as its new chief of staff. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced to have appointed Kiersten Todt as its new chief of staff,...Security Affairs
September 15, 2021 – Vulnerabilities
Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day Full Text
Abstract
Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day flaw actively exploited in targeted attacks. Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day RCE actively...Security Affairs
September 14, 2021 – Vulnerabilities
Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability Full Text
Abstract
A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week. Of the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the 20 vulnerabilities in the Chromium-based Microsoft Edge browser that the company addressed since the start of the month. The most important of the updates concerns a patch for CVE-2021-40444 (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting "the exploit uses logical flaws so the exploitation is perfectly reliable." Also addressed is a publicly discloseThe Hacker News
September 14, 2021 – General
2021’s Most Dangerous Software Weaknesses Full Text
Abstract
Saryu Nayyar, CEO at Gurucul, peeks into Mitre’s list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers.Threatpost
September 14, 2021 – Vulnerabilities
Microsoft fixes remaining Windows PrintNightmare vulnerabilities Full Text
Abstract
Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly.BleepingComputer
September 14, 2021 – Botnet
MikroTik Confirms Mēris Botnet Targets Routers Compromised Years Ago Full Text
Abstract
According to MikroTik, the bots are in fact routers that were previously compromised in 2018, and which haven’t been properly secured, even if the patches released at the time were installed in a timely manner.Security Week
September 14, 2021 – Policy and Law
Former U.S. operatives agree to $1.68M settlement over mercenary hacking charges Full Text
Abstract
Three former U.S. intelligence and military personnel agreed to pay more than $1.68 million to settle federal charges over their alleged work as mercenary hackers for the United Arab Emirates (UAE).The Hill
September 14, 2021 – Malware
New Stealthier ZLoader Variant Spreading Via Fake TeamViewer Download Ads Full Text
Abstract
Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems while simultaneously embracing a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions. "The malware is downloaded from a Google advertisement published through Google Adwords," researchers from SentinelOne said in a report published on Monday. "In this campaign, the attackers use an indirect way to compromise victims instead of using the classic approach of compromising the victims directly, such as by phishing." First discovered in 2016, ZLoader (aka Silent Night and ZBot) is a fully-featured banking trojan and a fork of another banking malware called ZeuS, with newer versions implementing a VNC module that grants adversaries remote access to victim systems. The malware is in active development, with criminal actors spawning anThe Hacker News
September 14, 2021 – Botnet
Mēris Bot infects MikroTik routers compromised in 2018 Full Text
Abstract
Latvian vendor MikroTik revealed that recently discovered Mēris botnet is targeting devices that were compromised three years ago. Last week, the Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet,...Security Affairs
September 14, 2021 – Vulnerabilities
Adobe Snuffs Critical Bugs in Acrobat, Experience Manager Full Text
Abstract
Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.Threatpost
September 14, 2021 – Vulnerabilities
Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug Full Text
Abstract
Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers.BleepingComputer
September 14, 2021 – Encryption
Quantum cryptography: This air-filled fiber optic cable can transport un-hackable keys, say researchers Full Text
Abstract
A new type of optical fiber filled with nothing but thin air has been found to be particularly effective to carry out quantum key distribution (QKD), a security protocol that is in principle un-hackable.ZDNet
September 14, 2021 – Breach
Massachusetts attorney general announces investigation into T-Mobile data breach Full Text
Abstract
Massachusetts Attorney General Maura Healey (D) on Tuesday announced that her office is undertaking an investigation into the recent data breach of T-Mobile that impacted more than 50 million individuals.The Hill
September 14, 2021 – Vulnerabilities
HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks. Tracked as CVE-2021-3437 (CVSS score: 7.8), the vulnerabilities could allow threat actors to escalate privileges to kernel mode without requiring administrator permissions, allowing them to disable security products, overwrite system components, and even corrupt the operating system. Cybersecurity firm SentinelOne, which discovered and reported the shortcoming to HP on February 17, said it found no evidence of in-the-wild exploitation. The computer hardware company has since released a security update to its customers to address these vulnerabilities. The issues themselves are rooted in a component called OMEN Command Center that comes pre-installed on HP OMEN-branded laptops and desktops and can also be downloaded from the Microsoft Store. The software, in addition to monThe Hacker News
September 14, 2021 – Vulnerabilities
Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw Full Text
Abstract
A high severity vulnerability, tracked as CVE-2021-3437, in HP OMEN laptop and desktop gaming computers exposes millions of systems to DoS and privilege escalation attacks. Millions of HP OMEN laptop and desktop gaming computers are exposed to multiple...Security Affairs
September 14, 2021 – Malware
ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender Full Text
Abstract
The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in.Threatpost
September 14, 2021 – Vulnerabilities
Microsoft September 2021 Patch Tuesday fixes 2 zero-days, 60 flaws Full Text
Abstract
Today is Microsoft's September 2021 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 61 flaws.BleepingComputer
September 14, 2021 – Phishing
SSID Stripping: New Method for Tricking Users Into Connecting to Rogue APs Full Text
Abstract
A team of researchers has identified what appears to be a new method that malicious actors could use to trick users into connecting to their wireless access points (APs).Security Week
September 14, 2021 – General
General promises ‘surge’ to fight ransomware attacks Full Text
Abstract
Gen. Paul Nakasone, the head of U.S. Cyber Command and director of the National Security Agency (NSA), is working to “surge” efforts to respond to the mounting ransomware attacks on critical U.S. organizations.The Hill
September 14, 2021 – General
Zero Trust Requires Cloud Data Security with Integrated Continuous Endpoint Risk Assessment Full Text
Abstract
Every once in a while, an industry term will get overused by marketing to the point of becoming a cliche. "Zero Trust" may have reached this threshold. In some ways, we understand why this is happening. Security perimeters have become obsolete as people use mobile devices and cloud applications to work from anywhere. Zero Trust deployment — moving all your apps and data to the cloud and assuming no user or device is trustworthy until proven otherwise in order to gain access — has been rapidly introduced as a result of the pandemic. However, most attempts at achieving Zero Trust access today are a patchwork of disparate products from different vendors connected to virtual private networks (VPN), with rudimentary on-off access controls based on limited visibility. Cloud security company, Lookout , believes a modern approach to Zero Trust needs to take into account the fact that data has moved to the cloud and users are working from anywhere, on any device, and connecting oThe Hacker News
September 14, 2021 – Vulnerabilities
Google addresses a new Chrome zero-day flaw actively exploited in the wild Full Text
Abstract
Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including...Security Affairs
September 14, 2021 – Vulnerabilities
Unpatched Bugs Plague Databases; Your Data Is Probably Not Secure – Podcast Full Text
Abstract
Imperva’s Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.Threatpost
September 14, 2021 – Attack
New Zloader attacks disable Windows Defender to evade detection Full Text
Abstract
An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus (formerly Windows Defender) on victims' computers to evade detection.BleepingComputer
September 14, 2021 – General
The state of ransomware: national emergencies and million-dollar blackmail Full Text
Abstract
Ransomware has become one of the most well-known and prevalent threats against the enterprise today. This year alone, we have seen high-profile cases of ransomware infection cause everything from business disruption to fuel shortages.ZDNet
September 14, 2021 – Government
Top FBI official says there is ‘no indication’ Russia has taken action against hackers Full Text
Abstract
FBI Deputy Director Paul Abbate said Tuesday there has been “no indication” that the Russian government has taken steps to stop the activities of cyber criminals engaging in ransomware attacks against U.S. organizations, despite outreach efforts by the Biden administration.The Hill
September 14, 2021 – Malware
Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks Full Text
Abstract
Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the wild. Threat actors re-implemented from scratch unofficial Linux and Windows versions of the Cobalt...Security Affairs
September 14, 2021 – Policy and Law
Romance, BEC Scams Lands Soldier in Jail for 46 Months Full Text
Abstract
A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans.Threatpost
September 14, 2021 – Vulnerabilities
Millions of HP OMEN gaming PCs impacted by driver vulnerability Full Text
Abstract
Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions.BleepingComputer
September 14, 2021 – Vulnerabilities
Close to half of on-prem databases contain vulnerabilities, with many critical flaws Full Text
Abstract
Imperva released the results of the study on Tuesday, which analyzed roughly 27,000 databases and their security posture. In total, 46% of on-premises databases worldwide, accounted for in the scan, contained known vulnerabilities.ZDNet
September 14, 2021 – Vulnerabilities
Popular NPM package Pac-Resolver affected by a critical flaw Full Text
Abstract
Experts found a critical flaw, tracked as CVE-2021-23406, in the popular NPM package 'Pac-Resolver' that has millions of downloads every week. The development team behind a popular NPM package called 'Pac-Resolver' for the JavaScript programming...Security Affairs
September 14, 2021 – Attack
BlackMatter Ransomware Hits Japanese Tech Giant Olympus Full Text
Abstract
The incident that occurred Sept. 8 and affected its EMEA IT systems seems to signal a return to business as usual for ransomware groups.Threatpost
September 14, 2021 – Attack
Researchers Unearth Logic Bomb Attack in Python Package Index (PyPI) Full Text
Abstract
The researchers found six malicious payloads, all uploaded by a single user. The attacker designed them to run during a package’s installation. People have collectively downloaded these payloads around 5,000 times.Security Intelligence
September 14, 2021 – Breach
Over 60 Million Wearable, Fitness Tracking Records Exposed via Unsecured Database Full Text
Abstract
The researchers said that over 61 million records were contained in the data repository, including vast swathes of user information -- such as their names, dates of birth, weight, height, gender, and GPS logs, among other datasets.ZDNet
September 13, 2021 – Vulnerabilities
Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware Full Text
Abstract
Apple has released iOS 14.8, iPadOS 14.8 , watchOS 7.6.2 , macOS Big Sur 11.6 , and Safari 14.1.2 to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system. The list of two flaws is as follows - CVE-2021-30858 (WebKit) - A use after free issue that could result in arbitrary code execution when processing maliciously crafted web content. The flaw has been addressed with improved memory management. CVE-2021-30860 (CoreGraphics) - An integer overflow vulnerability that could lead to arbitrary code execution when processing a maliciously crafted PDF document. The bug has been remediated with improved input validation. "Apple is aware of a report that this issue may have been actively exploited," the iPhone maker noted in its advisory. The updates arrive weeks after researchers from the University of Toronto's Citizen Lab revealed details of a zero-day exploit called " FORCEDENTRY "The Hacker News
September 13, 2021 – Vulnerabilities
Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack Full Text
Abstract
Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633 , the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant crediting anonymous researchers for reporting the bugs on September 8. As is typically the case, the company said it's "aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild" without sharing additional specifics about how, when, and where the vulnerabilities were exploited, or the threat actors that may be abusing them. With these two security shortcomings, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of the year — CVE-2021-21148 - Heap buffer overflow in V8 CVE-2021-21166 - Object recycle issue in audio CVE-2021-21193 -The Hacker News
September 13, 2021 – Vulnerabilities
Google patches 10th Chrome zero-day exploited in the wild this year Full Text
Abstract
Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild.BleepingComputer
September 13, 2021 – Covid-19
Android malware distributed in Mexico uses Covid-19 to steal financial credentials Full Text
Abstract
McAfee Mobile Malware Research Team has identified malware targeting Mexico. It poses as a security banking tool or as a bank application designed to report an out-of-service ATM.McAfee
September 13, 2021 – Vulnerabilities
Apple issues emergency updates over vulnerability enabling spyware Full Text
Abstract
Apple on Monday released a series of emergency security updates following the discovery of a vulnerability that allowed Israeli company NSO Group to infect Apple products with spyware.The Hill
September 13, 2021 – Malware
Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide Full Text
Abstract
Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that's actively set its sights on government, telecommunications, information technology, and financial institutions in the wild. The as-yet undetected version of the penetration testing tool — codenamed "Vermilion Strike" — marks one of the rare Linux ports , which has been traditionally a Windows-based red team tool heavily repurposed by adversaries to mount an array of targeted attacks. Cobalt Strike bills itself as a " threat emulation software ," with Beacon being the payload engineered to model an advanced actor and duplicate their post-exploitation actions. "The stealthy sample uses Cobalt Strike's command-and-control (C2) protocol when communicating to the C2 server and has remote access capabilities such as uploading files, running shell commands and writing to files," Intezer researchers said in a report publisheThe Hacker News
September 13, 2021 – Vulnerabilities
Apple fixes actively exploited FORCEDENTRY zero-day flaws Full Text
Abstract
Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in the wild. Apple rolled out security patches to fix a couple of zero-day flaws in iOS and macOS (CVE-2021-30860, CVE-2021-30858),...Security Affairs
September 13, 2021 – Vulnerabilities
WhatsApp’s End-to-End Encryption Isn’t Actually Broken Full Text
Abstract
WhatsApp’s moderators sent messages flagged by intended recipients. Researchers say this isn’t concerning — yet.Threatpost
September 13, 2021 – Vulnerabilities
Apple fixes iOS zero-day used to deploy NSO iPhone spyware Full Text
Abstract
Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. One is known to be used to install the Pegasus spyware on iPhones.BleepingComputer
September 13, 2021 – APT
APT-C-36 Updates Its Long-term Spam Campaign Against South American Entities With Commodity RATs Full Text
Abstract
APT-C-36 has been known to send phishing emails to various entities in South America using publicly available remote access tools (RATs). Over time, the threat actor switches from one RAT to another.Trend Micro
September 13, 2021 – Vulnerabilities
Critical Bug Reported in NPM Package With Millions of Downloads Weekly Full Text
Abstract
A widely used NPM package called ' Pac-Resolver ' for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent. The flaw, tracked as CVE-2021-23406 , has a severity rating of 8.1 on the CVSS vulnerability scoring system and affects Pac-Resolver versions before 5.0.0. A Proxy Auto-Configuration ( PAC ) file is a JavaScript function that determines whether web browser requests should be routed directly to the destination or forwarded to a web proxy server for a given hostname. PAC files are how proxy rules are distributed in enterprise environments. "This package is used for PAC file support in Pac-Proxy-Agent , which is used in turn in Proxy-Agent , which then used all over the place as the standard go-to package for HTTP proxy auto-detection and configuration in Node.js," Tim Perry said in aThe Hacker News
September 13, 2021 – Solution
Facebook announces WhatsApp end-to-end encrypted (E2EE) backups Full Text
Abstract
Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history...Security Affairs
September 13, 2021 – Government
FTC warns of extortionists targeting LGBTQ+ community on dating apps Full Text
Abstract
The US Federal Trade Commission (FTC) warns of extortion scammers targeting the LGBTQ+ community via online dating apps such as Grindr and Feeld.BleepingComputer
September 13, 2021 – Covid-19
Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase Full Text
Abstract
Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant.ZDNet
September 13, 2021 – Attack
New Spook.Js attack allows to bypass Google Chrome Site Isolation protections Full Text
Abstract
Spook.js is a new side-channel attack on modern processors that can allow bypassing Site Isolation protections implemented in Google Chrome. Boffins devised a transient side-channel attack on modern processors, "Spook.js," that can be abused by threat...Security Affairs
September 13, 2021 – Attack
Hacker-made Linux Cobalt Strike beacon used in ongoing attacks Full Text
Abstract
An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide.BleepingComputer
September 13, 2021 – Business
JumpCloud Raises $159M To Aid User And Device Management Full Text
Abstract
JumpCloud, an identity management provider, has closed its Series F round and notched a $2.56 billion valuation to add additional capabilities to its directory platform and drive channel sales.CRN
September 13, 2021 – Government
Singapore moots ‘foreign interference’ law with powers to issue online platforms take-down order Full Text
Abstract
Singapore has mooted new laws that will arm the government with the ability to issue directives to various platforms, including social media and websites, to remove or block access to content deemed part of hostile information campaigns.ZDNet
September 13, 2021 – Breach
What’s Behind the Leaks of Customer Data From Retailer Databases? Full Text
Abstract
Retail data breaches involving customer data happen often today. However, they tend to be smaller in size than health care, finance, or government breaches. So, the general public notices them less. Yet, they happen more often than realized.Security Intelligence
September 13, 2021 – IOT
IoT Attacks Ramps up at 2X Speed Full Text
Abstract
According to Kaspersky, the first half of 2021 witnessed 1.5 billion IoT attacks, double the number from the previous year, with a variety of intentions, including mining cryptocurrency and stealing data. Attackers are largely using weak passwords to infect IoT targets. IoT users are recommended to ... Read MoreCyware Alerts - Hacker News
September 13, 2021 – Hacker
Hackers Target Golden SAML Tokens for Network Access Full Text
Abstract
An APT group spotted targeting the Active Directory server of a victim’s Office365 environment by gaining access to the secret SAML tokens, which generally pass information about users, logins, and attributes between the identity and service providers. Experts suggest implementing additional ... Read MoreCyware Alerts - Hacker News
September 13, 2021 – Ransomware
Sodinokibi Ransomware through the Lens of IR and Collaborative Threat Intelligence Full Text
Abstract
Security analysts have used Incident Response (IR) and shared intelligence together for analyzing Sodinokibi ransomware’s behavior and offered a similar collaborative approach to counter threats. IBM researchers have assorted Sodinokibi TTPs from many of its attacks and laid bare its activities in ... Read MoreCyware Alerts - Hacker News
September 13, 2021 – Attack
BlackMatter ransomware hits medical technology giant Olympus Full Text
Abstract
Olympus, a leading medical technology company, is investigating a "potential cybersecurity incident" that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week.BleepingComputer
September 13, 2021 – Business
WhatsApp details plans to offer encrypted backups Full Text
Abstract
WhatsApp announced on Friday it will be offering its users end-to-end encrypted backups later this year. Users will have a choice for how the encryption key used is stored.ZDNet
September 13, 2021 – Attack
New SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection Full Text
Abstract
A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed " Spook.js " by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, the technique is a JavaScript-based line of attack that specifically aims to get around barriers Google put in place after Spectre and Meltdown vulnerabilities came to light in January 2018, thereby potentially preventing leakage by ensuring that content from different domains is not shared in the same address space. "An attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials (e.g., username and password) when they are auThe Hacker News
September 13, 2021 – Criminals
BlackMatter ransomware gang hit Technology giant Olympus Full Text
Abstract
Technology giant Olympus announced it was the victim of a ransomware attack and is currently investigating the extent of the incident. Olympus issued a statement to announce that its European, Middle East and Africa computer network was hit by a ransomware...Security Affairs
September 13, 2021 – Attack
Department of Justice and Constitutional Development of South Africa hit by a ransomware attack Full Text
Abstract
A ransomware attack hit the Department of Justice and Constitutional Development of South Africa. Multiple services including email and bail services were impacted by the ransomware attack.Security Affairs
September 13, 2021 – Malware
The new maxtrilha trojan is being disseminated and targeting several banks Full Text
Abstract
A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The new maxtrilha trojan is being disseminated and targeting several...Security Affairs
September 13, 2021 – Hacker
Hackers Steal Puma Source Code for an Internal Application Full Text
Abstract
Hackers have stolen information from sportswear maker Puma and are currently trying to extort the company into paying a ransom demand, threatening to release the stolen files on a dark web portal.The Record
September 13, 2021 – Attack
Department of Justice and Constitutional Development of South Africa hit by a ransomware attack Full Text
Abstract
The Department of Justice and Constitutional Development of South Africa was hit by a ransomware attack that crippled bail services. A ransomware attack hit the Department of Justice and Constitutional Development of South Africa, multiple services,...Security Affairs
September 13, 2021 – Cryptocurrency
County I.T. Supervisor Mined Bitcoin at the Office, Prosecutors Say Full Text
Abstract
A Long Island man was charged on Wednesday with using his position as an I.T. supervisor for Suffolk County to mine cryptocurrency from government offices, costing the county thousands of dollars in electricity.New York Times
September 13, 2021 – Hacker
North Korea’s Kumsong 121 recently employed social media to launch a cyber attack Full Text
Abstract
The North Korean hacker group Kumsong 121 recently launched a cyber attack using social media. Computer and mobile phone users should be wary as North Korean hacking attacks grow more sophisticated.dailynk
September 13, 2021 – General
Network security market growth driven by remote work popularity and security needs Full Text
Abstract
Frost & Sullivan’s recent analysis of the Asia-Pacific (APAC) network security (NWS) market finds that the increasing acceptance of remote work and adoption of cloud, the remote workplace, collaboration, and security are driving growth.Help Net Security
September 13, 2021 – Attack
LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment Full Text
Abstract
After a brief slowdown in activity from the LockBit ransomware gang following increased attention from law enforcement, LockBit is back with a new affiliate program, improved payloads and a change in infrastructure.Security Intelligence
September 12, 2021 – Vulnerabilities
Windows MSHTML zero-day exploits shared on hacking forums Full Text
Abstract
Threat actors are sharing working Windows CVE-2021-40444 MSHTML zero-day exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks.BleepingComputer
September 12, 2021 – Business
Google implements new Private Compute Services for Android Full Text
Abstract
Google introduces Private Compute Services, a collection of services aimed at designing to improve privacy in the Android operating system. Good news for Android users, Google has implemented the Private Compute Services, a set of features aimed at improving...Security Affairs
September 12, 2021 – Criminals
Revil ransomware operators are targeting new victims Full Text
Abstract
Recently we observed that part of the REvil ransomware infrastructure was up and running again, now we can confirm that they hit new victims. On September 7, the servers of the REvil ransomware gang were back online after around two months since...Security Affairs
September 12, 2021 – General
Security Affairs newsletter Round 331 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Cisco...Security Affairs
September 11, 2021 – Attack
REvil ransomware is back in full attack mode and leaking data Full Text
Abstract
The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site.BleepingComputer
September 11, 2021 – Vulnerabilities
Cisco released security patches for High-Severity flaws in IOS XR software Full Text
Abstract
Cisco fixed multiple high-severity flaws in the IOS XR software that can allow attackers to trigger a DoS condition, elevate privileges, overwrite/read arbitrary files. Cisco released security updates to address multiple high-severity vulnerabilities...Security Affairs
September 11, 2021 – Breach
Fujitsu Confirms Stolen Data Marketed By Cybercriminals in Marketo is Not Theirs Full Text
Abstract
Fujitsu released an official statement regarding the data being marketed by cybercriminals online. The company said that it is not related to a cyberattack on its systems.Tech Times
September 11, 2021 – Botnet
Mēris Botnet Hit Russia’s Yandex With Massive 22 Million RPS DDoS Attack Full Text
Abstract
Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service (DDoS) attack by a new botnet called Mēris. The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second (RPS), dwarfing a recent botnet-powered attack that came to light last month, bombarding an unnamed Cloudflare customer in the financial industry with 17.2 million RPS. Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called Mēris — meaning "Plague" in the Latvian language — a "botnet of a new kind." "It is also clear that this particular botnet is still growing. There is a suggestion that the botnet could grow in force through password brute-forcing, although we tend to neglect that as a slight possibility. That looks like some vulnerability that was either kept secret before the massive campaign&#The Hacker News
September 11, 2021 – Malware
New SOVA Android Banking trojan is rapidly growing Full Text
Abstract
SOVA is a new Android banking trojan that targets banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain. Researchers from cybersecurity firm ThreatFabric have spotted in the beginning of August a new Android banking...Security Affairs
September 11, 2021 – Malware
New Dridex Variant Being Spread By Crafted Excel Document Full Text
Abstract
Dridex is a Trojan malware, also known as Bugat or Cridex, which is capable of stealing sensitive information from infected machines and delivering and executing malicious modules (dll).Fortinet
September 11, 2021 – Solution
WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud Full Text
Abstract
WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. The feature, which will go live to all of its two billion users in the coming weeks, is expected to only work on the primary devices tied to their accounts, and not companion devices such as desktops or laptops that simply mirror the content of WhatsApp on the phones. While the Facebook-owned messaging platform flipped the switch on end-to-end encryption (E2EE) for personal messages, calls, video chats, and media between senders and recipients as far back as April 2016 , the content — should a user opt to back up on the cloud to enable the transfer of chat history to a new device — wasn't subjected to the same security protections until now. "With the introduction of end-to-end encrypted backups, WhaThe Hacker News
September 11, 2021 – Vulnerabilities
New York State fixes vulnerability in COVID-19 passport app that allowed storage of fake vaccine credentials Full Text
Abstract
The bug allowed someone to create and store fake vaccine credentials in their NYS Excelsior Pass Wallet that might allow them to gain access to physical spaces where they would not be allowed without a legitimate vaccine credential.ZDNet
September 11, 2021 – Vulnerabilities
GitHub Patches Security Flaws in Core Node.js Dependencies Full Text
Abstract
Four of the identified security holes impact the npm CLI when a malicious or untrusted npm package is installed and could lead to code execution even when using the --ignore-scripts argument.Security Week
September 11, 2021 – Breach
Healthcare orgs in California, Arizona send out breach letters for nearly 150 000 after SSNs accessed during ransomware attacks Full Text
Abstract
Two healthcare organizations have begun sending out breach notification letters to thousands of people in California and Arizona after both revealed that sensitive information were accessed during recent cyberattacks.ZDNet
September 11, 2021 – Vulnerabilities
Cisco Patches High-Severity Security Flaws in IOS XR Full Text
Abstract
Cisco this week released patches for multiple high-severity vulnerabilities in the IOS XR software and warned that attackers could exploit these bugs to reboot devices, elevate privileges, or overwrite and read arbitrary files.Security Week
September 10, 2021 – Ransomware
The Week in Ransomware - September 10th 2021 - REvil returns Full Text
Abstract
This week marked the return of the notorious REvil ransomware group, who disappeared in July after conducting a massive attack using a Kaseya zero-day vulnerability.BleepingComputer
September 10, 2021 – General
5 Steps For Securing Your Remote Work Space Full Text
Abstract
With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home.Here are five recommendations for securing your home office.Threatpost
September 10, 2021 – Breach
MyRepublic discloses data breach exposing government ID cards Full Text
Abstract
MyRepublic Singapore has disclosed a data breach exposing the personal information of approximately 80,000 mobile subscribers.BleepingComputer
September 10, 2021 – Vulnerabilities
Microsoft fixes Azurescape flaw in Azure Container Instances Full Text
Abstract
Microsoft has fixed the Azurescape issue, a flaw in Azure Container Instances that allows to take over containers of other platform users. Microsoft has addressed a vulnerability in Azure Container Instances (ACI) called Azurescape that could have...Security Affairs
September 10, 2021 – APT
Grayfly APT uses recently discovered Sidewalk backdoor Full Text
Abstract
Security researchers from Broadcom's Symantec linked a previously undocumented backdoor to the Chinese Grayfly operation. Experts from Broadcom's Symantec linked a previously undocumented backdoor to the Chinese Grayfly operation. In late August,...Security Affairs
September 10, 2021 – Criminals
PYSA Ransomware Gang adds Linux Support Full Text
Abstract
In August of 2021, Lacework Labs identified a Linux variant of ChaChi, a customized variant of an open-source Golang based RAT that leverages DNS tunneling for C2 communication.Lacework
September 10, 2021 – Business
Moving Forward After CentOS 8 EOL Full Text
Abstract
The Linux community was caught unprepared when, in December 2020, as part of a change in the way Red Hat supports and develops CentOS, Red Hat suddenly announced that it's cutting the official CentOS 8 support window from ten years – to just two, with support ending Dec 31, 2021. It created a peculiar situation where CentOS 7 users that did the right thing and upgraded quickly to CentOS 8 were left using an OS with just a year's official support remaining – while users of CentOS 7 still get full support until June 30, 2024. Worse, the fact that stable releases of CentOS were discontinued in exchange for the rolling-release CentOS Stream means that to secure their workloads most CentOS 8 users have to opt for an entirely different Linux distribution, with just a year to choose, evaluate and implement an alternative. Red Hat's unexpected decision underlined to what degree software users depend on official support windows for their software security. Countless organizationThe Hacker News
September 10, 2021 – Attack
Experts confirmed that the networks of the United Nations were hacked earlier this year Full Text
Abstract
The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg. The United Nations on Thursday confirmed that its computer networks were hit by a cyberattack earlier this...Security Affairs
September 10, 2021 – Breach
Stolen Credentials Led to Data Theft at United Nations Full Text
Abstract
Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks.Threatpost
September 10, 2021 – Solution
Google debuts new Private Compute features in ramp up of Android security Full Text
Abstract
Currently in Android 12 Beta, Private Compute Core is an open source platform that aims to isolate itself from other apps and the main operating system on an Android device to improve privacy and security.ZDNet
September 10, 2021 – Malware
SOVA: New Android Banking Trojan Emerges With Growing Capabilities Full Text
Abstract
A mix of banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain are the target of a newly discovered Android trojan that could enable attackers to siphon personally identifiable information from infected devices, including banking credentials and open the door for on-device fraud. Dubbed S.O.V.A. (referring to the Russian word for owl), the current version of the banking malware comes with myriad features to steal credentials and session cookies through web overlay attacks, log keystrokes, hide notifications, and manipulate the clipboard to insert modified cryptocurrency wallet addresses, with future plans to incorporate on-device fraud through VNC , carry out DDoS attacks, deploy ransomware, and even intercept two-factor authentication codes. The malware was discovered in the beginning of August 2021 by researchers from Amsterdam-based cybersecurity firm ThreatFabric. Overlay attacks typically involve the theft of confidential user information usThe Hacker News
September 10, 2021 – Policy and Law
International money launderer sentenced to more than 11 years Full Text
Abstract
A Canadian man, who helped North Korean threat actors to launder stolen funds, plead guilty to laundering tens of millions of dollars stolen in bank fraud schemes. A Canadian man who conspired to launder tens of millions of dollars stolen bank fraud...Security Affairs
September 10, 2021 – Vulnerabilities
Spook.js – New side-channel attack can bypass Google Chrome’s protections against Spectre-style exploits Full Text
Abstract
A newly discovered side-channel attack targeting Google Chrome can allow an attacker to overcome the web browser’s security defenses to retrieve sensitive information using a Spectre-style attack.The Daily Swig
September 10, 2021 – Malware
Experts Link Sidewalk Malware Attacks to Grayfly Chinese Hacker Group Full Text
Abstract
A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly. In late August, Slovakian cybersecurity firm ESET disclosed details of an implant called SideWalk, which is designed to load arbitrary plugins sent from an attacker-controlled server, gather information about running processes in the compromised systems, and transmit the results back to the remote server. The cybersecurity firm attributed the intrusion to a group it tracks as SparklingGoblin, an adversary believed to be connected to the Winnti (aka APT41) malware family. But latest research published by researchers from Broadcom's Symantec has pinned the SideWalk backdoor on the China-linked espionage group, pointing out the malware's overlaps with the older Crosswalk malware, with the latest Grayfly hacking activities singling out a number of organizations in Mexico, TaiwanThe Hacker News
September 10, 2021 – Criminals
Hackers are leaking children’s data — and there’s little parents can do Full Text
Abstract
In 2021, ransomware gangs published data from more than 1,200 American K-12 schools, according to a tally provided to NBC News by Brett Callow, a ransomware analyst at the cybersecurity company Emsisoft.NBC News
September 10, 2021 – General
Reuters: Wide-ranging SolarWinds probe sparks fear in Corporate America Full Text
Abstract
A U.S. SEC investigation into the SolarWinds Russian hacking operation has dozens of corporate executives fearful information unearthed in the expanding probe will expose them to liability, according to six people familiar with the inquiry.Reuters
September 10, 2021 – Breach
MyRepublic customer data compromised in third-party security breach Full Text
Abstract
MyRepublic says almost 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform.ZDNet
September 10, 2021 – Criminals
Inside Genesis: The market created by cybercriminals to make millions selling your digital identity Full Text
Abstract
Security researchers warn that the Genesis market, along with other criminal websites, have become an important tool for hacking organizations to carry out malicious attacks.CBS News
September 10, 2021 – Attack
Virginia National Guard confirms cyberattack hit Virginia Defense Force email accounts Full Text
Abstract
Email accounts connected to the Virginia Defense Force and the Virginia Department of Military Affairs were impacted by a cyberattack in July, according to a spokesperson from the Virginia National Guard.ZDNet
September 09, 2021 – Vulnerabilities
Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances Full Text
Abstract
Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ( ACI ) services that could have been exploited by a malicious actor "to access other customers' information" in what the researcher described as the "first cross-account container takeover in the public cloud." An attacker exploiting the weakness could execute malicious commands on other users' containers, steal customer secrets and images deployed to the platform. The Windows maker did not share any additional specifics related to the flaw, save that affected customers "revoke any privileged credentials that were deployed to the platform before August 31, 2021." Azure Container Instances is a managed service that allows users to run Docker containers directly in a serverless cloud environment, without requiring the use of virtual machines, clusters, or orchestrators. Palo Alto Networks' Unit 42 threat intelligence team dubbed the vulnerabilityThe Hacker News
September 09, 2021 – Vulnerabilities
Windows MSHTML zero-day defenses bypassed as new info emerges Full Text
Abstract
New details have emerged about the recent Windows CVE-2021-40444 zero-day vulnerability, how it is being exploited in attacks, and the threat actor's ultimate goal of taking over corporate networks.BleepingComputer
September 9, 2021 – Business
Thoma Bravo invests in Intel 471 to boost threat preparedness capabilities worldwide Full Text
Abstract
Thoma Bravo announced it has signed a definitive agreement to make a strategic growth investment in Intel 471, a provider of cyber threat intelligence for leading enterprises and governments.Help Net Security
September 09, 2021 – Breach
United Nations confirms its systems were breached this year Full Text
Abstract
The United Nations (UN) on Thursday confirmed that it was the victim of a cyberattack earlier this year and that attacks related to the original breach were ongoing.The Hill
September 09, 2021 – Criminals
Russian Ransomware Group REvil Back Online After 2-Month Hiatus Full Text
Abstract
The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4. Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, five days before the sites mysteriously went off the grid on July 13. It's not immediately clear if REvil is back in the game or if they have launched new attacks. "Unfortunately, the Happy Blog is back online," Emsisoft threat researcher Brett Callow tweeted on Tuesday. The development comes a little over two months after a wide-scale supply chain ransomware attack aimed at Kaseya, which saw the Russia-based cybercrime gang encrypting approximately 60 managed service providers (MSPs) and over 1,500 downstream businesses using a zero-day vulnerability in the Kaseya VSA remote manageThe Hacker News
September 9, 2021 – Botnet
A new botnet named Mēris is behind massive DDoS attack that hit Yandex Full Text
Abstract
The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as Mēris. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian...Security Affairs
September 9, 2021 – Breach
McDonald’s Email Blast Includes Password to Monopoly Game Database Full Text
Abstract
Usernames, passwords for database sent in prize redemption emails.Threatpost
September 09, 2021 – Vulnerabilities
Microsoft fixes bug letting hackers take over Azure containers Full Text
Abstract
Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform.BleepingComputer
September 9, 2021 – Government
National cyber director declares ‘too soon to say we’re out of the woods,’ as US enjoys dip in ransomware Full Text
Abstract
After a summer marked by big ransomware attacks from suspected Russian gangs, some of those same groups went quiet. National Cyber Director Chris Inglis has said that it’s too early to tell if the trend will hold.Cyberscoop
September 09, 2021 – Government
Report pushes for changes to diversify ‘homogenous’ US cybersecurity workforce Full Text
Abstract
A group of experts across multiple fields on Thursday recommended a sweeping set of actions to diversify the U.S. cybersecurity workforce, saying the field was “overwhelmingly” white and male.The Hill
September 09, 2021 – General
Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge Full Text
Abstract
There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety. Software is all around us, and it's very easy to forget just how much we're relying on lines of code to do all those clever things that provide us so much innovation and convenience. Much like web-based software, APIs, and mobile devices, vulnerable code in embedded systems can be exploited if it is uncovered by an attacker. While it's unlikely that an army of toasters is coming to enslave the human race (although, the Tesla bot is a bit concerning) as the result of a cyberattack, malicious cyber events are still possible. Some of our cars, planes, and medical devices also rely on intricate embedded systems code to perform key tasks, and the prospect of these objects being compromised iThe Hacker News
September 9, 2021 – Vulnerabilities
Millions of Microsoft web servers powered by vulnerable legacy software Full Text
Abstract
CyberNews researchers identified more than 2 million web servers worldwide still running on outdated and vulnerable versions of Microsoft Internet Information Services software. These legacy versions are no longer supported by Microsoft, which makes...Security Affairs
September 9, 2021 – Cryptocurrency
Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’ Full Text
Abstract
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.Threatpost
September 09, 2021 – Botnet
New Mēris botnet breaks DDoS record with 21.8 million RPS attack Full Text
Abstract
A new distributed denial-of-service (DDoS) botnet that kept growing over the summer has been hammering Russian internet giant Yandex for the past month, the attack peaking at the unprecedented rate of 21.8 million requests per second.BleepingComputer
September 9, 2021 – Vulnerabilities
Google Android Security Update Patches 40 Vulnerabilities Full Text
Abstract
A total of 16 issues were patched with the first part of this month’s security updates – the 2021-09-01 security patch level – including one critical issue in the Framework component.Security Week
September 09, 2021 – Criminals
Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices Full Text
Abstract
Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday. The disclosure comes after the threat actor leaked a list of Fortinet credentials for free on a new Russian-speaking forum called RAMP that launched in July 2021 as well as on Groove ransomware's data leak site, with Advanced Intel noting that the "breach list contains raw access to the top companies" spanning across 74 countries, including India, Taiwan, Italy, France, and Israel. "2,959 out of 22,500 victims are U.S. entities," the researchers said. CVE-2018-13379 relates to a path tThe Hacker News
September 9, 2021 – Criminals
TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide Full Text
Abstract
The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers from AT&T Alien Labs uncovered a new campaign, tracked as Chimaera, conducted by the TeamTNT group,...Security Affairs
September 9, 2021 – Attack
BladeHawk Attackers Target Kurds with Android Apps Full Text
Abstract
Pro-Kurd Facebook profiles deliver ‘888 RAT’ and ‘SpyNote’ trojans, masked as legitimate apps, to perform mobile espionage.Threatpost
September 09, 2021 – Denial Of Service
Yandex is battling the largest DDoS in Russian Internet history Full Text
Abstract
Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and reportedly continues this week.BleepingComputer
September 9, 2021 – Attack
Jenkins discloses attack on its Atlassian Confluence service Full Text
Abstract
Attackers abused an Open Graph Navigation Library (OGNL) injection flaw – the same vulnerability type involved in the notorious 2017 Equifax hack – capable of leading to remote code execution (RCE) in Confluence Server and Data Center instances.IT Security Guru
September 9, 2021 – Denial Of Service
Yandex is under the largest DDoS attack in the history of Runet Full Text
Abstract
The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week. The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian...Security Affairs
September 9, 2021 – Phishing
Phishing attacks: One in three suspect emails reported by employees really are malicious Full Text
Abstract
According to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim "Think before you click".ZDNet
September 9, 2021 – Vulnerabilities
Zoho warns of zero-day authentication bypass flaw actively exploited Full Text
Abstract
Zoho urges customers to address an authentication bypass vulnerability in its ManageEngine ADSelfService Plus that is actively exploited in the wild. Zoho has released a security patch to address an authentication bypass vulnerability, tracked as CVE-2021-40539,...Security Affairs
September 9, 2021 – Business
Cyber security software startup Snyk raises $300 million, valued at $8.5 billion Full Text
Abstract
The latest round co-led by Sands Capital Ventures and Tiger Global follows a funding round in March when $175 million of new capital was raised. The company was valued at $4.7 billion only six months ago.Reuters
September 9, 2021 – Government
Pro-Chinese government propaganda campaign spurs on COVID-19 protests in the US Full Text
Abstract
Researchers are tracking a campaign that is both promoting the Chinese government and encouraging real-world protests surrounding the COVID-19 pandemic in the United States.ZDNet
September 08, 2021 – Government
CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. The flaw, tracked as CVE-2021-40539 , concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus builds up to 6113 are impacted. ManageEngine ADSelfService Plus is an integrated self-service password management and a single sign-on solution for Active Directory and cloud apps, enabling admins to enforce two-factor authentication for application logins and users to reset their passwords. "CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system," CISA said , urging companies to apply the latest security update to their ManageEngine servers and "ensure ADSelfService Plus is not directlThe Hacker News
September 8, 2021 – Ransomware
What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast Full Text
Abstract
There are a lot of "tells" that the ransomware group doesn’t understand how negotiators work, despite threatening to dox data if victims call for help.Threatpost
September 08, 2021 – Vulnerabilities
GitHub finds 7 code execution vulnerabilities in ‘tar’ and npm CLI Full Text
Abstract
GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on average, whereas arborist gets downloaded over 300,000 times every week.BleepingComputer
September 08, 2021 – Policy and Law
Ukrainian extradited for selling 2,000 stolen logins per week Full Text
Abstract
The US Department of Justice has indicted a Ukrainian man for using a malware botnet to brute force computer logon credentials and then selling them on a criminal remote access marketplace.BleepingComputer
September 8, 2021 – Vulnerabilities
DEV-0322 Behind the SolarWinds Zero-Day Attacks in July Full Text
Abstract
Last month, experts identified a severe zero-day RCE exploit aimed at SolarWinds Serv-U FTP software. Researchers have now linked a limited and highly targeted attack on SolarWinds with a Chinese actor dubbed DEV-0322. Flaws in SolarWinds products have been exploited by Chinese threat actors even e ... Read MoreCyware Alerts - Hacker News
September 08, 2021 – Hacker
Microsoft warns of hackers exploiting Windows vulnerability Full Text
Abstract
Microsoft this week warned that hackers are actively exploiting a vulnerability in its Windows program, urging customers to take steps to shore up security.The Hill
September 08, 2021 – Solution
3 Ways to Secure SAP SuccessFactors and Stay Compliant Full Text
Abstract
The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating, and more. SAP is leading this HR transformation with its human capital management (HCM) solution, SAP SuccessFactors. Delivering HR solutions from the cloud enables employees and administrators to not only automate typical tasks, such as providing a report on employee attrition, but also allows them to complete these tasks from anywhere and on any device. SuccessFactors makes it easy for employees to access what they need. But the wide range of sensitive employee data within SuccessFactors creates additional security and compliance challenges. Whether it's personal and financial information used for payroll or health information for benefits, you need the right cybersecurity to ensure that sensitive data,The Hacker News
September 8, 2021 – Government
Congress Is Warning That the Federal Government Remains Vulnerable to Cyberattacks Full Text
Abstract
Despite the U.S. government spending more than $16 billion, new technologies and programs may be needed.Lawfare
September 8, 2021 – Breach
Personal information of 7 million Israelis available for sale Full Text
Abstract
A threat actor that goes online with the moniker 'Sangkancil' claims to have stolen the personal information of 7 million Israelis. A threat actor that goes online with the moniker 'Sangkancil' claims to have stolen the personal information of 7 million...Security Affairs
September 8, 2021 – Solution
Tooling Network Detection & Response for Ransomware Full Text
Abstract
Justin Jett, director of audit and compliance at Plixer, discusses how to effectively use network flow data in the fight against ransomware.Threatpost
September 08, 2021 – Vulnerabilities
Zoho patches actively exploited critical ADSelfService Plus bug Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in Zoho's ManageEngine ADSelfService Plus password management solution that allows them to take control of the system.BleepingComputer
September 8, 2021 – Criminals
Thailand: Hacker steals 40,000 patients’ data from Bangkok hospital Full Text
Abstract
The personal details of more than 40,000 patients at Bhumirajanagarindra Kidney Institute Hospital have been stolen by a hacker, hospital director Thirachai Chantharotsiri said on Wednesday.Bangkok Post
September 08, 2021 – Policy and Law
Ukrainian extradited to US for allegedly selling computer credentials: DOJ Full Text
Abstract
The Department of Justice (DOJ) announced Wednesday that a Ukrainian hacker was extradited to the U.S. for allegedly selling computer passwords on the dark web.The Hill
September 08, 2021 – Vulnerabilities
HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack Full Text
Abstract
A critical security vulnerability has been disclosed in HAProxy , a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. Tracked as CVE-2021-40346 , the Integer Overflow vulnerability has a severity rating of 8.6 on the CVSS scoring system and has been rectified in HAProxy versions 2.0.25, 2.2.17, 2.3.14 and 2.4.4. HTTP Request Smuggling, as the name implies, is a web application attack that tampers the manner a website processes sequences of HTTP requests received from more than one user. Also called HTTP desynchronization, the technique takes advantage of parsing inconsistencies in how front-end servers and back-end servers process requests from the senders. Front-end servers are typically load balancers or reverse proxies that are used by websites to manage a chaiThe Hacker News
September 8, 2021 – Criminals
Groove gang leaks list of 500k credentials of compromised Fortinet appliances Full Text
Abstract
Groove gang leaked online Fortinet credentials that could be used to breach networks of organizations using the compromised devices. The financially motivated threat actor Groove has leaked online compromised credentials belonging to many organizations....Security Affairs
September 08, 2021 – Breach
Hackers leak passwords for 500,000 Fortinet VPN accounts Full Text
Abstract
A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.BleepingComputer
September 8, 2021 – Breach
Texas Right to Life website exposed job applicants’ resumes Full Text
Abstract
“We are taking action to protect the concerned individuals,” said a spokesperson for Texas Right to Life, told TechCrunch, referring to those who “sought and circulated the information.”TechCrunch
September 08, 2021 – Government
Lawmakers question impact of SolarWinds hack on US attorneys’ offices Full Text
Abstract
A group of House and Senate lawmakers from Florida are looking for answers around the effect of last year’s SolarWinds breach on U.S. Attorneys’ Offices (USAOs) and on the way the Justice Department approaches cybersecurity.The Hill
September 08, 2021 – Attack
Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group Full Text
Abstract
Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps. Active since at least March 2020, the attacks leveraged as many as six dedicated Facebook profiles that claimed to offer tech and pro-Kurd content — two aimed at Android users while the other four appeared to provide news for the Kurdish supporters — only to share links to spying apps on public Facebook groups. All the six profiles have since been taken down. "It targeted the Kurdish ethnic group through at least 28 malicious Facebook posts that would lead potential victims to download Android 888 RAT or SpyNote," ESET researcher Lukas Stefanko said . "Most of the malicious Facebook posts led to downloads of the commercial, multi-platform 888 RAT, which has been available on the black market since 2018." The Slovakian cybersecurity firm attributed the atThe Hacker News
September 8, 2021 – Government
Russian communications watchdog Roskomnadzor blocks access to 6 VPNs Full Text
Abstract
Russian communications watchdog Roskomnadzor tightens control of its citizens and blocked access to six virtual private networks (VPNs), including NordVPN and ExpressVPN. Russian communications watchdog Roskomnadzor tightens the control over the Internet...Security Affairs
September 08, 2021 – Outage
Howard University shuts down network after ransomware attack Full Text
Abstract
The private Howard University in Washington disclosed that it suffered a ransomware attack late last week and is currently working to restore affected systems.BleepingComputer
September 8, 2021 – Attack
Researchers Uncover Email Fraud Campaigns Using Social Engineering Tactics to Steal Crypto Assets Full Text
Abstract
Victims are tempted by the promise of a considerable amount of cryptocurrency. Cashing out the full balance requires them to deposit some Bitcoin to the platform, which is the point of the scheme.Proofpoint
September 08, 2021 – Covid-19
Research finds Chinese influence group trying to mobilize US COVID-19 protests Full Text
Abstract
A wide-ranging pro-China influence group is attempting to use social media platforms and other forums to mobilize physical protests around COVID-19 concerns in the United States, research released Wednesday found.The Hill
September 08, 2021 – General
[Ebook] The Guide for Speeding Time to Response for Lean IT Security Teams Full Text
Abstract
Most cyber security today involves much more planning, and much less reacting than in the past. Security teams spend most of their time preparing their organizations' defenses and doing operational work. Even so, teams often must quickly spring into action to respond to an attack. Security teams with copious resources can quickly shift between these two modes. They have enough resources to allocate to respond properly. Lean IT security teams, however, are more hard-pressed to react effectively. A new guide by XDR provider Cynet ( download here ), however, argues that lean teams can still respond effectively. It just takes some work. For teams that are resource-constrained, success starts with having a clear plan and putting the tools and infrastructure in place for the organization to follow properly. The guide breaks down the tools, factors, and knowledge that go into optimizing an organization's time to respond. Building a successful incident response plan Today'sThe Hacker News
September 8, 2021 – Vulnerabilities
Microsoft warns of a zero-day in Internet Explorer that is actively exploited Full Text
Abstract
Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited...Security Affairs
September 08, 2021 – Business
Going beyond backup: Acronis True Image is now Acronis Cyber Protect Home Office Full Text
Abstract
After nearly two decades, one of the most recognizable software brands is getting a new name. Acronis True Image, the leading personal cyber protection solution, is changing its name to Acronis Cyber Protect Home Office.BleepingComputer
September 8, 2021 – Attack
Bridgeport city government hacked, residents put on notice Full Text
Abstract
Residents of Bridgeport have been notified city government was hacked in late May of this year. A letter to residents said city IT systems were encrypted in a ransomware attack.WAJR
September 8, 2021 – Government
Germany protests to Russia over attacks ahead of the upcoming election Full Text
Abstract
Germany has protested to Russia over attempts to steal data from lawmakers and use them to spread disinformation ahead of the upcoming election. Germany has formally protested to Russia over a series of cyber attacks aimed at stealing data from lawmakers...Security Affairs
September 8, 2021 – Hacker
TeamTNT Uses Chimaera Malware Bundle in Stealthy New Campaign Full Text
Abstract
AT&T's Alien Labs has sounded the alarm on a malware campaign from TeamTNT which has gone almost entirely undetected by anti-virus and which is turning target devices into cryptocurrency miners.The Register
September 8, 2021 – Phishing
Machine learning technique detects phishing sites based on markup visualization Full Text
Abstract
The technique uses “binary visualization” libraries to transform the markup and code of web pages into images. Using this method, they created a dataset of legitimate and phishing images of websites.The Daily Swig
September 8, 2021 – General
In space, no one can hear cyber security professionals scream Full Text
Abstract
"Space is an invaluable domain, but it is also increasingly crowded and particularly susceptible to a range of cyber vulnerabilities and threats," Managing director of The Aerospace Corp UK said.The Register
September 8, 2021 – Outage
New Zealand Banks, Post Office Suffer Network Outages After Disruptive DDoS Attack Full Text
Abstract
Websites of a number of financial institutions in New Zealand and its national postal service were briefly down on Wednesday, with officials saying they were battling a cyber attack.Reuters
September 7, 2021 – Criminals
Ragnar Locker Gang Warns Victims Not to Call the FBI Full Text
Abstract
Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help.Threatpost
September 7, 2021 – Vulnerabilities
Netgear Smart Switches Open to Complete Takeover Full Text
Abstract
The Demon’s Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks.Threatpost
September 7, 2021 – Attack
Jenkins Hit as Atlassian Confluence Cyberattacks Widen Full Text
Abstract
Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.Threatpost
September 07, 2021 – Vulnerabilities
New 0-Day Attack Targeting Windows Users With Microsoft Office Documents Full Text
Abstract
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents. "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company said . "An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whoThe Hacker News
September 7, 2021 – Privacy
ProtonMail Forced to Log IP Address of French Activist Full Text
Abstract
The privacy-touting, end-to-end encrypted email provider erased its site’s “we don’t log your IP” boast after France sicced Swiss cops on it.Threatpost
September 07, 2021 – Vulnerabilities
Microsoft shares temp fix for ongoing Office 365 zero-day attacks Full Text
Abstract
Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10.BleepingComputer
September 7, 2021 – Vulnerabilities
PoC released for Ghostscript vulnerability that exposed Airbnb, Dropbox Full Text
Abstract
Security researcher Emil Lerner demonstrated an unpatched vulnerability for Ghostscript version 9.50 at the ZeroNights X conference in Saint Petersburg, Russia last month.The Daily Swig
September 07, 2021 – Policy and Law
Bipartisan House group introduces legislation to set term limit for key cyber leader Full Text
Abstract
A group of bipartisan House lawmakers rolled out legislation this week to put in place a term limit for the director of the Cybersecurity and Infrastructure Security Agency (CISA) in the wake of escalating cybersecurity incidents and turmoil in agency leadership last year.The Hill
September 7, 2021 – Criminals
REvil ransomware gang’s servers are mysteriously online again Full Text
Abstract
The leak site of the popular REvil ransomware gang is it is not clear if the group resumed operations or the FBI turned on its servers. Today the servers of the REvil ransomware gang were back online after around two months since their shutdown....Security Affairs
September 07, 2021 – Ransomware
REvil ransomware’s servers mysteriously come back online Full Text
Abstract
The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. It is unclear if this marks their ransomware gang's return or the servers being turned on by law enforcement.BleepingComputer
September 7, 2021 – Breach
Data Breach at US Restaurant and Gambling Chain Dotty’s Impacted Sensitive Customer Information Full Text
Abstract
A cyber-attack on US fast food and gambling chain Dotty’s, which provides services across 175 locations, has exposed the personal data of customers, the company has warned.The Daily Swig
September 07, 2021 – Attack
Howard University hit with ransomware attack, cancels classes Full Text
Abstract
Howard University announced the cancellation of classes after being hit with a ransomware attack last week, though it said there was no evidence of personal information being stolen.The Hill
September 7, 2021 – Vulnerabilities
Researcher published PoC exploit for Ghostscript zero-day Full Text
Abstract
A researcher published the PoC exploit code for a Ghostscript zero-day vulnerability that could allow completely compromise a server. Security researcher Nguyen The Duc published on GitHub the proof-of-concept exploit code for a Ghostscript zero-day...Security Affairs
September 07, 2021 – Cryptocurrency
Jenkins project’s Confluence server hacked to mine Monero Full Text
Abstract
Hackers exploiting the recently disclosed Atlassian Confluence remote code execution vulnerability breached an internal server from the Jenkins project.BleepingComputer
September 7, 2021 – Breach
Personal Data of Millions of Moroccan Citizens Leaked Online by Cybercriminal Full Text
Abstract
Cyber-snooping into people’s personal information is a very concerning matter. According to Zataz, the intentional release of private and personal data took place on Friday night.Morocco World News
September 07, 2021 – Breach
McDonald’s leaks password for Monopoly VIP database to winners Full Text
Abstract
ug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners.BleepingComputer
September 7, 2021 – Outage
Howard University Investigates Alleged Ransomware Attack that Caused Network Outage Full Text
Abstract
Howard University announced Monday that they are investigating a ransomware attack. Their information technology team detected unusual activity on the school's network last Friday.WJLA
September 7, 2021 – Covid-19
Aussie Researcher Fakes Digital COVID-19 Vaccination Proof Full Text
Abstract
Australian software engineer Richard Nelson is warning that he was able to create a fake digital COVID-19 vaccine certificate via the government's Express Medicare Plus app.Gov Info Security
September 7, 2021 – Business
Ad Fraud Protection Firm Pixalate Raises $18.1 Million Full Text
Abstract
Pixalate, a firm that provides fraud protection for mobile app and CTV advertising, has raised $18.1 million in growth capital, bringing the total amount raised by the company to $22.7 million.Security Week
September 7, 2021 – Phishing
We Could Start Seeing Some Hurricane Ida-related Investment Scams Full Text
Abstract
People should be wary to ask anyone approaching them with an investment opportunity if they’re licensed and if their investment is registered with the SEC or with a state.Heimdal Security
September 7, 2021 – General
The age of AI-powered devices at the edge Full Text
Abstract
It is incumbent upon cybersecurity leaders to understand the issues of the edge and defend accordingly. This includes encrypting data, employing access-control methods, and creating microdata centers.Help Net Security
September 07, 2021 – Criminals
Ransomware gang threatens to leak data if victim contacts FBI, police Full Text
Abstract
The Ragnar Locker ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities, like the FBI. Ragnar Locker has previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payments.BleepingComputer
September 7, 2021 – Botnet
39% of all internet traffic is from bad bots Full Text
Abstract
These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots that try to evade defenses and attempt to perform their malicious activities under the radar.Help Net Security
September 07, 2021 – Vulnerabilities
Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server Full Text
Abstract
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "successful attack," which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the team to take the server offline, rotate privileged credentials, and reset passwords for developer accounts. "At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected," the company said in a statement published over the weekend. The disclosure comes as the U.S. Cyber Command warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments. Tracked as CVE-2The Hacker News
September 7, 2021 – Attack
A server of the Jenkins project hacked by exploiting a Confluence flaw Full Text
Abstract
The development team behind the Jenkins server disclose a security breach, threat actors deployed a cryptocurrency miner on one of its servers. The development team behind the Jenkins Project disclosed a security breach after threat actors compromised...Security Affairs
September 7, 2021 – Botnet
Authorities Arrest Another TrickBot Gang Member in South Korea Full Text
Abstract
A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.Threatpost
September 7, 2021 – General
Malicious Office documents make up 43% of all malware downloads Full Text
Abstract
Microsoft Office documents help hundreds of millions of users in their daily tasks around the globe. At the same time, these documents are a lucrative way for cybercriminals to distribute malware.Hackread
September 7, 2021 – Criminals
Ragnar Locker gang threatens to leak data if victim contacts law enforcement Full Text
Abstract
The Ragnar Locker ransomware operators threaten to leak stolen data if the victims attempt to contact law enforcement agencies. The Ragnar Locker ransomware gang is adopting a new technique to force victims to pay the ransom, the operators threaten...Security Affairs
September 7, 2021 – General
Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast Full Text
Abstract
Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to “What are we doing right?” instead of the constant reminders of what’s not working in fending off threats.Threatpost
September 7, 2021 – Breach
Personal Details of 8,700 French Visa Applicants Gets Exposed by Attackers Full Text
Abstract
The French government said that the cyberattack was ‘quickly neutralised’ but that individuals’ names, dates of birth, passport and identity card numbers had been exposed.Connexion France
September 7, 2021 – Privacy
ProtonMail logged IP address of French activist after foreign request approved by Swiss authorities Full Text
Abstract
A police report revealed that the popular encrypted email service provider ProtonMail shared the IP address of a French activist with the authorities. The privacy friendly end-to-end encrypted email service provider ProtonMail has shared the IP address...Security Affairs
September 7, 2021 – Breach
Jenkins Project Discloses Security Breach Involving Confluence Server Exploit Full Text
Abstract
Following the discovery of the hack, Jenkins developers said they permanently took down the hacked Confluence server, rotated privileged credentials, and reset passwords for developer accounts.The Record
September 7, 2021 – APT
Golden SAML Attack - APT Hackers Hijacking Active Directory Server Full Text
Abstract
After detecting this attack and conducting an investigation, security analysts came to know that this attack operates by a threat actor hijacking, or obtaining access to the AD FS server.GB Hackers
September 7, 2021 – Malware
Malware found pre-installed in cheap push-button mobile phones sold in Russia Full Text
Abstract
A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.Security Affairs
September 7, 2021 – Criminals
This is the perfect ransomware victim, according to cybercriminals Full Text
Abstract
A new KELA report analyzed listings made by ransomware operators in the dark web, including access requests revealing that many want to break into US firms with a minimum revenue of over $100 million.ZDNet
September 06, 2021 – Solution
New Chainsaw tool helps IR teams analyze Windows event logs Full Text
Abstract
Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats.BleepingComputer
September 6, 2021 – Vulnerabilities
This NPM package with millions of weekly downloads has fixed a remote code execution flaw Full Text
Abstract
A very popular NPM package called 'pac-resolver' for the JavaScript programming language has been fixed to address a remote code execution flaw that could affect a lot of Node.js applications.ZDNet
September 06, 2021 – Privacy
ProtonMail Shares Activist’s IP Address With Authorities Despite Its “No Log” Claims Full Text
Abstract
End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account. On its website, ProtonMail advertises that: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first." Despite its no IP logs claims, the company acknowledged that while it's illegal for the company to abide by requests from non-SwissThe Hacker News
September 6, 2021 – Botnet
TrickBot gang developer arrested at the Seoul international airport Full Text
Abstract
A Russian man accused of being a member of the infamous TrickBot gang was arrested while trying to leave South Korea A Russian man accused of being a member of the TrickBot gang was arrested last week at the Seoul international airport. The man has remained...Security Affairs
September 06, 2021 – Criminals
TrickBot gang developer arrested when trying to leave Korea Full Text
Abstract
An alleged Russian developer for the notorious TrickBot malware gang was arrested in South Korea after attempting to leave the country.BleepingComputer
September 6, 2021 – Attack
German foreign ministry: Russia responsible for cyber attacks on German parliament Full Text
Abstract
The German government has revealed that it has reliable information according to which ghost writer activities can be attributed to cyber protagonists of the Russian state or Russia's GRU military intelligence.Reuters
September 06, 2021 – Malware
Traffic Exchange Networks Distributing Malware Disguised as Cracked Software Full Text
Abstract
An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications. "These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cybersecurity firm Sophos said in a report published last week. The attacks work by taking advantage of a number of bait pages hosted on WordPress that contain "download" links to software packages, which, when clicked, redirect the victims to a different website that delivers potentially unwanted browser plug-ins and malware, such as installers for Raccoon Stealer , Stop ransomware, the Glupteba backdoor, and a variety of malicious cryptocurrency miners that masquerade as antivirus solutions. "Visitors who arrive on these sites are prompted to allow notifications; If they allow thThe Hacker News
September 6, 2021 – Vulnerabilities
Netgear addresses severe security flaws in 20 of its products Full Text
Abstract
Netgear has released security updates to address high-severity vulnerabilities affecting several of its smart switches used by businesses. Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart...Security Affairs
September 06, 2021 – Vulnerabilities
Netgear fixes severe security bugs in over a dozen smart switches Full Text
Abstract
Netgear has released firmware updates for more than a dozen of its smart switches used on corporate networks to address high-severity vulnerabilities.BleepingComputer
September 6, 2021 – Criminals
Irish Gardai clamp down on cyber gang that attacked HSE Full Text
Abstract
Gardaí have seized the cyberinfrastructure used by the cyber gang involved in the HSE cyber attack earlier this year. The operation is believed to have prevented more than 750 ransomware attacks, the Irish Times has reported.IT Security Guru
September 06, 2021 – Vulnerabilities
Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released Full Text
Abstract
Networking, storage and security solutions provider Netgear on Friday issued patches to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device. The flaws, which were discovered and reported to Netgear by Google security engineer Gynvael Coldwind, impact the following models - GC108P (fixed in firmware version 1.0.8.2) GC108PP (fixed in firmware version 1.0.8.2) GS108Tv3 (fixed in firmware version 7.0.7.2) GS110TPP (fixed in firmware version 7.0.7.2) GS110TPv3 (fixed in firmware version 7.0.7.2) GS110TUP (fixed in firmware version 1.0.5.3) GS308T (fixed in firmware version 1.0.3.2) GS310TP (fixed in firmware version 1.0.3.2) GS710TUP (fixed in firmware version 1.0.5.3) GS716TP (fixed in firmware version 1.0.4.2) GS716TPP (fixed in firmware version 1.0.4.2) GS724TPP (fixed in firmware version 2.0.6.3) GS724TPv2 (fixed in firmware version 2.0.6.3) GS728TPPv2 (fixed in firmwareThe Hacker News
September 6, 2021 – Malware
Malware found pre-installed in cheap push-button mobile phones sold in Russia Full Text
Abstract
Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four...Security Affairs
September 06, 2021 – Criminals
Ransomware gangs target companies using these criteria Full Text
Abstract
Ransomware gangs increasingly purchase access to a victim's network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks.BleepingComputer
September 6, 2021 – General
Ransomware attacks increased by 288% in H1 2021 Full Text
Abstract
According to NCC Group's report, the number of ransomware attacks analyzed has increased by 288% between January-March 2021 and April-June 2021, with organizations continuing to face waves of digital extortion in the form of targeted ransomware.Help Net Security
September 6, 2021 – Government
FBI IC3 warns of a spike in sextortion attacks Full Text
Abstract
The FBI Internet Crime Complaint Center (IC3) warns of a spike in sextortion attacks since the beginning of 2021 that caused $8M losses. The FBI Internet Crime Complaint Center (IC3) is warning of a significant increase in sextortion complaints since...Security Affairs
September 6, 2021 – Attack
Pacific City Bank hit by AVOS Locker Ransomware Full Text
Abstract
The bank was hit by AVOS Locker Ransomware operators who claim to have stolen sensitive documents from the financial institution. The ransomware gang added the bank to its leak site and published some screenshots as proof of the hack.Security Affairs
September 6, 2021 – Botnet
A Quick Analysis of QakBot, a Decade-Old Threat Full Text
Abstract
Kaspersky provided a detailed technical analysis of QakBot, a decade-old Trojan that is active since 2007. It also underlines the stats of victims. In the first seven months of this year, Kaspersky spotted 181,869 attempts to download or execute QakBot. Experts say one must track its activitie ... Read MoreCyware Alerts - Hacker News
September 05, 2021 – Solution
Office 365 to let admins block Active Content on Trusted Docs Full Text
Abstract
Microsoft plans to allow Office 365 admins ensure that end-users can't ignore organization-wide policies set up to block active content on Trusted Documents.BleepingComputer
September 5, 2021 – Vulnerabilities
Saving Private Networks from DNS Rebinding Full Text
Abstract
Attackers use the DNS rebinding technique to exploit private networks. It can take over victims' browsers and exposes the attack surface of internal web applications to malicious websites, which can be dangerous. Web browser vendors, web application owners, and DNS resolvers need to apply appropria ... Read MoreCyware Alerts - Hacker News
September 5, 2021 – Attack
Pacific City Bank hit by AVOS Locker Ransomware Full Text
Abstract
Pacific City Bank was hit by AVOS Locker Ransomware operators, the gang claims to have stolen sensitive file from the company and threatens to leak it. Pacific City Bank is an American community bank that focuses on the Korean-American community...Security Affairs
September 05, 2021 – Vulnerabilities
Google’s TensorFlow drops YAML support due to code execution flaw Full Text
Abstract
TensorFlow, a popular Python-based machine learning and artificial intelligence project developed by Google has dropped support for YAML, to patch a critical code execution vulnerability. YAML is a convenient choice among developers looking for a human-readable data serialization language.BleepingComputer
September 5, 2021 – Ransomware
Deciphering the Leaked Conti Ransomware Playbook Full Text
Abstract
Researchers recently obtained a leaked playbook linked to the Conti RaaS group, disclosing a heap of information about operations by them. The sensitive playbook documents are believed to be leaked by a partner not happy with Conti. For researchers and security analysts, this is an opportunity to d ... Read MoreCyware Alerts - Hacker News
September 5, 2021 – Policy and Law
WhatsApp fined €225M over GDPR issues Full Text
Abstract
The Irish Data Protection Commission has fined WhatsApp €225 million over data sharing transparency for European Union users' data with Facebook. The Irish Data Protection Commission has fined WhatsApp €225 million for the lack of transparency...Security Affairs
September 5, 2021 – Malware
This GPU-Based Malware Attack can Dodge Usual Security Checks Full Text
Abstract
A post was spotted on a hacker forum where someone advertised a PoC for hiding and executing malicious codes from the GPU. The seller who advertised the recent PoC has denied any possible connection with the JellyFish malware. Vendors of GPUs should be taking note of it and start preparing for coun ... Read MoreCyware Alerts - Hacker News
September 5, 2021 – General
Security Affairs newsletter Round 330 Full Text
Abstract
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. SEC warns...Security Affairs
September 5, 2021 – Botnet
Authors Detained but Mozi Botnet will Continue to Lurk, Here’s Why Full Text
Abstract
Despite authors being detained, Mozi botnet is unstoppable. The botnet uses a peer-to-peer network structure that contributes as a major factor to helps the malware propagate even when some of its nodes go down . New findings from a new report reveal why Mozi, which accounted for 1.55 million infe ... Read MoreCyware Alerts - Hacker News
September 5, 2021 – Denial Of Service
Major IPS in New Zealand hit by massive DDoS, Internet outages reported Full Text
Abstract
A massive DDoS hit New Zealand 's third-largest internet operator isolating parts of the country from the Internet. A massive DDoS hit Vocus ISP, New Zealand 's third-largest internet operator, isolating parts of the country from the Internet. Vocus...Security Affairs
September 4, 2021 – Privacy
Apple Client-Side Scanning Takes A Pause Full Text
Abstract
Late on Friday, Apple stated that it would postpone its plans to deploy a system that scanned images on iPhones for child sexual abuse material (CSAM).Lawfare
September 04, 2021 – Malware
Watch out for new malware campaign’s ‘Windows 11 Alpha’ attachment Full Text
Abstract
Relying on a simple recipe that has proved successful time and time again, threat actors have deployed a malware campaign recently that used a Windows 11 theme to lure recipients into activating malicious code placed inside Microsoft Word documents.BleepingComputer
September 04, 2021 – Government
US SEC: Watch out for Hurricane Ida-related investment scams Full Text
Abstract
The US Securities and Exchange Commission has warned investors to be "extremely wary" of potential investment scams related to Hurricane Ida's aftermath.BleepingComputer
September 4, 2021 – Phishing
SEC warns of investment scams related to Hurricane Ida Full Text
Abstract
The US Securities and Exchange Commission warns investors of potential investment scams that leverages Hurricane Ida as a bait. The US Securities and Exchange Commission (SEC)'s Office of Investor Education and Advocacy is warning investors of potential...Security Affairs
September 4, 2021 – Business
Apple will delay the rollout of new child pornography protection tools Full Text
Abstract
Apple will delay the introduction of its new child pornography protection tools due to a heated debate raised by privacy advocates. Apple announced this week that it will delay the rollout of its new child pornography protection tools after many experts...Security Affairs
September 4, 2021 – Hacker
FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads Full Text
Abstract
FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated...Security Affairs
September 4, 2021 – Hacker
Why Ransomware Hackers Love a Holiday Weekend Full Text
Abstract
Ransomware can take time to propagate throughout a network, as hackers work to escalate privileges for maximum control over most systems. The longer it takes for anyone to notice, the more damage they can do.Wired
September 04, 2021 – Privacy
Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash Full Text
Abstract
Apple is temporarily hitting the pause button on its controversial plans to screen users' devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. "Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features," the iPhone maker said in a statement on its website. The changes were originally slated to go live with iOS 15 and macOS Monterey later this year. In August, Apple detailed several new features intended to help limit the spread of CSAM on its platform, including scanning users' iCloud Photos libraries for illicit content, Communication Safety in Messages app to warn children and their parents when receiving or sending sexually explicit photos, and eThe Hacker News
September 4, 2021 – Ransomware
Source code for the Babuk is available on a hacking forum Full Text
Abstract
The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor has leaked the source code for the Babuk ransomware on a Russian-speaking hacking forum. The Babuk Locker operators halted...Security Affairs
September 4, 2021 – Attack
Autodesk Says Company Was Targeted by SolarWinds Attackers Full Text
Abstract
Autodesk, a California-based design software and 3D technology firm, has acknowledged that it was one of several tech and security companies targeted by a Russian-linked group that carried out the supply chain attack against SolarWinds.Gov Info Security
September 04, 2021 – Hacker
Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack Full Text
Abstract
Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China. In mid-July, the Texas-based company remedied a remote code execution flaw ( CVE-2021-35211 ) that was rooted in Serv-U's implementation of the Secure Shell (SSH) protocol, which could be abused by attackers to run arbitrary code on the infected system, including the ability to install malicious programs and view, change, or delete sensitive data. "The Serv-U SSH server is subject to a pre-auth remote code execution vulnerability that can be easily and reliably exploited in the default configuration," Microsoft Offensive Research and Security Engineering team said in a detailed write-up describing the exploit. "An attacker can exploit this vulnerability by connecting to the open SSH port and sendinThe Hacker News
September 4, 2021 – Government
CISA urges IT teams to address critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software Full Text
Abstract
The vulnerability affects Cisco Enterprise Network Function Virtualization Infrastructure Software Release (NFVIS) 4.5.1 and Cisco released software updates that address the vulnerability on Wednesday.ZDNet
September 04, 2021 – Vulnerabilities
U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw Full Text
Abstract
The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system. "Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate," the Cyber National Mission Force (CNMF) said in a tweet. The warning was also echoed by the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) and Atlassian itself in a series of independent advisories. Bad Packets noted on Twitter it "detected mass scanning and exploit activity from hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and the U.S. targeting Atlassian Confluence servers vulnerable to remote code execution." Atlassian Confluence is a widely popular web-based documentation platform that allows teams to create, collaborate, and organize on different proThe Hacker News
September 03, 2021 – Ransomware
The Week in Ransomware - September 3rd 2021 - Targeting Exchange Full Text
Abstract
Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks.BleepingComputer
September 3, 2021 – Government
France Doesn’t Do Public Attribution of Cyberattacks. But It Gets Close. Full Text
Abstract
France doesn’t publicly attribute cyberattacks to state actors as it is commonly known, but it names the perpetrators and, in doing so, exploits every ambiguity associated with the term “attribution.”Lawfare
September 03, 2021 – Government
US govt warns orgs to patch massively exploited Confluence bug Full Text
Abstract
US Cyber Command (USCYBERCOM) has issued a rare alert today urging US organizations to patch a massively exploited Atlassian Confluence critical vulnerability immediately.BleepingComputer
September 3, 2021 – Vulnerabilities
USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw Full Text
Abstract
USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian...Security Affairs
September 03, 2021 – Ransomware
Babuk ransomware’s full source code leaked on hacker forum Full Text
Abstract
A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum.BleepingComputer
September 3, 2021 – Criminals
Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits Full Text
Abstract
The Conti ransomware operators are targeting Microsoft Exchange servers leveraging recently disclosed ProxyShell vulnerability exploits. The Conti ransomware gang is targeting Microsoft Exchange servers leveraging exploits with recently disclosed...Security Affairs
September 03, 2021 – Ransomware
Conti ransomware now hacking Exchange servers with ProxyShell exploits Full Text
Abstract
The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits.BleepingComputer
September 3, 2021 – Hacker
Chinese hackers behind July 2021 SolarWinds zero-day attacks Full Text
Abstract
The zero-day was the work of a new threat actor tracked as DEV-0322, which Microsoft described as “a group operating out of China, based on observed victimology, tactics, and procedures.”The Record
September 03, 2021 – Malware
This New Malware Family Using CLFS Log Files to Avoid Detection Full Text
Abstract
Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System ( CLFS ) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye's Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG , and its installer, STASHLOG . Specifics about the identities of the threat actor or their motives remain unclear. Although the malware is yet to be detected in real-world attacks aimed at customer environments or be spotted launching any second-stage payloads, Mandiant suspects that PRIVATELOG could still be in development, the work of a researcher, or deployed as part of a highly targeted activity. CLFS is a general-purpose logging subsystem in Windows that's accessible to both kernel-mode as well as user-mode applications such as database systems, OLTP systems, messaging clients, and network event management systems for building and sharing hThe Hacker News
September 3, 2021 – Malware
PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection Full Text
Abstract
Mandiant researchers spotted a new malware family, dubbed PRIVATELOG, that relies on the Common Log File System (CLFS) to evade detection solutions. FireEye's Mandiant cybersecurity researchers spotted a new malware family, named PRIVATELOG, that...Security Affairs
September 03, 2021 – Government
FBI: Spike in sextortion attacks cost victims $8 million this year Full Text
Abstract
The FBI Internet Crime Complaint Center (IC3) has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July.BleepingComputer
September 3, 2021 – Criminals
The Increasing Threat Posed by Cybercrime-as-a-Service Full Text
Abstract
Researchers from Rapid7’s IntSights revealed that underground criminals are selling unauthorized access to compromised enterprise networks for up to $10,000.Cyware Alerts - Hacker News
September 03, 2021 – Hacker
FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor Full Text
Abstract
A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S. The attacks, which are believed to have taken place between late June to late July 2021, have been attributed with "moderate confidence" to a financially motivated threat actor dubbed FIN7, according to researchers from cybersecurity firm Anomali. "The specified targeting of the Clearmind domain fits well with FIN7's preferred modus operandi," Anomali Threat Research said in a technical analysis published on September 2. "The group's goal appears to have been to deliver a variation of a JavaScript backdoor used by FIN7 since at least 2018." An Eastern European group active since at least mid-2015, FIN7 has a checkered history of targeting restaurant, gambling, and hospitality industries in thThe Hacker News
September 3, 2021 – Government
FBI warns of ransomware attacks targeting the food and agriculture sector Full Text
Abstract
FBI warns ransomware gangs are actively targeting organizations in the food and agriculture sector. The FBI Cyber Division issued a Private Industry Notification (PIN) to warn of ransomware attacks targeting the Food and Agriculture sector disrupting...Security Affairs
September 03, 2021 – Vulnerabilities
Over 60,000 parked domains were vulnerable to AWS hijacking Full Text
Abstract
Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.BleepingComputer
September 3, 2021 – Attack
Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation Full Text
Abstract
SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July attacks. Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since...Security Affairs
September 2, 2021 – Business
SpyFone & CEO Banned From Stalkerware Biz Full Text
Abstract
The FTC’s first spyware ban nixes a company whose “slipshod” security practices led to exposure of thousands of victims’ illegally collected personal data.Threatpost
September 2, 2021 – Vulnerabilities
Bluetooth Bugs Open Billions of Devices to DoS, Code Execution Full Text
Abstract
The BrakTooth set of security vulnerabilities impacts at least 11 vendors’ chipsets.Threatpost
September 2, 2021 – Vulnerabilities
Cisco Patches Critical Authentication Bug With Public Exploit Full Text
Abstract
There’s proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn’t seen any malicious exploit yet.Threatpost
September 02, 2021 – Vulnerabilities
Cisco Issues Patch for Critical Enterprise NFVIS Flaw — PoC Exploit Available Full Text
Abstract
Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited by an attacker to take control of an affected system. Tracked as CVE-2021-34746 , the weakness has been rated 9.8 out of a maximum of 10 on the Common Vulnerability Scoring System (CVSS) and could allow a remote attacker to circumvent authentication and log in to a vulnerable device as an administrator. The network equipment maker said it's aware of a publicly available proof-of-concept (PoC) exploit code targeting the vulnerability, but added it's not detected any successful weaponization attempts in the wild. CVE-2021-34746 issue is caused due to an incomplete validation of user-supplied input that's passed to an authentication script during the sign-in process, enabling an attacker to inject parameters into an authentication request. "A successful exploit could allow the attacker to bypass authentiThe Hacker News
September 02, 2021 – Vulnerabilities
Bluetooth BrakTooth bugs could affect billions of devices Full Text
Abstract
Vulnerabilities collectively referred to as BrakTooth are affecting Bluetooth stacks implemented on system-on-a-chip (SoC) circuits from over a dozen vendors.BleepingComputer
September 2, 2021 – Vulnerabilities
Node.js archives serious tar handling vulnerabilities with software update Full Text
Abstract
Developers of Node.js have released a significant update to the technology that resolves five troublesome security vulnerabilities, including some that present a remote code execution risk.The Daily Swig
September 02, 2021 – Government
Biden administration on alert for cyberattacks ahead of Labor Day weekend Full Text
Abstract
A top White House official on Thursday underlined preparations the Biden administration is taking for any potential cyberattacks over the upcoming Labor Day weekend, urging companies to be on alert against hackers.The Hill
September 02, 202 – Attack
1
What is AS-REP Roasting attack, really? Full Text
Abstract
Microsoft's Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain access to credentials in the organization, as compromised credentials provide one of the easiest ways for hackers to access your data. A key authentication technology that underpins Microsoft Active Directory is Kerberos. Unfortunately, hackers use many different attacks against Active Directory's implementation of the Kerberos authentication protocol. One of those is AS-REP Roasting. So what is AS-REP Roasting, and how can businesses protect themselves? What is Active Directory Kerberos? Kerberos was originally developed by the Massachusetts Institute of Technology (MIT) and centered around using tickets to establish trust. Microsoft's implementation of Kerberos found in Active Directory is based on Kerberos Network Authentication Service (V5) as defined in RFC 4120 . However, Microsoft has added to and enhanced Kerberos with itThe Hacker News
September 2, 2021 – Vulnerabilities
WhatsApp CVE-2020-1910 bug could have led to user data exposure Full Text
Abstract
The now-fixed CVE-2020-1910 vulnerability in WhatApp 's image filter feature could have exposed user data to remote attackers. A high-severity security vulnerability in WhatApp's image filter feature, tracked as CVE-2020-1910, could have been exploited...Security Affairs
September 2, 2021 – Privacy
Google Play Sign-Ins Allow Covert Location-Tracking Full Text
Abstract
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.Threatpost
September 02, 2021 – Ransomware
Translated Conti ransomware playbook gives insight into attacks Full Text
Abstract
Almost a month after a disgruntled Conti affiliate leaked the gang's attack playbook, security researchers shared a translated variant that clarifies on any misinterpretation caused by automated translation.BleepingComputer
September 2, 2021 – Ransomware
The Evolving Ransomware-as-a-Service Threat Full Text
Abstract
With RaaS evolving into a corporate structure, gangs are looking for negotiators. The role of negotiators is to extort victims into paying the ransom.Cyware Alerts - Hacker News
September 02, 2021 – Vulnerabilities
New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable Full Text
Abstract
A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service (DoS) attacks. Collectively dubbed " BrakTooth " (referring to the Norwegian word "Brak" which translates to "crash"), the 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such as Intel, Qualcomm, Zhuhai Jieli Technology, and Texas Instruments, covering an estimated 1,400 or more commercial products, including laptops, smartphones, programmable logic controllers, and IoT devices. The flaws were disclosed by researchers from the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD). "All the vulnerabilities […] can be triggered without any previous pairing or authentication," the researchers noted. "The impact of our discovered vulnerabilities is categorized intoThe Hacker News
September 2, 2021 – Vulnerabilities
New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices Full Text
Abstract
Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth,...Security Affairs
September 2, 2021 – General
7 Ways to Defend Mobile Apps, APIs from Cyberattacks Full Text
Abstract
David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.Threatpost
September 02, 2021 – Cryptocurrency
Atlassian Confluence flaw actively exploited to install cryptominers Full Text
Abstract
Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released.BleepingComputer
September 2, 2021 – General
Brute Force Attacks Witness Tremendous Rise Full Text
Abstract
Apart from brute-forcing leaked credentials, attackers are impersonating both renowned brands and internal automated systems to trick targets into giving up their credentials or sending money.Cyware Alerts - Hacker News
September 02, 2021 – Vulnerabilities
WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers Full Text
Abstract
A now-patched high-severity security vulnerability in WhatApp's image filter feature could have been abused to send a malicious image over the messaging app to read sensitive information from the app's memory. Tracked as CVE-2020-1910 (CVSS score: 7.8), the flaw concerns an out-of-bounds read/write and stems from applying specific image filters to a rogue image and sending the altered image to an unwitting recipient, thereby enabling an attacker to access valuable data stored the app's memory. "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially-crafted image and sent the resulting image," WhatsApp noted in its advisory published in February 2021. Cybersecurity firm Check Point Research, which disclosed the issue to the Facebook-owned platform on November 10, 2020, said it was able toThe Hacker News
September 2, 2021 – Hacker
Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE Full Text
Abstract
Threat actors are actively exploiting a recently patched vulnerability in Atlassian’s Confluence enterprise collaboration product. Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration...Security Affairs
September 2, 2021 – Privacy
WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted Full Text
Abstract
Users should be careful whose pics they view and should, of course, update their apps.Threatpost
September 02, 2021 – Criminals
FBI warns of ransomware gangs targeting food, agriculture orgs Full Text
Abstract
The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain.BleepingComputer
September 2, 2021 – Ransomware
Translated: Talos’ insights from the recently leaked Conti ransomware playbook Full Text
Abstract
It is unclear whether the document was originally written entirely in Russian or they machine-translated some English-language documents and included them in the playbook.Cisco Talos
September 02, 2021 – General
Is Traffic Mirroring for NDR Worth the Trouble? We Argue It Isn’t Full Text
Abstract
Network Detection & Response (NDR) is an emerging technology developed to close the blind security spots left by conventional security solutions, which hackers exploited to gain a foothold in target networks. Nowadays, enterprises are using a plethora of security solutions to protect their network from cyber threats. The most prominent ones are Firewalls, IPS/IDS, SIEM, EDR, and XDR (which combines the functionality of EDR and SIEM). However, all these solutions suffer from security gaps that prevent them from stopping advanced cyber-attacks efficiently. NDR was developed based on Intrusion Detection System (IDS). An IDS solution is installed on the network perimeter and monitors the network traffic for suspicious activities. IDS systems suffer from many downsides that make them inefficient in stopping modern cyber-attacks: IDS use signature-based detection techniques to discover abnormal activities, making them unable to spot unknown attacks. In addition, IDS systems triggerThe Hacker News
September 2, 2021 – General
Cyber Defense Magazine – September 2021 has arrived. Enjoy it! Full Text
Abstract
Cyber Defense Magazine September 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with 161 pages of excellent content. Cyber Defense eMagazine for September 2021Published monthly by Cyber Defense Magazine, this resource...Security Affairs
September 2, 2021 – Privacy
Digital State IDs Start Rollouts Despite Privacy Concerns Full Text
Abstract
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.Threatpost
September 02, 2021 – Policy and Law
WhatsApp to appeal $266 million fine for violating EU privacy laws Full Text
Abstract
Ireland's Data Privacy Commissioner (DPC) has hit Facebook-owned messaging platform WhatsApp with a €225 million ($266 million) administrative fine for violating the EU's GDPR privacy regulation after failing to inform users and non-users on what it does with their data.BleepingComputer
September 2, 2021 – Denial Of Service
UK-based Voip Unlimited and Voipfone Disrupted by Ongoing DDoS Attacks Full Text
Abstract
Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks. The two firms are South Coast-based Voip Unlimited and London-based Voipfone.The Register
September 02, 2021 – Botnet
Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks Full Text
Abstract
The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019. News of the arrest, which originally happened in June, was disclosed by researchers from Netlab, the network research division of Chinese internet security company Qihoo 360, earlier this Monday, detailing its involvement in the operation. "Mozi uses a P2P [peer-to-peer] network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019. The development also comes less than two weeks after Microsoft Security Threat Intelligence Center revealed the botnet's new capabilities that enable it to interThe Hacker News
September 2, 2021 – Vulnerabilities
Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists Full Text
Abstract
Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code is available. Cisco announced the availability of security patches for a critical authentication bypass...Security Affairs
September 2, 2021 – Attack
Comcast RF Attack Leveraged Remotes for Surveillance Full Text
Abstract
IoT vulnerabilities turned the remote into a listening device, researchers found, which impacted 18 million Xfinity customers.Threatpost
September 02, 2021 – Vulnerabilities
Cisco fixes critical authentication bypass bug with public exploit Full Text
Abstract
Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software (NFVIS) vulnerability with public proof-of-concept (PoC) exploit code.BleepingComputer
September 2, 2021 – Business
Corelight Banks $75M for Network Monitoring Expansion Plans Full Text
Abstract
Corelight said the Series D investment was led by Energy Impact Partners and brings the total raised to $160 million. Several previous investors also joined the latest funding round.Security Week
September 2, 2021 – Vulnerabilities
Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93 Full Text
Abstract
Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty program. Google announced the release of Chrome 93 for Windows, Mac and Linux that addresses a total of 27 flaws,...Security Affairs
September 02, 2021 – Attack
Autodesk reveals it was targeted by Russian SolarWinds hackers Full Text
Abstract
Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that one of its servers was backdoored with Sunburst malware.BleepingComputer
September 2, 2021 – Breach
Recruiting Firm Apparently Pays Ransom After Being Targeted by Hackers Full Text
Abstract
Administrative staffing agency Career Group, Inc. this week started sending notification letters to customers who were affected by a data breach that occurred in late June.Security Week
September 01, 2021 – Policy and Law
FTC Bans Stalkerware App SpyFone; Orders Company to Erase Secretly Stolen Data Full Text
Abstract
The U.S. Federal Trade Commission on Wednesday banned a stalkerware app company called SpyFone from the surveillance business over concerns that it stealthily harvested and shared data on people's physical movements, phone use, and online activities that were then used by stalkers and domestic abusers to monitor potential targets. "SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information," said Samuel Levine, acting director of the FTC's Bureau of Consumer Protection, in a statement. "The stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company's slipshod security. This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security." Calling out the app developers for its lack of basic security practices, the agency has also ordered SpyFone to delete the illegally harvested information and notify devicThe Hacker News
September 01, 2021 – General
How to block Windows Plug-and-Play auto-installing insecure apps Full Text
Abstract
A trick has been discovered that prevents your device from being taken over by vulnerable Windows applications when devices are plugged into your computer.BleepingComputer
September 1, 2021 – Business
Google Awards Over $130,000 for Flaws Patched With Release of Chrome 93 Full Text
Abstract
Google this week announced the release of Chrome 93 with a total of 27 security patches inside, including 19 for vulnerabilities that were reported by external researchers.Security Week
September 01, 2021 – Business
Industry lobbies Congress to extend notification timeline after cybersecurity incidents Full Text
Abstract
Key industry groups on Wednesday pushed to give organizations at least three days to report cybersecurity incidents to the federal government, effectively opposing Senate legislation that would give them 24 hours to report breaches.The Hill
September 01, 2021 – Criminals
Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns Full Text
Abstract
Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage. "Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious cryptocurrency mining attempts to monetize the CPU cycles of infected systems," researchers from Cisco Talos said in a Tuesday analysis. "In many cases, these applications are featured in multi-stage, multi-payload malware attacks that provide adversaries with multiple monetization methods." Proxyware, also called internet-sharing applications, are legitimate services that allow users to carve out a percentage of their internet bandwidth for other devices, often for a fee, through a client application offered by the provider, enabling other customers to access the internet usingThe Hacker News
September 1, 2021 – Botnet
Mozi infections will slightly decrease but it will stay alive for some time to come Full Text
Abstract
The Mozi botnet continues to spread despite the arrest of its alleged author and experts believe that it will run for many other years. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware,...Security Affairs
September 01, 2021 – Policy and Law
FTC bans stalkerware maker Spyfone from surveillance business Full Text
Abstract
FTC has banned stalkerware maker Spyfone and CEO Scott Zuckerman from the surveillance business after failing to protect customers' devices from hackers and sharing info on their location and activity.BleepingComputer
September 1, 2021 – Hacker
Attackers Sell Your Internet Bandwidth for Passive Income Full Text
Abstract
Cisco Talos highlighted the rise in abuse of proxyware that allows adversaries to manipulate compromised internet connections to generate illicit revenue. Attackers were also observed installing digital currency miners and info-stealers to earn additional revenue. In some cases, hackers even patch ... Read MoreCyware Alerts - Hacker News
September 01, 2021 – Policy and Law
FTC bans ‘stalkerware’ company from operating in surveillance industry Full Text
Abstract
The Federal Trade Commission (FTC) on Wednesday banned the operation of an app alleged to be used as “stalkerware” and the company’s CEO from the surveillance industry following allegations that the company had collected and shared data to enable stalking.The Hill
September 01, 2021 – Vulnerabilities
Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices Full Text
Abstract
Cybersecurity researchers on Tuesday disclosed details about a zero-click security vulnerability in Linphone Session Initiation Protocol ( SIP ) stack that could be remotely exploited without any action from a victim to crash the SIP client and cause a denial-of-service (DoS) condition. Tracked as CVE-2021-33056 (CVSS score: 7.5), the issue concerns a NULL pointer dereference vulnerability in the " belle-sip " component, a C-language library used to implement SIP transport, transaction, and dialog layers, with all versions prior to 4.5.20 affected by the flaw. The weakness was discovered and reported by industrial cybersecurity company Claroty. Linphone is an open-source and cross-platform SIP client with support for voice and video calls, end-to-end encrypted messaging, and audio conference calls, among others. SIP, on the other hand, is a signaling protocol used for initiating, maintaining, and terminating real-time multimedia communication sessions for voice, videoThe Hacker News
September 1, 2021 – Vulnerabilities
QNAP will patche OpenSSL flaws in its NAS devices Full Text
Abstract
Network-attached storage (NAS) appliance maker QNAP is working on security patches for its products affected by recently fixed OpenSSL flaws. Taiwanese Network-attached storage (NAS) appliance maker QNAP announced that it is assessing the potential...Security Affairs
September 01, 2021 – Solution
Twitter adds Safety Mode to automatically block online harassment Full Text
Abstract
Twitter has introduced today Safety Mode, a new feature that aims to block online harassment attempts and reduce disruptive interactions on the platform.BleepingComputer
September 1, 2021 – Vulnerabilities
New Mirai Variant Abuses WebSVN Vulnerability Full Text
Abstract
A new variant of Mirai botnet is exploiting a previously disclosed command injection vulnerability affecting WebSVN. The main purpose of this new version of the botnet is to perform a variety of DDoS attacks. O rganizations are strongly recommended to have a robust patch manag ... Read MoreCyware Alerts - Hacker News
September 1, 2021 – Policy and Law
SEC announces sanctions against entities over email account hacking Full Text
Abstract
The U.S. Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. The U.S. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies...Security Affairs
September 01, 2021 – Insider Threat
Fired NY credit union employee nukes 21GB of data in revenge Full Text
Abstract
Juliana Barile, the former employee of a New York credit union, pleaded guilty to accessing the financial institution's computer systems without authorization and destroying over 21 gigabytes of data in revenge.BleepingComputer
September 1, 2021 – Disinformation
Fake DDoS Alerts Leading to BazaLoader Full Text
Abstract
The messages contain fake alerts about the sites being involved in DDoS attacks. They contain a legal threat, along with a file in a Google Drive folder that reportedly offers evidence of the attack source.Cyware Alerts - Hacker News
September 1, 2021 – Ransomware
Lockfile Ransomware Embraces Offensive Updates Full Text
Abstract
LockFile, unlike other ransomware, doesn't encrypt the first few blocks. Instead, it encrypts every other 16 bytes of a document. This technique is called intermittent encryption.Cyware Alerts - Hacker News
September 1, 2021 – Government
Singapore adds a third bug bounty program – this time to fortify government digital services Full Text
Abstract
The new Vulnerability Rewards Programme (VRP) joins the Government Bug Bounty Programme and the Vulnerability Disclosure Programme, all of which work alongside the government's own security checks.The Register
September 1, 2021 – Criminals
Ransomware Gangs Using Data Leak Sites to Recruit New Affiliates Full Text
Abstract
Ransomware gangs are posting announcements on their own data leaks websites. This shift has come about in large part because two major ransomware forums banned gangs from promoting their RaaS schemes.Security Intelligence
September 1, 2021 – Vulnerabilities
Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack Full Text
Abstract
A flaw affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday.Security Week
September 1, 2021 – Cryptocurrency
Cryptocurrency payments to scams outpace ransomware jackpots in Eastern Europe, Chainalysis finds Full Text
Abstract
Between December 2019 and August 2021, users sent over $1.5 billion worth of bitcoin to Finiko, a Russia-based Ponzi-scheme whose founders are under arrest or have fled Russia.Cyberscoop
September 01, 2021 – Criminals
LockBit gang leaks Bangkok Airways data, hits Accenture customers Full Text
Abstract
Bangkok Airways, a major airline company in Thailand, confirmed it was the victim of a cyberattack earlier this month that compromised personal data of passengers.BleepingComputer
September 1, 2021 – Criminals
Cybercriminals Abuse the Domain Name System Through Malicious Websites to Exploit Private Networks Full Text
Abstract
Allowing arbitrary cross-origin requests is known to be extremely dangerous. Therefore most modern browsers block these requests. However, DNS rebinding provides a way to bypass this restriction.Palo Alto Networks
September 01, 2021 – General
[LIVE WEBINAR] How Lean Security Teams Can Improve Their Time to Response Full Text
Abstract
Cybersecurity could be described as a marathon for security teams that spend most of their time building sustained defenses that prevent threats day after day. However, they must be ready to hit a sprint whenever an attack succeeds since attack duration, and the resulting damages are directly correlated. Reacting to a successful attack is a major challenge for lean security teams today since speed tends to be a result of size. Large teams with abundant resources can respond to incidents much faster as they can expend those resources freely. Lean security teams face the same costs and resource needs but with a much smaller pool to call from. A new live webinar by XDR provider Cynet shows why that doesn't have to be the case ( register here ). The webinar breaks down how even large enterprises struggle with time to response. Look at any of the major breaches of the past years and you'll find large security teams that overlooked red flags or mishandled their incident response. It's nThe Hacker News
September 1, 2021 – Government
U.K.’s Post-Brexit Strategy on Cross-Border Data Flows Full Text
Abstract
On Aug. 25, the U.K. Department for Digital, Culture, Media & Sport (DCMS) released important details about its post-Brexit strategy for cross-border flows of personal data. What's in the release?Lawfare
September 1, 2021 – Government
Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA Full Text
Abstract
The FBI and CISA issued a joint cybersecurity advisory to warn organizations to remain vigilant against ransomware attacks during weekends or holidays. The FBI and CISA warn organizations to keep high their defenses against ransomware attacks during...Security Affairs
September 1, 2021 – Attack
Feds Warn of Ransomware Attacks Ahead of Labor Day Full Text
Abstract
Threat actors recently have used long holiday weekends — when many staff are taking time off — as a prime opportunity to ambush organizations.Threatpost
September 1, 2021 – Government
Federal Departments Ordered to Improve Logging Capabilities Full Text
Abstract
The White House ordered U.S. agencies to improve their logging capabilities to better track when attackers target their networks and data, according to a memo from the Office of Management and Budget.Bank Info Security
September 01, 2021 – Vulnerabilities
QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices Full Text
Abstract
Network-attached storage (NAS) appliance maker QNAP said it's currently investigating two recently patched security flaws in OpenSSL to determine their potential impact, adding it will release security updates should its products turn out to be vulnerable. Tracked as CVE-2021-3711 (CVSS score: 7.5) and CVE-2021-3712 (CVSS score: 4.4), the weaknesses concern a high-severity buffer overflow in SM2 decryption function and a buffer overrun issue when processing ASN.1 strings that could be abused by adversaries to run arbitrary code, cause a denial-of-service condition, or result in disclosure of private memory contents, such as private keys, or sensitive plaintext — CVE-2021-3711 - OpenSSL SM2 decryption buffer overflow CVE-2021-3712 - Read buffer overruns processing ASN.1 strings "A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the cThe Hacker News
September 1, 2021 – Criminals
LockBit ransomware operators leak 200GB of data belonging to Bangkok Airways Full Text
Abstract
LockBit ransomware operators have breached Bangkok Airways, the airline confirmed it was the victim and discloses a data breach impacting its passengers. Bangkok Airways, a regional airline based in Bangkok, discloses a data breach...Security Affairs
September 1, 2021 – General
There’s a Better Way to Stop Ransomware Attacks Full Text
Abstract
Ransomware attacks occur because criminals make money from them. If we can make it harder to profit from such attacks, they will decrease. The United States can make it harder.New York Times
September 1, 2021 – General
New Edition of Pipeline Cybersecurity Standard Covers All Control Systems Full Text
Abstract
According to the API, which is the largest trade association for the oil and natural gas industry, this edition covers all control systems, rather than just SCADA systems as the previous edition did.Security Week
September 1, 2021 – Encryption
Quantum threat to cryptography and how to overcome this Full Text
Abstract
To maintain confidentiality, organizations use symmetric and public-key cryptography. Though public key encryption is the most prone to quantum attacks, symmetric key encryption is also susceptible.AT&T Cybersecurity
September 1, 2021 – Breach
Accellion breach exposed data from patients at major Michigan hospital system Full Text
Abstract
A major Michigan hospital system on Friday notified roughly 1,500 patients that their information may have been exposed as a result of a hack against file-sharing service Accellion.Cyberscoop
September 1, 2021 – Vulnerabilities
Cyberattacks Use Office 365 to Target Supply Chain Full Text
Abstract
Supply chain attacks starting in Office 365 can take on many different forms. For instance, spear phishers can use a compromised Office 365 account to scout out a targeted employee’s ongoing emails.Security Intelligence