APT groups targets US Think Tanks, CISA, FBI warn
https://securityaffairs.co/wordpress/111806/apt/cisa-fbi-us-think-tanks.html
APT groups targets US Think Tanks, CISA, FBI warn - Security Affairs APT groups continue to target United States think tanks, the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. The work of US think tanks has a […] securityaffairs.co |
---
Turla Crutch: Keeping the “back door” open
https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
Turla Crutch: Keeping the “back door” open | WeLiveSecurity ESET researchers found a previously undocumented backdoor and document stealer. Dubbed Crutch by its developers, we were able to attribute it to the infamous Turla APT group. According to our ... |
---
Multi-Vector Miner Tsunami Botnet with SSH Lateral Movement
https://securityaffairs.co/wordpress/111761/malware/multi-vector-miner-tsunami-botnet.html
Multi-Vector Miner Tsunami Botnet with SSH Lateral Movement--Security Affairs Security researcher Tolijan Trajanovski (@tolisec) analyzed the multi-vector Miner Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb, shared with me samples of a botnet that propagates using weblogic exploit. The botnet was also discovered by @BadPackets 5 days ago and it is still active as of now, December 1, 2020. The botnet carries two […] securityaffairs.co |
---
Trickbot now offers ‘trickboot’: persist, brick, profit
https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit - Eclypsium Executive Summary. Collaborative research between Advanced Intelligence (AdvIntel) and Eclypsium has discovered that the TrickBot malware now has functionality designed to inspect the UEFI/BIOS firmware of targeted systems. This new functionality, which we have dubbed “TrickBoot,” makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers ... eclypsium.com |
---
Hey Alexa what did i just type? decoding smartphone sounds with a voice assistant
https://arxiv.org/pdf/2012.00687.pdf
---
DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882
https://securityaffairs.co/wordpress/111743/hacking/darkirc-oracle-weblogic-cve-2020-14882.html
DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882--Security Affairs Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. The CVE-2020-14882 can be exploited by unauthenticated attackers to take over the system securityaffairs.co |
---
Exclusive: Experts from TIM’s Red Team Research (RTR) found 6 zero-days
https://securityaffairs.co/wordpress/111692/hacking/schneider-electric-zero-days.html
Experts from TIM’s Red Team Research (RTR) found 6 zero-days--Security Affairs Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered 6 new vulnerabilities in the StruxureWare product. The flaws have been addressed by the manufacturer Schneider Electric, between April and November 2020. Schneider Electric is a vendor ... securityaffairs.co |
---
Hundreds of millions of Android users exposed to hack due to CVE-2020-8913--Security Affairs Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913 The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library. The vulnerability is rated 8.8 out […] securityaffairs.co |
---
Hackers hide software skimmer in social media sharing icons
https://securityaffairs.co/wordpress/111872/malware/software-skimmer-social-share-icon.html
Hackers hide software skimmer in social media sharing icons--Security Affairs Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages. E-skimming took place when hackers compromise an e-commerce site and plant a malicious […] securityaffairs.co |
---
Hackers are targeting COVID-19 vaccine cold chain
https://securityaffairs.co/wordpress/111858/apt/covid-19-cold-chain-attacks.html
Hackers are targeting COVID-19 vaccine cold chain--Security Affairs Researchers from IBM X-Force warned of threat actors actively targeting organizations associated with the COVID-19 vaccine cold chain. The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020. Threat actors are impersonating ... securityaffairs.co |
---
Four New SonicWall Firewalls Announced
https://www.storagereview.com/news/four-new-sonicwall-firewalls-announced
Four New SonicWall Firewalls Announced - StorageReview.com Today, SonicWall announced four new firewalls, the NSa (note that the ‘a’ is not capitalized) 2700, the TZ270, TZ370, and TZ470. The new firewalls are in addition to the two other x70 firewalls, the TZ570 and the TZ670, they announced earlier this year. SonicWall was founded in 1991. SonicWall ... |
---
Crooks stole 800,000€ from ATMs in Italy with Black Box attack
https://securityaffairs.co/wordpress/111659/cyber-crime/black-box-attack-italy.html
Crooks stole 800,000€ from ATMs in Italy with Black Box attack--Security Affairs A criminal organization has stolen money from at least 35 ATMs and Post Office cash dispensers operated by Italian banks with a new black box attack technique. The Carabinieri of Monza dismantled by the gang, the […] securityaffairs.co |
---
Stride Identifies a Cyberattack on Its Systems and Network
Stride Identifies a Cyberattack on Its Systems and Network K12 Inc. (NYSE: LRN) (“Stride” or “we”) – to be Stride, Inc. effective December 16, 2020 – has detected unauthorized activity on its network, which ha |
---
GO SMS Pro Vulnerable to File Theft: Part 2
GO SMS Pro Vulnerable to File Theft: Part 2 | Trustwave Last week we released an advisory about an SMS app called GO SMS Pro. Media files sent via text in the app are stored insecurely on a publicly accessible server. With some very minor scripting, it is trivial to throw a wide net around that content. While it's not directly possible to link the media to specific users, those media files with faces, names, or other identifying characteristics do ... |
---
A scan of 4 Million Docker images reveals 51% have critical flaws
https://securityaffairs.co/wordpress/111833/hacking/docker-hub-scan-analysis.html
A scan of 4 Million Docker Images reveals 51% have critical flaws--Security Affairs Container security firm Prevasio has analyzed 4 million public Docker container images hosted on Docker Hub and discovered that the majority of them had critical vulnerabilities. The cybersecurity firm used its Prevasio Analyzer […] securityaffairs.co |
---
Google discloses a zero-click Wi-Fi exploit to hack iPhone devices
https://securityaffairs.co/wordpress/111788/mobile-2/iphone-devices-hack.html
Google discloses a zero-click Wi-Fi exploit to hack iPhone devices--Security Affairs Google Project Zero white-hat hacker Ian Beer has disclosed technical details of a critical “wormable” iOS bug that could have allowed a remote attacker to take over any device in the vicinity over Wi-Fi. securityaffairs.co |
---
Malicious npm packages spotted delivering njRAT Trojan
https://securityaffairs.co/wordpress/111751/hacking/npm-packages-installs-njrat.html
Malicious npm packages spotted delivering njRAT Trojan--Security Affairs Security staff behind the npm repository removed two packages that were found containing the malicious code to install the njRAT remote access trojan (RAT) on computers of JavaScript and Node.js developers who imported and […] securityaffairs.co |
---
Talos reported WebKit flaws in WebKit that allow Remote Code Execution
https://securityaffairs.co/wordpress/111698/hacking/webkit-browser-engine-flaws.html
Talos reported WebKit flaws in WebKit that allow Remote Code Execution--Security Affairs Cisco’s Talos team discovered security flaws in the WebKit browser engine, including flaws that can be exploited by a remote attacker to gain code execution by tricking the user into visiting a malicious website. securityaffairs.co |
---
A critical flaw in industrial automation systems opens to remote hack
https://securityaffairs.co/wordpress/111646/ics-scada/automation-systems-opens-flaw.html
A critical flaw in industrial automation systems opens to remote hack--Security Affairs Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November […] securityaffairs.co |
---
Exploring malware to bypass DNA screening and lead to ‘biohacking’ attacks
https://securityaffairs.co/wordpress/111681/hacking/biohacking-attacks-dna-screening.html
Exploring malware to bypass DNA screening and lead to 'biohacking' attacks--Security Affairs A team of researchers from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare. Scientists play a crucial role in modern society, especially during […] securityaffairs.co |
---
BlackShadow hackers extort Israeli insurance company for $1 million
BlackShadow hackers extort Israeli insurance company for $1 million BlackShadow hackers extort Israeli insurance company for $1 million. Metro Vancouver's transit system hit by Egregor ransomware. Learn to code like a pro with this extended Cyber Monday deal |
---
French pharmaceuticals distribution platform Apodis Pharma leaking 1.7 TB of confidential data
https://securityaffairs.co/wordpress/111756/data-breach/apodis-pharma-data-leak.html
French Apodis Pharma leaking 1.7 TB of confidential data--Security Affairs The CyberNews investigation team discovered an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing confidential data belonging to Apodis Pharma, a software company based in France. Apodis Pharma is a company that offers a digital supply chain management platform and other software solutions created for pharmacies, healthcare institutions, pharmaceutical ... securityaffairs.co |
---
Egregor ransomware attack paralyzed for 3 days payment systems at Metro Vancouver’s transportation agency TransLink
https://securityaffairs.co/wordpress/111898/cyber-crime/egregor-ransomware-hit-translink.html
Egregor ransomware hit Metro Vancouver transportation agency TransLink--Security Affairs Egregor ransomware operators made the headlines again, this time they hit Metro Vancouver’s transportation agency TransLink causing the disruption of its services and payment systems. The news was also confirmed by Global News which has obtained the ransom letter ... securityaffairs.co |
---
Clop Ransomware gang claims to have stolen 2 million credit cards from E-Land
https://securityaffairs.co/wordpress/111842/malware/clop-ransomware-e-land.html
Clop Ransomware gang claims to have stolen 2M credit cards from E-Land--Security Affairs E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea. E-Land Group takes part in retail malls, restaurants, theme parks, hotels and construction businesses as well as its cornerstone, fashion apparel business. It ... securityaffairs.co |
---
K12 education giant paid the ransom to the Ryuk gang
https://securityaffairs.co/wordpress/111824/malware/k12-ryuk-ransomware.html
K12 education giant paid the ransom to the Ryuk gang--Security Affairs K12 Inc. is a for-profit education company that sells online schooling and curricula.K12 is an education management organization (EMO) that provides online education designed as an alternative to traditional “brick and mortar” education for public school students from kindergarten to 12th grade, Publicly traded K12 is the largest EMO in terms of enrollment. securityaffairs.co |
---
Baltimore County Schools close after a ransomware attack
https://securityaffairs.co/wordpress/111732/cyber-crime/baltimore-county-schools-ransomware.html
Baltimore County Schools close after a ransomware attack--Security Affairs Baltimore County Schools are still closed following a ransomware attack and unfortunately, at the time of this writing, it is impossible to predict when school will resume. School officials notified state and federal law enforcement […] securityaffairs.co |
---
Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang
https://securityaffairs.co/wordpress/111654/cyber-crime/delaware-county-doppelpaymer-ransomware.html
Delaware County opted to pay 500K ransom to DoppelPaymer gang--Security Affairs During the last weekend Delaware County, Pennsylvania, was the victim of a DoppelPaymer ransomware attack that brought down part of its network. According to local media, the ransomware operators have compromised systems containing sensitive information, […] securityaffairs.co |
---
Owner and Operator of India-Based Call Centers Sentenced to Prison for Scamming U.S. Victims out of Millions of Dollars
An Indian national was sentenced today to 20 years in prison followed by three years of supervised release in the Southern District of Texas for his role in operating and funding India-based call centers that defrauded U.S. victims out of millions of dollars between 2013 and 2016. |