Investigation with a twist: an accidental APT attack and averted data destruction
|
Investigation with a twist: an accidental APT attack and averted data destruction In late April 2020, a client invited the CSIRT incident response team at the Positive Technologies Expert Security Center (PT ESC) to investigate a network compromise that resulted in encryption of files on servers and employee workstations. We initially assumed that this was yet another attack on ... |
---
A hacker is selling access to the email accounts of hundreds of C-level executives
---
FBI issued an alert on Ragnar Locker ransomware activity
https://securityaffairs.co/wordpress/111286/malware/ragnar-locker-ransomware-fbi-alert.html
FBI issued an alert on Ragnar Locker ransomware activity--Security Affairs The U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April […] securityaffairs.co |
---
Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware
https://securityaffairs.co/wordpress/111321/malware/cursedgrabber-malware-campaign.html
|
CursedGrabber: Massive threat campaign strikes open-source repos--Security Affairs Sonatype’s deep dive research allowed to identify a new family of Discord malware called CursedGrabber.
Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem. The malware called “xpc.js” […] securityaffairs.co |
---
TikTok fixed security issues that could have led one-click account takeover
https://securityaffairs.co/wordpress/111336/hacking/tiktok-domains-security-flaws.html
|
TikTok fixed security issues that could have led one-click account takeover--Security Affairs TikTok has addressed a couple of security issues that could have been chained to led account takeover. The first issue addressed by the social media platform is a reflected XSS security flaw that has been reported by the bug bounty hunter Muhammed “milly” Taskiran via the bug bounty platform HackerOne. The Cross-Site-Scripting flaw affected the company […] securityaffairs.co |
---
Romanians arrested for running underground malware services
https://securityaffairs.co/wordpress/111270/cyber-crime/police-shutdown-malware-services.html
|
Romanians arrested for running underground malware services--Security Affairs The arrests are the result of a joint operation conducted with the support of the FBI, Europol, Australian, and Norwegian police. “Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” reads the press release published by the Europol. “These services have been purchased by more ... securityaffairs.co |
---
Researchers show how to steal a Tesla Model X in a few minutes
Researchers show how to steal a Tesla Model X in a few minutes--Security Affairs A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group at the KU Leuven University in Belgium has demonstrated how to steal a Tesla Model X in minutes by exploiting vulnerabilities in the car’s keyless entry system. securityaffairs.co |
---
TrickBot operators continue to update their malware to increase resilience to takedown
https://securityaffairs.co/wordpress/111381/cyber-crime/trickbot-evolution.html
TrickBot operators continue to update their malware--Security Affairs Following the recent takedown, the TrickBot operators have implemented various improvements to make it more resilient.
In October, Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet ... securityaffairs.co |
---
SSH-backdoor Botnet With ‘Research’ Infection Technique
https://securityaffairs.co/wordpress/111477/malware/ssh-backdoor-botnet.html
|
SSH-backdoor Botnet With ‘Research’ Infection Technique--Security Affairs In a recent tweet, the malware researcher @0xrb shared a list containing URLs of recently captured IoT botnet samples. Among the links, there was an uncommon example, a URL behind a Discord CDN, which as pointed by the IoT malware researcher @_lubiedo, may be ... securityaffairs.co |
---
A new Stantinko Bot masqueraded as httpd targeting Linux servers
https://securityaffairs.co/wordpress/111393/malware/stantinkos-linux-variant.html
|
A new Stantinko Bot masqueraded as httpd targeting Linux servers--Security Affairs Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. The Stantinko botnet was first spotted by ESET in 2017, at the […] securityaffairs.co |
---
A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed
https://securityaffairs.co/wordpress/111485/hacking/windows-7-server-2008-0day.html
A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed--Security Affairs The researcher was developing his own Windows privilege escalation enumeration script, named PrivescCheck, which is a sort of updated and extended version of the famous PowerUp. “If you have ever run this script on Windows 7 or Windows Server 2008 R2, you probably noticed a weird recurring result and perhaps thought that it was a false positive just as I did. securityaffairs.co |
---
Watch out, WAPDropper malware could subscribe you to premium services
https://securityaffairs.co/wordpress/111442/malware/wapdropper-malware.html
Watch out, WAPDropper malware could subscribe you to premium services--Security Affairs Security researchers from Check Point have spotted a new malware family dubbed WAPDropper that targets mobile phone users to subscribe them to legitimate premium-rate services. Check Point experts observed the WAPDropper subscribing unaware users to premium services from ... securityaffairs.co |
---
Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million
https://securityaffairs.co/wordpress/111503/cyber-crime/carding-action-2020-europol.html
|
Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million--Security Affairs Carding Action 2020 targeted crooks selling/purchasing compromised card data on sites selling stolen cred itcard data and darkweb marketplaces Group-IB, a global threat hunting and intelligence company, has supported Carding Action 2020 – a cross-border operation led by Europol’s European Cyber Crime Centre (EC3) with the support from law enforcement agencies including The Dedicated Card ... securityaffairs.co |
---
Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members
https://securityaffairs.co/wordpress/111459/cyber-crime/tmt-operation-falcon.html
Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members--Security Affairs Group-IB, a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB. A cross-border anti-cybercrime effort that involved INTERPOL’s ... securityaffairs.co |
---
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services — Krebs on Security Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the ... krebsonsecurity.com |
---
The smart video doorbells letting hackers into your home
https://www.which.co.uk/news/2020/11/the-smart-video-doorbells-letting-hackers-into-your-home/
|
The smart video doorbells letting hackers into your home – Which? News 11 smart doorbells purchased from online marketplaces have failed Which? security tests, in the latest example of smart products that could pose a risk to you and your home. Smart doorbells with cameras let you see who’s at the door without getting up off the sofa, but in-depth security testing ... |
---
AG Healey Secures $525,000 in Settlement With Home Depot Over Data Breach
https://www.mass.gov/news/ag-healey-secures-525000-in-settlement-with-home-depot-over-data-breach
AG Healey Secures $525,000 in Settlement With Home Depot Over Data Breach | Mass.gov Massachusetts Attorney General Maura Healey today announced that her office secured $525,000 in a settlement with The Home Depot, Inc. resolving a multistate investigation of a 2014 data breach that exposed the payment card information of approximately 40 |
---
Sophos notifies data leak after a misconfiguration
https://securityaffairs.co/wordpress/111495/data-breach/sophos-data-leak.html
Sophos notifies data leak after a misconfiguration ......Security Affairs ZDNet reported that the cyber-security firm Sophos is notifying customers via email about a security breach, the company became aware ot the incident on November 24. “On November 24, 2020, Sophos was advised of an access […] securityaffairs.co |
---
Belden discloses data breach as a result of a cyber attack
https://securityaffairs.co/wordpress/111468/data-breach/belden-discloses-data-breach.html
Belden discloses data breach as a result of a cyber attack--Security Affairs “Belden was the target of a sophisticated attack by a party outside the company that accessed servers that contained personal information of some current and former Belden employees, as well as limited company information regarding some of our business partners.” reads a statement published by the company. securityaffairs.co |
---
Securing the fight against COVID-19 through open source
https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss
|
Securing the fight against COVID-19 through open source - GitHub Security Lab This blog describes a security vulnerability in the infrastructure that supports Germany’s COVID-19 contact tracing efforts. The mobile (Android/iOS) apps are not affected by the vulnerability and do not collect and/or transmit any personal data other than the device’s IP address. The infrastructure takes active measures to disassociate true positives from client IP addresses. securitylab.github.com |
---
Fake Zoom invite cripples Aussie hedge fund with $8m hit
Fake Zoom invite cripples Aussie hedge fund with $8m hit A Sydney hedge fund has collapsed after a cyber attack triggered by a fake Zoom invitation saw its trustee and administrator mistakenly approve $8.7 million in fraudulent invoices. The scam, the ... |
---
Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs
Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices. Present on the list of vulnerable targets are domains belonging to high street ... |
---
A week later, Manchester United has yet to recover after a cyberattack
https://securityaffairs.co/wordpress/111560/hacking/manchester-united-cyber-attack-2.html
A week later, Manchester United has yet to recover after cyberattack--Security Affairs Last week Manchester United was hit by a sophisticated cyber attack, the attack took place on Friday evening and the football club shut down its systems to prevent the malware from spreading within. […] securityaffairs.co |
---
Details of 16 million Brazilian COVID-19 patients exposed online
https://securityaffairs.co/wordpress/111534/data-breach/brazilian-covid-19-patients-leak.html
Details of 16 million Brazilian COVID-19 patients exposed online--Security Affairs Personal/health details of more than 16 million Brazilian COVID-19 patients, including Government representatives, has been exposed online securityaffairs.co |
---
Canon publicly confirms August ransomware attack and data breach
https://securityaffairs.co/wordpress/111523/malware/canon-confirms-ransomware-attack.html
Canon publicly confirms August ransomware attack and data breach--Security Affairs Canon has finally confirmed that it was the victim of a ransomware attack in early August and that the threat actors also stole data from its servers. In August, ZDNet first revealed […] securityaffairs.co |
---
Ransomware hits US Fertility the largest US fertility network
https://securityaffairs.co/wordpress/111513/data-breach/ransomware-hits-us-fertility.html
Ransomware hits US Fertility the largest US fertility network--Security Affairs The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its clinics with 130,000 babies have been born.
“On September 14, 2020, USF experienced an IT security event [..] that involved the inaccessibility of certain computer systems on our network as a result of a malware infection,” reads the Notice of Data ... securityaffairs.co |
---
Danish news agency Ritzau hit by ransomware, but did not pay the ransom
https://securityaffairs.co/wordpress/111507/cyber-crime/ritzau-ransomware-attack.html
Danish news agency Ritzau hit by ransomware, but did not pay the ransom--Security Affairs
Ritzau, the biggest Danish news agency, was hit by a ransomware attack that brought it offline. The cyber attack hit a quarter of Ritzau ’s 100 servers that have been damaged. The agency […] securityaffairs.co |
---
Retail giant E-Land closes nearly half of stores due to ransomware attack
https://www.koreatimes.co.kr/www/tech/2020/11/694_299692.html
Retail giant E-Land closes nearly half of stores due to ransomware attack South Korean fashion and retail conglomerate E-Land Group said Sunday it has suspended operations at nearly half of its stores in the country due to a ransomware attack. The group said its ... |