Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
https://research.checkpoint.com/2021/the-story-of-jian/
|
The Story of Jian - How APT31 Stole and Used an Unknown Equation Group 0-Day - Check Point Research The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day February 22, 2021 Research by: Eyal Itkin and Itay Cohen There is a theory which states that if anyone will ever manage to steal and use nation-grade cyber tools, any network would become untrusted, and the world would become a very dangerous place to live in. research.checkpoint.com |
---
APT32 state hackers target human rights defenders with spyware
https://securityaffairs.co/wordpress/114973/malware/apt32-spyware-human-rights-defenders.html
|
APT32 state hackers target human rights defenders with spyware--Security Affairs The threat actors used by spyware to take over the target systems, spy on the victims, and exfiltrate data. “Amnesty Tech’s Security Lab found technical evidence in phishing emails sent to two prominent Vietnamese human rights defenders, one of whom lives in Germany, and a Vietnamese NGO based in the Philippines, showing that Ocean Lotus is responsible for the attacks between 2018 and ... securityaffairs.co |
---
FIN11 cybercrime group is behind recent wave of attacks on FTA servers
https://securityaffairs.co/wordpress/114933/apt/fin11-fta-servers-atatcks.html
|
FIN11 cybercrime group is behind recent wave of attacks on FTA servers--Security Affairs Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. “Starting in mid-December 2020, malicious actors that Mandiant […] securityaffairs.co |
---
Twitter removes 100 accounts linked to Russia disseminating disinformation
|
Twitter removes 100 accounts linked to Russia disseminating disinformation--Security Affairs Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance. Experts believe the accounts were part of […] securityaffairs.co |
---
The Continuous Conundrum of Cloud Atlas
https://www.domaintools.com/resources/blog/the-continuous-conundrum-of-cloud-atlas
|
The Continuous Conundrum of Cloud Atlas Background. In November 2020, in coordination with researchers from Black Lotus Labs at Lumen, DomainTools researchers disclosed an ongoing campaign linked to an entity referred to in industry reporting as “Cloud Atlas” or “Inception.”Cloud Atlas is an interesting entity as it is linked to attempted intrusions across multiple conflict zones and state ministries, yet has never been ... |
---
This chart shows the connections between cybercrime groups
https://www.zdnet.com/article/this-chart-shows-the-connections-between-cybercrime-groups/
|
This chart shows the connections between cybercrime groups | ZDNet This chart shows the connections between cybercrime groups. CrowdStrike puts together a list of connections and how cybercrime groups cooperate with each other. |
---
Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures
|
MINEBRIDGE Remote-access Trojan (RAT) 2021 | Zscaler Blog In Jan 2021, Zscaler ThreatLabZ discovered new instances of the MINEBRIDGE remote-access Trojan (RAT) embedded in macro-based Word document files crafted to look like valid job resumes (CVs). Such lures are used as social engineering schemes by threat actors; in this case, the malware was targeted ... |
---
Cybercriminals Target QuickBooks Databases
|
Cybercriminals Target QuickBooks Databases Cybercriminals increasingly have targeted QuickBooks file data at small and midsize businesses (SMBs) over the past few months, according to new research. |
---
The mystery of the Silver Sparrow Mac malware
https://blog.malwarebytes.com/mac/2021/02/the-mystery-of-the-silver-sparrow-mac-malware/
|
The mystery of the Silver Sparrow Mac malware - Malwarebytes Labs Cyber security company Red Canary published findings last week about a new piece of Mac malware called Silver Sparrow. This malware is notable in being one of the first to include native code for Apple’s new M1 chips, but what is unknown about this malware is actually more interesting than what is known! blog.malwarebytes.com |
---
Microsoft releases open-source CodeQL queries to assess Solorigate compromise
https://securityaffairs.co/wordpress/115056/hacking/microsoft-codeql-queries-solarwinds.html
Microsoft releases open-source CodeQL queries to assess Solorigate compromise--Security Affairs Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds attack. In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint […] securityaffairs.co |
---
A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism
https://securityaffairs.co/wordpress/114984/cyber-crime/bitcoin-blockchain-botnet.html
Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. This technique allows botnet operators to make their infrastructure ... securityaffairs.co |
---
An attacker was able to siphon audio feeds from multiple Clubhouse rooms
https://securityaffairs.co/wordpress/114891/digital-id/clubhouse-privacy-issues.html
An attacker was able to siphon audio feeds from multiple Clubhouse rooms--Security Affairs An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website While the popularity of the audio chatroom app Clubhouse continues to increase experts are questioning the security and privacy level it offers to its users. Recently the company announced it […] securityaffairs.co |
---
Researchers uncovered a new Malware Builder dubbed APOMacroSploit
https://securityaffairs.co/wordpress/114880/cyber-crime/apomacrosploit-macro-builder.html
Researchers uncovered a new Malware Builder dubbed APOMacroSploit--Security Affairs Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was […] securityaffairs.co |
---
Experts warn of threat actors abusing Google Alerts to deliver unwanted programs
https://securityaffairs.co/wordpress/114871/cyber-crime/google-alerts-abuse.html
Experts warn of threat actors abusing Google Alerts to deliver unwanted programs--Security Affairs Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to […] securityaffairs.co |
---
Ryuk ransomware now self-spreads to other Windows LAN devices
Ryuk ransomware now self-spreads to other Windows LAN devices A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021. |
---
Alert (AA21-055A) Exploitation of Accellion File Transfer Appliance
https://us-cert.cisa.gov/ncas/alerts/aa21-055a
Exploitation of Accellion File Transfer Appliance | CISA This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA). us-cert.cisa.gov |
---
Google discloses technical details of Windows CVE-2021-24093 RCE flaw
https://securityaffairs.co/wordpress/115008/hacking/cve-2021-24093-rce-flaw-details.html
Google discloses technical details of Windows CVE-2021-24093 RCE flaw--Security Affairs White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client. DirectWrite […] securityaffairs.co |
---
Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw
https://securityaffairs.co/wordpress/115001/hacking/cve-2021-21972-vmware-center-scans.html
A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage ... securityaffairs.co |
---
Firefox 86 Introduces Total Cookie Protection
https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
Firefox 86 Introduces Total Cookie Protection - Mozilla Security Blog Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode. Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site. blog.mozilla.org |
---
France Probes Massive Leak Of Medical Records
https://www.barrons.com/news/france-probes-massive-leak-of-medical-records-01614257109
France Probes Massive Leak Of Medical Records | Barron's French cybercrime investigators said Thursday they were investigating the leak of the medical data of nearly half a million people, including such highly confidential information as their HIV and ... |
---
Data Breach: Turkish legal advising company exposed over 15,000 clients
https://securityaffairs.co/wordpress/115050/data-breach/data-breach-turkish-legal-company.html
Data Breach: Turkish legal advising company exposed over 15,000 clients--Security Affairs Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. securityaffairs.co |
---
Hackers are selling access to Biochemical systems at Oxford University Lab
https://securityaffairs.co/wordpress/115044/hacking/oxford-university-lab-hacked.html
Hackers are selling access to Biochemical systems at Oxford University Lab--Security Affairs Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19.
Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved in the research on the Covid-19 pandemic. The news was disclosed by Forbes and the […] securityaffairs.co |
---
Airplane manufacturer Bombardier has disclosed a security breach, data leaked online
Airplane manufacturer Bombardier has disclosed a security breach--Security Affairs Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day […] securityaffairs.co |
---
VC giant Sequoia Capital discloses data breach after failed BEC attack
VC giant Sequoia Capital discloses data breach after failed BEC attack American VC firm Sequoia Capital has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January. Since its founding in 1972, the venture capital ... |
---
Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack
Dutch Research Council confirms DoppelPaymer ransomware attack--Security Affairs Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang.
On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) […] securityaffairs.co |
---
Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance
Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance A hacking group called 'Hotarus Corp' has hacked Ecuador's Ministry of Finance and the country's largest bank, Banco Pichincha, where they claim to have stolen internal data. |
---
Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS
https://securityaffairs.co/wordpress/115023/security/cisco-critical-flaw.html
Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical flaws impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software ... securityaffairs.co |
---
VMware addresses a critical RCE issue in vCenter Server
https://securityaffairs.co/wordpress/114957/security/vmware-in-vcenter-server-rce.html
VMware addresses a critical RCE issue in vCenter Server--Security Affairs vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location… The flaw could be exploited by remote, unauthenticated attackers without user interaction. “The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. securityaffairs.co |