News Summary About Latest Cybersecurity Stories, March 8

0 Likes
6 months ago

CISA emergency directive urges to fix Microsoft Exchange zero-days

https://securityaffairs.co/wordpress/115278/security/cisa-microsoft-exchange-zero-days.html 

---

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html 

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 | FireEye Inc

Executive Summary. In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that features some detection evasion capabilities.

www.fireeye.com

 

How I Might Have Hacked Any Microsoft Account

https://thezerohack.com/how-i-might-have-hacked-any-microsoft-account 

How I Might Have Hacked Any Microsoft Account - The Zero Hack

This article is about how I found a vulnerability on Microsoft online services that might have allowed anyone to takeover any Microsoft account without consent permission. Microsoft security team patched the issue and rewarded me $50,000 as a part of their Identity Bounty Program. After my Instagram account takeover vulnerability, I was searching for similar […]

thezerohack.com

 

Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow 150%

https://securityaffairs.co/wordpress/115268/cyber-crime/ransomware-landscape-2020.html 

Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%--Security Affairs

Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware Uncovered 2020-2021”. The research dives deep into the global ransomware outbreak in 2020 and analyzes major players ...

securityaffairs.co

---

The Ursnif Trojan has hit over 100 Italian banks

https://securityaffairs.co/wordpress/115245/cyber-crime/ursnif-targets-italian-banks.html 

The Ursnif Trojan has hit over 100 Italian banks - Security Affairs

Avast experts recently obtained information on possible victims of Ursnif malware that confirms the interest of malware operators in targeting Italian banks. Operators behind this attacks have stolen financial data and credential from targeted financial institutions. “Among ...

securityaffairs.co

---

French multinational dairy Lactalis hit by a cyber attack

https://securityaffairs.co/wordpress/115173/hacking/lactalis-cyber-attack.html 

French multinational dairy Lactalis hit by a cyber attack--Security Affairs

France-based dairy giant Lactalis announced that it was hit by a cyber attack, but claimed that it had found no evidence of a data breach. Lactalis employs more than 80,000 people worldwide, at more than 230 production […]

securityaffairs.co

 

---

Gootkit delivery platform Gootloader used to deliver additional payloads

https://securityaffairs.co/wordpress/115144/cyber-crime/gootkit-gootloader-evolution.html 

Gootkit delivery platform Gootloader used to deliver additional payloads--Security Affairs

Experts from Sophos documented the evolution of the “Gootloader,” the framework used for delivering the Gootkit RAT banking Trojan. The framework was improved to deploy a wider range of malware, including ransomware payloads. “In recent years, almost […]

securityaffairs.co

 

---

NSA embraces the Zero Trust Security Model

https://securityaffairs.co/wordpress/115121/security/nsa-zero-trust-security.html 

US NSA embraces the Zero Trust Security Model ..Security Affairs

The National Security Agency (NSA) recently published a document to explain the benefits of adopting a zero-trust model, and advice to navigate the process. Modern infrastructure are complex environments that combine multiple technologies and that are exposed to […]

securityaffairs.co

---

Lazarus Group’s MATA Framework Leveraged to Deploy TFlower Ransomware

https://www.sygnia.co/mata-framework 

Lazarus Group’s MATA Framework Leveraged to Deploy TFlower Ransomware - Sygnia

When responding to a recent TFlower extortion attack, the Sygnia Incident Response team identified a MATA-framework backdoor, attributed to the Lazarus Group, that was used to distribute the TFlower ransomware. A wider threat research revealed over 200 MATA malware framework C2 certificates leveraged since May of 2019 across at least 100 IP addresses.

www.sygnia.co

---

Ongoing phishing attacks target US brokers with fake FINRA audits

https://www.bleepingcomputer.com/news/security/ongoing-phishing-attacks-target-us-brokers-with-fake-finra-audits/ 

Ongoing phishing attacks target US brokers with fake FINRA audits

The US Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to ...

www.bleepingcomputer.com

 

---

Supermicro, Pulse Secure release fixes for 'TrickBoot' attacks

https://www.bleepingcomputer.com/news/security/supermicro-pulse-secure-release-fixes-for-trickboot-attacks/ 

Supermicro, Pulse Secure release fixes for 'TrickBoot' attacks

Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware's UEFI firmware-infecting module, known as TrickBoot.

www.bleepingcomputer.com

---

Notorious Maza cybercrime forum attacked by other hackers

https://www.bleepingcomputer.com/news/security/notorious-maza-cybercrime-forum-attacked-by-other-hackers/ 

Notorious Maza cybercrime forum attacked by other hackers

The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums. Maza, aka Mazafuka, is one of the oldest ...

www.bleepingcomputer.com

 

---

Hijacking traffic to Microsoft’s windows.com with bitflipping

https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/ 

Hijacking traffic to Microsoft’s windows.com with bitflipping

A researcher was able to bitsquat Microsoft's windows.com domain by cybersquatting variations of windows.com. Adversaries can abuse this tactic to conduct automated attacks or collect data due to ...

www.bleepingcomputer.com

 

---

Windows DNS SIGRed bug gets first public RCE PoC exploit

https://www.bleepingcomputer.com/news/security/windows-dns-sigred-bug-gets-first-public-rce-poc-exploit/ 

Windows DNS SIGRed bug gets first public RCE PoC exploit

www.bleepingcomputer.com

 

---

New Zealand-based cryptocurrency exchange Cryptopia hacked again

https://securityaffairs.co/wordpress/115099/hacking/cryptopia-hacked-twice.html 

New Zealand-based cryptocurrency exchange Cryptopia hacked again--Security Affairs

In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place on January 14th. At the time of the first attack, the threat actors stole approximately USD 30 million […]

securityaffairs.co

 

---

Managed Services provider CompuCom by Darkside ransomware

https://securityaffairs.co/wordpress/115300/malware/compucom-darkside-ransomware.html 

Managed Services provider CompuCom by Darkside ransomware--Security Affairs

US managed service provider CompuCom was the victim of a cyberattack that partially disrupted its services and some of its operations. Even if the company initially did not provide technical details about […]

securityaffairs.co

 

---

Distributor of Asian food JFC International hit by Ransomware

https://securityaffairs.co/wordpress/115150/malware/jfc-international-ransomware-attack.html 

Distributor of Asian food JFC International hit by Ransomware--Security Affairs

JFC International, a major distributor and wholesaler of Asian food products, announced it has recently suffered a ransomware attack. The ransomware attack only impacted JFC International’s Europe Group, the malware caused the disruption of some of its IT […]

securityaffairs.co

 

---

SITA statement about security incident

https://www.sita.aero/pressroom/news-releases/sita-statement-about-security-incident/ 

SITA statement about security incident

www.sita.aero

 

---

Far-Right Platform Gab Has Been Hacked—Including Private Data

https://www.wired.com/story/gab-hack-data-breach-ddosecrets/ 

Far-Right Platform Gab Has Been Hacked—Including Private Data

www.wired.com

 

---

Qualys Update on Accellion FTA Security Incident

https://blog.qualys.com/vulnerabilities-research/2021/03/03/qualys-update-on-accellion-fta-security-incident 

Qualys Update on Accellion FTA Security Incident | Qualys Security Blog

Note: Updated March 4 with additional detail.. New information has come out today, March 3, related to a previously identified zero-day exploit in a third-party solution, Accellion FTA, that Qualys deployed to transfer information as part of our customer support system. Qualys has confirmed there is no impact on the Qualys production environments (shared platforms and private platforms ...

blog.qualys.com

 

---

Airline data hack: hundreds of thousands of Star Alliance passengers' details stolen

https://www.theguardian.com/world/2021/mar/05/airline-data-hack-hundreds-of-thousands-of-star-alliance-passengers-details-stolen 

Airline data hack: hundreds of thousands of Star Alliance passengers' details stolen | Air transport | The Guardian

IT operator Sita, which serves airlines including Singapore, Lufthansa and United, reports systems breach revealing frequent flyer data Last modified on Fri 5 Mar 2021 02.01 EST Data on hundreds ...

www.theguardian.com

---

GRUB2 boot loader maintainers fixed hundreds of flaws

https://securityaffairs.co/wordpress/115258/hacking/grub2-boot-loader-flaws.html 

GRUB2 boot loader maintainers fixed hundreds of flaws--Security Affairs

Now maintainers at the GRUB project have released security updates to address more than 100 vulnerabilities.

 

GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB Legacy”. The mechanism is designed to protect the boot process from attacks. In July 2020, researchers at the cybersecurity firmware Eclypsium ...

securityaffairs.co

 

---

Five privilege escalation flaws fixed in Linux Kernel

https://securityaffairs.co/wordpress/115296/security/privilege-escalation-flaws-linux-kernel.html 

Five privilege escalation flaws fixed in Linux Kernel--Security Affairs

Experts found five vulnerabilities in the Linux kernel, tracked as CVE-2021-26708, that could lead to local privilege escalation.

Positive Technologies researcher Alexander Popov found five high severity vulnerabilities in the Linux kernel that could lead to local privilege escalation. The Linux kernel vulnerabilities are race conditions that reside in AF_VSOCK implementation, they were ...

securityaffairs.co

 

---

VMware addresses Remote Code Execution issue in View Planner

https://securityaffairs.co/wordpress/115285/security/vmware-view-planner-rce.html 

VMware addresses Remote Code Execution issue in View Planner--Security Affairs

VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The View Planner is a free tool for Performance Sizing and Benchmarking of Virtual Desktop Infrastructure environments. […]

securityaffairs.co

 

---

Google fixes Critical Remote Code Execution issue in Android System component

https://securityaffairs.co/wordpress/115189/mobile-2/google-android-rce-2.html

Google fixes Critical RCE issue in Android System component--Security Affairs

Google released security updates to address 37 vulnerabilities as part of the Android security updates for March 2021, the most severe one is a critical flaw in the System component tracked as […]

securityaffairs.co

 

 

 

Labels:

Industry News
Comment List
Anonymous
Related Discussions
Recommended