News Summary About Latest Cybersecurity Stories, March 31

0 Likes
5 months ago

Facebook took action against China-linked APT targeting Uyghur activists

https://securityaffairs.co/wordpress/115956/apt/facebook-china-apt-uyghur.html 

COEST_0-1617190327092.jpeg

 

Facebook took action against China-linked APT targeting Uyghur activists--Security Affairs

Facebook has taken action against a series of accounts used by a China-linked cyber-espionage group, tracked as Earth Empusa or Evil Eye, to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents ...

securityaffairs.co

 

---

Ministry of Defence academy hit by state-sponsored hackers

https://securityaffairs.co/wordpress/115870/hacking/ministry-of-defence-hacked.html 

COEST_1-1617190327105.jpeg

 

Ministry of Defence academy hit by state-sponsored hackers--Security Affairs

The Defence Academy of the United Kingdom provides higher education for personnel in the British Armed Forces, Civil Service, other government departments and service personnel from other nations.

 

The Defence Academy is headquartered at what used to be the Royal Military College of Science site at Shrivenham in southwestern Oxfordshire; it delivers education and training there and in a number ...

securityaffairs.co

 

---

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

https://securityaffairs.co/wordpress/115808/cyber-crime/till-kottmann-indicted-crimes.html 

COEST_2-1617190327110.jpeg

 

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft--Security Affairs

Department of Justice announced that Swiss hacker Till Kottmann, 21, has been indicted for conspiracy, wire fraud, and aggravated identity theft.

 

A group of US hackers recently claimed to have gained access to footage from 150,000 security cameras at banks, jails, schools, healthcare clinics, and prominent organizations. Hackers also posted images captured from the hacked […]

securityaffairs.co

 

---

SolarWinds patches critical code execution bug in Orion Platform

https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-code-execution-bug-in-orion-platform/ 

COEST_3-1617190327153.jpeg

 

SolarWinds patches critical code execution bug in Orion Platform

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two o them allowing remote attackers to execute arbitrary code ...

www.bleepingcomputer.com

 

---

FBI published a flash alert on Mamba Ransomware attacks

https://securityaffairs.co/wordpress/115974/malware/fbi-mamba-ransomware.html 

COEST_4-1617190327156.jpeg

 

FBI published a flash alert on Mamba Ransomware attacks--Security Affairs

Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks.

 

Mamba leverages a disk-level encryption strategy instead of the conventional file-based one. The first sample of Mamba Ransomware discovered in the wild was using the full disk encryption tool DiskCryptor to strongly encrypt the data.

securityaffairs.co

 

---

Black Kingdom ransomware begins appearing on Exchange servers

https://news.sophos.com/en-us/2021/03/23/black-kingdom/ 

COEST_5-1617190327169.png

 

Black Kingdom ransomware begins appearing on Exchange servers – Sophos News

Following the DearCry ransomware attacks reported on last week, another ransomware gang has also started to target vulnerable Exchange servers with another ransomware, called Black KingDom. Sophos telemetry began detecting the ransomware on Thursday March 18 as it targeted Exchange servers that remain unpatched against the ProxyLogon vulnerabilities disclosed by Microsoft earlier this month.

news.sophos.com

 

---

CISA releases CHIRP, a tool to detect SolarWinds malicious activity

https://securityaffairs.co/wordpress/115821/security/cisa-chirp-solarwinds-tool.html 

COEST_6-1617190327173.jpeg

 

CISA releases CHIRP, a tool to detect SolarWinds malicious activity--Security Affairs

US CISA released the CISA Hunt and Incident Response Program (CHIRP) tool, is a Python-based tool, that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise Windows ...

securityaffairs.co

 

---

New 5G protocol vulnerabilities allow location tracking

https://therecord.media/new-5g-protocol-vulnerabilities-allow-location-tracking/ 

COEST_7-1617190327305.jpeg

 

New 5G protocol vulnerabilities allow location tracking | The Record by Recorded Future

AdaptiveMobile says the vulnerabilities it found can be exploited in hybrid mobile network setups where 5G is mixed with older technologies — network setups that are to be expected in the real world in the coming years as 5G technology rolls out and slowly replaces previous tech.

therecord.media

 

---

Encrypted Phone Firm Encrochat Used Signal Protocol

https://www.vice.com/en/article/pkdjab/encrochat-signal-protocol-encryption 

COEST_8-1617190327317.jpeg

 

Encrypted Phone Firm Encrochat Used Signal Protocol

"EncroChat encrypt their messages with the Signal Protocol. This is a commonly used encryption protocol that is freely available. I am unaware of any capability to decrypt messages encrypted using ...

www.vice.com

 

---

APT Encounters of the Third Kind

https://igor-blue.github.io/2021/03/24/apt1.html 

APT Encounters of the Third Kind - Igor’s Blog

A few weeks ago an ordinary security assessment turned into an incident response whirlwind. It was definitely a first for me, and I was kindly granted permission to outline the events in this blog post. This investigation started scary but turned out be quite fun, and I hope reading it will be informative to you too. I'll be back to posting about my hardware research soon.

igor-blue.github.io

 

---

Evil Corp switches to Hades ransomware to evade sanctions

https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-hades-ransomware-to-evade-sanctions/ 

COEST_9-1617190327340.jpeg

 

Evil Corp switches to Hades ransomware to evade sanctions

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions imposed by the Treasury Department's Office of Foreign Assets Control (OFAC).

www.bleepingcomputer.com

 

---

Purple Fox malware worms its way into exposed Windows systems

https://www.bleepingcomputer.com/news/security/purple-fox-malware-worms-its-way-into-exposed-windows-systems/ 

Purple Fox malware worms its way into exposed Windows systems

Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ...

www.bleepingcomputer.com

 

---

DDoS booters now abuse DTLS servers to amplify attacks

https://www.bleepingcomputer.com/news/security/ddos-booters-now-abuse-dtls-servers-to-amplify-attacks/ 

DDoS booters now abuse DTLS servers to amplify attacks

DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security (D/TLS) servers to amplify Distributed Denial of Service (DDoS) attacks.

www.bleepingcomputer.com

 

---

Computer giant Acer hit by $50 million ransomware attack

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/ 

Computer giant Acer hit by $50 million ransomware attack

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.

www.bleepingcomputer.com

 

---

Sierra Wireless halted production at its manufacturing sites due to ransomware attack

https://securityaffairs.co/wordpress/115897/malware/sierra-wireless-ransomware.html 

Sierra Wireless halted production at its manufacturing sites due to ransomware attack--Security Affairs

This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and disrupted its production.

 

Sierra Wireless is a Canadian multinational wireless communications equipment designer and manufacturer headquartered in Richmond, British Columbia, Canada. The company sells mobile computing and machine-to-machine (M2M) communications products that ...

securityaffairs.co

 

---

Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts

https://www.theregister.com/2021/03/23/council_tax_texts_exposure/ 

Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts • The Register

Exclusive Bulk SMS messages sent by local councils across the UK contained weblinks leading to pages that freely exposed to the public thousands of taxpayers' names, addresses, and outstanding debts, The Register can reveal.. Text messages sent by Telsolutions Ltd on behalf of a dozen local authorities contained shortlinks to webpages urging council tax defaulters to pay up – and in a dozen ...

www.theregister.com

 

---

30 million Americans affected by the Astoria Company data breach

https://securityaffairs.co/wordpress/115934/breaking-news/astoria-company-data-leak.html 

30 million Americans affected by the Astoria Company data breach--Security Affairs

Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach.

 

Astoria Company LLC is a lead generation company that leverages on a network of websites to collect information on a person that may be looking for discounted car loans, different medical insurance, or even payday loans.

securityaffairs.co

 

 

Billions of FBS Records Exposed in Online Trading Broker Data Leak

https://securityaffairs.co/wordpress/115925/data-breach/fbs-data-breach.html 

Billions of FBS Records Exposed in Online Trading Broker Data Leak--Security Affairs

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites.

 

The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Were such detailed personally identifiable information (PII) to

securityaffairs.co

 

---

A day before elections, hackers leaked details of millions of Israeli voters

https://securityaffairs.co/wordpress/115918/hacking/israeli-voters-leak.html 

A day before elections, hackers leaked details of millions of Israeli voters--Security Affairs

A few hours before the election in Israel, hackers exposed the voter registration and personal details of millions of citizens. The source of the data seems to be the app Elector developed by the […]

securityaffairs.co

 

---

Energy giant Shell discloses data breach caused by Accellion FTA hack

https://securityaffairs.co/wordpress/115869/cyber-crime/shell-accellion-fta-attack.html 

Energy giant Shell discloses data breach caused by Accellion FTA hack--Security Affairs

Shell is an Anglo-Dutch multinational oil and gas company with more than 86,000 employees and mede US$180.5 billion in 2020.

 

According to a data breach notification published by the company on its website, the cyber attack did not affect its network, but it only impacted an Accellion FTA server .

securityaffairs.co

 

---

IT Contractor Sentenced to Two Years for Deleting Carlsbad Company’s Microsoft User Accounts

https://www.justice.gov/usao-sdca/pr/it-contractor-sentenced-two-years-deleting-carlsbad-company-s-microsoft-user-accounts 

IT Contractor Sentenced to Two Years for Deleting Carlsbad Company’s Microsoft User Accounts | USAO-SDCA | Department of Justice

Assistant U. S. Attorney Alexandra F. Foster (619) 546-6735. NEWS RELEASE SUMMARY – March 22, 2021. SAN DIEGO – Deepanshu Kher was sentenced today in federal court to two years in prison for accessing the server of a Carlsbad Company and deleting over 1,200 over the company’s 1,500 Microsoft User Accounts.

www.justice.gov

 

---

OpenSSL Project released 1.1.1k version to fix two High-severity flaws

https://securityaffairs.co/wordpress/115968/security/openssl-flaws-2.html 

OpenSSL Project released 1.1.1k version to fix two High-severity flaws--Security Affairs

The OpenSSL Project this week released version 1.1.1k to address two high-severity vulnerabilities, respectively tracked as CVE-2021-3450 and CVE-2021-3449. The CVE-2021-3449 vulnerability could be exploited to trigger a DoS condition ...

securityaffairs.co

 

---

Google fixes an Android vulnerability actively exploited in the wild

https://securityaffairs.co/wordpress/115888/mobile-2/google-android-flaw-exploited.html

Google fixes an Android vulnerability actively exploited in the wild--Security Affairs

Google has addressed a zero-day vulnerability, tracked as CVE-2020-11261, affecting Android devices that use Qualcomm chipsets. According to the IT giant, threat actors are actively exploiting the vulnerability in attacks in the wild. The CVE-2020-11261 flaw ...

securityaffairs.co

 

 

Labels:

Industry News
Comment List
Anonymous
Related Discussions
Recommended