News Summary About Latest Cybersecurity Stories, March 1st

0 Likes
6 months ago

The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day

https://research.checkpoint.com/2021/the-story-of-jian/ 

COEST_0-1614593092897.jpeg

 

The Story of Jian - How APT31 Stole and Used an Unknown Equation Group 0-Day - Check Point Research

The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day February 22, 2021 Research by: Eyal Itkin and Itay Cohen

There is a theory which states that if anyone will ever manage to steal and use nation-grade cyber tools, any network would become untrusted, and the world would become a very dangerous place to live in.

research.checkpoint.com

 

---

APT32 state hackers target human rights defenders with spyware

https://securityaffairs.co/wordpress/114973/malware/apt32-spyware-human-rights-defenders.html 

COEST_1-1614593092906.png

 

APT32 state hackers target human rights defenders with spyware--Security Affairs

The threat actors used by spyware to take over the target systems, spy on the victims, and exfiltrate data. “Amnesty Tech’s Security Lab found technical evidence in phishing emails sent to two prominent Vietnamese human rights defenders, one of whom lives in Germany, and a Vietnamese NGO based in the Philippines, showing that Ocean Lotus is responsible for the attacks between 2018 and ...

securityaffairs.co

 

---

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

https://securityaffairs.co/wordpress/114933/apt/fin11-fta-servers-atatcks.html 

COEST_2-1614593092912.png

 

FIN11 cybercrime group is behind recent wave of attacks on FTA servers--Security Affairs

Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. “Starting in mid-December 2020, malicious actors that Mandiant […]

securityaffairs.co

 

---

 

Twitter removes 100 accounts linked to Russia disseminating disinformation

https://securityaffairs.co/wordpress/114950/social-networks/twitter-removes-russia-disinformation.html 

COEST_3-1614593092917.jpeg

 

Twitter removes 100 accounts linked to Russia disseminating disinformation--Security Affairs

Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance. Experts believe the accounts were part of […]

securityaffairs.co

 

---

The Continuous Conundrum of Cloud Atlas

https://www.domaintools.com/resources/blog/the-continuous-conundrum-of-cloud-atlas 

COEST_4-1614593092924.jpeg

 

The Continuous Conundrum of Cloud Atlas

Background. In November 2020, in coordination with researchers from Black Lotus Labs at Lumen, DomainTools researchers disclosed an ongoing campaign linked to an entity referred to in industry reporting as “Cloud Atlas” or “Inception.”Cloud Atlas is an interesting entity as it is linked to attempted intrusions across multiple conflict zones and state ministries, yet has never been ...

www.domaintools.com

 

---

This chart shows the connections between cybercrime groups

https://www.zdnet.com/article/this-chart-shows-the-connections-between-cybercrime-groups/ 

COEST_5-1614593092973.png

 

This chart shows the connections between cybercrime groups | ZDNet

This chart shows the connections between cybercrime groups. CrowdStrike puts together a list of connections and how cybercrime groups cooperate with each other.

www.zdnet.com

 

---

Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures

https://www.zscaler.com/blogs/security-research/return-minebridge-rat-new-ttps-and-social-engineering-lures 

COEST_6-1614593092992.jpeg

 

MINEBRIDGE Remote-access Trojan (RAT) 2021 | Zscaler Blog

In Jan 2021, Zscaler ThreatLabZ discovered new instances of the MINEBRIDGE remote-access Trojan (RAT) embedded in macro-based Word document files crafted to look like valid job resumes (CVs). Such lures are used as social engineering schemes by threat actors; in this case, the malware was targeted ...

www.zscaler.com

 

---

Cybercriminals Target QuickBooks Databases

https://www.darkreading.com/attacks-breaches/cybercriminals-target-quickbooks-databases/d/d-id/1340248 

COEST_7-1614593092993.jpeg

 

Cybercriminals Target QuickBooks Databases

Cybercriminals increasingly have targeted QuickBooks file data at small and midsize businesses (SMBs) over the past few months, according to new research.

www.darkreading.com

 

---

The mystery of the Silver Sparrow Mac malware

https://blog.malwarebytes.com/mac/2021/02/the-mystery-of-the-silver-sparrow-mac-malware/ 

COEST_8-1614593093037.jpeg

 

The mystery of the Silver Sparrow Mac malware - Malwarebytes Labs

Cyber security company Red Canary published findings last week about a new piece of Mac malware called Silver Sparrow. This malware is notable in being one of the first to include native code for Apple’s new M1 chips, but what is unknown about this malware is actually more interesting than what is known!

blog.malwarebytes.com

 

---

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

https://securityaffairs.co/wordpress/115056/hacking/microsoft-codeql-queries-solarwinds.html 

Microsoft releases open-source CodeQL queries to assess Solorigate compromise--Security Affairs

Microsoft has announced the availability of open-source CodeQL queries that the IT giant used during its investigation into the SolarWinds attack. In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint […]

securityaffairs.co

 

---

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

https://securityaffairs.co/wordpress/114984/cyber-crime/bitcoin-blockchain-botnet.html 

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism--Security Affairs

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. This technique allows botnet operators to make their infrastructure ...

securityaffairs.co

 

---

An attacker was able to siphon audio feeds from multiple Clubhouse rooms

https://securityaffairs.co/wordpress/114891/digital-id/clubhouse-privacy-issues.html 

An attacker was able to siphon audio feeds from multiple Clubhouse rooms--Security Affairs

An attacker demonstrated this week that Clubhouse chats are not secure, he was able to siphon audio feeds from “multiple rooms” into its own website While the popularity of the audio chatroom app Clubhouse continues to increase experts are questioning the security and privacy level it offers to its users. Recently the company announced it […]

securityaffairs.co

 

---

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

https://securityaffairs.co/wordpress/114880/cyber-crime/apomacrosploit-macro-builder.html 

Researchers uncovered a new Malware Builder dubbed APOMacroSploit--Security Affairs

Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was […]

securityaffairs.co

 

---

Experts warn of threat actors abusing Google Alerts to deliver unwanted programs

https://securityaffairs.co/wordpress/114871/cyber-crime/google-alerts-abuse.html 

Experts warn of threat actors abusing Google Alerts to deliver unwanted programs--Security Affairs

Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to […]

securityaffairs.co

 

---

Ryuk ransomware now self-spreads to other Windows LAN devices

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/ 

Ryuk ransomware now self-spreads to other Windows LAN devices

A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021.

www.bleepingcomputer.com

 

---

Alert (AA21-055A) Exploitation of Accellion File Transfer Appliance

https://us-cert.cisa.gov/ncas/alerts/aa21-055a 

Exploitation of Accellion File Transfer Appliance | CISA

This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).

us-cert.cisa.gov

 

---

Google discloses technical details of Windows CVE-2021-24093 RCE flaw

https://securityaffairs.co/wordpress/115008/hacking/cve-2021-24093-rce-flaw-details.html 

Google discloses technical details of Windows CVE-2021-24093 RCE flaw--Security Affairs

White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client. DirectWrite […]

securityaffairs.co

 

---

Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw

https://securityaffairs.co/wordpress/115001/hacking/cve-2021-21972-vmware-center-scans.html 

Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw--Security Affairs

A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage ...

securityaffairs.co

 

---

Firefox 86 Introduces Total Cookie Protection

https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ 

Firefox 86 Introduces Total Cookie Protection - Mozilla Security Blog

Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode.

Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site.

blog.mozilla.org

 

---

France Probes Massive Leak Of Medical Records

https://www.barrons.com/news/france-probes-massive-leak-of-medical-records-01614257109 

France Probes Massive Leak Of Medical Records | Barron's

French cybercrime investigators said Thursday they were investigating the leak of the medical data of nearly half a million people, including such highly confidential information as their HIV and ...

www.barrons.com

 

---

Data Breach: Turkish legal advising company exposed over 15,000 clients

https://securityaffairs.co/wordpress/115050/data-breach/data-breach-turkish-legal-company.html 

Data Breach: Turkish legal advising company exposed over 15,000 clients--Security Affairs

Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people.

securityaffairs.co

 

---

Hackers are selling access to Biochemical systems at Oxford University Lab

https://securityaffairs.co/wordpress/115044/hacking/oxford-university-lab-hacked.html 

Hackers are selling access to Biochemical systems at Oxford University Lab--Security Affairs

Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19.

 

Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved in the research on the Covid-19 pandemic. The news was disclosed by Forbes and the […]

securityaffairs.co

 

---

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

https://securityaffairs.co/wordpress/114964/cyber-crime/bombardier-security-breach-clops-ransomware.html 

Airplane manufacturer Bombardier has disclosed a security breach--Security Affairs

Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day […]

securityaffairs.co

 

---

VC giant Sequoia Capital discloses data breach after failed BEC attack

https://www.bleepingcomputer.com/news/security/vc-giant-sequoia-capital-discloses-data-breach-after-failed-bec-attack/ 

VC giant Sequoia Capital discloses data breach after failed BEC attack

American VC firm Sequoia Capital has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January. Since its founding in 1972, the venture capital ...

www.bleepingcomputer.com

 

---

Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack

https://securityaffairs.co/wordpress/115034/malware/dutch-research-council-doppelpaymer-ransomware.html 

Dutch Research Council confirms DoppelPaymer ransomware attack--Security Affairs

Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang.

 

On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) […]

securityaffairs.co

 

---

Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance

https://www.bleepingcomputer.com/news/security/ransomware-gang-hacks-ecuadors-largest-private-bank-ministry-of-finance/ 

Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance

​A hacking group called 'Hotarus Corp' has hacked Ecuador's Ministry of Finance and the country's largest bank, Banco Pichincha, where they claim to have stolen internal data.

www.bleepingcomputer.com

 

---

Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS

https://securityaffairs.co/wordpress/115023/security/cisco-critical-flaw.html 

Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OSSecurity Affairs

Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical flaws impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software ...

securityaffairs.co

 

---

VMware addresses a critical RCE issue in vCenter Server

https://securityaffairs.co/wordpress/114957/security/vmware-in-vcenter-server-rce.html

VMware addresses a critical RCE issue in vCenter Server--Security Affairs

vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location…

The flaw could be exploited by remote, unauthenticated attackers without user interaction. “The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin.

securityaffairs.co

 

 

 

Labels:

Industry News
Comment List
Anonymous
Related Discussions
Recommended